394e09ee84 musig: change test vector generation code shebang from python to python3 (Jonas Nick)
aa3edea119 scalar: Remove unused secp256k1_scalar_chacha20 (Tim Ruffing)
167194bede rangeproof: Use util functions for writing big endian (Tim Ruffing)
82777bba34 bppp: Fix test for invalid sign byte (Tim Ruffing)
54b37db953 build: Fix linkage of extra binaries in -zkp modules (Tim Ruffing)
9e96a2e9d8 hsort tests: Don't call secp256k1_testrand_int(0) (Tim Ruffing)
4692478853 ci: print $ELLSWIFT in cirrus.sh (Jonas Nick)
78ca880788 build: enable ellswift module via SECP_CONFIG_DEFINES (Jonas Nick)
b097a466c1 util: remove unused checked_realloc (Cory Fields)
4f8c5bd761 refactor: Drop unused cast (Hennadii Stepanov)
6ec3731e8c Simplify test PRNG implementation (Pieter Wuille)
fb5bfa4eed Add static test vector for Xoshiro256++ (Tim Ruffing)
723e8ca8f7 Remove randomness tests (Pieter Wuille)
c424e2fb43 ellswift: fix probabilistic test failure when swapping sides (Jonas Nick)
981e5be38c ci: Fix typo in comment (Tim Ruffing)
e9e9648219 ci: Reduce number of macOS tasks from 28 to 8 (Tim Ruffing)
609093b387 ci: Add x86_64 Linux tasks for gcc and clang snapshots (Tim Ruffing)
1deecaaf3b ci: Install development snapshots of gcc and clang (Tim Ruffing)
b79ba8aa4c field: Use `restrict` consistently in fe_sqrt (Tim Ruffing)
600c5adcd5 clean up in-comment Sage code (refer to secp256k1_params.sage, update to Python3) (Sebastian Falbesoner)
c7d900ffd1 doc: minor ellswift.md updates (stratospher)
2792119278 Add exhaustive test for ellswift (create+decode roundtrip) (Sebastian Falbesoner)
07c0e8b82e group: remove unneeded normalize_weak in `secp256k1_gej_eq_x_var` (Sebastian Falbesoner)
efa76c4bf7 group: remove unneeded normalize_weak in `secp256k1_ge_is_valid_var` (Sebastian Falbesoner)
c6cd2b15a0 ci: Add task for static library on Windows + CMake (Hennadii Stepanov)
020bf69a44 build: Add extensive docs on visibility issues (Tim Ruffing)
0196e8ade1 build: Introduce `SECP256k1_DLL_EXPORT` macro (Hennadii Stepanov)
9f1b1904a3 refactor: Replace `SECP256K1_API_VAR` with `SECP256K1_API` (Hennadii Stepanov)
ae9db95cea build: Introduce `SECP256K1_STATIC` macro for Windows users (Hennadii Stepanov)
b6b9834e8d small fixes (Alejandro)
5b9f37f136 ci: Add `CFLAGS: -O1` to task matrix (Hennadii Stepanov)
a6ca76cdf2 Avoid `-Wmaybe-uninitialized` when compiling with `gcc -O1` (Hennadii Stepanov)
05873bb6b1 tweak_add: fix API doc for tweak=0 (Jonas Nick)
a7bec34231 ci: Print commit in Windows container (Hennadii Stepanov)
98579e297b ci: Drop manual checkout of merge commit (Tim Ruffing)
5a95a268b9 tests: introduce helper for non-zero `random_fe_test` results (Sebastian Falbesoner)
304421d57b tests: refactor: remove duplicate function `random_field_element_test` (Sebastian Falbesoner)
be8ff3a02a field: Static-assert that int args affecting magnitude are constant (Tim Ruffing)
7d8d5c86df tests: refactor: take use of `secp256k1_ge_x_on_curve_var` (Sebastian Falbesoner)
525b661f83 bppp/build: Fix linkage of benchmark (Tim Ruffing)
4c70cc9bf5 Suppress wrong/buggy warning in MSVC <19.33 (Tim Ruffing)
579999b425 scalar: adjust muladd2 to new int128 interface (Jonas Nick)
b160486766 ecdsa_adaptor: add missing include (Jonas Nick)
c862a9fb49 ci: Adjust Docker image to Debian 12 "bookworm" (Hennadii Stepanov)
a1782098a9 ci: Force DWARF v4 for Clang when Valgrind tests are expected (Hennadii Stepanov)
8a7273465b Help the compiler prove that a loop is entered (Tim Ruffing)
67887ae65c Fix a typo in the error message (Hennadii Stepanov)
7c7467ab7f Refer to ellswift.md in API docs (Pieter Wuille)
c32ffd8d8c Add ellswift to CHANGELOG (Pieter Wuille)
bc7c8db179 abi: Use dllexport for mingw builds (Cory Fields)
5b7bf2e9d4 Use `__shiftright128` intrinsic in `secp256k1_u128_rshift` on MSVC (Hennadii Stepanov)
5779137457 field: Document return value of fe_sqrt() (Tim Ruffing)
90e360acc2 Add doc/ellswift.md with ElligatorSwift explanation (Pieter Wuille)
4f091847c2 Add ellswift testing to CI (Pieter Wuille)
