Commit Graph

72 Commits

Author SHA1 Message Date
Tobin C. Harding d64132cd4b Allow missing_safety_doc
We have a whole bunch of unsafe code that calls down to the FFI layer.
It would be nice to have clippy running on CI, these safety docs
warnings are prohibiting that. Until we can add the docs add a compiler
attribute to allow the lint.
2022-06-17 10:17:21 +10:00
Dr Maxim Orlovsky 13af51926a Make key comparison non-fuzzable
Feature guard the custom implementations of `Ord` and `PartialOrd` on
`cfg(not(fuzzing))`. When fuzzing, auto-derive implementations.

Co-authored-by: Tobin C. Harding <me@tobin.cc>
2022-06-15 08:35:50 +10:00
Dr Maxim Orlovsky 999d165c68 FFI for pubkey comparison ops 2022-06-14 11:18:11 +10:00
Andrew Poelstra 4f7f138797
Merge rust-bitcoin/rust-secp256k1#331: Update the code to edition 2018, and update dependencies
5d2f1ceb64 Fix WASM build (Elichai Turkel)
39aaac6834 Use new trait TryFrom and do small refactoring (Elichai Turkel)
7d3a149ca5 Move more things from the std feature to the alloc feature (Elichai Turkel)
bc8c713631 Replace c_void with core::ffi::c_void (Elichai Turkel)
26a52bc8c8 Update secp256k1-sys to edition 2018 and fix imports (Elichai Turkel)
ebe46a4d4e Update rand to 0.8 and replace CounterRng with mock::StepRng (Elichai Turkel)
626835f540 Update secp256k1 to edition 2018 and fix imports (Elichai Turkel)
67c0922a46 Update MSRV in CI and Readme from 1.29 to 1.41 (Elichai Turkel)

Pull request description:

  As proposed in https://github.com/rust-bitcoin/rust-bitcoin/issues/510#issuecomment-881686342 this PR raises the MSRV to 1.41.1 it also changes the code to be Edition 2018.

  The PR contains a few things:
  * Moving to edition 2018 and fixing the imports
  * Sorting and combining imports to make them more concise
  * Replacing our c_void with `core::ffi::c_void`
  * Bumping the `rand` version to latest and modifying our `RngCore` implementations accordingly
  * Doing some small refactoring and using the new `TryInto` trait where it makes the code nicer

  If people prefer I can split this PR into multiple and/or drop some commits

ACKs for top commit:
  tcharding:
    ACK 5d2f1ceb64
  apoelstra:
    ACK 5d2f1ceb64

Tree-SHA512: 5bf84e7ebb6286d59f8cada0bb712c46336f0dd6c35b67e6f4ba323b5484ad925b99b73e778ae4608f123938e7ee8705a0aec576cd9c065072c4ecf1248e3470
2022-06-08 20:53:41 +00:00
Elichai Turkel 7d3a149ca5
Move more things from the std feature to the alloc feature 2022-06-07 23:59:42 +03:00
Elichai Turkel bc8c713631
Replace c_void with core::ffi::c_void 2022-06-07 23:59:41 +03:00
Elichai Turkel 26a52bc8c8
Update secp256k1-sys to edition 2018 and fix imports 2022-06-07 23:59:40 +03:00
Tibo-lg 4beebd168e Add secp256k1_schnorrsig_sign_custom to sys crate 2022-05-06 12:16:53 +09:00
Tobin C. Harding dc1e377d4e Improve docs on rustsecp256k1_v0_4_1_context_create
In preparation for [someone] adding a `# Safety` section to this
function, clean up the docs.
2022-04-27 10:23:42 +10:00
Tobin C. Harding ad153d82f7 Add safety rustdoc headings
Clippy warns about unsafe code without a `# Safety` section. A bunch of
these warnings are for functions that do actually have safety docs.

