68c73850d8 Minimise FFI in the public API (Tobin C. Harding)
Pull request description:
Normal users should never need to directly interact with the FFI layer.
Audit and reduce the use of `ffi` types in the public API of various types. Leave only the implementation of `CPtr`, and document this clearly as not required by normal users. Done for:
- PublicKey
- XOnlyPublicKey
- KeyPair
- ecdsa::Signature
- ecdsa::RecoverableSignature
ACKs for top commit:
apoelstra:
ACK 68c73850d8
Tree-SHA512: 8242527837872f9aba2aab19b02c2280ca1eb1dfd33c8ca619726d981811d72de3e5a57cbde2fbe621eb8e50e43f488804cd51d27949459da1c0ceb03fca35e3
8c7c5e7394 Remove deprecated code (Tobin C. Harding)
e779e5dc05 doc: Use add_tweak in example code (Tobin C. Harding)
eedbd0b7e4 secp256k1-sys: Remove deprecated code (Tobin C. Harding)
Pull request description:
Remove deprecated code from `secp256k1-sys` and `secp256k1`.
ACKs for top commit:
apoelstra:
ACK 8c7c5e7394
Tree-SHA512: 830d4459cf21fba98e75e1c099c96316c9db1c1fb87dd28343cea066544ac8568685ec9fc85969caee3d35014f64c3f42b5a5afbf4f4d16221a57a204e6a3524
5ccf0c8db7 Manually implement PartialEq, Eq, and Hash for PublicKey (Tobin C. Harding)
Pull request description:
`PartialEq` and `Eq` should agree with `PartialOrd` and `Ord` but we are deriving `PartialEq`/`Eq` and doing a custom implementation of `PartialOrd` and `Ord` (that calls down to ffi functions).
If two keys are equal their hashes should be equal so, we should add a custom implementation of `Hash` also. In order to guarantee the digest will be the same across library versions first serialize the key before hashing it.
Add custom implementation of `PartialEq`, `Eq`, and `Hash` when not fuzzing.
Please note, this is for the main `PublicKey` type, the patch does not effect the `ffi::PublicKey`, nor do we call methods on the `ffi::PublicKey`.
EDIT: Please note the comment below by apoelstra about the possible performance hit introduced by this PR.
ACKs for top commit:
apoelstra:
ACK 5ccf0c8db7
Tree-SHA512: 1464308238411d259bb0493dc1eca775ec235036eef10b91f70ef17816174f452d5911ecae3b40434b71f9866be1db54d69e8ed9475a4f2801c07a800aead2b2
`PartialEq` and `Eq` should agree with `PartialOrd` and `Ord` but we are
deriving `PartialEq`/`Eq` and doing a custom implementation of
`PartialOrd` and `Ord` (that calls down to ffi functions).
If two keys are equal their hashes should be equal so, we should add a
custom implementation of `Hash` also. In order to guarantee the digest
will be the same across library versions first serialize the key before
hashing it.
Add custom implementation of `PartialEq`, `Eq`, and `Hash` when not
fuzzing.
Please note, this is for the main `PublicKey` type, the patch does not
effect the `ffi::PublicKey`, nor do we call methods on the
`ffi::PublicKey`.
Normal users should never need to directly interact with the FFI layer.
Audit and reduce the use of `ffi` types in the public API of various
types. Leave only the implementation of `CPtr`, and document this
clearly as not required by normal users. Done for:
- PublicKey
- XOnlyPublicKey
- KeyPair
- ecdsa::Signature
- ecdsa::RecoverableSignature
603f441548 Add array constants (Tobin C. Harding)
Pull request description:
In multiple places we use array constants for zero and one. Add two constants and use them throughout the codebase. Note the endian-ness of `ONE` in the docs.
ACKs for top commit:
apoelstra:
ACK 603f441548
Tree-SHA512: 70c455ee42f8a04feec37c3963b030c0f2c07b83801caf818dbb1661b7a0f65c4b92ff6a5df496a4dd6a917d13af4d60624a072c6f8a083293db9cd80d194232
In multiple places we use array constants for zero and one. Add two
constants and use them throughout the codebase. Note the endian-ness of
`ONE` in the docs.
1c17d0f215 Improve docs on impl_array_newtype (Tobin C. Harding)
91ac518d17 Use generic implementation of Index (Tobin C. Harding)
Pull request description:
Instead of all the manual implementations of `Index` for ranged types we can just use a generic implementation as we do in `rust-bitcoin/internals/src/macros.rs`.
