frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
secp256k1-zkp/configure.ac

597 lines
25 KiB
Plaintext
Raw Normal View History

autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
AC_PREREQ([2.60])
build: change libsecp version from 0.1 to 0.1.0-pre
2021-07-06 21:23:33 +00:00
# The package (a.k.a. release) version is based on semantic versioning 2.0.0 of
# the API. All changes in experimental modules are treated as
# backwards-compatible and therefore at most increase the minor version.
define(_PKG_VERSION_MAJOR, 0)
define(_PKG_VERSION_MINOR, 1)
build: change package version to 0.1.0-dev The suffix -dev is slightly clearer. Also, since the package version follows semantic versioning, rename VERSION_BUILD to VERSION_PATCH for clarity.
2022-12-06 15:47:38 +00:00
define(_PKG_VERSION_PATCH, 0)
build: change libsecp version from 0.1 to 0.1.0-pre
2021-07-06 21:23:33 +00:00
define(_PKG_VERSION_IS_RELEASE, false)
build: set library version to 0.0.0 explicitly
2021-07-06 21:06:46 +00:00
# The library version is based on libtool versioning of the ABI. The set of
# rules for updating the version can be found here:
# https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
# All changes in experimental modules are treated as if they don't affect the
# interface and therefore only increase the revision.
define(_LIB_VERSION_CURRENT, 0)
define(_LIB_VERSION_REVISION, 0)
define(_LIB_VERSION_AGE, 0)
build: change package version to 0.1.0-dev The suffix -dev is slightly clearer. Also, since the package version follows semantic versioning, rename VERSION_BUILD to VERSION_PATCH for clarity.
2022-12-06 15:47:38 +00:00
AC_INIT([libsecp256k1],m4_join([.], _PKG_VERSION_MAJOR, _PKG_VERSION_MINOR, _PKG_VERSION_PATCH)m4_if(_PKG_VERSION_IS_RELEASE, [true], [], [-dev]),[https://github.com/bitcoin-core/secp256k1/issues],[libsecp256k1],[https://github.com/bitcoin-core/secp256k1])
build: change libsecp version from 0.1 to 0.1.0-pre
2021-07-06 21:23:33 +00:00
Use same build template as bitcoin. Add bitcoin_secp.m4.
2014-11-07 01:55:27 +13:00
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([build-aux/m4])
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
AC_CANONICAL_HOST
AH_TOP([#ifndef LIBSECP256K1_CONFIG_H])
AH_TOP([#define LIBSECP256K1_CONFIG_H])
Convert the rest of the codebase to C89. Update build system to enforce -std=c89 -pedantic.
2015-01-25 17:32:08 +00:00
AH_BOTTOM([#endif /*LIBSECP256K1_CONFIG_H*/])
Remove -O2 from default CFLAGS because this would override the -O3 flag (see AC_PROG_CC in the Autoconf manual)
2019-12-17 12:41:44 +00:00
configure: Use modern way to set AR This uses AM_PROG_AR to discover ar, which is the recommended way to do so. Among other advantages, it honors the AR environment variable (as set from the outside). The macro has been around since automake 1.11.2 (Dec 2011). This commit also removes code that discovers ranlib and strip. ranlib has been obsolete for decades (ar does its task now automatically), and anyway LT_INIT takes care of discovering it. The code we used to set STRIP was last mentioned in the automake 1.5 manual. Since automake 1.6 (Mar 2002), strip is discovered automatically when necessary (look for the *private* macro AM_PROG_INSTALL_STRIP in the automake manual).
2022-03-13 10:39:55 +01:00
# Require Automake 1.11.2 for AM_PROG_AR
AM_INIT_AUTOMAKE([1.11.2 foreign subdir-objects])
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
Restructure and tidy configure.ac No behavioral changes.
2021-01-08 15:18:08 +01:00
# Make the compilation flags quiet unless V=1 is used.
warnings: enable quiet builds
2014-06-19 22:36:24 -04:00
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
build: Replace use of deprecated autoconf macro AC_PROG_CC_C89 According to [autoconf 2.70](https://www.gnu.org/software/autoconf/manual/autoconf-2.70/html_node/Obsolete-Macros.html) documentation, the `AC_PROG_CC_C89' is replaced by `AC_PROG_CC`, which defines the same variable `ac_cv_prog_cc_c89`. Avoids the following message: ``` configure.ac:23: warning: The macro `AC_PROG_CC_C89' is obsolete. ``` Also, remove deprecated `AM_PROG_CC_C_O`.
2022-02-02 16:46:13 +01:00
AC_PROG_CC
ARM assembly implementation of field_10x26 inner Rebased-by: Pieter Wuille <pieter.wuille@gmail.com>
2014-12-24 12:12:37 +01:00
AM_PROG_AS
configure: Use modern way to set AR This uses AM_PROG_AR to discover ar, which is the recommended way to do so. Among other advantages, it honors the AR environment variable (as set from the outside). The macro has been around since automake 1.11.2 (Dec 2011). This commit also removes code that discovers ranlib and strip. ranlib has been obsolete for decades (ar does its task now automatically), and anyway LT_INIT takes care of discovering it. The code we used to set STRIP was last mentioned in the automake 1.5 manual. Since automake 1.6 (Mar 2002), strip is discovered automatically when necessary (look for the *private* macro AM_PROG_INSTALL_STRIP in the automake manual).
2022-03-13 10:39:55 +01:00
AM_PROG_AR
configure: Convince autotools to work with MSVC's archiver lib.exe
2022-03-14 17:15:13 +01:00
# Clear some cache variables as a workaround for a bug that appears due to a bad
# interaction between AM_PROG_AR and LT_INIT when combining MSVC's archiver lib.exe.
# https://debbugs.gnu.org/cgi/bugreport.cgi?bug=54421
AS_UNSET(ac_cv_prog_AR)
AS_UNSET(ac_cv_prog_ac_ct_AR)
configure: Use modern way to set AR This uses AM_PROG_AR to discover ar, which is the recommended way to do so. Among other advantages, it honors the AR environment variable (as set from the outside). The macro has been around since automake 1.11.2 (Dec 2011). This commit also removes code that discovers ranlib and strip. ranlib has been obsolete for decades (ar does its task now automatically), and anyway LT_INIT takes care of discovering it. The code we used to set STRIP was last mentioned in the automake 1.5 manual. Since automake 1.6 (Mar 2002), strip is discovered automatically when necessary (look for the *private* macro AM_PROG_INSTALL_STRIP in the automake manual).
2022-03-13 10:39:55 +01:00
LT_INIT([win32-dll])
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
Optionally compile the examples in autotools, compile+run in travis
2020-04-30 14:34:24 +03:00
build_windows=no
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
Add MacPorts default include/lib paths for OSX
2014-05-20 11:39:54 +07:00
case $host_os in
build: osx: attempt to work with homebrew keg-only packages
2014-11-24 11:13:16 -05:00
*darwin*)
if test x$cross_compiling != xyes; then
configure: replace AC_PATH_PROG to AC_CHECK_PROG Bitcoin Core's `configure` script uses `AC_CHECK_PROG` to find brew in the `PATH` [1]. If found, this macro will set `BREW=brew`. When building with dependencies however the `BREW` variable is set to `no` on macOS via `depends/<host_prefix>/share/config.site` [2] and this overrides `AC_CHECK_PROG` results [3]. Ideally, secp256k1's `configure` script should follow the same logic but this is not what happens because secp256k1's `configure` uses `AC_PATH_PROG` instead which respects preset variable values (in this case for variable `BREW`) only if they are a valid path (i.e., they match `[\\/*] | ?:[\\/]*` [4]), and `no` is not a path. This commit changes `AC_PATH_PROG` to `AC_CHECK_PROG` to be consistent with Core's `AC_CHECK_PROG`. Both of these macros are supposed to find executables in the `PATH` but the difference is that former is supposed to return the full path whereas the latter is supposed to find only the program. As a result, the latter will accept even non-paths `no` as an override. Not knowing the full path is not an issue for the `configure` script because it will only execute `BREW` immediately afterwards, which works fine without the full path. (In particular, `PATH` cannot have changed in between [5].) [1] https://github.com/bitcoin/bitcoin/blob/master/configure.ac#L684 [2] https://github.com/bitcoin/bitcoin/blob/master/depends/config.site.in#L73-L76 [3] https://github.com/autotools-mirror/autoconf/blob/6d38e9fa2b39b3c3a8e4d6d7da38c59909d3f39d/lib/autoconf/programs.m4#L47 [4] https://github.com/autotools-mirror/autoconf/blob/6d38e9fa2b39b3c3a8e4d6d7da38c59909d3f39d/lib/autoconf/programs.m4#L127 [5] [3ab1178](https://github.com/bitcoin-core/secp256k1/commit/3ab1178d54029745219d67e6c305df4d7564e278)
2021-06-15 19:33:57 +03:00
AC_CHECK_PROG([BREW], brew, brew)
if test x$BREW = xbrew; then
Restructure and tidy configure.ac No behavioral changes.
2021-01-08 15:18:08 +01:00
# These Homebrew packages may be keg-only, meaning that they won't be found
# in expected paths because they may conflict with system files. Ask
# Homebrew where each one is located, then adjust paths accordingly.
build: don't append valgrind CPPFLAGS if not installed
2021-11-23 11:24:12 +08:00
if $BREW list --versions valgrind >/dev/null; then
build: replace backtick command substitution with $() This is only needed for the very oldest of non-POSIX-compatible shells. Note that this code will also only be executed on macOS, where it'd be very unlikely to run into such a shell. Followup to #1019. See: https://github.com/koalaman/shellcheck/wiki/SC2006 Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
2021-12-03 15:18:45 +08:00
valgrind_prefix=$($BREW --prefix valgrind 2>/dev/null)
Ask brew for valgrind include path Valgrind is typically installed using brew on macOS. This commit makes ./configure detect this case set the appropriate include directory (in the same way as we already do for openssl and gmp).
