41e8704b484652cf5bbb2b7ecc27feedc3cf0ae1 build: Enable some modules by default (Tim Ruffing)
Pull request description:
This has been discussed in https://github.com/bitcoin-core/secp256k1/issues/817#issuecomment-693198323 and I agree with the arguments brought up there.
Alternatively, we could not enable them and add a discussion to the readme why we discourage people from using the modules. I believe enabling ECDH is not very controversial. But what about recovery? Do we want to leave it off and instead give a reason?
ACKs for top commit:
sipa:
ACK 41e8704b484652cf5bbb2b7ecc27feedc3cf0ae1
jonasnick:
ACK 41e8704b484652cf5bbb2b7ecc27feedc3cf0ae1
Tree-SHA512: 1dd21037043f2b2c94a92cd2f31e69b505ba5b43119897bc0934966d9ccd84fc4fc20e7509af634f1c3a096710db1a2253090f5f1f107b9d258945a5546e9ba4
99bd3355994a436e25d148c68e097cca11f3c63e Make int128 overflow test use secp256k1_[ui]128_mul (Pieter Wuille)
3afce0af7c00eb4c5ca6d303e36a48c91a800459 Avoid signed overflow in MSVC AMR64 secp256k1_mul128 (Pieter Wuille)
9b5f589d30c3a86df686aadcde63eaa54eeafe71 Heuristically decide whether to use int128_struct (Pieter Wuille)
63ff064d2f7e67bb8ce3431ca5d7f8f056ba6bbd int128: Add test override for testing __(u)mulh on MSVC X64 (Tim Ruffing)
f2b7e88768f86b2fd506be4a8970ba6d1423d0a5 Add int128 randomized tests (Pieter Wuille)
Pull request description:
This is a follow-up to #1000:
* Add randomized unit tests for int128 logic.
* Add CI for the `_(u)mulh` code path (on non-ARM64 MSVC).
* Add heuristic logic to enable int128_struct based arithmetic on 64-bit MSVC, or systems with pointers wider than 32 bits.
* Fix signed overflow in ARM64 MSVC code.
ACKs for top commit:
roconnor-blockstream:
utACK 99bd335
real-or-random:
ACK 99bd3355994a436e25d148c68e097cca11f3c63e tested this also on MSVC locally with the override, including all the benchmark binaries
jonasnick:
utACK 99bd3355994a436e25d148c68e097cca11f3c63e
Tree-SHA512: 5ea897362293b45a86650593e1fdc8c4004a1d9452eed2fa070d22dffc7ed7ca1ec50a4df61e3a33dbe35e08132ad9686286ac44af6742b32b82f11c9d3341c6
a340d9500a9c45e5c261174f48b3eb18b3b3647d ci: add int128_struct tests (Jonas Nick)
dceaa1f57963d1a88b24974eab4b49baac6d04cd int128: Tidy #includes of int128.h and int128_impl.h (Tim Ruffing)
2914bccbc0913806ee64425a27d38cdc27b288e8 Simulated int128 type. (Russell O'Connor)
Pull request description:
Abstracts the int128 type and provides an native version, if available, or a implements it using a pair of int64_t's.
This is activated by setting the configuration flag `--with-test-override-wide-multiply=int128_struct`.
The primary purpose of this PR is to take advantage of MSVC's [umulh](https://docs.microsoft.com/en-us/cpp/intrinsics/umulh?view=msvc-170) intrinsic that we can use to simulate an int128 type which MSVC does not have (AFAIU). This PR lays out the groundwork for this level of MSVC support, but doesn't include the configuration logic to enable it yet.
For completeness, and implementation of `umulh` and `mulh` are also provided for compilers that support neither the intrinsic nor the int128 type (such as CompCert?). This also opens up the possibility of removing the 32-bit field and scalar implementations should that ever be desired.
ACKs for top commit:
sipa:
ACK a340d9500a9c45e5c261174f48b3eb18b3b3647d
jonasnick:
ACK a340d9500a9c45e5c261174f48b3eb18b3b3647d
Tree-SHA512: b4f2853fa3ab60ce9d77b4eaee1fd20c4b612850e19fcb3179d7e36986f420c6c4589ff72f0cf844f989584ace49a1cd23cca3f4e405dabefc8da647a0df679d
6a965b6b98bc08646c87bcfc826181e317079a9e Remove usage of CHECK from non-test file (Tobin C. Harding)
Pull request description:
Currently CHECK is used only in test and bench mark files except for one usage in `ecmult_impl.h`.
We would like to move the definition of CHECK out of `util.h` so that `util.h` no longer has a hard dependency on `stdio.h`.
Done as part of an effort to allow secp256k1 to be compiled to WASM as part of `rust-secp256k1`.
### Note to reviewers
Please review carefully, I don't actually know if this patch is correct. Done while working on #1095. I'm happy to make any changes both in concept and execution - I'm super rusty at C programming.
cc real-or-random
ACKs for top commit:
sipa:
utACK 6a965b6b98bc08646c87bcfc826181e317079a9e
real-or-random:
utACK 6a965b6b98bc08646c87bcfc826181e317079a9e
Tree-SHA512: 6bfb456bdb92a831acd3bc202607e80f6d0a194d6b2cf745c8eceb12ba675d03a319d6d105332b0cbca474e443969295e5a8e938635453e21e057d0ee597440b
After this commit, int128.h and int128_impl.h are included as follows:
- .c files which use int128 include int128_impl.h (after util.h)
- .h files which use int128 include int128.h (after util.h)
This list is exhaustive. util.h needs to included first because it sets
up necessary #defines.
