`libsecp256k1` v0.2.0 was just released.
Update the vendored code using
`./vendor-libsecp.sh depend 0_8_0 21ffe4b`
```
git show 21ffe4b
commit 21ffe4b22a9683cf24ae0763359e401d1284cc7a (tag: v0.2.0)
Merge: 8c949f5 e025ccd
Author: Pieter Wuille <pieter@wuille.net>
Date: Mon Dec 12 17:00:52 2022 -0500
Merge bitcoin-core/secp256k1#1055: Prepare initial release
e025ccdf7473702a76bb13d763dc096548ffefba release: prepare for initial release 0.2.0 (Jonas Nick)
6d1784a2e2c1c5a8d89ffb08a7f76fa15e84fff5 build: add missing files to EXTRA_DIST (Jonas Nick)
13bf1b6b324f2ed1c1fb4c8d17a4febd3556839e changelog: make order of change types match keepachangelog.com (Jonas Nick)
b1f992a552785395d2e60b10862626fd11f66f84 doc: improve release process (Jonas Nick)
ad39e2dc417f85c1577a6a6a9c519f5c60453def build: change package version to 0.1.0-dev (Jonas Nick)
90618e9263ebc2a0d73d487d6d94fd3af96b973c doc: move CHANGELOG from doc/ to root directory (Jonas Nick)
Pull request description:
Based on #964
ACKs for top commit:
sipa:
ACK e025ccdf7473702a76bb13d763dc096548ffefba
Tree-SHA512: b9ab71d7362537d383a32b5e321ef44069f00e3e92340375bcd662267bc5a60c2bad60222998e6602cfac24ad65efb23d772eac37c86065036b90ef090b54c49
```
Requires a new version of `secp256k1-sys`, use v0.8.0
- Update the `secp256k1-sys` manifest (including links field)
- Update symbols to use 0_8_0
- Add a changelog entry
- depend on the new version in `secp256k1`
Which in turn requires a new version of `secp256k1`, use v0.26.0
A recent update to clippy introduced a new class of warning.
Clippy emits:
warning: casting to the same type is unnecessary (`usize` -> `usize`)
As suggested remove the unnecessary cast.
01b1fbcccb Update CHANGELOG for release of v0.25.0 (Tobin C. Harding)
Pull request description:
We just did a new release of `secp256k1-sys` needed for release of v0.25.0
Update the CHANGELOG to include secp-sys version bump.
ACKs for top commit:
apoelstra:
ACK 01b1fbcccb
Tree-SHA512: 87ffc0f4ce468975b99ea3a0bbc97f8d0d048ecaee9982550bad13f564e0ea0093ce7dfdb7af0b5de8f14ff00eafd29bdb23dcf15ad52e93dc194459de0e15ab
3fa2436272 Bump secp256k1-sys version to 0.7.0 (Tobin C. Harding)
Pull request description:
We are ready to release a new minor version of `secp256k1-sys`, in order to do so we must make change the symbol names to reflect the new version as well as the usual changelog and version bump.
In preparation for releasing `secp256k1-sys` v0.7.0 do:
- Rename symbols to from `0_6_1` -> `0_7_0`, done mechanically (search and replace)
- Add changes log notes
- Bump `secp256k1-sys` crate version 0.6.1 -> 0.7.0, justified because we have added new public methods to various types (e.g., `PublicKey::cmp_fast_unstable`)
### Notes
I based this PR on:
- https://github.com/rust-bitcoin/rust-secp256k1/pull/490/files
- https://github.com/rust-bitcoin/rust-secp256k1/pull/457/files
ACKs for top commit:
apoelstra:
ACK 3fa2436272
Tree-SHA512: cb16de633865f26613aa29479ac6a6299b1790a00372cca61173f09a753179fa1d619b91ca25ba5872f571d3d9372b46731f9d4b3e8050077ec3c73d583f54ce
We are ready to release a new minor version of `secp256k1-sys`, in order
to do so we must make change the symbol names to reflect the new version
as well as the usual changelog and version bump.