2020-12-23 22:08:03 +01:00
VALGRIND_CPPFLAGS="-I$valgrind_prefix/include"
fi
build: osx: attempt to work with homebrew keg-only packages
2014-11-24 11:13:16 -05:00
else
configure: replace AC_PATH_PROG to AC_CHECK_PROG Bitcoin Core's `configure` script uses `AC_CHECK_PROG` to find brew in the `PATH` [1]. If found, this macro will set `BREW=brew`. When building with dependencies however the `BREW` variable is set to `no` on macOS via `depends/<host_prefix>/share/config.site` [2] and this overrides `AC_CHECK_PROG` results [3]. Ideally, secp256k1's `configure` script should follow the same logic but this is not what happens because secp256k1's `configure` uses `AC_PATH_PROG` instead which respects preset variable values (in this case for variable `BREW`) only if they are a valid path (i.e., they match `[\\/*] | ?:[\\/]*` [4]), and `no` is not a path. This commit changes `AC_PATH_PROG` to `AC_CHECK_PROG` to be consistent with Core's `AC_CHECK_PROG`. Both of these macros are supposed to find executables in the `PATH` but the difference is that former is supposed to return the full path whereas the latter is supposed to find only the program. As a result, the latter will accept even non-paths `no` as an override. Not knowing the full path is not an issue for the `configure` script because it will only execute `BREW` immediately afterwards, which works fine without the full path. (In particular, `PATH` cannot have changed in between [5].) [1] https://github.com/bitcoin/bitcoin/blob/master/configure.ac#L684 [2] https://github.com/bitcoin/bitcoin/blob/master/depends/config.site.in#L73-L76 [3] https://github.com/autotools-mirror/autoconf/blob/6d38e9fa2b39b3c3a8e4d6d7da38c59909d3f39d/lib/autoconf/programs.m4#L47 [4] https://github.com/autotools-mirror/autoconf/blob/6d38e9fa2b39b3c3a8e4d6d7da38c59909d3f39d/lib/autoconf/programs.m4#L127 [5] [3ab1178](https://github.com/bitcoin-core/secp256k1/commit/3ab1178d54029745219d67e6c305df4d7564e278)
2021-06-15 19:33:57 +03:00
AC_CHECK_PROG([PORT], port, port)
Restructure and tidy configure.ac No behavioral changes.
2021-01-08 15:18:08 +01:00
# If homebrew isn't installed and macports is, add the macports default paths
# as a last resort.
configure: replace AC_PATH_PROG to AC_CHECK_PROG Bitcoin Core's `configure` script uses `AC_CHECK_PROG` to find brew in the `PATH` [1]. If found, this macro will set `BREW=brew`. When building with dependencies however the `BREW` variable is set to `no` on macOS via `depends/<host_prefix>/share/config.site` [2] and this overrides `AC_CHECK_PROG` results [3]. Ideally, secp256k1's `configure` script should follow the same logic but this is not what happens because secp256k1's `configure` uses `AC_PATH_PROG` instead which respects preset variable values (in this case for variable `BREW`) only if they are a valid path (i.e., they match `[\\/*] | ?:[\\/]*` [4]), and `no` is not a path. This commit changes `AC_PATH_PROG` to `AC_CHECK_PROG` to be consistent with Core's `AC_CHECK_PROG`. Both of these macros are supposed to find executables in the `PATH` but the difference is that former is supposed to return the full path whereas the latter is supposed to find only the program. As a result, the latter will accept even non-paths `no` as an override. Not knowing the full path is not an issue for the `configure` script because it will only execute `BREW` immediately afterwards, which works fine without the full path. (In particular, `PATH` cannot have changed in between [5].) [1] https://github.com/bitcoin/bitcoin/blob/master/configure.ac#L684 [2] https://github.com/bitcoin/bitcoin/blob/master/depends/config.site.in#L73-L76 [3] https://github.com/autotools-mirror/autoconf/blob/6d38e9fa2b39b3c3a8e4d6d7da38c59909d3f39d/lib/autoconf/programs.m4#L47 [4] https://github.com/autotools-mirror/autoconf/blob/6d38e9fa2b39b3c3a8e4d6d7da38c59909d3f39d/lib/autoconf/programs.m4#L127 [5] [3ab1178](https://github.com/bitcoin-core/secp256k1/commit/3ab1178d54029745219d67e6c305df4d7564e278)
2021-06-15 19:33:57 +03:00
if test x$PORT = xport; then
build: osx: attempt to work with homebrew keg-only packages
2014-11-24 11:13:16 -05:00
CPPFLAGS="$CPPFLAGS -isystem /opt/local/include"
LDFLAGS="$LDFLAGS -L/opt/local/lib"
fi
fi
fi
;;
Optionally compile the examples in autotools, compile+run in travis
2020-04-30 14:34:24 +03:00
cygwin*|mingw*)
build_windows=yes
;;
Add MacPorts default include/lib paths for OSX
2014-05-20 11:39:54 +07:00
esac
build: Use own variable SECP_CFLAGS instead of touching user CFLAGS Fixes one of the items in #923, namely the warnings of the form '_putenv' redeclared without dllimport attribute: previous dllimport ignored [-Wattributes] This also cleans up the way we add CFLAGS, in particular flags enabling warnings. Now we perform some more fine-grained checking for flag support, which is not strictly necessary but the changes also help to document autoconf.ac.
2021-05-13 17:06:16 +02:00
# Try if some desirable compiler flags are supported and append them to SECP_CFLAGS.
#
# These are our own flags, so we append them to our own SECP_CFLAGS variable (instead of CFLAGS) as
# recommended in the automake manual (Section "Flag Variables Ordering"). CFLAGS belongs to the user
# and we are not supposed to touch it. In the Makefile, we will need to ensure that SECP_CFLAGS
# is prepended to CFLAGS when invoking the compiler so that the user always has the last word (flag).
#
# Another advantage of not touching CFLAGS is that the contents of CFLAGS will be picked up by
# libtool for compiling helper executables. For example, when compiling for Windows, libtool will
# generate entire wrapper executables (instead of simple wrapper scripts as on Unix) to ensure
# proper operation of uninstalled programs linked by libtool against the uninstalled shared library.
# These executables are compiled from C source file for which our flags may not be appropriate,
# e.g., -std=c89 flag has lead to undesirable warnings in the past.
#
# TODO We should analogously not touch CPPFLAGS and LDFLAGS but currently there are no issues.
AC_DEFUN([SECP_TRY_APPEND_DEFAULT_CFLAGS], [
configure: Add a few CFLAGS for MSVC
2022-03-09 21:06:43 +01:00
# GCC and compatible (incl. clang)
if test "x$GCC" = "xyes"; then
# Try to append -Werror=unknown-warning-option to CFLAGS temporarily. Otherwise clang will
# not error out if it gets unknown warning flags and the checks here will always succeed
# no matter if clang knows the flag or not.
SECP_TRY_APPEND_DEFAULT_CFLAGS_saved_CFLAGS="$CFLAGS"
SECP_TRY_APPEND_CFLAGS([-Werror=unknown-warning-option], CFLAGS)
SECP_TRY_APPEND_CFLAGS([-std=c89 -pedantic -Wno-long-long -Wnested-externs -Wshadow -Wstrict-prototypes -Wundef], $1) # GCC >= 3.0, -Wlong-long is implied by -pedantic.
SECP_TRY_APPEND_CFLAGS([-Wno-overlength-strings], $1) # GCC >= 4.2, -Woverlength-strings is implied by -pedantic.
SECP_TRY_APPEND_CFLAGS([-Wall], $1) # GCC >= 2.95 and probably many other compilers
SECP_TRY_APPEND_CFLAGS([-Wno-unused-function], $1) # GCC >= 3.0, -Wunused-function is implied by -Wall.
SECP_TRY_APPEND_CFLAGS([-Wextra], $1) # GCC >= 3.4, this is the newer name of -W, which we don't use because older GCCs will warn about unused functions.
SECP_TRY_APPEND_CFLAGS([-Wcast-align], $1) # GCC >= 2.95
SECP_TRY_APPEND_CFLAGS([-Wcast-align=strict], $1) # GCC >= 8.0
SECP_TRY_APPEND_CFLAGS([-Wconditional-uninitialized], $1) # Clang >= 3.0 only
SECP_TRY_APPEND_CFLAGS([-fvisibility=hidden], $1) # GCC >= 4.0
CFLAGS="$SECP_TRY_APPEND_DEFAULT_CFLAGS_saved_CFLAGS"
fi
# MSVC
# Assume MSVC if we're building for Windows but not with GCC or compatible;
# libtool makes the same assumption internally.
# Note that "/opt" and "-opt" are equivalent for MSVC; we use "-opt" because "/opt" looks like a path.
if test x"$GCC" != x"yes" && test x"$build_windows" = x"yes"; then
SECP_TRY_APPEND_CFLAGS([-W2 -wd4146], $1) # Moderate warning level, disable warning C4146 "unary minus operator applied to unsigned type, result still unsigned"
SECP_TRY_APPEND_CFLAGS([-external:anglebrackets -external:W0], $1) # Suppress warnings from #include <...> files
fi
build: Use own variable SECP_CFLAGS instead of touching user CFLAGS Fixes one of the items in #923, namely the warnings of the form '_putenv' redeclared without dllimport attribute: previous dllimport ignored [-Wattributes] This also cleans up the way we add CFLAGS, in particular flags enabling warnings. Now we perform some more fine-grained checking for flag support, which is not strictly necessary but the changes also help to document autoconf.ac.
2021-05-13 17:06:16 +02:00
])
SECP_TRY_APPEND_DEFAULT_CFLAGS(SECP_CFLAGS)
Enable warnings. Wno-unused-function is used for the moment because of the checking functions which are currently only used by VERIFY but are not (yet?) ifdefed out in normal builds.
2014-11-12 16:07:48 -08:00
Restructure and tidy configure.ac No behavioral changes.