Follow rustdoc convention and add a `# Safety` section for the already
existing explanations.
2022-04-27 10:23:42 +10:00
Andrew Poelstra d06dd2023b update fuzzdummy API to match normal API 2022-03-08 19:45:43 +00:00
Andrew Poelstra 8294ea3f50 secp256k1-sys: update upstream library
Two API changes needed to be reflected: schnorrsig_sign and schnorrsig_verify.

Also bump both Cargo.toml files
2022-03-08 19:45:41 +00:00
Tobin Harding 4c43d5e20f
Add custom Debug impl for RecoverableSignature
Currently when debug printing the `RecoverableSignature` we do so byte
by byte, this means that the output differs depending on the endianess
of the machine. If instead we serialize the signature in compact form
then the output is the same irrespective of the endianess.

With this applied the following two commands now pass:

```
cargo test test_debug_output --features=recovery

```
cross test --target powerpc-unknown-linux-gnu test_debug_output --features=recovery
```

Fixes: #375
2022-02-08 08:14:30 +00:00
Tobin Harding 632ecc4530 Use fully qualified path for mem
When building with --no-default-features the compiler emits:

  warning: unused import: `mem`

The call site is feature gated so we either need to feature gate the
import or use a fully qualified path. Since 'core' is quite short elect
to use the fully qualified path.
2022-01-26 13:25:33 +11:00
Tobin Harding f6a19290fc Use hyperlinks
Clippy emits two warnings of type:

 warning: this URL is not a hyperlink

As suggested, add pointy brackets to the links.
2022-01-11 17:41:11 +11:00
Andrew Poelstra 88f6baee73
Merge rust-bitcoin/rust-secp256k1#353: Documented features
18f74d5242 Clarify what does "less security" mean (Martin Habovstiak)
94c55b4d09 Fixed typos/grammar mistakes (Martin Habovštiak)
1bf05523f0 Documented features (Martin Habovstiak)

Pull request description:

  This documents the Cargo features making sure docs.rs shows warning for
  feature-gated items. They are also explicitly spelled out in the crate
  documentation.

  The PR is similar in spirit to https://github.com/rust-bitcoin/rust-bitcoin/pull/633

ACKs for top commit:
  apoelstra:
    ACK 18f74d5242

Tree-SHA512: 8aac3fc5fd8ee887d6b13606d66b3d11ce44662afb92228c4f8da6169e3f70ac6a005b328f427a91d307f8d36d091dcf24bfe4d17dfc034d02b578258719a90a
2022-01-06 15:42:32 +00:00
Andrew Poelstra c50411f798 release secp256k1-sys 0.4.2; make new `ZERO` type publically accessible 2022-01-05 15:56:49 +00:00
Martin Habovstiak 1bf05523f0 Documented features
This documents the Cargo features making sure docs.rs shows warning for
feature-gated items. They are also explicitly spelled out in the crate
documentation.
2022-01-04 16:55:01 +01:00
Andrew Poelstra 6a893208f8
Merge rust-bitcoin/rust-secp256k1#345: Add a static immutable zero aligned type
5e6d0f1363 Switch to associated constant (Jonathan Underwood)
9cf552e240 Add a static immutable zero aligned type (junderw)

Pull request description:

  The `zeroed` fn can not be used in static assignments.

  In environments where it is no_std and no allocator are present, the only way to get a slice of AlignedTypes is dynamically, so `preallocated_gen_new` can't be used.

  By offering this as a static, it can be used in static assignments as such:

