Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							c259a7cbc0 
							
						 
					 
					
						
						
							
							Set precomputation table late and unset early.  
						
						... 
						
						
						
						Set the global pointer to the precomputation table only after initializing
it completely, and unset it before doing any uninitialization.
This causes fail-fast behavior in case of race conditions between
initialization and operations using it. 
						
						
					 
					
						2014-09-13 17:19:30 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							04e34d18c3 
							
						 
					 
					
						
						
							
							Split up signing and verification initialization  
						
						
						
						
					 
					
						2014-09-13 17:14:17 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							da556eb772 
							
						 
					 
					
						
						
							
							Merge pull request  #62  
						
						... 
						
						
						
						1136bed Make secp256k1_ge_set_gej work with the point at infinity (Pieter Wuille) 
						
						
					 
					
						2014-09-13 16:26:27 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							1136bedbc2 
							
						 
					 
					
						
						
							
							Make secp256k1_ge_set_gej work with the point at infinity  
						
						
						
						
					 
					
						2014-09-13 00:46:32 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							62c3f55a9d 
							
						 
					 
					
						
						
							
							Nothing-up-my-sleeving blinding for a*G  
						
						
						
						
					 
					
						2014-09-01 14:56:12 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							fa492f059d 
							
						 
					 
					
						
						
							
							Fix a signedness mistake in secp256k1_num_set_hex  
						
						... 
						
						
						
						We were using a potentially signed char as index in an array. 
						
						
					 
					
						2014-08-27 01:21:57 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e2beb0bd2d 
							
						 
					 
					
						
						
							
							Merge pull request  #51  
						
						... 
						
						
						
						364fde6 fix unsigned warning in num_gmp_impl.h (caktux) 
						
						
					 
					
						2014-08-27 01:20:19 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							1c7fa133a6 
							
						 
					 
					
						
						
							
							Add VERIFY_CHECK/DEBUG_CHECK and use CHECK macros more  
						
						
						
						
					 
					
						2014-08-26 01:23:51 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							87c782f632 
							
						 
					 
					
						
						
							
							Merge pull request  #53  
						
						... 
						
						
						
						2f6c801 Try to not leave secret data on the stack or heap. (Gregory Maxwell) 
						
						
					 
					
						2014-08-23 14:13:10 +02:00 
						 
				 
			
				
					
						
							
							
								Gregory Maxwell 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							2f6c801911 
							
						 
					 
					
						
						
							
							Try to not leave secret data on the stack or heap.  
						
						... 
						
						
						
						This makes a basic effort and has not been audited.
Doesn't appear to have a measurable performance impact on bench.
It also adds a secp256k1_num_free to secp256k1_ecdsa_pubkey_create. 
						
						
					 
					
						2014-08-14 07:06:36 -07:00 
						 
				 
			
				
					
						
							
							
								caktux 
							
						 
					 
					
						
						
						
						
							
						
						
							364fde65f6 
							
						 
					 
					
						
						
							
							fix unsigned warning in num_gmp_impl.h  
						
						
						
						
					 
					
						2014-08-11 16:09:09 -04:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							1a749b4a6e 
							
						 
					 
					
						
						
							
							Add secp256k1_num_eq and use it in tests  
						
						
						
						
					 
					
						2014-08-09 19:22:42 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							25f4aec02f 
							
						 
					 
					
						
						
							
							Add high-level secp256k1.c tests  
						
						
						
						
					 
					
						2014-08-03 19:54:41 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							21f81a8469 
							
						 
					 
					
						
						
							
							Correct secp256k1_fe_verify and use it everywhere  
						
						
						
						
					 
					
						2014-07-17 21:07:40 +02:00 
						 
				 
			
				
					
						
							
							
								Peter Dettman 
							
						 
					 
					
						
						
						
						
							
						
						
							59447da38d 
							
						 
					 
					
						
						
							
							Test demonstrating discrepancy in sqr output  
						
						
						
						
					 
					
						2014-07-17 21:07:38 +02:00 
						 
				 
			
				
					
						
							
							
								Peter Dettman 
							
						 
					 
					
						
						
						
						
							
						
						
							f16be77ffc 
							
						 
					 
					
						
						
							
							Use batch inversion in G precomputation  
						
						
						
						
					 
					
						2014-07-17 15:33:00 +07:00 
						 
				 
			
				
					
						
							
							
								Peter Dettman 
							
						 
					 
					
						
						
						
						
							
						
						
							42822baaa8 
							
						 
					 
					
						
						
							
							Improve normalization performance for 32bit  
						
						... 
						
