Use global secp256k1_ctx instead of passing it around.

If I'd known how large this patch would be (though trivial), I'd
have done it in parts.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

bitcoin/base58.c

@@ -8,6 +8,7 @@
 #include "privkey.h"
 #include "pubkey.h"
 #include "shadouble.h"
+#include "utils.h"
 #include <assert.h>
 #include <ccan/build_assert/build_assert.h>
 #include <ccan/tal/str/str.h>
@@ -121,8 +122,7 @@ char *key_to_base58(const tal_t *ctx, bool test_net, const struct privkey *key)
 	return tal_strdup(ctx, out);
 }
 
-bool key_from_base58(secp256k1_context *secpctx,
+bool key_from_base58(const char *base58, size_t base58_len,
-		     const char *base58, size_t base58_len,
 		     bool *test_net, struct privkey *priv, struct pubkey *key)
 {
 	// 1 byte version, 32 byte private key, 1 byte compressed, 4 byte checksum
@@ -147,11 +147,11 @@ bool key_from_base58(secp256k1_context *secpctx,
 	/* Copy out secret. */
 	memcpy(priv->secret, keybuf + 1, sizeof(priv->secret));
 
-	if (!secp256k1_ec_seckey_verify(secpctx, priv->secret))
+	if (!secp256k1_ec_seckey_verify(secp256k1_ctx, priv->secret))
 		return false;
 
 	/* Get public key, too. */
-	if (!pubkey_from_privkey(secpctx, priv, key))
+	if (!pubkey_from_privkey(priv, key))
 		return false;
 
 	return true;

bitcoin/base58.h

@@ -45,8 +45,7 @@ char *base58_with_check(char dest[BASE58_ADDR_MAX_LEN],
 			u8 buf[1 + sizeof(struct ripemd160) + 4]);
 
 char *key_to_base58(const tal_t *ctx, bool test_net, const struct privkey *key);
-bool key_from_base58(secp256k1_context *secpctx,
+bool key_from_base58(const char *base58, size_t base58_len,
-		     const char *base58, size_t base58_len,
 		     bool *test_net, struct privkey *priv, struct pubkey *key);
 
 void base58_get_checksum(u8 csum[4], const u8 buf[], size_t buflen);

bitcoin/pubkey.c

@@ -6,25 +6,22 @@
 #include <ccan/str/hex/hex.h>
 #include <ccan/structeq/structeq.h>
 
-bool pubkey_from_der(secp256k1_context *secpctx,
+bool pubkey_from_der(const u8 *der, size_t len, struct pubkey *key)
-		     const u8 *der, size_t len,
-		     struct pubkey *key)
 {
 	if (len != PUBKEY_DER_LEN)
 		return false;
 
-	if (!secp256k1_ec_pubkey_parse(secpctx, &key->pubkey,
+	if (!secp256k1_ec_pubkey_parse(secp256k1_ctx, &key->pubkey,
 				       memcheck(der, len), len))
 		return false;
 
 	return true;
 }
 
-void pubkey_to_der(secp256k1_context *secpctx, u8 der[PUBKEY_DER_LEN],
+void pubkey_to_der(u8 der[PUBKEY_DER_LEN], const struct pubkey *key)
-		   const struct pubkey *key)
 {
 	size_t outlen = PUBKEY_DER_LEN;
-	if (!secp256k1_ec_pubkey_serialize(secpctx, der, &outlen,
+	if (!secp256k1_ec_pubkey_serialize(secp256k1_ctx, der, &outlen,
 					   &key->pubkey,
 					   SECP256K1_EC_COMPRESSED))
 		abort();
@@ -32,17 +29,16 @@ void pubkey_to_der(secp256k1_context *secpctx, u8 der[PUBKEY_DER_LEN],
 }
 
 /* Pubkey from privkey */
-bool pubkey_from_privkey(secp256k1_context *secpctx,
+bool pubkey_from_privkey(const struct privkey *privkey,
-			 const struct privkey *privkey,
 			 struct pubkey *key)
 {
-	if (!secp256k1_ec_pubkey_create(secpctx, &key->pubkey, privkey->secret))
+	if (!secp256k1_ec_pubkey_create(secp256k1_ctx,
+					&key->pubkey, privkey->secret))
 		return false;
 	return true;
 }
 
-bool pubkey_from_hexstr(secp256k1_context *secpctx,
+bool pubkey_from_hexstr(const char *derstr, size_t slen, struct pubkey *key)
-			const char *derstr, size_t slen, struct pubkey *key)
 {
 	size_t dlen;
 	unsigned char der[PUBKEY_DER_LEN];
@@ -54,15 +50,14 @@ bool pubkey_from_hexstr(secp256k1_context *secpctx,
 	if (!hex_decode(derstr, slen, der, dlen))
 		return false;
 
-	return pubkey_from_der(secpctx, der, dlen, key);
+	return pubkey_from_der(der, dlen, key);
 }
 
-char *pubkey_to_hexstr(const tal_t *ctx, secp256k1_context *secpctx,
+char *pubkey_to_hexstr(const tal_t *ctx, const struct pubkey *key)
-		       const struct pubkey *key)
 {
 	unsigned char der[PUBKEY_DER_LEN];
 
-	pubkey_to_der(secpctx, der, key);
+	pubkey_to_der(der, key);
 	return tal_hexstr(ctx, der, sizeof(der));
 }
 

bitcoin/pubkey.h

@@ -15,25 +15,20 @@ struct pubkey {
 };
 
 /* Convert from hex string of DER (scriptPubKey from validateaddress) */
-bool pubkey_from_hexstr(secp256k1_context *secpctx,
+bool pubkey_from_hexstr(const char *derstr, size_t derlen, struct pubkey *key);
-			const char *derstr, size_t derlen, struct pubkey *key);
 
 /* Convert from hex string of DER (scriptPubKey from validateaddress) */
-char *pubkey_to_hexstr(const tal_t *ctx, secp256k1_context *secpctx,
+char *pubkey_to_hexstr(const tal_t *ctx, const struct pubkey *key);
-		       const struct pubkey *key);
 
 /* Pubkey from privkey */
-bool pubkey_from_privkey(secp256k1_context *secpctx,
+bool pubkey_from_privkey(const struct privkey *privkey,
-			 const struct privkey *privkey,
 			 struct pubkey *key);
 
 /* Pubkey from DER encoding. */
-bool pubkey_from_der(secp256k1_context *secpctx,
+bool pubkey_from_der(const u8 *der, size_t len, struct pubkey *key);
-		     const u8 *der, size_t len, struct pubkey *key);
 
 /* Pubkey to DER encoding: must be valid pubkey. */
-void pubkey_to_der(secp256k1_context *secpctx, u8 der[PUBKEY_DER_LEN],
+void pubkey_to_der(u8 der[PUBKEY_DER_LEN], const struct pubkey *key);
-		   const struct pubkey *key);
 
 /* Are these keys equal? */
 bool pubkey_eq(const struct pubkey *a, const struct pubkey *b);

bitcoin/script.c

@@ -98,33 +98,27 @@ static void add_number(u8 **script, u32 num)
 	}
 }
 
-static void add_push_key(u8 **scriptp,
+static void add_push_key(u8 **scriptp, const struct pubkey *key)
-			 secp256k1_context *secpctx,
-			 const struct pubkey *key)
 {
 	u8 der[PUBKEY_DER_LEN];
-	pubkey_to_der(secpctx, der, key);
+	pubkey_to_der(der, key);
 
 	add_push_bytes(scriptp, der, sizeof(der));
 }
 
-static u8 *stack_key(const tal_t *ctx,
+static u8 *stack_key(const tal_t *ctx, const struct pubkey *key)
-		     secp256k1_context *secpctx,
-		     const struct pubkey *key)
 {
 	u8 der[PUBKEY_DER_LEN];
-	pubkey_to_der(secpctx, der, key);
+	pubkey_to_der(der, key);
 
 	return tal_dup_arr(ctx, u8, der, sizeof(der), 0);
 }
 
 /* Bitcoin wants DER encoding. */
-static u8 *stack_sig(const tal_t *ctx,
+static u8 *stack_sig(const tal_t *ctx, const struct bitcoin_signature *sig)
-		     secp256k1_context *secpctx,
-		     const struct bitcoin_signature *sig)
 {
 	u8 der[73];
-	size_t len = signature_to_der(secpctx, der, &sig->sig);
+	size_t len = signature_to_der(der, &sig->sig);
 
 	/* Append sighash type */
 	der[len++] = sig->stype;
@@ -150,30 +144,28 @@ static u8 *stack_number(const tal_t *ctx, unsigned int num)
 }
 
 /* Is a < b? (If equal we don't care) */
-static bool key_less(secp256k1_context *secpctx,
+static bool key_less(const struct pubkey *a, const struct pubkey *b)
-		     const struct pubkey *a, const struct pubkey *b)
 {
 	u8 a_der[PUBKEY_DER_LEN], b_der[PUBKEY_DER_LEN];
-	pubkey_to_der(secpctx, a_der, a);
+	pubkey_to_der(a_der, a);
-	pubkey_to_der(secpctx, b_der, b);
+	pubkey_to_der(b_der, b);
 
 	return memcmp(a_der, b_der, sizeof(a_der)) < 0;
 }
 
 /* tal_count() gives the length of the script. */
 u8 *bitcoin_redeem_2of2(const tal_t *ctx,
-			secp256k1_context *secpctx,
 			const struct pubkey *key1,
 			const struct pubkey *key2)
 {
 	u8 *script = tal_arr(ctx, u8, 0);
 	add_number(&script, 2);
-	if (key_less(secpctx, key1, key2)) {
+	if (key_less(key1, key2)) {
-		add_push_key(&script, secpctx, key1);
+		add_push_key(&script, key1);
-		add_push_key(&script, secpctx, key2);
+		add_push_key(&script, key2);
 	} else {
-		add_push_key(&script, secpctx, key2);
+		add_push_key(&script, key2);
-		add_push_key(&script, secpctx, key1);
+		add_push_key(&script, key1);
 	}
 	add_number(&script, 2);
 	add_op(&script, OP_CHECKMULTISIG);
@@ -181,12 +173,10 @@ u8 *bitcoin_redeem_2of2(const tal_t *ctx,
 }
 
 /* tal_count() gives the length of the script. */
-u8 *bitcoin_redeem_single(const tal_t *ctx,
+u8 *bitcoin_redeem_single(const tal_t *ctx, const struct pubkey *key)
-			  secp256k1_context *secpctx,
-			  const struct pubkey *key)
 {
 	u8 *script = tal_arr(ctx, u8, 0);
-	add_push_key(&script, secpctx, key);
+	add_push_key(&script, key);
 	add_op(&script, OP_CHECKSIG);
 	return script;
 }
@@ -205,9 +195,7 @@ u8 *scriptpubkey_p2sh(const tal_t *ctx, const u8 *redeemscript)
 }
 
 /* Create the redeemscript for a P2SH + P2WPKH (for signing tx) */
-u8 *bitcoin_redeem_p2wpkh(const tal_t *ctx,
+u8 *bitcoin_redeem_p2wpkh(const tal_t *ctx, const struct pubkey *key)
-			  secp256k1_context *secpctx,
-			  const struct pubkey *key)
 {
 	struct ripemd160 keyhash;
 	u8 der[PUBKEY_DER_LEN];
@@ -216,7 +204,7 @@ u8 *bitcoin_redeem_p2wpkh(const tal_t *ctx,
 	/* BIP141: BIP16 redeemScript pushed in the scriptSig is exactly a
 	 * push of a version byte plus a push of a witness program. */
 	add_number(&script, 0);
-	pubkey_to_der(secpctx, der, key);
+	pubkey_to_der(der, key);
 	hash160(&keyhash, der, sizeof(der));
 	add_push_bytes(&script, &keyhash, sizeof(keyhash));
 	return script;
@@ -224,12 +212,11 @@ u8 *bitcoin_redeem_p2wpkh(const tal_t *ctx,
 
 /* Create an input which spends the p2sh-p2wpkh. */
 void bitcoin_witness_p2sh_p2wpkh(const tal_t *ctx,
-				 secp256k1_context *secpctx,
 				 struct bitcoin_tx_input *input,
 				 const struct bitcoin_signature *sig,
 				 const struct pubkey *key)
 {
-	u8 *redeemscript = bitcoin_redeem_p2wpkh(ctx, secpctx, key);
+	u8 *redeemscript = bitcoin_redeem_p2wpkh(ctx, key);
 
 	/* BIP141: The scriptSig must be exactly a push of the BIP16 redeemScript
 	 * or validation fails. */
@@ -242,8 +229,8 @@ void bitcoin_witness_p2sh_p2wpkh(const tal_t *ctx,
 	 * bytes each). The first one a signature, and the second one
 	 * a public key. */
 	input->witness = tal_arr(ctx, u8 *, 2);
-	input->witness[0] = stack_sig(input->witness, secpctx, sig);
+	input->witness[0] = stack_sig(input->witness, sig);
-	input->witness[1] = stack_key(input->witness, secpctx, key);
+	input->witness[1] = stack_key(input->witness, key);
 }
 
 /* Create an output script for a 32-byte witness. */
@@ -259,16 +246,14 @@ u8 *scriptpubkey_p2wsh(const tal_t *ctx, const u8 *witnessscript)
 }
 
 /* Create an output script for a 20-byte witness. */
-u8 *scriptpubkey_p2wpkh(const tal_t *ctx,
+u8 *scriptpubkey_p2wpkh(const tal_t *ctx, const struct pubkey *key)
-			secp256k1_context *secpctx,
-			const struct pubkey *key)
 {
 	struct ripemd160 h;
 	u8 der[PUBKEY_DER_LEN];
 	u8 *script = tal_arr(ctx, u8, 0);
 
 	add_op(&script, OP_0);
-	pubkey_to_der(secpctx, der, key);
+	pubkey_to_der(der, key);
 	hash160(&h, der, sizeof(der));
 	add_push_bytes(&script, &h, sizeof(h));
 	return script;
@@ -276,7 +261,6 @@ u8 *scriptpubkey_p2wpkh(const tal_t *ctx,
 
 /* Create a witness which spends the 2of2. */
 u8 **bitcoin_witness_2of2(const tal_t *ctx,
-			  secp256k1_context *secpctx,
 			  const struct bitcoin_signature *sig1,
 			  const struct bitcoin_signature *sig2,
 			  const struct pubkey *key1,
@@ -288,21 +272,20 @@ u8 **bitcoin_witness_2of2(const tal_t *ctx,
 	witness[0] = stack_number(witness, 0);
 
 	/* sig order should match key order. */
-	if (key_less(secpctx, key1, key2)) {
+	if (key_less(key1, key2)) {
-		witness[1] = stack_sig(witness, secpctx, sig1);
+		witness[1] = stack_sig(witness, sig1);
-		witness[2] = stack_sig(witness, secpctx, sig2);
+		witness[2] = stack_sig(witness, sig2);
 	} else {
-		witness[1] = stack_sig(witness, secpctx, sig2);
+		witness[1] = stack_sig(witness, sig2);
-		witness[2] = stack_sig(witness, secpctx, sig1);
+		witness[2] = stack_sig(witness, sig1);
 	}
 
-	witness[3] = bitcoin_redeem_2of2(witness, secpctx, key1, key2);
+	witness[3] = bitcoin_redeem_2of2(witness, key1, key2);
 	return witness;
 }
 
 /* Create a script for our HTLC output: sending. */
 u8 *bitcoin_redeem_htlc_send(const tal_t *ctx,
-			     secp256k1_context *secpctx,
 			     const struct pubkey *ourkey,
 			     const struct pubkey *theirkey,
 			     const struct abs_locktime *htlc_abstimeout,
@@ -336,7 +319,7 @@ u8 *bitcoin_redeem_htlc_send(const tal_t *ctx,
 
