b097a466c168dcdb3fde435ec4a1e0b63609f55d util: remove unused checked_realloc (Cory Fields)
Pull request description:
Usage was removed in 6fe50439 . This should be a NOOP.
Noticed when analyzing for zenbleed exposure: stdlib calls that aren't optimized away.
In this case realloc isn't making it into the final binary, but as far as I can tell this is completely dead code and should be dropped.
ACKs for top commit:
jonasnick:
ACK b097a466c168dcdb3fde435ec4a1e0b63609f55d
real-or-random:
ACK b097a466c168dcdb3fde435ec4a1e0b63609f55d
Tree-SHA512: d4249215eddd4035be2b50a8bb48b8a681abdab4ab41ca53f6c2a2507edfbc9ffa39ba22eb48e7da52f978e224198294495ce64f9d571d98c19283b20b82a63a
5d8f53e31293c582fb3fe02157bc67d2eeccea77 Remove redudent checks. (Russell O'Connor)
d232112fa7e17fbbed7927bf02e8b1a0c54aeb53 Update Changelog (Tim Ruffing)
b081f7e4cbfd27edc36e823dcd93537a46f7d2a6 Add secp256k1_fe_add_int function (Pieter Wuille)
2ef1c9b38700b7cca2ee1aace2f020ee834729c0 Update overflow check (Russell O'Connor)
5660c137552c657da5265691dea0fb10faae6a76 prevent optimization in algorithms (Harshil Jani)
ce3cfc78a6020d21be299e1e4f22cf8ef089194d doc: Describe Jacobi calculation in safegcd_implementation.md (Elliott Jin)
6be01036c8a6da5043953d055ffb5920728fbff7 Add secp256k1_fe_is_square_var function (Pieter Wuille)
1de2a01c2b22dc8216393ad0471382beaffef525 Native jacobi symbol algorithm (Pieter Wuille)
04c6c1b18162e3dc00d9be5098ee1ccbcb2e78d9 Make secp256k1_modinv64_det_check_pow2 support abs val (Pieter Wuille)
5fffb2c7af5d33223d819283f1a561889a8210d9 Make secp256k1_i128_check_pow2 support -(2^n) (Pieter Wuille)
e4330341bd648e93b60fe70c631e311a98bce549 ci: Shutdown wineserver whenever CI script exits (Tim Ruffing)
9a5a611a21fcdf7bf2dab30964cd0208d8cdf444 build: Suppress stupid MSVC linker warning (Tim Ruffing)
739c53b19a22bd8cd251e25ea286089664a2f0eb examples: Extend sig examples by call that uses static context (Tim Ruffing)
914276e4d27a5f21407744d8016b6d0789e676b1 build: Add SECP256K1_API_VAR to fix importing variables from DLLs (Tim Ruffing)
e089eecc1e54551287b12539d2211da631a6ec5c group: Further simply gej_add_ge (Tim Ruffing)
ac71020ebe052901000e5efa7a59aad77ecfc1a0 group: Save a normalize_to_zero in gej_add_ge (Tim Ruffing)
8c7e0fc1de048be98a1f1bc75557671afc14beaa build: Add -Wreserved-identifier supported by clang (Tim Ruffing)
9b60e3148d8c19562c8c3805bd0cdc55933e912c ci: Do not set git's `user.{email,name}` config options (Hennadii Stepanov)
ef39721cccec344983f09180bcf9c443d491f7cb Do not link `bench` and `ctime_tests` to `COMMON_LIB` (Hennadii Stepanov)
c2415866c7a6769cb29e3db6c5312c1255b37083 ci: Don't fetch git history (Tim Ruffing)
0ecf3188515e46b4da5580b4b9805d2cb927eb91 ci: Use remote pull/merge ref instead of local git merge (Tim Ruffing)
9b7d18669dc2410bde7690d9b04d90b3dc3e25ce Drop no longer used Autoheader macros (Hennadii Stepanov)
eb6bebaee3947f8bca46816fa6bf6182085f1b56 scalar: restrict split_lambda args, improve doc and VERIFY_CHECKs (Jonas Nick)
7f49aa7f2dca595ac8b58d0268dc46a9dfff1e38 ci: add test job with -DVERIFY (Jonas Nick)
620ba3d74bed3095cec7cd8877c8ce14cbf5e329 benchmarks: fix bench_scalar_split (Jonas Nick)
e39d954f118a29db2c33e9a9a507053fff5573ed tests: Add CHECK_ILLEGAL(_VOID) macros and use in static ctx tests (Tim Ruffing)
61841fc9ee5aa1ffde3ccd512660207034125ebd contexts: Forbid randomizing secp256k1_context_static (Tim Ruffing)
4b6df5e33e197a50fd7d9bc4c14b8ba8526013b9 contexts: Forbid cloning/destroying secp256k1_context_static (Tim Ruffing)
