Upgrade secp to 0.32.0

tcharding · tcharding · commit 8cddc2feba2d · 2025-09-09T14:27:03.000+10:00
Based on the release tracking PR rust-bitcoin/rust-secp256k1#843 Just do the build errors, lint warnings done next.
diff --git a/Cargo.toml b/Cargo.toml
@@ -2,8 +2,5 @@
 members = ["addresses", "base58", "bitcoin", "chacha20_poly1305", "consensus_encoding", "fuzz", "hashes", "internals", "io", "p2p", "primitives", "units"]
 resolver = "2"
 
-# Keep this patch for hashes because secp256k1 depends on bitcoin-hashes via crates.io
-# This allows testing changes to hashes with secp256k1
-# See https://github.com/rust-bitcoin/rust-bitcoin/pull/4284#pullrequestreview-2714442229
-[patch.crates-io.bitcoin_hashes]
-path = "hashes"
+[patch.crates-io.secp256k1]
+path = "../rust-secp256k1"
diff --git a/bitcoin/Cargo.toml b/bitcoin/Cargo.toml
@@ -33,7 +33,7 @@ hex = { package = "hex-conservative", version = "0.3.0", default-features = fals
 internals = { package = "bitcoin-internals", path = "../internals", features = ["alloc", "hex"] }
 io = { package = "bitcoin-io", path = "../io", default-features = false, features = ["alloc", "hashes"] }
 primitives = { package = "bitcoin-primitives", path = "../primitives", default-features = false, features = ["alloc", "hex"] }
-secp256k1 = { version = "0.31.1", default-features = false, features = ["hashes", "alloc", "rand"] }
+secp256k1 = { version = "0.32.0", default-features = false, features = ["alloc", "rand"] }
 units = { package = "bitcoin-units", path = "../units", default-features = false, features = ["alloc"] }
 
 arbitrary = { version = "1.4.1", optional = true }
diff --git a/bitcoin/examples/taproot-psbt.rs b/bitcoin/examples/taproot-psbt.rs
@@ -746,7 +746,7 @@ fn sign_psbt_taproot(
     sighash_type: TapSighashType,
     secp: &Secp256k1<secp256k1::All>,
 ) {
-    let keypair = secp256k1::Keypair::from_seckey_byte_array(secp, secret_key.secret_bytes()).unwrap();
+    let keypair = secp256k1::Keypair::from_seckey_byte_array(secret_key.secret_bytes()).unwrap();
     let keypair = match leaf_hash {
         None => keypair.tap_tweak(secp, psbt_input.tap_merkle_root).to_keypair(),
         Some(_) => keypair, // no tweak for script spend
diff --git a/bitcoin/src/bip32.rs b/bitcoin/src/bip32.rs
@@ -745,7 +745,7 @@ impl Xpriv {
     /// Constructs a new BIP-0340 keypair for Schnorr signatures and Taproot use matching the internal
     /// secret key representation.
     pub fn to_keypair<C: secp256k1::Signing>(self, secp: &Secp256k1<C>) -> Keypair {
-        Keypair::from_seckey_byte_array(secp, self.private_key.secret_bytes())
+        Keypair::from_seckey_byte_array(self.private_key.secret_bytes())
             .expect("BIP-0032 internal private key representation is broken")
     }
 
@@ -961,7 +961,7 @@ impl Xpub {
     ) -> Result<Xpub, DerivationError> {
         let (sk, chain_code) = self.ckd_pub_tweak(i)?;
         let tweaked =
-            self.public_key.add_exp_tweak(secp, &sk.into()).expect("cryptographically unreachable");
+            self.public_key.add_exp_tweak(&sk.into()).expect("cryptographically unreachable");
 
         Ok(Xpub {
             network: self.network,
diff --git a/bitcoin/src/crypto/key.rs b/bitcoin/src/crypto/key.rs
@@ -326,7 +326,7 @@ impl PublicKey {
         msg: secp256k1::Message,
         sig: ecdsa::Signature,
     ) -> Result<(), secp256k1::Error> {
-        secp.verify_ecdsa(msg, &sig.signature, &self.inner)
+        secp.verify_ecdsa(&sig.signature, msg, &self.inner)
     }
 }
 
