The test is supposed to create an invalid sign byte. Before this PR,
the generated sign byte could in fact be valid due to an overflow.
Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
b097a466c1 util: remove unused checked_realloc (Cory Fields)
Pull request description:
Usage was removed in 6fe50439 . This should be a NOOP.
Noticed when analyzing for zenbleed exposure: stdlib calls that aren't optimized away.
In this case realloc isn't making it into the final binary, but as far as I can tell this is completely dead code and should be dropped.
ACKs for top commit:
jonasnick:
ACK b097a466c1
real-or-random:
ACK b097a466c1
Tree-SHA512: d4249215eddd4035be2b50a8bb48b8a681abdab4ab41ca53f6c2a2507edfbc9ffa39ba22eb48e7da52f978e224198294495ce64f9d571d98c19283b20b82a63a
ea478beec6 musig: change test vector generation code shebang from python to python3 (Jonas Nick)
Pull request description:
The linter included in the Bitcoin Core and Elements test framework requires python3.
ACKs for top commit:
real-or-random:
utACK ea478beec6
Tree-SHA512: 0174e9d72529d1aa2c7a0542bc49a21af9163715961fa042da39c9bb857259f4c7e2b9be8e30b77c7b9b420574bd15f76308d807e22bdc590a91d249cca5ae86
5d8f53e312 Remove redudent checks. (Russell O'Connor)
d232112fa7 Update Changelog (Tim Ruffing)
b081f7e4cb Add secp256k1_fe_add_int function (Pieter Wuille)
2ef1c9b387 Update overflow check (Russell O'Connor)
5660c13755 prevent optimization in algorithms (Harshil Jani)
ce3cfc78a6 doc: Describe Jacobi calculation in safegcd_implementation.md (Elliott Jin)
6be01036c8 Add secp256k1_fe_is_square_var function (Pieter Wuille)
1de2a01c2b Native jacobi symbol algorithm (Pieter Wuille)
04c6c1b181 Make secp256k1_modinv64_det_check_pow2 support abs val (Pieter Wuille)
5fffb2c7af Make secp256k1_i128_check_pow2 support -(2^n) (Pieter Wuille)
e4330341bd ci: Shutdown wineserver whenever CI script exits (Tim Ruffing)
9a5a611a21 build: Suppress stupid MSVC linker warning (Tim Ruffing)
739c53b19a examples: Extend sig examples by call that uses static context (Tim Ruffing)
914276e4d2 build: Add SECP256K1_API_VAR to fix importing variables from DLLs (Tim Ruffing)
e089eecc1e group: Further simply gej_add_ge (Tim Ruffing)
ac71020ebe group: Save a normalize_to_zero in gej_add_ge (Tim Ruffing)
8c7e0fc1de build: Add -Wreserved-identifier supported by clang (Tim Ruffing)
9b60e3148d ci: Do not set git's `user.{email,name}` config options (Hennadii Stepanov)
ef39721ccc Do not link `bench` and `ctime_tests` to `COMMON_LIB` (Hennadii Stepanov)
c2415866c7 ci: Don't fetch git history (Tim Ruffing)
0ecf318851 ci: Use remote pull/merge ref instead of local git merge (Tim Ruffing)
9b7d18669d Drop no longer used Autoheader macros (Hennadii Stepanov)
eb6bebaee3 scalar: restrict split_lambda args, improve doc and VERIFY_CHECKs (Jonas Nick)
7f49aa7f2d ci: add test job with -DVERIFY (Jonas Nick)
620ba3d74b benchmarks: fix bench_scalar_split (Jonas Nick)
e39d954f11 tests: Add CHECK_ILLEGAL(_VOID) macros and use in static ctx tests (Tim Ruffing)
61841fc9ee contexts: Forbid randomizing secp256k1_context_static (Tim Ruffing)
4b6df5e33e contexts: Forbid cloning/destroying secp256k1_context_static (Tim Ruffing)
8f51229e03 ctime_tests: improve output when CHECKMEM_RUNNING is not defined (Jonas Nick)
2cd4e3c0a9 Drop no longer used `SECP_{LIBS,INCLUDE}` variables (Hennadii Stepanov)
