bitcoin-bitcoin-core

foster/bitcoin-bitcoin-core

Fork 0

mirror of https://github.com/bitcoin/bitcoin.git synced 2025-02-11 11:16:09 -05:00

Commit graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Pieter Wuille	9d47e7b71b	Squashed 'src/secp256k1/' changes from 44c2452fd3..21ffe4b22a 21ffe4b22a Merge bitcoin-core/secp256k1#1055: Prepare initial release e025ccdf74 release: prepare for initial release 0.2.0 6d1784a2e2 build: add missing files to EXTRA_DIST 8c949f56da Merge bitcoin-core/secp256k1#1173: Don't use compute credits for now 13bf1b6b32 changelog: make order of change types match keepachangelog.com b1f992a552 doc: improve release process 7e5b22684f Don't use compute credits for now ad39e2dc41 build: change package version to 0.1.0-dev 5c789dcd73 Merge bitcoin-core/secp256k1#1168: Replace deprecated context flags with NONE in benchmarks and tests d6dc0f4ae3 tests: Switch to NONE contexts in module tests 0c8a5caddd tests: Switch to NONE contexts in tests.c 86540e9e1f tests: add test for deprecated flags and rm them from run_context caa0ad631e group: add gej_eq_var 37ba744f5b tests: Switch to NONE contexts in exhaustive and ctime tests 8d7a9a8eda benchmarks: Switch to NONE contexts 90618e9263 doc: move CHANGELOG from doc/ to root directory e3f84777eb Merge bitcoin-core/secp256k1#1126: API cleanup with respect to contexts 4386a2306c examples: Switch to NONE contexts 7289b51d31 docs: Use doxygen style if and only if comment is user-facing e7d0185c90 docs: Get rid of "initialized for signing" terminology 06126364ad docs: Tidy and improve docs about contexts and randomization e02d6862bd selftest: Expose in public API e383fbfa66 selftest: Rename internal function to make name available for API d2c6d48de3 tests: Use new name of static context 53796d2b24 contexts: Rename static context 72fedf8a6c docs: Improve docs for static context 316ac7625a contexts: Deprecate all context flags except SECP256K1_CONTEXT_NONE 477f02c4de Merge bitcoin-core/secp256k1#1165: gitignore: Add .sage.py files autogenerated by sage [skip ci] 092be61c5e gitignore: Add .sage.py files autogenerated by sage 1a553ee8be docs: Change signature "validation" to "verification" ee7341fbac docs: Never require a verification context 751c4354d5 Merge bitcoin-core/secp256k1#1152: Update macOS image for CI 2286f80902 Merge bitcoin-core/secp256k1#993: Enable non-experimental modules by default e40fd277b7 Merge bitcoin-core/secp256k1#1156: Followups to int128_struct arithmetic 99bd335599 Make int128 overflow test use secp256k1_[ui]128_mul a8494b02bf Use compute credits for macOS jobs 3afce0af7c Avoid signed overflow in MSVC AMR64 secp256k1_mul128 c0ae48c995 Update macOS image for CI 9b5f589d30 Heuristically decide whether to use int128_struct 63ff064d2f int128: Add test override for testing __(u)mulh on MSVC X64 f2b7e88768 Add int128 randomized tests 6138d73be4 Merge bitcoin-core/secp256k1#1155: Add MSan CI jobs ddf2b2910e Merge bitcoin-core/secp256k1#1000: Synthetic int128 type. 86e3b38a4a Merge bitcoin-core/secp256k1#1149: Remove usage of CHECK from non-test file 00a42b91b3 Add MSan CI job 44916ae915 Merge bitcoin-core/secp256k1#1147: ci: print env to allow reproducing the job outside of CI c2ee9175e9 Merge bitcoin-core/secp256k1#1146: ci: prevent "-v/--version: not found" irrelevant error e13fae487e Merge bitcoin-core/secp256k1#1150: ci: always cat test_env.log a340d9500a ci: add int128_struct tests dceaa1f579 int128: Tidy #includes of int128.h and int128_impl.h 2914bccbc0 Simulated int128 type. 6a965b6b98 Remove usage of CHECK from non-test file 5c9f1a5c37 ci: always cat all logs_snippets 49ae843592 ci: mostly prevent "-v/--version: not found" irrelevant error 4e54c03153 ci: print env to allow reproducing the job outside of CI a43e982bca Merge bitcoin-core/secp256k1#1144: Cleanup `.gitignore` file f5039cb66c Cleanup `.gitignore` file 798727ae1e Revert "Add test logs to gitignore" 41e8704b48 build: Enable some modules by default 694ce8fb2d Merge bitcoin-core/secp256k1#1131: readme: Misc improvements 88b00897e7 readme: Fix line break 78f5296da4 readme: Sell "no runtime dependencies" ef48f088ad readme: Add IRC channel 9f8a13dc8e Merge bitcoin-core/secp256k1#1128: configure: Remove pkgconfig macros again (reintroduced by mismerge) cabe085bb4 configure: Remove pkgconfig macros again (reintroduced by mismerge) 3efeb9da21 Merge bitcoin-core/secp256k1#1121: config: Set preprocessor defaults for ECMULT_* config values 6a873cc4a9 Merge bitcoin-core/secp256k1#1122: tests: Randomize the context with probability 15/16 instead of 1/4 17065f48ae tests: Randomize the context with probability 15/16 instead of 1/4 c27ae45144 config: Remove basic-config.h da6514a04a config: Introduce DEBUG_CONFIG macro for debug output of config 63a3565e97 Merge bitcoin-core/secp256k1#1120: ecmult_gen: Skip RNG when creating blinding if no seed is available d0cf55e13a config: Set preprocessor defaults for ECMULT_* config values 55f8bc99dc ecmult_gen: Improve comments about projective blinding 7a86955800 ecmult_gen: Simplify code (no observable change) 4cc0b1b669 ecmult_gen: Skip RNG when creating blinding if no seed is available af65d30cc8 Merge bitcoin-core/secp256k1#1116: build: Fix #include "..." paths to get rid of further -I arguments 40a3473a9d build: Fix #include "..." paths to get rid of further -I arguments 43756da819 Merge bitcoin-core/secp256k1#1115: Fix sepc256k1 -> secp256k1 typo in group.h 069aba8125 Fix sepc256k1 -> secp256k1 typo in group.h accadc94df Merge bitcoin-core/secp256k1#1114: `_scratch_destroy`: move `VERIFY_CHECK` after invalid scrach space check cd47033335 Merge bitcoin-core/secp256k1#1084: ci: Add MSVC builds 1827c9bf2b scratch_destroy: move VERIFY_CHECK after invalid scrach space check 49e2acd927 configure: Improve rationale for WERROR_CFLAGS 8dc4b03341 ci: Add a C++ job that compiles the public headers without -fpermissive 51f296a46c ci: Run persistent wineserver to speed up wine 3fb3269c22 ci: Add 32-bit MinGW64 build 9efc2e5221 ci: Add MSVC builds 2be6ba0fed configure: Convince autotools to work with MSVC's archiver lib.exe bd81f4140a schnorrsig bench: Suppress a stupid warning in MSVC 09f3d71c51 configure: Add a few CFLAGS for MSVC 3b4f3d0d46 build: Reject C++ compilers in the preprocessor 1cc0941414 configure: Don't abort if the compiler does not define __STDC__ cca8cbbac8 configure: Output message when checking for valgrind 1a6be5745f bench: Make benchmarks compile on MSVC git-subtree-dir: src/secp256k1 git-subtree-split: 21ffe4b22a9683cf24ae0763359e401d1284cc7a	2022-12-12 23:40:36 -05:00