@@ -468,7 +468,7 @@ impl CompressedPublicKey {
         msg: secp256k1::Message,
         sig: ecdsa::Signature,
     ) -> Result<(), secp256k1::Error> {
-        Ok(secp.verify_ecdsa(msg, &sig.signature, &self.0)?)
+        Ok(secp.verify_ecdsa(&sig.signature, msg, &self.0)?)
     }
 }
 
diff --git a/bitcoin/src/sign_message.rs b/bitcoin/src/sign_message.rs
@@ -104,7 +104,7 @@ mod message_signing {
         pub fn serialize(&self) -> [u8; 65] {
             let (recid, raw) = self.signature.serialize_compact();
             let mut serialized = [0u8; 65];
-            serialized[0] = i32::from(recid) as u8 + if self.compressed { 31 } else { 27 };
+            serialized[0] = recid.to_u8() + if self.compressed { 31 } else { 27 };
             serialized[1..].copy_from_slice(&raw[..]);
             serialized
         }
@@ -139,7 +139,7 @@ mod message_signing {
             msg_hash: sha256d::Hash,
         ) -> Result<PublicKey, MessageSignatureError> {
             let msg = secp256k1::Message::from_digest(msg_hash.to_byte_array());
-            let pubkey = secp_ctx.recover_ecdsa(msg, &self.signature)?;
+            let pubkey = self.signature.recover(msg)?;
             Ok(PublicKey { inner: pubkey, compressed: self.compressed })
         }
 
@@ -217,14 +217,15 @@ pub fn signed_msg_hash(msg: impl AsRef<[u8]>) -> sha256d::Hash {
 
 /// Sign message using Bitcoin's message signing format.
 #[cfg(feature = "secp-recovery")]
-pub fn sign<C: secp256k1::Signing>(
-    secp_ctx: &secp256k1::Secp256k1<C>,
+pub fn sign(
     msg: impl AsRef<[u8]>,
     privkey: SecretKey,
 ) -> MessageSignature {
+    use secp256k1::ecdsa::RecoverableSignature;
+
     let msg_hash = signed_msg_hash(msg);
     let msg_to_sign = secp256k1::Message::from_digest(msg_hash.to_byte_array());
-    let secp_sig = secp_ctx.sign_ecdsa_recoverable(msg_to_sign, &privkey);
+    let secp_sig = RecoverableSignature::sign_ecdsa_recoverable(msg_to_sign, &privkey);
     MessageSignature { signature: secp_sig, compressed: true }
 }
 
@@ -244,17 +245,19 @@ mod tests {
     #[test]
     #[cfg(all(feature = "secp-recovery", feature = "base64", feature = "rand-std"))]
     fn message_signature() {
+        use secp256k1::ecdsa::RecoverableSignature;
+
         use crate::{Address, AddressType, Network, NetworkKind};
 
         let secp = secp256k1::Secp256k1::new();
         let message = "rust-bitcoin MessageSignature test";
         let msg_hash = super::signed_msg_hash(message);
         let msg = secp256k1::Message::from_digest(msg_hash.to_byte_array());
         let privkey = secp256k1::SecretKey::new(&mut secp256k1::rand::rng());
-        let secp_sig = secp.sign_ecdsa_recoverable(msg, &privkey);
+        let secp_sig = RecoverableSignature::sign_ecdsa_recoverable(msg, &privkey);
         let signature = super::MessageSignature { signature: secp_sig, compressed: true };
 
-        assert_eq!(signature.to_string(), super::sign(&secp, message, privkey).to_string());
+        assert_eq!(signature.to_string(), super::sign(message, privkey).to_string());
         assert_eq!(signature.to_base64(), signature.to_string());
         let signature2 = &signature.to_string().parse::<super::MessageSignature>().unwrap();
         let pubkey = signature2

Original file line number	Diff line number	Diff line change
`@@ -326,7 +326,7 @@ impl PublicKey {`
`326`	`326`	`msg: secp256k1::Message,`
`327`	`327`	`sig: ecdsa::Signature,`
`328`	`328`	`) -> Result<(), secp256k1::Error> {`
`329`		`- secp.verify_ecdsa(msg, &sig.signature, &self.inner)`
	`329`	`+ secp.verify_ecdsa(&sig.signature, msg, &self.inner)`
`330`	`330`	`}`
`331`	`331`	`}`
`332`	`332`
`@@ -468,7 +468,7 @@ impl CompressedPublicKey {`
`468`	`468`	`msg: secp256k1::Message,`
`469`	`469`	`sig: ecdsa::Signature,`
`470`	`470`	`) -> Result<(), secp256k1::Error> {`
`471`		`- Ok(secp.verify_ecdsa(msg, &sig.signature, &self.0)?)`
	`471`	`+ Ok(secp.verify_ecdsa(&sig.signature, msg, &self.0)?)`
`472`	`472`	`}`
`473`	`473`	`}`
`474`	`474`