2021-01-08 15:18:08 +01:00
###
### Define config arguments
###
configure: Add hidden --enable-dev-mode to enable all the stuff Co-authored-by: Elichai Turkel <elichai.turkel@gmail.com>
2022-02-23 21:03:15 +01:00
# In dev mode, we enable all binaries and modules by default but individual options can still be overridden explicitly.
# Check for dev mode first because SECP_SET_DEFAULT needs enable_dev_mode set.
AC_ARG_ENABLE(dev_mode, [], [],
[enable_dev_mode=no])
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
AC_ARG_ENABLE(benchmark,
configure: Remove redundant code that sets _enable variables These are set automatically by autoconf [1], and this has been the case in at least since 2.60, which is our minimum supported version. [1] https://www.gnu.org/software/autoconf/manual/autoconf-2.70/html_node/Package-Options.html [2] https://www.gnu.org/software/autoconf/manual/autoconf-2.60/html_node/Package-Options.html
2022-02-23 20:44:36 +01:00
AS_HELP_STRING([--enable-benchmark],[compile benchmark [default=yes]]), [],
configure: Add hidden --enable-dev-mode to enable all the stuff Co-authored-by: Elichai Turkel <elichai.turkel@gmail.com>
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_benchmark], [yes], [yes])])
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
configure: add --enable-coverage to set options for coverage analysis
2016-11-26 20:34:15 +00:00
AC_ARG_ENABLE(coverage,
configure: Remove redundant code that sets _enable variables These are set automatically by autoconf [1], and this has been the case in at least since 2.60, which is our minimum supported version. [1] https://www.gnu.org/software/autoconf/manual/autoconf-2.70/html_node/Package-Options.html [2] https://www.gnu.org/software/autoconf/manual/autoconf-2.60/html_node/Package-Options.html
2022-02-23 20:44:36 +01:00
AS_HELP_STRING([--enable-coverage],[enable compiler flags to support kcov coverage analysis [default=no]]), [],
configure: Add hidden --enable-dev-mode to enable all the stuff Co-authored-by: Elichai Turkel <elichai.turkel@gmail.com>
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_coverage], [no], [no])])
configure: add --enable-coverage to set options for coverage analysis
2016-11-26 20:34:15 +00:00
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
AC_ARG_ENABLE(tests,
configure: Remove redundant code that sets _enable variables These are set automatically by autoconf [1], and this has been the case in at least since 2.60, which is our minimum supported version. [1] https://www.gnu.org/software/autoconf/manual/autoconf-2.70/html_node/Package-Options.html [2] https://www.gnu.org/software/autoconf/manual/autoconf-2.60/html_node/Package-Options.html
2022-02-23 20:44:36 +01:00
AS_HELP_STRING([--enable-tests],[compile tests [default=yes]]), [],
configure: Add hidden --enable-dev-mode to enable all the stuff Co-authored-by: Elichai Turkel <elichai.turkel@gmail.com>
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_tests], [yes], [yes])])
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
Add experimental features to configure
2015-11-26 00:06:41 +01:00
AC_ARG_ENABLE(experimental,
configure: Remove redundant code that sets _enable variables These are set automatically by autoconf [1], and this has been the case in at least since 2.60, which is our minimum supported version. [1] https://www.gnu.org/software/autoconf/manual/autoconf-2.70/html_node/Package-Options.html [2] https://www.gnu.org/software/autoconf/manual/autoconf-2.60/html_node/Package-Options.html
2022-02-23 20:44:36 +01:00
AS_HELP_STRING([--enable-experimental],[allow experimental configure options [default=no]]), [],
configure: Add hidden --enable-dev-mode to enable all the stuff Co-authored-by: Elichai Turkel <elichai.turkel@gmail.com>
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_experimental], [no], [yes])])
Add experimental features to configure
2015-11-26 00:06:41 +01:00
Add exhaustive test for group functions on a low-order subgroup We observe that when changing the b-value in the elliptic curve formula `y^2 = x^3 + ax + b`, the group law is unchanged. Therefore our functions for secp256k1 will be correct if and only if they are correct when applied to the curve defined by `y^2 = x^3 + 4` defined over the same field. This curve has a point P of order 199. This commit adds a test which computes the subgroup generated by P and exhaustively checks that addition of every pair of points gives the correct result. Unfortunately we cannot test const-time scalar multiplication by the same mechanism. The reason is that these ecmult functions both compute a wNAF representation of the scalar, and this representation is tied to the order of the group. Testing with the incomplete version of gej_add_ge (found in 5de4c5dff^) shows that this detects the incompleteness when adding P - 106P, which is exactly what we expected since 106 is a cube root of 1 mod 199.
2015-09-17 18:54:52 -05:00
AC_ARG_ENABLE(exhaustive_tests,
configure: Remove redundant code that sets _enable variables These are set automatically by autoconf [1], and this has been the case in at least since 2.60, which is our minimum supported version. [1] https://www.gnu.org/software/autoconf/manual/autoconf-2.70/html_node/Package-Options.html [2] https://www.gnu.org/software/autoconf/manual/autoconf-2.60/html_node/Package-Options.html
2022-02-23 20:44:36 +01:00
AS_HELP_STRING([--enable-exhaustive-tests],[compile exhaustive tests [default=yes]]), [],
configure: Add hidden --enable-dev-mode to enable all the stuff Co-authored-by: Elichai Turkel <elichai.turkel@gmail.com>
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_exhaustive_tests], [yes], [yes])])
Add exhaustive test for group functions on a low-order subgroup We observe that when changing the b-value in the elliptic curve formula `y^2 = x^3 + ax + b`, the group law is unchanged. Therefore our functions for secp256k1 will be correct if and only if they are correct when applied to the curve defined by `y^2 = x^3 + 4` defined over the same field. This curve has a point P of order 199. This commit adds a test which computes the subgroup generated by P and exhaustively checks that addition of every pair of points gives the correct result. Unfortunately we cannot test const-time scalar multiplication by the same mechanism. The reason is that these ecmult functions both compute a wNAF representation of the scalar, and this representation is tied to the order of the group. Testing with the incomplete version of gej_add_ge (found in 5de4c5dff^) shows that this detects the incompleteness when adding P - 106P, which is exactly what we expected since 106 is a cube root of 1 mod 199.
2015-09-17 18:54:52 -05:00
Optionally compile the examples in autotools, compile+run in travis
2020-04-30 14:34:24 +03:00
AC_ARG_ENABLE(examples,
configure: Remove redundant code that sets _enable variables These are set automatically by autoconf [1], and this has been the case in at least since 2.60, which is our minimum supported version. [1] https://www.gnu.org/software/autoconf/manual/autoconf-2.70/html_node/Package-Options.html [2] https://www.gnu.org/software/autoconf/manual/autoconf-2.60/html_node/Package-Options.html
2022-02-23 20:44:36 +01:00
AS_HELP_STRING([--enable-examples],[compile the examples [default=no]]), [],
configure: Add hidden --enable-dev-mode to enable all the stuff Co-authored-by: Elichai Turkel <elichai.turkel@gmail.com>
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_examples], [no], [yes])])
Add exhaustive test for group functions on a low-order subgroup We observe that when changing the b-value in the elliptic curve formula `y^2 = x^3 + ax + b`, the group law is unchanged. Therefore our functions for secp256k1 will be correct if and only if they are correct when applied to the curve defined by `y^2 = x^3 + 4` defined over the same field. This curve has a point P of order 199. This commit adds a test which computes the subgroup generated by P and exhaustively checks that addition of every pair of points gives the correct result. Unfortunately we cannot test const-time scalar multiplication by the same mechanism. The reason is that these ecmult functions both compute a wNAF representation of the scalar, and this representation is tied to the order of the group. Testing with the incomplete version of gej_add_ge (found in 5de4c5dff^) shows that this detects the incompleteness when adding P - 106P, which is exactly what we expected since 106 is a cube root of 1 mod 199.
2015-09-17 18:54:52 -05:00
Rename buletproof_pp* to bppp*
2023-02-06 13:53:02 -08:00
AC_ARG_ENABLE(module_bppp,
AS_HELP_STRING([--enable-module-bppp],[enable Bulletproofs++ module (experimental)]),
bulletproofs: add new empty module
2022-08-27 15:02:44 +00:00
[],
Rename buletproof_pp* to bppp*
2023-02-06 13:53:02 -08:00
[SECP_SET_DEFAULT([enable_module_bppp], [no], [yes])])
bulletproofs: add new empty module
2022-08-27 15:02:44 +00:00
Add ECDH module which works by hashing the output of ecmult_const
2015-06-29 15:06:28 -05:00
AC_ARG_ENABLE(module_ecdh,
build: Enable some modules by default We don't enable the ECDSA recovery module, because we don't recommend ECDSA recovery for new protocols. In particular, the recovery API is prone to misuse: It invites the caller to forget to check the public key (and the verification function always returns 1). In general, we also don't recommend ordinary ECDSA for new protocols. But disabling the ECDSA functions is not possible because they're not in a module, and let's be honest: disabling ECDSA would mean to ignore reality blatantly.
2021-10-19 14:03:01 +02:00
AS_HELP_STRING([--enable-module-ecdh],[enable ECDH module [default=yes]]), [],
[SECP_SET_DEFAULT([enable_module_ecdh], [yes], [yes])])
Add ECDH module which works by hashing the output of ecmult_const
2015-06-29 15:06:28 -05:00
re-enable musig module
2020-10-14 15:03:26 +00:00
AC_ARG_ENABLE(module_musig,
AS_HELP_STRING([--enable-module-musig],[enable MuSig module (experimental)]),
configure: add -zkp modules to dev-mode and remove redundant code
2022-03-30 15:18:07 +00:00
[],
[SECP_SET_DEFAULT([enable_module_musig], [no], [yes])])
Add MuSig module which allows creating n-of-n multisignatures and adaptor signatures.