1bcea8c57f Add benchmarks for ellswift module (Pieter Wuille)
2d1d41acf8 Add ctime tests for ellswift module (Pieter Wuille)
df633cdeba Add _prefix and _bip324 ellswift_xdh hash functions (Pieter Wuille)
9695deb351 Add tests for ellswift module (Pieter Wuille)
c47917bbd6 Add ellswift module implementing ElligatorSwift (Pieter Wuille)
79e5b2a8b8 Add functions to test if X coordinate is valid (Pieter Wuille)
a597a5a9ce Add benchmark for key generation (Pieter Wuille)
e449af6872 Drop no longer needed `#include "../include/secp256k1.h"` (Hennadii Stepanov)
f1652528be Normalize ge produced from secp256k1_pubkey_load (stratospher)
7067ee54b4 tests: add tests for `secp256k1_{read,write}_be64` (Sebastian Falbesoner)
740528caad scalar: use newly introduced `secp256k1_{read,write}_be64` helpers (4x64 impl.) (Sebastian Falbesoner)
887183e7de scalar: use `secp256k1_{read,write}_be32` helpers (4x64 impl.) (Sebastian Falbesoner)
52b84238de scalar: use `secp256k1_{read,write}_be32` helpers (8x32 impl.) (Sebastian Falbesoner)
f3644287b1 docs: correct `pubkey` param descriptions for `secp256k1_keypair_{xonly_,}pub` (Sebastian Falbesoner)
db29bf220c ci: Remove quirk that runs dummy command after wineserver (Tim Ruffing)
c7db4942b3 ci: Fix error D8037 in `cl.exe` (Hennadii Stepanov)
7dae115861 Revert "ci: Move wine prefix to /tmp to avoid error D8037 in cl.exe" (Hennadii Stepanov)
605e07e365 fix input range comment for `secp256k1_fe_add_int` (Sebastian Falbesoner)
ade5b36701 tests: add checks for scalar constants `secp256k1_scalar_{zero,one}` (Sebastian Falbesoner)
654246c635 refactor: take use of `secp256k1_scalar_{zero,one}` constants (Sebastian Falbesoner)
e83801f5db test: Warn if both `VERIFY` and `COVERAGE` are defined (Hennadii Stepanov)
1549db0ca5 build: Level up MSVC warnings (Hennadii Stepanov)
ad84603297 release process: clarify change log updates (Jonas Nick)
6348bc7eee release process: fix process for maintenance release (Jonas Nick)
79fa50b082 release process: mention targeted release schedule (Jonas Nick)
165206789b release process: add sanity checks (Jonas Nick)
27504d5c94 ci: Move wine prefix to /tmp to avoid error D8037 in cl.exe (Tim Ruffing)
6433175ffe Do not invoke fe_is_zero on failed set_b32_limit (Pieter Wuille)
5768b50229 build: Enable -DVERIFY for precomputation binaries (Tim Ruffing)
31b4bbee1e Make fe_cmov take max of magnitudes (Pieter Wuille)
95448ef2f8 release cleanup: bump version after 0.3.2 (Pieter Wuille)
e593ed5685 musig: ensure point_load output is normalized (Jonas Nick)
d490ca2046 release: Prepare for 0.3.2 (Tim Ruffing)
697e1ccf4a changelog: Catch up (Tim Ruffing)
76b43f3443 changelog: Add entry for #1303 (Tim Ruffing)
3ad1027a40 Revert "Remove unused scratch space from API" (Jonas Nick)
8c9ae37a5a Add release note (Pieter Wuille)
350b4bd6e6 Mark stack variables as early clobber for technical correctness (Pieter Wuille)
0c729ba70d Bugfix: mark outputs as early clobber in scalar x86_64 asm (Pieter Wuille)
c6bb29b303 build: Rename `64bit` to `x86_64` (Hennadii Stepanov)
03246457a8 autotools: Add `SECP_ARM32_ASM_CHECK` macro (Hennadii Stepanov)
ed4ba238e2 cmake: Add `check_arm32_assembly` function (Hennadii Stepanov)
e5cf4bf3ff build: Rename `arm` to `arm32` (Hennadii Stepanov)
5b32602295 Split fe_set_b32 into reducing and normalizing variants (Pieter Wuille)
1907f0f166 build: Make tests work with external default callbacks (Tim Ruffing)
cd54ac7c1c schnorrsig: Improve docs of schnorrsig_sign_custom (Tim Ruffing)
28687b0312 schnorrsig: Add BIP340 varlen test vectors (Tim Ruffing)
97a98bed1e schnorrsig: Refactor test vector code to allow varlen messages (Tim Ruffing)
17fa21733a ct: Be cautious and use volatile trick in more "conditional" paths (Tim Ruffing)
5fb336f9ce ct: Use volatile trick in scalar_cond_negate (Tim Ruffing)
712e7f8722 Remove unused scratch space from API (Jonas Nick)
d1e48e5474 refactor: Make 64-bit shift explicit (Hennadii Stepanov)
b2e29e43d0 ci: Treat all compiler warnings as errors in "Windows (VS 2022)" task (Hennadii Stepanov)
