This makes it possible to use sync-upstream with uncommitted changes. (This
is in particular helpful when working on the script itself.)
Without this commit, git pull will fail due to the uncommitted changes.
b43dd83b43 musig: add missing static keyword to function (Jonas Nick)
068e6a036a musig: add test vectors from BIP MuSig (Jonas Nick)
36621d13be musig: update to BIP v1.0.0-rc.2 "Add ''pk'' arg to ''NonceGen''" (Jonas Nick)
d717a4980b musig: update to BIP v0.8 "Switch from X-only to plain pk inputs." (Jonas Nick)
304f1bc96d extrakeys: add pubkey_sort test vectors from BIP MuSig2 (Jonas Nick)
ae89051547 extrakeys: replace xonly_sort with pubkey_sort (Jonas Nick)
98242fcdd9 extrakeys: add secp256k1_pubkey_cmp (Jonas Nick)
73d5b6654d musig: update to BIP v0.7.0 (NonceGen) (Jonas Nick)
060887e9d7 musig: update to BIP v0.5.1 "Rename ordinary tweaking to plain" (Jonas Nick)
cbe2815633 musig: update to BIP v0.4 "Allow the output of NonceAgg to be inf" (Jonas Nick)
206017d67d musig: update to BIP v0.3 (NonceGen) (Jonas Nick)
d800dd55db musig: remove test vectors (Jonas Nick)
Pull request description:
Version 1.0.0-rc.3 of BIP MuSig2 can be found [here](https://github.com/jonasnick/bips/pull/75). This PR does _not_ implement the following optional features that have been added to BIP MuSig2:
- variable length messages
- deterministic signing
- identifiable aborts
The PR also does _not_ yet change the `secnonce` structure to also contain the signer's public key (which would also imply changing the seckey argument in `sign` to a keypair). Additionally, we may want to rename some things in the future to be more consistent with the BIP (e.g. keyagg_cache vs. keyagg_ctx, applytweak vs. tweak_add).
ACKs for top commit:
ariard:
Light Code Review ACK b43dd83b, mostly looks on how the user API will make sense for Lightning, thanks for the answers!
real-or-random:
ACK b43dd83b43
Tree-SHA512: 9b1410951b55a1b0e6590b8c302052996d1fb6d9771765498b4282ff68b44ab0d6add8144c9330217b682ec5a93508b5546099db9a1f2c865f99253010dd76f4
f09497ea3e CI: tweak cirrus.yml to prevent OOM and timeout w sanitizer/valgrind (Jonas Nick)
7226cf215a ecdsa_adaptor: fix too small buffer in tests (Jonas Nick)
b053e853d4 ecdsa_adaptor: fix test case with invalid signature (Jonas Nick)
d27e459861 Revert "Remove unused Jacobi symbol support" (Jonas Nick)
c58c4ea470 ci: Add ppc64le build (Tim Ruffing)
8f879c2887 Fix array size in bench_ecmult (Jonas Nick)
2fe1b50df1 Add ecmult_gen, ecmult_const and ecmult to benchmark (Jonas Nick)
593e6bad9c Clean up ecmult_bench to make space for more benchmarks (Jonas Nick)
a35fdd3478 ci: Run PRs on merge result even for i686 (Tim Ruffing)
02dcea1ad9 ci: Make test iterations configurable and tweak for sanitizer builds (Tim Ruffing)
489ff5c20a tests: Treat empty SECP2561_TEST_ITERS as if it was unset (Tim Ruffing)
fcfcb97e74 ci: Simplify to use generic wrapper for QEMU, Valgrind, etc (Tim Ruffing)
de4157f13a ci: Run ASan/LSan and reorganize sanitizer and Valgrind jobs (Tim Ruffing)
09b3bb8648 Clean up git tree (Tim Ruffing)
8bbad7a18e Add asm build to ARM32 CI (Pieter Wuille)
7d65ed5214 Add ARM32/ARM64 CI (Pieter Wuille)
6eceec6d56 add `secp256k1_xonly_pubkey_cmp` method (Andrew Poelstra)
0d9561ae87 add `secp256k1_ec_pubkey_cmp` method (Andrew Poelstra)
22a9ea154a contrib: Explain explicit header guards (Tim Ruffing)
0881633dfd secp256k1.h: clarify that by default arguments must be != NULL (Jonas Nick)
14c9739a1f tests: Improve secp256k1_ge_set_all_gej_var for some infinity inputs (Tim Ruffing)
4a19668c37 tests: Test secp256k1_ge_set_all_gej_var for all infinity inputs (Tim Ruffing)