Pieter Wuille	86dbc4d075	Squashed 'src/secp256k1/' changes from be8d9c262f..0559fc6e41 0559fc6e41 Merge bitcoin-core/secp256k1#988: Make signing table fully static 7dfceceea6 build: Remove #undef hack for ASM in the precomputation programs bb36fe9be0 ci: Test `make precomp` d94a37a20c build: Remove CC_FOR_BUILD stuff ad63bb4c29 build: Prebuild and distribute ecmult_gen table ac49361ed0 prealloc: Get rid of manual memory management for prealloc contexts 6573c08f65 ecmult_gen: Tidy precomputed file and save space 5eba83f17c ecmult_gen: Precompute tables for all values of ECMULT_GEN_PREC_BITS 5d0dbef018 Merge bitcoin-core/secp256k1#942: Verify that secp256k1_ge_set_gej_zinv does not operate on infinity. 486205aa68 Merge bitcoin-core/secp256k1#920: Test all ecmult functions with many j2^i combinations fdb33dd122 refactor: Make PREC_BITS a parameter of ecmult_gen_build_prec_table 5eb519e1f6 ci: reduce TEST_ITERS in memcheck run e2cf77328a Test ecmult functions for all i2^j for j=0..255 and odd i=1..255. 61ae37c612 Merge bitcoin-core/secp256k1#1022: build: Windows DLL additions 4f01840b82 Merge bitcoin-core/secp256k1#1027: build: Add a check that Valgrind actually supports a host platform 6ad908aa00 Merge bitcoin-core/secp256k1#1008: bench.c: add `--help` option and ci: move env variables 592661c22f ci: move test environment variable declaration to .cirrus.yml dcbe84b841 bench: add --help option to bench. 099bad945e Comment and check a parameter for inf in secp256k1_ecmult_const. 6c0be857f8 Verify that secp256k1_ge_set_gej_zinv does not operate on infinity. a->x and a->y should not be used if the infinity flag is set. 4900227451 Merge bitcoin-core/secp256k1#1025: build: replace backtick command substitution with $() 7c7ce872a5 build: Add a check that Valgrind actually supports a host platform a4875e30a6 refactor: Move default callbacks to util.h 4c94c55bce doc: Remove obsolete hint for valgrind stack size 5106226991 exhaustive_tests: Fix with ecmult_gen table with custom generator e1a76530db refactor: Make generator a parameter of ecmult_gen_create_prec_table 9ad09f6911 refactor: Rename program that generates static ecmult_gen table 8ae18f1ab3 refactor: Rename file that contains static ecmult_gen table 00d2fa116e ecmult_gen: Make code consistent with comment 3b0c2185ea ecmult_gen: Simplify ecmult_gen context after making table static 2b7c7497ef build: replace backtick command substitution with $() 49f608de47 Merge bitcoin-core/secp256k1#1004: ecmult: fix definition of STRAUSS_SCRATCH_OBJECTS c0cd7de6d4 build: add -no-undefined to libtool LDFLAGS fe32a79d35 build: pass win32-dll to LT_INIT 60bf8890df ecmult: fix definition of STRAUSS_SCRATCH_OBJECTS fecf436d53 Merge bitcoin-core/secp256k1#1019: build: don't append valgrind CPPFLAGS if not installed (macOS) 2e5e4b67df Merge bitcoin-core/secp256k1#1020: doc: remove use of <0xa0> "no break space" 812ff5c747 doc: remove use of 0xa0 "no break space" 214042a170 build: don't append valgrind CPPFLAGS if not installed e43ba02cfc refactor: Decouple table generation and ecmult_gen context 22dc2c0a0d ecmult_gen: Move table creation to new file and force static prec 793ad9016a Merge bitcoin-core/secp256k1#1010: doc: Minor fixes in safegcd_implementation.md dc9b6853b7 doc: Minor fixes in safegcd_implementation.md ea5e8a9c47 Merge bitcoin-core/secp256k1#1012: Fix typos 233297579d Fix typos 7006f1b97f Merge bitcoin-core/secp256k1#1011: ci: Enable -g if we set CFLAGS manually 72de1359e9 ci: Enable -g if we set CFLAGS manually 74c34e727b Merge bitcoin-core/secp256k1#1009: refactor: Use (int)&(int) in boolean context to avoid compiler warning 16d132215c refactor: Use (int)&(int) in boolean context to avoid compiler warning c74a7b7e51 Merge bitcoin-core/secp256k1#1007: doc: Replace apoelstra's GPG key by jonasnick's GPG key 3b157c48ed doc: Suggest keys.openpgp.org as keyserver in SECURITY.md 73a7472cd0 doc: Replace apoelstra's GPG key by jonasnick's GPG key 515a5dbd02 Merge bitcoin-core/secp256k1#991: Merge all "external" benchmarks into a single bench binary af6abcb3d0 Make bench support selecting which benchmarks to run 9f56bdf5b9 Merge bench_schnorrsig into bench 3208557ae1 Merge bench_recover into bench 855e18d8a8 Merge bench_ecdh into bench 2a7be678a6 Combine bench_sign and bench_verify into single bench 8fa41201bd Merge bitcoin-core/secp256k1#1002: Make aux_rnd32==NULL behave identical to 0x0000..00. 5324f8942d Make aux_rnd32==NULL behave identical to 0x0000..00. 21c188b3c5 Merge bitcoin-core/secp256k1#943: VERIFY_CHECK precondition for secp256k1_fe_set_int. 3e7b2ea194 Merge bitcoin-core/secp256k1#999: bench_ecmult: improve clarity of output 23e2f66726 bench: don't return 1 in have_flag() if argc = 1 96b1ad2ea9 bench_ecmult: improve clarity of output 20d791edfb Merge bitcoin-core/secp256k1#989: Shared benchmark format for command line and CSV outputs aa1b889b61 Merge bitcoin-core/secp256k1#996: Fix G.y parity in sage code 044d956305 Fix G.y parity in sage code b4b130678d create csv file from the benchmark output 26a255beb6 Shared benchmark format for command line and CSV outputs 9526874d14 Merge bitcoin-core/secp256k1#810: Avoid overly-wide multiplications in 5x52 field mul/sqr 920a0e5fa6 Merge bitcoin-core/secp256k1#952: Avoid computing out-of-bounds pointer. f34b5cae03 Merge bitcoin-core/secp256k1#983: [RFC] Remove OpenSSL testing support 297ce82091 Merge bitcoin-core/secp256k1#966: Make aux_rand32 arg to secp256k1_schnorrsig_sign const 2888640132 VERIFY_CHECK precondition for secp256k1_fe_set_int. d49011f54c Make _set_fe_int( . , 0 ) set magnitude to 0 bc08599e77 Remove OpenSSL testing support 10f9bd84f4 Merge bitcoin-core/secp256k1#987: Fix unused parameter warnings when building without VERIFY 189f6bcfef Fix unused parameter warnings when building without VERIFY da0092bccc Merge bitcoin-core/secp256k1#986: tests: remove `secp256k1_fe_verify` from tests.c and modify `_fe_from_storage` to call `_fe_verify` d43993724d tests: remove `secp256k1_fe_verify` from tests.c and modify `secp256k1_fe_from_storage` to call `secp256k1_fe_verify` 2a3a97c665 Merge bitcoin-core/secp256k1#976: `secp256k1_schnorrsig_sign_internal` should be static aa5d34a8fe Merge bitcoin-core/secp256k1#783: Make the public API docs more consistent and explicit 72713872a8 Add missing static to secp256k1_schnorrsig_sign_internal db4667d5e0 Make aux_rand32 arg to secp256k1_schnorrsig_sign const 9a5a87e0f1 Merge bitcoin-core/secp256k1#956: Replace ecmult_context with a generated static array. 