2018-12-22 22:12:35 +00:00
Move pubkey recovery code to separate module
2015-08-27 03:42:57 +02:00
AC_ARG_ENABLE(module_recovery,
configure: Remove redundant code that sets _enable variables These are set automatically by autoconf [1], and this has been the case in at least since 2.60, which is our minimum supported version. [1] https://www.gnu.org/software/autoconf/manual/autoconf-2.70/html_node/Package-Options.html [2] https://www.gnu.org/software/autoconf/manual/autoconf-2.60/html_node/Package-Options.html
2022-02-23 20:44:36 +01:00
AS_HELP_STRING([--enable-module-recovery],[enable ECDSA pubkey recovery module [default=no]]), [],
configure: Add hidden --enable-dev-mode to enable all the stuff Co-authored-by: Elichai Turkel <elichai.turkel@gmail.com>
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_module_recovery], [no], [yes])])
Move pubkey recovery code to separate module
2015-08-27 03:42:57 +02:00
Constant-time generator module
2016-07-07 00:47:41 +02:00
AC_ARG_ENABLE(module_generator,
Clean up ./configure help strings (zkp extensions)
2019-04-05 21:26:19 +02:00
AS_HELP_STRING([--enable-module-generator],[enable NUMS generator module [default=no]]),
configure: add -zkp modules to dev-mode and remove redundant code
2022-03-30 15:18:07 +00:00
[],
[SECP_SET_DEFAULT([enable_module_generator], [no], [yes])])
Pedersen commitments, borromean ring signatures, and ZK range proofs. This commit adds three new cryptosystems to libsecp256k1: Pedersen commitments are a system for making blinded commitments to a value. Functionally they work like: commit_b,v = H(blind_b || value_v), except they are additively homorphic, e.g. C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and C(b1, v1) - C(b1, v1) = 0, etc. The commitments themselves are EC points, serialized as 33 bytes. In addition to the commit function this implementation includes utility functions for verifying that a set of commitments sums to zero, and for picking blinding factors that sum to zero. If the blinding factors are uniformly random, pedersen commitments have information theoretic privacy. Borromean ring signatures are a novel efficient ring signature construction for AND/OR admissions policies (the code here implements an AND of ORs, each of any size). This construction requires 32 bytes of signature per pubkey used plus 32 bytes of constant overhead. With these you can construct signatures like "Given pubkeys A B C D E F G, the signer knows the discrete logs satisifying (A || B) & (C || D || E) & (F || G)". ZK range proofs allow someone to prove a pedersen commitment is in a particular range (e.g. [0..2^64)) without revealing the specific value. The construction here is based on the above borromean ring signature and uses a radix-4 encoding and other optimizations to maximize efficiency. It also supports encoding proofs with a non-private base-10 exponent and minimum-value to allow trading off secrecy for size and speed (or just avoiding wasting space keeping data private that was already public due to external constraints). A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of this can be used to communicate a private message to a receiver who shares a secret random seed with the prover. Also: get rid of precomputed H tables (Pieter Wuille)
2015-08-05 19:04:14 +02:00
AC_ARG_ENABLE(module_rangeproof,
Clean up ./configure help strings (zkp extensions)
2019-04-05 21:26:19 +02:00
AS_HELP_STRING([--enable-module-rangeproof],[enable Pedersen / zero-knowledge range proofs module [default=no]]),
configure: add -zkp modules to dev-mode and remove redundant code
2022-03-30 15:18:07 +00:00
[],
[SECP_SET_DEFAULT([enable_module_rangeproof], [no], [yes])])
Pedersen commitments, borromean ring signatures, and ZK range proofs. This commit adds three new cryptosystems to libsecp256k1: Pedersen commitments are a system for making blinded commitments to a value. Functionally they work like: commit_b,v = H(blind_b || value_v), except they are additively homorphic, e.g. C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and C(b1, v1) - C(b1, v1) = 0, etc. The commitments themselves are EC points, serialized as 33 bytes. In addition to the commit function this implementation includes utility functions for verifying that a set of commitments sums to zero, and for picking blinding factors that sum to zero. If the blinding factors are uniformly random, pedersen commitments have information theoretic privacy. Borromean ring signatures are a novel efficient ring signature construction for AND/OR admissions policies (the code here implements an AND of ORs, each of any size). This construction requires 32 bytes of signature per pubkey used plus 32 bytes of constant overhead. With these you can construct signatures like "Given pubkeys A B C D E F G, the signer knows the discrete logs satisifying (A || B) & (C || D || E) & (F || G)". ZK range proofs allow someone to prove a pedersen commitment is in a particular range (e.g. [0..2^64)) without revealing the specific value. The construction here is based on the above borromean ring signature and uses a radix-4 encoding and other optimizations to maximize efficiency. It also supports encoding proofs with a non-private base-10 exponent and minimum-value to allow trading off secrecy for size and speed (or just avoiding wasting space keeping data private that was already public due to external constraints). A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of this can be used to communicate a private message to a receiver who shares a secret random seed with the prover. Also: get rid of precomputed H tables (Pieter Wuille)
2015-08-05 19:04:14 +02:00
Implement ring-signature based whitelist delegation scheme
2016-04-21 22:22:39 +00:00
AC_ARG_ENABLE(module_whitelist,
Clean up ./configure help strings (zkp extensions)
2019-04-05 21:26:19 +02:00
AS_HELP_STRING([--enable-module-whitelist],[enable key whitelisting module [default=no]]),
configure: add -zkp modules to dev-mode and remove redundant code
2022-03-30 15:18:07 +00:00
[],
[SECP_SET_DEFAULT([enable_module_whitelist], [no], [yes])])
Implement ring-signature based whitelist delegation scheme
2016-04-21 22:22:39 +00:00
extrakeys: Init empty experimental module This is to prepare for xonly_pubkeys and keypairs.
2020-05-12 13:58:47 +00:00
AC_ARG_ENABLE(module_extrakeys,
build: Enable some modules by default We don't enable the ECDSA recovery module, because we don't recommend ECDSA recovery for new protocols. In particular, the recovery API is prone to misuse: It invites the caller to forget to check the public key (and the verification function always returns 1). In general, we also don't recommend ordinary ECDSA for new protocols. But disabling the ECDSA functions is not possible because they're not in a module, and let's be honest: disabling ECDSA would mean to ignore reality blatantly.
2021-10-19 14:03:01 +02:00
AS_HELP_STRING([--enable-module-extrakeys],[enable extrakeys module [default=yes]]), [],
[SECP_SET_DEFAULT([enable_module_extrakeys], [yes], [yes])])
extrakeys: Init empty experimental module This is to prepare for xonly_pubkeys and keypairs.
2020-05-12 13:58:47 +00:00
schnorrsig: Init empty experimental module
2020-05-12 21:19:03 +00:00
AC_ARG_ENABLE(module_schnorrsig,
build: Enable some modules by default We don't enable the ECDSA recovery module, because we don't recommend ECDSA recovery for new protocols. In particular, the recovery API is prone to misuse: It invites the caller to forget to check the public key (and the verification function always returns 1). In general, we also don't recommend ordinary ECDSA for new protocols. But disabling the ECDSA functions is not possible because they're not in a module, and let's be honest: disabling ECDSA would mean to ignore reality blatantly.
2021-10-19 14:03:01 +02:00
AS_HELP_STRING([--enable-module-schnorrsig],[enable schnorrsig module [default=yes]]), [],
[SECP_SET_DEFAULT([enable_module_schnorrsig], [yes], [yes])])
schnorrsig: Init empty experimental module
2020-05-12 21:19:03 +00:00
ecdsa-s2c: block in module Co-authored-by: Marko Bencun <mbencun+pgp@gmail.com> Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
2020-12-05 23:18:54 +00:00
AC_ARG_ENABLE(module_ecdsa_s2c,
AS_HELP_STRING([--enable-module-ecdsa-s2c],[enable ECDSA sign-to-contract module [default=no]]),
configure: add -zkp modules to dev-mode and remove redundant code
2022-03-30 15:18:07 +00:00
[],
[SECP_SET_DEFAULT([enable_module_ecdsa_s2c], [no], [yes])])
ecdsa-s2c: block in module Co-authored-by: Marko Bencun <mbencun+pgp@gmail.com> Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
2020-12-05 23:18:54 +00:00
ecdsa_adaptor: initialize project This commit adds the foundational configuration and building scripts and an initial structure for the project.
2021-03-04 23:38:48 -08:00
AC_ARG_ENABLE(module_ecdsa-adaptor,
AS_HELP_STRING([--enable-module-ecdsa-adaptor],[enable ECDSA adaptor module [default=no]]),
configure: add -zkp modules to dev-mode and remove redundant code
2022-03-30 15:18:07 +00:00
[],
[SECP_SET_DEFAULT([enable_module_ecdsa_adaptor], [no], [yes])])
ecdsa_adaptor: initialize project This commit adds the foundational configuration and building scripts and an initial structure for the project.
2021-03-04 23:38:48 -08:00
Allow usage of external default callbacks
2019-03-04 15:36:35 +01:00
AC_ARG_ENABLE(external_default_callbacks,
configure: Remove redundant code that sets _enable variables These are set automatically by autoconf [1], and this has been the case in at least since 2.60, which is our minimum supported version. [1] https://www.gnu.org/software/autoconf/manual/autoconf-2.70/html_node/Package-Options.html [2] https://www.gnu.org/software/autoconf/manual/autoconf-2.60/html_node/Package-Options.html
2022-02-23 20:44:36 +01:00
AS_HELP_STRING([--enable-external-default-callbacks],[enable external default callback functions [default=no]]), [],
configure: Add hidden --enable-dev-mode to enable all the stuff Co-authored-by: Elichai Turkel <elichai.turkel@gmail.com>
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_external_default_callbacks], [no], [no])])
Allow usage of external default callbacks
2019-03-04 15:36:35 +01:00
add surjection proof module Includes fix and tests by Jonas Nick.
2016-07-01 15:51:07 +00:00
AC_ARG_ENABLE(module_surjectionproof,
Clean up ./configure help strings (zkp extensions)
2019-04-05 21:26:19 +02:00
AS_HELP_STRING([--enable-module-surjectionproof],[enable surjection proof module [default=no]]),
configure: add -zkp modules to dev-mode and remove redundant code
2022-03-30 15:18:07 +00:00
[],
[SECP_SET_DEFAULT([enable_module_surjectionproof], [no], [yes])])
add surjection proof module Includes fix and tests by Jonas Nick.
2016-07-01 15:51:07 +00:00
allow reducing surjection proof size (to lower generation stack usage)
2019-05-30 09:04:40 +03:00
AC_ARG_ENABLE(reduced_surjection_proof_size,
AS_HELP_STRING([--enable-reduced-surjection-proof-size],[use reduced surjection proof size (disabling parsing and verification) [default=no]]),
configure: add -zkp modules to dev-mode and remove redundant code
2022-03-30 15:18:07 +00:00
[],
[SECP_SET_DEFAULT([use_reduced_surjection_proof_size], [no], [no])])
allow reducing surjection proof size (to lower generation stack usage)
2019-05-30 09:04:40 +03:00
Restructure and tidy configure.ac No behavioral changes.
2021-01-08 15:18:08 +01:00
# Test-only override of the (autodetected by the C code) "widemul" setting.
Simulated int128 type.
2022-07-27 11:09:51 -04:00
# Legal values are:
# * int64 (for [u]int64_t),
# * int128 (for [unsigned] __int128),
# * int128_struct (for int128 implemented as a structure),
# * and auto (the default).
Autodetect __int128 availability on the C side Instead of supporting configuration of the field and scalar size independently, both are now controlled by the availability of a 64x64->128 bit multiplication (currently only through __int128). This is autodetected from the C code through __SIZEOF_INT128__, but can be overridden using configure's --with-test-override-wide-multiply, or by defining USE_FORCE_WIDEMUL_{INT64,INT128} manually.
