Merge #590: Bump secp256k1-sys to v0.9.0

5ae136d Bump secp256k1-sys version to 0.8.1 (Tobin C. Harding)

Pull request description:

  We just bumped the version of `secp256k1`, since we recently added a new public function to `secp256k1-sys` we need to bump the minor version number there too.

  Should have been done as part of #588, its hard to get good help :)

ACKs for top commit:
  apoelstra:
    ACK 5ae136d

Tree-SHA512: e763257ede269544f4fd21fd76cf4279dff2dcb4835933652a796b0ad54f364f9a893c13c85b5d05acd6805bc51d98b639fa9c1330fad5fa2313d28aafc2bb60

Author: apoelstra

Cargo.toml

@@ -37,7 +37,7 @@ global-context = ["std"]
 global-context-less-secure = ["global-context"]
 
 [dependencies]
-secp256k1-sys = { version = "0.8.0", default-features = false, path = "./secp256k1-sys" }
+secp256k1-sys = { version = "0.8.1", default-features = false, path = "./secp256k1-sys" }
 serde = { version = "1.0", default-features = false, optional = true }
 
 # You likely only want to enable these if you explicitly do not want to use "std", otherwise enable

secp256k1-sys/CHANGELOG.md

@@ -1,3 +1,11 @@
+# 0.8.1 - 2023-13-16
+
+* [Implement `insecure-erase`](https://github.com/rust-bitcoin/rust-secp256k1/pull/582).
+
+# 0.8.0 - 2202-12-19
+
+* Update libsecp25k1 to v0.2.0
+
 # 0.7.0 - 2022-12-01
 
 * [Make comparison functions stable across library versions](https://github.com/rust-bitcoin/rust-secp256k1/pull/518)

secp256k1-sys/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "secp256k1-sys"
-version = "0.8.0"
+version = "0.8.1"
 authors = [ "Dawid Ciężarkiewicz <dpc@ucore.info>",
             "Andrew Poelstra <apoelstra@wpsoftware.net>",
             "Steven Roose <steven@stevenroose.org>" ]
@@ -12,7 +12,7 @@ description = "FFI for Pieter Wuille's `libsecp256k1` library."
 keywords = [ "secp256k1", "libsecp256k1", "ffi" ]
 readme = "README.md"
 build = "build.rs"
-links = "rustsecp256k1_v0_8_0"
+links = "rustsecp256k1_v0_8_1"
 edition = "2018"
 
 # Should make docs.rs show all functions, even those behind non-default features

secp256k1-sys/depend/secp256k1/Makefile.am

@@ -8,7 +8,7 @@ AM_CFLAGS = $(SECP_CFLAGS)
 
 lib_LTLIBRARIES = libsecp256k1.la
 include_HEADERS = include/secp256k1.h
-include_HEADERS += include/rustsecp256k1_v0_8_0_preallocated.h
+include_HEADERS += include/rustsecp256k1_v0_8_1_preallocated.h
 noinst_HEADERS =
 noinst_HEADERS += src/scalar.h
 noinst_HEADERS += src/scalar_4x64.h
@@ -70,13 +70,13 @@ noinst_HEADERS += contrib/lax_der_privatekey_parsing.h
 noinst_HEADERS += contrib/lax_der_privatekey_parsing.c
 noinst_HEADERS += examples/random.h
 