20abd52c2e Add tests for pre_g tables. 6815761cf5 Remove ecmult_context. f20dcbbad1 Correct typo. 16a3cc07e8 Generate ecmult_static_pre_g.h 8de2d86a06 Bump memory limits in advance of making the ecmult context static. d7ec49a689 Merge bitcoin-core/secp256k1#969: ci: Fixes after Debian release 5d5c74a057 tests: Rewrite code to circument potential bug in clang 3d2f492ceb ci: Install libasan6 (instead of 5) after Debian upgrade adec5a1638 Add missing null check for ctx and input keys in the public API f4edfc7581 Improve consistency for NULL arguments in the public interface 9be7b0f083 Avoid computing out-of-bounds pointer. b53e0cd61f Avoid overly-wide multiplications git-subtree-dir: src/secp256k1 git-subtree-split: 0559fc6e41b65af6e52c32eb9b1286494412a162	2021-12-15 09:19:50 -05:00
Pieter Wuille	67f232b5d8	Squashed 'src/secp256k1/' changes from b19c000063..2ed54da18a 2ed54da18a Merge #755: Recovery signing: add to constant time test, and eliminate non ct operators 28609507e7 Add tests for the cmov implementations 73596a85a2 Add ecdsa_sign_recoverable to the ctime tests 2876af4f8d Split ecdsa_sign logic into a new function and use it from ecdsa_sign and recovery 5e1c885efb Merge #754: Fix uninit values passed into cmov f79a7adcf5 Add valgrind uninit check to cmovs output 05d315affe Merge #752: autoconf: Use ":" instead of "dnl" as a noop a39c2b09de Fixed UB(arithmetics on uninit values) in cmovs 3a6fd7f636 Merge #750: Add macOS to the CI 5e8747ae2a autoconf: Use ":" instead of "dnl" as a noop 71757da5cc Explictly pass SECP256K1_BENCH_ITERS to the benchmarks in travis.sh 99bd661d71 Replace travis_wait with a loop printing "\a" to stdout every minute bc818b160c Bump travis Ubuntu from xenial(16.04) to bionic(18.04) 0c5ff9066e Add macOS support to travis b6807d91d8 Move travis script into a standalone sh file f39f99be0e Merge #701: Make ec_ arithmetic more consistent and add documentation 39198a03ea Merge #732: Retry if r is zero during signing 59a8de8f64 Merge #742: Fix typo in ecmult_const_impl.h 4e284655d9 Fix typo in ecmult_const_impl.h f862b4ca13 Merge #740: Make recovery/main_impl.h non-executable ffef45c98a Make recovery/main_impl.h non-executable 2361b3719a Merge #735: build: fix OpenSSL EC detection on macOS 3b7d26b23c build: add SECP_TEST_INCLUDES to bench_verify CPPFLAGS 84b5fc5bc3 build: fix OpenSSL EC detection on macOS 37ed51a7ea Make ecdsa_sig_sign constant-time again after reverting `25e3cfb` 93d343bfc5 Revert "ecdsa_impl: replace scalar if-checks with VERIFY_CHECKs in ecdsa_sig_sign" 7e3952ae82 Clarify documentation of tweak functions. 89853a0f2e Make tweak function documentation more consistent. 41fc785602 Make ec_privkey functions aliases for ec_seckey_negate, ec_seckey_tweak_add and ec_seckey_mul 22911ee6da Rename private key to secret key in public API (with the exception of function names) 5a73f14d6c Mention that value is unspecified for In/Out parameters if the function returns 0 f03df0e6d7 Define valid ECDSA keys in the documentation of seckey_verify 5894e1f1df Return 0 if the given seckey is invalid in privkey_negate, privkey_tweak_add and privkey_tweak_mul 8f814cddb9 Add test for boundary conditions of scalar_set_b32 with respect to overflows 3fec982608 Use scalar_set_b32_seckey in ecdsa_sign, pubkey_create and seckey_verify 9ab2cbe0eb Add scalar_set_b32_seckey which does the same as scalar_set_b32 and also returns whether it's a valid secret key 4f27e344c6 Merge #728: Suppress a harmless variable-time optimization by clang in memczero 01993878bb Add test for memczero() 52a03512c1 Suppress a harmless variable-time optimization by clang in memczero 8f78e208ad Merge #722: Context isn't freed in the ECDH benchmark ed1b91171a Merge #700: Allow overriding default flags 85b35afa76 Add running benchmarks regularly and under valgrind in travis ca4906b02e Pass num of iters to benchmarks as variable, and define envvar 02dd5f1bbb free the ctx at the end of bench_ecdh e9fccd4de1 Merge #708: Constant-time behaviour test using valgrind memtest. 08fb6c4926 Run valgrind_ctime_test in travis 3d2302257f Constant-time behaviour test using valgrind memtest. 96d8ccbd16 Merge #710: Eliminate harmless non-constant time operations on secret data. 0585b8b2ee Merge #718: Clarify that a secp256k1_ecdh_hash_function must return 0 or 1 7b50483ad7 Adds a declassify operation to aid constant-time analysis. 34a67c773b Eliminate harmless non-constant time operations on secret data. ca739cba23 Compile with optimization flag -O2 by default instead of -O3 eb45ef3384 Clarify that a secp256k1_ecdh_hash_function must return 0 or 1 856a01d6ad Merge #714: doc: document the length requirements of output parameter. d72b9e2483 Merge #682: Remove Java Native Interface 4b48a43106 doc: document the length requirements of output parameter. 1b4d256e2e Merge #713: Docstrings dabfea7e21 field: extend docstring of secp256k1_fe_normalize dc7d8fd9e2 scalar: extend docstring of secp256k1_scalar_set_b32 074ab582dd Merge #704: README: add a section for test coverage acb7f97eb8 README: add a section for test coverage 227a4f2d07 Merge #709: Remove secret-dependant non-constant time operation in ecmult_const. d567b779fe Clarify comments about use of rzr on ge functions and abs function. 2241ae6d14 Remove secret-dependant non-constant time operation in ecmult_const. 