Extensive interface and operations tests for secp256k1_ec_pubkey_parse.

This also makes use of optional valgrind instrumentation if -DVALGRIND is set. This also moves secp256k1.c above secp256k1.h in tests.c or otherwise we get non-null macros on the public functions which may defeat some of the VERIFY checks.
2015-09-27 23:47:01 +00:00 · 2015-09-27 23:47:01 +00:00 · 67f7da4087
commit 67f7da4087
parent ee2cb4007d
1 changed files with 407 additions and 2 deletions
--- a/src/tests.c
+++ b/src/tests.c
@ -13,8 +13,8 @@

 #include <time.h>

-#include "include/secp256k1.h"
 #include "secp256k1.c"
+#include "include/secp256k1.h"
 #include "testrand_impl.h"

 #ifdef ENABLE_OPENSSL_TESTS
@ -24,6 +24,17 @@
 #include "openssl/obj_mac.h"
 #endif

+#if !defined(VG_CHECK)
+# if defined(VALGRIND)
+#  include <valgrind/memcheck.h>
+#  define VG_UNDEF(x,y) VALGRIND_MAKE_MEM_UNDEFINED((x),(y))
+#  define VG_CHECK(x,y) VALGRIND_CHECK_MEM_IS_DEFINED((x),(y))
+# else
+#  define VG_UNDEF(x,y)
+#  define VG_CHECK(x,y)
+# endif
+#endif
+
 static int count = 64;
 static secp256k1_context *ctx = NULL;

@ -1752,6 +1763,398 @@ void run_endomorphism_tests(void) {
 }
 #endif

+static void counting_illegal_callback_fn(const char* str, void* data) {
+    /* Dummy callback function that just counts. */
+    int32_t *p;
+    (void)str;
+    p = data;
+    (*p)++;
+}
+
+static void uncounting_illegal_callback_fn(const char* str, void* data) {
+    /* Dummy callback function that just counts (backwards). */
+    int32_t *p;
+    (void)str;
+    p = data;
+    (*p)--;
+}
+
+void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvalid) {
+    unsigned char pubkeyc[65];
+    secp256k1_pubkey pubkey;
+    secp256k1_ge ge;
+    size_t pubkeyclen;
+    int32_t ecount;
+    ecount = 0;
+    secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount);
+    for (pubkeyclen = 3; pubkeyclen <= 65; pubkeyclen++) {
+        /* Smaller sizes are tested exhaustively elsewhere. */
+        int32_t i;
+        memcpy(&pubkeyc[1], input, 64);
+        VG_UNDEF(&pubkeyc[pubkeyclen], 65 - pubkeyclen);
+        for (i = 0; i < 256; i++) {
+            /* Try all type bytes. */
+            int xpass;
+            int ypass;
+            int ysign;
+            pubkeyc[0] = i;
+            /* What sign does this point have? */
+            ysign = (input[63] & 1) + 2;
+            /* For the current type (i) do we expect parsing to work? Handled all of compressed/uncompressed/hybrid. */
+            xpass = xvalid && (pubkeyclen == 33) && ((i & 254) == 2);
+            /* Do we expect a parse and re-serialize as uncompressed to give a matching y? */
+            ypass = xvalid && yvalid && ((i & 4) == ((pubkeyclen == 65) << 2)) &&
+                ((i == 4) || ((i & 251) == ysign)) && ((pubkeyclen == 33) || (pubkeyclen == 65));
+            if (xpass || ypass) {
+                /* These cases must parse. */
+                unsigned char pubkeyo[65];
+                size_t outl;
+                memset(&pubkey, 0, sizeof(pubkey));
+                VG_UNDEF(&pubkey, sizeof(pubkey));
+                ecount = 0;
+                CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1);
+                VG_CHECK(&pubkey, sizeof(pubkey));
+                outl = 65;
+                VG_UNDEF(pubkeyo, 65);
+                CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
+                VG_CHECK(pubkeyo, outl);
+                CHECK(outl == 33);
+                CHECK(memcmp(&pubkeyo[1], &pubkeyc[1], 32) == 0);
+                CHECK((pubkeyclen != 33) || (pubkeyo[0] == pubkeyc[0]));
+                if (ypass) {
+                    /* This test isn't always done because we decode with alternative signs, so the y won't match. */
