Upstream PRs 831, 907, 903, 889, 918, 906, 928, 922, 933, Merge bitcoin-core/secp256k1#936: Fix gen_context/ASM build on ARM, 925, 937, 926, Merge bitcoin-core/secp256k1#940: contrib: Explain explicit header guards, 850, 930, 941, 846, 947, 662, 950 #132
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was detected while running the tests with the `-Wconditional-uninitialized` flag ``` ./autogen.sh CC=clang CFLAGS="-Wconditional-uninitialized" ./configure make check ``` The resulting warning is a false positive, but setting the value to -1 ensures that the CHECK below will fail if recid is never written to.
This compiler flag is available for clang but not gcc.
Test plan:
```
autogen.sh
./configure
make check
CC=clang ./configure
make check
```
If a variable is used uninitialized, the warning should look something
like:
```
CC src/tests-tests.o
src/tests.c:4336:15: warning: variable 'recid' may be uninitialized when used here [-Wconditional-uninitialized]
CHECK(recid >= 0 && recid < 4);
^~~~~
./src/util.h:54:18: note: expanded from macro 'CHECK'
if (EXPECT(!(cond), 0)) { \
^~~~
./src/util.h:41:39: note: expanded from macro 'EXPECT'
^
src/tests.c:4327:14: note: initialize the variable 'recid' to silence this warning
int recid;
^
= 0
1 warning generated.
```
These functions count the number of trailing zeroes in non-zero integers.
Refactored by: Pieter Wuille <pieter@wuille.net>
This adds a long comment explaining the algorithm and implementation choices by building it up step by step in Python. Comments in the code are also reworked/added, with references to the long explanation.
This adds tests for the modinv{32,64}_impl.h directly (before the functions are used
inside the field/scalar code). It uses a naive implementation of modular multiplication
and gcds in order to verify the modular inverses themselves.
This commit adds functions to verify and compare numbers in signed{30,62} notation,
and uses that to do more extensive bounds checking on various variables in the modinv
code.
This temporarily duplicates the inversion code across the 4x64 and 8x32 implementations. Those implementations will be replaced in a later commit.
This temporarily duplicates the inversion code across the 5x52 and 10x26 implementations. Those implementations will be replaced in a next commit.
Add a new run_inverse_tests that replaces all existing field/scalar inverse tests, and tests a few identities for fixed inputs, small numbers (-999...999), random inputs (structured and unstructured), as well as comparing with the output of secp256k1_fe_inv_all_var.
No exposed functions rely on Jacobi symbol computation anymore. Remove it; it can always be brough back later if needed.
The whole "num" API and its libgmp-based implementation are now unused. Remove them.
Both the field and scalar modulus can be written in signed{30,62} notation
with one or more zero limbs. Make use of this in the update_de function to
avoid a few wide multiplications when that is the case.
This doesn't appear to be a win in the 32-bit implementation, so only
do it for the 64-bit one.
…bits This only seems to be a win on 64-bit platforms, so only do it there. Refactored by: Pieter Wuille <pieter@wuille.net>
…te_fg_var The magnitude of the f and g variables generally goes down as the algorithm progresses. Make use of this by keeping tracking how many limbs are used, and when the number becomes small enough, make use of this to reduce the complexity of arithmetic on them. Refactored by: Pieter Wuille <pieter@wuille.net>
24ad04f Make scalar_inverse{,_var} benchmark scale with SECP256K1_BENCH_ITERS (Pieter Wuille) ebc1af7 Optimization: track f,g limb count and pass to new variable-time update_fg_var (Peter Dettman) b306935 Optimization: use formulas instead of lookup tables for cancelling g bits (Peter Dettman) 9164a1b Optimization: special-case zero modulus limbs in modinv64 (Pieter Wuille) 1f233b3 Remove num/gmp support (Pieter Wuille) 20448b8 Remove unused Jacobi symbol support (Pieter Wuille) 5437e7b Remove unused scalar_sqr (Pieter Wuille) aa9cc52 Improve field/scalar inverse tests (Pieter Wuille) 1e0e885 Make field/scalar code use the new modinv modules for inverses (Pieter Wuille) 436281a Move secp256k1_fe_inverse{_var} to per-impl files (Pieter Wuille) aa404d5 Move secp256k1_scalar_{inverse{_var},is_even} to per-impl files (Pieter Wuille) 08d5496 Improve bounds checks in modinv modules (Pieter Wuille) 151aac0 Add tests for modinv modules (Pieter Wuille) d8a92fc Add extensive comments on the safegcd algorithm and implementation (Pieter Wuille) 8e415ac Add safegcd based modular inverse modules (Peter Dettman) de0a643 Add secp256k1_ctz{32,64}_var functions (Pieter Wuille) Pull request description: This is a rebased and squashed version of #767, adding safegcd-based implementations of constant-time and variable-time modular inverses for scalars and field elements, by Peter Dettman. The PR is organized as follows: * **Add secp256k1_ctz{32,64}_var functions** Introduction of ctz functions to util.h (which use `__builtin_ctz` on recent GCC and Clang, but fall back to using a software emulation using de Bruijn on other platforms). This isn't used anywhere in this commit, but does include tests. * **Add safegcd based modular inverse modules** Add Peter Dettman's safegcd code from #767 (without some of his optimizations, which are moved to later commits), turned into separate modules by me. * **Add extensive comments on the safegcd algorithm and implementation** Add a long description of the algorithm and optimizations to `doc/safegcd_implementation.md`, as well as additional comments to the code itself. It is probably best to review this together with the previous commit (they're separated to keep authorship). * **Add tests for modinv modules** Adds tests on the modinv interface directly, for arbitrary moduli. * **Improve bounds checks in modinv modules** Adds a lot of sanity checking to the modinv modules. * **Move secp256k1_scalar_{inverse{_var},is_even} to per-impl files** A pure refactor to prepare for switching the field and scalar code to modinv. * **Make field/scalar code use the new modinv modules for inverses** Actually switch over. * **Add extra modular inverse tests** This adds modular inverse tests through the field/scalar interface, now that those use modinv. * **Remove unused Jacobi symbol support** No longer needed. * **Remove num/gmp support** Bye-bye. * 3 commits with further optimizations. ACKs for top commit: gmaxwell: ACK 24ad04f sanket1729: ACK 24ad04f real-or-random: ACK 24ad04f careful code review, some testing Tree-SHA512: 732fe29315965e43ec9a10ee8c71eceeb983c43fe443da9dc5380a5a11b5e40b06e98d6abf67b773b1de74571fd2014973c6376f3a0caeac85e0cf163ba2144b
4504472 changed import to use brackets <> for openssl as they are not local to the project (William Bright) Pull request description: ACKs for top commit: real-or-random: ACK 4504472 jonasnick: ACK 4504472 Tree-SHA512: e35c202835a82dab5fe9f2f75e7752e70b15d5d2ee7485790749f145b35e8e995c4978b4015c726387c24248a7efb636d28791fe882581a144a0ddfb27e14075
23c3fb6 Make argument of fe_normalizes_to_zero{_var} const (Pieter Wuille) Pull request description: ACKs for top commit: real-or-random: ACK 23c3fb6 diff looks good jonasnick: ACK 23c3fb6 Tree-SHA512: a51894a9e59851dc4854e92e4200ef6d12a11f6785b903c23585cfff5ef8d369216f4121260fe8789d46d3e215f3c2baa42decae99ab9328e8081f5274e67fab
99a1cfe print warnings for conditional-uninitialized (PiRK) 3d2cf6c initialize variable in tests (PiRK) Pull request description: ACKs for top commit: real-or-random: ACK 99a1cfe code inspection jonasnick: ACK 99a1cfe Tree-SHA512: 72f92f51c44210ab54f166920f540525db0e3d1f19a2fa56e4a6d157a38a582f9dc649d919cf3278482c9fd723021b07759284a8fccbc574b62a22aac0facf51
Instead of using eta=-delta, use zeta=-(delta+1/2) to represent delta. This variant only needs at most 590 iterations for 256-bit inputs rather than 724 (by convex hull bounds analysis).