-PRECOMPUTED_LIB = librustsecp256k1_v0_8_0_precomputed.la
+PRECOMPUTED_LIB = librustsecp256k1_v0_8_1_precomputed.la
 noinst_LTLIBRARIES = $(PRECOMPUTED_LIB)
-librustsecp256k1_v0_8_0_precomputed_la_SOURCES =  src/precomputed_ecmult.c src/precomputed_ecmult_gen.c
-librustsecp256k1_v0_8_0_precomputed_la_CPPFLAGS = $(SECP_INCLUDES)
+librustsecp256k1_v0_8_1_precomputed_la_SOURCES =  src/precomputed_ecmult.c src/precomputed_ecmult_gen.c
+librustsecp256k1_v0_8_1_precomputed_la_CPPFLAGS = $(SECP_INCLUDES)
 
 if USE_EXTERNAL_ASM
-COMMON_LIB = librustsecp256k1_v0_8_0_common.la
+COMMON_LIB = librustsecp256k1_v0_8_1_common.la
 else
 COMMON_LIB =
 endif
@@ -87,17 +87,17 @@ pkgconfig_DATA = libsecp256k1.pc
 
 if USE_EXTERNAL_ASM
 if USE_ASM_ARM
-librustsecp256k1_v0_8_0_common_la_SOURCES = src/asm/field_10x26_arm.s
+librustsecp256k1_v0_8_1_common_la_SOURCES = src/asm/field_10x26_arm.s
 endif
 endif
 
-librustsecp256k1_v0_8_0_la_SOURCES = src/secp256k1.c
-librustsecp256k1_v0_8_0_la_CPPFLAGS = $(SECP_INCLUDES)
-librustsecp256k1_v0_8_0_la_LIBADD = $(SECP_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB)
-librustsecp256k1_v0_8_0_la_LDFLAGS = -no-undefined -version-info $(LIB_VERSION_CURRENT):$(LIB_VERSION_REVISION):$(LIB_VERSION_AGE)
+librustsecp256k1_v0_8_1_la_SOURCES = src/secp256k1.c
+librustsecp256k1_v0_8_1_la_CPPFLAGS = $(SECP_INCLUDES)
+librustsecp256k1_v0_8_1_la_LIBADD = $(SECP_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB)
+librustsecp256k1_v0_8_1_la_LDFLAGS = -no-undefined -version-info $(LIB_VERSION_CURRENT):$(LIB_VERSION_REVISION):$(LIB_VERSION_AGE)
 
 if VALGRIND_ENABLED
-librustsecp256k1_v0_8_0_la_CPPFLAGS += -DVALGRIND
+librustsecp256k1_v0_8_1_la_CPPFLAGS += -DVALGRIND
 endif
 
 noinst_PROGRAMS =
@@ -223,7 +223,7 @@ EXTRA_DIST += sage/gen_exhaustive_groups.sage
 EXTRA_DIST += sage/gen_split_lambda_constants.sage
 EXTRA_DIST += sage/group_prover.sage
 EXTRA_DIST += sage/prove_group_implementations.sage
-EXTRA_DIST += sage/rustsecp256k1_v0_8_0_params.sage
+EXTRA_DIST += sage/rustsecp256k1_v0_8_1_params.sage
 EXTRA_DIST += sage/weierstrass_prover.sage
 
 if ENABLE_MODULE_ECDH

secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.c

@@ -8,15 +8,15 @@
 
 #include "lax_der_parsing.h"
 
-int rustsecp256k1_v0_8_0_ecdsa_signature_parse_der_lax(const rustsecp256k1_v0_8_0_context* ctx, rustsecp256k1_v0_8_0_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) {
+int rustsecp256k1_v0_8_1_ecdsa_signature_parse_der_lax(const rustsecp256k1_v0_8_1_context* ctx, rustsecp256k1_v0_8_1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) {
     size_t rpos, rlen, spos, slen;
     size_t pos = 0;
     size_t lenbyte;
     unsigned char tmpsig[64] = {0};
     int overflow = 0;
 
     /* Hack to initialize sig with a correctly-parsed but invalid signature. */
-    rustsecp256k1_v0_8_0_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
+    rustsecp256k1_v0_8_1_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
 