97c63b9039 Avoid normalize conditional on VERIFY (Pieter Wuille)
7fc642fa25 Simplify secp256k1_fe_{impl_,}verify (Pieter Wuille)
4e176ad5b9 Abstract out verify logic for fe_is_square_var (Pieter Wuille)
4371f98346 Abstract out verify logic for fe_add_int (Pieter Wuille)
89e324c6b9 Abstract out verify logic for fe_half (Pieter Wuille)
283cd80ab4 Abstract out verify logic for fe_get_bounds (Pieter Wuille)
d5aa2f0358 Abstract out verify logic for fe_inv{,_var} (Pieter Wuille)
3167646072 Abstract out verify logic for fe_from_storage (Pieter Wuille)
76d31e5047 Abstract out verify logic for fe_to_storage (Pieter Wuille)
1e6894bdd7 Abstract out verify logic for fe_cmov (Pieter Wuille)
be82bd8e03 Improve comments/checks for fe_sqrt (Pieter Wuille)
6ab35082ef Abstract out verify logic for fe_sqr (Pieter Wuille)
4c25f6efbd Abstract out verify logic for fe_mul (Pieter Wuille)
e179e651cb Abstract out verify logic for fe_add (Pieter Wuille)
7e7ad7ff57 Abstract out verify logic for fe_mul_int (Pieter Wuille)
65d82a3445 Abstract out verify logic for fe_negate (Pieter Wuille)
144670893e Abstract out verify logic for fe_get_b32 (Pieter Wuille)
f7a7666aeb Abstract out verify logic for fe_set_b32 (Pieter Wuille)
ce4d2093e8 Abstract out verify logic for fe_cmp_var (Pieter Wuille)
7d7d43c6dd Improve comments/check for fe_equal{,_var} (Pieter Wuille)
c5e788d672 Abstract out verify logic for fe_is_odd (Pieter Wuille)
d3f3fe8616 Abstract out verify logic for fe_is_zero (Pieter Wuille)
c701d9a471 Abstract out verify logic for fe_clear (Pieter Wuille)
19a2bfeeea Abstract out verify logic for fe_set_int (Pieter Wuille)
864f9db491 Abstract out verify logic for fe_normalizes_to_zero{,_var} (Pieter Wuille)
6c31371120 Abstract out verify logic for fe_normalize_var (Pieter Wuille)
e28b51f522 Abstract out verify logic for fe_normalize_weak (Pieter Wuille)
b6b6f9cb97 Abstract out verify logic for fe_normalize (Pieter Wuille)
7fa5195559 Bugfix: correct SECP256K1_FE_CONST mag/norm fields (Pieter Wuille)
b29566c51b Merge magnitude/normalized fields, move/improve comments (Pieter Wuille)
bbc834467c Avoid secp256k1_ge_set_gej_zinv with uninitialized z (Pieter Wuille)
0a2e0b2ae4 Make secp256k1_{fe,ge,gej}_verify work as no-op if non-VERIFY (Pieter Wuille)
f20266722a Add invariant checking to group elements (Pieter Wuille)
a18821d5b1 Always initialize output coordinates in secp256k1_ge_set_gej (Pieter Wuille)
3086cb90ac Expose secp256k1_fe_verify to other modules (Pieter Wuille)
a0e696fd4d Make secp256k1_ecmult_const handle infinity (Gregory Maxwell)
2e65f1fdbc Avoid using bench_verify_data as bench_sign_data; merge them (Pieter Wuille)
149c41cee1 docs: complete interface description for `secp256k1_schnorrsig_sign_custom` (Sebastian Falbesoner)
bef448f9af cmake: Fix library ABI versioning (Hennadii Stepanov)
755629bc03 cmake: Use full signature of `add_test()` command (Hennadii Stepanov)
7e977b3c50 autotools: Take VPATH builds into account when generating testvectors (Tim Ruffing)
2418d3260a autotools: Create src/wycheproof dir before creating file in it (Tim Ruffing)
8764034ed5 autotools: Make all "pregenerated" targets .PHONY (Tim Ruffing)
e1b9ce8811 autotools: Use same conventions for all pregenerated files (Tim Ruffing)
08f4b1632d autotools: Move code around to tidy Makefile (Tim Ruffing)
529b54d922 autotools: Move Wycheproof header from EXTRA_DIST to noinst_HEADERS (Tim Ruffing)
71f746c057 cmake: Include `include` directory for subtree builds (Hennadii Stepanov)
5431b9decd cmake: Make `SECP256K1_INSTALL` default depend on `PROJECT_IS_TOP_LEVEL` (Hennadii Stepanov)
162608cc98 cmake: Emulate `PROJECT_IS_TOP_LEVEL` for CMake<3.21 (Hennadii Stepanov)
a8d059f76c cmake, doc: Document compiler flags (Hennadii Stepanov)
6ece1507cb cmake, refactor: Rename `try_add_compile_option` to `try_append_cflags` (Hennadii Stepanov)
19516ed3e9 cmake: Use `add_compile_options()` in `try_add_compile_option()` (Hennadii Stepanov)
a273d74b2e cmake: Improve version comparison (Hennadii Stepanov)
6a58b483ef cmake: Use `if(... IN_LIST ...)` command (Hennadii Stepanov)