Before this commit, gen_context.c both included libsecp256k1-config.h and basic-config.h: The former only to obtain ECMULT_GEN_PREC_BITS and the latter to obtain a basic working configuration to be able to use the library. This was inelegant and confusing: It meant that basic-config.h needs to #undef all the macros defined in libsecp256k1-config.h. Moreover, it meant that basic-config.h cannot define ECMULT_GEN_PREC_BITS, essentially making this file specific for use in gen_context.c. After this commit, gen_context.c include only libsecp256k1-config.h. basic-config.h is not necessary anymore for the modules used in gen_context.c because 79f1f7a made the preprocessor detect all the relevant config options. On the way, we remove an unused #define in basic-config.h.
set ECMULT_GEN_PREC_BITS to the "auto" value of 4 in basic_config.h, so libsecp can be used without autoconf
8f879c2 Fix array size in bench_ecmult (Jonas Nick) 2fe1b50 Add ecmult_gen, ecmult_const and ecmult to benchmark (Jonas Nick) 593e6ba Clean up ecmult_bench to make space for more benchmarks (Jonas Nick) Pull request description: I was trying to determine the impact of ecmult_gen in schnorrsig signing and noticed that there is no way to bench this right now. The new benchmarks look like this: ``` $ ./bench_ecmult ecmult_gen: min 20.9us / avg 21.2us / max 21.7us ecmult_const: min 63.9us / avg 64.3us / max 64.8us ecmult 1: min 49.4us / avg 49.7us / max 50.3us ecmult 1g: min 39.8us / avg 40.0us / max 40.3us ecmult 2g: min 27.2us / avg 27.3us / max 27.8us ecmult_multi 1g: min 39.8us / avg 40.0us / max 40.2us ecmult_multi 2g: min 27.2us / avg 27.4us / max 27.7us ecmult_multi 3g: min 22.8us / avg 22.9us / max 23.1us ecmult_multi 4g: min 20.6us / avg 20.8us / max 21.1us ecmult_multi 5g: min 19.3us / avg 19.5us / max 19.7us ``` (Turns out ecmult_gen is 37% of the 55.8us that schnorrsig sign takes) ACKs for top commit: real-or-random: ACK 8f879c2 elichai: tACK 8f879c2 Tree-SHA512: 8a739f5de1e2c0467c8d1c3ceeaf453b396a470ea0e8e5bef15fe1b32f3f9633b6b1c7e2ce1d94d736cf3e9adecd8f4f983ad4ba37450cd5991767f1a95db85c
This reverts commit 20448b8. The removed functions secp256k1_ge_set_xquad and secp256k1_fe_is_quad_var are required for some modules in secp256k1-zkp.
|
We need to tweak the cirrus config. Ubsan builds: |
jonasnick
force-pushed
the
temp-merge-950
branch
from
492d3ff
to
f6d9f02
Compare
|
Hm, still timeout... It's also possible to double the timeouts: https://cirrus-ci.org/faq/#instance-timed-out |
jonasnick
force-pushed
the
temp-merge-950
branch
2 times, most recently
from
8c9c5c5
to
40d6a5b
Compare
|
Cool, that worked! |
|
@jonasnick If you run a |
jonasnick
force-pushed
the
temp-merge-950
branch
from
40d6a5b
to
1b28cfd
Compare
|
@jesseposner Line 245 has coverage with (and without this PR) according to my test run. Also, I don't know how the commit could have affected that line. The error at line 343 is unreachable now, so I added an explanation as a comment and removed the test case entirely. |
jesseposner
reviewed
Jun 22, 2021
| * Proof: | ||
| * eckey_pubkey_serialize fails <=> deckey = 0 | ||
| * deckey = 0 <=> s^-1 = 0 or sp = 0 | ||
| * case 1: s^-1 = 0 impossible by the definition of multiplicative inverse |
There was a problem hiding this comment.
While it's true that it's definitionally impossible, if secp256k1_scalar_inverse doesn't check for an overflow, then it can return 0 when s is equal to the curve order q. Neither the implementation on master nor the scalar_low_impl.h implementation implementation in this PR check for an overflow.
This PR adds a new secp256k1_scalar_inverse implementation in scalar_4x64_impl.h and scalar_8x32_impl.h. This new implementation calls to either secp256k1_scalar_to_signed62 or secp256k1_scalar_to_signed30, which in turn check for an overflow (at https://github.com/ElementsProject/secp256k1-zkp/pull/132/files#diff-334ffa39c358290caf0eadd32018e5d9276ea2e76416f28a34b981e59b56a9d9R918 and https://github.com/ElementsProject/secp256k1-zkp/pull/132/files#diff-4112c4b434fd39c8722830f9daf1db7b2feb89cfd73a69c57c4a575575ee9cedR792 respectively), but only if the VERIFY macro is defined.
There was a problem hiding this comment.
But s doesn't overflow (it was just loaded from the ecdsa signature).
There was a problem hiding this comment.
The ecdsa signature can contain an s that is equal to the curve order q. When this happens in the implementation on master then secp256k1_scalar_inverse will write 0 to deckey, and the error at line 343 will be reached. With this PR, that is no longer the case because the secp256k1_scalar_inverse implementation has changed such that, if the VERIFY macro is defined then the following check will fail VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0) when s is equal to q.