     /* Sequence tag byte */
     if (pos == inputlen || input[pos] != 0x30) {
@@ -137,11 +137,11 @@ int rustsecp256k1_v0_8_0_ecdsa_signature_parse_der_lax(const rustsecp256k1_v0_8_
     }
 
     if (!overflow) {
-        overflow = !rustsecp256k1_v0_8_0_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
+        overflow = !rustsecp256k1_v0_8_1_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
     }
     if (overflow) {
         memset(tmpsig, 0, 64);
-        rustsecp256k1_v0_8_0_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
+        rustsecp256k1_v0_8_1_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
     }
     return 1;
 }

secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.h

@@ -26,8 +26,8 @@
  * certain violations are easily supported. You may need to adapt it.
  *
  * Do not use this for new systems. Use well-defined DER or compact signatures
- * instead if you have the choice (see rustsecp256k1_v0_8_0_ecdsa_signature_parse_der and
- * rustsecp256k1_v0_8_0_ecdsa_signature_parse_compact).
+ * instead if you have the choice (see rustsecp256k1_v0_8_1_ecdsa_signature_parse_der and
+ * rustsecp256k1_v0_8_1_ecdsa_signature_parse_compact).
  *
  * The supported violations are:
  * - All numbers are parsed as nonnegative integers, even though X.609-0207
@@ -83,9 +83,9 @@ extern "C" {
  *  encoded numbers are out of range, signature validation with it is
  *  guaranteed to fail for every message and public key.
  */
-int rustsecp256k1_v0_8_0_ecdsa_signature_parse_der_lax(
-    const rustsecp256k1_v0_8_0_context* ctx,
-    rustsecp256k1_v0_8_0_ecdsa_signature* sig,
+int rustsecp256k1_v0_8_1_ecdsa_signature_parse_der_lax(
+    const rustsecp256k1_v0_8_1_context* ctx,
+    rustsecp256k1_v0_8_1_ecdsa_signature* sig,
     const unsigned char *input,
     size_t inputlen
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);

secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.c

@@ -8,7 +8,7 @@
 
 #include "lax_der_privatekey_parsing.h"
 
-int ec_privkey_import_der(const rustsecp256k1_v0_8_0_context* ctx, unsigned char *out32, const unsigned char *privkey, size_t privkeylen) {
+int ec_privkey_import_der(const rustsecp256k1_v0_8_1_context* ctx, unsigned char *out32, const unsigned char *privkey, size_t privkeylen) {
     const unsigned char *end = privkey + privkeylen;
     int lenb = 0;
     int len = 0;
@@ -45,17 +45,17 @@ int ec_privkey_import_der(const rustsecp256k1_v0_8_0_context* ctx, unsigned char
         return 0;
     }
     if (privkey[1]) memcpy(out32 + 32 - privkey[1], privkey + 2, privkey[1]);
-    if (!rustsecp256k1_v0_8_0_ec_seckey_verify(ctx, out32)) {
+    if (!rustsecp256k1_v0_8_1_ec_seckey_verify(ctx, out32)) {
         memset(out32, 0, 32);
         return 0;
     }
     return 1;
 }
 
-int ec_privkey_export_der(const rustsecp256k1_v0_8_0_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed) {
-    rustsecp256k1_v0_8_0_pubkey pubkey;
+int ec_privkey_export_der(const rustsecp256k1_v0_8_1_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed) {
+    rustsecp256k1_v0_8_1_pubkey pubkey;
     size_t pubkeylen = 0;
-    if (!rustsecp256k1_v0_8_0_ec_pubkey_create(ctx, &pubkey, key32)) {
+    if (!rustsecp256k1_v0_8_1_ec_pubkey_create(ctx, &pubkey, key32)) {
         *privkeylen = 0;
         return 0;
     }
@@ -79,7 +79,7 @@ int ec_privkey_export_der(const rustsecp256k1_v0_8_0_context *ctx, unsigned char
         memcpy(ptr, key32, 32); ptr += 32;
         memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle);
         pubkeylen = 33;
-        rustsecp256k1_v0_8_0_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED);
+        rustsecp256k1_v0_8_1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED);
         ptr += pubkeylen;
         *privkeylen = ptr - privkey;
     } else {
@@ -104,7 +104,7 @@ int ec_privkey_export_der(const rustsecp256k1_v0_8_0_context *ctx, unsigned char
         memcpy(ptr, key32, 32); ptr += 32;
         memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle);
         pubkeylen = 65;
-        rustsecp256k1_v0_8_0_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_UNCOMPRESSED);
+        rustsecp256k1_v0_8_1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_UNCOMPRESSED);
         ptr += pubkeylen;
         *privkeylen = ptr - privkey;
     }

secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.h

@@ -43,7 +43,7 @@ extern "C" {
 /** Export a private key in DER format.
  *
  *  Returns: 1 if the private key was valid.
- *  Args: ctx:        pointer to a context object (not rustsecp256k1_v0_8_0_context_static).
+ *  Args: ctx:        pointer to a context object (not rustsecp256k1_v0_8_1_context_static).
  *  Out: privkey:     pointer to an array for storing the private key in BER.
  *                    Should have space for 279 bytes, and cannot be NULL.
  *       privkeylen:  Pointer to an int where the length of the private key in
@@ -57,10 +57,10 @@ extern "C" {
  *  simple 32-byte private keys are sufficient.
  *
  *  Note that this function does not guarantee correct DER output. It is
- *  guaranteed to be parsable by rustsecp256k1_v0_8_0_ec_privkey_import_der
+ *  guaranteed to be parsable by rustsecp256k1_v0_8_1_ec_privkey_import_der
  */
 SECP256K1_WARN_UNUSED_RESULT int ec_privkey_export_der(
-    const rustsecp256k1_v0_8_0_context* ctx,
+    const rustsecp256k1_v0_8_1_context* ctx,
     unsigned char *privkey,
     size_t *privkeylen,
     const unsigned char *seckey,
@@ -82,7 +82,7 @@ SECP256K1_WARN_UNUSED_RESULT int ec_privkey_export_der(
  * key.
  */
 SECP256K1_WARN_UNUSED_RESULT int ec_privkey_import_der(
-    const rustsecp256k1_v0_8_0_context* ctx,
+    const rustsecp256k1_v0_8_1_context* ctx,
     unsigned char *seckey,
     const unsigned char *privkey,
     size_t privkeylen

secp256k1-sys/depend/secp256k1/examples/ecdh.c

@@ -27,19 +27,19 @@ int main(void) {
     unsigned char randomize[32];
     int return_val;
     size_t len;
-    rustsecp256k1_v0_8_0_pubkey pubkey1;
-    rustsecp256k1_v0_8_0_pubkey pubkey2;
+    rustsecp256k1_v0_8_1_pubkey pubkey1;
+    rustsecp256k1_v0_8_1_pubkey pubkey2;
 
     /* Before we can call actual API functions, we need to create a "context". */
-    rustsecp256k1_v0_8_0_context* ctx = rustsecp256k1_v0_8_0_context_create(SECP256K1_CONTEXT_NONE);
+    rustsecp256k1_v0_8_1_context* ctx = rustsecp256k1_v0_8_1_context_create(SECP256K1_CONTEXT_NONE);
     if (!fill_random(randomize, sizeof(randomize))) {
         printf("Failed to generate randomness\n");
         return 1;
     }
     /* Randomizing the context is recommended to protect against side-channel
-     * leakage See `rustsecp256k1_v0_8_0_context_randomize` in secp256k1.h for more
+     * leakage See `rustsecp256k1_v0_8_1_context_randomize` in secp256k1.h for more
      * information about it. This should never fail. */
-    return_val = rustsecp256k1_v0_8_0_context_randomize(ctx, randomize);
+    return_val = rustsecp256k1_v0_8_1_context_randomize(ctx, randomize);
     assert(return_val);
 