642cd062bd Remove Java Native Interface 83fb1bcef4 Remove -O2 from default CFLAGS because this would override the -O3 flag (see AC_PROG_CC in the Autoconf manual) ecba8138ec Append instead of Prepend user-CFLAGS to default CFLAGS allowing the user to override default variables 613c34cd86 Remove test in configure.ac because it doesn't have an effect f45d897101 Merge #703: Overhaul README.md 2e759ec753 Overhaul README.md d644dda5c9 Merge #689: Remove "except in benchmarks" exception for fp math bde2a32286 Convert bench.h to fixed-point math 387d723c3f Merge #679: Add SECURITY.md 0db61d25c9 Merge #685: Fix issue where travis does not show the ./tests seed… a0771d15e6 Explicitly disable buffering for stderr in tests fb424fbba2 Make travis show the ./tests seed by removing stdout buffering and always cat tests.log after a travis run. 22a6031184 Merge #690: Add valgrind check to travis 544002c008 Merge #678: Preventing compiler optimizations in benchmarks without a memory fence dd98cc988f travis: Added a valgrind test without endro and enabled recovery+ecdh b4c1382a87 Add valgrind check to travis 0c774d89e6 Merge #688: Fix ASM setting in travis 5c5f71eea5 Fix ASM setting in travis e2625f8a98 Merge #684: Make no-float policy explicit bae1bea3c4 Make no-float policy explicit 78c3836341 Add SECURITY.md 362bb25608 Modified bench_scalar_split so it won't get optimized out 73a30c6b58 Added accumulators and checks on benchmarks so they won't get optimized out 770b3dcd6f Merge #677: Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var b76142ff25 Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var which was removed in 47045270fa90f81205d989f7107769bce1e71c4d 137d304a6b Merge #647: Increase robustness against UB in secp256k1_scalar_cadd_bit 0d9540b13f Merge #664: Remove mention of ec_privkey_export because it doesn't exist 59782c68b4 Remove mention of ec_privkey_export because it doesn't exist 96cd94e385 Merge #337: variable sized precomputed table for signing dcb2e3b3ff variable signing precompute table b4bff99028 Merge #661: Make ./configure string consistent a467047e11 Make ./configure string consistent e729cc7f5a Merge #657: Fix a nit in the recovery tests b64a2e2597 Fix a nit in the recovery tests e028aa33d3 Merge #650: secp256k1/src/tests.c: Properly handle sscanf return value f1e11d363d Merge #654: Fix typo (∞) ef83281c3a Merge pull request #656 from real-or-random/patch-1 556caad2ca Fix typo in docs for _context_set_illegal_callback 0d82732a9a Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit. This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow. 786dfb49f5 Merge #583: JNI: fix use sig array e95f8ab098 Merge #644: Avoid optimizing out a verify_check 384f55606a Merge #652: README.md: update instruction to run tests ee56accd47 Merge #651: Fix typo in secp256k1_preallocated.h 7b9b117230 Merge #640: scalar_impl.h: fix includes d99bec2e21 Merge #655: jni: Use only Guava for hex encoding and decoding 2abcf951af jni: Use only Guava for hex encoding and decoding 271582b3b7 Fix typo ce6d438266 README.md: update instruction to run tests b1e68cb8e6 Fix typo in secp256k1_preallocated.h a11c76c59a secp256k1/src/tests.c: Properly handle sscanf return value 8fe63e5654 Increase robustness against UB. Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour. While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands. 94ae7cbf83 Moved a dereference so the null check will be before the dereferencing 2cb73b1064 scalar_impl.h: fix includes fa33017135 Merge #634: Add a descriptive comment for secp256k1_ecmult_const. ee9e68cd30 Add a descriptive comment for secp256k1_ecmult_const. d0d738d32d Merge #631: typo in comment for secp256k1_ec_pubkey_tweak_mul () 6914c25276 typo in comment for secp256k1_ec_pubkey_tweak_mul () e541a90ef6 Merge #629: Avoid calling _is_zero when _set_b32 fails. f34b0c3f35 Merge #630: Note intention of timing sidechannel freeness. 8d1563b0ff Note intention of timing sidechannel freeness. 1669bb2865 Merge #628: Fix ability to compile tests without -DVERIFY. ecc94abcc8 Merge #627: Guard memcmp in tests against mixed size inputs. 544435fc90 Merge #578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e9ee Merge #595: Allow to use external default callbacks e49f7991c2 Add missing #(un)defines to base-config.h 77defd2c3b Add secp256k1_ prefix to default callback functions 908bdce64e Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e655 Allow usage of external default callbacks 6095a863fa Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e02c3 Avoid calling secp256k1__is_zero when secp256k1__set_b32 fails. 6c36de7a33 Merge #600: scratch space: use single allocation 98836b11f0 scratch: replace frames with "checkpoint" system 7623cf2b97 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f2c6 scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0bb95 scratch: unify allocations c2b028a281 scratch space: thread `error_callback` into all scratch space functions 0be1a4ae62 scratch: add magic bytes to beginning of structure 92a48a764d scratch space: use single allocation 40839e21b9 Merge #592: Use trivial algorithm in ecmult_multi if scratch space is small dcf392027b Fix ability to compile tests without -DVERIFY. a484e0008b Merge #566: Enable context creation in preallocated memory 0522caac8f Explain caller's obligations for preallocated memory 238305fdbb Move _preallocated functions to separate header 695feb6fbd Export _preallocated functions 814cc78d71 Add tests for contexts in preallocated memory ba12dd08da Check arguments of _preallocated functions 5feadde462 Support cloning a context into preallocated memory c4fd5dab45 Switch to a single malloc call ef020de16f Add size constants for preallocated memory 1bf7c056ba Prepare for manual memory management in preallocated memory 248bffb052 Guard memcmp in tests against mixed size inputs. 36698dcfee Merge #596: Make WINDOW_G configurable a61a93ff50 Clean up ./configure help strings 2842dc523e Make WINDOW_G configurable 1a02d6ce51 Merge #626: Revert "Merge #620: Install headers automatically" 662918cb29 Revert "Merge #620: Install headers automatically" 14c7dbd444 Simplify control flow in DER parsing ec8f20babd Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3b3c Parse DER-enconded length into a size_t instead of an int 912680ed86 Merge #561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3ace0 Merge #620: Install headers automatically 5df77a0eda Merge #533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e0d9 Merge #617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde04e Merge #619: Clear a copied secret key after negation 16e86150d0 Install headers automatically 069870d92a Clear a copied secret key after negation 8979ec0d9a Pass scalar by reference in secp256k1_wnaf_const() 84a808598b Merge #612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a59c Allow field_10x26_arm.s to compile for ARMv7 architecture 248f046611 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7b12 Use trivial algorithm in ecmult_multi if scratch space is small dbed75d969 Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e093 Keep LDFLAGS if `--coverage` 74e2dbd68e JNI: fix use sig array 3cb057f842 Fix possible integer overflow in DER parsing git-subtree-dir: src/secp256k1 git-subtree-split: 2ed54da18add295668ec71c91534b640d2cc029b	2020-06-09 13:39:09 -07:00

