f09497ea3e07d7a730a6ff3479dca18b848ef729 CI: tweak cirrus.yml to prevent OOM and timeout w sanitizer/valgrind (Jonas Nick)
7226cf215aaca80fcddcc5242c8ea11d2b35c85b ecdsa_adaptor: fix too small buffer in tests (Jonas Nick)
b053e853d4f556499decb5c50af473f91996f46e ecdsa_adaptor: fix test case with invalid signature (Jonas Nick)
d27e459861026ddaa376c9cb2acf93ad3c668ee3 Revert "Remove unused Jacobi symbol support" (Jonas Nick)
c58c4ea4707ec5934e49890db881914df3a341b4 ci: Add ppc64le build (Tim Ruffing)
8f879c2887e166da2ec959ce78078f7b84ebfdf9 Fix array size in bench_ecmult (Jonas Nick)
2fe1b50df16c9f41ea77b151634d734b930eeddd Add ecmult_gen, ecmult_const and ecmult to benchmark (Jonas Nick)
593e6bad9c5cda05dd72a5bd8266c4880113b4af Clean up ecmult_bench to make space for more benchmarks (Jonas Nick)
a35fdd3478f7556dfb9b83f32aaa319ccadff9a9 ci: Run PRs on merge result even for i686 (Tim Ruffing)
02dcea1ad9441f857c7768e2b7d304bb19fd2a0c ci: Make test iterations configurable and tweak for sanitizer builds (Tim Ruffing)
489ff5c20a1457d0e7d765c8f05856c50c4777a8 tests: Treat empty SECP2561_TEST_ITERS as if it was unset (Tim Ruffing)
fcfcb97e74b55a107290d44c81c049d6168e954f ci: Simplify to use generic wrapper for QEMU, Valgrind, etc (Tim Ruffing)
de4157f13acc43d521e3133ff1d2e7d67484f0ac ci: Run ASan/LSan and reorganize sanitizer and Valgrind jobs (Tim Ruffing)
09b3bb8648fec903e4ac2ec1d047503d5f0f48d7 Clean up git tree (Tim Ruffing)
8bbad7a18e5dc5054b27ae44ea0c8dffe050f6bf Add asm build to ARM32 CI (Pieter Wuille)
7d65ed5214273275841f5aa272ad561df7ea7f21 Add ARM32/ARM64 CI (Pieter Wuille)
6eceec6d566898a5c157630e47f95b260767026b add `secp256k1_xonly_pubkey_cmp` method (Andrew Poelstra)
0d9561ae879848191a14bcc67db87cbfd44fb69a add `secp256k1_ec_pubkey_cmp` method (Andrew Poelstra)
22a9ea154a280987be7cf8322156c8738c41c3c5 contrib: Explain explicit header guards (Tim Ruffing)
0881633dfd0c530a915cf63be295f00841c94cc4 secp256k1.h: clarify that by default arguments must be != NULL (Jonas Nick)
14c9739a1fb485bb56dbe3447132a37bcbef4e22 tests: Improve secp256k1_ge_set_all_gej_var for some infinity inputs (Tim Ruffing)
4a19668c37bc77d0165f4a1c0e626e321e9c4a09 tests: Test secp256k1_ge_set_all_gej_var for all infinity inputs (Tim Ruffing)
45b6468d7e3ed9849ed474c71e9a9479de1a77db Have secp256k1_ge_set_all_gej_var initialize all fields. Previous behaviour would not initialize r->y values in the case where infinity is passed in. Furthermore, the previous behaviour wouldn't initialize anything in the case where all inputs were infinity. (Russell O'Connor)
31c0f6de413e521731ad0e63424431b3dd49cec8 Have secp256k1_gej_double_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. (Russell O'Connor)
dd6c3de322740a3054cf6a1994a38dc8f201b473 Have secp256k1_ge_set_gej_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. (Russell O'Connor)
3c90bdda95aa4e79ff33bfbbbe91872417650ae9 change local lib headers to be relative for those pointing at "include/" dir (William Bright)
c8483520c9077905a1dc8b9adb88b6ea2a3bd9ef Makefile.am: Don't pass a variable twice (Tim Ruffing)
2161f31785e66e4e46471208610b5e3e98331849 Makefile.am: Honor config when building gen_context (Tim Ruffing)
99f47c20ec41279075d6b3ae64c9c1a84b40a6f8 gen_context: Don't use external ASM because it complicates the build (Tim Ruffing)
99e2d5be0dba938b7701d157cba86252db9eb61c Avoids a missing brace warning in schnorrsig/tests_impl.h on old compilers. (Gregory Maxwell)