2445808c02 cmake: Use dedicated `GENERATOR_IS_MULTI_CONFIG` property (Hennadii Stepanov)
9f8703ef17 cmake: Use dedicated `CMAKE_HOST_APPLE` variable (Hennadii Stepanov)
8c2017035a cmake: Use recommended `add_compile_definitions` command (Hennadii Stepanov)
04d4cc071a cmake: Add `DESCRIPTION` and `HOMEPAGE_URL` options to `project` command (Hennadii Stepanov)
8a8b6536ef cmake: Use `SameMinorVersion` compatibility mode (Hennadii Stepanov)
ce5ba9e24d gitignore: Add CMakeUserPresets.json (Tim Ruffing)
0a446a312f cmake: Add dev-mode CMake preset (Tim Ruffing)
dc0657c762 build: Fix C4005 "macro redefinition" MSVC warnings in examples (Hennadii Stepanov)
c4062d6b5d debug: move helper for printing buffers into util.h (Jonas Nick)
3858bad2c6 tests: remove extra semicolon in macro (Jonas Nick)
162da73e9a tests: Add debug helper for printing buffers (Tim Ruffing)
e9fd3dff76 field: Improve docs and tests of secp256k1_fe_set_b32 (Tim Ruffing)
ca92a35d01 field: Simplify code in secp256k1_fe_set_b32 (Tim Ruffing)
d93f62e369 field: Verify field element even after secp256k1_fe_set_b32 fails (Tim Ruffing)
69e1ec0331 Get rid of secp256k1_fe_const_b (Pieter Wuille)
68b16a1662 bench: Make sys/time.h a system include (Tim Ruffing)
8e142ca410 Move `SECP256K1_INLINE` macro definition out from `include/secp256k1.h` (Hennadii Stepanov)
77445898a5 Remove `SECP256K1_INLINE` usage from examples (Hennadii Stepanov)
47ac3d63cd cmake: Make installation optional (Anna “CyberTailor”)
1ecb94ebe9 build: Make `SECP_VALGRIND_CHECK` preserve `CPPFLAGS` (Hennadii Stepanov)
35ada3b954 tests: lint wycheproof's python script (RandomLattice)
ef49a11d29 build: allow static or shared but not both (Cory Fields)
36b0adf1b9 build: remove warning until it's reproducible (Cory Fields)
a575339c02 Remove bits argument from secp256k1_wnaf_const (always 256) (Pieter Wuille)
1b6fb5593c doc: clarify process for patch releases (Jonas Nick)
06c67dea9f autotools: Don't regenerate Wycheproof header automatically (Tim Ruffing)
656c6ea8d8 release cleanup: bump version after 0.3.1 (Jonas Nick)
6a37b2a5ea changelog: Fix link (Tim Ruffing)
898e1c676e release: Prepare for 0.3.1 (Tim Ruffing)
1d9a13fc26 changelog: Remove inconsistent newlines (Tim Ruffing)
0e091669a1 changelog: Catch up in preparation of 0.3.1 (Tim Ruffing)
e5de454609 tests: Add Wycheproof ECDSA vectors (RandomLattice)
0f8642079b Add exhaustive tests for ecmult_const_xonly (Pieter Wuille)
4485926ace Add x-only ecmult_const version for x=n/d (Pieter Wuille)
3d1f430f9f Make position of * in pointer declarations in include/ consistent (Jonas Nick)
0c07c82834 Add CMake instructions to release process (Tim Ruffing)
4a496a36fb ct: Use volatile "trick" in all fe/scalar cmov implementations (Tim Ruffing)
3addb4c1e8 build: Improve `SECP_TRY_APPEND_DEFAULT_CFLAGS` macro (Hennadii Stepanov)
5bb03c2911 Replace `SECP256K1_ECMULT_TABLE_VERIFY` macro by a function (Hennadii Stepanov)
4429a8c218 Suppress `-Wunused-parameter` when building for coverage analysis (Hennadii Stepanov)
3e43041be6 No need to subtract 1 before doing a right shift (roconnor-blockstream)
fd2a408647 Set ARM ASM symbol visibility to `hidden` (Hennadii Stepanov)
4ebd82852d Apply Checks only in VERIFY mode. (roconnor-blockstream)
d1e7ca192d Typo (roconnor-blockstream)
96dd062511 build: bump CMake minimum requirement to 3.13 (Cory Fields)
8e79c7ed11 build: Ensure no optimization when building for coverage analysis (Hennadii Stepanov)
647f0a5cb1 Update comment for secp256k1_modinv32_inv256 (roconnor-blockstream)
28e63f7ea7 release cleanup: bump version after 0.3.0 (Jonas Nick)
b40adf2360 release: prepare for 0.3.0 (Jonas Nick)
8be82d4362 cmake: Rename project to "libsecp256k1" (Hennadii Stepanov)
756b61d451 readme: Use correct build type in CMake/Windows build instructions (Tim Ruffing)
92098d84cf changelog: Add entry for CMake (Tim Ruffing)
e1eb33724c ci: Add "x86_64: Windows (VS 2022)" task (Hennadii Stepanov)
10602b0030 cmake: Export config files (Hennadii Stepanov)