2020-08-09 10:58:40 -07:00
AC_ARG_WITH([test-override-wide-multiply], [] ,[set_widemul=$withval], [set_widemul=auto])
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
Clean up ./configure help strings
2019-03-06 14:10:38 +01:00
AC_ARG_WITH([asm], [AS_HELP_STRING([--with-asm=x86_64|arm|no|auto],
doc: remove use of 0xa0 "no break space"
2021-11-24 07:16:19 +08:00
[assembly optimizations to use (experimental: arm) [default=auto]])],[req_asm=$withval], [req_asm=auto])
Configure options reorganization
2014-12-12 16:20:47 +01:00
Make WINDOW_G configurable This makes WINDOW_G a configurable value in the range of [2..24]. The upper limit of 24 is a defensive choice. The code is probably correct for values up to 27 but those larger values yield in huge tables (>= 256MiB), which are i) unlikely to be really beneficial in practice and ii) increasingly difficult to test.
2019-03-06 13:12:33 +01:00
AC_ARG_WITH([ecmult-window], [AS_HELP_STRING([--with-ecmult-window=SIZE|auto],
[window size for ecmult precomputation for verification, specified as integer in range [2..24].]
[Larger values result in possibly better performance at the cost of an exponentially larger precomputed table.]
Rip out non-endomorphism code
2020-09-25 20:06:36 -07:00
[The table will store 2^(SIZE-1) * 64 bytes of data but can be larger in memory due to platform-specific padding and alignment.]
Split off .c file from precomputed_ecmult.h
2021-12-17 14:21:38 -05:00
[A window size larger than 15 will require you delete the prebuilt precomputed_ecmult.c file so that it can be rebuilt.]
Generate ecmult_static_pre_g.h This header contains a static array that replaces the ecmult_context pre_g and pre_g_128 tables. The gen_ecmult_static_pre_g program generates this header file.
2021-06-28 16:33:03 -04:00
[For very large window sizes, use "make -j 1" to reduce memory use during compilation.]
Make WINDOW_G configurable This makes WINDOW_G a configurable value in the range of [2..24]. The upper limit of 24 is a defensive choice. The code is probably correct for values up to 27 but those larger values yield in huge tables (>= 256MiB), which are i) unlikely to be really beneficial in practice and ii) increasingly difficult to test.
2019-03-06 13:12:33 +01:00
["auto" is a reasonable setting for desktop machines (currently 15). [default=auto]]
)],
[req_ecmult_window=$withval], [req_ecmult_window=auto])
variable signing precompute table make ECMULT_GEN_PREC_BITS configurable ecmult_static_context.h: add compile time config assertion (#3) - Prevents accidentally using a file which was generated with a different configuration. README: mention valgrind issue With --with-ecmult-gen-precision=8, valgrind needs a max stack size adjustment to not run into a stack switching heuristic: http://valgrind.org/docs/manual/manual-core.html > -max-stackframe= [default: 2000000] > The maximum size of a stack frame. If the stack pointer moves by more than this amount then Valgrind will assume that the program is switching to a different stack. You may need to use this option if your program has large stack-allocated arrays. basic-config: undef ECMULT_WINDOW_SIZE before (re-)defining it
2015-10-18 10:35:16 +02:00
AC_ARG_WITH([ecmult-gen-precision], [AS_HELP_STRING([--with-ecmult-gen-precision=2|4|8|auto],
[Precision bits to tune the precomputed table size for signing.]
[The size of the table is 32kB for 2 bits, 64kB for 4 bits, 512kB for 8 bits of precision.]
[A larger table size usually results in possible faster signing.]
["auto" is a reasonable setting for desktop machines (currently 4). [default=auto]]
)],
[req_ecmult_gen_precision=$withval], [req_ecmult_gen_precision=auto])
configure: Allow specifying --with[out]-valgrind explicitly
2020-09-12 19:15:56 +00:00
AC_ARG_WITH([valgrind], [AS_HELP_STRING([--with-valgrind=yes|no|auto],
[Build with extra checks for running inside Valgrind [default=auto]]
)],
[req_valgrind=$withval], [req_valgrind=auto])
Restructure and tidy configure.ac No behavioral changes.
2021-01-08 15:18:08 +01:00
###
### Handle config options (except for modules)
###
configure: Allow specifying --with[out]-valgrind explicitly
2020-09-12 19:15:56 +00:00
if test x"$req_valgrind" = x"no"; then
enable_valgrind=no
else
Ask brew for valgrind include path Valgrind is typically installed using brew on macOS. This commit makes ./configure detect this case set the appropriate include directory (in the same way as we already do for openssl and gmp).
2020-12-23 22:08:03 +01:00
SECP_VALGRIND_CHECK
if test x"$has_valgrind" != x"yes"; then
configure: Allow specifying --with[out]-valgrind explicitly
2020-09-12 19:15:56 +00:00
if test x"$req_valgrind" = x"yes"; then
AC_MSG_ERROR([Valgrind support explicitly requested but valgrind/memcheck.h header not available])
fi
enable_valgrind=no
Ask brew for valgrind include path Valgrind is typically installed using brew on macOS. This commit makes ./configure detect this case set the appropriate include directory (in the same way as we already do for openssl and gmp).
2020-12-23 22:08:03 +01:00
else
enable_valgrind=yes
fi
configure: Allow specifying --with[out]-valgrind explicitly
2020-09-12 19:15:56 +00:00
fi
Adds a declassify operation to aid constant-time analysis. ECDSA signing has a retry loop for the exceptionally unlikely case that S==0. S is not a secret at this point and this case is so rare that it will never be observed but branching on it will trip up tools analysing if the code is constant time with respect to secrets. Derandomized ECDSA can also loop on k being zero or overflowing, and while k is a secret these cases are too rare (1:2^255) to ever observe and are also of no concern. This adds a function for marking memory as no-longer-secret and sets it up for use with the valgrind memcheck constant-time test.
2020-01-11 13:31:50 +00:00
AM_CONDITIONAL([VALGRIND_ENABLED],[test "$enable_valgrind" = "yes"])
configure: add --enable-coverage to set options for coverage analysis
2016-11-26 20:34:15 +00:00
if test x"$enable_coverage" = x"yes"; then
AC_DEFINE(COVERAGE, 1, [Define this symbol to compile out all VERIFY code])
build: Ensure that configure's compile checks default to -O2 Fixes #896.
2021-05-13 19:34:16 +02:00
SECP_CFLAGS="-O0 --coverage $SECP_CFLAGS"
Append instead of Prepend user-CFLAGS to default CFLAGS allowing the user to override default variables
2019-12-17 12:37:48 +00:00
LDFLAGS="--coverage $LDFLAGS"
configure: add --enable-coverage to set options for coverage analysis
2016-11-26 20:34:15 +00:00
else
build: Ensure that configure's compile checks default to -O2 Fixes #896.
2021-05-13 19:34:16 +02:00
# Most likely the CFLAGS already contain -O2 because that is autoconf's default.
# We still add it here because passing it twice is not an issue, and handling
# this case would just add unnecessary complexity (see #896).
SECP_CFLAGS="-O2 $SECP_CFLAGS"
configure: add --enable-coverage to set options for coverage analysis
2016-11-26 20:34:15 +00:00
fi
add surjection proof module Includes fix and tests by Jonas Nick.
2016-07-01 15:51:07 +00:00
AC_MSG_CHECKING([for __builtin_popcount])
configure: Check compile+link when checking existence of functions Undeclared functions are fine in C but linking will fail.
2022-03-31 17:41:54 +02:00
AC_LINK_IFELSE([AC_LANG_SOURCE([[void myfunc() {__builtin_popcount(0);}]])],
add surjection proof module Includes fix and tests by Jonas Nick.
2016-07-01 15:51:07 +00:00
[ AC_MSG_RESULT([yes]);AC_DEFINE(HAVE_BUILTIN_POPCOUNT,1,[Define this symbol if __builtin_popcount is available]) ],
[ AC_MSG_RESULT([no])
])
Add 64-bit integer utilities
2015-08-05 16:17:50 +02:00
AC_MSG_CHECKING([for __builtin_clzll])
configure: Check compile+link when checking existence of functions Undeclared functions are fine in C but linking will fail.
2022-03-31 17:41:54 +02:00
AC_LINK_IFELSE([AC_LANG_SOURCE([[void myfunc() { __builtin_clzll(1);}]])],
Add 64-bit integer utilities
2015-08-05 16:17:50 +02:00
[ AC_MSG_RESULT([yes]);AC_DEFINE(HAVE_BUILTIN_CLZLL,1,[Define this symbol if __builtin_clzll is available]) ],
[ AC_MSG_RESULT([no])
])
Configure options reorganization
2014-12-12 16:20:47 +01:00
if test x"$req_asm" = x"auto"; then
autotools: changes suggested by Pieter Wuille
2014-01-24 16:57:13 -05:00
SECP_64BIT_ASM_CHECK
if test x"$has_64bit_asm" = x"yes"; then
Configure options reorganization
2014-12-12 16:20:47 +01:00
set_asm=x86_64
fi
if test x"$set_asm" = x; then
set_asm=no
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
fi
Configure options reorganization
2014-12-12 16:20:47 +01:00
else
set_asm=$req_asm
case $set_asm in
x86_64)
SECP_64BIT_ASM_CHECK
if test x"$has_64bit_asm" != x"yes"; then
AC_MSG_ERROR([x86_64 assembly optimization requested but not available])
fi
;;
ARM assembly implementation of field_10x26 inner Rebased-by: Pieter Wuille <pieter.wuille@gmail.com>
2014-12-24 12:12:37 +01:00
arm)
;;
Configure options reorganization
2014-12-12 16:20:47 +01:00
no)
;;
*)
AC_MSG_ERROR([invalid assembly optimization selection])
;;
esac
fi
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
Restructure and tidy configure.ac No behavioral changes.
2021-01-08 15:18:08 +01:00
# Select assembly optimization
configure: Use canonical variable prefix _enable consistently
2022-02-23 20:40:18 +01:00
enable_external_asm=no
ARM assembly implementation of field_10x26 inner Rebased-by: Pieter Wuille <pieter.wuille@gmail.com>
2014-12-24 12:12:37 +01:00
Configure options reorganization
2014-12-12 16:20:47 +01:00
case $set_asm in
x86_64)
AC_DEFINE(USE_ASM_X86_64, 1, [Define this symbol to enable x86_64 assembly optimizations])
;;
ARM assembly implementation of field_10x26 inner Rebased-by: Pieter Wuille <pieter.wuille@gmail.com>
2014-12-24 12:12:37 +01:00
arm)
configure: Use canonical variable prefix _enable consistently
2022-02-23 20:40:18 +01:00
enable_external_asm=yes
ARM assembly implementation of field_10x26 inner Rebased-by: Pieter Wuille <pieter.wuille@gmail.com>
2014-12-24 12:12:37 +01:00
;;
Configure options reorganization
2014-12-12 16:20:47 +01:00
no)
;;
*)
AC_MSG_ERROR([invalid assembly optimizations])
;;
esac
configure: Use canonical variable prefix _enable consistently
2022-02-23 20:40:18 +01:00
if test x"$enable_external_asm" = x"yes"; then
Restructure and tidy configure.ac No behavioral changes.