+                    CHECK(pubkeyo[0] == ysign);
+                    CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 1);
+                    memset(&pubkey, 0, sizeof(pubkey));
+                    VG_UNDEF(&pubkey, sizeof(pubkey));
+                    secp256k1_pubkey_save(&pubkey, &ge);
+                    VG_CHECK(&pubkey, sizeof(pubkey));
+                    outl = 65;
+                    VG_UNDEF(pubkeyo, 65);
+                    CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, 0) == 1);
+                    VG_CHECK(pubkeyo, outl);
+                    CHECK(outl == 65);
+                    CHECK(pubkeyo[0] == 4);
+                    CHECK(memcmp(&pubkeyo[1], input, 64) == 0);
+                }
+                CHECK(ecount == 0);
+            } else {
+                /* These cases must fail to parse. */
+                memset(&pubkey, 0xfe, sizeof(pubkey));
+                ecount = 0;
+                VG_UNDEF(&pubkey, sizeof(pubkey));
+                CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 0);
+                VG_CHECK(&pubkey, sizeof(pubkey));
+                CHECK(ecount == 0);
+                CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0);
+                CHECK(ecount == 1);
+            }
+        }
+    }
+    secp256k1_context_set_illegal_callback(ctx, NULL, NULL);
+}
+
+void run_ec_pubkey_parse_test(void) {
+#define SECP256K1_EC_PARSE_TEST_NVALID (12)
+    const unsigned char valid[SECP256K1_EC_PARSE_TEST_NVALID][64] = {
+        {
+            /* Point with leading and trailing zeros in x and y serialization. */
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x42, 0x52,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x64, 0xef, 0xa1, 0x7b, 0x77, 0x61, 0xe1, 0xe4, 0x27, 0x06, 0x98, 0x9f, 0xb4, 0x83,
+            0xb8, 0xd2, 0xd4, 0x9b, 0xf7, 0x8f, 0xae, 0x98, 0x03, 0xf0, 0x99, 0xb8, 0x34, 0xed, 0xeb, 0x00
+        },
+        {
+            /* Point with x equal to a 3rd root of unity.*/
+            0x7a, 0xe9, 0x6a, 0x2b, 0x65, 0x7c, 0x07, 0x10, 0x6e, 0x64, 0x47, 0x9e, 0xac, 0x34, 0x34, 0xe9,
+            0x9c, 0xf0, 0x49, 0x75, 0x12, 0xf5, 0x89, 0x95, 0xc1, 0x39, 0x6c, 0x28, 0x71, 0x95, 0x01, 0xee,
+            0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14,
+            0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee,
+        },
+        {
+            /* Point with largest x. (1/2) */
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2c,
+            0x0e, 0x99, 0x4b, 0x14, 0xea, 0x72, 0xf8, 0xc3, 0xeb, 0x95, 0xc7, 0x1e, 0xf6, 0x92, 0x57, 0x5e,
+            0x77, 0x50, 0x58, 0x33, 0x2d, 0x7e, 0x52, 0xd0, 0x99, 0x5c, 0xf8, 0x03, 0x88, 0x71, 0xb6, 0x7d,
+        },
+        {
+            /* Point with largest x. (2/2) */
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2c,
+            0xf1, 0x66, 0xb4, 0xeb, 0x15, 0x8d, 0x07, 0x3c, 0x14, 0x6a, 0x38, 0xe1, 0x09, 0x6d, 0xa8, 0xa1,
+            0x88, 0xaf, 0xa7, 0xcc, 0xd2, 0x81, 0xad, 0x2f, 0x66, 0xa3, 0x07, 0xfb, 0x77, 0x8e, 0x45, 0xb2,
+        },
+        {
+            /* Point with smallest x. (1/2) */
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+            0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14,
+            0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee,
+        },
+        {
+            /* Point with smallest x. (2/2) */
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+            0xbd, 0xe7, 0x0d, 0xf5, 0x19, 0x39, 0xb9, 0x4c, 0x9c, 0x24, 0x97, 0x9f, 0xa7, 0xdd, 0x04, 0xeb,
+            0xd9, 0xb3, 0x57, 0x2d, 0xa7, 0x80, 0x22, 0x90, 0x43, 0x8a, 0xf2, 0xa6, 0x81, 0x89, 0x54, 0x41,
+        },
+        {
+            /* Point with largest y. (1/3) */
