15 Commits

Author SHA1 Message Date
Jonas Nick
edcacc2b2e Merge commits '26de4dfe 6e898534 c083cc6e 1e5d50fa cc2c09e3 efad3506 7012a188 34388af6 98e0358d d0bd2693 185a6af2 6c52ae87 69394879 1e78c18d 202a030f bf0ac460 399722a6 3dc8c072 50f33677 7973576f 1758a92f ' into temp-merge-950 2021-06-14 18:16:46 +00:00
Pieter Wuille
5437e7bdfb Remove unused scalar_sqr 2021-03-12 10:06:18 -08:00
Pieter Wuille
aa404d53be Move secp256k1_scalar_{inverse{_var},is_even} to per-impl files
This temporarily duplicates the inversion code across the 4x64 and 8x32
implementations. Those implementations will be replaced in a later commit.
2021-03-11 10:25:26 -08:00
Jonas Nick
d4ca81f48e Merge commits 'dc6e5c3a 2d9e7175 b61f9da5 98dac878 8c727b90 328aaef2 f2d9aeae b732701f db726782 5671e5f3 a4abaab7 659d0d47 f8c0b57e 24d1656c 3a8b47bc ebdba03c 4c3ba88c ' into temp-merge-901
Also add -zkp modules to .cirrus.yml.
2021-03-08 13:35:16 +00:00
Dimitris Apostolou
07aa4c70ff
Fix insecure links 2020-12-18 00:24:22 +02:00
Jonas Nick
b0917f3de1 Merge remote-tracking branch 'upstream/master' into temp-merge-835 2020-11-05 20:21:38 +00:00
Pieter Wuille
8bcd78cd79 Make secp256k1_scalar_b32 detect overflow in scalar_low 2020-09-18 14:01:15 -07:00
Andrew Poelstra
a1f16a0a53 add chacha20 function 2020-07-24 14:50:49 +02:00
Andrew Poelstra
94425d4a67 rangeproof: several API changes
* add summing function for blinded generators
* drop `excess` and `gen` from `verify_tally`
* add extra_commit to rangeproof sign and verify
2020-07-24 14:49:33 +02:00
Elichai Turkel
f79a7adcf5
Add valgrind uninit check to cmovs output 2020-05-26 23:30:56 +03:00
Gregory Maxwell
34a67c773b Eliminate harmless non-constant time operations on secret data.
There were several places where the code was non-constant time
 for invalid secret inputs.  These are harmless under sane use
 but get in the way of automatic const-time validation.

(Nonce overflow in signing is not addressed, nor is s==0 in
 signing)
2020-02-20 17:27:03 +00:00
Russell O'Connor
0d82732a9a Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit.
This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow.
2019-08-07 12:04:59 -04:00
roconnor-blockstream
8fe63e5654 Increase robustness against UB.
Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour.
While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands.
2019-07-04 22:35:28 -04:00
Dan Raviv
abe2d3e84b Fix header guards using reserved identifiers
Identifiers starting with an underscore and followed immediately by a capital letter are reserved by the C++ standard.

The only header guards not fixed are those in the headers auto-generated from java.
2017-08-26 18:44:21 +03:00
Andrew Poelstra
83836a9547 Add exhaustive tests for group arithmetic, signing, and ecmult on a small group
If you compile without ./configure --enable-exhaustive-tests=no,
this will create a binary ./exhaustive_tests which will execute
every function possible on a group of small order obtained by
moving to a twist of our curve and locating a generator of small
order.

Currently defaults to order 13, though by changing some #ifdefs
you can get a couple other ones. (Currently 199, which will take
forever to run, and 14, which won't work because it's composite.)

TODO exhaustive tests for the various modules
2016-11-26 00:35:00 +00:00