f09497ea3e07d7a730a6ff3479dca18b848ef729 CI: tweak cirrus.yml to prevent OOM and timeout w sanitizer/valgrind (Jonas Nick)
7226cf215aaca80fcddcc5242c8ea11d2b35c85b ecdsa_adaptor: fix too small buffer in tests (Jonas Nick)
b053e853d4f556499decb5c50af473f91996f46e ecdsa_adaptor: fix test case with invalid signature (Jonas Nick)
d27e459861026ddaa376c9cb2acf93ad3c668ee3 Revert "Remove unused Jacobi symbol support" (Jonas Nick)
c58c4ea4707ec5934e49890db881914df3a341b4 ci: Add ppc64le build (Tim Ruffing)
8f879c2887e166da2ec959ce78078f7b84ebfdf9 Fix array size in bench_ecmult (Jonas Nick)
2fe1b50df16c9f41ea77b151634d734b930eeddd Add ecmult_gen, ecmult_const and ecmult to benchmark (Jonas Nick)
593e6bad9c5cda05dd72a5bd8266c4880113b4af Clean up ecmult_bench to make space for more benchmarks (Jonas Nick)
a35fdd3478f7556dfb9b83f32aaa319ccadff9a9 ci: Run PRs on merge result even for i686 (Tim Ruffing)
02dcea1ad9441f857c7768e2b7d304bb19fd2a0c ci: Make test iterations configurable and tweak for sanitizer builds (Tim Ruffing)
489ff5c20a1457d0e7d765c8f05856c50c4777a8 tests: Treat empty SECP2561_TEST_ITERS as if it was unset (Tim Ruffing)
fcfcb97e74b55a107290d44c81c049d6168e954f ci: Simplify to use generic wrapper for QEMU, Valgrind, etc (Tim Ruffing)
de4157f13acc43d521e3133ff1d2e7d67484f0ac ci: Run ASan/LSan and reorganize sanitizer and Valgrind jobs (Tim Ruffing)
09b3bb8648fec903e4ac2ec1d047503d5f0f48d7 Clean up git tree (Tim Ruffing)
8bbad7a18e5dc5054b27ae44ea0c8dffe050f6bf Add asm build to ARM32 CI (Pieter Wuille)
7d65ed5214273275841f5aa272ad561df7ea7f21 Add ARM32/ARM64 CI (Pieter Wuille)
6eceec6d566898a5c157630e47f95b260767026b add `secp256k1_xonly_pubkey_cmp` method (Andrew Poelstra)
0d9561ae879848191a14bcc67db87cbfd44fb69a add `secp256k1_ec_pubkey_cmp` method (Andrew Poelstra)
22a9ea154a280987be7cf8322156c8738c41c3c5 contrib: Explain explicit header guards (Tim Ruffing)
0881633dfd0c530a915cf63be295f00841c94cc4 secp256k1.h: clarify that by default arguments must be != NULL (Jonas Nick)
14c9739a1fb485bb56dbe3447132a37bcbef4e22 tests: Improve secp256k1_ge_set_all_gej_var for some infinity inputs (Tim Ruffing)
4a19668c37bc77d0165f4a1c0e626e321e9c4a09 tests: Test secp256k1_ge_set_all_gej_var for all infinity inputs (Tim Ruffing)
45b6468d7e3ed9849ed474c71e9a9479de1a77db Have secp256k1_ge_set_all_gej_var initialize all fields. Previous behaviour would not initialize r->y values in the case where infinity is passed in. Furthermore, the previous behaviour wouldn't initialize anything in the case where all inputs were infinity. (Russell O'Connor)
31c0f6de413e521731ad0e63424431b3dd49cec8 Have secp256k1_gej_double_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. (Russell O'Connor)
dd6c3de322740a3054cf6a1994a38dc8f201b473 Have secp256k1_ge_set_gej_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. (Russell O'Connor)
3c90bdda95aa4e79ff33bfbbbe91872417650ae9 change local lib headers to be relative for those pointing at "include/" dir (William Bright)
c8483520c9077905a1dc8b9adb88b6ea2a3bd9ef Makefile.am: Don't pass a variable twice (Tim Ruffing)
2161f31785e66e4e46471208610b5e3e98331849 Makefile.am: Honor config when building gen_context (Tim Ruffing)
99f47c20ec41279075d6b3ae64c9c1a84b40a6f8 gen_context: Don't use external ASM because it complicates the build (Tim Ruffing)
99e2d5be0dba938b7701d157cba86252db9eb61c Avoids a missing brace warning in schnorrsig/tests_impl.h on old compilers. (Gregory Maxwell)