2021-01-08 15:18:08 +01:00
AC_DEFINE(USE_EXTERNAL_ASM, 1, [Define this symbol if an external (non-inline) assembly implementation is used])
fi
# Select wide multiplication implementation
Autodetect __int128 availability on the C side Instead of supporting configuration of the field and scalar size independently, both are now controlled by the availability of a 64x64->128 bit multiplication (currently only through __int128). This is autodetected from the C code through __SIZEOF_INT128__, but can be overridden using configure's --with-test-override-wide-multiply, or by defining USE_FORCE_WIDEMUL_{INT64,INT128} manually.
2020-08-09 10:58:40 -07:00
case $set_widemul in
Simulated int128 type.
2022-07-27 11:09:51 -04:00
int128_struct)
AC_DEFINE(USE_FORCE_WIDEMUL_INT128_STRUCT, 1, [Define this symbol to force the use of the structure for simulating (unsigned) int128 based wide multiplication])
;;
Autodetect __int128 availability on the C side Instead of supporting configuration of the field and scalar size independently, both are now controlled by the availability of a 64x64->128 bit multiplication (currently only through __int128). This is autodetected from the C code through __SIZEOF_INT128__, but can be overridden using configure's --with-test-override-wide-multiply, or by defining USE_FORCE_WIDEMUL_{INT64,INT128} manually.
2020-08-09 10:58:40 -07:00
int128)
AC_DEFINE(USE_FORCE_WIDEMUL_INT128, 1, [Define this symbol to force the use of the (unsigned) __int128 based wide multiplication implementation])
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
;;
Autodetect __int128 availability on the C side Instead of supporting configuration of the field and scalar size independently, both are now controlled by the availability of a 64x64->128 bit multiplication (currently only through __int128). This is autodetected from the C code through __SIZEOF_INT128__, but can be overridden using configure's --with-test-override-wide-multiply, or by defining USE_FORCE_WIDEMUL_{INT64,INT128} manually.
2020-08-09 10:58:40 -07:00
int64)
AC_DEFINE(USE_FORCE_WIDEMUL_INT64, 1, [Define this symbol to force the use of the (u)int64_t based wide multiplication implementation])
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
;;
Autodetect __int128 availability on the C side Instead of supporting configuration of the field and scalar size independently, both are now controlled by the availability of a 64x64->128 bit multiplication (currently only through __int128). This is autodetected from the C code through __SIZEOF_INT128__, but can be overridden using configure's --with-test-override-wide-multiply, or by defining USE_FORCE_WIDEMUL_{INT64,INT128} manually.
2020-08-09 10:58:40 -07:00
auto)
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
;;
*)
Autodetect __int128 availability on the C side Instead of supporting configuration of the field and scalar size independently, both are now controlled by the availability of a 64x64->128 bit multiplication (currently only through __int128). This is autodetected from the C code through __SIZEOF_INT128__, but can be overridden using configure's --with-test-override-wide-multiply, or by defining USE_FORCE_WIDEMUL_{INT64,INT128} manually.
2020-08-09 10:58:40 -07:00
AC_MSG_ERROR([invalid wide multiplication implementation])
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
;;
esac
Restructure and tidy configure.ac No behavioral changes.
2021-01-08 15:18:08 +01:00
# Set ecmult window size
Make WINDOW_G configurable This makes WINDOW_G a configurable value in the range of [2..24]. The upper limit of 24 is a defensive choice. The code is probably correct for values up to 27 but those larger values yield in huge tables (>= 256MiB), which are i) unlikely to be really beneficial in practice and ii) increasingly difficult to test.
2019-03-06 13:12:33 +01:00
if test x"$req_ecmult_window" = x"auto"; then
set_ecmult_window=15
else
set_ecmult_window=$req_ecmult_window
fi
error_window_size=['window size for ecmult precomputation not an integer in range [2..24] or "auto"']
case $set_ecmult_window in
''|*[[!0-9]]*)
# no valid integer
AC_MSG_ERROR($error_window_size)
;;
*)
if test "$set_ecmult_window" -lt 2 -o "$set_ecmult_window" -gt 24 ; then
# not in range
AC_MSG_ERROR($error_window_size)
fi
AC_DEFINE_UNQUOTED(ECMULT_WINDOW_SIZE, $set_ecmult_window, [Set window size for ecmult precomputation])
;;
esac
Restructure and tidy configure.ac No behavioral changes.
2021-01-08 15:18:08 +01:00
# Set ecmult gen precision
variable signing precompute table make ECMULT_GEN_PREC_BITS configurable ecmult_static_context.h: add compile time config assertion (#3) - Prevents accidentally using a file which was generated with a different configuration. README: mention valgrind issue With --with-ecmult-gen-precision=8, valgrind needs a max stack size adjustment to not run into a stack switching heuristic: http://valgrind.org/docs/manual/manual-core.html > -max-stackframe= [default: 2000000] > The maximum size of a stack frame. If the stack pointer moves by more than this amount then Valgrind will assume that the program is switching to a different stack. You may need to use this option if your program has large stack-allocated arrays. basic-config: undef ECMULT_WINDOW_SIZE before (re-)defining it
2015-10-18 10:35:16 +02:00
if test x"$req_ecmult_gen_precision" = x"auto"; then
set_ecmult_gen_precision=4
else
set_ecmult_gen_precision=$req_ecmult_gen_precision
fi
case $set_ecmult_gen_precision in
2|4|8)
AC_DEFINE_UNQUOTED(ECMULT_GEN_PREC_BITS, $set_ecmult_gen_precision, [Set ecmult gen precision bits])
;;
*)
AC_MSG_ERROR(['ecmult gen precision not 2, 4, 8 or "auto"'])
;;
esac
Ask brew for valgrind include path Valgrind is typically installed using brew on macOS. This commit makes ./configure detect this case set the appropriate include directory (in the same way as we already do for openssl and gmp).
2020-12-23 22:08:03 +01:00
if test x"$enable_valgrind" = x"yes"; then
SECP_INCLUDES="$SECP_INCLUDES $VALGRIND_CPPFLAGS"
fi
configure: Improve rationale for WERROR_CFLAGS
2022-06-29 11:12:00 +02:00
# Add -Werror and similar flags passed from the outside (for testing, e.g., in CI).
# We don't want to set the user variable CFLAGS in CI because this would disable
# autoconf's logic for setting default CFLAGS, which we would like to test in CI.
ci: Make compiler warning into errors on CI This also tidies the list of environment variables in .cirrus.yml.
2021-05-06 14:02:00 +02:00
SECP_CFLAGS="$SECP_CFLAGS $WERROR_CFLAGS"
Restructure and tidy configure.ac No behavioral changes.
2021-01-08 15:18:08 +01:00
###
### Handle module options
###
build: automatically enable module dependencies
2022-08-09 19:17:30 +00:00
# Besides testing whether modules are enabled, the following code also enables
# module dependencies. The order of the tests matters: the dependency must be
# tested first.
Add ECDH module which works by hashing the output of ecmult_const
2015-06-29 15:06:28 -05:00
if test x"$enable_module_ecdh" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_ECDH, 1, [Define this symbol to enable the ECDH module])
fi
re-enable musig module
2020-10-14 15:03:26 +00:00
if test x"$enable_module_musig" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_MUSIG, 1, [Define this symbol to enable the MuSig module])
musig: do not also require schnorrsig module config flag Also add musig to build options output.
2021-04-03 22:03:09 +00:00
enable_module_schnorrsig=yes
re-enable musig module
2020-10-14 15:03:26 +00:00
fi
Add MuSig module which allows creating n-of-n multisignatures and adaptor signatures.
