rust-secp256k1-unsafe-fast/secp256k1-sys
kwantam 8fffbeab13
implement "non_secure_erase" methods
This PR implements a `non_secure_erase()` method on SecretKey,
KeyPair, SharedSecret, Scalar, and DisplaySecret. The purpose
of this method is to (attempt to) overwrite secret data with
valid default values. This method can be used by libraries
to implement Zeroize on structs containing secret values.

`non_secure_erase()` attempts to avoid being optimized away or
reordered using the same mechanism as the zeroize crate: first,
using `std::ptr::write_volatile` (which will not be optimized
away) to overwrite the memory, then using a memory fence to
prevent subtle issues due to load or store reordering.

Note, however, that this method is *very unlikely* to do anything
useful on its own. Effective use involves carefully placing these
values inside non-Copy structs and pinning those structs in place.
See the [`zeroize`](https://docs.rs/zeroize) documentation for tips
and tricks, and for further discussion.

[this commit includes a squashed-in commit from tcharding to fix docs
and helpful suggestions from apoelstra and Kixunil]
2023-02-21 08:56:03 -05:00
..
depend Upgrade the vendored libsecp256k1 code 2022-12-21 08:11:14 +11:00
src implement "non_secure_erase" methods 2023-02-21 08:56:03 -05:00
wasm Move WASM const definitions to a source file 2022-03-30 10:22:37 +11:00
CHANGELOG.md Bump secp256k1-sys version to 0.7.0 2022-12-12 09:13:00 +11:00
Cargo.toml implement "non_secure_erase" methods 2023-02-21 08:56:03 -05:00
LICENSE Add secp256k1-sys README and LICENSE files 2019-11-27 21:02:44 +00:00
README.md replace cargo `external-symbols` feature with a rustc --cfg flag 2020-12-22 15:35:16 +00:00
build.rs secp256k1-sys: Remove unused flags in build.rs 2022-11-24 13:38:40 +02:00
vendor-libsecp.sh Update Cargo.toml link in vendor script 2019-12-11 15:54:30 +00:00

README.md

secp256k1-sys

This crate provides Rust definitions for the FFI structures and methods.

Vendoring

The default build process is to build using the vendored libsecp256k1 sources in the depend folder. These sources are prefixed with a special rust-secp256k1-sys-specific prefix rustsecp256k1_v1_2_3_.

This prefix ensures that no symbol collision can happen:

  • when a Rust project has two different versions of rust-secp256k1 in its depepdency tree, or
  • when rust-secp256k1 is used for building a static library in a context where existing libsecp256k1 symbols are already linked.

To update the vendored sources, use the vendor-libsecp.sh script:

$ ./vendor-libsecp.sh depend <version-code> <rev>
  • Where <version-code> is the secp256k1-sys version number underscored: 0_1_2.
  • Where <rev> is the git revision of libsecp256k1 to checkout.

Linking to external symbols

If you want to compile this library without using the bundled symbols (which may be required for integration into other build systems), you can do so by adding --cfg=rust_secp_no_symbol_renaming' to your RUSTFLAGS variable.