Release tracking PR: secp256k1-sys v0.12.0

Cargo-minimal.lock

@@ -223,7 +223,7 @@ dependencies = [
 
 [[package]]
 name = "secp256k1-sys"
-version = "0.11.0"
+version = "0.12.0"
 dependencies = [
  "cc",
  "libc",

Cargo-recent.lock

@@ -214,7 +214,7 @@ dependencies = [
 
 [[package]]
 name = "secp256k1-sys"
-version = "0.11.0"
+version = "0.12.0"
 dependencies = [
  "cc",
  "libc",

Cargo.toml

@@ -31,7 +31,7 @@ global-context-less-secure = ["global-context"]
 arbitrary = ["dep:arbitrary"]
 
 [dependencies]
-secp256k1-sys = { version = "0.11.0", default-features = false, path = "./secp256k1-sys" }
+secp256k1-sys = { version = "0.12.0", default-features = false, path = "./secp256k1-sys" }
 
 arbitrary = { version = "1.4", optional = true }
 rand = { version = "0.9", default-features = false, optional = true }

secp256k1-sys/CHANGELOG.md

@@ -1,3 +1,10 @@
+# 0.12.0 - 2025-10-10
+
+* Fix lowmemory feature [#799](https://github.com/rust-bitcoin/rust-secp256k1/pull/799)
+* Add support for MuSig2, initial PR
+  [#716](https://github.com/rust-bitcoin/rust-secp256k1/pull/716) then
+  a bunch of follow up PRs. See `../CHANGELOG.md` for full listing.
+
 # 0.10.0 - 2024-03-28
 
 * Bump MSRV to Rust `v1.56.1` [#693](https://github.com/rust-bitcoin/rust-secp256k1/pull/693)

secp256k1-sys/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "secp256k1-sys"
-version = "0.11.0"
+version = "0.12.0"
 authors = [ "Dawid Ciężarkiewicz <[email protected]>",
             "Andrew Poelstra <[email protected]>",
             "Steven Roose <[email protected]>" ]
@@ -12,7 +12,7 @@ description = "FFI for Pieter Wuille's `libsecp256k1` library."
 keywords = [ "secp256k1", "libsecp256k1", "ffi" ]
 readme = "README.md"
 build = "build.rs"
-links = "rustsecp256k1_v0_11"
+links = "rustsecp256k1_v0_12"
 edition = "2021"
 rust-version = "1.63.0"
 

secp256k1-sys/depend/secp256k1/CONTRIBUTING.md

@@ -44,11 +44,11 @@ The Contributor Workflow & Peer Review in libsecp256k1 are similar to Bitcoin Co
 
 In addition, libsecp256k1 tries to maintain the following coding conventions:
 
-* No runtime heap allocation (e.g., no `malloc`) unless explicitly requested by the caller (via `rustsecp256k1_v0_11_context_create` or `rustsecp256k1_v0_11_scratch_space_create`, for example). Moreover, it should be possible to use the library without any heap allocations.
+* No runtime heap allocation (e.g., no `malloc`) unless explicitly requested by the caller (via `rustsecp256k1_v0_12_context_create` or `rustsecp256k1_v0_12_scratch_space_create`, for example). Moreover, it should be possible to use the library without any heap allocations.
 * The tests should cover all lines and branches of the library (see [Test coverage](#coverage)).
 * Operations involving secret data should be tested for being constant time with respect to the secrets (see [src/ctime_tests.c](src/ctime_tests.c)).
 * Local variables containing secret data should be cleared explicitly to try to delete secrets from memory.
-* Use `rustsecp256k1_v0_11_memcmp_var` instead of `memcmp` (see [#823](https://github.com/bitcoin-core/secp256k1/issues/823)).
+* Use `rustsecp256k1_v0_12_memcmp_var` instead of `memcmp` (see [#823](https://github.com/bitcoin-core/secp256k1/issues/823)).
 * As a rule of thumb, the default values for configuration options should target standard desktop machines and align with Bitcoin Core's defaults, and the tests should mostly exercise the default configuration (see [#1549](https://github.com/bitcoin-core/secp256k1/issues/1549#issuecomment-2200559257)).
 
 #### Style conventions
@@ -72,7 +72,7 @@ In addition, libsecp256k1 tries to maintain the following coding conventions:
 * Use `void *ptr` instead of `void* ptr`.
 * Arguments of the publicly-facing API must have a specific order defined in [include/secp256k1.h](include/secp256k1.h).
 * User-facing comment lines in headers should be limited to 80 chars if possible.
-* All identifiers in file scope should start with `rustsecp256k1_v0_11_`.
+* All identifiers in file scope should start with `rustsecp256k1_v0_12_`.
 * Avoid trailing whitespace.
 
