This commit also raises the TEST_ITERS for wine tasks to the default.
The overhead of wine is negligible, so we can certainly afford the same
number of iterations as for native Linux tests.
This adds MSVC builds built on Linux using wine. This requires some
settings of tools and flags because the autotools support for MSVC is
naturally somewhat limited.
The advantage of this approach is that it is compatible with our
existing CI scripts, so there's no need to write a Windows CI script
(in PowerShell or similar). If we want to test building and running on
Windows native (e.g., as supported by Cirrus CI) we could still do this
in the future.
Another advantage of this approach is that contributors can simply use
the docker image if they need a MSVC installation in a non-Windows
environment.
This commit also improves the Dockerfile by grouping RUN commands
according to Docker docs:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
6f6cab9989 abi: Don't export symbols in static Windows libraries (Cory Fields)
Pull request description:
For context, Bitcoin Core has recently merged [libbitcoin-kernel](https://github.com/bitcoin/bitcoin/pull/24322), a small library that intends to eventually minimally encompass Core's validation engine. This kernel lib includes a static libsecp256k1. Without this change, because libsecp256k1.a ends up with exported symbols, we end up with libsecp256k1 symbols exported by our libbitcoin-kernel library (which causes unrelated problems not worth getting into here).
libtool takes care of building both object versions, and it automatically builds objects for shared libs with -DDLL_EXPORT. We just need to opt-in to its functionality.
I can't imagine this having any negative impact on any current statically-linking applications, if anything they'll just be a tiny bit smaller because they can now strip unused symbols.
ACKs for top commit:
real-or-random:
utACK 6f6cab9989
theuni:
> Not sure what other changes made compilation on CI fail but Concept ACK [6f6cab9](6f6cab9989). This should be entirely harmless.
sipa:
utACK 6f6cab9989
laanwj:
utACK 6f6cab9989
Tree-SHA512: 39f240046639738f7a8c01068e728b2f9ceac2754cc4b0a5fa46c28f6f57a8c4124653b56dfbf5c13106b07c11ac599cc41b508e16862d539ce1af6c3365a205
7efc9835a9 Fix the false positive of `SECP_64BIT_ASM_CHECK` (Sprite)
Pull request description:
I'm trying to compile this project for RISC-V architecture, and I encountered errors:
```
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%r15' in 'asm'
28 | __asm__ __volatile__(
| ^
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%r14' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%r13' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%r12' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%r11' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%r10' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%r9' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%r8' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%rdx' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%rcx' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%rax' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: output number 0 not directly addressable
src/field_5x52_asm_impl.h: In function 'secp256k1_fe_sqr':
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%r15' in 'asm'
298 | __asm__ __volatile__(
| ^
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%r14' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%r13' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%r12' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%r11' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%r10' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%r9' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%r8' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%rdx' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%rcx' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%rbx' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%rax' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: output number 0 not directly addressable
```
After further investigation I found that for RISC-V, macro `USE_ASM_X86_64` was defined unexpectedly, and `checking for x86_64 assembly availability... yes` appeared in the compilation log file, which means `SECP_64BIT_ASM_CHECK` was not working as expected.
For unknown reasons, `AC_COMPILE_IFELSE` does not check if `__asm__` can be compiled, and an example can verify this point:
```m4
AC_DEFUN([SECP_64BIT_ASM_CHECK],[
AC_MSG_CHECKING(for x86_64 assembly availability)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <stdint.h>]],[[
__asm__ __volatile__("this is obviously wrong");
]])],[has_64bit_asm=yes],[has_64bit_asm=no])
AC_MSG_RESULT([$has_64bit_asm])
])
```
It always gives results: `checking for x86_64 assembly availability... yes`
After testing, replacing `AC_COMPILE_IFELSE` with `AC_LINK_IFELSE` can correctly check if `__asm__` can be compiled and make the project able to compile for RISC-V.