						
						
						- Uses a similar approach to the latest 64bit _normalize.
- Add one useful optimization back into the 64bit _normalize too.
Performance of 'bench' improved by around 0.5% for the 32bit field (but tested on a 64-bit machine). 
						
						
					 
					
						2014-06-23 12:12:58 +07:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							9849c6898c 
							
						 
					 
					
						
						
							
							Merge pull request  #31  
						
						... 
						
						
						
						0592d11 Introduce CHECK() for tests that works with NDEBUG. (Pieter Wuille) 
						
						
					 
					
						2014-06-20 23:25:38 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							0592d117da 
							
						 
					 
					
						
						
							
							Introduce CHECK() for tests that works with NDEBUG.  
						
						
						
						
					 
					
						2014-06-16 01:30:17 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							4d79bebdff 
							
						 
					 
					
						
						
							
							Do not free endomorphism constants when disabled  
						
						
						
						
					 
					
						2014-06-15 23:31:17 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							ebfa43b20a 
							
						 
					 
					
						
						
							
							Merge pull request  #25  
						
						... 
						
						
						
						6d6102f A few improvements to the sqrt tests (Peter Dettman) 
						
						
					 
					
						2014-06-03 22:01:47 +02:00 
						 
				 
			
				
					
						
							
							
								Peter Dettman 
							
						 
					 
					
						
						
						
						
							
						
						
							9037707720 
							
						 
					 
					
						
						
							
							Rewrite 5x52 normalize method to be faster  
						
						
						
						
					 
					
						2014-06-03 18:59:21 +07:00 
						 
				 
			
				
					
						
							
							
								Peter Dettman 
							
						 
					 
					
						
						
						
						
							
						
						
							6d6102fee4 
							
						 
					 
					
						
						
							
							A few improvements to the sqrt tests  
						
						
						
						
					 
					
						2014-06-03 17:50:27 +07:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							7740eff28a 
							
						 
					 
					
						
						
							
							Merge pull request  #19  
						
						... 
						
						
						
						09ca4f3 secp256k1_fe_sqrt checks for success (Peter Dettman) 
						
						
					 
					
						2014-06-02 10:46:12 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							3bc866b88f 
							
						 
					 
					
						
						
							
							Merge pull request  #20  
						
						... 
						
						
						
						d7fd4d0 Use endomorphism in precomputations (Peter Dettman) 
						
						
					 
					
						2014-06-02 10:45:44 +02:00 
						 
				 
			
				
					
						
							
							
								Peter Dettman 
							
						 
					 
					
						
						
						
						
							
						
						
							17eec032c8 
							
						 
					 
					
						
						
							
							Support 64bit_asm field on OSX  
						
						
						
						
					 
					
						2014-06-02 15:33:35 +07:00 
						 
				 
			
				
					
						
							
							
								Peter Dettman 
							
						 
					 
					
						
						
						
						
							
						
						
							d7fd4d0f6b 
							
						 
					 
					
						
						
							
							Use endomorphism in precomputations  
						
						
						
						
					 
					
						2014-05-22 10:17:30 +07:00 
						 
				 
			
				
					
						
							
							
								Peter Dettman 
							
						 
					 
					
						
						
						
						
							
						
						
							09ca4f32e2 
							
						 
					 
					
						
						
							
							secp256k1_fe_sqrt checks for success  
						
						... 
						
						
						
						- secp256k1_fe_sqrt now checks that the value it calculated is actually a square root.
- Add return values to secp256k1_fe_sqrt and secp256k1_ge_set_xo.
- Callers of secp256k1_ge_set_xo can use return value instead of explicit validity checks
- Add random value tests for secp256k1_fe_sqrt 
						
						
					 
					
						2014-05-21 10:22:14 +07:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							78fb796997 
							
						 
					 
					
						
						
							
							Merge pull request  #8  
						
						... 
						
						
						
						ba8fc0e Check signature nonces for validity (William Swanson) 
						
						
					 
					
						2014-05-08 20:09:09 +02:00 
						 
				 
			
				
					
						
							
							
								evoskuil 
							
						 
					 
					
						
						
						
						
							
						
						
							ac274bff23 
							
						 
					 
					
						
						
							
							Fix x64 gmp init on platforms that define UL as 32 bits.  
						
						
						
						
					 
					
						2014-05-08 10:28:20 -07:00 
						 
				 
			
				
					
						
							
							
								William Swanson 
							
						 
					 
					
						
						
						
						
							
						
						
							ba8fc0e28f 
							
						 
					 
					
						
						
							
							Check signature nonces for validity  
						
						... 
						
						
						
						The documentation implies that this check is happening, so make it so.
Without this check, passing an invalid nonce will trigger an internal assertion. 
						