5468d70964 build: Add CMake-based build system (Hennadii Stepanov)
5d8f53e312 Remove redudent checks. (Russell O'Connor)
d232112fa7 Update Changelog (Tim Ruffing)
b081f7e4cb Add secp256k1_fe_add_int function (Pieter Wuille)
2ef1c9b387 Update overflow check (Russell O'Connor)
5660c13755 prevent optimization in algorithms (Harshil Jani)
ce3cfc78a6 doc: Describe Jacobi calculation in safegcd_implementation.md (Elliott Jin)
6be01036c8 Add secp256k1_fe_is_square_var function (Pieter Wuille)
1de2a01c2b Native jacobi symbol algorithm (Pieter Wuille)
04c6c1b181 Make secp256k1_modinv64_det_check_pow2 support abs val (Pieter Wuille)
5fffb2c7af Make secp256k1_i128_check_pow2 support -(2^n) (Pieter Wuille)
e4330341bd ci: Shutdown wineserver whenever CI script exits (Tim Ruffing)
9a5a611a21 build: Suppress stupid MSVC linker warning (Tim Ruffing)
739c53b19a examples: Extend sig examples by call that uses static context (Tim Ruffing)
914276e4d2 build: Add SECP256K1_API_VAR to fix importing variables from DLLs (Tim Ruffing)
e089eecc1e group: Further simply gej_add_ge (Tim Ruffing)
ac71020ebe group: Save a normalize_to_zero in gej_add_ge (Tim Ruffing)
8c7e0fc1de build: Add -Wreserved-identifier supported by clang (Tim Ruffing)
9b60e3148d ci: Do not set git's `user.{email,name}` config options (Hennadii Stepanov)
ef39721ccc Do not link `bench` and `ctime_tests` to `COMMON_LIB` (Hennadii Stepanov)
c2415866c7 ci: Don't fetch git history (Tim Ruffing)
0ecf318851 ci: Use remote pull/merge ref instead of local git merge (Tim Ruffing)
9b7d18669d Drop no longer used Autoheader macros (Hennadii Stepanov)
eb6bebaee3 scalar: restrict split_lambda args, improve doc and VERIFY_CHECKs (Jonas Nick)
7f49aa7f2d ci: add test job with -DVERIFY (Jonas Nick)
620ba3d74b benchmarks: fix bench_scalar_split (Jonas Nick)
e39d954f11 tests: Add CHECK_ILLEGAL(_VOID) macros and use in static ctx tests (Tim Ruffing)
61841fc9ee contexts: Forbid randomizing secp256k1_context_static (Tim Ruffing)
4b6df5e33e contexts: Forbid cloning/destroying secp256k1_context_static (Tim Ruffing)
8f51229e03 ctime_tests: improve output when CHECKMEM_RUNNING is not defined (Jonas Nick)
2cd4e3c0a9 Drop no longer used `SECP_{LIBS,INCLUDE}` variables (Hennadii Stepanov)
613626f94c Drop no longer used `SECP_TEST_{LIBS,INCLUDE}` variables (Hennadii Stepanov)
d6ff738d5b Ensure safety of ctz_debruijn implementation. (Russell O'Connor)
ce60785b26 Introduce SECP256K1_B macro for curve b coefficient (Pieter Wuille)
4934aa7995 Switch to exhaustive groups with small B coefficient (Pieter Wuille)
e03ef86559 Make all non-API functions (except main) static (Pieter Wuille)
0f088ec112 Rename CTIMETEST -> CTIMETESTS (Pieter Wuille)
74b026f05d Add runtime checking for DECLASSIFY flag (Pieter Wuille)
5e2e6fcfc0 Run ctime test in Linux MSan CI job (Pieter Wuille)
18974061a3 Make ctime tests building configurable (Pieter Wuille)
5048be17e9 Rename valgrind_ctime_test -> ctime_tests (Pieter Wuille)
6eed6c18de Update error messages to suggest msan as well (Pieter Wuille)
8e11f89a68 Add support for msan integration to checkmem.h (Pieter Wuille)
8dc64079eb Add compile-time error to valgrind_ctime_test (Pieter Wuille)
0db05a770e Abstract interactions with valgrind behind new checkmem.h (Pieter Wuille)
4f1a54e41d Move valgrind CPPFLAGS into SECP_CONFIG_DEFINES (Pieter Wuille)
d4a6b58df7 Add `noverify_tests` to `.gitignore` (Hennadii Stepanov)
e862c4af0c Makefile: add -I$(top_srcdir)/src to CPPFLAGS for precomputed (Matt Whitlock)
9a93f48f50 refactor: Rename STTC to STATIC_CTX in tests (Tim Ruffing)
3385a2648d refactor: Rename global variables to uppercase in tests (Tim Ruffing)
203760023c tests: Add noverify_tests which is like tests but without VERIFY (Tim Ruffing)
39e8f0e3d7 refactor: Separate run_context_tests into static vs proper contexts (Tim Ruffing)
a4a09379b1 tests: Clean up and improve run_context_tests() further (Tim Ruffing)
fc90bb5695 refactor: Tidy up main() (Tim Ruffing)
f32a36f620 tests: Don't use global context for context tests (Tim Ruffing)