In preparation for releasing `secp256k1-sys` v0.7.0 do:
- Rename symbols to from `0_6_1` -> `0_7_0`, done mechanically (search
and replace)
- Add changes log notes
- Bump `secp256k1-sys` crate version 0.6.1 -> 0.7.0, justified because
we have added new public methods to various types (e.g.,
`PublicKey::cmp_fast_unstable`)
494b07a415 Add changelog entry (Tobin C. Harding)
d0c4af0e26 Add newline after docs heading (Tobin C. Harding)
Pull request description:
~Bump version to 0.25.1 ready to release~ Add changelog entry for the recently fixed unsoundness issue.
Patch 1 is an annoyingly trivial fix to docs.
ACKs for top commit:
apoelstra:
ACK 494b07a415
Tree-SHA512: 8de8d735d3dce06683ec8e66b78b966406f42ea0a8e679e8e82143a984251addd74bea3658cc63ba9d9eada3517e461e9c28085d5261d9c0db2dceb15a8cbcc2
1d6a46eb6d change bitcoin-hashes feature gates to bitcoin_hashes (Andrew Poelstra)
Pull request description:
This leaves `bitcoin-hashes` in place everywhere in the documentation, but changes it to `bitcoin_hashes` on the actual feature gates, to ensure that both flags work.
It's unfortunately a bit hard to test this because the library will be self-consistent pretty-much no matter what we do ... the issue is if the user enables the wrong flag we want to make sure that all the APIs we intend to be visible are actually visible.
Fixes#562.
ACKs for top commit:
tcharding:
ACK 1d6a46eb6d
Tree-SHA512: 1e060aeb2810ef1e23cf5c956023aca586550ba0287bbf7bc1108dc14091e17d7601aac3f057d0313fafd21351cdda1b08b4250f34ecde917be686d0b739e65a
Recently we found and fixed an unsoundness issue in the
`preallocated_gen_new` function. As we have yet to release 0.25.0 we can
just update the changelog to reflect the newly merged fix.
As is customary add a newline between rustdoc heading and content. Done
so that the code is identical to other released code (during backport
the space was added).
1e6eb6cb4d shut clippy up (Andrew Poelstra)
f961497e69 context: introduce unsafe `PreallocatedContext` trait (Andrew Poelstra)
Pull request description:
Stop this from being a generic function over all contexts, to only a function generic over contexts where we can bound the lifetime precisely. Introduces a new unsafe trait. I *believe* the only code this breaks was already unsound:
* code that tried to use one of the `*Preallocated` context markers with an incorrect lifetime
* code that tried to use `preallocated_gen_new` with a non-`*Preallocated` marker, which I believe we allowed before (I just noticed this now) and almost certainly would've led to UB on drop
Fixes#543
ACKs for top commit:
Kixunil:
ACK 1e6eb6cb4d
tcharding:
ACK 1e6eb6cb4d
Tree-SHA512: 44eb4637a2f86d5b16d40174cb9e27f37cf8eb4f29546159dbbdcd3326d01f9de2f500ba732376dd84e67ebc3528c709d2d4e2aceb8a329bcb9fb9d25c9b89cb
9b07e8e8c5 secp-sys: Use NonNull in API instead of *mut T (Tobin C. Harding)
Pull request description:
Currently we expect non-null pointers when we take `*mut T` parameters, however we do not check that the pointers are non-null because we never set VERIFY in our C build. We can use the `NonNull` type to enforce no-null-ness as long as we use `NonNull::new`. In a couple of instances we manually check that a buffer is not empty and therefore that the pointer to it is non-null so we can safely use `NonNull::new_unchecked`.
Replace mutable pointer parameters `*mut T` (e.g. `*mut c_void`) and return types with `NonNull<T>`.
Fix#546
### Note
The description above fully explains the issue to the best of my knowledge, if the description is not spot on then I'm not fully understanding the issue. Please correct me if this is the case.