2018-12-22 22:12:35 +00:00
Move pubkey recovery code to separate module
2015-08-27 03:42:57 +02:00
if test x"$enable_module_recovery" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_RECOVERY, 1, [Define this symbol to enable the ECDSA pubkey recovery module])
fi
build: automatically enable module dependencies
2022-08-09 19:17:30 +00:00
if test x"$enable_module_whitelist" = x"yes"; then
enable_module_rangeproof=yes
AC_DEFINE(ENABLE_MODULE_WHITELIST, 1, [Define this symbol to enable the key whitelisting module])
fi
if test x"$enable_module_surjectionproof" = x"yes"; then
enable_module_rangeproof=yes
AC_DEFINE(ENABLE_MODULE_SURJECTIONPROOF, 1, [Define this symbol to enable the surjection proof module])
Constant-time generator module
2016-07-07 00:47:41 +02:00
fi
Pedersen commitments, borromean ring signatures, and ZK range proofs. This commit adds three new cryptosystems to libsecp256k1: Pedersen commitments are a system for making blinded commitments to a value. Functionally they work like: commit_b,v = H(blind_b || value_v), except they are additively homorphic, e.g. C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and C(b1, v1) - C(b1, v1) = 0, etc. The commitments themselves are EC points, serialized as 33 bytes. In addition to the commit function this implementation includes utility functions for verifying that a set of commitments sums to zero, and for picking blinding factors that sum to zero. If the blinding factors are uniformly random, pedersen commitments have information theoretic privacy. Borromean ring signatures are a novel efficient ring signature construction for AND/OR admissions policies (the code here implements an AND of ORs, each of any size). This construction requires 32 bytes of signature per pubkey used plus 32 bytes of constant overhead. With these you can construct signatures like "Given pubkeys A B C D E F G, the signer knows the discrete logs satisifying (A || B) & (C || D || E) & (F || G)". ZK range proofs allow someone to prove a pedersen commitment is in a particular range (e.g. [0..2^64)) without revealing the specific value. The construction here is based on the above borromean ring signature and uses a radix-4 encoding and other optimizations to maximize efficiency. It also supports encoding proofs with a non-private base-10 exponent and minimum-value to allow trading off secrecy for size and speed (or just avoiding wasting space keeping data private that was already public due to external constraints). A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of this can be used to communicate a private message to a receiver who shares a secret random seed with the prover. Also: get rid of precomputed H tables (Pieter Wuille)
2015-08-05 19:04:14 +02:00
if test x"$enable_module_rangeproof" = x"yes"; then
build: automatically enable module dependencies
2022-08-09 19:17:30 +00:00
enable_module_generator=yes
Pedersen commitments, borromean ring signatures, and ZK range proofs. This commit adds three new cryptosystems to libsecp256k1: Pedersen commitments are a system for making blinded commitments to a value. Functionally they work like: commit_b,v = H(blind_b || value_v), except they are additively homorphic, e.g. C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and C(b1, v1) - C(b1, v1) = 0, etc. The commitments themselves are EC points, serialized as 33 bytes. In addition to the commit function this implementation includes utility functions for verifying that a set of commitments sums to zero, and for picking blinding factors that sum to zero. If the blinding factors are uniformly random, pedersen commitments have information theoretic privacy. Borromean ring signatures are a novel efficient ring signature construction for AND/OR admissions policies (the code here implements an AND of ORs, each of any size). This construction requires 32 bytes of signature per pubkey used plus 32 bytes of constant overhead. With these you can construct signatures like "Given pubkeys A B C D E F G, the signer knows the discrete logs satisifying (A || B) & (C || D || E) & (F || G)". ZK range proofs allow someone to prove a pedersen commitment is in a particular range (e.g. [0..2^64)) without revealing the specific value. The construction here is based on the above borromean ring signature and uses a radix-4 encoding and other optimizations to maximize efficiency. It also supports encoding proofs with a non-private base-10 exponent and minimum-value to allow trading off secrecy for size and speed (or just avoiding wasting space keeping data private that was already public due to external constraints). A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of this can be used to communicate a private message to a receiver who shares a secret random seed with the prover. Also: get rid of precomputed H tables (Pieter Wuille)
2015-08-05 19:04:14 +02:00
AC_DEFINE(ENABLE_MODULE_RANGEPROOF, 1, [Define this symbol to enable the Pedersen / zero knowledge range proof module])
fi
Rename buletproof_pp* to bppp*
2023-02-06 13:53:02 -08:00
if test x"$enable_module_bppp" = x"yes"; then
bulletproofs: add new empty module
2022-08-27 15:02:44 +00:00
enable_module_generator=yes
Rename buletproof_pp* to bppp*
2023-02-06 13:53:02 -08:00
AC_DEFINE(ENABLE_MODULE_BPPP, 1, [Define this symbol to enable the Bulletproofs++ module])
bulletproofs: add new empty module
2022-08-27 15:02:44 +00:00
fi
build: automatically enable module dependencies
2022-08-09 19:17:30 +00:00
if test x"$enable_module_generator" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_GENERATOR, 1, [Define this symbol to enable the NUMS generator module])
Implement ring-signature based whitelist delegation scheme
2016-04-21 22:22:39 +00:00
fi
schnorrsig: Init empty experimental module
2020-05-12 21:19:03 +00:00
if test x"$enable_module_schnorrsig" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_SCHNORRSIG, 1, [Define this symbol to enable the schnorrsig module])
enable_module_extrakeys=yes
fi
extrakeys: Init empty experimental module This is to prepare for xonly_pubkeys and keypairs.
2020-05-12 13:58:47 +00:00
if test x"$enable_module_extrakeys" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_EXTRAKEYS, 1, [Define this symbol to enable the extrakeys module])
fi
ecdsa-s2c: block in module Co-authored-by: Marko Bencun <mbencun+pgp@gmail.com> Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
2020-12-05 23:18:54 +00:00
if test x"$enable_module_ecdsa_s2c" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_ECDSA_S2C, 1, [Define this symbol to enable the ECDSA sign-to-contract module])
fi
configure: Use canonical variable prefix _enable consistently
2022-02-23 20:40:18 +01:00
if test x"$enable_external_default_callbacks" = x"yes"; then
Allow usage of external default callbacks
2019-03-04 15:36:35 +01:00
AC_DEFINE(USE_EXTERNAL_DEFAULT_CALLBACKS, 1, [Define this symbol if an external implementation of the default callbacks is used])
fi
allow reducing surjection proof size (to lower generation stack usage)
2019-05-30 09:04:40 +03:00
if test x"$use_reduced_surjection_proof_size" = x"yes"; then
AC_DEFINE(USE_REDUCED_SURJECTION_PROOF_SIZE, 1, [Define this symbol to reduce SECP256K1_SURJECTIONPROOF_MAX_N_INPUTS to 16, disabling parsing and verification])
fi
ecdsa_adaptor: initialize project This commit adds the foundational configuration and building scripts and an initial structure for the project.
2021-03-04 23:38:48 -08:00
if test x"$enable_module_ecdsa_adaptor" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_ECDSA_ADAPTOR, 1, [Define this symbol to enable the ECDSA adaptor module])
fi
Restructure and tidy configure.ac No behavioral changes.
2021-01-08 15:18:08 +01:00
###
### Check for --enable-experimental if necessary
###
Add experimental features to configure
2015-11-26 00:06:41 +01:00
if test x"$enable_experimental" = x"yes"; then
AC_MSG_NOTICE([******])
AC_MSG_NOTICE([WARNING: experimental build])
AC_MSG_NOTICE([Experimental features do not have stable APIs or properties, and may not be safe for production use.])
AC_MSG_NOTICE([******])
else
build: improve error message if --enable-experimental is missed
2022-08-10 09:20:26 +00:00
# The order of the following tests matters. If the user enables a dependent
# module (which automatically enables the module dependencies) we want to
# print an error for the dependent module, not the module dependency. Hence,
# we first test dependent modules.
Rename buletproof_pp* to bppp*
2023-02-06 13:53:02 -08:00
if test x"$enable_module_bppp" = x"yes"; then
AC_MSG_ERROR([Bulletproofs++ module is experimental. Use --enable-experimental to allow.])
bulletproofs: add new empty module
2022-08-27 15:02:44 +00:00
fi
build: improve error message if --enable-experimental is missed
2022-08-10 09:20:26 +00:00
if test x"$enable_module_whitelist" = x"yes"; then
AC_MSG_ERROR([Key whitelisting module is experimental. Use --enable-experimental to allow.])
fi
if test x"$enable_module_surjectionproof" = x"yes"; then
AC_MSG_ERROR([Surjection proof module is experimental. Use --enable-experimental to allow.])
fi
if test x"$enable_module_rangeproof" = x"yes"; then
AC_MSG_ERROR([Range proof module is experimental. Use --enable-experimental to allow.])
fi
if test x"$enable_module_generator" = x"yes"; then
AC_MSG_ERROR([NUMS generator module is experimental. Use --enable-experimental to allow.])
fi
re-enable musig module
2020-10-14 15:03:26 +00:00
if test x"$enable_module_musig" = x"yes"; then
AC_MSG_ERROR([MuSig module is experimental. Use --enable-experimental to allow.])
fi
ecdsa-s2c: block in module Co-authored-by: Marko Bencun <mbencun+pgp@gmail.com> Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
2020-12-05 23:18:54 +00:00
if test x"$enable_module_ecdsa_s2c" = x"yes"; then
AC_MSG_ERROR([ECDSA sign-to-contract module module is experimental. Use --enable-experimental to allow.])
fi
ecdsa_adaptor: initialize project This commit adds the foundational configuration and building scripts and an initial structure for the project.
2021-03-04 23:38:48 -08:00
if test x"$enable_module_ecdsa_adaptor" = x"yes"; then
AC_MSG_ERROR([ecdsa adaptor signatures module is experimental. Use --enable-experimental to allow.])
fi
ARM assembly implementation of field_10x26 inner Rebased-by: Pieter Wuille <pieter.wuille@gmail.com>
2014-12-24 12:12:37 +01:00
if test x"$set_asm" = x"arm"; then
AC_MSG_ERROR([ARM assembly optimization is experimental. Use --enable-experimental to allow.])
fi
Add experimental features to configure
2015-11-26 00:06:41 +01:00
fi
Restructure and tidy configure.ac No behavioral changes.
2021-01-08 15:18:08 +01:00
###
### Generate output
###
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
AC_CONFIG_HEADERS([src/libsecp256k1-config.h])
add pkg-config support
2014-05-07 06:10:08 +00:00
AC_CONFIG_FILES([Makefile libsecp256k1.pc])
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
AC_SUBST(SECP_INCLUDES)
AC_SUBST(SECP_LIBS)
AC_SUBST(SECP_TEST_LIBS)
AC_SUBST(SECP_TEST_INCLUDES)
build: Use own variable SECP_CFLAGS instead of touching user CFLAGS Fixes one of the items in #923, namely the warnings of the form '_putenv' redeclared without dllimport attribute: previous dllimport ignored [-Wattributes] This also cleans up the way we add CFLAGS, in particular flags enabling warnings. Now we perform some more fine-grained checking for flag support, which is not strictly necessary but the changes also help to document autoconf.ac.