I also just checked to see what happens if VERIFY is not defined, and with the new implementation secp256k1_scalar_inverse writes 1 to deckey instead of 0, so even without VERIFY, the error at line 343 will not be reached in the new implementation. So it is correct to say that line 343 is unreachable with the new implementation (assuming scalar_low_impl.h is not used). But this depends on the implementation of secp256k1_scalar_inverse, and is not impossible, as is demonstrated by the test case on master which reaches line 343.
There was a problem hiding this comment.
Ok, I tweaked the comment such that it says that it's unreachable by the tests because scalar_inverse checks for valid inputs in that case (since VERIFY is defined).
jesseposner
reviewed
Jun 23, 2021
| @@ -1105,12 +1105,6 @@ void adaptor_tests(void) { | |||
| secp256k1_ecdsa_signature sig_tmp; | |||
There was a problem hiding this comment.
sig_tmp is no longer used with the removal of the test at 1122.
|
@jonasnick I'm finding that line 245 doesn't have coverage consistently because of the buffer fix at 01dfb69. It can get coverage depending on whether the random bit flip causes deserialization to fail, but it doesn't always cause it to fail. The small buffer was causing the deserialization to fail, although that was undermining the purpose of the random bit flip test, so it's good that you fixed it. To make sure we hit the deserialization error perhaps another test case should be added: {
/* Test failed adaptor sig deserialization */
unsigned char adaptor_sig_tmp[162];
memset(&adaptor_sig_tmp, 0xFF, 162);
CHECK(secp256k1_ecdsa_adaptor_verify(ctx, adaptor_sig_tmp, &pubkey, msg, &enckey) == 0);
} |
jonasnick
force-pushed
the
temp-merge-950
branch
from
1b28cfd
to
3298b75
Compare
|
@jesseposner thanks for figuring this out. I added your suggested test case. |
jonasnick
force-pushed
the
temp-merge-950
branch
from
3298b75
to
f09497e
Compare
Previously the ECDSA signature had an overflowing s value, which after the sync with upstream results in a failing VERIFY_CHECK in the inversion function. However, normally parsed signatures shouldn't contain overflowing s values.
Also add a specific test that fails adaptor sig deserialization because with the correct size buffer that's not guaranteed anymore with the existing test.
apoelstra
added a commit
to apoelstra/elements
that referenced
this pull request
Jul 28, 2021
5d2df054196 Merge BlockstreamResearch/secp256k1-zkp#120: Add MuSig Key Aggregation spec fc26ca8ddef musig: remove unnecessary constant time normalize in combine 48f63efe683 musig: remove unnecessary branch in pubkey_tweak_add 5860b5e0fe7 musig: do not also require schnorrsig module config flag f27fd1d5e75 musig: improve test coverage of pubkey_combine 56014e8ca01 musig: change pubkey_combine arg to array of pointers to pks 08fa02d5791 musig: add key aggregation spec draft 4a9b059b16d musig: rename Musig coefficient to KeyAgg coefficient 4bc46d836e7 musig: optimize key aggregation using const 1 for 2nd key 2310849f50f musig: compute musig coefficient by hashing key instead of index 9683c8a7eb6 musig: add static test vectors for key aggregation 9b3d7bf5361 extrakeys: add xonly_sort function f31affd8a61 extrakeys: add hsort, in-place, iterative heapsort d9560e0af78 Merge BlockstreamResearch/secp256k1-zkp#136: Eliminate a wrong -Wmaybe-uninitialized warning in GCC 6db00f5b2e0 Merge BlockstreamResearch/secp256k1-zkp#132: Upstream PRs 831, 907, 903, 889, 918, 906, 928, 922, 933, Merge bitcoin-core/secp256k1#936: Fix gen_context/ASM build on ARM, 925, 937, 926, Merge bitcoin-core/secp256k1#940: contrib: Explain explicit header guards, 850, 930, 941, 846, 947, 662, 950 cc0b279568d Eliminate a wrong -Wmaybe-uninitialized warning in GCC f09497ea3e0 CI: tweak cirrus.yml to prevent OOM and timeout w sanitizer/valgrind 7226cf215aa ecdsa_adaptor: fix too small buffer in tests b053e853d4f ecdsa_adaptor: fix test case with invalid signature 91b64770c3b Merge BlockstreamResearch/secp256k1-zkp#135: sync-upstream: fix "end" parameter for specifying range 907633e2e9a sync-upstream: fix "end" parameter for specifying range 394f49fd1a6 sync-upstream: quote variables 1bb5db3d602 Merge BlockstreamResearch/secp256k1-zkp#134: sync-upstream: parse merge commits w/ and w/o repo identifier 9321d42f751 sync-upstream: parse merge commits w/ and w/o repo identifier d27e4598610 Revert "Remove unused Jacobi symbol support" edcacc2b2ec Merge commits '26de4dfe 6e898534 c083cc6e 1e5d50fa cc2c09e3 efad3506 7012a188 34388af6 98e0358d d0bd2693 185a6af2 6c52ae87 69394879 1e78c18d 202a030f bf0ac460 399722a6 3dc8c072 50f33677 7973576f 1758a92f ' into temp-merge-950 1758a92ffd8 Merge ElementsProject#950: ci: Add ppc64le build c58c4ea4707 ci: Add ppc64le build 7973576f6e3 Merge ElementsProject#662: Add ecmult_gen, ecmult_const and ecmult to benchmark 8f879c2887e Fix array size in bench_ecmult 2fe1b50df16 Add ecmult_gen, ecmult_const and ecmult to benchmark 593e6bad9c5 Clean up ecmult_bench to make space for more benchmarks 50f33677122 Merge ElementsProject#947: ci: Run PRs on merge result even for i686 a35fdd3478f ci: Run PRs on merge result even for i686 3dc8c072b6d Merge ElementsProject#846: ci: Run ASan/LSan and reorganize sanitizer and Valgrind jobs 02dcea1ad94 ci: Make test iterations configurable and tweak for sanitizer builds 489ff5c20a1 tests: Treat empty SECP2561_TEST_ITERS as if it was unset fcfcb97e74b ci: Simplify to use generic wrapper for QEMU, Valgrind, etc de4157f13ac ci: Run ASan/LSan and reorganize sanitizer and Valgrind jobs 399722a63ad Merge ElementsProject#941: Clean up git tree 09b3bb8648f Clean up git tree bf0ac460661 Merge ElementsProject#930: Add ARM32/ARM64 CI 202a030f7d1 Merge ElementsProject#850: add `secp256k1_ec_pubkey_cmp` method 1e78c18d5b8 Merge bitcoin-core/secp256k1#940: contrib: Explain explicit header guards 69394879b64 Merge ElementsProject#926: secp256k1.h: clarify that by default arguments must be != NULL 6eceec6d566 add `secp256k1_xonly_pubkey_cmp` method 0d9561ae879 add `secp256k1_ec_pubkey_cmp` method 22a9ea154a2 contrib: Explain explicit header guards 6c52ae87247 Merge ElementsProject#937: Have ge_set_gej_var, gej_double_var and ge_set_all_gej_var initialize all fields of their outputs. 