ec0a7b3 Don't touch leading zeros in wnaf_fixed. (Jonas Nick)
9e36d1b Fix bug in wnaf_fixed where the wnaf array is not completely zeroed when given a 0 scalar. (Jonas Nick)
96f68a0 Don't invert scalar in wnaf_fixed when it is even because a caller might intentionally give a scalar with many leading zeros. (Jonas Nick)
6dbb007 Increase sparsity of pippenger fixed window naf representation (Jonas Nick)
Pull request description:
Fixes#506
Tree-SHA512: 49a237a7d09c0c376ba4e6b1f522b9aff2517e420dfef9df810fd5ba920e0b98be8fe3f730b32e41b4aef475bc4cf3b13220024bd8d6f40c2744e6f392ff97a8
the two middle arguments to fread() are easily confused, and cause the
checking of return value to fail incorrectly (and possibly succeed
incorrectly.)
e7daa9b [build] Tweak JNI macro to warn instead of error for JNI not found. (Karl-Johan Alm)
5b22977 [build] Update ax_jni_include_dir.m4 macro to deal with recent versions of macOS (Karl-Johan Alm)
Pull request description:
Prior to this patch, this macro fails to find a working directory for the JNI headers, and results in compile failure when doing
```
./configure --enable-experimental --enable-module-ecdh --enable-jni
```
on more recent macOS versions. The relevant commit upstream is [here](http://git.savannah.gnu.org/gitweb/?p=autoconf-archive.git;a=commit;h=ab23d25b1f1ae544fffdaa0a94a794798695c672) from the [GNU.org page for the macro](https://www.gnu.org/software/autoconf-archive/ax_jni_include_dir.html). The original (identical to the version in this commit) is [here](http://git.savannah.gnu.org/gitweb/?p=autoconf-archive.git;a=blob_plain;f=m4/ax_jni_include_dir.m4).
The compile failure:
```Bash
$ make
gcc -I. -g -O2 -Wall -Wextra -Wno-unused-function -c src/gen_context.c -o gen_context.o
gcc gen_context.o -o gen_context
./gen_context
CC src/libsecp256k1_la-secp256k1.lo
CC src/java/libsecp256k1_jni_la-org_bitcoin_NativeSecp256k1.lo
In file included from src/java/org_bitcoin_NativeSecp256k1.c:4:
In file included from src/java/org_bitcoin_NativeSecp256k1.h:2:
/Library/Java/JavaVirtualMachines/jdk1.7.0_71.jdk/Contents/Headers/jni.h:45:10: fatal error:
'jni_md.h' file not found
#include "jni_md.h"
^
1 error generated.
make: *** [src/java/libsecp256k1_jni_la-org_bitcoin_NativeSecp256k1.lo] Error 1
```
Tree-SHA512: 9a8305b3ed67eba0de728f91cf435857a676ba10507ab8481a3c03b50e1ce0469a3d79e751d0a697018789f21e2aa48b7eccca4d225520a3863fcf23f1fd487a
82a96e4 tests: Make sure we get the requested number of bytes from /dev/urandom (practicalswift)
Pull request description:
Make sure we get the requested number of bytes from `/dev/urandom`.
Tree-SHA512: 1b035942fd2a6ee2423fb2a2a0a0f294682c51434f86e5c106fb493d77f45aa8070662190aca6441fe389b8cdcc132d432517b8e826be2ac530a1511cd0c8919
57752d2 [build] Set --enable-jni to no by default instead of auto. (Karl-Johan Alm)
Pull request description:
Having `--enable-jni` be `auto` doesn't make a lot of sense, and results in things like https://github.com/bitcoin/bitcoin/pull/11056.
Tree-SHA512: 27d6ea041f5d6e249857869ab87b8f7b1f6d18ec5ec82d2c46e692cd690b9f5c5857886725901a29d3539d427d8b6154d0c7909cfa2ce30bb3d4460c05708386
31abd3a Support OpenSSL versions >= 1.1 for ENABLE_OPENSSL_TESTS (Alexander Block)
Pull request description:
The only reason OpenSSL 1.1 was not supported was the removal of direct
access to r and s in ECDSA_SIG. This commit adds a simplified version of
ECDSA_SIG_get0 for < 1.1 that can be used like ECDSA_SIG_get0 in >= 1.1
Tree-SHA512: 7ee49cd8424086bb96968c632b5babce50af98e13c414c4d5028a30fb86896956f829415a92c66387cde57941ab6999b0db823752cb36dd8932d15dd32980763
The only reason OpenSSL 1.1 was not supported was the removal of direct
access to r and s in ECDSA_SIG. This commit adds a simplified version of
ECDSA_SIG_get0 for < 1.1 that can be used like ECDSA_SIG_get0 in >= 1.1
c7680e5 Reduce usage of hardcoded size constants (Thomas Snider)
Pull request description:
In particular the usage of keylen in nonce_function_rfc6979 seemed precarious - in one conditional it was unconditionally set, then in the next it was added to. While it was clearly correct as written, I think this change makes it easier to reason about for new eyes and more resistant to breakage if there is any future change to what gets fed into the PRNG.