> One unfortunate thing is that this means that we wouldn't be able to implement CPtr for secp256k1::Context, which is our designated "expose types from secp256k1-sys which is not stable" semver escape hatch.
You've lost me here? `secp256k1::Context` is a trait did you mean `secp256k1::Secp256k1` or `secp256k1_sys::Context`?
ACKs for top commit:
apoelstra:
ACK 9b07e8e8c5
Tree-SHA512: 37aceebfa62e590ce8cc282c35b014ad018e5cfbea99402ed3aa1fcbaa69e01a01c1c1f32351f5f15a7d270e31da5b239ee5bc11d2343cf866082ad85df6a622
Fixes unsoundness in `preallocated_gen_new` which previously did not
properly constrain the lifetime of the buffer used to back the context
object. We introduce an unsafe marker trait, and impl it for our
existing preallocated-context markers.
Annoyingly the trait has to be public even though it should never be
used directly, and is only used alongside the sealed `Context` trait,
so it is de-facto sealed itself.
Fixes#543
Currently we expect non-null pointers when we take `*mut T` parameters,
however we do not check that the pointers are non-null because we never
set VERIFY in our C build. We can use the `NonNull` type to enforce
no-null-ness as long as we use `NonNull::new`. In a couple of instances
we manually check that a buffer is not empty and therefore that the
pointer to it is non-null so we can safely use `NonNull::new_unchecked`.
Replace mutable pointer parameters `*mut T` (e.g. `*mut c_void`) and
return types with `NonNull<T>`.
Fix#546
082c3bdd1c Use NonNull for Secp256k1 inner context field (Tobin C. Harding)
Pull request description:
For raw pointers that can never be null Rust provides the `core::ptr::NonNull` type. Our `Secp256k1` type has an inner field that is a non-null pointer; use `NonNull` for it.
Fix: #534
ACKs for top commit:
apoelstra:
ACK 082c3bdd1c
Tree-SHA512: 80e6a931bc2efaaa5f9d11f7407b45960f6db669137fbb4f835dff3607b1459d6ea2bc039a649460c14008381a10d095e18df7e3b7b6b4c4b85a360e0127eef0
1dbd7691da secp256k1: Bump crate version to 0.25.0 (Tobin C. Harding)
Pull request description:
Add changelog notes and bump the crate version to v0.25.0!
ACKs for top commit:
apoelstra:
ACK 1dbd7691da
Tree-SHA512: 462f103842d093ca019dea26e3e1bc9faf10d711846afe74562340320cfbd030f121bf834963f347fdeab2f3477dc3c3e15e3653619c634c149cddc059a60042
For raw pointers that can never be null Rust provides the
`core::ptr::NonNull` type. Our `Secp256k1` type has an inner field that
is a non-null pointer; use `NonNull` for it.
Fix: #534
129ba3cd58 Remove size field (Tobin C. Harding)
Pull request description:
The `Secp256k1` `size` field is a cached value that we get using `ffi::secp256k1_context_preallocated_size` or
`ffi::secp256k1_context_preallocated_clone_size`, both of which just return the result of `sizeof(rustsecp256k1_v0_6_1_context)`. Instead of caching this value we can just call
`ffi::secp256k1_context_preallocated_clone_size` in the `Drop` implementation.
Fix#537
ACKs for top commit:
apoelstra:
ACK 129ba3cd58
Tree-SHA512: 3fce7863065e4b485fd2d1fdbbfe7002fa6188f1a703d89fdda570a1a32471d298e2e33fb8c5951a56a79facb5d2b427d58e473b5cb1d68eb02ffed728392b97
The `Secp256k1` `size` field is a cached value that we get using
`ffi::secp256k1_context_preallocated_size` or
`ffi::secp256k1_context_preallocated_clone_size`, both of which just
return the result of `sizeof(rustsecp256k1_v0_6_1_context)`. Instead of
caching this value we can just call
`ffi::secp256k1_context_preallocated_clone_size` in the `Drop`
implementation.