 ### Tests

secp256k1-sys/depend/secp256k1/Makefile.am

@@ -6,7 +6,7 @@ AM_CFLAGS = $(SECP_CFLAGS)
 
 lib_LTLIBRARIES = libsecp256k1.la
 include_HEADERS = include/secp256k1.h
-include_HEADERS += include/rustsecp256k1_v0_11_preallocated.h
+include_HEADERS += include/rustsecp256k1_v0_12_preallocated.h
 noinst_HEADERS =
 noinst_HEADERS += src/scalar.h
 noinst_HEADERS += src/scalar_4x64.h
@@ -63,7 +63,7 @@ noinst_HEADERS += src/hash_impl.h
 noinst_HEADERS += src/field.h
 noinst_HEADERS += src/field_impl.h
 noinst_HEADERS += src/bench.h
-noinst_HEADERS += src/wycheproof/ecdsa_rustsecp256k1_v0_11_sha256_bitcoin_test.h
+noinst_HEADERS += src/wycheproof/ecdsa_rustsecp256k1_v0_12_sha256_bitcoin_test.h
 noinst_HEADERS += src/hsort.h
 noinst_HEADERS += src/hsort_impl.h
 noinst_HEADERS += contrib/lax_der_parsing.h
@@ -72,15 +72,15 @@ noinst_HEADERS += contrib/lax_der_privatekey_parsing.h
 noinst_HEADERS += contrib/lax_der_privatekey_parsing.c
 noinst_HEADERS += examples/examples_util.h
 
-PRECOMPUTED_LIB = librustsecp256k1_v0_11_precomputed.la
+PRECOMPUTED_LIB = librustsecp256k1_v0_12_precomputed.la
 noinst_LTLIBRARIES = $(PRECOMPUTED_LIB)
-librustsecp256k1_v0_11_precomputed_la_SOURCES =  src/precomputed_ecmult.c src/precomputed_ecmult_gen.c
-# We need `-I$(top_srcdir)/src` in VPATH builds if librustsecp256k1_v0_11_precomputed_la_SOURCES have been recreated in the build tree.
+librustsecp256k1_v0_12_precomputed_la_SOURCES =  src/precomputed_ecmult.c src/precomputed_ecmult_gen.c
+# We need `-I$(top_srcdir)/src` in VPATH builds if librustsecp256k1_v0_12_precomputed_la_SOURCES have been recreated in the build tree.
 # This helps users and packagers who insist on recreating the precomputed files (e.g., Gentoo).
-librustsecp256k1_v0_11_precomputed_la_CPPFLAGS = -I$(top_srcdir)/src $(SECP_CONFIG_DEFINES)
+librustsecp256k1_v0_12_precomputed_la_CPPFLAGS = -I$(top_srcdir)/src $(SECP_CONFIG_DEFINES)
 
 if USE_EXTERNAL_ASM
-COMMON_LIB = librustsecp256k1_v0_11_common.la
+COMMON_LIB = librustsecp256k1_v0_12_common.la
 else
 COMMON_LIB =
 endif
@@ -91,14 +91,14 @@ pkgconfig_DATA = libsecp256k1.pc
 
 if USE_EXTERNAL_ASM
 if USE_ASM_ARM
-librustsecp256k1_v0_11_common_la_SOURCES = src/asm/field_10x26_arm.s
+librustsecp256k1_v0_12_common_la_SOURCES = src/asm/field_10x26_arm.s
 endif
 endif
 
-librustsecp256k1_v0_11_la_SOURCES = src/secp256k1.c
-librustsecp256k1_v0_11_la_CPPFLAGS = $(SECP_CONFIG_DEFINES)
-librustsecp256k1_v0_11_la_LIBADD = $(COMMON_LIB) $(PRECOMPUTED_LIB)
-librustsecp256k1_v0_11_la_LDFLAGS = -no-undefined -version-info $(LIB_VERSION_CURRENT):$(LIB_VERSION_REVISION):$(LIB_VERSION_AGE)
+librustsecp256k1_v0_12_la_SOURCES = src/secp256k1.c
+librustsecp256k1_v0_12_la_CPPFLAGS = $(SECP_CONFIG_DEFINES)
+librustsecp256k1_v0_12_la_LIBADD = $(COMMON_LIB) $(PRECOMPUTED_LIB)
+librustsecp256k1_v0_12_la_LDFLAGS = -no-undefined -version-info $(LIB_VERSION_CURRENT):$(LIB_VERSION_REVISION):$(LIB_VERSION_AGE)
 
 noinst_PROGRAMS =
 if USE_BENCHMARK
@@ -247,11 +247,11 @@ maintainer-clean-local: clean-precomp
 