8f51229e0348a1524fed541f334cd4f1726d2685 ctime_tests: improve output when CHECKMEM_RUNNING is not defined (Jonas Nick)
2cd4e3c0a976c78c1619fc7456fcc4eaa92897a9 Drop no longer used `SECP_{LIBS,INCLUDE}` variables (Hennadii Stepanov)
613626f94c77a484f6acf22a72ab6cd8ddda00cd Drop no longer used `SECP_TEST_{LIBS,INCLUDE}` variables (Hennadii Stepanov)
d6ff738d5bbdf965590fc07efca23b13c0ea3082 Ensure safety of ctz_debruijn implementation. (Russell O'Connor)
ce60785b2654e60b43577dd75996b7020afbfec8 Introduce SECP256K1_B macro for curve b coefficient (Pieter Wuille)
4934aa79958b506a6e9cfcfe30a8f685db3f5f5f Switch to exhaustive groups with small B coefficient (Pieter Wuille)
e03ef8655933d3e2b4830e7f8fe86deba820a073 Make all non-API functions (except main) static (Pieter Wuille)
0f088ec11263261497661215c110a4c395acc0ac Rename CTIMETEST -> CTIMETESTS (Pieter Wuille)
74b026f05d52216fa4c83cbfada416a30ddfc9b9 Add runtime checking for DECLASSIFY flag (Pieter Wuille)
5e2e6fcfc0ebcdaad96fda9db9b8946d8bcdc8e5 Run ctime test in Linux MSan CI job (Pieter Wuille)
18974061a3ffef514cc393768401b2f104fe6cef Make ctime tests building configurable (Pieter Wuille)
5048be17e93a21ab2e33b939b40339ed4861a692 Rename valgrind_ctime_test -> ctime_tests (Pieter Wuille)
6eed6c18ded7bd89d82fe1ebb13b488a2cf5e567 Update error messages to suggest msan as well (Pieter Wuille)
8e11f89a685063221fa4c2df0ee750d997aee386 Add support for msan integration to checkmem.h (Pieter Wuille)
8dc64079eb1db5abafbc18e335bcf179ae851ae8 Add compile-time error to valgrind_ctime_test (Pieter Wuille)
0db05a770ebd41999b88358ee6ab4bdd6a7d57ee Abstract interactions with valgrind behind new checkmem.h (Pieter Wuille)
4f1a54e41d84a81e4506668bfabed1f3c632973b Move valgrind CPPFLAGS into SECP_CONFIG_DEFINES (Pieter Wuille)
d4a6b58df7490ff9c656e158f246cf396b4cfa72 Add `noverify_tests` to `.gitignore` (Hennadii Stepanov)
e862c4af0c5a7300129700d38eff499a836a108d Makefile: add -I$(top_srcdir)/src to CPPFLAGS for precomputed (Matt Whitlock)
Pull request description:
ACKs for top commit:
real-or-random:
tACK 0d540ec942
Tree-SHA512: bc54ccf752163ab6e1a12bb8c4e1f9339f4421d2e4f7716c408549514b3c902f2e9f727655799f1eecb085b0026761b04735b17be3c95c6cf54e07fbf7e86477
9b6a1c384d00cc61bf9160e5df858ca6c52e6af3 sync-upstream.sh: Fix position of "-b" option in reproduce command (Tim Ruffing)
Pull request description:
ACKs for top commit:
jonasnick:
utACK 9b6a1c384d00cc61bf9160e5df858ca6c52e6af3
Tree-SHA512: 27e4a41bc9c8f10715623f669c97a511520753b23d24ae91d6d2144e54588da0769f97b1de78c87b7471b39e556b682b1c2910b2bf71f124fb77cbc9e446d5f8
c424e2fb43c8ed959b2af7b2216028ce2a023488 ellswift: fix probabilistic test failure when swapping sides (Jonas Nick)
Pull request description:
Reported by jonatack in https://github.com/bitcoin/bitcoin/issues/28079.
When configured with `--disable-module-ecdh --enable-module-recovery`, then `./tests 64 81af32fd7ab8c9cbc2e62a689f642106` fails with
```
src/modules/ellswift/tests_impl.h:396: test condition failed: secp256k1_memcmp_var(share32_bad, share32a, 32) != 0
```
This tests verifies that changing the `party` bit of the `secp256k1_ellswift_xdh` function results in a different share. However, that's not the case when the secret keys of both parties are the same and this is actually what happens in the observed test failure. The keys can be equal in this test case because they are created by the `random_scalar_order_test` function whose output is not uniformly random (it's biased towards 0).
This commit restores the assumption that the secret keys differ.