						
					 
					
						2014-04-24 14:18:44 -07:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							11ab562203 
							
						 
					 
					
						
						
							
							Move implementations from impl/*.h to *_impl.h  
						
						
						
						
					 
					
						2014-03-12 18:40:02 +01:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							65a79b300c 
							
						 
					 
					
						
						
							
							Slice bytes of G multiples to avoid cache timings  
						
						
						
						
					 
					
						2014-03-07 00:32:41 +01:00 
						 
				 
			
				
					
						
							
							
								Peter Dettman 
							
						 
					 
					
						
						
						
						
							
						
						
							bb7bb81d07 
							
						 
					 
					
						
						
							
							Fix addition chain entry in comments  
						
						
						
						
					 
					
						2014-01-31 11:43:57 +07:00 
						 
				 
			
				
					
						
							
							
								Peter Dettman 
							
						 
					 
					
						
						
						
						
							
						
						
							f8ccd9befd 
							
						 
					 
					
						
						
							
							Re-write secp256k1_fe_sqrt and secp256k1_fe_inv to use a sliding window over blocks of 1s  
						
						
						
						
					 
					
						2014-01-30 19:16:20 +07:00 
						 
				 
			
				
					
						
							
							
								Cory Fields 
							
						 
					 
					
						
						
						
						
							
						
						
							5a9989c52a 
							
						 
					 
					
						
						
							
							add missing include  
						
						
						
						
					 
					
						2014-01-17 23:24:12 -05:00 
						 
				 
			
				
					
						
							
							
								Cory Fields 
							
						 
					 
					
						
						
						
						
							
						
						
							78cd96b151 
							
						 
					 
					
						
						
							
							autotools: autotools'ify libsecp256k1  
						
						
						
						
					 
					
						2014-01-17 23:24:12 -05:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							60442b835f 
							
						 
					 
					
						
						
							
							Remove 5x64 implementation - no actual benefits  
						
						
						
						
					 
					
						2013-12-01 21:16:47 +01:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							399c03f227 
							
						 
					 
					
						
						
							
							Make endomorphism optimization optional  
						
						
						
						
					 
					
						2013-12-01 21:06:20 +01:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							ad52495d72 
							
						 
					 
					
						
						
							
							Check for overflows when order is added at recovery  
						
						
						
						
					 
					
						2013-11-07 20:27:13 +01:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							d0b33489f2 
							
						 
					 
					
						
						
							
							Break malleability by producing S <= order/2  
						
						
						
						
					 
					
						2013-09-19 00:58:42 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							350ade2ab4 
							
						 
					 
					
						
						
							
							Tweak fixes & variable name improvement  
						
						
						
						
					 
					
						2013-07-14 20:49:37 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							86d3cce2a9 
							
						 
					 
					
						
						
							
							Add support for multiplicative tweaking  
						
						
						
						
					 
					
						2013-07-14 17:58:23 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							b0be6aba91 
							
						 
					 
					
						
						
							
							Invert buggy logic in secp256k1_ecdsa_seckey_verify  
						
						
						
						
					 
					
						2013-07-13 01:31:41 +02:00 
						 
				 
			
				
					
						
							
							
								Diederik Huys 
							
						 
					 
					
						
						
						
						
							
						
						
							355b4192cf 
							
						 
					 
					
						
						
							
							1st assembly version of field 5x64 code - bugfix  
						
						
						
						
					 
					
						2013-06-17 15:31:06 +02:00 
						 
				 
			
				
					
						
							
							
								Diederik Huys 
							
						 
					 
					
						
						
						
						
							
						
						
							dd804adeff 
							
						 
					 
					
						
						
							
							1st assembly version of field 5x64 code  
						
						
						
						
					 
					
						2013-06-16 22:46:43 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							6c78924a10 
							
						 
					 
					
						
						
							
							Inline asm for 5x64  
						
						
						
						
					 
					
						2013-06-09 00:52:14 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							1487ca95c6 
							
						 
					 
					
						
						
							
							Field 5x64  
						
						
						
						
					 
					
						2013-06-09 00:04:55 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							561b0e1044 
							
						 
					 
					
						
						
							
							Private/public key tweaking  
						
						
						
						
					 
					
						2013-05-27 01:18:48 +02:00 
						 
				 
			
				
					
						
							
							
								Pieter Wuille 
							
						 
					 
					
						
						
						
						
							
						
						
							e3c5c26f54 
							
						 
					 
					
						
						
							
							Allow private keys with less-than-32-byte secrets  
						
						
						
						
					 
					
						2013-05-24 05:32:53 +02:00