Randomize signing contexts

tcharding · tcharding · commit 9c263f89397b · 2022-02-01T16:34:12.000+11:00
Randomize signing contexts on creation if `rand-std` feature is enabled.
diff --git a/src/context.rs b/src/context.rs
@@ -115,6 +115,9 @@ mod alloc_only {
     #[cfg(not(feature = "std"))]
     use alloc::alloc;
 
+    #[cfg(feature = "rand-std")]
+    use rand;
+
     impl private::Sealed for SignOnly {}
     impl private::Sealed for All {}
     impl private::Sealed for VerifyOnly {}
@@ -191,16 +194,32 @@ mod alloc_only {
     }
 
     impl Secp256k1<All> {
-        /// Creates a new Secp256k1 context with all capabilities
+        /// Creates a new Secp256k1 context with all capabilities.
+        ///
+        /// If `rand-std` feature is enabled, context will have been randomized using `thread_rng`.
+        #[allow(unused_mut)]    // Unused when `rand-std` is not enabled.
         pub fn new() -> Secp256k1<All> {
-            Secp256k1::gen_new()
+            let mut ctx = Secp256k1::gen_new();
+            #[cfg(feature = "rand-std")]
+            {
+                ctx.randomize(&mut rand::thread_rng());
+            }
+            ctx
         }
     }
 
     impl Secp256k1<SignOnly> {
         /// Creates a new Secp256k1 context that can only be used for signing
+        ///
+        /// If `rand-std` feature is enabled, context will have been randomized using `thread_rng`.
+        #[allow(unused_mut)]    // Unused when `rand-std` is not enabled.
         pub fn signing_only() -> Secp256k1<SignOnly> {
-            Secp256k1::gen_new()
+            let mut ctx = Secp256k1::gen_new();
+            #[cfg(feature = "rand-std")]
+            {
+                ctx.randomize(&mut rand::thread_rng());
+            }
+            ctx
         }
     }
 