  ```rust
  #[cfg(target_pointer_width = "32")]
  static mut CONTEXT_BUFFER: [AlignedType; 69645] = [ZERO_ALIGNED; 69645];
  #[cfg(target_pointer_width = "64")]
  static mut CONTEXT_BUFFER: [AlignedType; 69646] = [ZERO_ALIGNED; 69646];
  static mut SECP256K1: Option<Secp256k1<AllPreallocated>> = None;

  pub fn get_context(seed: Option<&[u8; 32]>) -> &'static Secp256k1<AllPreallocated<'static>> {
      unsafe {
          if SECP256K1.is_none() {
              SECP256K1 = Some(
                  Secp256k1::preallocated_gen_new(&mut CONTEXT_BUFFER)
                      .expect("CONTEXT_BUFFER size is wrong"),
              );
          }
          if let Some(seed) = seed {
              SECP256K1.as_mut().unwrap().seeded_randomize(seed);
          }
          SECP256K1.as_ref().unwrap()
      }
  }
  ```

ACKs for top commit:
  apoelstra:
    ACK 5e6d0f1363

Tree-SHA512: fc800f8c5c637fc7f81312da17f0a96d17cd087a2e6876f4dedbefffbe92b3625deb93636265f334f9fbd7ac38baa529d4ec72857dae662e26d753f32f91d394
2022-01-02 23:31:34 +00:00
Jonathan Underwood 5e6d0f1363
Switch to associated constant 2021-12-23 12:30:43 -07:00
junderw 9cf552e240
Add a static immutable zero aligned type 2021-12-04 13:38:34 +09:00
Andrew Poelstra 96d2242f6a
Merge rust-bitcoin/rust-secp256k1#335: Implement `Hash` for `schnorrsig::Signature`
75b49efb3d Implement `Hash` for all array newtypes (elsirion)

Pull request description:

  I pondered putting the impl into the array type macro together with `(Partial)Eq`, but that would have meant removing other implementations and potentially implementing it for types where it is not wanted. The drawback of the separate impl is that it is more disconnected from the `(Partial)Eq` impl and could theoretically diverge (although unlikely in case of such a simple type) which would break the trait's contract.

ACKs for top commit:
  apoelstra:
    ACK 75b49efb3d

Tree-SHA512: 44d1bebdd3437dfd86de8b475f12097c4a2f872905c822a9cde624089fdc20f68f59a7734fdcc6f3a17ed233f70f63258dfd204ca269d2baf8002ffc325ddc87
2021-11-05 14:29:50 +00:00
elsirion 75b49efb3d
Implement `Hash` for all array newtypes
* implements `Hash` as part of the newtype macro
* removes type-specific implementations
2021-11-04 22:16:42 +01:00
junderw 24d6f62603
Use explicit u8 when assigning a byte slice 2021-10-17 10:07:51 +09:00
Dr Maxim Orlovsky 455ee57ba4
Bump sys version to 0.4.1 2021-06-18 23:47:24 +02:00
Dr Maxim Orlovsky aa6bdaff3c
Creating SecretKey and PublicKey from BIP-340 KeyPair 2021-06-16 10:56:59 +02:00
Dr. Maxim Orlovsky 4652ab6116 Updating secp256k1 version to 1758a92ffd896af533b142707e9892ea6e15e5db 2021-06-14 17:55:38 +03:00
Matt Corallo 79119e8123 Skip context randomization in fuzzing to improve performance 2021-06-08 19:17:08 +00:00
Matt Corallo c486ca10c7 Use a global static context in fuzzing, reducing overhead 2021-06-08 19:17:08 +00:00
Matt Corallo 940a51c2c6 Reduce cryptography usage in --cfg=fuzzing
This reduces the usage of real cryptography in --cfg=fuzzing,
specifically replacing the secret->public key derivation with a
simple copy and ECDH with XOR of the public and private parts
(plus a stream of 1s to make a test pass that expected non-0
output).

It leaves secret tweak addition/multiplication as-is.

It also changes the context creation to over-allocate and store
the context flags at the end of the context buffer, allowing us
to easily test context flags in each function.

While it would be nice to have something fancier (eg XOR-based),
its not immediately obvious how to accomplish this, and better to