45b6468d7e Have secp256k1_ge_set_all_gej_var initialize all fields. Previous behaviour would not initialize r->y values in the case where infinity is passed in. Furthermore, the previous behaviour wouldn't initialize anything in the case where all inputs were infinity. (Russell O'Connor)
31c0f6de41 Have secp256k1_gej_double_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. (Russell O'Connor)
dd6c3de322 Have secp256k1_ge_set_gej_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. (Russell O'Connor)
3c90bdda95 change local lib headers to be relative for those pointing at "include/" dir (William Bright)
c8483520c9 Makefile.am: Don't pass a variable twice (Tim Ruffing)
2161f31785 Makefile.am: Honor config when building gen_context (Tim Ruffing)
99f47c20ec gen_context: Don't use external ASM because it complicates the build (Tim Ruffing)
99e2d5be0d Avoids a missing brace warning in schnorrsig/tests_impl.h on old compilers. (Gregory Maxwell)
ed5a199bed tests: fopen /dev/urandom in binary mode (Tim Ruffing)
4dc37bf81b Add mingw32-w64/wine CI build (Pieter Wuille)
ae9e648526 Define SECP256K1_BUILD in secp256k1.c directly. (Gregory Maxwell)
be0609fd54 Add unit tests for edge cases with delta=1/2 variant of divsteps (Pieter Wuille)
cd393ce228 Optimization: only do 59 hddivsteps per iteration instead of 62 (Pieter Wuille)
277b224b6a Use modified divsteps with initial delta=1/2 for constant-time (Pieter Wuille)
376ca366db Fix typo in explanation (Pieter Wuille)
07067967ee add ECMULT_GEN_PREC_BITS to basic_config.h (Aaron Voisine)
a3aa2628c7 gen_context: Don't include basic-config.h (Tim Ruffing)
99a1cfec17 print warnings for conditional-uninitialized (PiRK)
3d2cf6c5bd initialize variable in tests (PiRK)
23c3fb629b Make argument of fe_normalizes_to_zero{_var} const (Pieter Wuille)
4504472269 changed import to use brackets <> for openssl as they are not local to the project (William Bright)
24ad04fc06 Make scalar_inverse{,_var} benchmark scale with SECP256K1_BENCH_ITERS (Pieter Wuille)
ebc1af700f Optimization: track f,g limb count and pass to new variable-time update_fg_var (Peter Dettman)
b306935ac1 Optimization: use formulas instead of lookup tables for cancelling g bits (Peter Dettman)
9164a1b658 Optimization: special-case zero modulus limbs in modinv64 (Pieter Wuille)
1f233b3fa0 Remove num/gmp support (Pieter Wuille)
20448b8d09 Remove unused Jacobi symbol support (Pieter Wuille)
5437e7bdfb Remove unused scalar_sqr (Pieter Wuille)
aa9cc52180 Improve field/scalar inverse tests (Pieter Wuille)
1e0e885c8a Make field/scalar code use the new modinv modules for inverses (Pieter Wuille)
436281afdc Move secp256k1_fe_inverse{_var} to per-impl files (Pieter Wuille)
aa404d53be Move secp256k1_scalar_{inverse{_var},is_even} to per-impl files (Pieter Wuille)
08d54964e5 Improve bounds checks in modinv modules (Pieter Wuille)
151aac00d3 Add tests for modinv modules (Pieter Wuille)
d8a92fcc4c Add extensive comments on the safegcd algorithm and implementation (Pieter Wuille)
8e415acba2 Add safegcd based modular inverse modules (Peter Dettman)
de0a643c3d Add secp256k1_ctz{32,64}_var functions (Pieter Wuille)
Pull request description:
ACKs for top commit:
real-or-random:
ACK f09497ea3e
Tree-SHA512: 6cf3e96c5974e9aa17bd649fa7fdd738090ec3ab8c99e144fec397c086a24adc2ace9a5218a3c527989fc07e1d5c669027e4c895caf92d22771c8414b2a9bf35
9570f674cc Avoid passing out-of-bound pointers to 0-size memcpy (Pieter Wuille)
Pull request description:
Doing so could be considered UB in a pedantic interpretation of the standard. Avoid it.
Closes#876.