Patch 2 does some trivial docs improvements to the `impl_array_newtype` macro since we are touching it anyways.
ACKs for top commit:
apoelstra:
ACK 1c17d0f215
Tree-SHA512: 6b37933659841af51c8abed3caeca83e63972d82be0a6483d7cdb804242986075f3d93e72b73072d496097224ed8130b6eee6858bf9d76205df4016ff012fa00
a59028c965 Use clang instead of clang-9 (Tobin C. Harding)
Pull request description:
The current version of clang is 14, there is no obvious reason why we use clang-9 (as far as I can tell on my local machine).
Use `clang` instead of `clang-9` so that the latest version is used by default. This effects the version installed by CI as well as the version used to run commands in `test.sh`.
ACKs for top commit:
apoelstra:
ACK a59028c965
Tree-SHA512: b3c5a56d21dc0bc8cb80db9854917b39c86ba735434b3a644eb22608492b07558ddff4b2ee3ff5b14e066d31fbdcc890d4c9e3f44af7b1d62c5e8eab6d31b90e
76a0804ca5 Fix typo in public method (Tobin C. Harding)
Pull request description:
We have a method called `from_raw_signining_only`, I'm guessing this should be `from_raw_signing_only`.
ACKs for top commit:
apoelstra:
ACK 76a0804ca5
Tree-SHA512: ee03dbf3f69f0b348a483fa928fab9fba73bfdea383aee385a853b99998a882695c6839fff6433784ad097709ca31c67fc0a4e1a948caae7356be2eab7e332e5
The current version of clang is 14, there is no obvious reason why we
use clang-9 (as far as I can tell on my local machine).
Use `clang` instead of `clang-9` so that the latest version is used by
default. This effects the version installed by CI as well as the
version used to run commands in `test.sh`.
5417fad7cb Add method SecretKey::from_hashed_data (Tobin C. Harding)
Pull request description:
Analogous to the method on `Message`; add a constructor method on `SecretKey` that hashes the input data.
While we are at it improve the rustdocs on `Message::from_hashed_data` so docs on both methods are uniform.
Fix: #487
ACKs for top commit:
apoelstra:
ACK 5417fad7cb
Tree-SHA512: d321c1e8fddaf5ee692a7f119d86749ea4c8b4f3796f06e8c6145aa03bc22f5c88992e193dd34aa7ba3da8a45cf8f60e72f61e415a092ad16d2bd8c2b6c8fa23
Analogous to the method on `Message`; add a constructor method on
`SecretKey` that hashes the input data.
While we are at it improve the rustdocs on `Message::from_hashed_data`
so docs on both methods are uniform.
1f327b478a Bump version number to v0.24.1 (elsirion)
53c1354cc5 Fix broken `serde::Deserialize` and `FromStr` impl of `keyPair` (elsirion)
Pull request description:
Fixes#491
ACKs for top commit:
apoelstra:
ACK 1f327b478a
Tree-SHA512: 1af54667b7a1b310035fa35bd2aeb508e432d8c7f153ae1b9850431ba77dcc3e2194c1cda45a1ed5218d955d9284ba6512cf8ab6dafc673f23ccdad7c601b1b6
91f10965b3 secp-sys: change symbol names to `0_6_1` from `0_5_0` (Andrew Poelstra)
Pull request description:
Needed to build secp-sys 0.5 and secp-sys 0.6 in the same tree. Fixes#489.
This PR can be reproduced by running
./vendor-libsecp.sh depend/ 0_6_1 a1102b12196ea27f44d6201de4d25926a2ae9640
in the secp256k1-sys directory.
ACKs for top commit:
elichai:
tACK 91f10965b3
Tree-SHA512: 0ce5149c9c4b7b44592dec84f1a6348f62437e679c15300efe0e2cc55ced5746e6061c596c83e18428841efb7df07c5cb443a0fd81800dc2a05da9a4f7a07c1a
Needed to build secp-sys 0.5 and secp-sys 0.6 in the same tree. Fixes#489.
This PR can be reproduced by running
./vendor-libsecp.sh depend/ 0_6_1 a1102b12196ea27f44d6201de4d25926a2ae9640
in the secp256k1-sys directory.