Currently CHECK is used only in test and bench mark files except for one
usage in `ecmult_impl.h`.
We would like to move the definition of CHECK out of `util.h` so that
`util.h` no longer has a hard dependency on `stdio.h`.
Done in preparation for moving the definition of `CHECK` as part of an
effort to allow secp256k1 to be compiled to WASM as part of
`rust-secp256k1`.
We don't enable the ECDSA recovery module, because we don't recommend
ECDSA recovery for new protocols. In particular, the recovery API is
prone to misuse: It invites the caller to forget to check the public
key (and the verification function always returns 1).
In general, we also don't recommend ordinary ECDSA for new protocols.
But disabling the ECDSA functions is not possible because they're not
in a module, and let's be honest: disabling ECDSA would mean to ignore
reality blatantly.
cabe085bb4371cc61286023ac9f6a8ce3138d7ea configure: Remove pkgconfig macros again (reintroduced by mismerge) (Tim Ruffing)
Pull request description:
We had removed `PKG_PROG_PKG_CONFIG` in 21b2ebaf74222017f85123deb6f30a33c7678513
(#1090). But then then the not rebased (!) merge of 2be6ba0fedd0d2d62ba6f346d7ced7abde0d66e4
(#1084) brought that macro back at another location, without git
complaining about a conflict.
Fixes#1127.
ACKs for top commit:
fanquake:
ACK cabe085bb4371cc61286023ac9f6a8ce3138d7ea
hebasto:
ACK cabe085bb4371cc61286023ac9f6a8ce3138d7ea
jonasnick:
ACK cabe085bb4371cc61286023ac9f6a8ce3138d7ea
Tree-SHA512: ba497503db3a11e631b15c4fe875e62d892971c2c708d90b2f6be684e85d164043ea97c13af0452831eef41f3cf8230cd8a9eafa332dc5b5ae18e118b87c3828
We had removed `PKG_PROG_PKG_CONFIG` in 21b2ebaf74222017f85123deb6f30a33c7678513
(#1090). But then then the not rebased (!) merge of 2be6ba0fedd0d2d62ba6f346d7ced7abde0d66e4
(#1084) brought that macro back at another location, without git
complaining about a conflict.
Fixes#1127.
17065f48ae261c6949dab74a7c197ac13b52eb1b tests: Randomize the context with probability 15/16 instead of 1/4 (Tim Ruffing)
Pull request description:
ACKs for top commit:
sipa:
ACK 17065f48ae261c6949dab74a7c197ac13b52eb1b
jonasnick:
ACK 17065f48ae261c6949dab74a7c197ac13b52eb1b
Tree-SHA512: 3b7005770007b922a294be610f23da60b0dde74dfd7585d64a2cb04eaa6ec879de8d21a0ade31c1857019a8dd97260fa3aa167ae16fc55027ef280a3e3feaa6d
55f8bc99dce8846e0da99b92e52353c8cf893287 ecmult_gen: Improve comments about projective blinding (Tim Ruffing)
7a869558004b70803717d8169dd8b090e04df4af ecmult_gen: Simplify code (no observable change) (Tim Ruffing)
4cc0b1b669392d38770f74cb3fb5c801c82f67a0 ecmult_gen: Skip RNG when creating blinding if no seed is available (Tim Ruffing)
Pull request description:
Running the RNG is pointless if no seed is available because the key
will be fixed. The computation just wastes time.
Previously, users could avoid this computation at least by asking for
a context without signing capabilities. But since 3b0c218 we always
build an ecmult_gen context, ignoring the context flags. Moreover,
users could never avoid this pointless computation when asking for
the creation of a signing context.
This fixes one item in #1065.
ACKs for top commit:
sipa:
ACK 55f8bc99dce8846e0da99b92e52353c8cf893287
apoelstra:
ACK 55f8bc99dce8846e0da99b92e52353c8cf893287
Tree-SHA512: 5ccba56041f94fa8f40a8a56ce505369ff2e0ed20cd7f0bfc3fdfffa5fa7bf826a93602b9b2455a352865a9548ab4928e858c19bb5af7ec221594a3bf25c4f3d
Whenever I read this code, I first think that rescaling ctx->initial is
a dead store because we overwrite it later with gb. But that's wrong.
The rescaling blinds the computation of gb and affects its result.
Running the RNG is pointless if no seed is available because the key
will be fixed. The computation just wastes time.
Previously, users could avoid this computation at least by asking for
a context without signing capabilities. But since 3b0c218 we always
build an ecmult_gen context, ignoring the context flags. Moreover,
users could never avoid this pointless computation when asking for
the creation of a signing context.
40a3473a9d44dc409412e94f70ad0f09bd9da3ac build: Fix #include "..." paths to get rid of further -I arguments (Tim Ruffing)
Pull request description:
This simplifies building without a build system.
This is in line with #925; the paths fixed here were either forgotten
there or only introduced later. This commit also makes the Makefile
stricter so that further "wrong" #include paths will lead to build
errors even in autotools builds.
This belongs to #929.
ACKs for top commit:
hebasto:
ACK 40a3473a9d44dc409412e94f70ad0f09bd9da3ac
Tree-SHA512: 6f4d825ea3cf86b13f294e2ec19fafc29660fa99450e6b579157d7a6e9bdb3404d761edf89c1135fa89b984d6431a527beeb97031dc90f2fae9761528f4d06d1
This simplifies building without a build system.
This is in line with #925; the paths fixed here were either forgotten
there or only introduced later. This commit also makes the Makefile
stricter so that further "wrong" #include paths will lead to build
errors even in autotools builds.
This belongs to #929.
Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