185a6af2279 Merge ElementsProject#925: changed include statements without prefix 'include/' 14c9739a1fb tests: Improve secp256k1_ge_set_all_gej_var for some infinity inputs 4a19668c37b tests: Test secp256k1_ge_set_all_gej_var for all infinity inputs 3c90bdda95a change local lib headers to be relative for those pointing at "include/" dir 45b6468d7e3 Have secp256k1_ge_set_all_gej_var initialize all fields. Previous behaviour would not initialize r->y values in the case where infinity is passed in. Furthermore, the previous behaviour wouldn't initialize anything in the case where all inputs were infinity. 31c0f6de413 Have secp256k1_gej_double_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. dd6c3de3227 Have secp256k1_ge_set_gej_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. d0bd2693e30 Merge bitcoin-core/secp256k1#936: Fix gen_context/ASM build on ARM 8bbad7a18e5 Add asm build to ARM32 CI 7d65ed52142 Add ARM32/ARM64 CI c8483520c90 Makefile.am: Don't pass a variable twice 2161f31785e Makefile.am: Honor config when building gen_context 99f47c20ec4 gen_context: Don't use external ASM because it complicates the build 98e0358d297 Merge ElementsProject#933: Avoids a missing brace warning in schnorrsig/tests_impl.h on old compilers 99e2d5be0db Avoids a missing brace warning in schnorrsig/tests_impl.h on old compilers. 34388af6b6a Merge ElementsProject#922: Add mingw32-w64/wine CI build 7012a188e6e Merge ElementsProject#928: Define SECP256K1_BUILD in secp256k1.c directly. ed5a199bed6 tests: fopen /dev/urandom in binary mode ae9e648526c Define SECP256K1_BUILD in secp256k1.c directly. 4dc37bf81b5 Add mingw32-w64/wine CI build 0881633dfd0 secp256k1.h: clarify that by default arguments must be != NULL efad3506a89 Merge ElementsProject#906: Use modified divsteps with initial delta=1/2 for constant-time cc2c09e3a78 Merge ElementsProject#918: Clean up configuration in gen_context 07067967ee9 add ECMULT_GEN_PREC_BITS to basic_config.h a3aa2628c7b gen_context: Don't include basic-config.h be0609fd54a Add unit tests for edge cases with delta=1/2 variant of divsteps cd393ce2283 Optimization: only do 59 hddivsteps per iteration instead of 62 277b224b6ab Use modified divsteps with initial delta=1/2 for constant-time 376ca366db0 Fix typo in explanation 1e5d50fa93d Merge ElementsProject#889: fix uninitialized read in tests f3708a1ecb4 Merge ElementsProject#117: Add ECDSA adaptor signatures module 5710ebacb9e Merge ElementsProject#128: Make function argument name consistent with doc b0ffa923199 ecdsa_adaptor: add tests 6955af5ca89 ecdsa_adaptor: add ECDSA adaptor signature APIs c083cc6e52a Merge ElementsProject#903: Make argument of fe_normalizes_to_zero{_var} const 6e898534ff4 Merge ElementsProject#907: changed import to use brackets <> for openssl cc82ad5ab74 Make function argument name consistent with doc 4504472269d changed import to use brackets <> for openssl as they are not local to the project 26de4dfeb1f Merge ElementsProject#831: Safegcd inverses, drop Jacobi symbols, remove libgmp b508e5dd9b1 ecdsa_adaptor: add support for proof of discrete logarithm equality d8f336564fe ecdsa_adaptor: add nonce function and tags 654cd633f50 ecdsa_adaptor: initialize project 23c3fb629b9 Make argument of fe_normalizes_to_zero{_var} const 24ad04fc064 Make scalar_inverse{,_var} benchmark scale with SECP256K1_BENCH_ITERS ebc1af700f9 Optimization: track f,g limb count and pass to new variable-time update_fg_var b306935ac12 Optimization: use formulas instead of lookup tables for cancelling g bits 9164a1b6582 Optimization: special-case zero modulus limbs in modinv64 1f233b3fa05 Remove num/gmp support fac477f822a Merge ElementsProject#126: Upstream PRs ElementsProject#854 ElementsProject#852 ElementsProject#857 ElementsProject#858 ElementsProject#860 ElementsProject#845 ElementsProject#862 ElementsProject#875 ElementsProject#878 ElementsProject#874 ElementsProject#877 ElementsProject#880 ElementsProject#864 ElementsProject#882 ElementsProject#894 ElementsProject#891 ElementsProject#901 20448b8d09a Remove unused Jacobi symbol support 5437e7bdfbf Remove unused scalar_sqr aa9cc521800 Improve field/scalar inverse tests 1e0e885c8ac Make field/scalar code use the new modinv modules for inverses 436281afdcb Move secp256k1_fe_inverse{_var} to per-impl files aa404d53bef Move secp256k1_scalar_{inverse{_var},is_even} to per-impl files 08d54964e51 Improve bounds checks in modinv modules 6a7861f646f Merge ElementsProject#127: sync-upstream: Create proper links to upstream PRs 4091e619248 cirrus: increase timeout for macOS tasks 136ed8f84d9 sync-upstream: Fix output of command to reproduce 38f1e777d49 sync-upstream: Create proper links to upstream PRs 79d4c3ac681 whitelist: add SECP_INCLUDES to bench_whitelist CPPFLAGS 649bf201d85 musig: fix tests for 32-bit 151aac00d31 Add tests for modinv modules d8a92fcc4c6 Add extensive comments on the safegcd algorithm and implementation 8e415acba25 Add safegcd based modular inverse modules de0a643c3dc Add secp256k1_ctz{32,64}_var functions d4ca81f48e9 Merge commits 'dc6e5c3a 2d9e7175 b61f9da5 