+            0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6,
+            0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
+        },
+        {
+            /* Point with largest y. (2/3) */
+            0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c,
+            0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
+        },
+        {
+            /* Point with largest y. (3/3) */
+            0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc,
+            0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
+        },
+        {
+            /* Point with smallest y. (1/3) */
+            0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6,
+            0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        },
+        {
+            /* Point with smallest y. (2/3) */
+            0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c,
+            0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        },
+        {
+            /* Point with smallest y. (3/3) */
+            0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc,
+            0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
+        }
+    };
+#define SECP256K1_EC_PARSE_TEST_NXVALID (4)
+    const unsigned char onlyxvalid[SECP256K1_EC_PARSE_TEST_NXVALID][64] = {
+        {
+            /* Valid if y overflow ignored (y = 1 mod p). (1/3) */
+            0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6,
+            0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
+        },
+        {
+            /* Valid if y overflow ignored (y = 1 mod p). (2/3) */
+            0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c,
+            0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
+        },
+        {
+            /* Valid if y overflow ignored (y = 1 mod p). (3/3)*/
+            0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc,
+            0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
+        },
+        {
+            /* x on curve, y is from y^2 = x^3 + 8. */
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03
+        }
+    };
+#define SECP256K1_EC_PARSE_TEST_NINVALID (7)
+    const unsigned char invalid[SECP256K1_EC_PARSE_TEST_NINVALID][64] = {
+        {
+            /* x is third root of -8, y is -1 * (x^3+7); also on the curve for y^2 = x^3 + 9. */
+            0x0a, 0x2d, 0x2b, 0xa9, 0x35, 0x07, 0xf1, 0xdf, 0x23, 0x37, 0x70, 0xc2, 0xa7, 0x97, 0x96, 0x2c,
+            0xc6, 0x1f, 0x6d, 0x15, 0xda, 0x14, 0xec, 0xd4, 0x7d, 0x8d, 0x27, 0xae, 0x1c, 0xd5, 0xf8, 0x53,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        },
+        {
+            /* Valid if x overflow ignored (x = 1 mod p). */
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
+            0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14,
+            0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee,
+        },
+        {
+            /* Valid if x overflow ignored (x = 1 mod p). */
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
+            0xbd, 0xe7, 0x0d, 0xf5, 0x19, 0x39, 0xb9, 0x4c, 0x9c, 0x24, 0x97, 0x9f, 0xa7, 0xdd, 0x04, 0xeb,
+            0xd9, 0xb3, 0x57, 0x2d, 0xa7, 0x80, 0x22, 0x90, 0x43, 0x8a, 0xf2, 0xa6, 0x81, 0x89, 0x54, 0x41,
+        },
+        {
+            /* x is -1, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 5. */
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
+            0xf4, 0x84, 0x14, 0x5c, 0xb0, 0x14, 0x9b, 0x82, 0x5d, 0xff, 0x41, 0x2f, 0xa0, 0x52, 0xa8, 0x3f,
+            0xcb, 0x72, 0xdb, 0x61, 0xd5, 0x6f, 0x37, 0x70, 0xce, 0x06, 0x6b, 0x73, 0x49, 0xa2, 0xaa, 0x28,
+        },
+        {
+            /* x is -1, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 5. */
