fc3dea29eacc46926fed6428caf8355f732bdf5b ci: Move "ppc64le: Linux..." from Cirrus to GitHub Actions (Hennadii Stepanov)
7782dc827657288e90fd4fdca5fbf077e50b06c5 ci: Move "ARM64: Linux..." from Cirrus to GitHub Actions (Hennadii Stepanov)
0a16de671c0cb15cbdd31d56635d21ec95ed788d ci: Move "ARM32: Linux..." from Cirrus to GitHub Actions (Hennadii Stepanov)
ea33914e00ef1d4117cdb608c96dd3d2d969aa72 ci: Move "s390x (big-endian): Linux..." from Cirrus to GitHub Actions (Hennadii Stepanov)
880be8af99480e36f3af77b1ee1da17465a91df5 ci: Move "i686: Linux (Debian stable)" from Cirrus to GiHub Actions (Hennadii Stepanov)
Pull request description:
Move more non-x86_64 tasks from Cirrus CI to GitHub Actions.
Solves one item in https://github.com/bitcoin-core/secp256k1/issues/1392 partially.
ACKs for top commit:
real-or-random:
ACK fc3dea29eacc46926fed6428caf8355f732bdf5b but still waiting for Cirrus
Tree-SHA512: 9a910b3ee500aa34fc4db827f8b2a50bcfb637a9e59f4ad32545634772b397ce80b31a18723f4605dc42aa19a5632292943102099f7720f87de1da454da068b0
ef9fe959deb638228bca8f1068f078e87e271b02 ci: Drop no longer needed workaround (Hennadii Stepanov)
Pull request description:
The https://sourceware.org/bugzilla/show_bug.cgi?id=27008 bug has been resolved since libc 2.33.
Debian Bookworm has [libc](https://packages.debian.org/bookworm/libc6) 2.36.
I've separated this change from moving CI tasks to GitHub Actions intentionally.
ACKs for top commit:
real-or-random:
ACK ef9fe959deb638228bca8f1068f078e87e271b02
Tree-SHA512: 4e8ce1232fcb581fa4700da75e5f63ff3da359416e5c5c1966f6aae079219fd697554db03d0b1729ea62cca42aae74bd36621a85d6ec7e4ee18e2c20b879cfa6
87d35f30c0a322e9b4bc5ee1addc1d0cd463562a ci: Rename `cirrus.sh` to more general `ci.sh` (Hennadii Stepanov)
d6281dd0086a37c77311b4acbbacad89738163c7 ci: Remove Windows tasks from Cirrus CI (Hennadii Stepanov)
2b6f9cd546ce688005184f1400bfded7a4a4bbf0 ci, gha: Add Windows jobs based on Linux image (Hennadii Stepanov)
Pull request description:
ACKs for top commit:
real-or-random:
ACK 87d35f30c0a322e9b4bc5ee1addc1d0cd463562a
jonasnick:
ACK 87d35f30c0a322e9b4bc5ee1addc1d0cd463562a
Tree-SHA512: bab005041692f52ed26899d50ee9114e6dd57a21ffa36b4d0b99e8b5b394a64a956cbc99ae2767fdf64f242970ebbeb0df4f5b373e059ecb187174f471b1a95e
b0886fd35c0ad05adee3fb8008e4315bf2f91f1f ci, gha: Ensure only a single workflow processes `github.ref` at a time (Hennadii Stepanov)
Pull request description:
ACKs for top commit:
real-or-random:
ACK b0886fd35c0ad05adee3fb8008e4315bf2f91f1f
jonasnick:
ACK b0886fd35c0ad05adee3fb8008e4315bf2f91f1f
Tree-SHA512: 8edda9259fc07bda3a35286ab97238b2f2749fbc629030da52e5a352988e5562cf62255c7d4917b7f0c8dbc9a0bd3a36b5e725d3d5a4c635ae8239faef829d1b
d23da6d55714271c720fee58fbff5e5ef2fe193f use secp256k1_scalar_verify checks (stratospher)
c7d0454932b42a9728b55033c94e000b1dbbb6f2 add verification for scalars (stratospher)
ad152151b06a40aaf6cd90561356ff451996455d update max scalar in scalar_cmov_test and fix schnorrsig_verify exhaustive test (stratospher)
Pull request description:
From #1360. This PR:
1. adds `secp256k1_scalar_verify` to make sure scalars are reduced mod the group order in VERIFY mode
2. uses `secp256k1_scalar_verify` in all the scalar functions except `secp256k1_scalar_clear`, `secp256k1_scalar_reduce_512`, `secp256k1_scalar_mul_512` and `secp256k1_scalar_*_var` functions in `scalar_low_impl.h`
ACKs for top commit:
real-or-random:
utACK d23da6d55714271c720fee58fbff5e5ef2fe193f
theStack:
Code-review ACK d23da6d55714271c720fee58fbff5e5ef2fe193f
Tree-SHA512: a371b319d948198c4038d35c9ea58f4b94de4dc312215e2b78a323c2acd4ae1355d97935c558b388774832d6d0058b97ff8ca50c3aab40b9ede5307760d0a505
`random_fe_non_zero` contains a loop iteration limit that ensures that
we abort if `random_fe` ever yielded zero more than ten times in a row.