 	/* If either matched... */
 	add_op(&script, OP_IF);
-	add_push_key(&script, secpctx, theirkey);
+	add_push_key(&script, theirkey);
 
 	add_op(&script, OP_ELSE);
 
@@ -346,7 +329,7 @@ u8 *bitcoin_redeem_htlc_send(const tal_t *ctx,
 	add_number(&script, locktime->locktime);
 	add_op(&script, OP_CHECKSEQUENCEVERIFY);
 	add_op(&script, OP_2DROP);
-	add_push_key(&script, secpctx, ourkey);
+	add_push_key(&script, ourkey);
 
 	add_op(&script, OP_ENDIF);
 	add_op(&script, OP_CHECKSIG);
@@ -356,7 +339,6 @@ u8 *bitcoin_redeem_htlc_send(const tal_t *ctx,
 
 /* Create a script for our HTLC output: receiving. */
 u8 *bitcoin_redeem_htlc_recv(const tal_t *ctx,
-			     secp256k1_context *secpctx,
 			     const struct pubkey *ourkey,
 			     const struct pubkey *theirkey,
 			     const struct abs_locktime *htlc_abstimeout,
@@ -388,7 +370,7 @@ u8 *bitcoin_redeem_htlc_recv(const tal_t *ctx,
 	/* Drop extra hash as well as locktime. */
 	add_op(&script, OP_2DROP);
 
-	add_push_key(&script, secpctx, ourkey);
+	add_push_key(&script, ourkey);
 
 	add_op(&script, OP_ELSE);
 
@@ -405,7 +387,7 @@ u8 *bitcoin_redeem_htlc_recv(const tal_t *ctx,
 	add_op(&script, OP_DROP);
 	add_op(&script, OP_ENDIF);
 
-	add_push_key(&script, secpctx, theirkey);
+	add_push_key(&script, theirkey);
 
 	add_op(&script, OP_ENDIF);
 	add_op(&script, OP_CHECKSIG);
@@ -414,16 +396,14 @@ u8 *bitcoin_redeem_htlc_recv(const tal_t *ctx,
 }
 
 /* Create scriptcode (fake witness, basically) for P2WPKH */
-u8 *p2wpkh_scriptcode(const tal_t *ctx,
+u8 *p2wpkh_scriptcode(const tal_t *ctx, const struct pubkey *key)
-		      secp256k1_context *secpctx,
-		      const struct pubkey *key)
 {
 	struct sha256 h;
 	struct ripemd160 pkhash;
 	u8 der[PUBKEY_DER_LEN];
 	u8 *script = tal_arr(ctx, u8, 0);
 
-	pubkey_to_der(secpctx, der, key);
+	pubkey_to_der(der, key);
 	sha256(&h, der, sizeof(der));
 	ripemd160(&pkhash, h.u.u8, sizeof(h));
 	/* BIP143:
@@ -498,7 +478,6 @@ bool is_p2wpkh(const u8 *script, size_t script_len)
 /* A common script pattern: A can have it with secret, or B can have
  * it after delay. */
 u8 *bitcoin_redeem_secret_or_delay(const tal_t *ctx,
-				   secp256k1_context *secpctx,
 				   const struct pubkey *delayed_key,
 				   const struct rel_locktime *locktime,
 				   const struct pubkey *key_if_secret_known,
@@ -516,7 +495,7 @@ u8 *bitcoin_redeem_secret_or_delay(const tal_t *ctx,
 	add_op(&script, OP_IF);
 
 	/* They can collect the funds. */
-	add_push_key(&script, secpctx, key_if_secret_known);
+	add_push_key(&script, key_if_secret_known);
 
 	add_op(&script, OP_ELSE);
 
@@ -524,7 +503,7 @@ u8 *bitcoin_redeem_secret_or_delay(const tal_t *ctx,
 	add_number(&script, locktime->locktime);
 	add_op(&script, OP_CHECKSEQUENCEVERIFY);
 	add_op(&script, OP_DROP);
-	add_push_key(&script, secpctx, delayed_key);
+	add_push_key(&script, delayed_key);
 
 	add_op(&script, OP_ENDIF);
 	add_op(&script, OP_CHECKSIG);
@@ -533,14 +512,13 @@ u8 *bitcoin_redeem_secret_or_delay(const tal_t *ctx,
 }
 
 u8 **bitcoin_witness_secret(const tal_t *ctx,
-			    secp256k1_context *secpctx,
 			    const void *secret, size_t secret_len,
 			    const struct bitcoin_signature *sig,
 			    const u8 *witnessscript)
 {
 	u8 **witness = tal_arr(ctx, u8 *, 3);
 
-	witness[0] = stack_sig(witness, secpctx, sig);
+	witness[0] = stack_sig(witness, sig);
 	witness[1] = tal_dup_arr(witness, u8, secret, secret_len, 0);
 	witness[2] = tal_dup_arr(witness, u8,
 				 witnessscript, tal_count(witnessscript), 0);
@@ -549,7 +527,6 @@ u8 **bitcoin_witness_secret(const tal_t *ctx,
 }
 
 u8 **bitcoin_witness_htlc(const tal_t *ctx,
-			  secp256k1_context *secpctx,
 			  const void *htlc_or_revocation_preimage,
 			  const struct bitcoin_signature *sig,
 			  const u8 *witnessscript)
@@ -560,7 +537,7 @@ u8 **bitcoin_witness_htlc(const tal_t *ctx,
 	if (!htlc_or_revocation_preimage)
 		htlc_or_revocation_preimage = &no_preimage;
 
-	return bitcoin_witness_secret(ctx, secpctx,
+	return bitcoin_witness_secret(ctx,
 				      htlc_or_revocation_preimage,
 				      32, sig, witnessscript);
 }

bitcoin/script.h

@@ -21,19 +21,16 @@ struct bitcoin_signature {
 
 /* tal_count() gives the length of the script. */
 u8 *bitcoin_redeem_2of2(const tal_t *ctx,
-			secp256k1_context *secpctx,
 			const struct pubkey *key1,
 			const struct pubkey *key2);
 
 /* tal_count() gives the length of the script. */
 u8 *bitcoin_redeem_single(const tal_t *ctx,
-			  secp256k1_context *secpctx,
 			  const struct pubkey *key);
 
 /* A common script pattern: A can have it with secret, or B can have
  * it after delay. */
 u8 *bitcoin_redeem_secret_or_delay(const tal_t *ctx,
-				   secp256k1_context *secpctx,
 				   const struct pubkey *delayed_key,
 				   const struct rel_locktime *locktime,
 				   const struct pubkey *key_if_secret_known,
@@ -44,24 +41,19 @@ u8 *scriptpubkey_p2sh(const tal_t *ctx, const u8 *redeemscript);
 
 /* Create the redeemscript for a P2SH + P2WPKH. */
 u8 *bitcoin_redeem_p2wpkh(const tal_t *ctx,
-			  secp256k1_context *secpctx,
 			  const struct pubkey *key);
 
 /* Create a witness which spends the 2of2. */
 void bitcoin_witness_p2sh_p2wpkh(const tal_t *ctx,
-				 secp256k1_context *secpctx,
 				 struct bitcoin_tx_input *input,
 				 const struct bitcoin_signature *sig,
 				 const struct pubkey *key);
 
 /* Create scriptcode (fake witness, basically) for P2WPKH */
-u8 *p2wpkh_scriptcode(const tal_t *ctx,
+u8 *p2wpkh_scriptcode(const tal_t *ctx, const struct pubkey *key);
-		      secp256k1_context *secpctx,
-		      const struct pubkey *key);
 
 /* Create a script for our HTLC output: sending. */
 u8 *bitcoin_redeem_htlc_send(const tal_t *ctx,
-			     secp256k1_context *secpctx,
 			     const struct pubkey *ourkey,
 			     const struct pubkey *theirkey,
 			     const struct abs_locktime *htlc_abstimeout,
@@ -71,7 +63,6 @@ u8 *bitcoin_redeem_htlc_send(const tal_t *ctx,
 
 /* Create a script for our HTLC output: receiving. */
 u8 *bitcoin_redeem_htlc_recv(const tal_t *ctx,
-			     secp256k1_context *secpctx,
 			     const struct pubkey *ourkey,
 			     const struct pubkey *theirkey,
 			     const struct abs_locktime *htlc_abstimeout,
@@ -83,13 +74,10 @@ u8 *bitcoin_redeem_htlc_recv(const tal_t *ctx,
 u8 *scriptpubkey_p2wsh(const tal_t *ctx, const u8 *witnessscript);
 
 /* Create an output script for a 20-byte witness program. */
-u8 *scriptpubkey_p2wpkh(const tal_t *ctx,
+u8 *scriptpubkey_p2wpkh(const tal_t *ctx, const struct pubkey *key);
-			secp256k1_context *secpctx,
-			const struct pubkey *key);
 
 /* Create a witness which spends the 2of2. */
 u8 **bitcoin_witness_2of2(const tal_t *ctx,
-			  secp256k1_context *secpctx,
 			  const struct bitcoin_signature *sig1,
 			  const struct bitcoin_signature *sig2,
 			  const struct pubkey *key1,
@@ -97,14 +85,12 @@ u8 **bitcoin_witness_2of2(const tal_t *ctx,
 
 /* Create a witness which spends a "secret_or_delay" scriptpubkey */
 u8 **bitcoin_witness_secret(const tal_t *ctx,
-			    secp256k1_context *secpctx,
 			    const void *secret, size_t secret_len,
 			    const struct bitcoin_signature *sig,
 			    const u8 *witnessscript);
 
 /* Create a witness which spends bitcoin_redeeem_htlc_recv/send */
 u8 **bitcoin_witness_htlc(const tal_t *ctx,
-			  secp256k1_context *secpctx,
 			  const void *htlc_or_revocation_preimage,
 			  const struct bitcoin_signature *sig,
 			  const u8 *witnessscript);

bitcoin/signature.c

@@ -4,6 +4,7 @@
 #include "shadouble.h"
 #include "signature.h"
 #include "tx.h"
+#include "utils.h"
 #include <assert.h>
 #include <ccan/cast/cast.h>
 
@@ -72,14 +73,13 @@ static void dump_tx(const char *msg,
 }
 #endif
 
-void sign_hash(secp256k1_context *secpctx,
+void sign_hash(const struct privkey *privkey,
-	       const struct privkey *privkey,
 	       const struct sha256_double *h,
 	       struct signature *s)
 {
 	bool ok;
 
-	ok = secp256k1_ecdsa_sign(secpctx,
+	ok = secp256k1_ecdsa_sign(secp256k1_ctx,
 				  &s->sig,
 				  h->sha.u.u8,
 				  privkey->secret, NULL, NULL);
@@ -112,8 +112,7 @@ static void sha256_tx_one_input(struct bitcoin_tx *tx,
 }
 
 /* Only does SIGHASH_ALL */
-void sign_tx_input(secp256k1_context *secpctx,
+void sign_tx_input(struct bitcoin_tx *tx,
-		   struct bitcoin_tx *tx,
 		   unsigned int in,
 		   const u8 *subscript, size_t subscript_len,
 		   const u8 *witness_script,
@@ -125,24 +124,22 @@ void sign_tx_input(secp256k1_context *secpctx,
 	sha256_tx_one_input(tx, in, subscript, subscript_len, witness_script,
 			    &hash);
 	dump_tx("Signing", tx, in, subscript, subscript_len, key, &hash);
-	sign_hash(secpctx, privkey, &hash, sig);
+	sign_hash(privkey, &hash, sig);
 }
 
-bool check_signed_hash(secp256k1_context *secpctx,
+bool check_signed_hash(const struct sha256_double *hash,
-		       const struct sha256_double *hash,
 		       const struct signature *signature,
 		       const struct pubkey *key)
 {
 	int ret;
 
-	ret = secp256k1_ecdsa_verify(secpctx,
+	ret = secp256k1_ecdsa_verify(secp256k1_ctx,
 				     &signature->sig,
 				     hash->sha.u.u8, &key->pubkey);
 	return ret == 1;
 }
 
-bool check_tx_sig(secp256k1_context *secpctx,
+bool check_tx_sig(struct bitcoin_tx *tx, size_t input_num,
-		  struct bitcoin_tx *tx, size_t input_num,
 		  const u8 *redeemscript, size_t redeemscript_len,
 		  const u8 *witness_script,
 		  const struct pubkey *key,
@@ -160,7 +157,7 @@ bool check_tx_sig(secp256k1_context *secpctx,
 	if (sig->stype != SIGHASH_ALL)
 		return false;
 
-	ret = check_signed_hash(secpctx, &hash, &sig->sig, key);
+	ret = check_signed_hash(&hash, &sig->sig, key);
 	if (!ret)
 		dump_tx("Sig failed", tx, input_num,
 			redeemscript, redeemscript_len, key, &hash);
@@ -239,30 +236,31 @@ static bool IsValidSignatureEncoding(const unsigned char sig[], size_t len)
     return true;
 }
 
-size_t signature_to_der(secp256k1_context *secpctx,
+size_t signature_to_der(u8 der[72], const struct signature *sig)
-			u8 der[72], const struct signature *sig)
 {
 	size_t len = 72;
 
-	secp256k1_ecdsa_signature_serialize_der(secpctx, der, &len, &sig->sig);
+	secp256k1_ecdsa_signature_serialize_der(secp256k1_ctx,
+						der, &len, &sig->sig);
 
 	/* IsValidSignatureEncoding() expect extra byte for sighash */
 	assert(IsValidSignatureEncoding(der, len + 1));
 	return len;
 }
 
-bool signature_from_der(secp256k1_context *secpctx,
+bool signature_from_der(const u8 *der, size_t len, struct signature *sig)
-			const u8 *der, size_t len, struct signature *sig)
 {
-	return secp256k1_ecdsa_signature_parse_der(secpctx, &sig->sig, der, len);
+	return secp256k1_ecdsa_signature_parse_der(secp256k1_ctx,
+						   &sig->sig, der, len);
 }
 
 /* Signature must have low S value. */
-bool sig_valid(secp256k1_context *secpctx, const struct signature *sig)
+bool sig_valid(const struct signature *sig)
 {
 	secp256k1_ecdsa_signature tmp;
 
-	if (secp256k1_ecdsa_signature_normalize(secpctx, &tmp, &sig->sig) == 0)
+	if (secp256k1_ecdsa_signature_normalize(secp256k1_ctx,
+						&tmp, &sig->sig) == 0)
 		return true;
 	return false;
 }

bitcoin/signature.h

@@ -24,19 +24,16 @@ struct privkey;
 struct bitcoin_tx_output;
 struct bitcoin_signature;
 
-void sign_hash(secp256k1_context *secpctx,
+void sign_hash(const struct privkey *p,
-	       const struct privkey *p,
 	       const struct sha256_double *h,
 	       struct signature *s);
 
-bool check_signed_hash(secp256k1_context *secpctx,
+bool check_signed_hash(const struct sha256_double *hash,
-		       const struct sha256_double *hash,
 		       const struct signature *signature,
 		       const struct pubkey *key);
 
 /* All tx input scripts must be set to 0 len. */
-void sign_tx_input(secp256k1_context *secpctx,
+void sign_tx_input(struct bitcoin_tx *tx,
-		   struct bitcoin_tx *tx,
 		   unsigned int in,
 		   const u8 *subscript, size_t subscript_len,
 		   const u8 *witness,
@@ -44,22 +41,19 @@ void sign_tx_input(secp256k1_context *secpctx,
 		   struct signature *sig);
 
 /* Does this sig sign the tx with this input for this pubkey. */
-bool check_tx_sig(secp256k1_context *secpctx,
+bool check_tx_sig(struct bitcoin_tx *tx, size_t input_num,
-		  struct bitcoin_tx *tx, size_t input_num,
 		  const u8 *redeemscript, size_t redeemscript_len,
 		  const u8 *witness,
 		  const struct pubkey *key,
 		  const struct bitcoin_signature *sig);
 