ACKs for top commit:
real-or-random:
ACK 7efc9835a9
Tree-SHA512: 7318dd42004b2930cfcd6541c5a9ce0aa186e2179a668b76089a908bea8d9f70fcfdb264512f971e395a3ce9dc7f9ca24c8f3d46175cad2972a2d713f518ed85
2f984ffc45 Save negations in var-time group addition (Peter Dettman)
Pull request description:
- Updated _gej_add_var, _gej_add_ge_var, _gej_add_zinv_var
- 2 fewer _fe_negate in each method
- Updated operation counts and standardize layout
- Added internal benchmark for _gej_add_zinv_var
benchmark_internal shows about 2% speedup in each method as a result (64bit).
ACKs for top commit:
real-or-random:
ACK 2f984ffc45
jonasnick:
ACK 2f984ffc45
Tree-SHA512: 01366fa23c83a8dd37c9a0a24e0acc53ce38a201607fe4da6672ea5618d82c62d1299f0e0aa50317883821539af739ea52b6561faff230c148e6fdc5bc5af30b
67247e53af musig-spec: More minor cleanup (Elliott Jin)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 67247e53af
Tree-SHA512: 8ea2880aef0bd69e2faf10a5eb44d5ba3839867565bd735a4582189f04ea54ab73ec23f04d08aed1d10bc5aaa55bab688ff4cb4e733dc73e2a5946f9a187c7ac
376733b58b musig-spec: clarify hashing in noncegen by converting ints to bytes (Jonas Nick)
Pull request description:
ACKs for top commit:
real-or-random:
ACK 376733b58b
Tree-SHA512: c4708c476094d242fe7312177e345932bd40b52549007b43d2e5e4efc094101624d8583647f305bcbd042692a9d0117eda38f71e22fee0e0f49d677d9f512a8e
b7f8ea2f2a musig-spec: address robot-dreams' comments (Jonas Nick)
Pull request description:
- KeyAggCoeff' -> KeyAggCoeffInternal for consistency
- In Sign, add mod n when calculating d
- In Tweak, reorder the parameters to (Q, gacc, tacc, tweak, is_xonly) because
the first three are "state" arguments
- Rename Tweak function to ApplyTweak to avoid confusion with tweak (the
vector). This becomes apparent in the python reference code.
ACKs for top commit:
real-or-random:
ACK b7f8ea2f2a
Tree-SHA512: 6f9066af2f67b6d2769f38ebb2537769568e77bab18d487590a0095a695eab5c34a7177e4d299f27e3e30628dd07aff831f3f08db256cf2ae13ea0d92f3e18b8
- KeyAggCoeff' -> KeyAggCoeffInternal for consistency
- In Sign, add mod n when calculating d
- In Tweak, reorder the parameters to (Q, gacc, tacc, tweak, is_xonly) because
the first three are "state" arguments
- Rename Tweak function to ApplyTweak to avoid confusion with tweak (the
vector). This becomes apparent in the python reference code.
fd51a6281e musig-spec: add authors (Jonas Nick)
f56e223a7a musig-spec: explain NonceGen and tweaking in signing flow context (Jonas Nick)
e463ea42bb musig-spec: mention stateless signing in signing flow (Jonas Nick)
a29b961eb7 musig-spec: add acknowledgements and improve abstract (Jonas Nick)
1a086ba9c9 musig-spec: add optional arguments to strengthen nonce function (Jonas Nick)
8d04ac318f musig-spec: remove unnecessary and inconsistent input paragraph (Jonas Nick)
Pull request description:
Based on #177
It's likely we're missing people in the acknowledgements. Ping me if you think you are.