7d3dc354d7 secp256k1-sys: Remove unused flags in build.rs (Elichai Turkel)
Pull request description:
These are no longer used in upstream, so there's no reason for us to set them
ACKs for top commit:
apoelstra:
ACK 7d3dc354d7
Tree-SHA512: 79ecbed19ba9eb61640306bc5413b139e902ee84b7e122e8ae57e451f2b132371440554f21ed075ed34d9d702c4316e4b170ca638c774532ecf5a11456b4e2ad
ecdad39ef4 context: Improve rustdocs (Tobin C. Harding)
e945751d85 schnorr: Improve rustdocs (Tobin C. Harding)
47f19a78ef Use lowercase for schnorr (Tobin C. Harding)
27b3e92889 Do trivial cleanup to module level docs (Tobin C. Harding)
Pull request description:
Audit of docs in `rust-secp256k1` and do a few trivial fixes. The docs are in pretty good condition, they just need more content as described in #128 if that issue is still valid.
ACKs for top commit:
apoelstra:
ACK ecdad39ef4
Tree-SHA512: 7466090325e02331f11e34cd38625541fbe8e642882afa6ddf2cf5d11ed669c7b2b48fd5b819915392760f4c6ef4ee460c2e622b3af648f99906c3ac408045d4
513144c923 Remove serde_keypair module (Tobin C. Harding)
Pull request description:
Done while unsuccessfully trying to solve https://github.com/rust-bitcoin/rust-secp256k1/issues/514#
The `serde_keypair` module appears to be only used for testing, however it is part of the public API for the `key` module?
serde de/serialization is already implemented on `KeyPair` by way of the normal `serde` traits, there is no obvious reason for the `serde_keypair` and the `KeyPairWrapper`.
Remove the `KeyPairWrapper` and test `KeyPair` serde impls directly.
ACKs for top commit:
apoelstra:
ACK 513144c923
Tree-SHA512: 23891217f3afc7cb3bb03431946e9866ee6ae611153fca8d93fe393b5a4abbd41d4713c6aa5ab24eb2734d8c8d94a9f6aed47316284b4097aa40f49f055f36b6
6d747301e8 secp256k1: Document safety constraints (Tobin C. Harding)
85681cece7 secp256k1-sys: Document safety constraints (Tobin C. Harding)
Pull request description:
Functions that are `unsafe` should include a `# Safety` section.
- Patch 1: Documents `unsafe` methods in `secp256k1-sys`. Please not this includes a minor refactor.
- Patch 2: Documents the `unsafe` `Context` trait
Together these two patches remove `#![allow(clippy::missing_safety_doc)]` from the repo.
Fix: #447
## Note to reviewers
The only function that was curly to understand the safety of was `secp256k1_context_create`, all the other stuff should be trivial to review.
ACKs for top commit:
apoelstra:
ACK 6d747301e8
Tree-SHA512: 247216c3f9e655fe8c2854b71613b31b6241318e877e83a1e4873ce84e481975a832d05cd748577f437f88b166ff287a537d26c012568e7378caed458ec55867
The `serde_keypair` module appears to be only used for testing, however
it is part of the public API for the `key` module?
serde de/serialization is already implemented on `KeyPair` by way of the normal
`serde` traits, there is no obvious reason for the `serde_keypair`
and the `KeyPairWrapper`.
Remove the `KeyPairWrapper` and test `KeyPair` serde impls directly.
Functions that are `unsafe` should include a `# Safety` section. Because
we have wrapper functions to handle symbol renaming we essentially have
duplicate functions i.e., they require the same docs, instead of
duplicating the docs put the symbol renamed function below the
non-renamed function and add a docs linking to the non-renamed function.
Also add attribute to stop the linter warning about the missing safety
docs section.
Remove the clippy attribute for `missing_safety_doc`.
42bf99f11b Add full stop (Tobin C. Harding)
96f9fd3e56 Link to MESSAGE_SIZE in Error docs (Tobin C. Harding)
036bd0d011 secp256k1: Generalize docs on Error (Tobin C. Harding)
Pull request description:
The docs on `Error` currently mention ECDSA which is no longer correct since we use this error in `schnorr` as well.