This construct was first introduced in PR #19 (commit 09ca4f32) for
random non-square field elements and was later refactored into the
non-zero helper in PR #25 (commit 6d6102fe). The copy-over to the
exhaustive tests happened recently in PR #1118 (commit 0f864207).
This case seems to be practically irrelevant and I'd argue for keeping
things simple and removing it; if there's really a worry that the test's
random generator is heavily biased towards certain values or value
ranges then there should consequently be checks at other places too
(e.g. directly in `random_fe` for 256-bit values that repeatedly
overflow, i.e. >= p).
Also, the _fe_normalize call is not needed and can be removed, as the
result of `random_fe` is already normalized.
d78bec7001fe6f5ed8d5b215bf61e7b74e3369ca ci: Remove Windows MSVC tasks from Cirrus CI (Hennadii Stepanov)
3545dc2b9bdbf856c1e0288120ef1cde99daa7ec ci, gha: Run all MSVC tests on Windows natively (Hennadii Stepanov)
Pull request description:
ACKs for top commit:
real-or-random:
ACK d78bec7001fe6f5ed8d5b215bf61e7b74e3369ca
jonasnick:
ACK d78bec7001fe6f5ed8d5b215bf61e7b74e3369ca
Tree-SHA512: b58162a9f0827dceb1c7eb6fb7c759c0bffcf3e0d24cc7e6628ad71d1faaabaffb9d8de6fcd3d07bfcaca409632a13f711f9ad871a30718139557544cf91b4bf
747ada35877d4392c453b7c7249465fb382125ea test: Silent noisy clang warnings about Valgrind code on macOS x86_64 (Hennadii Stepanov)
Pull request description:
Since #1206, on macOS x86_64 with Valgrind installed, clang emits a massive amount of `-Wreserved-identifier` and `-Wreserved-macro-identifier` warnings from the `valgrind/valgrind.h` and `valgrind/memcheck.h` headers.
This PR prevents warnings emitted for the Valgrind code.
ACKs for top commit:
real-or-random:
utACK 747ada35877d4392c453b7c7249465fb382125ea
Tree-SHA512: dd1b2b9db2d471939fdc30f9d8fd106a12f21ec5008ca98d8ebe3087d7ea352d564e8bbd0cec59a004e084af3a84d4680cb81f2ef6fe13cf164b7691e33f437d
It is not neccessary for the second argument in `secp256k1_fe_equal_var`
(or `secp256k1_fe_equal`) to have magnitude = 1.
Hence, removed the `secp256k1_fe_normalize_weak` call for those argument.
b7c685e74adbd83937990e90f076600fabf8ccf0 Save _normalize_weak calls in group add methods (Peter Dettman)
c83afa66e0c324e42d13adff0e4f7db9b2868788 Tighten group magnitude limits (Peter Dettman)
173e8d061a8d1526f80d9ae79dd7f0371d38f7e0 Implement current magnitude assumptions (Peter Dettman)
49afd2f5d8c323d32a21f2fe182823b6d7704eb2 Take use of _fe_verify_magnitude in field_impl.h (Sebastian Falbesoner)
4e9661fc426c6068b2472f52a772c312bc26acc9 Add _fe_verify_magnitude (no-op unless VERIFY is enabled) (Peter Dettman)
690b0fc05abd76cb7f6bd87e88bf7b8b0fd1ab70 add missing group element invariant checks (Sebastian Falbesoner)
Pull request description:
This PR picks up #1032 by peterdettman. It's essentially a rebase on master; the original first commit (09dbba561fdb9d57a2cc9842ce041d9ba29a6189) which introduced group verification methods has mostly been replaced by PR #1299 (commit f20266722ac93ca66d1beb0d2f2d2469b95aafea) and what remains now is only adding a few missing checks at some places. The remaining commits are unchanged, though some (easy-to-solve) conflicts appeared through cherry-picking. The last commit which actually removes the `normalize_weak` calls is obviously the critical one and needs the most attention for review.
ACKs for top commit:
sipa:
utACK b7c685e74adbd83937990e90f076600fabf8ccf0
real-or-random:
ACK b7c685e74adbd83937990e90f076600fabf8ccf0
jonasnick:
ACK b7c685e74adbd83937990e90f076600fabf8ccf0
Tree-SHA512: f15167eff7ef6ed971c726a4d738de9a15be95b0c947d7e38329e7b16656202b7113497d36625304e784866349f2293f6f1d8cb97df35393af9ea465a4156da3