 /* Signature must have low S value. */
-bool sig_valid(secp256k1_context *secpctx, const struct signature *sig);
+bool sig_valid(const struct signature *sig);
 
 /* Give DER encoding of signature: returns length used (<= 72). */
-size_t signature_to_der(secp256k1_context *secpctx,
+size_t signature_to_der(u8 der[72], const struct signature *s);
-			u8 der[72], const struct signature *s);
 
 /* Parse DER encoding into signature sig */
-bool signature_from_der(secp256k1_context *secpctx,
+bool signature_from_der(const u8 *der, size_t len, struct signature *sig);
-			const u8 *der, size_t len, struct signature *sig);
 
 #endif /* LIGHTNING_BITCOIN_SIGNATURE_H */

close_tx.c

@@ -4,8 +4,7 @@
 #include "permute_tx.h"
 #include "protobuf_convert.h"
 
-struct bitcoin_tx *create_close_tx(secp256k1_context *secpctx,
+struct bitcoin_tx *create_close_tx(const tal_t *ctx,
-				   const tal_t *ctx,
 				   const u8 *our_script,
 				   const u8 *their_script,
 				   const struct sha256_double *anchor_txid,

close_tx.h

@@ -3,15 +3,13 @@
 #include "config.h"
 #include "lightning.pb-c.h"
 #include <ccan/tal/tal.h>
-#include <secp256k1.h>
 
 struct sha256_double;
 struct pubkey;
 
 /* Create close tx to spend the anchor tx output; doesn't fill in
  * input scriptsig. */
-struct bitcoin_tx *create_close_tx(secp256k1_context *secpctx,
+struct bitcoin_tx *create_close_tx(const tal_t *ctx,
-				   const tal_t *ctx,
 				   const u8 *our_script,
 				   const u8 *their_script,
 				   const struct sha256_double *anchor_txid,

daemon/commit_tx.c

@@ -23,7 +23,7 @@ u8 *wscript_for_htlc(const tal_t *ctx,
 		     enum side side)
 {
 	const struct peer_visible_state *this_side, *other_side;
-	u8 *(*fn)(const tal_t *, secp256k1_context *,
+	u8 *(*fn)(const tal_t *,
 		  const struct pubkey *, const struct pubkey *,
 		  const struct abs_locktime *, const struct rel_locktime *,
 		  const struct sha256 *, const struct sha256 *);
@@ -42,7 +42,7 @@ u8 *wscript_for_htlc(const tal_t *ctx,
 		other_side = &peer->local;
 	}
 
-	return fn(ctx, peer->dstate->secpctx,
+	return fn(ctx,
 		  &this_side->finalkey, &other_side->finalkey,
 		  &h->expiry, &this_side->locktime, rhash, &h->rhash);
 }
@@ -73,7 +73,6 @@ u8 *commit_output_to_us(const tal_t *ctx,
 	/* Our output to ourself is encumbered by delay. */
 	if (side == LOCAL) {
 		*wscript = bitcoin_redeem_secret_or_delay(ctx,
-							  peer->dstate->secpctx,
 							  &peer->local.finalkey,
 							  &peer->remote.locktime,
 							  &peer->remote.finalkey,
@@ -82,8 +81,7 @@ u8 *commit_output_to_us(const tal_t *ctx,
 	} else {
 		/* Their output to us is a simple p2wpkh */
 		*wscript = NULL;
-		return scriptpubkey_p2wpkh(ctx, peer->dstate->secpctx,
+		return scriptpubkey_p2wpkh(ctx, &peer->local.finalkey);
-					   &peer->local.finalkey);
 	}
 }
 
@@ -100,7 +98,6 @@ u8 *commit_output_to_them(const tal_t *ctx,
 	/* Their output to themselves is encumbered by delay. */
 	if (side == REMOTE) {
 		*wscript = bitcoin_redeem_secret_or_delay(ctx,
-							  peer->dstate->secpctx,
 							  &peer->remote.finalkey,
 							  &peer->local.locktime,
 							  &peer->local.finalkey,
@@ -109,8 +106,7 @@ u8 *commit_output_to_them(const tal_t *ctx,
 	} else {
 		/* Our output to them is a simple p2wpkh */
 		*wscript = NULL;
-		return scriptpubkey_p2wpkh(ctx, peer->dstate->secpctx,
+		return scriptpubkey_p2wpkh(ctx, &peer->remote.finalkey);
-					   &peer->remote.finalkey);
 	}
 }
 

daemon/cryptopkt.c

@@ -386,7 +386,7 @@ static bool check_proof(struct key_negotiate *neg, struct log *log,
 	 *
 	 * 1. `node_id` is the expected value for the sending node.
 	 */
-	if (!proto_to_pubkey(neg->dstate->secpctx, auth->node_id, id)) {
+	if (!proto_to_pubkey(auth->node_id, id)) {
 		log_unusual(log, "Invalid auth id");
 		return false;
 	}
@@ -402,8 +402,7 @@ static bool check_proof(struct key_negotiate *neg, struct log *log,
 	 *     a 32-byte big endian R value, followed by a 32-byte big
 	 *     endian S value.
 	 */
-	if (!proto_to_signature(neg->dstate->secpctx, auth->session_sig,
+	if (!proto_to_signature(auth->session_sig, &sig)) {
-				&sig)) {
 		log_unusual(log, "Invalid auth signature");
 		return false;
 	}
@@ -418,7 +417,7 @@ static bool check_proof(struct key_negotiate *neg, struct log *log,
 	sha256_double(&sha, neg->our_sessionpubkey,
 		      sizeof(neg->our_sessionpubkey));
 
-	if (!check_signed_hash(neg->dstate->secpctx, &sha, &sig, id)) {
+	if (!check_signed_hash(&sha, &sig, id)) {
 		log_unusual(log, "Bad auth signature");
 		return false;
 	}
@@ -479,14 +478,13 @@ static Pkt *pkt_wrap(const tal_t *ctx, void *w, Pkt__PktCase pkt_case)
 }
 
 static Pkt *authenticate_pkt(const tal_t *ctx,
-			     secp256k1_context *secpctx,
 			     const struct pubkey *node_id,
 			     const struct signature *sig)
 {
 	Authenticate *auth = tal(ctx, Authenticate);
 	authenticate__init(auth);
-	auth->node_id = pubkey_to_proto(auth, secpctx, node_id);
+	auth->node_id = pubkey_to_proto(auth, node_id);
-	auth->session_sig = signature_to_proto(auth, secpctx, sig);
+	auth->session_sig = signature_to_proto(auth, sig);
 	return pkt_wrap(ctx, auth, PKT__PKT_AUTH);
 }
 
@@ -499,8 +497,7 @@ static struct io_plan *keys_exchanged(struct io_conn *conn,
 	Pkt *auth;
 	size_t totlen;
 
-	if (!pubkey_from_der(neg->dstate->secpctx,
+	if (!pubkey_from_der(neg->their_sessionpubkey,
-			     neg->their_sessionpubkey,
 			     sizeof(neg->their_sessionpubkey),
 			     &sessionkey)) {
 		log_unusual_blob(neg->log,  "Bad sessionkey %s",
@@ -530,8 +527,7 @@ static struct io_plan *keys_exchanged(struct io_conn *conn,
 	privkey_sign(neg->dstate, neg->their_sessionpubkey,
 		     sizeof(neg->their_sessionpubkey), &sig);
 
-	auth = authenticate_pkt(neg, neg->dstate->secpctx,
+	auth = authenticate_pkt(neg, &neg->dstate->id, &sig);
-				&neg->dstate->id, &sig);
 
 	neg->iod->out.cpkt = encrypt_pkt(neg->iod, auth, &totlen);
 	return io_write(conn, neg->iod->out.cpkt, totlen, receive_proof, neg);

daemon/db.c

@@ -146,10 +146,9 @@ static u8 *tal_sql_blob(const tal_t *ctx, sqlite3_stmt *stmt, int idx)
 	return p;
 }
 
-static void pubkey_from_sql(secp256k1_context *secpctx,
+static void pubkey_from_sql(sqlite3_stmt *stmt, int idx, struct pubkey *pk)
-			    sqlite3_stmt *stmt, int idx, struct pubkey *pk)
 {
-	if (!pubkey_from_der(secpctx, sqlite3_column_blob(stmt, idx),
+	if (!pubkey_from_der(sqlite3_column_blob(stmt, idx),
 			     sqlite3_column_bytes(stmt, idx), pk))
 		fatal("db:bad pubkey length %i",
 		      sqlite3_column_bytes(stmt, idx));
@@ -160,21 +159,19 @@ static void sha256_from_sql(sqlite3_stmt *stmt, int idx, struct sha256 *sha)
 	from_sql_blob(stmt, idx, sha, sizeof(*sha));
 }
 
-static void sig_from_sql(secp256k1_context *secpctx,
+static void sig_from_sql(sqlite3_stmt *stmt, int idx,
-			 sqlite3_stmt *stmt, int idx,
 			 struct bitcoin_signature *sig)
 {
 	u8 compact[64];
 
 	from_sql_blob(stmt, idx, compact, sizeof(compact));
-	if (secp256k1_ecdsa_signature_parse_compact(secpctx, &sig->sig.sig,
+	if (secp256k1_ecdsa_signature_parse_compact(secp256k1_ctx, &sig->sig.sig,
 						    compact) != 1)
 		fatal("db:bad signature blob");
 	sig->stype = SIGHASH_ALL;
 }
 
 static char *sig_to_sql(const tal_t *ctx,
-			secp256k1_context *secpctx,
 			const struct bitcoin_signature *sig)
 {
 	u8 compact[64];
@@ -183,7 +180,7 @@ static char *sig_to_sql(const tal_t *ctx,
 		return sql_hex_or_null(ctx, NULL, 0);
 
 	assert(sig->stype == SIGHASH_ALL);
-	secp256k1_ecdsa_signature_serialize_compact(secpctx, compact,
+	secp256k1_ecdsa_signature_serialize_compact(secp256k1_ctx, compact,
 						    &sig->sig.sig);
 	return sql_hex_or_null(ctx, compact, sizeof(compact));
 }
@@ -244,7 +241,7 @@ static void load_peer_secrets(struct peer *peer)
 
 	select = tal_fmt(ctx,
 			 "SELECT * FROM peer_secrets WHERE peer = x'%s';",
-			 pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id));
+			 pubkey_to_hexstr(ctx, peer->id));
 
 	err = sqlite3_prepare_v2(sql, select, -1, &stmt, NULL);
 	if (err != SQLITE_OK)
@@ -284,7 +281,7 @@ static void load_peer_anchor(struct peer *peer)
 
 	select = tal_fmt(ctx,
 			 "SELECT * FROM anchors WHERE peer = x'%s';",
-			 pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id));
+			 pubkey_to_hexstr(ctx, peer->id));
 
 	err = sqlite3_prepare_v2(sql, select, -1, &stmt, NULL);
 	if (err != SQLITE_OK)
@@ -324,7 +321,7 @@ static void load_peer_anchor_input(struct peer *peer)
 
 	select = tal_fmt(ctx,
 			 "SELECT * FROM anchor_inputs WHERE peer = x'%s';",
-			 pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id));
+			 pubkey_to_hexstr(ctx, peer->id));
 
 	err = sqlite3_prepare_v2(sql, select, -1, &stmt, NULL);
 	if (err != SQLITE_OK)
@@ -345,8 +342,7 @@ static void load_peer_anchor_input(struct peer *peer)
 		peer->anchor.input->index = sqlite3_column_int(stmt, 2);
 		peer->anchor.input->in_amount = sqlite3_column_int64(stmt, 3);
 		peer->anchor.input->out_amount = sqlite3_column_int64(stmt, 4);
-		pubkey_from_sql(peer->dstate->secpctx,
+		pubkey_from_sql(stmt, 5, &peer->anchor.input->walletkey);
-				stmt, 5, &peer->anchor.input->walletkey);
 		anchor_input_set = true;
 	}
 
@@ -366,7 +362,7 @@ static void load_peer_visible_state(struct peer *peer)
 
 	select = tal_fmt(ctx,
 			 "SELECT * FROM their_visible_state WHERE peer = x'%s';",
-			 pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id));
+			 pubkey_to_hexstr(ctx, peer->id));
 
 	err = sqlite3_prepare_v2(sql, select, -1, &stmt, NULL);
 	if (err != SQLITE_OK)
@@ -387,10 +383,8 @@ static void load_peer_visible_state(struct peer *peer)
 		visible_set = true;
 
 		peer->remote.offer_anchor = sqlite3_column_int(stmt, 1);
-		pubkey_from_sql(peer->dstate->secpctx, stmt, 2,
+		pubkey_from_sql(stmt, 2, &peer->remote.commitkey);
-				&peer->remote.commitkey);
+		pubkey_from_sql(stmt, 3, &peer->remote.finalkey);
-		pubkey_from_sql(peer->dstate->secpctx, stmt, 3,
-				&peer->remote.finalkey);
 		peer->remote.locktime.locktime = sqlite3_column_int(stmt, 4);
 		peer->remote.mindepth = sqlite3_column_int(stmt, 5);
 		peer->remote.commit_fee_rate = sqlite3_column_int64(stmt, 6);
@@ -402,7 +396,7 @@ static void load_peer_visible_state(struct peer *peer)
 
 		/* Now we can fill in anchor witnessscript. */
 		peer->anchor.witnessscript
-			= bitcoin_redeem_2of2(peer, peer->dstate->secpctx,
+			= bitcoin_redeem_2of2(peer,
 					      &peer->local.commitkey,
 					      &peer->remote.commitkey);
 	}
@@ -427,7 +421,7 @@ static void load_peer_commit_info(struct peer *peer)
 
 	select = tal_fmt(ctx,
 			 "SELECT * FROM commit_info WHERE peer = x'%s';",
-			 pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id));
+			 pubkey_to_hexstr(ctx, peer->id));
 
 	err = sqlite3_prepare_v2(sql, select, -1, &stmt, NULL);
 	if (err != SQLITE_OK)
@@ -477,7 +471,7 @@ static void load_peer_commit_info(struct peer *peer)
 			ci->sig = NULL;
 		else {
 			ci->sig = tal(ci, struct bitcoin_signature);
-			sig_from_sql(peer->dstate->secpctx, stmt, 5, ci->sig);
+			sig_from_sql(stmt, 5, ci->sig);
 		}
 
 		/* Set once we have updated HTLCs. */
@@ -535,7 +529,7 @@ static void load_peer_htlcs(struct peer *peer)
 
 	select = tal_fmt(ctx,
 			 "SELECT * FROM htlcs WHERE peer = x'%s' ORDER BY id;",
-			 pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id));
+			 pubkey_to_hexstr(ctx, peer->id));
 
 	err = sqlite3_prepare_v2(sql, select, -1, &stmt, NULL);
 	if (err != SQLITE_OK)
@@ -616,7 +610,7 @@ static void load_peer_htlcs(struct peer *peer)
 	/* Now set any in-progress fee changes. */
 	select = tal_fmt(ctx,
 			 "SELECT * FROM feechanges WHERE peer = x'%s';",
-			 pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id));
+			 pubkey_to_hexstr(ctx, peer->id));
 
 	err = sqlite3_prepare_v2(sql, select, -1, &stmt, NULL);
 	if (err != SQLITE_OK)
@@ -718,7 +712,7 @@ static void connect_htlc_src(struct lightningd_state *dstate)
 			fatal("connect_htlc_src:step gave %s:%s",
 			      sqlite3_errstr(err), sqlite3_errmsg(sql));
 