Pieter Wuille

9d47e7b71b

Squashed 'src/secp256k1/' changes from 44c2452fd3..21ffe4b22a

21ffe4b22a Merge bitcoin-core/secp256k1#1055: Prepare initial release
e025ccdf74 release: prepare for initial release 0.2.0
6d1784a2e2 build: add missing files to EXTRA_DIST
8c949f56da Merge bitcoin-core/secp256k1#1173: Don't use compute credits for now
13bf1b6b32 changelog: make order of change types match keepachangelog.com
b1f992a552 doc: improve release process
7e5b22684f Don't use compute credits for now
ad39e2dc41 build: change package version to 0.1.0-dev
5c789dcd73 Merge bitcoin-core/secp256k1#1168: Replace deprecated context flags with NONE in benchmarks and tests
d6dc0f4ae3 tests: Switch to NONE contexts in module tests
0c8a5caddd tests: Switch to NONE contexts in tests.c
86540e9e1f tests: add test for deprecated flags and rm them from run_context
caa0ad631e group: add gej_eq_var
37ba744f5b tests: Switch to NONE contexts in exhaustive and ctime tests
8d7a9a8eda benchmarks: Switch to NONE contexts
90618e9263 doc: move CHANGELOG from doc/ to root directory
e3f84777eb Merge bitcoin-core/secp256k1#1126: API cleanup with respect to contexts
4386a2306c examples: Switch to NONE contexts
7289b51d31 docs: Use doxygen style if and only if comment is user-facing
e7d0185c90 docs: Get rid of "initialized for signing" terminology
06126364ad docs: Tidy and improve docs about contexts and randomization
e02d6862bd selftest: Expose in public API
e383fbfa66 selftest: Rename internal function to make name available for API
d2c6d48de3 tests: Use new name of static context
53796d2b24 contexts: Rename static context
72fedf8a6c docs: Improve docs for static context
316ac7625a contexts: Deprecate all context flags except SECP256K1_CONTEXT_NONE
477f02c4de Merge bitcoin-core/secp256k1#1165: gitignore: Add *.sage.py files autogenerated by sage [skip ci]
092be61c5e gitignore: Add *.sage.py files autogenerated by sage
1a553ee8be docs: Change signature "validation" to "verification"
ee7341fbac docs: Never require a verification context
751c4354d5 Merge bitcoin-core/secp256k1#1152: Update macOS image for CI
2286f80902 Merge bitcoin-core/secp256k1#993: Enable non-experimental modules by default
e40fd277b7 Merge bitcoin-core/secp256k1#1156: Followups to int128_struct arithmetic
99bd335599 Make int128 overflow test use secp256k1_[ui]128_mul
a8494b02bf Use compute credits for macOS jobs
3afce0af7c Avoid signed overflow in MSVC AMR64 secp256k1_mul128
c0ae48c995 Update macOS image for CI
9b5f589d30 Heuristically decide whether to use int128_struct
63ff064d2f int128: Add test override for testing __(u)mulh on MSVC X64
f2b7e88768 Add int128 randomized tests
6138d73be4 Merge bitcoin-core/secp256k1#1155: Add MSan CI jobs
ddf2b2910e Merge bitcoin-core/secp256k1#1000: Synthetic int128 type.
86e3b38a4a Merge bitcoin-core/secp256k1#1149: Remove usage of CHECK from non-test file
00a42b91b3 Add MSan CI job
44916ae915 Merge bitcoin-core/secp256k1#1147: ci: print env to allow reproducing the job outside of CI
c2ee9175e9 Merge bitcoin-core/secp256k1#1146: ci: prevent "-v/--version: not found" irrelevant error
e13fae487e Merge bitcoin-core/secp256k1#1150: ci: always cat test_env.log
a340d9500a ci: add int128_struct tests
dceaa1f579 int128: Tidy #includes of int128.h and int128_impl.h
2914bccbc0 Simulated int128 type.
6a965b6b98 Remove usage of CHECK from non-test file
5c9f1a5c37 ci: always cat all logs_snippets
49ae843592 ci: mostly prevent "-v/--version: not found" irrelevant error
4e54c03153 ci: print env to allow reproducing the job outside of CI
a43e982bca Merge bitcoin-core/secp256k1#1144: Cleanup `.gitignore` file
f5039cb66c Cleanup `.gitignore` file
798727ae1e Revert "Add test logs to gitignore"
41e8704b48 build: Enable some modules by default
694ce8fb2d Merge bitcoin-core/secp256k1#1131: readme: Misc improvements
88b00897e7 readme: Fix line break
78f5296da4 readme: Sell "no runtime dependencies"
ef48f088ad readme: Add IRC channel
9f8a13dc8e Merge bitcoin-core/secp256k1#1128: configure: Remove pkgconfig macros again (reintroduced by mismerge)
cabe085bb4 configure: Remove pkgconfig macros again (reintroduced by mismerge)
3efeb9da21 Merge bitcoin-core/secp256k1#1121: config: Set preprocessor defaults for ECMULT_* config values
6a873cc4a9 Merge bitcoin-core/secp256k1#1122: tests: Randomize the context with probability 15/16 instead of 1/4
17065f48ae tests: Randomize the context with probability 15/16 instead of 1/4
c27ae45144 config: Remove basic-config.h
da6514a04a config: Introduce DEBUG_CONFIG macro for debug output of config
63a3565e97 Merge bitcoin-core/secp256k1#1120: ecmult_gen: Skip RNG when creating blinding if no seed is available
d0cf55e13a config: Set preprocessor defaults for ECMULT_* config values
55f8bc99dc ecmult_gen: Improve comments about projective blinding
7a86955800 ecmult_gen: Simplify code (no observable change)
4cc0b1b669 ecmult_gen: Skip RNG when creating blinding if no seed is available
af65d30cc8 Merge bitcoin-core/secp256k1#1116: build: Fix #include "..." paths to get rid of further -I arguments
40a3473a9d build: Fix #include "..." paths to get rid of further -I arguments
43756da819 Merge bitcoin-core/secp256k1#1115: Fix sepc256k1 -> secp256k1 typo in group.h
069aba8125 Fix sepc256k1 -> secp256k1 typo in group.h
accadc94df Merge bitcoin-core/secp256k1#1114: `_scratch_destroy`: move `VERIFY_CHECK` after invalid scrach space check
cd47033335 Merge bitcoin-core/secp256k1#1084: ci: Add MSVC builds
1827c9bf2b scratch_destroy: move VERIFY_CHECK after invalid scrach space check
49e2acd927 configure: Improve rationale for WERROR_CFLAGS
8dc4b03341 ci: Add a C++ job that compiles the public headers without -fpermissive
51f296a46c ci: Run persistent wineserver to speed up wine
3fb3269c22 ci: Add 32-bit MinGW64 build
9efc2e5221 ci: Add MSVC builds
2be6ba0fed configure: Convince autotools to work with MSVC's archiver lib.exe
bd81f4140a schnorrsig bench: Suppress a stupid warning in MSVC
09f3d71c51 configure: Add a few CFLAGS for MSVC
3b4f3d0d46 build: Reject C++ compilers in the preprocessor
1cc0941414 configure: Don't abort if the compiler does not define __STDC__
cca8cbbac8 configure: Output message when checking for valgrind
1a6be5745f bench: Make benchmarks compile on MSVC

git-subtree-dir: src/secp256k1
git-subtree-split: 21ffe4b22a9683cf24ae0763359e401d1284cc7a