ACKs for top commit:
real-or-random:
ACK fd51a6281e
Tree-SHA512: 5240b783c15f76655b2593422dc7c76de1c5e298bbe2f39858daca4ee1b1877f1ff179b4043e6f1f75f8c804b734f4bb739d38a18a54b094d8640c57fd074ed9
645d9c53c4 examples: let musig use random.h instead of /dev/urandom (Jonas Nick)
eccba5b4e5 examples: relicense musig example to CC0 public domain (Jonas Nick)
7c5af740fa ci: fix missing EXPERIMENTAL flags (Jonas Nick)
03bea1e173 configure: add -zkp modules to dev-mode and remove redundant code (Jonas Nick)
2adb741c45 examples: rename example_musig to musig_example for consistency (Jonas Nick)
37d36927df tests: Add tests for _read_be32 and _write_be32 (Tim Ruffing)
616b43dd3b util: Remove endianness detection (Tim Ruffing)
8d89b9e6e5 hash: Make code agnostic of endianness (Tim Ruffing)
55512d30b7 doc: clean up module help text in configure.ac (Elliott Jin)
d9d94a9969 doc: mention optional modules in README (Elliott Jin)
7f09d0f311 README: mention that ARM assembly is experimental (Jonas Nick)
80cf4eea5f build: stop treating schnorrsig, extrakeys modules as experimental (Jonas Nick)
b8f8b99f0f docs: Fix return value for functions that don't have invalid inputs (Tim Ruffing)
f813bb0df3 schnorrsig: Adapt example to new API (Tim Ruffing)
99e6568fc6 schnorrsig: Rename schnorrsig_sign to schnorsig_sign32 and deprecate (Tim Ruffing)
fc94a2da44 Use SECP256K1_DEPRECATED for existing deprecated API functions (Tim Ruffing)
3db0560606 Add SECP256K1_DEPRECATED attribute for marking API parts as deprecated (Tim Ruffing)
f8d9174357 Add SHA256 bit counter tests (Tim Ruffing)
9b514ce1d2 Add test vector for very long SHA256 messages (Tim Ruffing)
8e3dde1137 Simplify struct initializer for SHA256 padding (Tim Ruffing)
eb28464a8b Change SHA256 byte counter from size_t to uint64_t (Tim Ruffing)
21b2ebaf74 configure: Remove redundant pkg-config code (Tim Ruffing)
0d253d52e8 configure: Use modern way to set AR (Tim Ruffing)
e0838d663d configure: Add hidden --enable-dev-mode to enable all the stuff (Tim Ruffing)
fabd579dfa configure: Remove redundant code that sets _enable variables (Tim Ruffing)
0d4226c051 configure: Use canonical variable prefix _enable consistently (Tim Ruffing)
7c9502cece Add a copy of the CC0 license to the examples (Elichai Turkel)
42e03432e6 Add usage examples to the readme (Elichai Turkel)
517644eab1 Optionally compile the examples in autotools, compile+run in travis (Elichai Turkel)
422a7cc86a Add a ecdh shared secret example (Elichai Turkel)
b0cfbcc143 Add a Schnorr signing and verifying example (Elichai Turkel)
fee7d4bf9e Add an ECDSA signing and verifying example (Elichai Turkel)
e848c3799c Update sage files for new formulae (Peter Dettman)
d64bb5d4f3 Add fe_half tests for worst-case inputs (Peter Dettman)
4eb8b932ff Further improve doubling formula using fe_half (Peter Dettman)
557b31fac3 Doubling formula using fe_half (Pieter Wuille)
2cbb4b1a42 Run more iterations of run_field_misc (Pieter Wuille)
9cc5c257ed Add test for secp256k1_fe_half (Pieter Wuille)
925f78d55e Add _fe_half and use in _gej_add_ge (Peter Dettman)
3531a43b5b ecdh: Make generator_basepoint test depend on global iteration count (Tim Ruffing)
c881dd49bd ecdh: Add test computing shared_secret=basepoint with random inputs (Tim Ruffing)
e51ad3b737 ci: Retry `brew update` a few times to avoid random failures (Tim Ruffing)
b1cb969e8a ci: Revert "Attempt to make macOS builds more reliable" (Tim Ruffing)
e0db3f8a25 build: Replace use of deprecated autoconf macro AC_PROG_CC_C89 (laanwj)
d9396a56da ci: Attempt to make macOS builds more reliable (Tim Ruffing)
ebb1beea78 sage: Ensure that constraints are always fastfracs (Tim Ruffing)