ed5a199bed65bf084f34ce18d35807d31a1c75bb tests: fopen /dev/urandom in binary mode (Tim Ruffing)
4dc37bf81b55b9a3ffcf09f7a212436d25844710 Add mingw32-w64/wine CI build (Pieter Wuille)
ae9e648526ceaf7cd97ba4dfe3c105db8e226c35 Define SECP256K1_BUILD in secp256k1.c directly. (Gregory Maxwell)
be0609fd54af95a15b76cea150e6907d581318dd Add unit tests for edge cases with delta=1/2 variant of divsteps (Pieter Wuille)
cd393ce2283e0e7234ea39a15c4931715f4dde1e Optimization: only do 59 hddivsteps per iteration instead of 62 (Pieter Wuille)
277b224b6aba942efbac4a6aae1054035a68d8dd Use modified divsteps with initial delta=1/2 for constant-time (Pieter Wuille)
376ca366db0469f39b93af0af762090986ea75f2 Fix typo in explanation (Pieter Wuille)
07067967ee9dcc4af10fd3a565ffb846a2593e92 add ECMULT_GEN_PREC_BITS to basic_config.h (Aaron Voisine)
a3aa2628c7b675814157556d774872755c9f1aba gen_context: Don't include basic-config.h (Tim Ruffing)
99a1cfec1740a914aa416a87fd0acbde5426b969 print warnings for conditional-uninitialized (PiRK)
3d2cf6c5bd35b0d72716b47bdd7e3892388aafc4 initialize variable in tests (PiRK)
23c3fb629b905deebc4bcc9914bcfff7b9aedacd Make argument of fe_normalizes_to_zero{_var} const (Pieter Wuille)
4504472269df06b8765b134d41f86619cdcdf8f6 changed import to use brackets <> for openssl as they are not local to the project (William Bright)
24ad04fc064e71abdf973e061c30eb1f3f78db39 Make scalar_inverse{,_var} benchmark scale with SECP256K1_BENCH_ITERS (Pieter Wuille)
ebc1af700f9ec6e96586152b7090a2a6494308c3 Optimization: track f,g limb count and pass to new variable-time update_fg_var (Peter Dettman)
b306935ac12bb24fd931d735b4dfc07f707e7447 Optimization: use formulas instead of lookup tables for cancelling g bits (Peter Dettman)
9164a1b6582e2fc833c760a3403d26b9b0b3b7b3 Optimization: special-case zero modulus limbs in modinv64 (Pieter Wuille)
1f233b3fa05eb29a744487e0682d925055fb0d4c Remove num/gmp support (Pieter Wuille)
20448b8d09a492afcfcae7721033c13a44a776fd Remove unused Jacobi symbol support (Pieter Wuille)
5437e7bdfbffddf69fdf7b4af7e997c78f5dafbf Remove unused scalar_sqr (Pieter Wuille)
aa9cc5218001f14f4312bde1058417d4b755fd11 Improve field/scalar inverse tests (Pieter Wuille)
1e0e885c8ac814c3621d9e43e66d60f25e324e8e Make field/scalar code use the new modinv modules for inverses (Pieter Wuille)
436281afdcb68991395f97338197d208212965e2 Move secp256k1_fe_inverse{_var} to per-impl files (Pieter Wuille)
aa404d53bef21d252a23171381d4bfda6e7e25c6 Move secp256k1_scalar_{inverse{_var},is_even} to per-impl files (Pieter Wuille)
08d54964e51f318ef0cc4ef09d64cfa5ec143c5c Improve bounds checks in modinv modules (Pieter Wuille)
151aac00d31ba5e94800376f6fda4193071168af Add tests for modinv modules (Pieter Wuille)
d8a92fcc4c65cf189ec7bd5298dad8479347c442 Add extensive comments on the safegcd algorithm and implementation (Pieter Wuille)
8e415acba25830da9c23a4dd5531ebfc6b65aae7 Add safegcd based modular inverse modules (Peter Dettman)
de0a643c3dc2c40a447e670cfa1c1683c79c9297 Add secp256k1_ctz{32,64}_var functions (Pieter Wuille)
Pull request description:
ACKs for top commit:
real-or-random:
ACK f09497ea3e07d7a730a6ff3479dca18b848ef729
Tree-SHA512: 6cf3e96c5974e9aa17bd649fa7fdd738090ec3ab8c99e144fec397c086a24adc2ace9a5218a3c527989fc07e1d5c669027e4c895caf92d22771c8414b2a9bf35
9570f674cc729cafcba65f4cce03552d9a6108f4 Avoid passing out-of-bound pointers to 0-size memcpy (Pieter Wuille)
Pull request description:
Doing so could be considered UB in a pedantic interpretation of the standard. Avoid it.