2022-12-12 23:40:36 -05:00

Pieter Wuille

86dbc4d075

Squashed 'src/secp256k1/' changes from be8d9c262f..0559fc6e41

0559fc6e41 Merge bitcoin-core/secp256k1#988: Make signing table fully static
7dfceceea6 build: Remove #undef hack for ASM in the precomputation programs
bb36fe9be0 ci: Test `make precomp`
d94a37a20c build: Remove CC_FOR_BUILD stuff
ad63bb4c29 build: Prebuild and distribute ecmult_gen table
ac49361ed0 prealloc: Get rid of manual memory management for prealloc contexts
6573c08f65 ecmult_gen: Tidy precomputed file and save space
5eba83f17c ecmult_gen: Precompute tables for all values of ECMULT_GEN_PREC_BITS
5d0dbef018 Merge bitcoin-core/secp256k1#942: Verify that secp256k1_ge_set_gej_zinv does not operate on infinity.
486205aa68 Merge bitcoin-core/secp256k1#920: Test all ecmult functions with many j*2^i combinations
fdb33dd122 refactor: Make PREC_BITS a parameter of ecmult_gen_build_prec_table
5eb519e1f6 ci: reduce TEST_ITERS in memcheck run
e2cf77328a Test ecmult functions for all i*2^j for j=0..255 and odd i=1..255.
61ae37c612 Merge bitcoin-core/secp256k1#1022: build: Windows DLL additions
4f01840b82 Merge bitcoin-core/secp256k1#1027: build: Add a check that Valgrind actually supports a host platform
6ad908aa00 Merge bitcoin-core/secp256k1#1008: bench.c: add `--help` option and ci: move env variables
592661c22f ci: move test environment variable declaration to .cirrus.yml
dcbe84b841 bench: add --help option to bench.
099bad945e Comment and check a parameter for inf in secp256k1_ecmult_const.
6c0be857f8 Verify that secp256k1_ge_set_gej_zinv does not operate on infinity. a->x and a->y should not be used if the infinity flag is set.
4900227451 Merge bitcoin-core/secp256k1#1025: build: replace backtick command substitution with $()
7c7ce872a5 build: Add a check that Valgrind actually supports a host platform
a4875e30a6 refactor: Move default callbacks to util.h
4c94c55bce doc: Remove obsolete hint for valgrind stack size
5106226991 exhaustive_tests: Fix with ecmult_gen table with custom generator
e1a76530db refactor: Make generator a parameter of ecmult_gen_create_prec_table
9ad09f6911 refactor: Rename program that generates static ecmult_gen table
8ae18f1ab3 refactor: Rename file that contains static ecmult_gen table
00d2fa116e ecmult_gen: Make code consistent with comment
3b0c2185ea ecmult_gen: Simplify ecmult_gen context after making table static
2b7c7497ef build: replace backtick command substitution with $()
49f608de47 Merge bitcoin-core/secp256k1#1004: ecmult: fix definition of STRAUSS_SCRATCH_OBJECTS
c0cd7de6d4 build: add -no-undefined to libtool LDFLAGS
fe32a79d35 build: pass win32-dll to LT_INIT
60bf8890df ecmult: fix definition of STRAUSS_SCRATCH_OBJECTS
fecf436d53 Merge bitcoin-core/secp256k1#1019: build: don't append valgrind CPPFLAGS if not installed (macOS)
2e5e4b67df Merge bitcoin-core/secp256k1#1020: doc: remove use of <0xa0> "no break space"
812ff5c747 doc: remove use of 0xa0 "no break space"
214042a170 build: don't append valgrind CPPFLAGS if not installed
e43ba02cfc refactor: Decouple table generation and ecmult_gen context
22dc2c0a0d ecmult_gen: Move table creation to new file and force static prec
793ad9016a Merge bitcoin-core/secp256k1#1010: doc: Minor fixes in safegcd_implementation.md
dc9b6853b7 doc: Minor fixes in safegcd_implementation.md
ea5e8a9c47 Merge bitcoin-core/secp256k1#1012: Fix typos
233297579d Fix typos
7006f1b97f Merge bitcoin-core/secp256k1#1011: ci: Enable -g if we set CFLAGS manually
72de1359e9 ci: Enable -g if we set CFLAGS manually
74c34e727b Merge bitcoin-core/secp256k1#1009: refactor: Use (int)&(int) in boolean context to avoid compiler warning
16d132215c refactor: Use (int)&(int) in boolean context to avoid compiler warning
c74a7b7e51 Merge bitcoin-core/secp256k1#1007: doc: Replace apoelstra's GPG key by jonasnick's GPG key
3b157c48ed doc: Suggest keys.openpgp.org as keyserver in SECURITY.md
73a7472cd0 doc: Replace apoelstra's GPG key by jonasnick's GPG key
515a5dbd02 Merge bitcoin-core/secp256k1#991: Merge all "external" benchmarks into a single bench binary
af6abcb3d0 Make bench support selecting which benchmarks to run
9f56bdf5b9 Merge bench_schnorrsig into bench
3208557ae1 Merge bench_recover into bench
855e18d8a8 Merge bench_ecdh into bench
2a7be678a6 Combine bench_sign and bench_verify into single bench
8fa41201bd Merge bitcoin-core/secp256k1#1002: Make aux_rnd32==NULL behave identical to 0x0000..00.
5324f8942d Make aux_rnd32==NULL behave identical to 0x0000..00.
21c188b3c5 Merge bitcoin-core/secp256k1#943: VERIFY_CHECK precondition for secp256k1_fe_set_int.
3e7b2ea194 Merge bitcoin-core/secp256k1#999: bench_ecmult: improve clarity of output
23e2f66726 bench: don't return 1 in have_flag() if argc = 1
96b1ad2ea9 bench_ecmult: improve clarity of output
20d791edfb Merge bitcoin-core/secp256k1#989: Shared benchmark format for command line and CSV outputs
aa1b889b61 Merge bitcoin-core/secp256k1#996: Fix G.y parity in sage code
044d956305 Fix G.y parity in sage code
b4b130678d create csv file from the benchmark output
26a255beb6 Shared benchmark format for command line and CSV outputs
9526874d14 Merge bitcoin-core/secp256k1#810: Avoid overly-wide multiplications in 5x52 field mul/sqr
920a0e5fa6 Merge bitcoin-core/secp256k1#952: Avoid computing out-of-bounds pointer.
f34b5cae03 Merge bitcoin-core/secp256k1#983: [RFC] Remove OpenSSL testing support
297ce82091 Merge bitcoin-core/secp256k1#966: Make aux_rand32 arg to secp256k1_schnorrsig_sign const
2888640132 VERIFY_CHECK precondition for secp256k1_fe_set_int.
d49011f54c Make _set_fe_int( . , 0 ) set magnitude to 0
bc08599e77 Remove OpenSSL testing support
10f9bd84f4 Merge bitcoin-core/secp256k1#987: Fix unused parameter warnings when building without VERIFY
189f6bcfef Fix unused parameter warnings when building without VERIFY
da0092bccc Merge bitcoin-core/secp256k1#986: tests: remove `secp256k1_fe_verify` from tests.c and modify `_fe_from_storage` to call `_fe_verify`
d43993724d tests: remove `secp256k1_fe_verify` from tests.c and modify `secp256k1_fe_from_storage` to call `secp256k1_fe_verify`
2a3a97c665 Merge bitcoin-core/secp256k1#976: `secp256k1_schnorrsig_sign_internal` should be static
aa5d34a8fe Merge bitcoin-core/secp256k1#783: Make the public API docs more consistent and explicit
72713872a8 Add missing static to secp256k1_schnorrsig_sign_internal
db4667d5e0 Make aux_rand32 arg to secp256k1_schnorrsig_sign const
9a5a87e0f1 Merge bitcoin-core/secp256k1#956: Replace ecmult_context with a generated static array.
20abd52c2e Add tests for pre_g tables.
6815761cf5 Remove ecmult_context.
f20dcbbad1 Correct typo.
16a3cc07e8 Generate ecmult_static_pre_g.h
8de2d86a06 Bump memory limits in advance of making the ecmult context static.
d7ec49a689 Merge bitcoin-core/secp256k1#969: ci: Fixes after Debian release
5d5c74a057 tests: Rewrite code to circument potential bug in clang
3d2f492ceb ci: Install libasan6 (instead of 5) after Debian upgrade
adec5a1638 Add missing null check for ctx and input keys in the public API
f4edfc7581 Improve consistency for NULL arguments in the public interface
9be7b0f083 Avoid computing out-of-bounds pointer.
b53e0cd61f Avoid overly-wide multiplications