ACKs for top commit:
sipa:
utACK c424e2fb43c8ed959b2af7b2216028ce2a023488
real-or-random:
utACK c424e2fb43c8ed959b2af7b2216028ce2a023488
Tree-SHA512: d1ab61473a77478f9aeffb21ad73e0bba478c90d8573c72ec89d2e0140434cc65c9d5f4d56e5f259931dc68fc1800695c6cd5d63d9cfce4c1c4d6744eeaa2028
05b207e969f9b4181061dd3fba749b6df06de718 sync-upstream: allows providing the local branch via cli (Jonas Nick)
Pull request description:
ACKs for top commit:
real-or-random:
ACK 05b207e969f9b4181061dd3fba749b6df06de718
Tree-SHA512: b02f3fdf6565943cea2b93a0b2b0a38c30bb3c94873d0c4ed2ad276c75f3dc610911d1c9c076c8b7fd3a5baf83aa1ab66ec86415333cf58fe8f07c64fa74656f
When configured with `--disable-module-ecdh --enable-module-recovery`, then
`./tests 64 81af32fd7ab8c9cbc2e62a689f642106` fails with
```
src/modules/ellswift/tests_impl.h:396: test condition failed: secp256k1_memcmp_var(share32_bad, share32a, 32) != 0
```
This tests verifies that changing the `party` bit of the
`secp256k1_ellswift_xdh` function results in a different share. However, that's
not the case when the secret keys of both parties are the same and this is
actually what happens in the observed test failure. The keys can be equal in
this test case because they are created by the `random_scalar_order_test`
function whose output is not uniformly random (it's biased towards 0).
This commit restores the assummption that the secret keys differ.
981e5be38c492f0c0230fbe61be555d157380331 ci: Fix typo in comment (Tim Ruffing)
e9e96482196da641733a8a6763341a84f8b9806a ci: Reduce number of macOS tasks from 28 to 8 (Tim Ruffing)
609093b3877b2fb21bd4bb2301a3eafb444a2fdb ci: Add x86_64 Linux tasks for gcc and clang snapshots (Tim Ruffing)
1deecaaf3b94dbf08896e015e7f1e5ec328a40f2 ci: Install development snapshots of gcc and clang (Tim Ruffing)
Pull request description:
ACKs for top commit:
hebasto:
re-ACK 981e5be38c492f0c0230fbe61be555d157380331
jonasnick:
ACK 981e5be38c492f0c0230fbe61be555d157380331
Tree-SHA512: a36ef6f3c30a7f6e09e186e67b8eeb6e16e05de3bd97f21342866e75e33275103d463b6a12603ce235da7e26e4acdef4d811f62f369f18db9ac4e7ff06749136
b79ba8aa4c074b2cd09188f6f85ba68d6b80fe50 field: Use `restrict` consistently in fe_sqrt (Tim Ruffing)
Pull request description:
That is, use it also in the definition and not only the declaration.
I believe this was the intention of commit
be82bd8e03, but it was omitted there.
edit: Changed the description. I'm not entirely sure but after looking at the standard, I tend to think this is more than a cosmetic change, and only this change actually makes the parameters `restrict`. Anyway, I believe making them `restrict` was simply forgotten in be82bd8e0347e090037ff1d30a22a9d614db8c9f.
ACKs for top commit:
sipa:
utACK b79ba8aa4c074b2cd09188f6f85ba68d6b80fe50
Tree-SHA512: eecec7674d8cef7833d50f4041b87241ca8de4839aa8027df1c422b89f5a1bcef3916ac785057a596c459ce1aa9d41e5a21ecb6fed9c5d15a1d9f588c7ee208e
600c5adcd59240305e22918943f45dceeabb7e93 clean up in-comment Sage code (refer to secp256k1_params.sage, update to Python3) (Sebastian Falbesoner)
Pull request description:
Some of the C source files contain contain in-comment Sage code calculating secp256k1 parameters that are already defined in the file secp256k1_params.sage. Replace that by a corresponding load instruction and access the necessary variables. In ecdsa_impl.h, update the comment to use a one-line shell command calling sage to get the values.
The remaining code (test `test_add_neg_y_diff_x` in tests.c) is updated to work with a current version based on Python3 (Sage 9.0+, see https://wiki.sagemath.org/Python3-Switch).
The latter can be seen as a small follow-up to PR #849 (commit 13c88efed0005eb6745a222963ee74564054eafb).
ACKs for top commit:
sipa:
ACK 600c5adcd59240305e22918943f45dceeabb7e93
real-or-random:
ACK 600c5adcd59240305e22918943f45dceeabb7e93
Tree-SHA512: a9e52f6afbce65edd9ab14203612c3d423639f450fe8f0d269a3dda04bebefa95b607f7aa0faec864cb78b46d49f281632bb1277118749b7d8613e9f5dcc8f3d
Some of the C source files contain contain in-comment Sage code
calculating secp256k1 parameters that are already defined in the file
secp256k1_params.sage. Replace that by a corresponding load instruction
and access the necessary variables. In ecdsa_impl.h, update the comment
to use a one-line shell command calling sage to get the values.
The remaining code (test `test_add_neg_y_diff_x` in tests.c) is updated
to work with a current version based on Python3 (Sage 9.0+, see
https://wiki.sagemath.org/Python3-Switch).
The latter can be seen as a small follow-up to PR #849 (commit
13c88efed0005eb6745a222963ee74564054eafb).
That is, use it also in the definition and not only the declaration.
I believe this was the intention of commit
be82bd8e0347e090037ff1d30a22a9d614db8c9f, but it was omitted there.