-		pubkey_from_sql(dstate->secpctx, stmt, 0, &id);
+		pubkey_from_sql(stmt, 0, &id);
 		peer = find_peer(dstate, &id);
 		if (!peer)
 			continue;
@@ -735,7 +729,7 @@ static void connect_htlc_src(struct lightningd_state *dstate)
 			      sqlite3_column_int64(stmt, 1),
 			      sqlite3_column_str(stmt, 2));
 
-		pubkey_from_sql(dstate->secpctx, stmt, 4, &id);
+		pubkey_from_sql(stmt, 4, &id);
 		peer = find_peer(dstate, &id);
 		if (!peer)
 			fatal("connect_htlc_src:unknown src peer %s",
@@ -810,7 +804,7 @@ static void load_peer_shachain(struct peer *peer)
 
 	select = tal_fmt(ctx,
 			 "SELECT * FROM shachain WHERE peer = x'%s';",
-			 pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id));
+			 pubkey_to_hexstr(ctx, peer->id));
 
 	err = sqlite3_prepare_v2(sql, select, -1, &stmt, NULL);
 	if (err != SQLITE_OK)
@@ -859,7 +853,7 @@ static void load_peer_closing(struct peer *peer)
 
 	select = tal_fmt(ctx,
 			 "SELECT * FROM closing WHERE peer = x'%s';",
-			 pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id));
+			 pubkey_to_hexstr(ctx, peer->id));
 
 	err = sqlite3_prepare_v2(sql, select, -1, &stmt, NULL);
 	if (err != SQLITE_OK)
@@ -885,8 +879,7 @@ static void load_peer_closing(struct peer *peer)
 		else {
 			peer->closing.their_sig = tal(peer,
 						      struct bitcoin_signature);
-			sig_from_sql(peer->dstate->secpctx, stmt, 3,
+			sig_from_sql(stmt, 3, peer->closing.their_sig);
-				     peer->closing.their_sig);
 		}
 		peer->closing.our_script = tal_sql_blob(peer, stmt, 4);
 		peer->closing.their_script = tal_sql_blob(peer, stmt, 5);
@@ -971,8 +964,8 @@ static void db_load_peers(struct lightningd_state *dstate)
 		if (state == STATE_MAX)
 			fatal("db_load_peers:unknown state %s",
 			      sqlite3_column_str(stmt, 1));
-		pubkey_from_sql(dstate->secpctx, stmt, 0, &id);
+		pubkey_from_sql(stmt, 0, &id);
-		idstr = pubkey_to_hexstr(dstate, dstate->secpctx, &id);
+		idstr = pubkey_to_hexstr(dstate, &id);
 		l = new_log(dstate, dstate->log_record, "%s:", idstr);
 		tal_free(idstr);
 		peer = new_peer(dstate, l, state, sqlite3_column_int(stmt, 2));
@@ -1010,20 +1003,17 @@ static void db_load_peers(struct lightningd_state *dstate)
 }
 
 
-static const char *pubkeys_to_hex(const tal_t *ctx,
+static const char *pubkeys_to_hex(const tal_t *ctx, const struct pubkey *ids)
-				  secp256k1_context *secpctx,
-				  const struct pubkey *ids)
 {
 	u8 *ders = tal_arr(ctx, u8, PUBKEY_DER_LEN * tal_count(ids));
 	size_t i;
 
 	for (i = 0; i < tal_count(ids); i++)
-		pubkey_to_der(secpctx, ders + i * PUBKEY_DER_LEN, &ids[i]);
+		pubkey_to_der(ders + i * PUBKEY_DER_LEN, &ids[i]);
 
 	return tal_hexstr(ctx, ders, tal_count(ders));
 }
 static struct pubkey *pubkeys_from_arr(const tal_t *ctx,
-				       secp256k1_context *secpctx,
 				       const void *blob, size_t len)
 {
 	struct pubkey *ids;
@@ -1034,7 +1024,7 @@ static struct pubkey *pubkeys_from_arr(const tal_t *ctx,
 
 	ids = tal_arr(ctx, struct pubkey, len / PUBKEY_DER_LEN);
 	for (i = 0; i < tal_count(ids); i++) {
-		if (!pubkey_from_der(secpctx, blob, PUBKEY_DER_LEN, &ids[i]))
+		if (!pubkey_from_der(blob, PUBKEY_DER_LEN, &ids[i]))
 			fatal("ids array invalid %zu", i);
 		blob = (const u8 *)blob + PUBKEY_DER_LEN;
 	}
@@ -1073,14 +1063,14 @@ static void db_load_pay(struct lightningd_state *dstate)
 
 		sha256_from_sql(stmt, 0, &rhash);
 		msatoshi = sqlite3_column_int64(stmt, 1);
-		ids = pubkeys_from_arr(ctx, dstate->secpctx,
+		ids = pubkeys_from_arr(ctx,
 				       sqlite3_column_blob(stmt, 2),
 				       sqlite3_column_bytes(stmt, 2));
 		if (sqlite3_column_type(stmt, 3) == SQLITE_NULL)
 			peer_id = NULL;
 		else {
 			peer_id = tal(ctx, struct pubkey);
-			pubkey_from_sql(dstate->secpctx, stmt, 3, peer_id);
+			pubkey_from_sql(stmt, 3, peer_id);
 		}
 		htlc_id = sqlite3_column_int64(stmt, 4);
 		if (sqlite3_column_type(stmt, 5) == SQLITE_NULL)
@@ -1168,7 +1158,7 @@ static void db_load_addresses(struct lightningd_state *dstate)
 			fatal("load_peer_addresses:step gave %s:%s",
 			      sqlite3_errstr(err), sqlite3_errmsg(sql));
 		addr = tal(dstate, struct peer_address);
-		pubkey_from_sql(dstate->secpctx, stmt, 0, &addr->id);
+		pubkey_from_sql(stmt, 0, &addr->id);
 		if (!netaddr_from_blob(sqlite3_column_blob(stmt, 1),
 				       sqlite3_column_bytes(stmt, 1),
 				       &addr->addr))
@@ -1176,7 +1166,7 @@ static void db_load_addresses(struct lightningd_state *dstate)
 			      select);
 		list_add_tail(&dstate->addresses, &addr->list);
 		log_debug(dstate->base_log, "load_peer_addresses:%s",
-			  pubkey_to_hexstr(ctx, dstate->secpctx, &addr->id));
+			  pubkey_to_hexstr(ctx, &addr->id));
 	}
 	tal_free(ctx);
 }
@@ -1356,7 +1346,7 @@ void db_set_anchor(struct peer *peer)
 	const char *peerid;
 
 	assert(peer->dstate->db->in_transaction);
-	peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	peerid = pubkey_to_hexstr(ctx, peer->id);
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 
 	db_exec(__func__, peer->dstate,
@@ -1376,8 +1366,7 @@ void db_set_anchor(struct peer *peer)
 		tal_hexstr(ctx, &peer->local.commit->revocation_hash,
 			   sizeof(peer->local.commit->revocation_hash)),
 		peer->local.commit->order,
-		sig_to_sql(ctx, peer->dstate->secpctx,
+		sig_to_sql(ctx, peer->local.commit->sig));
-			   peer->local.commit->sig));
 
 	db_exec(__func__, peer->dstate,
 		"INSERT INTO commit_info VALUES(x'%s', '%s', 0, x'%s', %"PRIi64", %s, NULL);",
@@ -1386,8 +1375,7 @@ void db_set_anchor(struct peer *peer)
 		tal_hexstr(ctx, &peer->remote.commit->revocation_hash,
 			   sizeof(peer->remote.commit->revocation_hash)),
 		peer->remote.commit->order,
-		sig_to_sql(ctx, peer->dstate->secpctx,
+		sig_to_sql(ctx, peer->remote.commit->sig));
-			   peer->remote.commit->sig));
 
 	db_exec(__func__, peer->dstate,
 		"INSERT INTO shachain VALUES (x'%s', x'%s');",
@@ -1400,7 +1388,7 @@ void db_set_anchor(struct peer *peer)
 void db_set_visible_state(struct peer *peer)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 	assert(peer->dstate->db->in_transaction);
@@ -1409,10 +1397,8 @@ void db_set_visible_state(struct peer *peer)
 		"INSERT INTO their_visible_state VALUES (x'%s', %s, x'%s', x'%s', %u, %u, %"PRIu64", x'%s');",
 		peerid,
 		sql_bool(peer->remote.offer_anchor),
-		pubkey_to_hexstr(ctx, peer->dstate->secpctx,
+		pubkey_to_hexstr(ctx, &peer->remote.commitkey),
-				 &peer->remote.commitkey),
+		pubkey_to_hexstr(ctx, &peer->remote.finalkey),
-		pubkey_to_hexstr(ctx, peer->dstate->secpctx,
-				 &peer->remote.finalkey),
 		peer->remote.locktime.locktime,
 		peer->remote.mindepth,
 		peer->remote.commit_fee_rate,
@@ -1425,7 +1411,7 @@ void db_set_visible_state(struct peer *peer)
 void db_update_next_revocation_hash(struct peer *peer)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s):%s", __func__, peerid,
 		tal_hexstr(ctx, &peer->remote.next_revocation_hash,
@@ -1442,7 +1428,7 @@ void db_update_next_revocation_hash(struct peer *peer)
 void db_create_peer(struct peer *peer)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 	assert(peer->dstate->db->in_transaction);
@@ -1467,8 +1453,7 @@ void db_create_peer(struct peer *peer)
 			peer->anchor.input->index,
 			peer->anchor.input->in_amount,
 			peer->anchor.input->out_amount,
-			pubkey_to_hexstr(ctx, peer->dstate->secpctx,
+			pubkey_to_hexstr(ctx, &peer->anchor.input->walletkey));
-					 &peer->anchor.input->walletkey));
 
 	tal_free(ctx);
 }
@@ -1476,7 +1461,7 @@ void db_create_peer(struct peer *peer)
 void db_start_transaction(struct peer *peer)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 	assert(!peer->dstate->db->in_transaction);
@@ -1490,7 +1475,7 @@ void db_start_transaction(struct peer *peer)
 void db_abort_transaction(struct peer *peer)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 	assert(peer->dstate->db->in_transaction);
@@ -1502,7 +1487,7 @@ void db_abort_transaction(struct peer *peer)
 const char *db_commit_transaction(struct peer *peer)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 	assert(peer->dstate->db->in_transaction);
@@ -1518,7 +1503,7 @@ const char *db_commit_transaction(struct peer *peer)
 void db_new_htlc(struct peer *peer, const struct htlc *htlc)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 	assert(peer->dstate->db->in_transaction);
@@ -1527,7 +1512,7 @@ void db_new_htlc(struct peer *peer, const struct htlc *htlc)
 		db_exec(__func__, peer->dstate,
 			"INSERT INTO htlcs VALUES"
 			" (x'%s', %"PRIu64", '%s', %"PRIu64", %u, x'%s', NULL, x'%s', x'%s', %"PRIu64", NULL);",
-			pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id),
+			pubkey_to_hexstr(ctx, peer->id),
 			htlc->id,
 			htlc_state_name(htlc->state),
 			htlc->msatoshi,
@@ -1555,7 +1540,7 @@ void db_new_htlc(struct peer *peer, const struct htlc *htlc)
 void db_new_feechange(struct peer *peer, const struct feechange *feechange)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 	assert(peer->dstate->db->in_transaction);
@@ -1574,7 +1559,7 @@ void db_update_htlc_state(struct peer *peer, const struct htlc *htlc,
 			  enum htlc_state oldstate)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s): %"PRIu64" %s->%s", __func__, peerid,
 		  htlc->id, htlc_state_name(oldstate),
@@ -1593,7 +1578,7 @@ void db_update_feechange_state(struct peer *peer,
 			       enum htlc_state oldstate)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s): %s->%s", __func__, peerid,
 		  feechange_state_name(oldstate),
@@ -1611,7 +1596,7 @@ void db_remove_feechange(struct peer *peer, const struct feechange *feechange,
 			 enum htlc_state oldstate)
 {
 	const char *ctx = tal(peer, char);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 	assert(peer->dstate->db->in_transaction);
@@ -1626,7 +1611,7 @@ void db_remove_feechange(struct peer *peer, const struct feechange *feechange,
 void db_update_state(struct peer *peer)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 
@@ -1640,7 +1625,7 @@ void db_update_state(struct peer *peer)
 void db_htlc_fulfilled(struct peer *peer, const struct htlc *htlc)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 
@@ -1658,7 +1643,7 @@ void db_htlc_fulfilled(struct peer *peer, const struct htlc *htlc)
 void db_htlc_failed(struct peer *peer, const struct htlc *htlc)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 
@@ -1678,7 +1663,7 @@ void db_new_commit_info(struct peer *peer, enum side side,
 {
 	struct commit_info *ci;
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 
@@ -1693,7 +1678,7 @@ void db_new_commit_info(struct peer *peer, enum side side,
 		ci->commit_num,
 		tal_hexstr(ctx, &ci->revocation_hash,
 			   sizeof(ci->revocation_hash)),
-		sig_to_sql(ctx, peer->dstate->secpctx, ci->sig),
+		sig_to_sql(ctx, ci->sig),
 		ci->order,
 		sql_hex_or_null(ctx, prev_rhash, sizeof(*prev_rhash)),
 		peerid, side_to_str(side));
@@ -1704,7 +1689,7 @@ void db_new_commit_info(struct peer *peer, enum side side,
 void db_remove_their_prev_revocation_hash(struct peer *peer)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 
@@ -1719,7 +1704,7 @@ void db_remove_their_prev_revocation_hash(struct peer *peer)
 void db_save_shachain(struct peer *peer)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 
@@ -1734,7 +1719,7 @@ void db_add_commit_map(struct peer *peer,
 		       const struct sha256_double *txid, u64 commit_num)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s),commit_num=%"PRIu64, __func__, peerid,
 		  commit_num);
@@ -1760,7 +1745,7 @@ bool db_add_peer_address(struct lightningd_state *dstate,
 	assert(!dstate->db->in_transaction);
 	ok = db_exec(__func__, dstate,
 		     "INSERT OR REPLACE INTO peer_address VALUES (x'%s', x'%s');",
-		     pubkey_to_hexstr(ctx, dstate->secpctx, &addr->id),
+		     pubkey_to_hexstr(ctx, &addr->id),
 		     netaddr_to_hex(ctx, &addr->addr));
 
 	tal_free(ctx);
@@ -1770,7 +1755,7 @@ bool db_add_peer_address(struct lightningd_state *dstate,
 void db_forget_peer(struct peer *peer)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 	size_t i;
 	const char *const tables[] = { "anchors", "htlcs", "commit_info", "shachain", "their_visible_state", "their_commitments", "peer_secrets", "closing", "peers" };
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
@@ -1793,7 +1778,7 @@ void db_forget_peer(struct peer *peer)
 void db_begin_shutdown(struct peer *peer)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 
@@ -1807,7 +1792,7 @@ void db_begin_shutdown(struct peer *peer)
 void db_set_our_closing_script(struct peer *peer)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 
@@ -1823,7 +1808,7 @@ void db_set_our_closing_script(struct peer *peer)
 void db_set_their_closing_script(struct peer *peer)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 
@@ -1842,7 +1827,7 @@ void db_set_their_closing_script(struct peer *peer)
 void db_update_our_closing(struct peer *peer)
 {
 	const char *ctx = tal_tmpctx(peer);
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 
@@ -1858,7 +1843,7 @@ bool db_update_their_closing(struct peer *peer)
 {
 	const char *ctx = tal_tmpctx(peer);
 	bool ok;
-	const char *peerid = pubkey_to_hexstr(ctx, peer->dstate->secpctx, peer->id);
+	const char *peerid = pubkey_to_hexstr(ctx, peer->id);
 
 	log_debug(peer->log, "%s(%s)", __func__, peerid);
 