98dac878 8c727b90 328aaef2 f2d9aeae b732701f db726782 5671e5f3 a4abaab7 659d0d47 f8c0b57e 24d1656c 3a8b47bc ebdba03c 4c3ba88c ' into temp-merge-901 4c3ba88c3a8 Merge ElementsProject#901: ci: Switch all Linux builds to Debian and more improvements 9361f360bb0 ci: Select number of parallel make jobs depending on CI environment 28eccdf8064 ci: Split output of logs into multiple sections c7f754fe4d5 ci: Run PRs on merge result instead of on the source branch b994a8be3cf ci: Print information about binaries using "file" f24e122d13d ci: Switch all Linux builds to Debian ebdba03cb56 Merge ElementsProject#891: build: Add workaround for automake 1.13 and older 3a8b47bc6d1 Merge ElementsProject#894: ctime_test: move context randomization test to the end 6da00ec6245 Merge pull request ElementsProject#124 from apoelstra/2021-02--rename-klepto e354c5751d6 ecdsa_s2c: rename anti-klepto to anti-exfil 7d3497cdc4c ctime_test: move context randomization test to the end 99a1cfec174 print warnings for conditional-uninitialized 3d2cf6c5bd3 initialize variable in tests f329bba2442 build: Add workaround for automake 1.13 and older 24d1656c328 Merge ElementsProject#882: Use bit ops instead of int mult for constant-time logic in gej_add_ge e491d06b98c Use bit ops instead of int mult for constant-time logic in gej_add_ge f8c0b57e6ba Merge ElementsProject#864: Add support for Cirrus CI cc2a5451dc8 ci: Refactor Nix shell files 2480e55c8f3 ci: Remove support for Travis CI 2b359f1c1d8 ci: Enable simple cache for brewing valgrind on macOS 8c02e465c5a ci: Add support for Cirrus CI 659d0d47989 Merge ElementsProject#880: Add parens around ROUND_TO_ALIGN's parameter. b6f649889ae Add parens around ROUND_TO_ALIGN's parameter. This makes the macro robust against a hypothetical ROUND_TO_ALIGN(foo ? sizeA : size B) invocation. a4abaab7931 Merge ElementsProject#877: Add missing secp256k1_ge_set_gej_var decl. 5671e5f3fd0 Merge ElementsProject#874: Remove underscores from header defs. db726782fa2 Merge ElementsProject#878: Remove unused secp256k1_fe_inv_all_var b732701faa7 Merge ElementsProject#875: Avoid casting (void**) values. 75d2ae149ef Remove unused secp256k1_fe_inv_all_var 482e4a9cfce Add missing secp256k1_ge_set_gej_var decl. 27306186045 Avoid casting (void**) values. Replaced with an expression that only casts (void*) values. fb390c5299e Remove underscores from header defs. This makes them consistent with other files and avoids reserved identifiers. ed69ea79b42 Merge ElementsProject#98: Add contrib/sync-upstream.sh script to automate syncing PRs 7eeacd7725f Add contrib/sync-upstream.sh script to automate merging upstream PRs f2d9aeae6d5 Merge ElementsProject#862: Autoconf improvements 328aaef22a4 Merge ElementsProject#845: Extract the secret key from a keypair 3c15130709d Improve CC_FOR_BUILD detection 47802a47624 Restructure and tidy configure.ac 252c19dfc65 Ask brew for valgrind include path 8c727b9087a Merge ElementsProject#860: fixed trivial typo cfac088e1b2 Merge ElementsProject#119: Remove repeated schnorr flag from travis config 96c83a83dcf Remove repeated schnorr flag from travis config d2b6740688f Merge pull request ElementsProject#118 from jonasnick/clarify-rangeproof-rewind 41d6963bc1c rangeproof: clarify rewind outlen argument 673e551f4d1 Merge ElementsProject#111: Add ECDSA sign-to-contract module b7bc3a4aaa5 fixed typo 47efb5e39a1 ecdsa-s2c: add ctime tests 396b558273c ecdsa-s2c: add anti-klepto protocol 290dee566e1 ecdsa-s2c: add actual sign-to-contract functionality 8e46cac5b31 ecdsa-s2c: block in module 826bd04b43f add eccommit functionality 33cb3c2b1fc Add secret key extraction from keypair to constant time tests 36d9dc1e8e6 Add seckey extraction from keypair to the extrakeys tests fc96aa73f5c Add a function to extract the secretkey from a keypair 98dac878398 Merge ElementsProject#858: Fix insecure links 07aa4c70ffb Fix insecure links b61f9da54ef Merge ElementsProject#857: docs: fix simple typo, dependecy -> dependency 18aadf9d288 docs: fix simple typo, dependecy -> dependency 2d9e7175c6e Merge ElementsProject#852: Add sage script for generating scalar_split_lambda constants dc6e5c3a5c4 Merge ElementsProject#854: Rename msg32 to msghash32 in ecdsa_sign/verify and add explanation 6e85d675aaf Rename tweak to tweak32 in public API f587f04e357 Rename msg32 to msghash32 in ecdsa_sign/verify and add explanation 329a2e0a3f2 sage: Add script for generating scalar_split_lambda constants f554dfc7088 sage: Reorganize files git-subtree-dir: src/secp256k1 git-subtree-split: 5d2df0541960554be5c0ba58d86e5fa479935000
apoelstra
added a commit
to apoelstra/elements
that referenced
this pull request
Jul 28, 2021
90580edcc98 Merge pull request ElementsProject#140 from apoelstra/2021-07--resync 6ad66de6802 rangeproof: add an (unnecessary) variable initialization to shut up CI 2979e4d9d46 Merge commits '8ae56e33 75ce488c 4866178d 446d28d9 253f90cd ec3aaa50 0440945f 7688a4f1 be8d9c26 ' into temp-merge-965 5d2df054196 Merge BlockstreamResearch/secp256k1-zkp#120: Add MuSig Key Aggregation spec fc26ca8ddef musig: remove unnecessary constant time normalize in combine 48f63efe683 musig: remove unnecessary branch in pubkey_tweak_add 5860b5e0fe7 musig: do not also require schnorrsig module config flag f27fd1d5e75 musig: improve test coverage of pubkey_combine 56014e8ca01 musig: change pubkey_combine arg to array of pointers to pks 08fa02d5791 musig: add key aggregation spec draft 4a9b059b16d musig: rename Musig coefficient to KeyAgg coefficient 4bc46d836e7 musig: optimize key aggregation using const 1 for 2nd key 2310849f50f musig: compute musig coefficient by hashing key instead of index 9683c8a7eb6 musig: add static