Closes#876.
ACKs for top commit:
practicalswift:
cr ACK 9570f674cc729cafcba65f4cce03552d9a6108f4: patch looks correct
real-or-random:
ACK 9570f674cc729cafcba65f4cce03552d9a6108f4
Tree-SHA512: f991462d72e39f14e609021b8427c2e6756009bc8cd21efca2da46ec9410250725a4fed662df20fcdcfd10a4dc59038f13e8c166362b2eadde4366586b9ca72b
4091e619248b4723a2a4ed5dd7289628ee0320a5 cirrus: increase timeout for macOS tasks (Jonas Nick)
79d4c3ac681aae732fb0a1551c0281b17f517d02 whitelist: add SECP_INCLUDES to bench_whitelist CPPFLAGS (Jonas Nick)
649bf201d85c233efa7e7689e34d03187f23dc08 musig: fix tests for 32-bit (Jonas Nick)
9361f360bb04156c7a0fa8f2664680b74d463ed5 ci: Select number of parallel make jobs depending on CI environment (Tim Ruffing)
28eccdf80641f71fada0ee4065c8127468162176 ci: Split output of logs into multiple sections (Tim Ruffing)
c7f754fe4d5e032fd150c4b9b985855e9fcaa521 ci: Run PRs on merge result instead of on the source branch (Tim Ruffing)
b994a8be3cf8ab0fc6a622980a9845bb82cc17db ci: Print information about binaries using "file" (Tim Ruffing)
f24e122d13db7061b1086ddfd21d3a1c5294213b ci: Switch all Linux builds to Debian (Tim Ruffing)
f329bba244264fb5f2c952c11e614987519d0dbc build: Add workaround for automake 1.13 and older (Tim Ruffing)
7d3497cdc4c747bdd51db70f42fe218622c3169f ctime_test: move context randomization test to the end (Jonas Nick)
e491d06b98c9caa5eab74e38ba8419b9fb3b5015 Use bit ops instead of int mult for constant-time logic in gej_add_ge (Tim Ruffing)
cc2a5451dc8ac8a3a9368e1a5b3a1488b15a8bc3 ci: Refactor Nix shell files (Jonas Nick)
2480e55c8f365eb15b703c75153766218ef8795f ci: Remove support for Travis CI (Tim Ruffing)
2b359f1c1d8f497629284864780d0684681e44dc ci: Enable simple cache for brewing valgrind on macOS (Tim Ruffing)
8c02e465c5ac2c8c35ce3aec45f88401df165ad0 ci: Add support for Cirrus CI (Tim Ruffing)
b6f649889ae78573f1959f04172a8e1fe15beab7 Add parens around ROUND_TO_ALIGN's parameter. This makes the macro robust against a hypothetical ROUND_TO_ALIGN(foo ? sizeA : size B) invocation. (Russell O'Connor)
482e4a9cfcecad28c3b7e601667b3b41949f47fe Add missing secp256k1_ge_set_gej_var decl. (Russell O'Connor)
fb390c5299e999e06b7dff9e77e373600fae9fdf Remove underscores from header defs. This makes them consistent with other files and avoids reserved identifiers. (Russell O'Connor)
75d2ae149ef37d3aa42fdefd1529aad89859816c Remove unused secp256k1_fe_inv_all_var (Pieter Wuille)
27306186045955803ca4070783c6a28853003e6a Avoid casting (void**) values. Replaced with an expression that only casts (void*) values. (Russell O'Connor)
3c15130709da26a6d2f25a483aa45e14bf1e4feb Improve CC_FOR_BUILD detection (Tim Ruffing)
47802a476246b67360bc24df78fe5fad6b93c296 Restructure and tidy configure.ac (Tim Ruffing)
252c19dfc654dbb10a35579fa36edb3466904758 Ask brew for valgrind include path (Tim Ruffing)
33cb3c2b1fc3f3fe46c6d0eab118248ea86c1f06 Add secret key extraction from keypair to constant time tests (Elichai Turkel)
36d9dc1e8e6e3b15d805f04c973a8784a78880f6 Add seckey extraction from keypair to the extrakeys tests (Elichai Turkel)
fc96aa73f5c7f62452847a31821890ff1f72a5a4 Add a function to extract the secretkey from a keypair (Elichai Turkel)
b7bc3a4aaa5d89c9a9cf2d914362e69ca91a8678 fixed typo (Ferdinando M. Ametrano)
07aa4c70ffb96d21e496854f823c3ea3353b9086 Fix insecure links (Dimitris Apostolou)
18aadf9d288a54533376cb94f655d059eb1f098e docs: fix simple typo, dependecy -> dependency (Tim Gates)
329a2e0a3f2d9e936179cbf079773538f95bee33 sage: Add script for generating scalar_split_lambda constants (Tim Ruffing)
f554dfc7088c6ca8d4aff927a51bd889b29dc186 sage: Reorganize files (Tim Ruffing)