d8d54859ed ci: Run sage prover on CI (Tim Ruffing)
77cfa98dbc sage: Normalize sign of polynomial factors in prover (Tim Ruffing)
eae75869cf sage: Exit with non-zero status in case of failures (Tim Ruffing)
b54d843eac sage: Fix printing of errors (Tim Ruffing)
e108d0039c sage: Fix incompatibility with sage 9.4 (Tim Ruffing)
b797a500ec Create a SECP256K1_ECMULT_TABLE_VERIFY macro. (Russell O'Connor)
a731200cc3 Replace ECMULT_TABLE_GET_GE_STORAGE macro with a function. (Russell O'Connor)
fe34d9f341 Eliminate input_pos state field from ecmult_strauss_wnaf. (Russell O'Connor)
0397d00ba0 Eliminate na_1 and na_lam state fields from ecmult_strauss_wnaf. (Russell O'Connor)
7ba3ffcca0 Remove the unused pre_a_lam allocations. (Russell O'Connor)
b3b57ad6ee Eliminate the pre_a_lam array from ecmult_strauss_wnaf. (Russell O'Connor)
ae7ba0f922 Remove the unused prej allocations. (Russell O'Connor)
e5c18892db Eliminate the prej array from ecmult_strauss_wnaf. (Russell O'Connor)
c9da1baad1 Move secp256k1_fe_one to field.h (Russell O'Connor)
070e772211 Faster fixed-input ecmult tests (Pieter Wuille)
45f37b6506 Modulo-reduce msg32 inside RFC6979 nonce fn to match spec. Fixes#1063. (Paul Miller)
Pull request description:
[bitcoin-core/secp256k1#1064]: Modulo-reduce msg32 inside RFC6979 nonce fn to match spec. Fixes#1063
[bitcoin-core/secp256k1#1049]: Faster fixed-input ecmult tests
[bitcoin-core/secp256k1#899]: Reduce stratch space needed by ecmult_strauss_wnaf.
[bitcoin-core/secp256k1#1068]: sage: Fix incompatibility with sage 9.4
[bitcoin-core/secp256k1#1072]: ci: Attempt to make macOS builds more reliable
[bitcoin-core/secp256k1#1069]: build: Replace use of deprecated autoconf macro AC_PROG_CC_C89
[bitcoin-core/secp256k1#1074]: ci: Retry brew update a few times to avoid random failures
[bitcoin-core/secp256k1#1026]: ecdh: Add test computing shared_secret=basepoint with random inputs
[bitcoin-core/secp256k1#1033]: Add _fe_half and use in _gej_add_ge and _gej_double
[bitcoin-core/secp256k1#748]: Add usage examples
[bitcoin-core/secp256k1#1079]: configure: Add hidden --enable-dev-mode to enable all the stuff
[bitcoin-core/secp256k1#1088]: configure: Use modern way to set AR
[bitcoin-core/secp256k1#1090]: configure: Remove redundant pkg-config code
[bitcoin-core/secp256k1#731]: Change SHA256 byte counter from size_t to uint64_t
[bitcoin-core/secp256k1#1089]: Schnorrsig API improvements
[bitcoin-core/secp256k1#995]: build: stop treating schnorrsig, extrakeys modules as experimental
[bitcoin-core/secp256k1#1094]: doc: Clarify configure flags for optional modules
[bitcoin-core/secp256k1#1093]: hash: Make code agnostic of endianness
This PR can be recreated with `./sync-upstream.sh range 8746600eec5e7fcd35dabd480839a3a4bdfee87b`.
ACKs for top commit:
real-or-random:
ACK 645d9c53c4 I rederived the tree, and tested it with MSVC, including the musig example
Tree-SHA512: 3b771630806ed8481053958c21820dce6e869371833cd18a5c430a2768bda8064ad2bb247afbe38e3fa37320a8b1dbbe65ad68c8963efb995d96aa29ae574884
c715407b4f musig-spec: fix partial sig verification note in intro (Jonas Nick)
11fb8a664b musig-spec: expand on signing flow (Jonas Nick)
Pull request description:
based on #173
ACKs for top commit:
real-or-random:
ACK c715407b4f
Tree-SHA512: def3158157e3b369ede5469501d4899bfe0dd0ec7282883847e0dd58d7874761cf681b9416e79e01d84873446a5187b330fb3b30533059216db8178dd1dd0548
79472c7ee5 configure: Check compile+link when checking existence of functions (Tim Ruffing)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 79472c7ee5
Tree-SHA512: 947f794138636390d74366d9d06eb18f315f038a8555d1057c407f5592f1bd432a74c94ab758a85a5d8324908f46656518ebce30124f56a9d9c3936d144789ae
