Commit Graph

1009 Commits

Author SHA1 Message Date
Gregory Maxwell 6c36de7a33
Merge #600: scratch space: use single allocation
98836b1 scratch: replace frames with "checkpoint" system (Andrew Poelstra)
7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory (Andrew Poelstra)
a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated (Andrew Poelstra)
5a4bc0b scratch: unify allocations (Andrew Poelstra)
c2b028a scratch space: thread `error_callback` into all scratch space functions (Andrew Poelstra)
0be1a4a scratch: add magic bytes to beginning of structure (Andrew Poelstra)
92a48a7 scratch space: use single allocation (Andrew Poelstra)

Pull request description:

ACKs for commit 98836b:

Tree-SHA512: 6e251f704644a5f61b24aa05c6f7a31ad8c58d147195079d52fe45daacd28a9fd2f4aaf71273183b99b3795a01a88f8389170d4280489b2a28a14a56e03153d7
2019-05-26 10:08:58 +00:00
Andrew Poelstra 98836b11f0 scratch: replace frames with "checkpoint" system 2019-05-26 01:05:09 +00:00
Andrew Poelstra 7623cf2b97 scratch: save a couple bytes of unnecessarily-allocated memory 2019-05-25 23:01:08 +00:00
Andrew Poelstra a7a164f2c6 scratch: rename `max_size` to `size`, document that extra will actually be allocated 2019-05-25 23:01:07 +00:00
Andrew Poelstra 5a4bc0bb95 scratch: unify allocations 2019-05-25 22:59:51 +00:00
Andrew Poelstra c2b028a281 scratch space: thread `error_callback` into all scratch space functions
Use it when checking magic bytes
2019-05-25 22:59:50 +00:00
Andrew Poelstra 0be1a4ae62 scratch: add magic bytes to beginning of structure 2019-05-25 22:55:39 +00:00
Andrew Poelstra 92a48a764d scratch space: use single allocation 2019-05-25 22:53:50 +00:00
Gregory Maxwell 40839e21b9
Merge #592: Use trivial algorithm in ecmult_multi if scratch space is small
9ab96f7 Use trivial algorithm in ecmult_multi if scratch space is small (Jonas Nick)

Pull request description:

  `ecmult_multi` already selects the trivial algorithm if the scratch space is NULL. With this PR the trivial algorithm is also selected if the scratch space is too small to use pippenger or strauss instead of returning 0. That makes it more easier to avoid consensus relevant inconsistencies just because scratch space construction was messed up.

ACKs for commit 9ab96f:
  real-or-random:
    utACK 9ab96f7

Tree-SHA512: aa451adf8880af15cf167a59cb07fc411edc43f26c8eb0873bdae2774382ba182e2a1c54487912f8f2999cb0402d554b9d293e2fb9483234471348a1f43c6653
2019-05-25 22:41:35 +00:00
Gregory Maxwell dcf392027b Fix ability to compile tests without -DVERIFY.
Broken by 3f3964e4.

It's important that the tests are also run without -DVERIFY due to
 the possibility that side-effects of a VERIFY_CHECK fix a bug that
 would otherwise be detected.

Use of the verify_check macro in tests isn't sufficient.
2019-05-25 21:49:45 +00:00
Gregory Maxwell a484e0008b
Merge #566: Enable context creation in preallocated memory
0522caa Explain caller's obligations for preallocated memory (Tim Ruffing)
238305f Move _preallocated functions to separate header (Tim Ruffing)
695feb6 Export _preallocated functions (Tim Ruffing)
814cc78 Add tests for contexts in preallocated memory (Tim Ruffing)
ba12dd0 Check arguments of _preallocated functions (Tim Ruffing)
5feadde Support cloning a context into preallocated memory (Tim Ruffing)
c4fd5da Switch to a single malloc call (Tim Ruffing)
ef020de Add size constants for preallocated memory (Tim Ruffing)
1bf7c05 Prepare for manual memory management in preallocated memory (Tim Ruffing)

Pull request description:

  @apoelstra

  This builds on #557.