fix the issues I have than spend too much time on it.

Fixes #271.

This partially reverts b811ec133a
2021-06-08 19:17:08 +00:00
Gregory Hill c86808fac7
use core instead of std for wasm sanity checks
Signed-off-by: Gregory Hill <gregorydhill@outlook.com>
2021-01-20 14:55:48 +00:00
Andrew Poelstra 65ff814a39 rename `rust_secp_fuzz` to `fuzzing` 2021-01-11 19:14:42 +00:00
Andrew Poelstra d12be7966c drop unnecessary no_mangle annotations on non-exported functions 2020-12-29 19:30:59 +00:00
Andrew Poelstra a93d671d05 update libsecp to 98dac87839838b86094f1bccc71cc20e67b146cc 2020-12-29 17:15:51 +00:00
Andrew Poelstra a9049f8eb2
Merge pull request #266 from junderw/patch-1
Fix link_name for secp256k1_ec_seckey_negate
2020-12-29 17:12:36 +00:00
Andrew Poelstra 75d717729a fuzz: fix elichai's nits 2020-12-28 19:01:12 +00:00
Andrew Poelstra 96862b6a74 fuzz: implement recoverable signatures, get all tests passing, run them in CI 2020-12-28 18:42:46 +00:00
Jonathan Underwood 51bc0b1c0c
Fix link_name for secp256k1_ec_seckey_negate 2020-12-28 15:06:18 +09:00
Andrew Poelstra b811ec133a fuzz: only replace signing and verification, leave everything else alone
We can now run unit tests with the fuzz feature on, and they'll pass,
which is some assurance that fuzzing with the feature on won't lead to
spurious failures due to the fuzz harness inadequately simulating message
signing.
2020-12-23 17:59:52 +00:00
Andrew Poelstra 40c31342f2 ffi: make function types nullable 2020-12-23 17:59:52 +00:00
Andrew Poelstra 29316efff5 add warning about fuzzing being enabled 2020-12-22 17:34:50 +00:00
Andrew Poelstra 85075a654c replace `fuzztarget` Cargo feature with a rustc --cfg flag
It's super dangerous to use Cargo features for this, since they can be set
accidentally (or maliciously by any crate in a user's entire dep tree). Instead
we can just require users set `RUSTFLAGS` appropriately, which we can easily
do in our fuzzing scripts.
2020-12-22 15:42:02 +00:00
Andrew Poelstra d77483f00e replace cargo `external-symbols` feature with a rustc --cfg flag
This feature was not useful for Cargo users, since Cargo does not give you
the kind of fine-grained control over C library linkage that you need. So
it was just unnecessarily confusing and would cause the build to break if
you enabled it accidentally, say, with --all-features.
2020-12-22 15:35:16 +00:00
Tobin Harding 02dec3eb9b
Implement AsRef instead of custom method
Clippy emits a warning since we define a method that has the same name
as a standard trait. Implement the trait `AsRef` instead of using a
custom method.
2020-12-22 12:56:11 +11:00
Tobin Harding 3afc172096
Conditionally compile fn strlen
`strlen` is only used under certain feature flags, use `cfg` to
conditionally build it in.

Clears clippy warning.
2020-12-22 12:55:37 +11:00
Tobin Harding 617bff9df3
Conditionally include ALIGN_TO
This const is only used under specific features, use `cfg` to
conditionally build it in.

Removes clippy warning.
2020-12-22 12:54:08 +11:00
Tobin Harding f67081a01c
Allow unnecessary parentheses
Clippy emits:

	warning: unnecessary parentheses around assigned value

Add a attribute to allow unnecessary parentheses.
2020-12-22 12:53:29 +11:00
Elichai Turkel 7b99784837
Add AligneType and redo secp256k1_context_create with alloc 2020-12-18 12:48:16 +02:00
Andrew Poelstra 0ec8fab82c stop explicitly casting references to rawptrs 2020-11-30 02:47:34 +00:00
Andrew Poelstra 12b0abbcf8 make `ffi::Type::new` functions all unsafe, expand documentation 2020-11-27 18:42:12 +00:00