@@ -1866,8 +1851,7 @@ bool db_update_their_closing(struct peer *peer)
 	ok = db_exec(__func__, peer->dstate,
 		     "UPDATE closing SET their_fee=%"PRIu64", their_sig=%s, sigs_in=%u WHERE peer=x'%s';",
 		     peer->closing.their_fee,
-		     sig_to_sql(ctx, peer->dstate->secpctx,
+		     sig_to_sql(ctx, peer->closing.their_sig),
-				peer->closing.their_sig),
 		     peer->closing.sigs_in,
 		     peerid);
 	tal_free(ctx);
@@ -1891,8 +1875,8 @@ bool db_new_pay_command(struct lightningd_state *dstate,
 		     "INSERT INTO pay VALUES (x'%s', %"PRIu64", x'%s', x'%s', %"PRIu64", NULL, NULL);",
 		     tal_hexstr(ctx, rhash, sizeof(*rhash)),
 		     msatoshi,
-		     pubkeys_to_hex(ctx, dstate->secpctx, ids),
+		     pubkeys_to_hex(ctx, ids),
-		     pubkey_to_hexstr(ctx, dstate->secpctx, htlc->peer->id),
+		     pubkey_to_hexstr(ctx, htlc->peer->id),
 		     htlc->id);
 	tal_free(ctx);
 	return ok;
@@ -1914,8 +1898,8 @@ bool db_replace_pay_command(struct lightningd_state *dstate,
 	ok = db_exec(__func__, dstate,
 		     "UPDATE pay SET msatoshi=%"PRIu64", ids=x'%s', htlc_peer=x'%s', htlc_id=%"PRIu64", r=NULL, fail=NULL WHERE rhash=x'%s';",
 		     msatoshi,
-		     pubkeys_to_hex(ctx, dstate->secpctx, ids),
+		     pubkeys_to_hex(ctx, ids),
-		     pubkey_to_hexstr(ctx, dstate->secpctx, htlc->peer->id),
+		     pubkey_to_hexstr(ctx, htlc->peer->id),
 		     htlc->id,
 		     tal_hexstr(ctx, rhash, sizeof(*rhash)));
 	tal_free(ctx);

daemon/failure.c

@@ -4,7 +4,6 @@
 
 /* FIXME: Crypto! */
 const u8 *failinfo_create(const tal_t *ctx,
-			  secp256k1_context *secpctx,
 			  const struct pubkey *id,
 			  u32 error_code,
 			  const char *reason)
@@ -13,7 +12,7 @@ const u8 *failinfo_create(const tal_t *ctx,
 	u8 *arr;
 
 	fail_info__init(f);
-	f->id = pubkey_to_proto(f, secpctx, id);
+	f->id = pubkey_to_proto(f, id);
 	f->error_code = error_code;
 	if (reason)
 		f->reason = tal_strdup(f, reason);

daemon/failure.h

@@ -27,7 +27,6 @@ enum fail_error {
 };
 
 const u8 *failinfo_create(const tal_t *ctx,
-			  secp256k1_context *secpctx,
 			  const struct pubkey *id,
 			  enum fail_error error_code,
 			  const char *reason);

daemon/irc_announce.c

@@ -20,7 +20,7 @@ static void sign_privmsg(struct ircstate *state, struct privmsg *msg)
 	u8 der[72];
 	struct signature sig;
 	privkey_sign(state->dstate, msg->msg, strlen(msg->msg), &sig);
-	siglen = signature_to_der(state->dstate->secpctx, der, &sig);
+	siglen = signature_to_der(der, &sig);
 	msg->msg = tal_fmt(msg, "%s %s", tal_hexstr(msg, der, siglen), msg->msg);
 }
 
@@ -37,8 +37,8 @@ static bool announce_channel(const tal_t *ctx, struct ircstate *state, struct pe
 	msg->channel = "#lightning-nodes";
 	msg->msg = tal_fmt(
 		msg, "CHAN %s %s %s %d %d %d %d %d",
-		pubkey_to_hexstr(msg, state->dstate->secpctx, &state->dstate->id),
+		pubkey_to_hexstr(msg, &state->dstate->id),
-		pubkey_to_hexstr(msg, state->dstate->secpctx, p->id),
+		pubkey_to_hexstr(msg, p->id),
 		txid,
 		loc->blkheight,
 		loc->index,
@@ -67,7 +67,7 @@ static void announce_node(const tal_t *ctx, struct ircstate *state)
 	msg->channel = "#lightning-nodes";
 	msg->msg = tal_fmt(
 		msg, "NODE %s %s %d",
-		pubkey_to_hexstr(msg, state->dstate->secpctx, &state->dstate->id),
+		pubkey_to_hexstr(msg, &state->dstate->id),
 		hostname,
 		port
 		);
@@ -125,10 +125,10 @@ static bool verify_signed_privmsg(
 	if (der == NULL)
 		return false;
 
-	if (!signature_from_der(istate->dstate->secpctx, der, siglen, &sig))
+	if (!signature_from_der(der, siglen, &sig))
 		return false;
 	sha256_double(&hash, content, strlen(content));
-	return check_signed_hash(istate->dstate->secpctx, &hash, &sig, pk);
+	return check_signed_hash(&hash, &sig, pk);
 }
 
 static void handle_channel_announcement(
@@ -143,8 +143,8 @@ static void handle_channel_announcement(
 	bool ok = true;
 	int blkheight;
 
-	ok &= pubkey_from_hexstr(istate->dstate->secpctx, splits[1], strlen(splits[1]), pk1);
+	ok &= pubkey_from_hexstr(splits[1], strlen(splits[1]), pk1);
-	ok &= pubkey_from_hexstr(istate->dstate->secpctx, splits[2], strlen(splits[2]), pk2);
+	ok &= pubkey_from_hexstr(splits[2], strlen(splits[2]), pk2);
 	ok &= bitcoin_txid_from_hex(splits[3], strlen(splits[3]), txid);
 	blkheight = atoi(splits[4]);
 	index = atoi(splits[5]);
@@ -177,7 +177,7 @@ static void handle_node_announcement(
 	struct pubkey *pk = talz(msg, struct pubkey);
 	char *hostname = tal_strdup(msg, splits[2]);
 	int port = atoi(splits[3]);
-	if (!pubkey_from_hexstr(istate->dstate->secpctx, splits[1], strlen(splits[1]), pk) || port < 1)
+	if (!pubkey_from_hexstr(splits[1], strlen(splits[1]), pk) || port < 1)
 		return;
 
 	if (!verify_signed_privmsg(istate, pk, msg)) {
@@ -274,7 +274,7 @@ void setup_irc_connection(struct lightningd_state *dstate)
 	state->nick = tal_fmt(
 		state,
 		"N%.12s",
-		pubkey_to_hexstr(state, dstate->secpctx, &dstate->id) + 1);
+		pubkey_to_hexstr(state, &dstate->id) + 1);
 
 	/* We will see our own JOIN message, which will trigger announce */
 	irc_connect(state);

daemon/json.c

@@ -435,13 +435,12 @@ void json_add_hex(struct json_result *result, const char *fieldname,
 }
 
 void json_add_pubkey(struct json_result *response,
-		     secp256k1_context *secpctx,
 		     const char *fieldname,
 		     const struct pubkey *key)
 {
 	u8 der[PUBKEY_DER_LEN];
 
-	pubkey_to_der(secpctx, der, key);
+	pubkey_to_der(der, key);
 	json_add_hex(response, fieldname, der, sizeof(der));
 }
 

daemon/json.h

@@ -103,7 +103,6 @@ void json_add_hex(struct json_result *result, const char *fieldname,
 		  const void *data, size_t len);
 /* '"fieldname" : "0289abcdef..."' or "0289abcdef..." if fieldname is NULL */
 void json_add_pubkey(struct json_result *response,
-		     secp256k1_context *secpctx,
 		     const char *fieldname,
 		     const struct pubkey *key);
 

daemon/jsonrpc.c

@@ -263,7 +263,7 @@ static void json_getinfo(struct command *cmd,
 	struct json_result *response = new_json_result(cmd);
 
 	json_object_start(response, NULL);
-	json_add_pubkey(response, cmd->dstate->secpctx, "id", &cmd->dstate->id);
+	json_add_pubkey(response, "id", &cmd->dstate->id);
 	/* FIXME: Keep netaddrs and list them all. */
 	if (cmd->dstate->portnum)
 		json_add_num(response, "port", cmd->dstate->portnum);

daemon/lightningd.h

@@ -6,7 +6,6 @@
 #include <ccan/list/list.h>
 #include <ccan/short_types/short_types.h>
 #include <ccan/timer/timer.h>
-#include <secp256k1.h>
 #include <stdio.h>
 
 /* Various adjustable things. */

daemon/log.c

@@ -288,7 +288,7 @@ static char *to_string_(const tal_t *ctx,
 
 	/* GCC checks we're one of these, so we should be. */
 	if (streq(structname, "struct pubkey"))
-		s = pubkey_to_hexstr(ctx, lr->dstate->secpctx, u.pubkey);
+		s = pubkey_to_hexstr(ctx, u.pubkey);
 	else if (streq(structname, "struct sha256_double"))
 		s = tal_hexstr(ctx, u.sha256_double, sizeof(*u.sha256_double));
 	else if (streq(structname, "struct sha256"))

daemon/packets.c

@@ -78,10 +78,8 @@ void queue_pkt_open(struct peer *peer, bool offer_anchor)
 	open_channel__init(o);
 	o->revocation_hash = sha256_to_proto(o, &peer->local.commit->revocation_hash);
 	o->next_revocation_hash = sha256_to_proto(o, &peer->local.next_revocation_hash);
-	o->commit_key = pubkey_to_proto(o, peer->dstate->secpctx,
+	o->commit_key = pubkey_to_proto(o, &peer->local.commitkey);
-					&peer->local.commitkey);
+	o->final_key = pubkey_to_proto(o, &peer->local.finalkey);
-	o->final_key = pubkey_to_proto(o, peer->dstate->secpctx,
-				       &peer->local.finalkey);
 	o->delay = tal(o, Locktime);
 	locktime__init(o->delay);
 	o->delay->locktime_case = LOCKTIME__LOCKTIME_BLOCKS;
@@ -113,8 +111,7 @@ void queue_pkt_open_commit_sig(struct peer *peer)
 
 	open_commit_sig__init(s);
 
-	s->sig = signature_to_proto(s, peer->dstate->secpctx,
+	s->sig = signature_to_proto(s, &peer->remote.commit->sig->sig);
-				    &peer->remote.commit->sig->sig);
 
 	queue_pkt(peer, PKT__PKT_OPEN_COMMIT_SIG, s);
 }
@@ -193,8 +190,7 @@ void queue_pkt_commit(struct peer *peer, const struct bitcoin_signature *sig)
 	/* Now send message */
 	update_commit__init(u);
 	if (sig)
-		u->sig = signature_to_proto(u, peer->dstate->secpctx,
+		u->sig = signature_to_proto(u, &sig->sig);
-					    &sig->sig);
 	else
 		u->sig = NULL;
 
@@ -274,7 +270,7 @@ void queue_pkt_close_signature(struct peer *peer)
 	close_tx = peer_create_close_tx(c, peer, peer->closing.our_fee);
 
 	peer_sign_mutual_close(peer, close_tx, &our_close_sig);
-	c->sig = signature_to_proto(c, peer->dstate->secpctx, &our_close_sig);
+	c->sig = signature_to_proto(c, &our_close_sig);
 	c->close_fee = peer->closing.our_fee;
 	log_info(peer->log, "queue_pkt_close_signature: offered close fee %"
 		 PRIu64, c->close_fee);
@@ -331,11 +327,9 @@ Pkt *accept_pkt_open(struct peer *peer, const Pkt *pkt,
 		return pkt_err(peer, "Malformed locktime");
 	peer->remote.mindepth = o->min_depth;
 	peer->remote.commit_fee_rate = o->initial_fee_rate;
-	if (!proto_to_pubkey(peer->dstate->secpctx,
+	if (!proto_to_pubkey(o->commit_key, &peer->remote.commitkey))
-			     o->commit_key, &peer->remote.commitkey))
 		return pkt_err(peer, "Bad commitkey");
-	if (!proto_to_pubkey(peer->dstate->secpctx,
+	if (!proto_to_pubkey(o->final_key, &peer->remote.finalkey))
-			     o->final_key, &peer->remote.finalkey))
 		return pkt_err(peer, "Bad finalkey");
 
 	proto_to_sha256(o->revocation_hash, revocation_hash);
@@ -365,7 +359,7 @@ Pkt *accept_pkt_open_commit_sig(struct peer *peer, const Pkt *pkt,
 {
 	const OpenCommitSig *s = pkt->open_commit_sig;
 
-	if (!proto_to_signature(peer->dstate->secpctx, s->sig, &sig->sig))
+	if (!proto_to_signature(s->sig, &sig->sig))
 		return pkt_err(peer, "Malformed signature");
 
 	sig->stype = SIGHASH_ALL;
@@ -514,7 +508,7 @@ Pkt *accept_pkt_commit(struct peer *peer, const Pkt *pkt,
 		return NULL;
 
 	sig->stype = SIGHASH_ALL;
-	if (!proto_to_signature(peer->dstate->secpctx, c->sig, &sig->sig))
+	if (!proto_to_signature(c->sig, &sig->sig))
 		return pkt_err(peer, "Malformed signature");
 	return NULL;
 }

daemon/pay.c

@@ -52,8 +52,8 @@ static void handle_json(struct command *cmd, const struct htlc *htlc,
 		return;
 	}
 
-	if (proto_to_pubkey(cmd->dstate->secpctx, f->id, &id))
+	if (proto_to_pubkey(f->id, &id))
-		idstr = pubkey_to_hexstr(cmd, cmd->dstate->secpctx, &id);
+		idstr = pubkey_to_hexstr(cmd, &id);
 
 	command_fail(cmd,
 		     "failed: error code %u node %s reason %s",
@@ -73,7 +73,7 @@ static void check_routing_failure(struct lightningd_state *dstate,
 	/* FIXME: We remove route on *any* failure. */
 	log_debug(dstate->base_log, "Seeking route for fail code %u",
 		  f->error_code);
-	if (!proto_to_pubkey(dstate->secpctx, f->id, &id)) {
+	if (!proto_to_pubkey(f->id, &id)) {
 		log_add(dstate->base_log, " - bad node");
 		return;
 	}
@@ -185,12 +185,11 @@ bool pay_add(struct lightningd_state *dstate,
 }
 
 static void json_add_route(struct json_result *response,
-			   secp256k1_context *secpctx,
 			   const struct pubkey *id,
 			   u64 amount, unsigned int delay)
 {
 	json_object_start(response, NULL);
-	json_add_pubkey(response, secpctx, "id", id);
+	json_add_pubkey(response, "id", id);
 	json_add_u64(response, "msatoshi", amount);
 	json_add_num(response, "delay", delay);
 	json_object_end(response);
@@ -220,8 +219,7 @@ static void json_getroute(struct command *cmd,
 		return;
 	}
 