613626f94c Drop no longer used `SECP_TEST_{LIBS,INCLUDE}` variables (Hennadii Stepanov)
d6ff738d5b Ensure safety of ctz_debruijn implementation. (Russell O'Connor)
ce60785b26 Introduce SECP256K1_B macro for curve b coefficient (Pieter Wuille)
4934aa7995 Switch to exhaustive groups with small B coefficient (Pieter Wuille)
e03ef86559 Make all non-API functions (except main) static (Pieter Wuille)
0f088ec112 Rename CTIMETEST -> CTIMETESTS (Pieter Wuille)
74b026f05d Add runtime checking for DECLASSIFY flag (Pieter Wuille)
5e2e6fcfc0 Run ctime test in Linux MSan CI job (Pieter Wuille)
18974061a3 Make ctime tests building configurable (Pieter Wuille)
5048be17e9 Rename valgrind_ctime_test -> ctime_tests (Pieter Wuille)
6eed6c18de Update error messages to suggest msan as well (Pieter Wuille)
8e11f89a68 Add support for msan integration to checkmem.h (Pieter Wuille)
8dc64079eb Add compile-time error to valgrind_ctime_test (Pieter Wuille)
0db05a770e Abstract interactions with valgrind behind new checkmem.h (Pieter Wuille)
4f1a54e41d Move valgrind CPPFLAGS into SECP_CONFIG_DEFINES (Pieter Wuille)
d4a6b58df7 Add `noverify_tests` to `.gitignore` (Hennadii Stepanov)
e862c4af0c Makefile: add -I$(top_srcdir)/src to CPPFLAGS for precomputed (Matt Whitlock)
Pull request description:
ACKs for top commit:
real-or-random:
tACK 0d540ec942
Tree-SHA512: bc54ccf752163ab6e1a12bb8c4e1f9339f4421d2e4f7716c408549514b3c902f2e9f727655799f1eecb085b0026761b04735b17be3c95c6cf54e07fbf7e86477
The test is supposed to create an invalid sign byte. Before this PR,
the generated sign byte could in fact be valid due to an overflow.
Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
9b6a1c384d sync-upstream.sh: Fix position of "-b" option in reproduce command (Tim Ruffing)
Pull request description:
ACKs for top commit:
jonasnick:
utACK 9b6a1c384d
Tree-SHA512: 27e4a41bc9c8f10715623f669c97a511520753b23d24ae91d6d2144e54588da0769f97b1de78c87b7471b39e556b682b1c2910b2bf71f124fb77cbc9e446d5f8
c424e2fb43 ellswift: fix probabilistic test failure when swapping sides (Jonas Nick)
Pull request description:
Reported by jonatack in https://github.com/bitcoin/bitcoin/issues/28079.
When configured with `--disable-module-ecdh --enable-module-recovery`, then `./tests 64 81af32fd7ab8c9cbc2e62a689f642106` fails with
```
src/modules/ellswift/tests_impl.h:396: test condition failed: secp256k1_memcmp_var(share32_bad, share32a, 32) != 0
```
This tests verifies that changing the `party` bit of the `secp256k1_ellswift_xdh` function results in a different share. However, that's not the case when the secret keys of both parties are the same and this is actually what happens in the observed test failure. The keys can be equal in this test case because they are created by the `random_scalar_order_test` function whose output is not uniformly random (it's biased towards 0).
This commit restores the assumption that the secret keys differ.
ACKs for top commit:
sipa:
utACK c424e2fb43
real-or-random:
utACK c424e2fb43
Tree-SHA512: d1ab61473a77478f9aeffb21ad73e0bba478c90d8573c72ec89d2e0140434cc65c9d5f4d56e5f259931dc68fc1800695c6cd5d63d9cfce4c1c4d6744eeaa2028
05b207e969 sync-upstream: allows providing the local branch via cli (Jonas Nick)
Pull request description:
ACKs for top commit:
real-or-random:
ACK 05b207e969
Tree-SHA512: b02f3fdf6565943cea2b93a0b2b0a38c30bb3c94873d0c4ed2ad276c75f3dc610911d1c9c076c8b7fd3a5baf83aa1ab66ec86415333cf58fe8f07c64fa74656f