ce4f936c4f tests: Tidy run_context_tests() by extracting functions (Tim Ruffing)
18e0db30cb tests: Don't recreate global context in scratch space test (Tim Ruffing)
b19806122e tests: Use global copy of secp256k1_context_static instead of clone (Tim Ruffing)
2f9ca284e2 Drop `SECP_CONFIG_DEFINES` from examples (Hennadii Stepanov)
c0a555b2ae Bugfix: pass SECP_CONFIG_DEFINES to bench compilation (Pieter Wuille)
d216475205 test secp256k1_i128_to_i64 (Russell O'Connor)
4bc429019d Add a secp256k1_i128_to_u64 function. (Russell O'Connor)
a49e0940ad docs: Fix typo (Tim Ruffing)
2551cdac90 tests: Fix code formatting (Tim Ruffing)
c635c1bfd5 Change ARG_CHECK_NO_RETURN to ARG_CHECK_VOID which returns (void) (Tim Ruffing)
cf66f2357c refactor: Add helper function secp256k1_context_is_proper() (Tim Ruffing)
c30b889f17 Clarify that the ABI-incompatible versions are earlier (Pieter Wuille)
881fc33d0c Consistency in naming of modules (Pieter Wuille)
9ecf8149a1 Reduce font size in changelog (Pieter Wuille)
2dc133a67f Add more changelog entries (Pieter Wuille)
ac233e181a Add links to diffs to changelog (Pieter Wuille)
cee8223ef6 Mention semantic versioning in changelog (Pieter Wuille)
9c5a4d21bb Do not define unused `HAVE_VALGRIND` macro (Hennadii Stepanov)
ad8647f548 Drop no longer relevant files from `.gitignore` (Hennadii Stepanov)
b627ba7050 Remove dependency on `src/libsecp256k1-config.h` (Hennadii Stepanov)
7a74688201 ci: add missing CFLAGS & CPPFLAGS variable to print_environment (Jonas Nick)
c2e0fdadeb ci: set -u in cirrus.sh to treat unset variables as an error (Jonas Nick)
02ebc290f7 release cleanup: bump version after 0.2.0 (Jonas Nick)
b6b360efaf doc: improve message of cleanup commit (Jonas Nick)
e025ccdf74 release: prepare for initial release 0.2.0 (Jonas Nick)
6d1784a2e2 build: add missing files to EXTRA_DIST (Jonas Nick)
13bf1b6b32 changelog: make order of change types match keepachangelog.com (Jonas Nick)
b1f992a552 doc: improve release process (Jonas Nick)
ad39e2dc41 build: change package version to 0.1.0-dev (Jonas Nick)
90618e9263 doc: move CHANGELOG from doc/ to root directory (Jonas Nick)
7e5b22684f Don't use compute credits for now (Pieter Wuille)
d6dc0f4ae3 tests: Switch to NONE contexts in module tests (Jonas Nick)
0c8a5caddd tests: Switch to NONE contexts in tests.c (Jonas Nick)
86540e9e1f tests: add test for deprecated flags and rm them from run_context (Jonas Nick)
caa0ad631e group: add gej_eq_var (Jonas Nick)
37ba744f5b tests: Switch to NONE contexts in exhaustive and ctime tests (Jonas Nick)
8d7a9a8eda benchmarks: Switch to NONE contexts (Jonas Nick)
4386a2306c examples: Switch to NONE contexts (Tim Ruffing)
7289b51d31 docs: Use doxygen style if and only if comment is user-facing (Tim Ruffing)
e7d0185c90 docs: Get rid of "initialized for signing" terminology (Tim Ruffing)
06126364ad docs: Tidy and improve docs about contexts and randomization (Tim Ruffing)
e02d6862bd selftest: Expose in public API (Tim Ruffing)
e383fbfa66 selftest: Rename internal function to make name available for API (Tim Ruffing)
d2c6d48de3 tests: Use new name of static context (Tim Ruffing)
53796d2b24 contexts: Rename static context (Tim Ruffing)
72fedf8a6c docs: Improve docs for static context (Tim Ruffing)
316ac7625a contexts: Deprecate all context flags except SECP256K1_CONTEXT_NONE (Tim Ruffing)
1a553ee8be docs: Change signature "validation" to "verification" (Tim Ruffing)
ee7341fbac docs: Never require a verification context (Tim Ruffing)
092be61c5e gitignore: Add *.sage.py files autogenerated by sage (Tim Ruffing)
a8494b02bf Use compute credits for macOS jobs (Pieter Wuille)
c0ae48c995 Update macOS image for CI (Pieter Wuille)
41e8704b48 build: Enable some modules by default (Tim Ruffing)
99bd335599 Make int128 overflow test use secp256k1_[ui]128_mul (Pieter Wuille)
3afce0af7c Avoid signed overflow in MSVC AMR64 secp256k1_mul128 (Pieter Wuille)
9b5f589d30 Heuristically decide whether to use int128_struct (Pieter Wuille)
63ff064d2f int128: Add test override for testing __(u)mulh on MSVC X64 (Tim Ruffing)