ed5a199bed65bf084f34ce18d35807d31a1c75bb tests: fopen /dev/urandom in binary mode (Tim Ruffing)
4dc37bf81b55b9a3ffcf09f7a212436d25844710 Add mingw32-w64/wine CI build (Pieter Wuille)
ae9e648526ceaf7cd97ba4dfe3c105db8e226c35 Define SECP256K1_BUILD in secp256k1.c directly. (Gregory Maxwell)
be0609fd54af95a15b76cea150e6907d581318dd Add unit tests for edge cases with delta=1/2 variant of divsteps (Pieter Wuille)
cd393ce2283e0e7234ea39a15c4931715f4dde1e Optimization: only do 59 hddivsteps per iteration instead of 62 (Pieter Wuille)
277b224b6aba942efbac4a6aae1054035a68d8dd Use modified divsteps with initial delta=1/2 for constant-time (Pieter Wuille)
376ca366db0469f39b93af0af762090986ea75f2 Fix typo in explanation (Pieter Wuille)
07067967ee9dcc4af10fd3a565ffb846a2593e92 add ECMULT_GEN_PREC_BITS to basic_config.h (Aaron Voisine)
a3aa2628c7b675814157556d774872755c9f1aba gen_context: Don't include basic-config.h (Tim Ruffing)
99a1cfec1740a914aa416a87fd0acbde5426b969 print warnings for conditional-uninitialized (PiRK)
3d2cf6c5bd35b0d72716b47bdd7e3892388aafc4 initialize variable in tests (PiRK)
23c3fb629b905deebc4bcc9914bcfff7b9aedacd Make argument of fe_normalizes_to_zero{_var} const (Pieter Wuille)
4504472269df06b8765b134d41f86619cdcdf8f6 changed import to use brackets <> for openssl as they are not local to the project (William Bright)
24ad04fc064e71abdf973e061c30eb1f3f78db39 Make scalar_inverse{,_var} benchmark scale with SECP256K1_BENCH_ITERS (Pieter Wuille)
ebc1af700f9ec6e96586152b7090a2a6494308c3 Optimization: track f,g limb count and pass to new variable-time update_fg_var (Peter Dettman)
b306935ac12bb24fd931d735b4dfc07f707e7447 Optimization: use formulas instead of lookup tables for cancelling g bits (Peter Dettman)
9164a1b6582e2fc833c760a3403d26b9b0b3b7b3 Optimization: special-case zero modulus limbs in modinv64 (Pieter Wuille)
1f233b3fa05eb29a744487e0682d925055fb0d4c Remove num/gmp support (Pieter Wuille)
20448b8d09a492afcfcae7721033c13a44a776fd Remove unused Jacobi symbol support (Pieter Wuille)
5437e7bdfbffddf69fdf7b4af7e997c78f5dafbf Remove unused scalar_sqr (Pieter Wuille)
aa9cc5218001f14f4312bde1058417d4b755fd11 Improve field/scalar inverse tests (Pieter Wuille)
1e0e885c8ac814c3621d9e43e66d60f25e324e8e Make field/scalar code use the new modinv modules for inverses (Pieter Wuille)
436281afdcb68991395f97338197d208212965e2 Move secp256k1_fe_inverse{_var} to per-impl files (Pieter Wuille)
aa404d53bef21d252a23171381d4bfda6e7e25c6 Move secp256k1_scalar_{inverse{_var},is_even} to per-impl files (Pieter Wuille)
08d54964e51f318ef0cc4ef09d64cfa5ec143c5c Improve bounds checks in modinv modules (Pieter Wuille)
151aac00d31ba5e94800376f6fda4193071168af Add tests for modinv modules (Pieter Wuille)
d8a92fcc4c65cf189ec7bd5298dad8479347c442 Add extensive comments on the safegcd algorithm and implementation (Pieter Wuille)
8e415acba25830da9c23a4dd5531ebfc6b65aae7 Add safegcd based modular inverse modules (Peter Dettman)
de0a643c3dc2c40a447e670cfa1c1683c79c9297 Add secp256k1_ctz{32,64}_var functions (Pieter Wuille)
Pull request description:
ACKs for top commit:
real-or-random:
ACK f09497ea3e07d7a730a6ff3479dca18b848ef729
Tree-SHA512: 6cf3e96c5974e9aa17bd649fa7fdd738090ec3ab8c99e144fec397c086a24adc2ace9a5218a3c527989fc07e1d5c669027e4c895caf92d22771c8414b2a9bf35
Also add a specific test that fails adaptor sig deserialization because with the
correct size buffer that's not guaranteed anymore with the existing test.