Tree-SHA512: 2241c183acc0f318f85a11ccff7fe28de7777bc53dea93ab8308bad15871047a268c6a2b36f77a599dce536fca48ab305ea746223840bc10953c893daffa0a50
7a78f60 Print whether we're building benchmarks (Pieter Wuille)
4afec9f Build benchmarks by default (Pieter Wuille)
Pull request description:
Building benchmarks is fast, and I have on more than one occasion forgotten to pass `--enable-benchmark`, resulting in accidentally benchmarking a former build.
Build them by default.
Tree-SHA512: ce9096e42d9c19b63644f6b7ae153e92f9a37c3727f380329dfa332ce22a5e43151f1525979bd3516dd12f568e5e389b0acda2c383fca0e80c3cadc1d9b1d55a
d2f9c6b Use more precise pippenger bucket windows (Jonas Nick)
4c950bb Save some additions per window in _pippenger_wnaf (Peter Dettman)
a58f543 Add flags for choosing algorithm in ecmult_multi benchmark (Jonas Nick)
36b22c9 Use scratch space dependent batching in ecmult_multi (Jonas Nick)
355a38f Add pippenger_wnaf ecmult_multi (Jonas Nick)
bc65aa7 Add bench_ecmult (Pieter Wuille)
dba5471 Add ecmult_multi tests (Andrew Poelstra)
8c1c831 Generalize Strauss to support multiple points (Pieter Wuille)
548de42 add resizeable scratch space API (Andrew Poelstra)
Pull request description:
This PR is based on #473 and adds a variant of "Pippengers algorithm" (see [Bernstein et al., Faster batch forgery identification](https://eprint.iacr.org/2012/549.pdf), page 15 and https://github.com/scipr-lab/libff/pull/10) for point multi-multiplication that performs better with a large number of points than Strauss' algorithm.
Thanks to @sipa for providing `wnaf_fixed`, benchmarking, and the crucial suggestion to use affine addition.
The PR also makes `ecmult_multi` decide which algorithm to use, based on the number of points and the available scratch space.
For restricted scratch spaces this can be further optimized in the future (f.e. a 35kB scratch space allows batches of 11 points with strauss or 95 points with pippenger; choosing pippenger would be 5% faster).
As soon as this PR has received some feedback I'll repeat the benchmarks to determine the optimal `pippenger_bucket_window` with the new benchmarking code in #473.
Tree-SHA512: 8e155107a00d35f412300275803f912b1d228b7adff578bc4754c5b29641100b51b9d37f989316b636f7144e6b199febe7de302a44f498bbfd8d463bdbe31a5c
d1dc9df Get rid of reserved _t in type names (Pieter Wuille)
Pull request description:
Tree-SHA512: 5da4a2cb15106c47fbe14346562444eff322a5e4e2386af8b0b879b72e22f08d704ac09746d6a22ff76e8892fc20208932b2a45d01de0e2e089686dabe45e633
abe2d3e Fix header guards using reserved identifiers (Dan Raviv)
Pull request description:
Identifiers starting with an underscore and followed immediately by a capital letter are reserved by the C++ standard.
The only header guards not fixed are those in the headers auto-generated from java.
Tree-SHA512: da31b8d718b3c3ffb81b3d12c93ce2d56c176f19a1936776c843fee069dbaa916946556cea16db34e1f977a937924d72c870230ac26e44386706ecd7cb25ba65
8c7ea22 Fixed multiple typos (Dimitris Tsapakidis)
Pull request description:
Forward port of fixes introduced in https://github.com/bitcoin/bitcoin/pull/10633 by @dimitris-t.
Tree-SHA512: a979b3e14bf2660cb0fcd809854654bd0f6277399afe948917be6c061a04835d404e590dc58bcb4a9e2ccfbfb38de944cbdba349092465f637606d3bee49fc16
Pieter Wuille
Evan Klitzke
Jonas Nick
Don Viszneki
Dimitris Apostolou
Thomas Kerin
Pierre Pronchery
Andrew Poelstra
Gregory Maxwell
practicalswift
Tony Rizko
Alexander Block
Peter Dettman
Daniel Cousens
Thomas Snider
Dimitris Tsapakidis