git-subtree-dir: src/secp256k1
git-subtree-split: 0559fc6e41b65af6e52c32eb9b1286494412a162

2021-12-15 09:19:50 -05:00

Pieter Wuille

67f232b5d8

Squashed 'src/secp256k1/' changes from b19c000063..2ed54da18a

2ed54da18a Merge #755: Recovery signing: add to constant time test, and eliminate non ct operators
28609507e7 Add tests for the cmov implementations
73596a85a2 Add ecdsa_sign_recoverable to the ctime tests
2876af4f8d Split ecdsa_sign logic into a new function and use it from ecdsa_sign and recovery
5e1c885efb Merge #754: Fix uninit values passed into cmov
f79a7adcf5 Add valgrind uninit check to cmovs output
05d315affe Merge #752: autoconf: Use ":" instead of "dnl" as a noop
a39c2b09de Fixed UB(arithmetics on uninit values) in cmovs
3a6fd7f636 Merge #750: Add macOS to the CI
5e8747ae2a autoconf: Use ":" instead of "dnl" as a noop
71757da5cc Explictly pass SECP256K1_BENCH_ITERS to the benchmarks in travis.sh
99bd661d71 Replace travis_wait with a loop printing "\a" to stdout every minute
bc818b160c Bump travis Ubuntu from xenial(16.04) to bionic(18.04)
0c5ff9066e Add macOS support to travis
b6807d91d8 Move travis script into a standalone sh file
f39f99be0e Merge #701: Make ec_ arithmetic more consistent and add documentation
39198a03ea Merge #732: Retry if r is zero during signing
59a8de8f64 Merge #742: Fix typo in ecmult_const_impl.h
4e284655d9 Fix typo in ecmult_const_impl.h
f862b4ca13 Merge #740: Make recovery/main_impl.h non-executable
ffef45c98a Make recovery/main_impl.h non-executable
2361b3719a Merge #735: build: fix OpenSSL EC detection on macOS
3b7d26b23c build: add SECP_TEST_INCLUDES to bench_verify CPPFLAGS
84b5fc5bc3 build: fix OpenSSL EC detection on macOS
37ed51a7ea Make ecdsa_sig_sign constant-time again after reverting 25e3cfb
93d343bfc5 Revert "ecdsa_impl: replace scalar if-checks with VERIFY_CHECKs in ecdsa_sig_sign"
7e3952ae82 Clarify documentation of tweak functions.
89853a0f2e Make tweak function documentation more consistent.
41fc785602 Make ec_privkey functions aliases for ec_seckey_negate, ec_seckey_tweak_add and ec_seckey_mul
22911ee6da Rename private key to secret key in public API (with the exception of function names)
5a73f14d6c Mention that value is unspecified for In/Out parameters if the function returns 0
f03df0e6d7 Define valid ECDSA keys in the documentation of seckey_verify
5894e1f1df Return 0 if the given seckey is invalid in privkey_negate, privkey_tweak_add and privkey_tweak_mul
8f814cddb9 Add test for boundary conditions of scalar_set_b32 with respect to overflows
3fec982608 Use scalar_set_b32_seckey in ecdsa_sign, pubkey_create and seckey_verify
9ab2cbe0eb Add scalar_set_b32_seckey which does the same as scalar_set_b32 and also returns whether it's a valid secret key
4f27e344c6 Merge #728: Suppress a harmless variable-time optimization by clang in memczero
01993878bb Add test for memczero()
52a03512c1 Suppress a harmless variable-time optimization by clang in memczero
8f78e208ad Merge #722: Context isn't freed in the ECDH benchmark
ed1b91171a Merge #700: Allow overriding default flags
85b35afa76 Add running benchmarks regularly and under valgrind in travis
ca4906b02e Pass num of iters to benchmarks as variable, and define envvar
02dd5f1bbb free the ctx at the end of bench_ecdh
e9fccd4de1 Merge #708: Constant-time behaviour test using valgrind memtest.
08fb6c4926 Run valgrind_ctime_test in travis
3d2302257f Constant-time behaviour test using valgrind memtest.
96d8ccbd16 Merge #710: Eliminate harmless non-constant time operations on secret data.
0585b8b2ee Merge #718: Clarify that a secp256k1_ecdh_hash_function must return 0 or 1
7b50483ad7 Adds a declassify operation to aid constant-time analysis.
34a67c773b Eliminate harmless non-constant time operations on secret data.
ca739cba23 Compile with optimization flag -O2 by default instead of -O3
eb45ef3384 Clarify that a secp256k1_ecdh_hash_function must return 0 or 1
856a01d6ad Merge #714: doc: document the length requirements of output parameter.
d72b9e2483 Merge #682: Remove Java Native Interface
4b48a43106 doc: document the length requirements of output parameter.
1b4d256e2e Merge #713: Docstrings
dabfea7e21 field: extend docstring of secp256k1_fe_normalize
dc7d8fd9e2 scalar: extend docstring of secp256k1_scalar_set_b32
074ab582dd Merge #704: README: add a section for test coverage
acb7f97eb8 README: add a section for test coverage
227a4f2d07 Merge #709: Remove secret-dependant non-constant time operation in ecmult_const.
d567b779fe Clarify comments about use of rzr on ge functions and abs function.
2241ae6d14 Remove secret-dependant non-constant time operation in ecmult_const.
642cd062bd Remove Java Native Interface
83fb1bcef4 Remove -O2 from default CFLAGS because this would override the -O3 flag (see AC_PROG_CC in the Autoconf manual)
ecba8138ec Append instead of Prepend user-CFLAGS to default CFLAGS allowing the user to override default variables
613c34cd86 Remove test in configure.ac because it doesn't have an effect
f45d897101 Merge #703: Overhaul README.md
2e759ec753 Overhaul README.md
d644dda5c9 Merge #689: Remove "except in benchmarks" exception for fp math
bde2a32286 Convert bench.h to fixed-point math
387d723c3f Merge #679: Add SECURITY.md
0db61d25c9 Merge #685: Fix issue where travis does not show the ./tests seed…
a0771d15e6 Explicitly disable buffering for stderr in tests
fb424fbba2 Make travis show the ./tests seed by removing stdout buffering and always cat tests.log after a travis run.
22a6031184 Merge #690: Add valgrind check to travis
544002c008 Merge #678: Preventing compiler optimizations in benchmarks without a memory fence
dd98cc988f travis: Added a valgrind test without endro and enabled recovery+ecdh
b4c1382a87 Add valgrind check to travis
0c774d89e6 Merge #688: Fix ASM setting in travis
5c5f71eea5 Fix ASM setting in travis
e2625f8a98 Merge #684: Make no-float policy explicit
bae1bea3c4 Make no-float policy explicit
78c3836341 Add SECURITY.md
362bb25608 Modified bench_scalar_split so it won't get optimized out
73a30c6b58 Added accumulators and checks on benchmarks so they won't get optimized out