0f29348b6c move some unsafe code inside an unsafe{} boundary (Andrew Poelstra)
Pull request description:
An internal function had a non-unsafe signature but could be called
with data that would cause it to exhibit UB. Move the unsafety inside
of the function so that the function signature now enforces soundness.
Fixes#481
Top commit has no ACKs.
Tree-SHA512: b1ffc643aa11e9c8d0b7a32965a1504da14f6ac3f9e0aa175d2c09d7d7b6bf84e228f64e1f57800d75500e2c65066a4991f0070a3a1d0a19c1bd84ca0dd44363
An internal function had a non-unsafe signature but could be called
with data that would cause it to exhibit UB. Move the unsafety inside
of the function so that the function signature now enforces soundness.
Fixes#481
6e98ec0475 Fix clippy warnings (Tobin C. Harding)
Pull request description:
Clippy default settings seemed to have changed introducing a few new warnings.
warning: variable does not need to be mutable
warning: deref on an immutable reference
warning: returning the result of a `let` binding from a block
Fix them all in a single patch because CI has to pass for each patch.
cc apoelstra, turns out you were right I was wrong, clippy did change, cannot remember which PR we were discussing it on.
ACKs for top commit:
apoelstra:
ACK 6e98ec0475
Tree-SHA512: 0d0a4d21861f4e0bf27beb4c8f0b46708ca769252582f8133d35013070510dfc997a1e414dd97e8dfcab2afc39fcee61d6fa3c28012b109a81036d6c7d4bfda1
Clippy default settings seemed to have changed introducing a few new
warnings.
warning: variable does not need to be mutable
warning: deref on an immutable reference
warning: returning the result of a `let` binding from a block
Fix them all in a single patch because CI has to pass for each patch.
1bbc1e7628 Explicitly set RUSTDOCFLAGS (Tobin C. Harding)
bf95a02263 Use the STD_FEATURES list (Tobin C. Harding)
c8dc4b6410 Remove TOOLCHAIN (Tobin C. Harding)
d14cccbad5 Add alloc to features (Tobin C. Harding)
1194591fa1 Use set -ex instead of /bin/sh -ex (Tobin C. Harding)
Pull request description:
The first 3 patches are preparatory cleanup in line with what has been done lately in `rust-bitcoin`. The last two are real bugs found by `shellcheck`.
Props to dpc for putting me on to `shellcheck`.
ACKs for top commit:
apoelstra:
ACK 1bbc1e7628
Tree-SHA512: 9eac1e8a19f2fb7d7413c8b76d8b8c14c1ec88e523565b4b907ef595496e0e59f9ae33896024211990cc59bf82bb36cba09dabeb28605e50d5db075bbe39457a
shellcheck emits these two warnings:
SC2097: This assignment is only seen by the forked process.
SC2098: This expansion will not see the mentioned assignment.
Set `RUSTDOCFLAGS` explicitly to `--cfg=fuzzing` instead of trying to
use the `RUSTFLAGS` variable.
We define a list of features that should be tested along with "std" but
we don't actually use it. Add a call to `cargo test` that enables "std"
and all the features from `STD_FEATURES`.
Found by `shellcheck`.
d31bbc1723 Bump version number to v0.24.0 (Tobin C. Harding)
6062ea7d54 Upgrade to bitcoin_hashes v0.11.0 (Tobin C. Harding)
510e58a949 Remove leading whitespace character (Tobin C. Harding)
Pull request description:
We have updated the `bitcoin_hashes` version, this requires a minor version bump and release.
- Patch 1: trivial clean up in the manifest
- Patch 2: upgrade `bitcoin_hashes` dependency
ACKs for top commit:
sanket1729:
utACK d31bbc1723.
apoelstra:
ACK d31bbc1723
Tree-SHA512: 940f30218955a9f47d253764143b80868ea2f9d53503c00a71938ec19082f3081e7cfe9dd9bef2bc6ef304344645bdd4ed3d6bbfba332f4a94e5c70e381b6f88
The manifest has two cases of leading whitespace, doesn't obviously mean
anything, remove them.
Whitespace was introduced in commit: `7d3a149ca5064147229db147359638cbcb54acdd`
a431edb86a Create configuration conditional bench (Tobin C. Harding)
2a1c9ab4b8 Remove rand-std feature from unstable (Tobin C. Harding)
ddc108c117 Increase heading size (Tobin C. Harding)
596adff8ba Remove unneeded whitespace (Tobin C. Harding)
Pull request description:
As we did in rust-bitcoin [0] create a configuration conditional `bench`
that we can use to guard bench mark code. This has the benefit of
making our features additive i.e., we can now test with `--all-features`
with a stable toolchain (currently this fails because of our use of the
`test` crate).