  Manually managing memory is always a pain in the ass in some way. I tried to keep the pain manageable. I'm open to suggestions to make this less ugly or error-prone.

  to do:
   * tests
   * export functions

ACKs for commit 0522ca:

Tree-SHA512: 8ddb5b70219b6f095e780a9812d2387ab2a7f399803ce4101e27da504b479a61ebe08b6380568c7ba6f1e73d7d0b1f58a3c0a66fa0fdec7a64cd0740e156ce38
2019-05-25 21:44:37 +00:00
Tim Ruffing 0522caac8f Explain caller's obligations for preallocated memory 2019-05-25 14:01:09 +02:00
Tim Ruffing 238305fdbb Move _preallocated functions to separate header 2019-05-25 14:01:09 +02:00
Tim Ruffing 695feb6fbd Export _preallocated functions 2019-05-25 14:01:09 +02:00
Tim Ruffing 814cc78d71 Add tests for contexts in preallocated memory 2019-05-25 14:01:09 +02:00
Tim Ruffing ba12dd08da Check arguments of _preallocated functions 2019-05-25 14:01:09 +02:00
Tim Ruffing 5feadde462 Support cloning a context into preallocated memory 2019-05-25 14:01:09 +02:00
Tim Ruffing c4fd5dab45 Switch to a single malloc call 2019-05-25 14:01:09 +02:00
Tim Ruffing ef020de16f Add size constants for preallocated memory 2019-05-25 13:58:09 +02:00
Tim Ruffing 1bf7c056ba Prepare for manual memory management in preallocated memory
* Determine ALIGNMENT more cleverly and move it to util.h
 * Implement manual_malloc() helper function
2019-05-25 13:58:09 +02:00
Gregory Maxwell 248bffb052 Guard memcmp in tests against mixed size inputs.
Reported by real-or-random.

Fixes #623.
2019-05-25 11:54:08 +00:00
Gregory Maxwell 36698dcfee
Merge #596: Make WINDOW_G configurable
a61a93f Clean up ./configure help strings (Tim Ruffing)
2842dc5 Make WINDOW_G configurable (Tim Ruffing)

Pull request description:

  This makes WINDOW_G a configurable value in the range of [2..24].
  The upper limit of 24 is a defensive choice. The code is probably
  correct for values up to 33 but those larger values yield in huge
  tables (>= 256MiB), which are i) unlikely to be really beneficial
  in practice and ii) increasingly difficult to test.

  The main point of this is not to make the window size configurable (using ./configure) but rather to use an external #define for the window size, which makes it configurable for embedded system that rely on their own build system (like in #595).

ACKs for commit a61a93:

Tree-SHA512: 0d58fdf4763340ddab992e95f6302a33d891476a7ac1748202ee99808e72b20754bb6935cbeaf0bb36077abaaff7d65f4848b1af64f1a0a5258239ba0d27020c
2019-05-25 10:57:27 +00:00
Tim Ruffing a61a93ff50 Clean up ./configure help strings 2019-05-24 21:02:31 +02:00
Tim Ruffing 2842dc523e Make WINDOW_G configurable
This makes WINDOW_G a configurable value in the range of [2..24].
The upper limit of 24 is a defensive choice. The code is probably
correct for values up to 27 but those larger values yield in huge
tables (>= 256MiB), which are i) unlikely to be really beneficial
in practice and ii) increasingly difficult to test.
2019-05-24 21:02:31 +02:00
Gregory Maxwell 1a02d6ce51
Merge #626: Revert "Merge #620: Install headers automatically"
662918c Revert "Merge #620: Install headers automatically" (ian)

Pull request description:

  This reverts commit 91fae3ace0, reversing
  changes made to 5df77a0eda.

  See discussion in https://github.com/bitcoin-core/secp256k1/pull/625

  After the change, if we enable any module, `make install` fails because of the
  duplicated files in the command line arguments.

  Closes https://github.com/bitcoin-core/secp256k1/issues/624

Tree-SHA512: 7769ede527ac307bff094603e5974c56b19e41bc2ef55113173d3dbc8e545d6add7ae044753fa0361595e5e7a746d6c8d641f98caa3381b683aa2b61a1742097
2019-05-24 01:01:04 +00:00
ian 662918cb29 Revert "Merge #620: Install headers automatically"
This reverts commit 91fae3ace0, reversing
changes made to 5df77a0eda.

See discussion in https://github.com/bitcoin-core/secp256k1/pull/625

After the change, if we enable any module, `make install` fails because of the
duplicated files in the command line arguments.
2019-05-24 08:35:26 +08:00
Tim Ruffing 14c7dbd444 Simplify control flow in DER parsing 2019-05-23 15:22:29 +02:00
Tim Ruffing ec8f20babd Avoid out-of-bound pointers and integer overflows in size comparisons
This changes pointer calculations in size comparions to a form that
ensures that no out-of-bound pointers are computed, because even their
computation yields undefined behavior.
Also, this changes size comparions to a form that ensures that neither
the left-hand side nor the right-hand side can overflow.
2019-05-23 15:22:29 +02:00
Tim Ruffing 01ee1b3b3c Parse DER-enconded length into a size_t instead of an int
This avoids a possibly implementation-defined signed (int) to unsigned
(size_t) conversion portably.
2019-05-23 15:22:29 +02:00
Gregory Maxwell 912680ed86
Merge #561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config
dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config (DesWurstes)
310111e Keep LDFLAGS if `--coverage` (DesWurstes)