6e85d675aaf9dc17842096f9cbf8cfab216c9331 Rename tweak to tweak32 in public API (Jonas Nick)
f587f04e35719883546afd54cb491ead18eb6fc7 Rename msg32 to msghash32 in ecdsa_sign/verify and add explanation (Jonas Nick)
Pull request description:
ACKs for top commit:
real-or-random:
ACK 4091e619248b4723a2a4ed5dd7289628ee0320a5 merge commit picks the right parents, merge resolution and additional commit look good
Tree-SHA512: 4f91842ec08c0d6f62c85f6426fe6af6556b4e7b0e6f2a3317953f61557f9a02855e05a28eaa22d7c245bc915778cea6a43e8c881540de43ce08deb916caf07f
7eeacd7725fa8c895c2f58850b151e66199137cf Add contrib/sync-upstream.sh script to automate merging upstream PRs (Jonas Nick)
Pull request description:
ACKs for top commit:
real-or-random:
ACK 7eeacd7725fa8c895c2f58850b151e66199137cf The code looks fine. I haven't tested this script but it's not the end of the world if the script has a bug.
Tree-SHA512: d2e0128980538f4e1f20ce3709d1464e82e2d0d89e6faafa157f627cea2919cc3d2a578daf73b93624fa61ecb74891b547d303471afb4f865130b7cd094cd0d0
34debf7a6d36bbd9a52e68e079ddfc446faf5bef Modify .travis.yml to explictly pass no in env vars instead of setting to nothing (Elichai Turkel)
ef37761feed0172baa03dd94c842f1547bdf3016 Change travis.sh to check if variables are equal to yes instead of not-empty. Before this, setting `VALGRIND=wat` was considered as true, and to make it evaluate as false you had to unset the variable `VALGRIND=` but not it checks if `VALGRIND=yes` and if it's not `yes` then it's evaluated to false (Elichai Turkel)
Pull request description:
ACKs for top commit:
real-or-random:
ACK 34debf7a6d36bbd9a52e68e079ddfc446faf5bef
jonasnick:
ACK 34debf7a6d36bbd9a52e68e079ddfc446faf5bef
Tree-SHA512: 91becfbc9cb7587ee55b2bceb604ea0aed8860990d63a5f414b11db92180c090ea8bcc048c2fb67a094e892138e3be46f00562bf78b7c3369232457289cde447
Instead of supporting configuration of the field and scalar size independently,
both are now controlled by the availability of a 64x64->128 bit multiplication
(currently only through __int128). This is autodetected from the C code through
__SIZEOF_INT128__, but can be overridden using configure's
--with-test-override-wide-multiply, or by defining
USE_FORCE_WIDEMUL_{INT64,INT128} manually.
not-empty.
Before this, setting `VALGRIND=wat` was considered as true, and to make it
evaluate as false you had to unset the variable `VALGRIND=` but not it
checks if `VALGRIND=yes` and if it's not `yes` then it's evaluated to
false
When $USE_HOST or $EXTRAFLAGS are empty, we pass (due to quoting) an
empty string as a parameter to ./configure, which then believes we want
to use a deprecated syntax for specifing a host or a target and yells at us:
> configure: WARNING: you should use --build, --host, --target
The fixes are:
- $EXTRAFLAGS could contain multiple flags and should not be quoted at all.
- We can get rid of $USE_HOST by specifying --host="$HOST" directly.
This changes pointer calculations in size comparions to a form that
ensures that no out-of-bound pointers are computed, because even their
computation yields undefined behavior.
Also, this changes size comparions to a form that ensures that neither
the left-hand side nor the right-hand side can overflow.
Identifiers starting with an underscore and followed immediately by a capital letter are reserved by the C++ standard.
The only header guards not fixed are those in the headers auto-generated from java.
These functions are intended for compatibility with legacy software,
and are not normally needed in new secp256k1 applications.
They also do not obeying any particular standard (and likely cannot
without without undermining their compatibility), and so are a
better fit for contrib.