f2b7e88768 Add int128 randomized tests (Pieter Wuille)
00a42b91b3 Add MSan CI job (Pieter Wuille)
a340d9500a ci: add int128_struct tests (Jonas Nick)
dceaa1f579 int128: Tidy #includes of int128.h and int128_impl.h (Tim Ruffing)
2914bccbc0 Simulated int128 type. (Russell O'Connor)
6a965b6b98 Remove usage of CHECK from non-test file (Tobin C. Harding)
4e54c03153 ci: print env to allow reproducing the job outside of CI (Jonas Nick)
49ae843592 ci: mostly prevent "-v/--version: not found" irrelevant error (Jonas Nick)
5c9f1a5c37 ci: always cat all logs_snippets (Jonas Nick)
f5039cb66c Cleanup `.gitignore` file (Hennadii Stepanov)
798727ae1e Revert "Add test logs to gitignore" (Hennadii Stepanov)
88b00897e7 readme: Fix line break (Tim Ruffing)
78f5296da4 readme: Sell "no runtime dependencies" (Tim Ruffing)
ef48f088ad readme: Add IRC channel (Tim Ruffing)
cabe085bb4 configure: Remove pkgconfig macros again (reintroduced by mismerge) (Tim Ruffing)
c27ae45144 config: Remove basic-config.h (Tim Ruffing)
da6514a04a config: Introduce DEBUG_CONFIG macro for debug output of config (Tim Ruffing)
d0cf55e13a config: Set preprocessor defaults for ECMULT_* config values (Tim Ruffing)
17065f48ae tests: Randomize the context with probability 15/16 instead of 1/4 (Tim Ruffing)
55f8bc99dc ecmult_gen: Improve comments about projective blinding (Tim Ruffing)
7a86955800 ecmult_gen: Simplify code (no observable change) (Tim Ruffing)
4cc0b1b669 ecmult_gen: Skip RNG when creating blinding if no seed is available (Tim Ruffing)
40a3473a9d build: Fix #include "..." paths to get rid of further -I arguments (Tim Ruffing)
069aba8125 Fix sepc256k1 -> secp256k1 typo in group.h (henopied)
1827c9bf2b scratch_destroy: move VERIFY_CHECK after invalid scrach space check (siv2r)
49e2acd927 configure: Improve rationale for WERROR_CFLAGS (Tim Ruffing)
8dc4b03341 ci: Add a C++ job that compiles the public headers without -fpermissive (Tim Ruffing)
51f296a46c ci: Run persistent wineserver to speed up wine (Tim Ruffing)
3fb3269c22 ci: Add 32-bit MinGW64 build (Tim Ruffing)
9efc2e5221 ci: Add MSVC builds (Tim Ruffing)
2be6ba0fed configure: Convince autotools to work with MSVC's archiver lib.exe (Tim Ruffing)
bd81f4140a schnorrsig bench: Suppress a stupid warning in MSVC (Tim Ruffing)
09f3d71c51 configure: Add a few CFLAGS for MSVC (Tim Ruffing)
3b4f3d0d46 build: Reject C++ compilers in the preprocessor (Tim Ruffing)
1cc0941414 configure: Don't abort if the compiler does not define __STDC__ (Tim Ruffing)
cca8cbbac8 configure: Output message when checking for valgrind (Tim Ruffing)
1a6be5745f bench: Make benchmarks compile on MSVC (Tim Ruffing)
6f6cab9989 abi: Don't export symbols in static Windows libraries (Cory Fields)
7efc9835a9 Fix the false positive of `SECP_64BIT_ASM_CHECK` (Sprite)
2f984ffc45 Save negations in var-time group addition (Peter Dettman)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 395e65e9f1
Tree-SHA512: 95feaf60c5fc8c8cafde8796c50b4b9dfcae87ece3be90286278243a629bcfd91fc4ffdc707a6cc5969fbaf9cd8ea490aa34ca724462b77cd542ebcd7f013eb9
The test is supposed to create an invalid sign byte. Before this PR,
the generated sign byte could in fact be valid due to an overflow.
Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
b097a466c1 util: remove unused checked_realloc (Cory Fields)
Pull request description:
Usage was removed in 6fe50439 . This should be a NOOP.
Noticed when analyzing for zenbleed exposure: stdlib calls that aren't optimized away.
In this case realloc isn't making it into the final binary, but as far as I can tell this is completely dead code and should be dropped.
ACKs for top commit:
jonasnick:
ACK b097a466c1
real-or-random:
ACK b097a466c1
Tree-SHA512: d4249215eddd4035be2b50a8bb48b8a681abdab4ab41ca53f6c2a2507edfbc9ffa39ba22eb48e7da52f978e224198294495ce64f9d571d98c19283b20b82a63a
ea478beec6 musig: change test vector generation code shebang from python to python3 (Jonas Nick)
Pull request description:
The linter included in the Bitcoin Core and Elements test framework requires python3.