ACKs for top commit:
practicalswift:
cr ACK 9570f674cc: patch looks correct
real-or-random:
ACK 9570f674cc
Tree-SHA512: f991462d72e39f14e609021b8427c2e6756009bc8cd21efca2da46ec9410250725a4fed662df20fcdcfd10a4dc59038f13e8c166362b2eadde4366586b9ca72b
4091e61924 cirrus: increase timeout for macOS tasks (Jonas Nick)
79d4c3ac68 whitelist: add SECP_INCLUDES to bench_whitelist CPPFLAGS (Jonas Nick)
649bf201d8 musig: fix tests for 32-bit (Jonas Nick)
9361f360bb ci: Select number of parallel make jobs depending on CI environment (Tim Ruffing)
28eccdf806 ci: Split output of logs into multiple sections (Tim Ruffing)
c7f754fe4d ci: Run PRs on merge result instead of on the source branch (Tim Ruffing)
b994a8be3c ci: Print information about binaries using "file" (Tim Ruffing)
f24e122d13 ci: Switch all Linux builds to Debian (Tim Ruffing)
f329bba244 build: Add workaround for automake 1.13 and older (Tim Ruffing)
7d3497cdc4 ctime_test: move context randomization test to the end (Jonas Nick)
e491d06b98 Use bit ops instead of int mult for constant-time logic in gej_add_ge (Tim Ruffing)
cc2a5451dc ci: Refactor Nix shell files (Jonas Nick)
2480e55c8f ci: Remove support for Travis CI (Tim Ruffing)
2b359f1c1d ci: Enable simple cache for brewing valgrind on macOS (Tim Ruffing)
8c02e465c5 ci: Add support for Cirrus CI (Tim Ruffing)
b6f649889a Add parens around ROUND_TO_ALIGN's parameter. This makes the macro robust against a hypothetical ROUND_TO_ALIGN(foo ? sizeA : size B) invocation. (Russell O'Connor)
482e4a9cfc Add missing secp256k1_ge_set_gej_var decl. (Russell O'Connor)
fb390c5299 Remove underscores from header defs. This makes them consistent with other files and avoids reserved identifiers. (Russell O'Connor)
75d2ae149e Remove unused secp256k1_fe_inv_all_var (Pieter Wuille)
2730618604 Avoid casting (void**) values. Replaced with an expression that only casts (void*) values. (Russell O'Connor)
3c15130709 Improve CC_FOR_BUILD detection (Tim Ruffing)
47802a4762 Restructure and tidy configure.ac (Tim Ruffing)
252c19dfc6 Ask brew for valgrind include path (Tim Ruffing)
33cb3c2b1f Add secret key extraction from keypair to constant time tests (Elichai Turkel)
36d9dc1e8e Add seckey extraction from keypair to the extrakeys tests (Elichai Turkel)
fc96aa73f5 Add a function to extract the secretkey from a keypair (Elichai Turkel)
b7bc3a4aaa fixed typo (Ferdinando M. Ametrano)
07aa4c70ff Fix insecure links (Dimitris Apostolou)
18aadf9d28 docs: fix simple typo, dependecy -> dependency (Tim Gates)
329a2e0a3f sage: Add script for generating scalar_split_lambda constants (Tim Ruffing)
f554dfc708 sage: Reorganize files (Tim Ruffing)
6e85d675aa Rename tweak to tweak32 in public API (Jonas Nick)
f587f04e35 Rename msg32 to msghash32 in ecdsa_sign/verify and add explanation (Jonas Nick)
Pull request description:
ACKs for top commit:
real-or-random:
ACK 4091e61924 merge commit picks the right parents, merge resolution and additional commit look good
Tree-SHA512: 4f91842ec08c0d6f62c85f6426fe6af6556b4e7b0e6f2a3317953f61557f9a02855e05a28eaa22d7c245bc915778cea6a43e8c881540de43ce08deb916caf07f
7eeacd7725 Add contrib/sync-upstream.sh script to automate merging upstream PRs (Jonas Nick)
Pull request description:
ACKs for top commit:
real-or-random:
ACK 7eeacd7725 The code looks fine. I haven't tested this script but it's not the end of the world if the script has a bug.
Tree-SHA512: d2e0128980538f4e1f20ce3709d1464e82e2d0d89e6faafa157f627cea2919cc3d2a578daf73b93624fa61ecb74891b547d303471afb4f865130b7cd094cd0d0
34debf7a6d Modify .travis.yml to explictly pass no in env vars instead of setting to nothing (Elichai Turkel)
ef37761fee Change travis.sh to check if variables are equal to yes instead of not-empty. Before this, setting `VALGRIND=wat` was considered as true, and to make it evaluate as false you had to unset the variable `VALGRIND=` but not it checks if `VALGRIND=yes` and if it's not `yes` then it's evaluated to false (Elichai Turkel)
Pull request description:
ACKs for top commit:
real-or-random:
ACK 34debf7a6d
jonasnick:
ACK 34debf7a6d
Tree-SHA512: 91becfbc9cb7587ee55b2bceb604ea0aed8860990d63a5f414b11db92180c090ea8bcc048c2fb67a094e892138e3be46f00562bf78b7c3369232457289cde447
Instead of supporting configuration of the field and scalar size independently,
both are now controlled by the availability of a 64x64->128 bit multiplication
(currently only through __int128). This is autodetected from the C code through
__SIZEOF_INT128__, but can be overridden using configure's
--with-test-override-wide-multiply, or by defining
USE_FORCE_WIDEMUL_{INT64,INT128} manually.
not-empty.
Before this, setting `VALGRIND=wat` was considered as true, and to make it
evaluate as false you had to unset the variable `VALGRIND=` but not it
checks if `VALGRIND=yes` and if it's not `yes` then it's evaluated to
false
When $USE_HOST or $EXTRAFLAGS are empty, we pass (due to quoting) an
empty string as a parameter to ./configure, which then believes we want
to use a deprecated syntax for specifing a host or a target and yells at us:
> configure: WARNING: you should use --build, --host, --target
The fixes are:
- $EXTRAFLAGS could contain multiple flags and should not be quoted at all.
- We can get rid of $USE_HOST by specifying --host="$HOST" directly.
This changes pointer calculations in size comparions to a form that
ensures that no out-of-bound pointers are computed, because even their
computation yields undefined behavior.
Also, this changes size comparions to a form that ensures that neither
the left-hand side nor the right-hand side can overflow.
Identifiers starting with an underscore and followed immediately by a capital letter are reserved by the C++ standard.
The only header guards not fixed are those in the headers auto-generated from java.