test vectors for key aggregation 9b3d7bf5361 extrakeys: add xonly_sort function f31affd8a61 extrakeys: add hsort, in-place, iterative heapsort be8d9c262f4 Merge bitcoin-core/secp256k1#965: gen_context: Don't use any ASM d9560e0af78 Merge BlockstreamResearch/secp256k1-zkp#136: Eliminate a wrong -Wmaybe-uninitialized warning in GCC aeece445997 gen_context: Don't use any ASM 6db00f5b2e0 Merge BlockstreamResearch/secp256k1-zkp#132: Upstream PRs 831, 907, 903, 889, 918, 906, 928, 922, 933, Merge bitcoin-core/secp256k1#936: Fix gen_context/ASM build on ARM, 925, 937, 926, Merge bitcoin-core/secp256k1#940: contrib: Explain explicit header guards, 850, 930, 941, 846, 947, 662, 950 cc0b279568d Eliminate a wrong -Wmaybe-uninitialized warning in GCC f09497ea3e0 CI: tweak cirrus.yml to prevent OOM and timeout w sanitizer/valgrind 7226cf215aa ecdsa_adaptor: fix too small buffer in tests b053e853d4f ecdsa_adaptor: fix test case with invalid signature 91b64770c3b Merge BlockstreamResearch/secp256k1-zkp#135: sync-upstream: fix "end" parameter for specifying range 907633e2e9a sync-upstream: fix "end" parameter for specifying range 394f49fd1a6 sync-upstream: quote variables 1bb5db3d602 Merge BlockstreamResearch/secp256k1-zkp#134: sync-upstream: parse merge commits w/ and w/o repo identifier 9321d42f751 sync-upstream: parse merge commits w/ and w/o repo identifier 7688a4f13a3 Merge bitcoin-core/secp256k1#963: "Schnorrsig API overhaul" fixups 90e83449b2c ci: Add C++ test f698caaff6a Use unsigned char consistently for byte arrays b5b8e7b7190 Don't declare constants twice 769528f3071 Don't use string literals for char arrays without NUL termination 2cc3cfa5838 Fix -Wmissing-braces warning in clang 0440945fb5c Merge ElementsProject#844: schnorrsig API overhaul ec3aaa5014f Merge ElementsProject#960: tests_exhaustive: check the result of secp256k1_ecdsa_sign a1ee83c6546 tests_exhaustive: check the result of secp256k1_ecdsa_sign 253f90cdeb1 Merge bitcoin-core/secp256k1#951: configure: replace AC_PATH_PROG to AC_CHECK_PROG 446d28d9de3 Merge bitcoin-core/secp256k1#944: Various improvements related to CFLAGS 0302138f750 ci: Make compiler warning into errors on CI b924e1e605d build: Ensure that configure's compile checks default to -O2 7939cd571c7 build: List *CPPFLAGS before *CFLAGS like on the compiler command line 595e8a35d80 build: Enable -Wcast-align=strict warning 07256267ffa build: Use own variable SECP_CFLAGS instead of touching user CFLAGS 4866178dfc9 Merge bitcoin-core/secp256k1#955: Add random field multiply/square tests 75ce488c2a6 Merge bitcoin-core/secp256k1#959: tests: really test the non-var scalar inverse 41ed13942bd tests: really test the non-var scalar inverse 5f6ceafcfa4 schnorrsig: allow setting MSGLEN != 32 in benchmark fdd06b79671 schnorrsig: add tests for sign_custom and varlen msg verification d8d806aaf38 schnorrsig: add extra parameter struct for sign_custom a0c3fc177f7 schnorrsig: allow signing and verification of variable length msgs 5a8e4991ad4 Add secp256k1_tagged_sha256 as defined in BIP-340 b6c0b72fb06 schnorrsig: remove noncefp args from sign; add sign_custom function bdf19f105c6 Add random field multiply/square tests 8ae56e33e74 Merge ElementsProject#879: Avoid passing out-of-bound pointers to 0-size memcpy a4642fa15ee configure: replace AC_PATH_PROG to AC_CHECK_PROG d27e4598610 Revert "Remove unused Jacobi symbol support" edcacc2b2ec Merge commits '26de4dfe 6e898534 c083cc6e 1e5d50fa cc2c09e3 efad3506 7012a188 34388af6 98e0358d d0bd2693 185a6af2 6c52ae87 69394879 1e78c18d 202a030f bf0ac460 399722a6 3dc8c072 50f33677 7973576f 1758a92f ' into temp-merge-950 1758a92ffd8 Merge ElementsProject#950: ci: Add ppc64le build c58c4ea4707 ci: Add ppc64le build 7973576f6e3 Merge ElementsProject#662: Add ecmult_gen, ecmult_const and ecmult to benchmark 8f879c2887e Fix array size in bench_ecmult 2fe1b50df16 Add ecmult_gen, ecmult_const and ecmult to benchmark 593e6bad9c5 Clean up ecmult_bench to make space for more benchmarks 50f33677122 Merge ElementsProject#947: ci: Run PRs on merge result even for i686 a35fdd3478f ci: Run PRs on merge result even for i686 442cee5bafb schnorrsig: add algolen argument to nonce_function_hardened df3bfa12c3b schnorrsig: clarify result of calling nonce_function_bip340 without data 99e8614812b README: mention schnorrsig module 3dc8c072b6d Merge ElementsProject#846: ci: Run ASan/LSan and reorganize sanitizer and Valgrind jobs 02dcea1ad94 ci: Make test iterations configurable and tweak for sanitizer builds 489ff5c20a1 tests: Treat empty SECP2561_TEST_ITERS as if it was unset fcfcb97e74b ci: Simplify to use generic wrapper for QEMU, Valgrind, etc de4157f13ac ci: Run ASan/LSan and reorganize sanitizer and Valgrind jobs 399722a63ad Merge ElementsProject#941: Clean up git tree 09b3bb8648f Clean up git tree bf0ac460661 Merge ElementsProject#930: Add ARM32/ARM64 CI 202a030f7d1 Merge ElementsProject#850: add `secp256k1_ec_pubkey_cmp` method 1e78c18d5b8 Merge bitcoin-core/secp256k1#940: contrib: Explain explicit header guards 69394879b64 Merge ElementsProject#926: secp256k1.h: clarify that by default arguments must be != NULL 6eceec6d566 add `secp256k1_xonly_pubkey_cmp` method 0d9561ae879 add `secp256k1_ec_pubkey_cmp` method 22a9ea154a2 contrib: Explain explicit header guards 6c52ae87247 Merge ElementsProject#937: Have ge_set_gej_var, gej_double_var and ge_set_all_gej_var initialize all fields of their outputs. 