770b3dcd6f Merge #677: Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var
b76142ff25 Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var which was removed in 47045270fa90f81205d989f7107769bce1e71c4d
137d304a6b Merge #647: Increase robustness against UB in secp256k1_scalar_cadd_bit
0d9540b13f Merge #664: Remove mention of ec_privkey_export because it doesn't exist
59782c68b4 Remove mention of ec_privkey_export because it doesn't exist
96cd94e385 Merge #337: variable sized precomputed table for signing
dcb2e3b3ff variable signing precompute table
b4bff99028 Merge #661: Make ./configure string consistent
a467047e11 Make ./configure string consistent
e729cc7f5a Merge #657: Fix a nit in the recovery tests
b64a2e2597 Fix a nit in the recovery tests
e028aa33d3 Merge #650: secp256k1/src/tests.c:  Properly handle sscanf return value
f1e11d363d Merge #654: Fix typo (∞)
ef83281c3a Merge pull request #656 from real-or-random/patch-1
556caad2ca Fix typo in docs for _context_set_illegal_callback
0d82732a9a Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit. This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow.
786dfb49f5 Merge #583: JNI: fix use sig array
e95f8ab098 Merge #644: Avoid optimizing out a verify_check
384f55606a Merge #652: README.md: update instruction to run tests
ee56accd47 Merge #651: Fix typo in secp256k1_preallocated.h
7b9b117230 Merge #640: scalar_impl.h: fix includes
d99bec2e21 Merge #655: jni: Use only Guava for hex encoding and decoding
2abcf951af jni: Use only Guava for hex encoding and decoding
271582b3b7 Fix typo
ce6d438266 README.md: update instruction to run tests
b1e68cb8e6 Fix typo in secp256k1_preallocated.h
a11c76c59a secp256k1/src/tests.c:  Properly handle sscanf return value
8fe63e5654 Increase robustness against UB. Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour. While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands.
94ae7cbf83 Moved a dereference so the null check will be before the dereferencing
2cb73b1064 scalar_impl.h: fix includes
fa33017135 Merge #634: Add a descriptive comment for secp256k1_ecmult_const.
ee9e68cd30 Add a descriptive comment for secp256k1_ecmult_const.
d0d738d32d Merge #631: typo in comment for secp256k1_ec_pubkey_tweak_mul ()
6914c25276 typo in comment for secp256k1_ec_pubkey_tweak_mul ()
e541a90ef6 Merge #629: Avoid calling _is_zero when _set_b32 fails.
f34b0c3f35 Merge #630: Note intention of timing sidechannel freeness.
8d1563b0ff Note intention of timing sidechannel freeness.
1669bb2865 Merge #628: Fix ability to compile tests without -DVERIFY.
ecc94abcc8 Merge #627: Guard memcmp in tests against mixed size inputs.
544435fc90 Merge #578: Avoid implementation-defined and undefined behavior when dealing with sizes
143dc6e9ee Merge #595: Allow to use external default callbacks
e49f7991c2 Add missing #(un)defines to base-config.h
77defd2c3b Add secp256k1_ prefix to default callback functions
908bdce64e Include stdio.h and stdlib.h explicitly in secp256k1.c
5db782e655 Allow usage of external default callbacks
6095a863fa Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return
cd473e02c3 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails.
6c36de7a33 Merge #600: scratch space: use single allocation
98836b11f0 scratch: replace frames with "checkpoint" system
7623cf2b97 scratch: save a couple bytes of unnecessarily-allocated memory
a7a164f2c6 scratch: rename `max_size` to `size`, document that extra will actually be allocated
5a4bc0bb95 scratch: unify allocations
c2b028a281 scratch space: thread `error_callback` into all scratch space functions
0be1a4ae62 scratch: add magic bytes to beginning of structure
92a48a764d scratch space: use single allocation
40839e21b9 Merge #592: Use trivial algorithm in ecmult_multi if scratch space is small
dcf392027b Fix ability to compile tests without -DVERIFY.
a484e0008b Merge #566: Enable context creation in preallocated memory
0522caac8f Explain caller's obligations for preallocated memory
238305fdbb Move _preallocated functions to separate header
695feb6fbd Export _preallocated functions
814cc78d71 Add tests for contexts in preallocated memory
ba12dd08da Check arguments of _preallocated functions
5feadde462 Support cloning a context into preallocated memory
c4fd5dab45 Switch to a single malloc call
ef020de16f Add size constants for preallocated memory
1bf7c056ba Prepare for manual memory management in preallocated memory
248bffb052 Guard memcmp in tests against mixed size inputs.
36698dcfee Merge #596: Make WINDOW_G configurable
a61a93ff50 Clean up ./configure help strings
2842dc523e Make WINDOW_G configurable
1a02d6ce51 Merge #626: Revert "Merge #620: Install headers automatically"
662918cb29 Revert "Merge #620: Install headers automatically"
14c7dbd444 Simplify control flow in DER parsing
ec8f20babd Avoid out-of-bound pointers and integer overflows in size comparisons
01ee1b3b3c Parse DER-enconded length into a size_t instead of an int
912680ed86 Merge #561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config
91fae3ace0 Merge #620: Install headers automatically
5df77a0eda Merge #533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...)
975e51e0d9 Merge #617: Pass scalar by reference in secp256k1_wnaf_const()
735fbde04e Merge #619: Clear a copied secret key after negation
16e86150d0 Install headers automatically
069870d92a Clear a copied secret key after negation
8979ec0d9a Pass scalar by reference in secp256k1_wnaf_const()
84a808598b Merge #612: Allow field_10x26_arm.s to compile for ARMv7 architecture
d4d270a59c Allow field_10x26_arm.s to compile for ARMv7 architecture
248f046611 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...)
9ab96f7b12 Use trivial algorithm in ecmult_multi if scratch space is small
dbed75d969 Undefine `STATIC_PRECOMPUTATION` if using the basic config
310111e093 Keep LDFLAGS if `--coverage`
74e2dbd68e JNI: fix use sig array
3cb057f842 Fix possible integer overflow in DER parsing

git-subtree-dir: src/secp256k1
git-subtree-split: 2ed54da18add295668ec71c91534b640d2cc029b

2020-06-09 13:39:09 -07:00

3 commits