ACKs for top commit:
real-or-random:
utACK ea478beec6
Tree-SHA512: 0174e9d72529d1aa2c7a0542bc49a21af9163715961fa042da39c9bb857259f4c7e2b9be8e30b77c7b9b420574bd15f76308d807e22bdc590a91d249cca5ae86
5d8f53e312 Remove redudent checks. (Russell O'Connor)
d232112fa7 Update Changelog (Tim Ruffing)
b081f7e4cb Add secp256k1_fe_add_int function (Pieter Wuille)
2ef1c9b387 Update overflow check (Russell O'Connor)
5660c13755 prevent optimization in algorithms (Harshil Jani)
ce3cfc78a6 doc: Describe Jacobi calculation in safegcd_implementation.md (Elliott Jin)
6be01036c8 Add secp256k1_fe_is_square_var function (Pieter Wuille)
1de2a01c2b Native jacobi symbol algorithm (Pieter Wuille)
04c6c1b181 Make secp256k1_modinv64_det_check_pow2 support abs val (Pieter Wuille)
5fffb2c7af Make secp256k1_i128_check_pow2 support -(2^n) (Pieter Wuille)
e4330341bd ci: Shutdown wineserver whenever CI script exits (Tim Ruffing)
9a5a611a21 build: Suppress stupid MSVC linker warning (Tim Ruffing)
739c53b19a examples: Extend sig examples by call that uses static context (Tim Ruffing)
914276e4d2 build: Add SECP256K1_API_VAR to fix importing variables from DLLs (Tim Ruffing)
e089eecc1e group: Further simply gej_add_ge (Tim Ruffing)
ac71020ebe group: Save a normalize_to_zero in gej_add_ge (Tim Ruffing)
8c7e0fc1de build: Add -Wreserved-identifier supported by clang (Tim Ruffing)
9b60e3148d ci: Do not set git's `user.{email,name}` config options (Hennadii Stepanov)
ef39721ccc Do not link `bench` and `ctime_tests` to `COMMON_LIB` (Hennadii Stepanov)
c2415866c7 ci: Don't fetch git history (Tim Ruffing)
0ecf318851 ci: Use remote pull/merge ref instead of local git merge (Tim Ruffing)
9b7d18669d Drop no longer used Autoheader macros (Hennadii Stepanov)
eb6bebaee3 scalar: restrict split_lambda args, improve doc and VERIFY_CHECKs (Jonas Nick)
7f49aa7f2d ci: add test job with -DVERIFY (Jonas Nick)
620ba3d74b benchmarks: fix bench_scalar_split (Jonas Nick)
e39d954f11 tests: Add CHECK_ILLEGAL(_VOID) macros and use in static ctx tests (Tim Ruffing)
61841fc9ee contexts: Forbid randomizing secp256k1_context_static (Tim Ruffing)
4b6df5e33e contexts: Forbid cloning/destroying secp256k1_context_static (Tim Ruffing)
8f51229e03 ctime_tests: improve output when CHECKMEM_RUNNING is not defined (Jonas Nick)
2cd4e3c0a9 Drop no longer used `SECP_{LIBS,INCLUDE}` variables (Hennadii Stepanov)
613626f94c Drop no longer used `SECP_TEST_{LIBS,INCLUDE}` variables (Hennadii Stepanov)
d6ff738d5b Ensure safety of ctz_debruijn implementation. (Russell O'Connor)
ce60785b26 Introduce SECP256K1_B macro for curve b coefficient (Pieter Wuille)
4934aa7995 Switch to exhaustive groups with small B coefficient (Pieter Wuille)
e03ef86559 Make all non-API functions (except main) static (Pieter Wuille)
0f088ec112 Rename CTIMETEST -> CTIMETESTS (Pieter Wuille)
74b026f05d Add runtime checking for DECLASSIFY flag (Pieter Wuille)
5e2e6fcfc0 Run ctime test in Linux MSan CI job (Pieter Wuille)
18974061a3 Make ctime tests building configurable (Pieter Wuille)
5048be17e9 Rename valgrind_ctime_test -> ctime_tests (Pieter Wuille)
6eed6c18de Update error messages to suggest msan as well (Pieter Wuille)
8e11f89a68 Add support for msan integration to checkmem.h (Pieter Wuille)
8dc64079eb Add compile-time error to valgrind_ctime_test (Pieter Wuille)
0db05a770e Abstract interactions with valgrind behind new checkmem.h (Pieter Wuille)
4f1a54e41d Move valgrind CPPFLAGS into SECP_CONFIG_DEFINES (Pieter Wuille)
d4a6b58df7 Add `noverify_tests` to `.gitignore` (Hennadii Stepanov)
e862c4af0c Makefile: add -I$(top_srcdir)/src to CPPFLAGS for precomputed (Matt Whitlock)
Pull request description:
ACKs for top commit:
real-or-random:
tACK 0d540ec942
Tree-SHA512: bc54ccf752163ab6e1a12bb8c4e1f9339f4421d2e4f7716c408549514b3c902f2e9f727655799f1eecb085b0026761b04735b17be3c95c6cf54e07fbf7e86477
The test is supposed to create an invalid sign byte. Before this PR,
the generated sign byte could in fact be valid due to an overflow.
Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
9b6a1c384d sync-upstream.sh: Fix position of "-b" option in reproduce command (Tim Ruffing)
Pull request description:
ACKs for top commit:
jonasnick:
utACK 9b6a1c384d
Tree-SHA512: 27e4a41bc9c8f10715623f669c97a511520753b23d24ae91d6d2144e54588da0769f97b1de78c87b7471b39e556b682b1c2910b2bf71f124fb77cbc9e446d5f8
c424e2fb43 ellswift: fix probabilistic test failure when swapping sides (Jonas Nick)
Pull request description:
Reported by jonatack in https://github.com/bitcoin/bitcoin/issues/28079.
When configured with `--disable-module-ecdh --enable-module-recovery`, then `./tests 64 81af32fd7ab8c9cbc2e62a689f642106` fails with
```
src/modules/ellswift/tests_impl.h:396: test condition failed: secp256k1_memcmp_var(share32_bad, share32a, 32) != 0
```
This tests verifies that changing the `party` bit of the `secp256k1_ellswift_xdh` function results in a different share. However, that's not the case when the secret keys of both parties are the same and this is actually what happens in the observed test failure. The keys can be equal in this test case because they are created by the `random_scalar_order_test` function whose output is not uniformly random (it's biased towards 0).
This commit restores the assumption that the secret keys differ.
ACKs for top commit:
sipa:
utACK c424e2fb43
real-or-random:
utACK c424e2fb43
Tree-SHA512: d1ab61473a77478f9aeffb21ad73e0bba478c90d8573c72ec89d2e0140434cc65c9d5f4d56e5f259931dc68fc1800695c6cd5d63d9cfce4c1c4d6744eeaa2028