185a6af2279 Merge ElementsProject#925: changed include statements without prefix 'include/' 14c9739a1fb tests: Improve secp256k1_ge_set_all_gej_var for some infinity inputs 4a19668c37b tests: Test secp256k1_ge_set_all_gej_var for all infinity inputs 3c90bdda95a change local lib headers to be relative for those pointing at "include/" dir 45b6468d7e3 Have secp256k1_ge_set_all_gej_var initialize all fields. Previous behaviour would not initialize r->y values in the case where infinity is passed in. Furthermore, the previous behaviour wouldn't initialize anything in the case where all inputs were infinity. 31c0f6de413 Have secp256k1_gej_double_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. dd6c3de3227 Have secp256k1_ge_set_gej_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. d0bd2693e30 Merge bitcoin-core/secp256k1#936: Fix gen_context/ASM build on ARM 8bbad7a18e5 Add asm build to ARM32 CI 7d65ed52142 Add ARM32/ARM64 CI c8483520c90 Makefile.am: Don't pass a variable twice 2161f31785e Makefile.am: Honor config when building gen_context 99f47c20ec4 gen_context: Don't use external ASM because it complicates the build 98e0358d297 Merge ElementsProject#933: Avoids a missing brace warning in schnorrsig/tests_impl.h on old compilers 99e2d5be0db Avoids a missing brace warning in schnorrsig/tests_impl.h on old compilers. 34388af6b6a Merge ElementsProject#922: Add mingw32-w64/wine CI build 7012a188e6e Merge ElementsProject#928: Define SECP256K1_BUILD in secp256k1.c directly. ed5a199bed6 tests: fopen /dev/urandom in binary mode ae9e648526c Define SECP256K1_BUILD in secp256k1.c directly. 4dc37bf81b5 Add mingw32-w64/wine CI build 0881633dfd0 secp256k1.h: clarify that by default arguments must be != NULL efad3506a89 Merge ElementsProject#906: Use modified divsteps with initial delta=1/2 for constant-time cc2c09e3a78 Merge ElementsProject#918: Clean up configuration in gen_context 07067967ee9 add ECMULT_GEN_PREC_BITS to basic_config.h a3aa2628c7b gen_context: Don't include basic-config.h be0609fd54a Add unit tests for edge cases with delta=1/2 variant of divsteps cd393ce2283 Optimization: only do 59 hddivsteps per iteration instead of 62 277b224b6ab Use modified divsteps with initial delta=1/2 for constant-time 376ca366db0 Fix typo in explanation 1e5d50fa93d Merge ElementsProject#889: fix uninitialized read in tests f3708a1ecb4 Merge ElementsProject#117: Add ECDSA adaptor signatures module 5710ebacb9e Merge ElementsProject#128: Make function argument name consistent with doc b0ffa923199 ecdsa_adaptor: add tests 6955af5ca89 ecdsa_adaptor: add ECDSA adaptor signature APIs c083cc6e52a Merge ElementsProject#903: Make argument of fe_normalizes_to_zero{_var} const 6e898534ff4 Merge ElementsProject#907: changed import to use brackets <> for openssl cc82ad5ab74 Make function argument name consistent with doc 4504472269d changed import to use brackets <> for openssl as they are not local to the project 26de4dfeb1f Merge ElementsProject#831: Safegcd inverses, drop Jacobi symbols, remove libgmp b508e5dd9b1 ecdsa_adaptor: add support for proof of discrete logarithm equality d8f336564fe ecdsa_adaptor: add nonce function and tags 654cd633f50 ecdsa_adaptor: initialize project 23c3fb629b9 Make argument of fe_normalizes_to_zero{_var} const 24ad04fc064 Make scalar_inverse{,_var} benchmark scale with SECP256K1_BENCH_ITERS ebc1af700f9 Optimization: track f,g limb count and pass to new variable-time update_fg_var b306935ac12 Optimization: use formulas instead of lookup tables for cancelling g bits 9164a1b6582 Optimization: special-case zero modulus limbs in modinv64 1f233b3fa05 Remove num/gmp support fac477f822a Merge ElementsProject#126: Upstream PRs ElementsProject#854 ElementsProject#852 ElementsProject#857 ElementsProject#858 ElementsProject#860 ElementsProject#845 ElementsProject#862 ElementsProject#875 ElementsProject#878 ElementsProject#874 ElementsProject#877 ElementsProject#880 ElementsProject#864 ElementsProject#882 ElementsProject#894 ElementsProject#891 ElementsProject#901 20448b8d09a Remove unused Jacobi symbol support 5437e7bdfbf Remove unused scalar_sqr aa9cc521800 Improve field/scalar inverse tests 1e0e885c8ac Make field/scalar code use the new modinv modules for inverses 436281afdcb Move secp256k1_fe_inverse{_var} to per-impl files aa404d53bef Move secp256k1_scalar_{inverse{_var},is_even} to per-impl files 08d54964e51 Improve bounds checks in modinv modules 6a7861f646f Merge ElementsProject#127: sync-upstream: Create proper links to upstream PRs 4091e619248 cirrus: increase timeout for macOS tasks 136ed8f84d9 sync-upstream: Fix output of command to reproduce 38f1e777d49 sync-upstream: Create proper links to upstream PRs 79d4c3ac681 whitelist: add SECP_INCLUDES to bench_whitelist CPPFLAGS 649bf201d85 musig: fix tests for 32-bit 151aac00d31 Add tests for modinv modules d8a92fcc4c6 Add extensive comments on the safegcd algorithm and implementation 8e415acba25 Add safegcd based modular inverse modules de0a643c3dc Add secp256k1_ctz{32,64}_var functions d4ca81f48e9 Merge commits 'dc6e5c3a 2d9e7175 b61f9da5 98dac878 8c727b90 328aaef2 f2d9aeae b732701f db726782 5671e5f3 a4abaab7 659d0d47 f8c0b57e 24d1656c 3a8b47bc ebdba03c 4c3ba88c ' into temp-merge-901 4c3ba88c3a8 Merge ElementsProject#901: ci: Switch all Linux builds to Debian and more improvements 9361f360bb0 ci: Select number of parallel make jobs depending on CI environment 28eccdf8064 ci: Split output of logs into multiple sections c7f754fe4d5 ci: Run PRs on merge result instead of on the source branch b994a8be3cf ci: Print information about binaries using "file" f24e122d13d ci: Switch all Linux builds to Debian ebdba03cb56 Merge ElementsProject#891: build: Add workaround for automake 1.13 and older 3a8b47bc6d1 Merge ElementsProject#894: ctime_test: move context randomization test to the end 6da00ec6245 Merge pull request ElementsProject#124 from apoelstra/2021-02--rename-klepto