Remove feature global-context-less-secure

Instead of providing a mechanism for users to opt out of randomization
we can just feature gate the call site i.e., opportunistically randomize
the global context on creation if `rand-std` feature is enabled.

Author: tcharding

Cargo.toml

@@ -26,8 +26,7 @@ alloc = []
 rand-std = ["rand/std"]
 recovery = ["secp256k1-sys/recovery"]
 lowmemory = ["secp256k1-sys/lowmemory"]
-global-context = ["std", "rand-std", "global-context-less-secure"]
-global-context-less-secure = []
+global-context = ["std"]
 
 [dependencies]
 secp256k1-sys = { version = "0.4.2", default-features = false, path = "./secp256k1-sys" }

src/context.rs

@@ -9,11 +9,11 @@ use Secp256k1;
 #[cfg_attr(docsrs, doc(cfg(any(feature = "std", feature = "alloc"))))]
 pub use self::alloc_only::*;
 
-#[cfg(feature = "global-context-less-secure")]
-#[cfg_attr(docsrs, doc(cfg(any(feature = "global-context", feature = "global-context-less-secure"))))]
+#[cfg(feature = "global-context")]
+#[cfg_attr(docsrs, doc(cfg(feature = "global-context")))]
 /// Module implementing a singleton pattern for a global `Secp256k1` context
 pub mod global {
-    #[cfg(feature = "global-context")]
+    #[cfg(feature = "rand-std")]
     use rand;
 
     use std::ops::Deref;
@@ -26,21 +26,29 @@ pub mod global {
         __private: (),
     }
 
-    /// A global, static context to avoid repeatedly creating contexts where one can't be passed
+    /// A global static context to avoid repeatedly creating contexts.
     ///
-    /// If the global-context feature is enabled (and not just the global-context-less-secure),
-    /// this will have been randomized.
+    /// If `rand-std` feature is enabled, context will have been randomized using `thread_rng`.
+    ///
+    /// ```
+    /// # #[cfg(all(feature = "global-context", feature = "rand-std"))] {
+    /// use secp256k1::{PublicKey, SECP256K1};
+    /// use secp256k1::rand::thread_rng;
+    /// let _ = SECP256K1.generate_keypair(&mut thread_rng());
+    /// # }
+    /// ```
     pub static SECP256K1: &GlobalContext = &GlobalContext { __private: () };
 
     impl Deref for GlobalContext {
         type Target = Secp256k1<All>;
 
+        #[allow(unused_mut)]    // Unused when `rand-std` is not enabled.
         fn deref(&self) -> &Self::Target {
             static ONCE: Once = Once::new();
             static mut CONTEXT: Option<Secp256k1<All>> = None;
             ONCE.call_once(|| unsafe {
                 let mut ctx = Secp256k1::new();
-                #[cfg(feature = "global-context")]
+                #[cfg(feature = "rand-std")]
                 {
                     ctx.randomize(&mut rand::thread_rng());
                 }

src/key.rs

@@ -639,7 +639,7 @@ impl Ord for PublicKey {
 /// feature active. This is due to security considerations, see the [`serde_keypair`] documentation
 /// for details.
 ///
-/// If the `serde` and `global-context[-less-secure]` features are active `KeyPair`s can be serialized and
+/// If the `serde` and `global-context` features are active `KeyPair`s can be serialized and
 /// deserialized by annotating them with `#[serde(with = "secp256k1::serde_keypair")]`
 /// inside structs or enums for which [`Serialize`] and [`Deserialize`] are being derived.
 ///
@@ -1318,7 +1318,7 @@ impl<'de> ::serde::Deserialize<'de> for XOnlyPublicKey {
 ///
 /// [`SecretKey`]: crate::SecretKey
 /// [global context]: crate::SECP256K1
-#[cfg(all(feature = "global-context-less-secure", feature = "serde"))]
+#[cfg(all(feature = "global-context", feature = "serde"))]
 pub mod serde_keypair {
     use serde::{Deserialize, Deserializer, Serialize, Serializer};
     use key::KeyPair;
@@ -1899,7 +1899,7 @@ mod test {
     }
 
     #[test]
-    #[cfg(all(feature = "global-context-less-secure", feature = "serde"))]
+    #[cfg(all(feature = "global-context", feature = "serde"))]
     fn test_serde_keypair() {
         use serde::{Deserialize, Deserializer, Serialize, Serializer};
         use serde_test::{Configure, Token, assert_tokens};

src/lib.rs

@@ -121,9 +121,7 @@
 //! * `rand-std` - use `rand` library with its `std` feature enabled. (Implies `rand`.)
 //! * `recovery` - enable functions that can compute the public key from signature.
 //! * `lowmemory` - optimize the library for low-memory environments.
-//! * `global-context` - enable use of global secp256k1 context. (Implies `std`, `rand-std` and
-//!                      `global-context-less-secure`.)
-//! * `global-context-less-secure` - enables global context without extra sidechannel protection.
+//! * `global-context` - enable use of global secp256k1 context (implies `std`).
 //! * `serde` - implements serialization and deserialization for types in this crate using `serde`.
 //!           **Important**: `serde` encoding is **not** the same as consensus encoding!
 //! * `bitcoin_hashes` - enables interaction with the `bitcoin-hashes` crate (e.g. conversions).
@@ -191,8 +189,8 @@ use core::marker::PhantomData;
 use core::{mem, fmt, str};
 use ffi::{CPtr, types::AlignedType};
 
-#[cfg(feature = "global-context-less-secure")]
-#[cfg_attr(docsrs, doc(cfg(any(feature = "global-context", feature = "global-context-less-secure"))))]
+#[cfg(feature = "global-context")]
+#[cfg_attr(docsrs, doc(cfg(any(feature = "global-context", feature = "global-context"))))]
 pub use context::global::SECP256K1;
 
 #[cfg(feature = "bitcoin_hashes")]
@@ -940,7 +938,7 @@ mod tests {
 
     }
 
-    #[cfg(feature = "global-context-less-secure")]
+    #[cfg(feature = "global-context")]
     #[test]
     fn test_global_context() {
         use super::SECP256K1;