Previously the ECDSA signature had an overflowing s value, which after the sync
with upstream results in a failing VERIFY_CHECK in the inversion function.
However, normally parsed signatures shouldn't contain overflowing s values.
This reverts commit 20448b8d09a492afcfcae7721033c13a44a776fd.
The removed functions secp256k1_ge_set_xquad and secp256k1_fe_is_quad_var
are required for some modules in secp256k1-zkp.
8f879c2887e166da2ec959ce78078f7b84ebfdf9 Fix array size in bench_ecmult (Jonas Nick)
2fe1b50df16c9f41ea77b151634d734b930eeddd Add ecmult_gen, ecmult_const and ecmult to benchmark (Jonas Nick)
593e6bad9c5cda05dd72a5bd8266c4880113b4af Clean up ecmult_bench to make space for more benchmarks (Jonas Nick)
Pull request description:
I was trying to determine the impact of ecmult_gen in schnorrsig signing and noticed that there is no way to bench this right now. The new benchmarks look like this:
```
$ ./bench_ecmult
ecmult_gen: min 20.9us / avg 21.2us / max 21.7us
ecmult_const: min 63.9us / avg 64.3us / max 64.8us
ecmult 1: min 49.4us / avg 49.7us / max 50.3us
ecmult 1g: min 39.8us / avg 40.0us / max 40.3us
ecmult 2g: min 27.2us / avg 27.3us / max 27.8us
ecmult_multi 1g: min 39.8us / avg 40.0us / max 40.2us
ecmult_multi 2g: min 27.2us / avg 27.4us / max 27.7us
ecmult_multi 3g: min 22.8us / avg 22.9us / max 23.1us
ecmult_multi 4g: min 20.6us / avg 20.8us / max 21.1us
ecmult_multi 5g: min 19.3us / avg 19.5us / max 19.7us
```
(Turns out ecmult_gen is 37% of the 55.8us that schnorrsig sign takes)
ACKs for top commit:
real-or-random:
ACK 8f879c2887e166da2ec959ce78078f7b84ebfdf9
elichai:
tACK 8f879c2887e166da2ec959ce78078f7b84ebfdf9
Tree-SHA512: 8a739f5de1e2c0467c8d1c3ceeaf453b396a470ea0e8e5bef15fe1b32f3f9633b6b1c7e2ce1d94d736cf3e9adecd8f4f983ad4ba37450cd5991767f1a95db85c
a35fdd3478f7556dfb9b83f32aaa319ccadff9a9 ci: Run PRs on merge result even for i686 (Tim Ruffing)
Pull request description:
ACKs for top commit:
jonasnick:
ACK a35fdd3478f7556dfb9b83f32aaa319ccadff9a9
Tree-SHA512: 9b800b1136da2ecdaff7fcffaac92d91623c682abed1fa5c2a1fe4384f20d2ff1079786f7216c39f58f5dd025e4ed32237e7aff29f7658a74554f0c298e9148e
This line should have been added in c7f754fe4d5e032fd150c4b9b985855e9fcaa521.