-	if (!pubkey_from_hexstr(cmd->dstate->secpctx,
+	if (!pubkey_from_hexstr(buffer + idtok->start,
-				buffer + idtok->start,
 				idtok->end - idtok->start, &id)) {
 		command_fail(cmd, "Invalid id");
 		return;
@@ -274,10 +272,9 @@ static void json_getroute(struct command *cmd,
 	response = new_json_result(cmd);
 	json_object_start(response, NULL);
 	json_array_start(response, "route");
-	json_add_route(response, cmd->dstate->secpctx,
+	json_add_route(response, peer->id, amounts[0], delays[0]);
-		       peer->id, amounts[0], delays[0]);
 	for (i = 0; i < tal_count(route); i++)
-		json_add_route(response, cmd->dstate->secpctx,
+		json_add_route(response,
 			       &route[i]->dst->id, amounts[i+1], delays[i+1]);
 	json_array_end(response);
 	json_object_end(response);
@@ -378,8 +375,7 @@ static void json_sendpay(struct command *cmd,
 
 		tal_resize(&ids, n_hops+1);
 		memset(&ids[n_hops], 0, sizeof(ids[n_hops]));
-		if (!pubkey_from_hexstr(cmd->dstate->secpctx,
+		if (!pubkey_from_hexstr(buffer + idtok->start,
-					buffer + idtok->start,
 					idtok->end - idtok->start,
 					&ids[n_hops])) {
 			command_fail(cmd, "route %zu invalid id", n_hops);
@@ -424,7 +420,6 @@ static void json_sendpay(struct command *cmd,
 			if (!structeq(&pc->ids[old_nhops-1], &ids[n_hops-1])) {
 				char *previd;
 				previd = pubkey_to_hexstr(cmd,
-							  cmd->dstate->secpctx,
 							  &pc->ids[old_nhops-1]);
 				command_fail(cmd,
 					     "already succeeded to %s",
@@ -447,9 +442,9 @@ static void json_sendpay(struct command *cmd,
 
 	/* Onion will carry us from first peer onwards. */
 	packet = create_onionpacket(
-		cmd, cmd->dstate->secpctx, ids, hoppayloads,
+		cmd, ids, hoppayloads,
 		sessionkey, (u8*)"", 0);
-	onion = serialize_onionpacket(cmd, cmd->dstate->secpctx, packet);
+	onion = serialize_onionpacket(cmd, packet);
 
 	if (pc)
 		pc->ids = tal_free(pc->ids);

daemon/peer.c

@@ -88,7 +88,6 @@ static const struct bitcoin_tx *mk_bitcoin_close(const tal_t *ctx,
 
 	close_tx->input[0].witness
 		= bitcoin_witness_2of2(close_tx->input,
-				       peer->dstate->secpctx,
 				       peer->closing.their_sig,
 				       &our_close_sig,
 				       &peer->remote.commitkey,
@@ -109,7 +108,6 @@ static const struct bitcoin_tx *bitcoin_spend_ours(struct peer *peer)
 
 	/* The redeemscript for a commit tx is fairly complex. */
 	witnessscript = bitcoin_redeem_secret_or_delay(peer,
-						       peer->dstate->secpctx,
 						      &peer->local.finalkey,
 						      &peer->remote.locktime,
 						      &peer->remote.finalkey,
@@ -126,7 +124,6 @@ static const struct bitcoin_tx *bitcoin_spend_ours(struct peer *peer)
 
 	tx->output[0].script = scriptpubkey_p2sh(tx,
 				 bitcoin_redeem_single(tx,
-						       peer->dstate->secpctx,
 						       &peer->local.finalkey));
 	tx->output[0].script_length = tal_count(tx->output[0].script);
 
@@ -148,7 +145,6 @@ static const struct bitcoin_tx *bitcoin_spend_ours(struct peer *peer)
 	peer_sign_spend(peer, tx, witnessscript, &sig.sig);
 
 	tx->input[0].witness = bitcoin_witness_secret(tx,
-						      peer->dstate->secpctx,
 						      NULL, 0, &sig,
 						      witnessscript);
 
@@ -169,7 +165,6 @@ static void sign_commit_tx(struct peer *peer)
 
 	peer->local.commit->tx->input[0].witness
 		= bitcoin_witness_2of2(peer->local.commit->tx->input,
-				       peer->dstate->secpctx,
 				       peer->local.commit->sig,
 				       &sig,
 				       &peer->remote.commitkey,
@@ -204,7 +199,7 @@ struct peer *find_peer_by_pkhash(struct lightningd_state *dstate, const u8 *pkha
 	u8 addr[20];
 
 	list_for_each(&dstate->peers, peer, list) {
-		pubkey_hash160(dstate->secpctx, addr, peer->id);
+		pubkey_hash160(addr, peer->id);
 		if (memcmp(addr, pkhash, sizeof(addr)) == 0)
 			return peer;
 	}
@@ -234,8 +229,7 @@ static struct peer *find_peer_json(struct lightningd_state *dstate,
 {
 	struct pubkey peerid;
 
-	if (!pubkey_from_hexstr(dstate->secpctx,
+	if (!pubkey_from_hexstr(buffer + peeridtok->start,
-				buffer + peeridtok->start,
 				peeridtok->end - peeridtok->start, &peerid))
 		return NULL;
 
@@ -316,8 +310,7 @@ static void peer_open_complete(struct peer *peer, const char *problem)
 			response = new_json_result(peer->open_jsoncmd);
 
 			json_object_start(response, NULL);
-			json_add_pubkey(response, peer->dstate->secpctx,
+			json_add_pubkey(response, "id", peer->id);
-					"id", peer->id);
 			json_object_end(response);
 			command_success(peer->open_jsoncmd, response);
 			peer->open_jsoncmd = NULL;
@@ -574,7 +567,7 @@ static bool open_pkt_in(struct peer *peer, const Pkt *pkt)
 
 	/* Witness script for anchor. */
 	peer->anchor.witnessscript
-		= bitcoin_redeem_2of2(peer, peer->dstate->secpctx,
+		= bitcoin_redeem_2of2(peer,
 				      &peer->local.commitkey,
 				      &peer->remote.commitkey);
 
@@ -632,8 +625,7 @@ static bool open_ouranchor_pkt_in(struct peer *peer, const Pkt *pkt)
 	err = accept_pkt_open_commit_sig(peer, pkt,
 					 peer->local.commit->sig);
 	if (!err &&
-	    !check_tx_sig(peer->dstate->secpctx,
+	    !check_tx_sig(peer->local.commit->tx, 0,
-			  peer->local.commit->tx, 0,
 			  NULL, 0,
 			  peer->anchor.witnessscript,
 			  &peer->remote.commitkey,
@@ -888,10 +880,10 @@ static void their_htlc_added(struct peer *peer, struct htlc *htlc,
 
 	//FIXME: dirty trick to retrieve unexported state
 	memcpy(&pk, peer->dstate->secret, sizeof(pk));
-	packet = parse_onionpacket(peer, peer->dstate->secpctx,
+	packet = parse_onionpacket(peer,
 				   htlc->routing, tal_count(htlc->routing));
 	if (packet)
-		step = process_onionpacket(packet, peer->dstate->secpctx, packet, &pk);
+		step = process_onionpacket(packet, packet, &pk);
 
 	if (!step) {
 		log_unusual(peer->log, "Bad onion, failing HTLC %"PRIu64,
@@ -941,7 +933,7 @@ static void their_htlc_added(struct peer *peer, struct htlc *htlc,
 
 	case ONION_FORWARD:
 		route_htlc_onwards(peer, htlc, step->hoppayload->amount, step->next->nexthop,
-				   serialize_onionpacket(step, peer->dstate->secpctx, step->next), only_dest);
+				   serialize_onionpacket(step, step->next), only_dest);
 		goto free_packet;
 	default:
 		log_info(peer->log, "Unknown step type %u", step->nextcase);
@@ -1238,12 +1230,12 @@ static bool closing_pkt_in(struct peer *peer, const Pkt *pkt)
 	 * transaction with the given `close_fee`, and MUST fail the
 	 * connection if it is not. */
 	theirsig.stype = SIGHASH_ALL;
-	if (!proto_to_signature(peer->dstate->secpctx, c->sig, &theirsig.sig))
+	if (!proto_to_signature(c->sig, &theirsig.sig))
 		return peer_comms_err(peer,
 				      pkt_err(peer, "Invalid signature format"));
 
 	close_tx = peer_create_close_tx(c, peer, c->close_fee);
-	if (!check_tx_sig(peer->dstate->secpctx, close_tx, 0,
+	if (!check_tx_sig(close_tx, 0,
 			  NULL, 0,
 			  peer->anchor.witnessscript,
 			  &peer->remote.commitkey, &theirsig))
@@ -1396,8 +1388,7 @@ static Pkt *handle_pkt_commit(struct peer *peer, const Pkt *pkt)
 	 * except unacked fee changes to the local commitment, then it MUST
 	 * check `sig` is valid for that transaction.
 	 */
-	if (ci->sig && !check_tx_sig(peer->dstate->secpctx,
+	if (ci->sig && !check_tx_sig(ci->tx, 0,
-				     ci->tx, 0,
 				     NULL, 0,
 				     peer->anchor.witnessscript,
 				     &peer->remote.commitkey,
@@ -1832,9 +1823,7 @@ static bool peer_start_shutdown(struct peer *peer)
 	/* If they started close, we might not have sent ours. */
 	assert(!peer->closing.our_script);
 
-	redeemscript = bitcoin_redeem_single(peer,
+	redeemscript = bitcoin_redeem_single(peer, &peer->local.finalkey);
-					     peer->dstate->secpctx,
-					     &peer->local.finalkey);
 
 	peer->closing.our_script = scriptpubkey_p2sh(peer, redeemscript);
 	tal_free(redeemscript);
@@ -1944,7 +1933,6 @@ static const struct bitcoin_tx *htlc_fulfill_tx(const struct peer *peer,
 	 * it's their HTLC, and that we collected it via rval. */
 	tx->output[0].script = scriptpubkey_p2sh(tx,
 				 bitcoin_redeem_single(tx,
-						       peer->dstate->secpctx,
 						       &peer->local.finalkey));
 	tx->output[0].script_length = tal_count(tx->output[0].script);
 
@@ -1967,7 +1955,7 @@ static const struct bitcoin_tx *htlc_fulfill_tx(const struct peer *peer,
 	sig.stype = SIGHASH_ALL;
 	peer_sign_htlc_fulfill(peer, tx, wscript, &sig.sig);
 
-	tx->input[0].witness = bitcoin_witness_htlc(tx, peer->dstate->secpctx,
+	tx->input[0].witness = bitcoin_witness_htlc(tx,
 						    htlc->r, &sig, wscript);
 
 	log_debug(peer->log, "tx cost for htlc fulfill tx: %zu",
@@ -1979,7 +1967,7 @@ static const struct bitcoin_tx *htlc_fulfill_tx(const struct peer *peer,
 static bool command_htlc_set_fail(struct peer *peer, struct htlc *htlc,
 				  enum fail_error error_code, const char *why)
 {
-	const u8 *fail = failinfo_create(htlc, peer->dstate->secpctx,
+	const u8 *fail = failinfo_create(htlc,
 					 &peer->dstate->id, error_code, why);
 
 	set_htlc_fail(peer, htlc, fail, tal_count(fail));
@@ -2803,7 +2791,7 @@ static bool peer_first_connected(struct peer *peer,
 		return false;
 
 	name = netaddr_name(peer, &addr);
-	idstr = pubkey_to_hexstr(name, peer->dstate->secpctx, peer->id);
+	idstr = pubkey_to_hexstr(name, peer->id);
 	log_info(peer->log, "Connected %s %s id %s, changing prefix",
 		 we_connected ? "out to" : "in from", name, idstr);
 	set_log_prefix(peer->log, tal_fmt(name, "%s:", idstr));
@@ -2910,8 +2898,7 @@ static struct io_plan *crypto_on_out(struct io_conn *conn,
 
 	if (find_peer(dstate, id)) {
 		command_fail(connect->cmd, "Already connected to peer %s",
-			     pubkey_to_hexstr(connect->cmd,
+			     pubkey_to_hexstr(connect->cmd, id));
-					      dstate->secpctx, id));
 		return io_close(conn);
 	}
 
@@ -3490,7 +3477,6 @@ static const struct bitcoin_tx *htlc_timeout_tx(const struct peer *peer,
 	 * it's our HTLC, and that we collected it via timeout. */
 	tx->output[0].script = scriptpubkey_p2sh(tx,
 				 bitcoin_redeem_single(tx,
-						       peer->dstate->secpctx,
 						       &peer->local.finalkey));
 	tx->output[0].script_length = tal_count(tx->output[0].script);
 
@@ -3513,7 +3499,7 @@ static const struct bitcoin_tx *htlc_timeout_tx(const struct peer *peer,
 	sig.stype = SIGHASH_ALL;
 	peer_sign_htlc_refund(peer, tx, wscript, &sig.sig);
 
-	tx->input[0].witness = bitcoin_witness_htlc(tx, peer->dstate->secpctx,
+	tx->input[0].witness = bitcoin_witness_htlc(tx,
 						    NULL, &sig, wscript);
 
 	log_unusual(peer->log, "tx cost for htlc timeout tx: %zu",
@@ -4068,7 +4054,6 @@ static void resolve_their_steal(struct peer *peer,
 	steal_tx->output[0].amount = input_total - fee;
 	steal_tx->output[0].script = scriptpubkey_p2sh(steal_tx,
 				 bitcoin_redeem_single(steal_tx,
-						       peer->dstate->secpctx,
 						       &peer->local.finalkey));
 	steal_tx->output[0].script_length = tal_count(steal_tx->output[0].script);
 
@@ -4088,7 +4073,6 @@ static void resolve_their_steal(struct peer *peer,
 
 		steal_tx->input[n].witness
 			= bitcoin_witness_secret(steal_tx,
-						 peer->dstate->secpctx,
 						 revocation_preimage,
 						 sizeof(*revocation_preimage),
 						 &sig,
@@ -4288,7 +4272,7 @@ struct bitcoin_tx *peer_create_close_tx(const tal_t *ctx,
 	log_add_struct(peer->log, "%s", struct pubkey, &peer->local.finalkey);
 	log_add_struct(peer->log, "/%s", struct pubkey, &peer->remote.finalkey);
 
- 	return create_close_tx(peer->dstate->secpctx, ctx,
+ 	return create_close_tx(ctx,
 			       peer->closing.our_script,
 			       peer->closing.their_script,
 			       &peer->anchor.txid,
@@ -4507,8 +4491,7 @@ static void json_getpeers(struct command *cmd,
 		json_add_string(response, "state", state_name(p->state));
 
 		if (p->id)
-			json_add_pubkey(response, cmd->dstate->secpctx,
+			json_add_pubkey(response, "peerid", p->id);
-					"peerid", p->id);
 
 		json_add_bool(response, "connected", p->connected);
 
@@ -4588,7 +4571,7 @@ static void json_gethtlcs(struct command *cmd,
 			json_add_num(response, "deadline", h->deadline);
 			if (h->src) {
 				json_object_start(response, "src");
-				json_add_pubkey(response, cmd->dstate->secpctx,
+				json_add_pubkey(response,
 						"peerid", h->src->peer->id);
 				json_add_u64(response, "id", h->src->id);
 				json_object_end(response);
@@ -4696,10 +4679,9 @@ static void json_newhtlc(struct command *cmd,
 	randombytes_buf(&sessionkey, sizeof(sessionkey));
 	packet = create_onionpacket(
 		cmd,
-		cmd->dstate->secpctx,
 		path,
 		hoppayloads, sessionkey, (u8*)"", 0);
-	onion = serialize_onionpacket(cmd, cmd->dstate->secpctx, packet);
+	onion = serialize_onionpacket(cmd, packet);
 
 	log_debug(peer->log, "JSON command to add new HTLC");
 	err = command_htlc_add(peer, msatoshi, expiry, &rhash, NULL,

daemon/routing.c

@@ -411,11 +411,11 @@ char *opt_add_route(const char *arg, struct lightningd_state *dstate)
 	u32 base, var, delay, minblocks;
 
 	len = strcspn(arg, "/");
-	if (!pubkey_from_hexstr(dstate->secpctx, arg, len, &src))
+	if (!pubkey_from_hexstr(arg, len, &src))
 		return "Bad src pubkey";
 	arg += len + 1;
 	len = strcspn(arg, "/");
-	if (!pubkey_from_hexstr(dstate->secpctx, arg, len, &dst))
+	if (!pubkey_from_hexstr(arg, len, &dst))
 		return "Bad dst pubkey";
 	arg += len;
 