     /*** Key Generation ***/
@@ -52,27 +52,27 @@ int main(void) {
             printf("Failed to generate randomness\n");
             return 1;
         }
-        if (rustsecp256k1_v0_8_0_ec_seckey_verify(ctx, seckey1) && rustsecp256k1_v0_8_0_ec_seckey_verify(ctx, seckey2)) {
+        if (rustsecp256k1_v0_8_1_ec_seckey_verify(ctx, seckey1) && rustsecp256k1_v0_8_1_ec_seckey_verify(ctx, seckey2)) {
             break;
         }
     }
 
     /* Public key creation using a valid context with a verified secret key should never fail */
-    return_val = rustsecp256k1_v0_8_0_ec_pubkey_create(ctx, &pubkey1, seckey1);
+    return_val = rustsecp256k1_v0_8_1_ec_pubkey_create(ctx, &pubkey1, seckey1);
     assert(return_val);
-    return_val = rustsecp256k1_v0_8_0_ec_pubkey_create(ctx, &pubkey2, seckey2);
+    return_val = rustsecp256k1_v0_8_1_ec_pubkey_create(ctx, &pubkey2, seckey2);
     assert(return_val);
 
     /* Serialize pubkey1 in a compressed form (33 bytes), should always return 1 */
     len = sizeof(compressed_pubkey1);
-    return_val = rustsecp256k1_v0_8_0_ec_pubkey_serialize(ctx, compressed_pubkey1, &len, &pubkey1, SECP256K1_EC_COMPRESSED);
+    return_val = rustsecp256k1_v0_8_1_ec_pubkey_serialize(ctx, compressed_pubkey1, &len, &pubkey1, SECP256K1_EC_COMPRESSED);
     assert(return_val);
     /* Should be the same size as the size of the output, because we passed a 33 byte array. */
     assert(len == sizeof(compressed_pubkey1));
 
     /* Serialize pubkey2 in a compressed form (33 bytes) */
     len = sizeof(compressed_pubkey2);
-    return_val = rustsecp256k1_v0_8_0_ec_pubkey_serialize(ctx, compressed_pubkey2, &len, &pubkey2, SECP256K1_EC_COMPRESSED);
+    return_val = rustsecp256k1_v0_8_1_ec_pubkey_serialize(ctx, compressed_pubkey2, &len, &pubkey2, SECP256K1_EC_COMPRESSED);
     assert(return_val);
     /* Should be the same size as the size of the output, because we passed a 33 byte array. */
     assert(len == sizeof(compressed_pubkey2));
@@ -81,12 +81,12 @@ int main(void) {
 
     /* Perform ECDH with seckey1 and pubkey2. Should never fail with a verified
      * seckey and valid pubkey */
-    return_val = rustsecp256k1_v0_8_0_ecdh(ctx, shared_secret1, &pubkey2, seckey1, NULL, NULL);
+    return_val = rustsecp256k1_v0_8_1_ecdh(ctx, shared_secret1, &pubkey2, seckey1, NULL, NULL);
     assert(return_val);
 
     /* Perform ECDH with seckey2 and pubkey1. Should never fail with a verified
      * seckey and valid pubkey */
-    return_val = rustsecp256k1_v0_8_0_ecdh(ctx, shared_secret2, &pubkey1, seckey2, NULL, NULL);
+    return_val = rustsecp256k1_v0_8_1_ecdh(ctx, shared_secret2, &pubkey1, seckey2, NULL, NULL);
     assert(return_val);
 
     /* Both parties should end up with the same shared secret */
@@ -105,7 +105,7 @@ int main(void) {
     print_hex(shared_secret1, sizeof(shared_secret1));
 
     /* This will clear everything from the context and free the memory */
-    rustsecp256k1_v0_8_0_context_destroy(ctx);
+    rustsecp256k1_v0_8_1_context_destroy(ctx);
 
     /* It's best practice to try to clear secrets from memory after using them.
      * This is done because some bugs can allow an attacker to leak memory, for