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+            0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
+            0x0b, 0x7b, 0xeb, 0xa3, 0x4f, 0xeb, 0x64, 0x7d, 0xa2, 0x00, 0xbe, 0xd0, 0x5f, 0xad, 0x57, 0xc0,
+            0x34, 0x8d, 0x24, 0x9e, 0x2a, 0x90, 0xc8, 0x8f, 0x31, 0xf9, 0x94, 0x8b, 0xb6, 0x5d, 0x52, 0x07,
+        },
+        {
+            /* x is zero, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 7. */
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x8f, 0x53, 0x7e, 0xef, 0xdf, 0xc1, 0x60, 0x6a, 0x07, 0x27, 0xcd, 0x69, 0xb4, 0xa7, 0x33, 0x3d,
+            0x38, 0xed, 0x44, 0xe3, 0x93, 0x2a, 0x71, 0x79, 0xee, 0xcb, 0x4b, 0x6f, 0xba, 0x93, 0x60, 0xdc,
+        },
+        {
+            /* x is zero, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 7. */
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x70, 0xac, 0x81, 0x10, 0x20, 0x3e, 0x9f, 0x95, 0xf8, 0xd8, 0x32, 0x96, 0x4b, 0x58, 0xcc, 0xc2,
+            0xc7, 0x12, 0xbb, 0x1c, 0x6c, 0xd5, 0x8e, 0x86, 0x11, 0x34, 0xb4, 0x8f, 0x45, 0x6c, 0x9b, 0x53
+        }
+    };
+    const unsigned char pubkeyc[66] = {
+        /* Serialization of G. */
+        0x04, 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, 0xCE, 0x87, 0x0B,
+        0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17,
+        0x98, 0x48, 0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, 0x5D, 0xA4, 0xFB, 0xFC, 0x0E, 0x11, 0x08,
+        0xA8, 0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54, 0x19, 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4,
+        0xB8, 0x00
+    };
+    unsigned char shortkey[2];
+    secp256k1_ge ge;
+    secp256k1_pubkey pubkey;
+    int32_t i;
+    int32_t ecount;
+    int32_t ecount2;
+    ecount = 0;
+    /* Nothing should be reading this far into pubkeyc. */
+    VG_UNDEF(&pubkeyc[65], 1);
+    secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount);
+    /* Zero length claimed, fail, zeroize, no illegal arg error. */
+    memset(&pubkey, 0xfe, sizeof(pubkey));
+    ecount = 0;
+    VG_UNDEF(shortkey, 2);
+    VG_UNDEF(&pubkey, sizeof(pubkey));
+    CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 0) == 0);
+    VG_CHECK(&pubkey, sizeof(pubkey));
+    CHECK(ecount == 0);
+    CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0);
+    CHECK(ecount == 1);
+    /* Length one claimed, fail, zeroize, no illegal arg error. */
+    for (i = 0; i < 256 ; i++) {
+        memset(&pubkey, 0xfe, sizeof(pubkey));
+        ecount = 0;
+        shortkey[0] = i;
+        VG_UNDEF(&shortkey[1], 1);
+        VG_UNDEF(&pubkey, sizeof(pubkey));
+        CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 1) == 0);
+        VG_CHECK(&pubkey, sizeof(pubkey));
+        CHECK(ecount == 0);
+        CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0);
+        CHECK(ecount == 1);
+    }
+    /* Length two claimed, fail, zeroize, no illegal arg error. */
+    for (i = 0; i < 65536 ; i++) {
+        memset(&pubkey, 0xfe, sizeof(pubkey));
+        ecount = 0;
+        shortkey[0] = i & 255;
+        shortkey[1] = i >> 8;
+        VG_UNDEF(&pubkey, sizeof(pubkey));
+        CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 2) == 0);
+        VG_CHECK(&pubkey, sizeof(pubkey));
+        CHECK(ecount == 0);
+        CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0);
+        CHECK(ecount == 1);
+    }
+    memset(&pubkey, 0xfe, sizeof(pubkey));
+    ecount = 0;
+    VG_UNDEF(&pubkey, sizeof(pubkey));
+    /* 33 bytes claimed on otherwise valid input starting with 0x04, fail, zeroize output, no illegal arg error. */
+    CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 33) == 0);
+    VG_CHECK(&pubkey, sizeof(pubkey));
+    CHECK(ecount == 0);