@@ -450,8 +450,7 @@ static void json_add_route(struct command *cmd,
 		return;
 	}
 
-	if (!pubkey_from_hexstr(cmd->dstate->secpctx,
+	if (!pubkey_from_hexstr(buffer + srctok->start,
-				buffer + srctok->start,
 				srctok->end - srctok->start, &src)) {
 		command_fail(cmd, "src %.*s not valid",
 			     srctok->end - srctok->start,
@@ -459,8 +458,7 @@ static void json_add_route(struct command *cmd,
 		return;
 	}
 
-	if (!pubkey_from_hexstr(cmd->dstate->secpctx,
+	if (!pubkey_from_hexstr(buffer + dsttok->start,
-				buffer + dsttok->start,
 				dsttok->end - dsttok->start, &dst)) {
 		command_fail(cmd, "dst %.*s not valid",
 			     dsttok->end - dsttok->start,
@@ -505,8 +503,8 @@ static void json_getchannels(struct command *cmd,
 		for (i = 0; i < num_conn; i++){
 			c = n->out[i];
 			json_object_start(response, NULL);
-			json_add_pubkey(response, cmd->dstate->secpctx, "from", &n->id);
+			json_add_pubkey(response, "from", &n->id);
-			json_add_pubkey(response, cmd->dstate->secpctx, "to", &c->dst->id);
+			json_add_pubkey(response, "to", &c->dst->id);
 			json_add_num(response, "base_fee", c->base_fee);
 			json_add_num(response, "proportional_fee", c->proportional_fee);
 			json_object_end(response);
@@ -569,8 +567,7 @@ static void json_getnodes(struct command *cmd,
 
 	while (n != NULL) {
 		json_object_start(response, NULL);
-		json_add_pubkey(response, cmd->dstate->secpctx,
+		json_add_pubkey(response, "nodeid", &n->id);
-				"nodeid", &n->id);
 		json_add_num(response, "port", n->port);
 		if (!n->port)
 			json_add_null(response, "hostname");

daemon/secrets.c

@@ -32,7 +32,7 @@ void privkey_sign(struct lightningd_state *dstate, const void *src, size_t len,
 	struct sha256_double h;
 
 	sha256_double(&h, memcheck(src, len), len);
-	sign_hash(dstate->secpctx, &dstate->secret->privkey, &h, sig);
+	sign_hash(&dstate->secret->privkey, &h, sig);
 }
 
 struct peer_secrets {
@@ -47,8 +47,7 @@ void peer_sign_theircommit(const struct peer *peer,
 			   struct signature *sig)
 {
 	/* Commit tx only has one input: that of the anchor. */
-	sign_tx_input(peer->dstate->secpctx,
+	sign_tx_input(commit, 0,
-		      commit, 0,
 		      NULL, 0,
 		      peer->anchor.witnessscript,
 		      &peer->secrets->commit,
@@ -61,8 +60,7 @@ void peer_sign_ourcommit(const struct peer *peer,
 			 struct signature *sig)
 {
 	/* Commit tx only has one input: that of the anchor. */
-	sign_tx_input(peer->dstate->secpctx,
+	sign_tx_input(commit, 0,
-		      commit, 0,
 		      NULL, 0,
 		      peer->anchor.witnessscript,
 		      &peer->secrets->commit,
@@ -76,8 +74,7 @@ void peer_sign_spend(const struct peer *peer,
 		     struct signature *sig)
 {
 	/* Spend tx only has one input: that of the commit tx. */
-	sign_tx_input(peer->dstate->secpctx,
+	sign_tx_input(spend, 0,
-		      spend, 0,
 		      NULL, 0,
 		      commit_witnessscript,
 		      &peer->secrets->final,
@@ -91,8 +88,7 @@ void peer_sign_htlc_refund(const struct peer *peer,
 			   struct signature *sig)
 {
 	/* Spend tx only has one input: that of the commit tx. */
-	sign_tx_input(peer->dstate->secpctx,
+	sign_tx_input(spend, 0,
-		      spend, 0,
 		      NULL, 0,
 		      htlc_witnessscript,
 		      &peer->secrets->final,
@@ -106,8 +102,7 @@ void peer_sign_htlc_fulfill(const struct peer *peer,
 			    struct signature *sig)
 {
 	/* Spend tx only has one input: that of the commit tx. */
-	sign_tx_input(peer->dstate->secpctx,
+	sign_tx_input(spend, 0,
-		      spend, 0,
 		      NULL, 0,
 		      htlc_witnessscript,
 		      &peer->secrets->final,
@@ -119,8 +114,7 @@ void peer_sign_mutual_close(const struct peer *peer,
 			    struct bitcoin_tx *close,
 			    struct signature *sig)
 {
-	sign_tx_input(peer->dstate->secpctx,
+	sign_tx_input(close, 0,
-		      close, 0,
 		      NULL, 0,
 		      peer->anchor.witnessscript,
 		      &peer->secrets->commit,
@@ -135,8 +129,7 @@ void peer_sign_steal_input(const struct peer *peer,
 			   struct signature *sig)
 {
 	/* Spend tx only has one input: that of the commit tx. */
-	sign_tx_input(peer->dstate->secpctx,
+	sign_tx_input(spend, i,
-		      spend, i,
 		      NULL, 0,
 		      witnessscript,
 		      &peer->secrets->final,
@@ -149,7 +142,7 @@ static void new_keypair(struct lightningd_state *dstate,
 {
 	do {
 		randombytes_buf(privkey->secret, sizeof(privkey->secret));
-	} while (!pubkey_from_privkey(dstate->secpctx, privkey, pubkey));
+	} while (!pubkey_from_privkey(privkey, pubkey));
 }
 
 void peer_secrets_init(struct peer *peer)
@@ -211,11 +204,9 @@ void peer_set_secrets_from_db(struct peer *peer,
 	memcpy(&ps->final, final_privkey, final_privkey_len);
 	memcpy(&ps->revocation_seed, revocation_seed, revocation_seed_len);
 
-	if (!pubkey_from_privkey(peer->dstate->secpctx, &ps->commit,
+	if (!pubkey_from_privkey(&ps->commit, &peer->local.commitkey))
-				 &peer->local.commitkey))
 		fatal("peer_set_secrets_from_db:bad commit privkey");
-	if (!pubkey_from_privkey(peer->dstate->secpctx, &ps->final,
+	if (!pubkey_from_privkey(&ps->final, &peer->local.finalkey))
-				 &peer->local.finalkey))
 		fatal("peer_set_secrets_from_db:bad final privkey");
 }
 
@@ -256,8 +247,7 @@ void secrets_init(struct lightningd_state *dstate)
 		      sizeof(dstate->secret->privkey.secret)))
 		fatal("Failed to read privkey: %s", strerror(errno));
 	close(fd);
-	if (!pubkey_from_privkey(dstate->secpctx,
+	if (!pubkey_from_privkey(&dstate->secret->privkey, &dstate->id))
-				 &dstate->secret->privkey, &dstate->id))
 		fatal("Invalid privkey");
 
 	log_info_struct(dstate->base_log, "ID: %s", struct pubkey, &dstate->id);

daemon/sphinx.c

@@ -1,4 +1,5 @@
 #include "sphinx.h"
+#include "utils.h"
 #include <assert.h>
 
 #include <ccan/crypto/ripemd160/ripemd160.h>
@@ -48,7 +49,6 @@ static void read_buffer(void *dst, const u8 *src, const size_t len, int *pos)
 
 u8 *serialize_onionpacket(
 	const tal_t *ctx,
-	const secp256k1_context *secpctx,
 	const struct onionpacket *m)
 {
 	u8 *dst = tal_arr(ctx, u8, TOTAL_PACKET_SIZE);
@@ -57,7 +57,7 @@ u8 *serialize_onionpacket(
 	size_t outputlen = 33;
 	int p = 0;
 
-	secp256k1_ec_pubkey_serialize(secpctx,
+	secp256k1_ec_pubkey_serialize(secp256k1_ctx,
 				      der,
 				      &outputlen,
 				      &m->ephemeralkey,
@@ -74,7 +74,6 @@ u8 *serialize_onionpacket(
 
 struct onionpacket *parse_onionpacket(
 	const tal_t *ctx,
-	const secp256k1_context *secpctx,
 	const void *src,
 	const size_t srclen
 	)
@@ -95,7 +94,7 @@ struct onionpacket *parse_onionpacket(
 	}
 	read_buffer(rawEphemeralkey, src, 33, &p);
 
-	if (secp256k1_ec_pubkey_parse(secpctx, &m->ephemeralkey, rawEphemeralkey, 33) != 1)
+	if (secp256k1_ec_pubkey_parse(secp256k1_ctx, &m->ephemeralkey, rawEphemeralkey, 33) != 1)
 		return tal_free(m);
 
 	read_buffer(&m->mac, src, 20, &p);
@@ -223,8 +222,7 @@ static bool generate_header_padding(
 	return true;
 }
 
-static void compute_blinding_factor(secp256k1_context *secpctx,
+static void compute_blinding_factor(const secp256k1_pubkey *key,
-				    const secp256k1_pubkey *key,
 				    const u8 sharedsecret[SHARED_SECRET_SIZE],
 				    u8 res[BLINDING_FACTOR_SIZE])
 {
@@ -233,7 +231,7 @@ static void compute_blinding_factor(secp256k1_context *secpctx,
 	size_t outputlen = 33;
 	struct sha256 temp;
 
-	secp256k1_ec_pubkey_serialize(secpctx, der, &outputlen, key,
+	secp256k1_ec_pubkey_serialize(secp256k1_ctx, der, &outputlen, key,
 				      SECP256K1_EC_COMPRESSED);
 	sha256_init(&ctx);
 	sha256_update(&ctx, der, sizeof(der));
@@ -243,7 +241,6 @@ static void compute_blinding_factor(secp256k1_context *secpctx,
 }
 
 static bool blind_group_element(
-	secp256k1_context *secpctx,
 	secp256k1_pubkey *blindedelement,
 	const secp256k1_pubkey *pubkey,
 	const u8 blind[BLINDING_FACTOR_SIZE])
@@ -251,13 +248,12 @@ static bool blind_group_element(
 	/* tweak_mul is inplace so copy first. */
 	if (pubkey != blindedelement)
 		*blindedelement = *pubkey;
-	if (secp256k1_ec_pubkey_tweak_mul(secpctx, blindedelement, blind) != 1)
+	if (secp256k1_ec_pubkey_tweak_mul(secp256k1_ctx, blindedelement, blind) != 1)
 		return false;
 	return true;
 }
 
 static bool create_shared_secret(
-	secp256k1_context *secpctx,
 	u8 *secret,
 	const secp256k1_pubkey *pubkey,
 	const u8 *sessionkey)
@@ -268,12 +264,12 @@ static bool create_shared_secret(
 
 	pkcopy = *pubkey;
 
-	if (secp256k1_ec_pubkey_tweak_mul(secpctx, &pkcopy, sessionkey) != 1)
+	if (secp256k1_ec_pubkey_tweak_mul(secp256k1_ctx, &pkcopy, sessionkey) != 1)
 		return false;
 
 	/* Serialize and strip first byte, this gives us the X coordinate */
 	size_t outputlen = 33;
-	secp256k1_ec_pubkey_serialize(secpctx, ecres, &outputlen,
+	secp256k1_ec_pubkey_serialize(secp256k1_ctx, ecres, &outputlen,
 				      &pkcopy, SECP256K1_EC_COMPRESSED);
 	struct sha256 h;
 	sha256(&h, ecres + 1, sizeof(ecres) - 1);
@@ -282,7 +278,6 @@ static bool create_shared_secret(
 }
 
 void pubkey_hash160(
-	const secp256k1_context *secpctx,
 	u8 *dst,
 	const struct pubkey *pubkey)
 {
@@ -291,7 +286,7 @@ void pubkey_hash160(
 	u8 der[33];
 	size_t outputlen = 33;
 
-	secp256k1_ec_pubkey_serialize(secpctx,
+	secp256k1_ec_pubkey_serialize(secp256k1_ctx,
 				      der,
 				      &outputlen,
 				      &pubkey->pubkey,
@@ -312,7 +307,6 @@ static void generate_key_set(u8 secret[SHARED_SECRET_SIZE], struct keyset *keys)
 
 static struct hop_params *generate_hop_params(
 	const tal_t *ctx,
-	secp256k1_context *secpctx,
 	const u8 *sessionkey,
 	struct pubkey path[])
 {
@@ -323,15 +317,15 @@ static struct hop_params *generate_hop_params(
 
 	/* Initialize the first hop with the raw information */
 	if (secp256k1_ec_pubkey_create(
-		    secpctx, &params[0].ephemeralkey, sessionkey) != 1)
+		    secp256k1_ctx, &params[0].ephemeralkey, sessionkey) != 1)
 		return NULL;
 
 	if (!create_shared_secret(
-		    secpctx, params[0].secret, &path[0].pubkey, sessionkey))
+		    params[0].secret, &path[0].pubkey, sessionkey))
 		return NULL;
 
 	compute_blinding_factor(
-		secpctx, &params[0].ephemeralkey, params[0].secret,
+		&params[0].ephemeralkey, params[0].secret,
 		params[0].blind);
 
 	/* Recursively compute all following ephemeral public keys,
@@ -339,7 +333,7 @@ static struct hop_params *generate_hop_params(
 	 */
 	for (i = 1; i < num_hops; i++) {
 		if (!blind_group_element(
-			    secpctx, &params[i].ephemeralkey,
+			    &params[i].ephemeralkey,
 			    &params[i - 1].ephemeralkey,
 			    params[i - 1].blind))
 			return NULL;
@@ -349,11 +343,10 @@ static struct hop_params *generate_hop_params(
 		 */
 		memcpy(&blind, sessionkey, 32);
 		temp = path[i].pubkey;
-		if (!blind_group_element(secpctx, &temp, &temp, blind))
+		if (!blind_group_element(&temp, &temp, blind))
 			return NULL;
 		for (j = 0; j < i; j++)
 			if (!blind_group_element(
-				    secpctx,
 				    &temp,
 				    &temp,
 				    params[j].blind))
@@ -365,14 +358,14 @@ static struct hop_params *generate_hop_params(
 		u8 der[33];
 		size_t outputlen = 33;
 		secp256k1_ec_pubkey_serialize(
-			secpctx, der, &outputlen, &temp,
+			secp256k1_ctx, der, &outputlen, &temp,
 			SECP256K1_EC_COMPRESSED);
 		struct sha256 h;
 		sha256(&h, der + 1, sizeof(der) - 1);
 		memcpy(&params[i].secret, &h, sizeof(h));
 
 		compute_blinding_factor(
-			secpctx, &params[i].ephemeralkey,
+			&params[i].ephemeralkey,
 			params[i].secret, params[i].blind);
 	}
 	return params;
@@ -380,7 +373,6 @@ static struct hop_params *generate_hop_params(
 
 struct onionpacket *create_onionpacket(
 	const tal_t *ctx,
-	secp256k1_context *secpctx,
 	struct pubkey *path,
 	struct hoppayload hoppayloads[],
 	const u8 *sessionkey,
@@ -395,7 +387,7 @@ struct onionpacket *create_onionpacket(
 	struct keyset keys;
 	u8 nextaddr[20], nexthmac[SECURITY_PARAMETER];
 	u8 stream[ROUTING_INFO_SIZE], hopstream[TOTAL_HOP_PAYLOAD_SIZE];
-	struct hop_params *params = generate_hop_params(ctx, secpctx, sessionkey, path);
+	struct hop_params *params = generate_hop_params(ctx, sessionkey, path);
 	u8 binhoppayloads[tal_count(path)][HOP_PAYLOAD_SIZE];
 
 	for (i = 0; i < num_hops; i++)
@@ -452,7 +444,7 @@ struct onionpacket *create_onionpacket(
 		stream_encrypt(packet->payload, packet->payload, sizeof(packet->payload), keys.pi);
 
 		compute_packet_hmac(packet, keys.mu, nexthmac);
-		pubkey_hash160(secpctx, nextaddr, &path[i]);
+		pubkey_hash160(nextaddr, &path[i]);
 	}
 	memcpy(packet->mac, nexthmac, sizeof(nexthmac));
 	memcpy(&packet->ephemeralkey, &params[0].ephemeralkey, sizeof(secp256k1_pubkey));
@@ -465,7 +457,6 @@ struct onionpacket *create_onionpacket(
  */
 struct route_step *process_onionpacket(
 	const tal_t *ctx,
-	secp256k1_context *secpctx,
 	const struct onionpacket *msg,
 	struct privkey *hop_privkey
 	)
@@ -482,7 +473,7 @@ struct route_step *process_onionpacket(
 
 	step->next = talz(step, struct onionpacket);
 	step->next->version = msg->version;
-	create_shared_secret(secpctx, secret, &msg->ephemeralkey, hop_privkey->secret);
+	create_shared_secret(secret, &msg->ephemeralkey, hop_privkey->secret);
 	generate_key_set(secret, &keys);
 
 	compute_packet_hmac(msg, keys.mu, hmac);
@@ -509,8 +500,8 @@ struct route_step *process_onionpacket(
 	memcpy(&step->next->hoppayloads, paddedhoppayloads + HOP_PAYLOAD_SIZE,
 	       TOTAL_HOP_PAYLOAD_SIZE);
 