Pull request description:

  Update: **This is a trimmed pull request with strong rationale.**

  - Adding `--coverage` shouldn't reset `LDFLAGS`, this is definitely a typo
  - The basic configuration should undefine `STATIC_PRECOMPUTATION`, as generating it is not supported and it complicates #549

Tree-SHA512: 29f0dd4c870ec60d535346446b453da459ca843ed1265c2bc966bf0fcbdf3c5c79f9e48a419662e81d790a7003f8877a16e2a5a74aa5c0b79645e15ad56a0f66
2019-05-23 00:38:30 +00:00
Gregory Maxwell 91fae3ace0
Merge #620: Install headers automatically
16e8615 Install headers automatically (Víctor Mayoral Vilches)

Pull request description:

  This fix install all the headers under include/ into
  /usr/local/include. The fix solves problems that arise
  when building libraries that depend on secp256k1 such
  as libbitcoin-system which require all the headers

Tree-SHA512: 8a5dc664b278e47340bf7478ad278306c44c4c8ad17a023b198c6a927c67c7a7a50100357388342129078afdf7606d2ed06579ce1fc14195fa974510b933021b
2019-05-23 00:01:01 +00:00
Gregory Maxwell 5df77a0eda
Merge #533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...)
248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) (practicalswift)

Pull request description:

  Make sure we're not using an uninitialized variable in `secp256k1_wnaf_const(...)`:

  ```
  In file included from src/secp256k1.c:15:0,
                   from src/tests.c:17:
  src/ecmult_const_impl.h: In function ‘secp256k1_wnaf_const’:
  src/ecmult_const_impl.h:117:20: warning: ‘u’ may be used uninitialized in this function [-Wmaybe-uninitialized]
       wnaf[word] = u * global_sign;
                      ^
  ```

  **Note to reviewers:** Perhaps an `assert(…);` is a bit drastic. What would be a more graceful way to handle this? :-)

Tree-SHA512: 536cd7cc5b87a84fbaac578cecbba81b8d82e4672a30a2db9a674b82856132e79b0158a6a88609bc24942ebdbf1fcd2c4399a4c31ab0654b88ace9c0e6f1eaf3
2019-05-22 04:44:29 +00:00
Gregory Maxwell 975e51e0d9
Merge #617: Pass scalar by reference in secp256k1_wnaf_const()
8979ec0 Pass scalar by reference in secp256k1_wnaf_const() (Tim Ruffing)

Pull request description:

  After this change, no struct or union is passed by value in the
  entire codebase. This makes it easier to compile the library with
  CompCert.

Tree-SHA512: 6b23e2b39701c3eeb6ae8c8d660cabe8872ac8f13141504c1ec55c47f2009e206129b34b31796e618114b60350598187df6df4c2be0e5c1b138a6126ad6a7484
2019-05-22 04:40:08 +00:00
Gregory Maxwell 735fbde04e
Merge #619: Clear a copied secret key after negation
069870d Clear a copied secret key after negation (Seonpyo Kim)

Pull request description:

  It closes #618

Tree-SHA512: 05299597c886c5d1a913fd0ce8c698d2e513eb80fbd33d571a02fc6910cfd337324c6f0f27175eaf125eb3478d38187763680e859ece9a469a034c9b8a8d6920
2019-05-16 08:38:30 +00:00
Víctor Mayoral Vilches 16e86150d0 Install headers automatically
This fix install all the headers under include/ into
/usr/local/include. The fix solves problems that arise
when building libraries that depend on secp256k1 such
as bitcoin-system which require all the headers
2019-05-15 09:54:35 +02:00
Seonpyo Kim 069870d92a Clear a copied secret key after negation 2019-05-15 15:55:01 +09:00
Tim Ruffing 8979ec0d9a Pass scalar by reference in secp256k1_wnaf_const()
After this change, no struct or union is passed by value in the
entire codebase. This makes it easier to compile the library with
CompCert.
2019-05-14 11:43:54 +02:00
Gregory Maxwell 84a808598b
Merge #612: Allow field_10x26_arm.s to compile for ARMv7 architecture
d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture (Roman Zeyde)

Pull request description:

  It would allow using optimized field operations on the TREZOR device, which is using ARMv7 Cortex-M4.
  Following https://github.com/trezor/trezor-core/pull/500 and part of https://github.com/trezor/trezor-firmware/issues/66.