2021-05-13 17:06:16 +02:00
AC_SUBST(SECP_CFLAGS)
configure: add --enable-coverage to set options for coverage analysis
2016-11-26 20:34:15 +00:00
AM_CONDITIONAL([ENABLE_COVERAGE], [test x"$enable_coverage" = x"yes"])
configure: Use canonical variable prefix _enable consistently
2022-02-23 20:40:18 +01:00
AM_CONDITIONAL([USE_TESTS], [test x"$enable_tests" != x"no"])
AM_CONDITIONAL([USE_EXHAUSTIVE_TESTS], [test x"$enable_exhaustive_tests" != x"no"])
AM_CONDITIONAL([USE_EXAMPLES], [test x"$enable_examples" != x"no"])
AM_CONDITIONAL([USE_BENCHMARK], [test x"$enable_benchmark" = x"yes"])
Rename buletproof_pp* to bppp*
2023-02-06 13:53:02 -08:00
AM_CONDITIONAL([ENABLE_MODULE_BPPP], [test x"$enable_module_bppp" = x"yes"])
Add ECDH module which works by hashing the output of ecmult_const
2015-06-29 15:06:28 -05:00
AM_CONDITIONAL([ENABLE_MODULE_ECDH], [test x"$enable_module_ecdh" = x"yes"])
re-enable musig module
2020-10-14 15:03:26 +00:00
AM_CONDITIONAL([ENABLE_MODULE_MUSIG], [test x"$enable_module_musig" = x"yes"])
Move pubkey recovery code to separate module
2015-08-27 03:42:57 +02:00
AM_CONDITIONAL([ENABLE_MODULE_RECOVERY], [test x"$enable_module_recovery" = x"yes"])
Constant-time generator module
2016-07-07 00:47:41 +02:00
AM_CONDITIONAL([ENABLE_MODULE_GENERATOR], [test x"$enable_module_generator" = x"yes"])
Pedersen commitments, borromean ring signatures, and ZK range proofs. This commit adds three new cryptosystems to libsecp256k1: Pedersen commitments are a system for making blinded commitments to a value. Functionally they work like: commit_b,v = H(blind_b || value_v), except they are additively homorphic, e.g. C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and C(b1, v1) - C(b1, v1) = 0, etc. The commitments themselves are EC points, serialized as 33 bytes. In addition to the commit function this implementation includes utility functions for verifying that a set of commitments sums to zero, and for picking blinding factors that sum to zero. If the blinding factors are uniformly random, pedersen commitments have information theoretic privacy. Borromean ring signatures are a novel efficient ring signature construction for AND/OR admissions policies (the code here implements an AND of ORs, each of any size). This construction requires 32 bytes of signature per pubkey used plus 32 bytes of constant overhead. With these you can construct signatures like "Given pubkeys A B C D E F G, the signer knows the discrete logs satisifying (A || B) & (C || D || E) & (F || G)". ZK range proofs allow someone to prove a pedersen commitment is in a particular range (e.g. [0..2^64)) without revealing the specific value. The construction here is based on the above borromean ring signature and uses a radix-4 encoding and other optimizations to maximize efficiency. It also supports encoding proofs with a non-private base-10 exponent and minimum-value to allow trading off secrecy for size and speed (or just avoiding wasting space keeping data private that was already public due to external constraints). A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of this can be used to communicate a private message to a receiver who shares a secret random seed with the prover. Also: get rid of precomputed H tables (Pieter Wuille)
2015-08-05 19:04:14 +02:00
AM_CONDITIONAL([ENABLE_MODULE_RANGEPROOF], [test x"$enable_module_rangeproof" = x"yes"])
Implement ring-signature based whitelist delegation scheme
2016-04-21 22:22:39 +00:00
AM_CONDITIONAL([ENABLE_MODULE_WHITELIST], [test x"$enable_module_whitelist" = x"yes"])
schnorrsig: Init empty experimental module
2020-05-12 21:19:03 +00:00
AM_CONDITIONAL([ENABLE_MODULE_EXTRAKEYS], [test x"$enable_module_extrakeys" = x"yes"])
AM_CONDITIONAL([ENABLE_MODULE_SCHNORRSIG], [test x"$enable_module_schnorrsig" = x"yes"])
ecdsa-s2c: block in module Co-authored-by: Marko Bencun <mbencun+pgp@gmail.com> Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
2020-12-05 23:18:54 +00:00
AM_CONDITIONAL([ENABLE_MODULE_ECDSA_S2C], [test x"$enable_module_ecdsa_s2c" = x"yes"])
ecdsa_adaptor: initialize project This commit adds the foundational configuration and building scripts and an initial structure for the project.
2021-03-04 23:38:48 -08:00
AM_CONDITIONAL([ENABLE_MODULE_ECDSA_ADAPTOR], [test x"$enable_module_ecdsa_adaptor" = x"yes"])
configure: Use canonical variable prefix _enable consistently
2022-02-23 20:40:18 +01:00
AM_CONDITIONAL([USE_EXTERNAL_ASM], [test x"$enable_external_asm" = x"yes"])
ARM assembly implementation of field_10x26 inner Rebased-by: Pieter Wuille <pieter.wuille@gmail.com>
2014-12-24 12:12:37 +01:00
AM_CONDITIONAL([USE_ASM_ARM], [test x"$set_asm" = x"arm"])
add surjection proof module Includes fix and tests by Jonas Nick.
2016-07-01 15:51:07 +00:00
AM_CONDITIONAL([ENABLE_MODULE_SURJECTIONPROOF], [test x"$enable_module_surjectionproof" = x"yes"])
allow reducing surjection proof size (to lower generation stack usage)
2019-05-30 09:04:40 +03:00
AM_CONDITIONAL([USE_REDUCED_SURJECTION_PROOF_SIZE], [test x"$use_reduced_surjection_proof_size" = x"yes"])
Optionally compile the examples in autotools, compile+run in travis
2020-04-30 14:34:24 +03:00
AM_CONDITIONAL([BUILD_WINDOWS], [test "$build_windows" = "yes"])
build: set library version to 0.0.0 explicitly
2021-07-06 21:06:46 +00:00
AC_SUBST(LIB_VERSION_CURRENT, _LIB_VERSION_CURRENT)
AC_SUBST(LIB_VERSION_REVISION, _LIB_VERSION_REVISION)
AC_SUBST(LIB_VERSION_AGE, _LIB_VERSION_AGE)
build: osx: attempt to work with homebrew keg-only packages
2014-11-24 11:13:16 -05:00
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
AC_OUTPUT
Summarize build options in configure script
2018-03-10 10:36:59 -08:00
echo
echo "Build Options:"
configure: Use canonical variable prefix _enable consistently
2022-02-23 20:40:18 +01:00
echo " with external callbacks = $enable_external_default_callbacks"
echo " with benchmarks = $enable_benchmark"
echo " with tests = $enable_tests"
Allow usage of external default callbacks
2019-03-04 15:36:35 +01:00
echo " with coverage = $enable_coverage"
configure: Use canonical variable prefix _enable consistently
2022-02-23 20:40:18 +01:00
echo " with examples = $enable_examples"
Allow usage of external default callbacks
2019-03-04 15:36:35 +01:00
echo " module ecdh = $enable_module_ecdh"
echo " module recovery = $enable_module_recovery"
extrakeys: Init empty experimental module This is to prepare for xonly_pubkeys and keypairs.
2020-05-12 13:58:47 +00:00
echo " module extrakeys = $enable_module_extrakeys"
schnorrsig: Init empty experimental module
2020-05-12 21:19:03 +00:00
echo " module schnorrsig = $enable_module_schnorrsig"
build: move all output concerning enabled modules at single place
2022-08-10 09:04:47 +00:00
echo " module generator = $enable_module_generator"
echo " module rangeproof = $enable_module_rangeproof"
echo " module surjectionproof = $enable_module_surjectionproof"
echo " module whitelist = $enable_module_whitelist"
musig: do not also require schnorrsig module config flag Also add musig to build options output.
2021-04-03 22:03:09 +00:00
echo " module musig = $enable_module_musig"
ecdsa-s2c: block in module Co-authored-by: Marko Bencun <mbencun+pgp@gmail.com> Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
2020-12-05 23:18:54 +00:00
echo " module ecdsa-s2c = $enable_module_ecdsa_s2c"
ecdsa_adaptor: initialize project This commit adds the foundational configuration and building scripts and an initial structure for the project.
2021-03-04 23:38:48 -08:00
echo " module ecdsa-adaptor = $enable_module_ecdsa_adaptor"
Rename buletproof_pp* to bppp*
2023-02-06 13:53:02 -08:00
echo " module bppp = $enable_module_bppp"
Summarize build options in configure script
2018-03-10 10:36:59 -08:00
echo
Allow usage of external default callbacks
2019-03-04 15:36:35 +01:00
echo " asm = $set_asm"
echo " ecmult window size = $set_ecmult_window"
variable signing precompute table make ECMULT_GEN_PREC_BITS configurable ecmult_static_context.h: add compile time config assertion (#3) - Prevents accidentally using a file which was generated with a different configuration. README: mention valgrind issue With --with-ecmult-gen-precision=8, valgrind needs a max stack size adjustment to not run into a stack switching heuristic: http://valgrind.org/docs/manual/manual-core.html > -max-stackframe= [default: 2000000] > The maximum size of a stack frame. If the stack pointer moves by more than this amount then Valgrind will assume that the program is switching to a different stack. You may need to use this option if your program has large stack-allocated arrays. basic-config: undef ECMULT_WINDOW_SIZE before (re-)defining it
2015-10-18 10:35:16 +02:00
echo " ecmult gen prec. bits = $set_ecmult_gen_precision"
Restructure and tidy configure.ac No behavioral changes.
2021-01-08 15:18:08 +01:00
# Hide test-only options unless they're used.
Autodetect __int128 availability on the C side Instead of supporting configuration of the field and scalar size independently, both are now controlled by the availability of a 64x64->128 bit multiplication (currently only through __int128). This is autodetected from the C code through __SIZEOF_INT128__, but can be overridden using configure's --with-test-override-wide-multiply, or by defining USE_FORCE_WIDEMUL_{INT64,INT128} manually.
2020-08-09 10:58:40 -07:00
if test x"$set_widemul" != xauto; then
echo " wide multiplication = $set_widemul"
fi
Summarize build options in configure script
2018-03-10 10:36:59 -08:00
echo
Constant-time behaviour test using valgrind memtest. Valgrind does bit-level tracking of the "uninitialized" status of memory, property tracks memory which is tainted by any uninitialized memory, and warns if any branch or array access depends on an uninitialized bit. That is exactly the verification we need on secret data to test for constant-time behaviour. All we need to do is tell valgrind our secret key is actually uninitialized memory. This adds a valgrind_ctime_test which is compiled if valgrind is installed: Run it with libtool --mode=execute: $ libtool --mode=execute valgrind ./valgrind_ctime_test
2020-01-08 11:56:15 +00:00
echo " valgrind = $enable_valgrind"
Allow usage of external default callbacks
2019-03-04 15:36:35 +01:00
echo " CC = $CC"
echo " CPPFLAGS = $CPPFLAGS"
build: Use own variable SECP_CFLAGS instead of touching user CFLAGS Fixes one of the items in #923, namely the warnings of the form '_putenv' redeclared without dllimport attribute: previous dllimport ignored [-Wattributes] This also cleans up the way we add CFLAGS, in particular flags enabling warnings. Now we perform some more fine-grained checking for flag support, which is not strictly necessary but the changes also help to document autoconf.ac.
2021-05-13 17:06:16 +02:00
echo " SECP_CFLAGS = $SECP_CFLAGS"
Allow usage of external default callbacks
2019-03-04 15:36:35 +01:00
echo " CFLAGS = $CFLAGS"
echo " LDFLAGS = $LDFLAGS"
Reference in New Issue Copy Permalink