 ### Pregenerated test vectors
 ### (see the comments in the previous section for detailed rationale)
-TESTVECTORS = src/wycheproof/ecdsa_rustsecp256k1_v0_11_sha256_bitcoin_test.h
+TESTVECTORS = src/wycheproof/ecdsa_rustsecp256k1_v0_12_sha256_bitcoin_test.h
 
-src/wycheproof/ecdsa_rustsecp256k1_v0_11_sha256_bitcoin_test.h:
+src/wycheproof/ecdsa_rustsecp256k1_v0_12_sha256_bitcoin_test.h:
 	mkdir -p $(@D)
-	python3 $(top_srcdir)/tools/tests_wycheproof_generate.py $(top_srcdir)/src/wycheproof/ecdsa_rustsecp256k1_v0_11_sha256_bitcoin_test.json > $@
+	python3 $(top_srcdir)/tools/tests_wycheproof_generate.py $(top_srcdir)/src/wycheproof/ecdsa_rustsecp256k1_v0_12_sha256_bitcoin_test.json > $@
 
 testvectors: $(TESTVECTORS)
 
@@ -271,10 +271,10 @@ EXTRA_DIST += sage/gen_exhaustive_groups.sage
 EXTRA_DIST += sage/gen_split_lambda_constants.sage
 EXTRA_DIST += sage/group_prover.sage
 EXTRA_DIST += sage/prove_group_implementations.sage
-EXTRA_DIST += sage/rustsecp256k1_v0_11_params.sage
+EXTRA_DIST += sage/rustsecp256k1_v0_12_params.sage
 EXTRA_DIST += sage/weierstrass_prover.sage
 EXTRA_DIST += src/wycheproof/WYCHEPROOF_COPYING
-EXTRA_DIST += src/wycheproof/ecdsa_rustsecp256k1_v0_11_sha256_bitcoin_test.json
+EXTRA_DIST += src/wycheproof/ecdsa_rustsecp256k1_v0_12_sha256_bitcoin_test.json
 EXTRA_DIST += tools/tests_wycheproof_generate.py
 
 if ENABLE_MODULE_ECDH

secp256k1-sys/depend/secp256k1/cmake/TryAppendCFlags.cmake

@@ -1,6 +1,6 @@
 include(CheckCCompilerFlag)
 
-function(rustsecp256k1_v0_11_check_c_flags_internal flags output)
+function(rustsecp256k1_v0_12_check_c_flags_internal flags output)
   string(MAKE_C_IDENTIFIER "${flags}" result)
   string(TOUPPER "${result}" result)
   set(result "C_SUPPORTS_${result}")
@@ -17,7 +17,7 @@ endfunction()
 
 # Append flags to the COMPILE_OPTIONS directory property if CC accepts them.
 macro(try_append_c_flags)
-  rustsecp256k1_v0_11_check_c_flags_internal("${ARGV}" result)
+  rustsecp256k1_v0_12_check_c_flags_internal("${ARGV}" result)
   if(result)
     add_compile_options(${ARGV})
   endif()

secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.c

@@ -7,18 +7,18 @@
 #include <string.h>
 
 #include "lax_der_parsing.h"
-extern int rustsecp256k1_v0_11_ecdsa_signature_parse_compact(
-        const rustsecp256k1_v0_11_context *ctx,
-        rustsecp256k1_v0_11_ecdsa_signature *sig, const unsigned char *input64);
-int rustsecp256k1_v0_11_ecdsa_signature_parse_der_lax(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) {
+extern int rustsecp256k1_v0_12_ecdsa_signature_parse_compact(
+        const rustsecp256k1_v0_12_context *ctx,
+        rustsecp256k1_v0_12_ecdsa_signature *sig, const unsigned char *input64);
+int rustsecp256k1_v0_12_ecdsa_signature_parse_der_lax(const rustsecp256k1_v0_12_context* ctx, rustsecp256k1_v0_12_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) {
     size_t rpos, rlen, spos, slen;
     size_t pos = 0;
     size_t lenbyte;
     unsigned char tmpsig[64] = {0};
     int overflow = 0;
 
     /* Hack to initialize sig with a correctly-parsed but invalid signature. */
-    rustsecp256k1_v0_11_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
+    rustsecp256k1_v0_12_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
 