This mistake caused some i686 builds to fail when the PR was not
rebased, see https://cirrus-ci.com/build/5156197872435200.
02dcea1ad9441f857c7768e2b7d304bb19fd2a0c ci: Make test iterations configurable and tweak for sanitizer builds (Tim Ruffing)
489ff5c20a1457d0e7d765c8f05856c50c4777a8 tests: Treat empty SECP2561_TEST_ITERS as if it was unset (Tim Ruffing)
fcfcb97e74b55a107290d44c81c049d6168e954f ci: Simplify to use generic wrapper for QEMU, Valgrind, etc (Tim Ruffing)
de4157f13acc43d521e3133ff1d2e7d67484f0ac ci: Run ASan/LSan and reorganize sanitizer and Valgrind jobs (Tim Ruffing)
Pull request description:
ACKs for top commit:
sipa:
utACK 02dcea1ad9441f857c7768e2b7d304bb19fd2a0c
jonasnick:
ACK 02dcea1ad9441f857c7768e2b7d304bb19fd2a0c spot-checked ci output, checked that when `valgrind ./tests` crashes then `LOG_COMPILER=valgrind make check` also crashes.
Tree-SHA512: 5f4a2fe186eca0b4ca29190eb18e20d0804934df614cdc8eb8cf0145ff36ded43194325572bb77eaaeba85c369f6effe69b7bdf7df97ba418d72cf36c9749a8c
09b3bb8648fec903e4ac2ec1d047503d5f0f48d7 Clean up git tree (Tim Ruffing)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 09b3bb8648fec903e4ac2ec1d047503d5f0f48d7
Tree-SHA512: 70db146f4475e9618ecd68cf678d09a351e8da6c4fd4aa937c3f2fa30e3f6a9480ff24ac6301785fc2463bb5f8ff974091f8e9292ae7674ca9632b449a7034d5
This removes the ununsed `obj` directory. It also suggests in the README
to create the "coverage" files in a separate directory and adds the
coverage files to .gitignore.
readme: Improve instructions for coverage reports
8bbad7a18e5dc5054b27ae44ea0c8dffe050f6bf Add asm build to ARM32 CI (Pieter Wuille)
7d65ed5214273275841f5aa272ad561df7ea7f21 Add ARM32/ARM64 CI (Pieter Wuille)
Pull request description:
ACKs for top commit:
real-or-random:
ACK 8bbad7a18e5dc5054b27ae44ea0c8dffe050f6bf CI output looks fine
jonasnick:
ACK 8bbad7a18e5dc5054b27ae44ea0c8dffe050f6bf
Tree-SHA512: 090a52af6914cf9fb659f9626a8224d82c8da81f6e628b7300e34851e198d8299dfd25789c0f1d6f2c79f58b5413be498f9fba43bc50238480fe6524b640538a
22a9ea154a280987be7cf8322156c8738c41c3c5 contrib: Explain explicit header guards (Tim Ruffing)
Pull request description:
They were added in #925 and deserve a comment.
ACKs for top commit:
gmaxwell:
ACK 22a9ea154a280987be7cf8322156c8738c41c3c5
sipa:
ACK 22a9ea154a280987be7cf8322156c8738c41c3c5
Tree-SHA512: 832e28d71857d52912dae7e6c0e08a3183bb788996bb2470616c6fbbac6ba601cc74bb51a4c908aec7df9ae4f4cbf2cbb1b451cefde1b5a7359dc93299840278
0881633dfd0c530a915cf63be295f00841c94cc4 secp256k1.h: clarify that by default arguments must be != NULL (Jonas Nick)
Pull request description:
The same file says that the illegal callback will only triger for violations
explicitly mentioned, which is not true without this commit because we often
don't mention that an argument is not allowed to be NULL.
This line is extracted from #783 in the hope that it gets merged faster because other PRs depend on it.