Fix the `Error` doc issue described above and do a couple trivial other fixes while we are touching the code.
ACKs for top commit:
apoelstra:
ACK 42bf99f11b
Tree-SHA512: e1658d909c3588736570517a351e85c85c014ee31efe09fd262654dad873b0dcd3dbb6c8ad40866a24ee8e2e9bf0be99e5eb35251f6640222b953a0eb2a732ca
We can help readers of the HTML docs by using a link to the constant.
While we are at it shorten the doc comment so it fits on one line (in
under 100 chars).
c0ae3e7d35 fix formatting on master (Andrew Poelstra)
Pull request description:
Looks like I need to check formatting now before merging things :) master CI is broken because of cargo fmt.
ACKs for top commit:
tcharding:
ACK c0ae3e7d35
Tree-SHA512: 9dc22eb5edfb565309cfd14cb9634abba196e46591da8c21d241bd686df8436a8af371c6520ea6ae688fcf81a835919a1bc9a3730f206ba6ef758087efa282e1
b9eefea092 Add documentation on side channel attacks to SecretKey (Tobin C. Harding)
7cf3c6c8a4 Implement constant time comparison for SecretKey (Tobin C. Harding)
19039d9281 Remove `Ord`/`Hash` traits from SecretKey (Tobin C. Harding)
4a0c7fca6a Do not use impl_array_newtype for SecretKey (Tobin C. Harding)
Pull request description:
Add constant time comparison implementation to `SecretKey`.
This PR does as suggested [here](https://github.com/rust-bitcoin/rust-secp256k1/issues/471#issuecomment-1179783309) at the end of the issue discussion thread.
Fix: #471
ACKs for top commit:
apoelstra:
ACK b9eefea092
Tree-SHA512: 217ed101b967cc048954547bcc0b3ab09e5ccf7c58e5dcb488370caf3f5567871152505a3bfb4558e59eea4849addaf1f11e1881b6744b0c90c633fa0157a5ae
75f3886812 Add cargo fmt to pre-commit githook (Tobin C. Harding)
0516ddeb8d Add formatting check to CI (Tobin C. Harding)
c7807dff9c Run the formatter (Tobin C. Harding)
Pull request description:
We recently introduced `rustfmt` to the codebase but I forgot to turn it on in CI.
- Patch 1: Preparatory formatting fixes, introduced since we merged the [formatting PR](https://github.com/rust-bitcoin/rust-secp256k1/pull/499)
- Patch 2: Enable formatting in CI
- Patch 3: Add formatting to the pre-commit hook
ACKs for top commit:
apoelstra:
ACK 75f3886812
Tree-SHA512: 5ac4ab4015a9728ef890e0c4fe90afcb5e45ab7665da5a8ee289dc877c1ea5c6236e54b68b7122841597864b04606c8bfae7dec86c4b6be74d32437299057b5f
d5294a182a ci: Check rustdocs build (Tobin C. Harding)
Pull request description:
Currently we are not failing the docs build in CI if any warnings are generated.
Exit the script with error code 1 if docs build throws any warnings.
ACKs for top commit:
apoelstra:
ACK d5294a182a
Tree-SHA512: cf8a8feda8cbb4ea741b31cd0fa0e728724c60fb688f4fafcd132e93ec1a278093c64d34bfcc7e692cc80d0871b71656fc83b670a59b5f3b76c4b8fc3815d200
We recently added a constant time `eq` implementation however library
users can inadvertently bypass this protection if they use `AsRef`. To
help prevent this add documentation to the `SecretKey` and also to the
`AsRef` implementation.
The current trait implementations of `Ord` and `PartialOrd` for
`SecretKey` leak data when doing the comparison i.e., they are not
constant time. Since there is no real usecase for ordering secret keys
remove the trait implementations all together.
Remove `Hash` at the same time because it does not make sense to
implement it if `Ord`/`PartialOrd` are not implemented.