Tree-SHA512: 73c0f03503feff01c6f4efd884e916ae1f43f55d525e8c3ea9372cf777aef6901585b74774c316dd7937abfff5e86be5b1acb569f9eeee9b73ae088f0f6b589d
2019-05-09 22:23:49 +00:00
Roman Zeyde d4d270a59c
Allow field_10x26_arm.s to compile for ARMv7 architecture 2019-05-07 22:37:35 +03:00
Gregory Maxwell b19c000063
Merge #607: Use size_t shifts when computing a size_t
e6d01e9 Use size_t shifts when computing a size_t (Pieter Wuille)

Pull request description:

  This was detected by compiling with MSVC; it triggers warning C4334.

  I don't think this is necessary, as we know the maximum shift is a very small integer, but this makes the code more obviously correct.

Tree-SHA512: 3c0cf412c75b4361d01e78bf13fe81c3f28b82abd40b0706285cc691124381cb1ff1f1c3512420250180b7612a471ce48357b282b1e34a08f5359e58af25e198
2019-03-31 09:37:33 +00:00
Gregory Maxwell 4d01bc2d9c
Merge #606: travis: Remove unused sudo:false
7667532 travis: Remove unused sudo:false (MarcoFalke)

Pull request description:

  Builds in sudo-disabled docker containers are no longer available as of last year and all builds happen on sudo enabled vms.

  Source: https://blog.travis-ci.com/2018-11-19-required-linux-infrastructure-migration#timeline---its-happening-fast

Tree-SHA512: 882585ba4e1596ad34ddf163acecd043da63443fa95653fba63b03dacf3a669128f1ed142527484cc8dab98de341b425425f418b8151cf7303b0e906ae259a9a
2019-03-31 00:41:54 +00:00
Pieter Wuille e6d01e9347 Use size_t shifts when computing a size_t 2019-03-30 16:09:17 -07:00
MarcoFalke 7667532bd7 travis: Remove unused sudo:false 2019-03-30 12:35:32 -04:00
practicalswift 248f046611 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 2019-03-21 19:06:08 +01:00
Jonas Nick 9ab96f7b12 Use trivial algorithm in ecmult_multi if scratch space is small 2019-03-18 15:15:35 +00:00
Gregory Maxwell ee99f12f3d
Merge #599: Switch x86_64 asm to use "i" instead of "n" for immediate values.
d58bc93 Switch x86_64 asm to use "i" instead of "n" for immediate values. (Gregory Maxwell)

Pull request description:

  The constraint "n" is a more obscure setting which is needed for
   special cases that don't apply to our use.

  Use of "n" exposed some bugs in pre-release versions of clang.
  This fixes #594

Tree-SHA512: 1ffba02aa6bfcd0b6f731196e5d007f4ddb0f03f53b30a2633f0e376578cf7f828570579502f2de721dcda8034fd8e7bea822542bf36032d98ef802b4cf27725
2019-03-11 18:31:03 +00:00
Gregory Maxwell d58bc93f2c Switch x86_64 asm to use "i" instead of "n" for immediate values.
The constraint "n" is a more obscure setting which is needed for
 special cases that don't apply to our use.

Use of "n" exposed some bugs in pre-release versions of clang.
This fixes #594
2019-03-10 22:52:12 +00:00
Gregory Maxwell 05362ee042
Merge #597: Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build
8348386 Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build (Gregory Maxwell)

Pull request description:

Tree-SHA512: ef091b86189a2235710866689024f2b190ebcc5741667be0921e6b4a50d53ddf9a63f4c90b1509f25e46631d75338913143a2a1335a74c842f84b98739a9d306
2019-03-10 22:44:45 +00:00
Gregory Maxwell 83483869ac Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build 2019-03-09 06:17:27 +00:00
Gregory Maxwell aa15154a48
Merge #568: Fix integer overflow in ecmult_multi_var when n is large
2277af5 Fix integer overflow in ecmult_multi_var when n is large (Jonas Nick)

Pull request description:

  Without this PR ecmult_multi could return wrong results. If the number of points `n` is large enough then some or all multiplications could be skipped or the function could end up in an infinite loop. This PR adds two checks to prevent `n` from wrapping around.

Tree-SHA512: 342944369b24776fa3ec0694eee159259ff67e94d2d8176c1d3159875f387d943d5bfdff7cde59f058e13f07fd09bde1cbc609426e63c8a5b8040e382dd865d8
2019-02-25 21:09:17 +00:00