ACKs for top commit:
gmaxwell:
ACK 0881633dfd0c530a915cf63be295f00841c94cc4
real-or-random:
ACK 0881633dfd0c530a915cf63be295f00841c94cc4
Tree-SHA512: ecdc6954a1c21c333da5b03db51f50a0e53984aaef69cc697adaddc96b276da23e342037f476d21742632f6ec02bfa0574f837a5b5791f5985f4c355037176fa
14c9739a1fb485bb56dbe3447132a37bcbef4e22 tests: Improve secp256k1_ge_set_all_gej_var for some infinity inputs (Tim Ruffing)
4a19668c37bc77d0165f4a1c0e626e321e9c4a09 tests: Test secp256k1_ge_set_all_gej_var for all infinity inputs (Tim Ruffing)
45b6468d7e3ed9849ed474c71e9a9479de1a77db Have secp256k1_ge_set_all_gej_var initialize all fields. Previous behaviour would not initialize r->y values in the case where infinity is passed in. Furthermore, the previous behaviour wouldn't initialize anything in the case where all inputs were infinity. (Russell O'Connor)
31c0f6de413e521731ad0e63424431b3dd49cec8 Have secp256k1_gej_double_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. (Russell O'Connor)
dd6c3de322740a3054cf6a1994a38dc8f201b473 Have secp256k1_ge_set_gej_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. (Russell O'Connor)
Pull request description:
Previous behaviour would not initialize `r->x` and `r->y` values in the case where infinity is passed in.
ACKs for top commit:
gmaxwell:
ACK 14c9739a1fb485bb56dbe3447132a37bcbef4e22
sipa:
utACK 14c9739a1fb485bb56dbe3447132a37bcbef4e22
real-or-random:
ACK 14c9739a1fb485bb56dbe3447132a37bcbef4e22
Tree-SHA512: 2e779b767f02e348af4bbc62aa9871c3d1d29e61a6c643c879c49f2de27556a3588850acd2f7c7483790677597d01064025e14befdbf29e783f57996fe4430f9
3c90bdda95aa4e79ff33bfbbbe91872417650ae9 change local lib headers to be relative for those pointing at "include/" dir (William Bright)
Pull request description:
Referencing #924 , this PR splits the two issues brought on to a smaller to digest change. What this does is removes the prefix "include/" when referencing the local library header files.
e.g:
from:
```cpp
#include "include/secp256k1.h"
```
to:
```cpp
#include "secp256k1.h"
```
Rationale besides styling and consistency across other files in the repo, it makes it easier for outside builds to properly locate the headers.
A live example seen here when attempting to build this library within bitcoin repo:
```sh
[ 14%] Building CXX object leveldb/CMakeFiles/leveldb.dir/util/bloom.cc.o
/tmp/bitcoin/src/secp256k1/src/secp256k1.c:7:10: fatal error: include/secp256k1.h: No such file or directory
7 | #include "include/secp256k1.h"
| ^~~~~~~~~~~~~~~~~~~~~
compilation terminated.
make[2]: *** [secp256k1/CMakeFiles/Secp256k1.dir/build.make:76: secp256k1/CMakeFiles/Secp256k1.dir/src/secp256k1.c.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:537: secp256k1/CMakeFiles/Secp256k1.dir/all] Error 2
make[1]: *** Waiting for unfinished jobs....
```
ACKs for top commit:
gmaxwell:
ACK 3c90bdda95aa4e79ff33bfbbbe91872417650ae9
real-or-random:
ACK 3c90bdda95aa4e79ff33bfbbbe91872417650ae9 code looks good and even the tests compile fine now without `-I` args
Tree-SHA512: 94d212718c6f4901f1c310aff504b7afedda91268143ffe1b45e9883cd517c0599e40ac798a51b54d66cd31646fe8cb1a489f1776612cfb5963654f4a1cee757
Previous behaviour would not initialize r->y values in the case where infinity is passed in.
Furthermore, the previous behaviour wouldn't initialize anything in the case where all inputs were infinity.