     /* Sequence tag byte */
     if (pos == inputlen || input[pos] != 0x30) {
@@ -139,11 +139,11 @@ int rustsecp256k1_v0_11_ecdsa_signature_parse_der_lax(const rustsecp256k1_v0_11_
     }
 
     if (!overflow) {
-        overflow = !rustsecp256k1_v0_11_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
+        overflow = !rustsecp256k1_v0_12_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
     }
     if (overflow) {
         memset(tmpsig, 0, 64);
-        rustsecp256k1_v0_11_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
+        rustsecp256k1_v0_12_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
     }
     return 1;
 }

secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.h

@@ -26,8 +26,8 @@
  * certain violations are easily supported. You may need to adapt it.
  *
  * Do not use this for new systems. Use well-defined DER or compact signatures
- * instead if you have the choice (see rustsecp256k1_v0_11_ecdsa_signature_parse_der and
- * rustsecp256k1_v0_11_ecdsa_signature_parse_compact).
+ * instead if you have the choice (see rustsecp256k1_v0_12_ecdsa_signature_parse_der and
+ * rustsecp256k1_v0_12_ecdsa_signature_parse_compact).
  *
  * The supported violations are:
  * - All numbers are parsed as nonnegative integers, even though X.609-0207
@@ -83,9 +83,9 @@ extern "C" {
  *  encoded numbers are out of range, signature validation with it is
  *  guaranteed to fail for every message and public key.
  */
-int rustsecp256k1_v0_11_ecdsa_signature_parse_der_lax(
-    const rustsecp256k1_v0_11_context* ctx,
-    rustsecp256k1_v0_11_ecdsa_signature* sig,
+int rustsecp256k1_v0_12_ecdsa_signature_parse_der_lax(
+    const rustsecp256k1_v0_12_context* ctx,
+    rustsecp256k1_v0_12_ecdsa_signature* sig,
     const unsigned char *input,
     size_t inputlen
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);

secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.c

@@ -8,7 +8,7 @@
 
 #include "lax_der_privatekey_parsing.h"
 
-int ec_privkey_import_der(const rustsecp256k1_v0_11_context* ctx, unsigned char *out32, const unsigned char *privkey, size_t privkeylen) {
+int ec_privkey_import_der(const rustsecp256k1_v0_12_context* ctx, unsigned char *out32, const unsigned char *privkey, size_t privkeylen) {
     const unsigned char *end = privkey + privkeylen;
     int lenb = 0;
     int len = 0;
@@ -45,17 +45,17 @@ int ec_privkey_import_der(const rustsecp256k1_v0_11_context* ctx, unsigned char
         return 0;
     }
     if (privkey[1]) memcpy(out32 + 32 - privkey[1], privkey + 2, privkey[1]);
-    if (!rustsecp256k1_v0_11_ec_seckey_verify(ctx, out32)) {
+    if (!rustsecp256k1_v0_12_ec_seckey_verify(ctx, out32)) {
         memset(out32, 0, 32);
         return 0;
     }
     return 1;
 }
 
-int ec_privkey_export_der(const rustsecp256k1_v0_11_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed) {
-    rustsecp256k1_v0_11_pubkey pubkey;
+int ec_privkey_export_der(const rustsecp256k1_v0_12_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed) {
+    rustsecp256k1_v0_12_pubkey pubkey;
     size_t pubkeylen = 0;
-    if (!rustsecp256k1_v0_11_ec_pubkey_create(ctx, &pubkey, key32)) {
+    if (!rustsecp256k1_v0_12_ec_pubkey_create(ctx, &pubkey, key32)) {
         *privkeylen = 0;
         return 0;
     }
@@ -79,7 +79,7 @@ int ec_privkey_export_der(const rustsecp256k1_v0_11_context *ctx, unsigned char
         memcpy(ptr, key32, 32); ptr += 32;
         memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle);
         pubkeylen = 33;
-        rustsecp256k1_v0_11_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED);
+        rustsecp256k1_v0_12_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED);
         ptr += pubkeylen;
         *privkeylen = ptr - privkey;
     } else {
@@ -104,7 +104,7 @@ int ec_privkey_export_der(const rustsecp256k1_v0_11_context *ctx, unsigned char
         memcpy(ptr, key32, 32); ptr += 32;
         memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle);
         pubkeylen = 65;
-        rustsecp256k1_v0_11_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_UNCOMPRESSED);
+        rustsecp256k1_v0_12_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_UNCOMPRESSED);
         ptr += pubkeylen;
         *privkeylen = ptr - privkey;
     }

secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.h

@@ -43,7 +43,7 @@ extern "C" {
 /** Export a private key in DER format.
  *
  *  Returns: 1 if the private key was valid.
- *  Args: ctx:        pointer to a context object (not rustsecp256k1_v0_11_context_static).
+ *  Args: ctx:        pointer to a context object (not rustsecp256k1_v0_12_context_static).
  *  Out: privkey:     pointer to an array for storing the private key in BER.
  *                    Should have space for 279 bytes, and cannot be NULL.
  *       privkeylen:  Pointer to an int where the length of the private key in
@@ -57,10 +57,10 @@ extern "C" {
  *  simple 32-byte private keys are sufficient.
  *
  *  Note that this function does not guarantee correct DER output. It is
- *  guaranteed to be parsable by rustsecp256k1_v0_11_ec_privkey_import_der
+ *  guaranteed to be parsable by rustsecp256k1_v0_12_ec_privkey_import_der
  */
 SECP256K1_WARN_UNUSED_RESULT int ec_privkey_export_der(
-    const rustsecp256k1_v0_11_context* ctx,
+    const rustsecp256k1_v0_12_context* ctx,
     unsigned char *privkey,
     size_t *privkeylen,
     const unsigned char *seckey,
@@ -82,7 +82,7 @@ SECP256K1_WARN_UNUSED_RESULT int ec_privkey_export_der(
  * key.
  */
 SECP256K1_WARN_UNUSED_RESULT int ec_privkey_import_der(
-    const rustsecp256k1_v0_11_context* ctx,
+    const rustsecp256k1_v0_12_context* ctx,
     unsigned char *seckey,
     const unsigned char *privkey,
     size_t privkeylen

secp256k1-sys/depend/secp256k1/doc/ellswift.md

@@ -144,8 +144,8 @@ but the approach here is simple enough and gives fairly uniform output even in t
 **Note**: in the paper these conditions result in $\infty$ as output, due to the use of projective coordinates there.
 We wish to avoid the need for callers to deal with this special case.
 
-This is implemented in `rustsecp256k1_v0_11_ellswift_xswiftec_frac_var` (which decodes to an x-coordinate represented as a fraction), and
-in `rustsecp256k1_v0_11_ellswift_xswiftec_var` (which outputs the actual x-coordinate).
+This is implemented in `rustsecp256k1_v0_12_ellswift_xswiftec_frac_var` (which decodes to an x-coordinate represented as a fraction), and
+in `rustsecp256k1_v0_12_ellswift_xswiftec_var` (which outputs the actual x-coordinate).
 
 ## 3. The encoding function
 
@@ -247,7 +247,7 @@ the loop can be simplified to only compute one of the inverses instead of all of
   * Let $t = G_{c,u}(x).$
   * If $t \neq \bot$, return $(u, t)$; restart loop otherwise.
 
-This is implemented in `rustsecp256k1_v0_11_ellswift_xelligatorswift_var`.
+This is implemented in `rustsecp256k1_v0_12_ellswift_xelligatorswift_var`.
 
 ### 3.3 Finding the inverse
 
@@ -388,7 +388,7 @@ Specialized for odd-ordered $a=0$ curves:
   * If $c \in \\{4, 6\\}:$ return $w(\frac{-\sqrt{-3}+1}{2}u + v).$
   * If $c \in \\{5, 7\\}:$ return $w(\frac{-\sqrt{-3}-1}{2}u - v).$
 
-This is implemented in `rustsecp256k1_v0_11_ellswift_xswiftec_inv_var`.
+This is implemented in `rustsecp256k1_v0_12_ellswift_xswiftec_inv_var`.
 
 And the x-only ElligatorSwift encoding algorithm is still:
 
@@ -471,11 +471,11 @@ as decoder:
 * Let $y = \sqrt{g(x)}.$
 * Return $(x, y)$ if $sign(y) = sign(t)$; $(x, -y)$ otherwise.
 
-This is implemented in `rustsecp256k1_v0_11_ellswift_swiftec_var`. The used $sign(x)$ function is the parity of $x$ when represented as in integer in $[0,q).$
+This is implemented in `rustsecp256k1_v0_12_ellswift_swiftec_var`. The used $sign(x)$ function is the parity of $x$ when represented as in integer in $[0,q).$
 
 The corresponding encoder would invoke the x-only one, but negating the output $t$ if $sign(t) \neq sign(y).$
 
-This is implemented in `rustsecp256k1_v0_11_ellswift_elligatorswift_var`.
+This is implemented in `rustsecp256k1_v0_12_ellswift_elligatorswift_var`.
 
 Note that this is only intended for encoding points where both the x-coordinate and y-coordinate are unpredictable. When encoding x-only points
 where the y-coordinate is implicitly even (or implicitly square, or implicitly in $[0,q/2]$), the encoder in