+    CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0);
+    CHECK(ecount == 1);
+    /* NULL pubkey, illegal arg error. Pubkey isn't rewritten before this step, since it's NULL into the parser. */
+    CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, pubkeyc, 65) == 0);
+    CHECK(ecount == 2);
+    /* NULL input string. Illegal arg and zeroize output. */
+    memset(&pubkey, 0xfe, sizeof(pubkey));
+    ecount = 0;
+    VG_UNDEF(&pubkey, sizeof(pubkey));
+    CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, NULL, 65) == 0);
+    VG_CHECK(&pubkey, sizeof(pubkey));
+    CHECK(ecount == 1);
+    CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0);
+    CHECK(ecount == 2);
+    /* 64 bytes claimed on input starting with 0x04, fail, zeroize output, no illegal arg error. */
+    memset(&pubkey, 0xfe, sizeof(pubkey));
+    ecount = 0;
+    VG_UNDEF(&pubkey, sizeof(pubkey));
+    CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 64) == 0);
+    VG_CHECK(&pubkey, sizeof(pubkey));
+    CHECK(ecount == 0);
+    CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0);
+    CHECK(ecount == 1);
+    /* 66 bytes claimed, fail, zeroize output, no illegal arg error. */
+    memset(&pubkey, 0xfe, sizeof(pubkey));
+    ecount = 0;
+    VG_UNDEF(&pubkey, sizeof(pubkey));
+    CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 66) == 0);
+    VG_CHECK(&pubkey, sizeof(pubkey));
+    CHECK(ecount == 0);
+    CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0);
+    CHECK(ecount == 1);
+    /* Valid parse. */
+    memset(&pubkey, 0, sizeof(pubkey));
+    ecount = 0;
+    VG_UNDEF(&pubkey, sizeof(pubkey));
+    CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 65) == 1);
+    VG_CHECK(&pubkey, sizeof(pubkey));
+    CHECK(ecount == 0);
+    VG_UNDEF(&ge, sizeof(ge));
+    CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 1);
+    VG_CHECK(&ge.x, sizeof(ge.x));
+    VG_CHECK(&ge.y, sizeof(ge.y));
+    VG_CHECK(&ge.infinity, sizeof(ge.infinity));
+    ge_equals_ge(&secp256k1_ge_const_g, &ge);
+    CHECK(ecount == 0);
+    /* Multiple illegal args. Should still set arg error only once. */
+    ecount = 0;
+    ecount2 = 11;
+    CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, NULL, 65) == 0);
+    CHECK(ecount == 1);
+    /* Does the illegal arg callback actually change the behavior? */
+    secp256k1_context_set_illegal_callback(ctx, uncounting_illegal_callback_fn, &ecount2);
+    CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, NULL, 65) == 0);
+    CHECK(ecount == 1);
+    CHECK(ecount2 == 10);
+    secp256k1_context_set_illegal_callback(ctx, NULL, NULL);
+    /* Try a bunch of prefabbed points with all possible encodings. */
+    for (i = 0; i < SECP256K1_EC_PARSE_TEST_NVALID; i++) {
+        ec_pubkey_parse_pointtest(valid[i], 1, 1);
+    }
+    for (i = 0; i < SECP256K1_EC_PARSE_TEST_NXVALID; i++) {
+        ec_pubkey_parse_pointtest(onlyxvalid[i], 1, 0);
+    }
+    for (i = 0; i < SECP256K1_EC_PARSE_TEST_NINVALID; i++) {
+        ec_pubkey_parse_pointtest(invalid[i], 0, 0);
+    }
+}
+
 void random_sign(secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *key, const secp256k1_scalar *msg, int *recid) {
    secp256k1_scalar nonce;
    do {
@ -2283,7 +2686,6 @@ int main(int argc, char **argv) {
        secp256k1_rand256(run32);
        CHECK(secp256k1_context_randomize(ctx, (secp256k1_rand32() & 1) ? run32 : NULL));
    }
-
    run_sha256_tests();
    run_hmac_sha256_tests();
    run_rfc6979_hmac_sha256_tests();
@ -2322,6 +2724,9 @@ int main(int argc, char **argv) {
    run_endomorphism_tests();
 #endif

+    /* EC point parser test*/
+    run_ec_pubkey_parse_test();
+
 #ifdef ENABLE_MODULE_ECDH
    /* ecdh tests */
    run_ecdh_tests();