-	compute_blinding_factor(secpctx, &msg->ephemeralkey, secret, blind);
+	compute_blinding_factor(&msg->ephemeralkey, secret, blind);
-	if (!blind_group_element(secpctx, &step->next->ephemeralkey, &msg->ephemeralkey, blind))
+	if (!blind_group_element(&step->next->ephemeralkey, &msg->ephemeralkey, blind))
 		return tal_free(step);
 	memcpy(&step->next->nexthop, paddedheader, SECURITY_PARAMETER);
 	memcpy(&step->next->mac,

daemon/sphinx.h

@@ -55,7 +55,6 @@ struct route_step {
  * over a path of intermediate nodes.
  *
  * @ctx: tal context to allocate from
- * @secpctx: the secp256k1_context for EC operations
  * @path: public keys of nodes along the path.
  * @hoppayloads: payloads destined for individual hosts (limited to
  *    HOP_PAYLOAD_SIZE bytes)
@@ -66,7 +65,6 @@ struct route_step {
  */
 struct onionpacket *create_onionpacket(
 	const tal_t * ctx,
-	secp256k1_context * secpctx,
 	struct pubkey path[],
 	struct hoppayload hoppayloads[],
 	const u8 * sessionkey,
@@ -79,14 +77,12 @@ struct onionpacket *create_onionpacket(
  * onion layer and return the packet for the next hop.
  *
  * @ctx: tal context to allocate from
- * @secpctx: the secp256k1_context for EC operations
  * @packet: incoming packet being processed
  * @hop_privkey: the processing node's private key to decrypt the packet
  * @hoppayload: the per-hop payload destined for the processing node.
  */
 struct route_step *process_onionpacket(
 	const tal_t * ctx,
-	secp256k1_context * secpctx,
 	const struct onionpacket *packet,
 	struct privkey *hop_privkey
 	);
@@ -95,31 +91,26 @@ struct route_step *process_onionpacket(
  * serialize_onionpacket - Serialize an onionpacket to a buffer.
  *
  * @ctx: tal context to allocate from
- * @secpctx: the secp256k1_context for EC operations
  * @packet: the packet to serialize
  */
 u8 *serialize_onionpacket(
 	const tal_t *ctx,
-	const secp256k1_context *secpctx,
 	const struct onionpacket *packet);
 
 /**
  * parese_onionpacket - Parse an onionpacket from a buffer.
  *
  * @ctx: tal context to allocate from
- * @secpctx: the secp256k1_context for EC operations
  * @src: buffer to read the packet from
  * @srclen: length of the @src
  */
 struct onionpacket *parse_onionpacket(
 	const tal_t *ctx,
-	const secp256k1_context *secpctx,
 	const void *src,
 	const size_t srclen
 	);
 
 void pubkey_hash160(
-	const secp256k1_context *secpctx,
 	u8 *dst,
 	const struct pubkey *pubkey);
 

daemon/wallet.c

@@ -30,10 +30,10 @@ bool restore_wallet_address(struct lightningd_state *dstate,
 	struct sha256 h;
 
 	w->privkey = *privkey;
-	if (!pubkey_from_privkey(dstate->secpctx, &w->privkey, &w->pubkey))
+	if (!pubkey_from_privkey(&w->privkey, &w->pubkey))
 		return false;
 
-	redeemscript = bitcoin_redeem_p2wpkh(w, dstate->secpctx, &w->pubkey);
+	redeemscript = bitcoin_redeem_p2wpkh(w, &w->pubkey);
 	sha256(&h, redeemscript, tal_count(redeemscript));
 	ripemd160(&w->p2sh, h.u.u8, sizeof(h));
 
@@ -42,12 +42,11 @@ bool restore_wallet_address(struct lightningd_state *dstate,
 	return true;
 }
 
-static void new_keypair(struct lightningd_state *dstate,
+static void new_keypair(struct privkey *privkey, struct pubkey *pubkey)
-			struct privkey *privkey, struct pubkey *pubkey)
 {
 	do {
 		randombytes_buf(privkey->secret, sizeof(privkey->secret));
-	} while (!pubkey_from_privkey(dstate->secpctx, privkey, pubkey));
+	} while (!pubkey_from_privkey(privkey, pubkey));
 }
 
 static struct wallet *find_by_pubkey(struct lightningd_state *dstate,
@@ -75,18 +74,17 @@ bool wallet_add_signed_input(struct lightningd_state *dstate,
 	if (!w)
 		return false;
 
-	redeemscript = bitcoin_redeem_p2wpkh(tx, dstate->secpctx, &w->pubkey);
+	redeemscript = bitcoin_redeem_p2wpkh(tx, &w->pubkey);
 
 	sig.stype = SIGHASH_ALL;
-	sign_tx_input(dstate->secpctx, tx, input_num,
+	sign_tx_input(tx, input_num,
 		      redeemscript, tal_count(redeemscript),
-		      p2wpkh_scriptcode(redeemscript, dstate->secpctx,
+		      p2wpkh_scriptcode(redeemscript, &w->pubkey),
-					&w->pubkey),
 		      &w->privkey,
 		      &w->pubkey,
 		      &sig.sig);
 
-	bitcoin_witness_p2sh_p2wpkh(tx->input, dstate->secpctx,
+	bitcoin_witness_p2sh_p2wpkh(tx->input,
 				    &tx->input[input_num],
 				    &sig,
 				    &w->pubkey);
@@ -122,9 +120,8 @@ static void json_newaddr(struct command *cmd,
 	u8 *redeemscript;
 	struct sha256 h;
 
-	new_keypair(cmd->dstate, &w->privkey, &w->pubkey);
+	new_keypair(&w->privkey, &w->pubkey);
-	redeemscript = bitcoin_redeem_p2wpkh(cmd, cmd->dstate->secpctx,
+	redeemscript = bitcoin_redeem_p2wpkh(cmd, &w->pubkey);
-					     &w->pubkey);
 	sha256(&h, redeemscript, tal_count(redeemscript));
 	ripemd160(&w->p2sh, h.u.u8, sizeof(h));
 

protobuf_convert.c

@@ -2,19 +2,19 @@
 #include "bitcoin/pubkey.h"
 #include "bitcoin/signature.h"
 #include "protobuf_convert.h"
+#include "utils.h"
 #include <ccan/crypto/sha256/sha256.h>
 
-Signature *signature_to_proto(const tal_t *ctx,
+Signature *signature_to_proto(const tal_t *ctx, const struct signature *sig)
-			      secp256k1_context *secpctx,
-			      const struct signature *sig)
 {
 	u8 compact[64];
 	Signature *pb = tal(ctx, Signature);
 	signature__init(pb);
 
-	assert(sig_valid(secpctx, sig));
+	assert(sig_valid(sig));
 
-	secp256k1_ecdsa_signature_serialize_compact(secpctx, compact, &sig->sig);
+	secp256k1_ecdsa_signature_serialize_compact(secp256k1_ctx,
+						    compact, &sig->sig);
 
 	/* Kill me now... */
 	memcpy(&pb->r1, compact, 8);
@@ -29,8 +29,7 @@ Signature *signature_to_proto(const tal_t *ctx,
 	return pb;
 }
 
-bool proto_to_signature(secp256k1_context *secpctx,
+bool proto_to_signature(const Signature *pb,
-			const Signature *pb,
 			struct signature *sig)
 {
 	u8 compact[64];
@@ -45,16 +44,15 @@ bool proto_to_signature(secp256k1_context *secpctx,
 	memcpy(compact + 48, &pb->s3, 8);
 	memcpy(compact + 56, &pb->s4, 8);
 
-	if (secp256k1_ecdsa_signature_parse_compact(secpctx, &sig->sig, compact)
+	if (secp256k1_ecdsa_signature_parse_compact(secp256k1_ctx,
+						    &sig->sig, compact)
 	    != 1)
 		return false;
 
-	return sig_valid(secpctx, sig);
+	return sig_valid(sig);
 }
 
-BitcoinPubkey *pubkey_to_proto(const tal_t *ctx,
+BitcoinPubkey *pubkey_to_proto(const tal_t *ctx, const struct pubkey *key)
-			       secp256k1_context *secpctx,
-			       const struct pubkey *key)
 {
 	BitcoinPubkey *p = tal(ctx, BitcoinPubkey);
 
@@ -62,15 +60,14 @@ BitcoinPubkey *pubkey_to_proto(const tal_t *ctx,
 	p->key.len = PUBKEY_DER_LEN;
 	p->key.data = tal_arr(p, u8, p->key.len);
 
-	pubkey_to_der(secpctx, p->key.data, key);
+	pubkey_to_der(p->key.data, key);
 
 	return p;
 }
 
-bool proto_to_pubkey(secp256k1_context *secpctx,
+bool proto_to_pubkey(const BitcoinPubkey *pb, struct pubkey *key)
-		     const BitcoinPubkey *pb, struct pubkey *key)
 {
-	return pubkey_from_der(secpctx, pb->key.data, pb->key.len, key);
+	return pubkey_from_der(pb->key.data, pb->key.len, key);
 }
 
 Sha256Hash *sha256_to_proto(const tal_t *ctx, const struct sha256 *hash)

protobuf_convert.h

@@ -9,19 +9,15 @@
 /* Convert to-from protobuf to internal representation. */
 struct signature;
 Signature *signature_to_proto(const tal_t *ctx,
-			      secp256k1_context *secpctx,
 			      const struct signature *sig);
-bool proto_to_signature(secp256k1_context *secpctx,
+bool proto_to_signature(const Signature *pb,
-			const Signature *pb,
 			struct signature *sig);
 
 /* Convert to-from protobuf to internal representation. */
 struct pubkey;
 BitcoinPubkey *pubkey_to_proto(const tal_t *ctx,
-			       secp256k1_context *secpctx,
 			       const struct pubkey *key);
-bool proto_to_pubkey(secp256k1_context *secpctx,
+bool proto_to_pubkey(const BitcoinPubkey *pb, struct pubkey *key);
-		     const BitcoinPubkey *pb, struct pubkey *key);
 
 /* Useful helper for allocating & populating a protobuf Sha256Hash */
 struct sha256;

test/test_sphinx.c

@@ -15,10 +15,11 @@
 int main(int argc, char **argv)
 {
 	bool generate = false, decode = false;
-	secp256k1_context *secpctx = secp256k1_context_create(
-		SECP256K1_CONTEXT_VERIFY | SECP256K1_CONTEXT_SIGN);
 	const tal_t *ctx = talz(NULL, tal_t);
 
+	secp256k1_ctx = secp256k1_context_create(
+		SECP256K1_CONTEXT_VERIFY | SECP256K1_CONTEXT_SIGN);
+	
 	opt_register_noarg("--help|-h", opt_usage_and_exit,
 			   "--generate <pubkey1> <pubkey2>... OR\n"
 			   "--decode <privkey>\n"
@@ -44,7 +45,7 @@ int main(int argc, char **argv)
 		int i;
 		for (i = 0; i < num_hops; i++) {
 			hex_decode(argv[1 + i], 66, privkeys[i], 33);
-			if (secp256k1_ec_pubkey_create(secpctx, &path[i].pubkey, privkeys[i]) != 1)
+			if (secp256k1_ec_pubkey_create(secp256k1_ctx, &path[i].pubkey, privkeys[i]) != 1)
 				return 1;
 		}
 
@@ -52,14 +53,14 @@ int main(int argc, char **argv)
 		for (i=0; i<num_hops; i++)
 			memset(&hoppayloads[i], 'A', sizeof(hoppayloads[i]));
 
-		struct onionpacket *res = create_onionpacket(ctx, secpctx,
+		struct onionpacket *res = create_onionpacket(ctx,
 				   path,
 				   hoppayloads,
 				   sessionkey,
 				   (u8*)"testing",
 				   7);
 
-		u8 *serialized = serialize_onionpacket(ctx, secpctx, res);
+		u8 *serialized = serialize_onionpacket(ctx, res);
 		if (!serialized)
 			errx(1, "Error serializing message.");
 
@@ -84,23 +85,23 @@ int main(int argc, char **argv)
 			errx(1, "Reading in onion");
 		hex_decode(hextemp, sizeof(hextemp), serialized, sizeof(serialized));
 
-		msg = parse_onionpacket(ctx, secpctx, serialized, sizeof(serialized));
+		msg = parse_onionpacket(ctx, serialized, sizeof(serialized));
 		if (!msg)
 			errx(1, "Error parsing message.");
 
-		step = process_onionpacket(ctx, secpctx, msg, &seckey);
+		step = process_onionpacket(ctx, msg, &seckey);
 
 		if (!step->next)
 			errx(1, "Error processing message.");
 
-		u8 *ser = serialize_onionpacket(ctx, secpctx, step->next);
+		u8 *ser = serialize_onionpacket(ctx, step->next);
 		if (!ser)
 			errx(1, "Error serializing message.");
 
 		hex_encode(ser, tal_count(ser), hextemp, sizeof(hextemp));
 		printf("%s\n", hextemp);
 	}
-	secp256k1_context_destroy(secpctx);
+	secp256k1_context_destroy(secp256k1_ctx);
 	tal_free(ctx);
 	return 0;
 }

wire/fromwire.c

@@ -72,7 +72,7 @@ void fromwire_pubkey(const u8 **cursor, size_t *max, struct pubkey *pubkey)
 	if (!fromwire(cursor, max, der, sizeof(der)))
 		return;
 
-	if (!pubkey_from_der(secp256k1_ctx, der, sizeof(der), pubkey))
+	if (!pubkey_from_der(der, sizeof(der), pubkey))
 		fail_pull(cursor, max);
 }
 

wire/test/run-wire.c

@@ -23,7 +23,7 @@ static void set_pubkey(struct pubkey *key)
 {
 	u8 der[PUBKEY_DER_LEN];
 	memset(der, 2, sizeof(der));
-	assert(pubkey_from_der(secp256k1_ctx, der, sizeof(der), key));
+	assert(pubkey_from_der(der, sizeof(der), key));
 }
 
 /* Size up to field. */