Please note, this patch maintains the current behaviour of turning on
the `recovery` and `rand-std` features when benching although I was
unable to ascertain why this is needed.
[0] - https://github.com/rust-bitcoin/rust-bitcoin/pull/1092
ACKs for top commit:
sanket1729:
ACK a431edb86a.
apoelstra:
ACK a431edb86a
Tree-SHA512: 913f5fbe0da08ec649081bf237c1d31cee58dacdac251d6030afabb99d455286c6d1dbdb6b2ac892b5d3c24584933254d1cfeec8e12f531cc420bd9d455a6531
This causes panics. We can't add catch the panic, we can't change its output, we
can't detect if it'll happen, etc. Rather than dealing with confused bug reports
let's just drop this.
If users want to rerandomize their contexts they can do so manually.
There is probably a better solution to this but it is still under debate, even
upstream in the C library, what this should look like. Meanwhile we have bug
reports now.
As we did in rust-bitcoin [0] create a configuration conditional `bench`
that we can use to guard bench mark code. This has the benefit of
making our features additive i.e., we can now test with `--all-features`
with a stable toolchain (currently this fails because of our use of the
`test` crate).
[0] - https://github.com/rust-bitcoin/rust-bitcoin/pull/1092
Currently the "unstable" feature (used to guard bench mark code) turns
on the "recovery" and "rand-std" features. The "rand-std" feature is not
needed since it is unused, as can be seen by the following bench runs:
Before applying this patch:
...
test benches::bench_sign_ecdsa ... bench: 35,454 ns/iter (+/- 1,376)
test benches::bench_verify_ecdsa ... bench: 44,578 ns/iter (+/- 1,619)
test benches::generate ... bench: 26,800 ns/iter (+/- 2,352)
test ecdh::benches::bench_ecdh ... bench: 51,195 ns/iter (+/- 1,400)
test ecdsa::recovery::benches::bench_recover ... bench: 50,174 ns/iter (+/- 1,572)
test key::benches::bench_pk_ordering ... bench: 5,748 ns/iter (+/- 492)
test result: ok. 0 passed; 0 failed; 76 ignored; 6 measured; 0 filtered out; finished in 14.52s
After removing "rand-std" feature:
...
test benches::bench_sign_ecdsa ... bench: 35,510 ns/iter (+/- 1,504)
test benches::bench_verify_ecdsa ... bench: 42,483 ns/iter (+/- 5,628)
test benches::generate ... bench: 26,573 ns/iter (+/- 1,333)
test ecdh::benches::bench_ecdh ... bench: 50,846 ns/iter (+/- 3,982)
test ecdsa::recovery::benches::bench_recover ... bench: 50,908 ns/iter (+/- 2,775)
test key::benches::bench_pk_ordering ... bench: 6,002 ns/iter (+/- 463)
test result: ok. 0 passed; 0 failed; 60 ignored; 6 measured; 0 filtered out; finished in 6.52s
d2c97d43d8 Remove unnecessary instances of must_use (Tobin C. Harding)
Pull request description:
`Result` is already `must_use`, adding the compiler directive to
functions that return `Result` is unnecessary.
ACKs for top commit:
apoelstra:
ACK d2c97d43d8
Tree-SHA512: 2c9cf38ea1b5b9f9502a99b8840cdc1e5969d07b0bfd284b2abc5f68dfe6dd501a9ce3371572256d2284b4ddcdd86770d760c8e482fbf88646c0e04a43493b65
580aba82d0 Bump version to v0.23.2 (Tobin C. Harding)
a5918c615a Posthumously add changelog entry for 0.23.2 (Tobin C. Harding)
Pull request description:
Bump the version to v0.23.3 and add changelog entry. Also, in preparation add a changeloge entry for the already released v0.23.2
ACKs for top commit:
apoelstra:
ACK 580aba82d0
Tree-SHA512: 5a49c8105bd5bcce28c607abd44d4386924251a8d48e7bd08aba2f3afd7e156ddea30e295f83c66a057e6c1f2a6ad75693c78136cb84bb5667f4438e78b66f34
Andrew Poelstra
Tobin C. Harding
elsirion
sanket1729