e354c5751d6 ecdsa_s2c: rename anti-klepto to anti-exfil 7d3497cdc4c ctime_test: move context randomization test to the end 99a1cfec174 print warnings for conditional-uninitialized 3d2cf6c5bd3 initialize variable in tests f329bba2442 build: Add workaround for automake 1.13 and older 24d1656c328 Merge ElementsProject#882: Use bit ops instead of int mult for constant-time logic in gej_add_ge e491d06b98c Use bit ops instead of int mult for constant-time logic in gej_add_ge f8c0b57e6ba Merge ElementsProject#864: Add support for Cirrus CI cc2a5451dc8 ci: Refactor Nix shell files 2480e55c8f3 ci: Remove support for Travis CI 2b359f1c1d8 ci: Enable simple cache for brewing valgrind on macOS 8c02e465c5a ci: Add support for Cirrus CI 659d0d47989 Merge ElementsProject#880: Add parens around ROUND_TO_ALIGN's parameter. b6f649889ae Add parens around ROUND_TO_ALIGN's parameter. This makes the macro robust against a hypothetical ROUND_TO_ALIGN(foo ? sizeA : size B) invocation. a4abaab7931 Merge ElementsProject#877: Add missing secp256k1_ge_set_gej_var decl. 5671e5f3fd0 Merge ElementsProject#874: Remove underscores from header defs. db726782fa2 Merge ElementsProject#878: Remove unused secp256k1_fe_inv_all_var b732701faa7 Merge ElementsProject#875: Avoid casting (void**) values. 9570f674cc7 Avoid passing out-of-bound pointers to 0-size memcpy 75d2ae149ef Remove unused secp256k1_fe_inv_all_var 482e4a9cfce Add missing secp256k1_ge_set_gej_var decl. 27306186045 Avoid casting (void**) values. Replaced with an expression that only casts (void*) values. fb390c5299e Remove underscores from header defs. This makes them consistent with other files and avoids reserved identifiers. ed69ea79b42 Merge ElementsProject#98: Add contrib/sync-upstream.sh script to automate syncing PRs 7eeacd7725f Add contrib/sync-upstream.sh script to automate merging upstream PRs f2d9aeae6d5 Merge ElementsProject#862: Autoconf improvements 328aaef22a4 Merge ElementsProject#845: Extract the secret key from a keypair 3c15130709d Improve CC_FOR_BUILD detection 47802a47624 Restructure and tidy configure.ac 252c19dfc65 Ask brew for valgrind include path 8c727b9087a Merge ElementsProject#860: fixed trivial typo cfac088e1b2 Merge ElementsProject#119: Remove repeated schnorr flag from travis config 96c83a83dcf Remove repeated schnorr flag from travis config d2b6740688f Merge pull request ElementsProject#118 from jonasnick/clarify-rangeproof-rewind 41d6963bc1c rangeproof: clarify rewind outlen argument 673e551f4d1 Merge ElementsProject#111: Add ECDSA sign-to-contract module b7bc3a4aaa5 fixed typo 47efb5e39a1 ecdsa-s2c: add ctime tests 396b558273c ecdsa-s2c: add anti-klepto protocol 290dee566e1 ecdsa-s2c: add actual sign-to-contract functionality 8e46cac5b31 ecdsa-s2c: block in module 826bd04b43f add eccommit functionality 33cb3c2b1fc Add secret key extraction from keypair to constant time tests 36d9dc1e8e6 Add seckey extraction from keypair to the extrakeys tests fc96aa73f5c Add a function to extract the secretkey from a keypair 98dac878398 Merge ElementsProject#858: Fix insecure links 07aa4c70ffb Fix insecure links b61f9da54ef Merge ElementsProject#857: docs: fix simple typo, dependecy -> dependency 18aadf9d288 docs: fix simple typo, dependecy -> dependency 2d9e7175c6e Merge ElementsProject#852: Add sage script for generating scalar_split_lambda constants dc6e5c3a5c4 Merge ElementsProject#854: Rename msg32 to msghash32 in ecdsa_sign/verify and add explanation 6e85d675aaf Rename tweak to tweak32 in public API f587f04e357 Rename msg32 to msghash32 in ecdsa_sign/verify and add explanation 329a2e0a3f2 sage: Add script for generating scalar_split_lambda constants f554dfc7088 sage: Reorganize files git-subtree-dir: src/secp256k1 git-subtree-split: 90580edcc98350c9df9bebee58d2f9616d801849
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[bitcoin-core/secp256k1#831]: Safegcd inverses, drop Jacobi symbols, remove libgmp
[bitcoin-core/secp256k1#907]: changed import to use brackets <> for openssl
[bitcoin-core/secp256k1#903]: Make argument of fe_normalizes_to_zero{_var} const
[bitcoin-core/secp256k1#889]: fix uninitialized read in tests
[bitcoin-core/secp256k1#918]: Clean up configuration in gen_context
[bitcoin-core/secp256k1#906]: Use modified divsteps with initial delta=1/2 for constant-time
[bitcoin-core/secp256k1#928]: Define SECP256K1_BUILD in secp256k1.c directly.
[bitcoin-core/secp256k1#922]: Add mingw32-w64/wine CI build
[bitcoin-core/secp256k1#933]: Avoids a missing brace warning in schnorrsig/tests_impl.h on old compilers
Merge bitcoin-core/secp256k1#936: Fix gen_context/ASM build on ARM
[bitcoin-core/secp256k1#925]: changed include statements without prefix 'include/'
[bitcoin-core/secp256k1#937]: Have ge_set_gej_var, gej_double_var and ge_set_all_gej_var initialize all fields of their outputs.
[bitcoin-core/secp256k1#926]: secp256k1.h: clarify that by default arguments must be != NULL
Merge bitcoin-core/secp256k1#940: contrib: Explain explicit header guards
[bitcoin-core/secp256k1#850]: add secp256k1_ec_pubkey_cmp method
[bitcoin-core/secp256k1#930]: Add ARM32/ARM64 CI
[bitcoin-core/secp256k1#941]: Clean up git tree
[bitcoin-core/secp256k1#846]: ci: Run ASan/LSan and reorganize sanitizer and Valgrind jobs
[bitcoin-core/secp256k1#947]: ci: Run PRs on merge result even for i686
[bitcoin-core/secp256k1#662]: Add ecmult_gen, ecmult_const and ecmult to benchmark
[bitcoin-core/secp256k1#950]: ci: Add ppc64le build
This PR can be recreated with
./contrib/sync-upstream.sh range 1758a92f.@jesseposner I had to change one of the test cases in the ECDSA adaptor sig module (see commit message). Does that still test what you wanted to test?