a61a93f Clean up ./configure help strings (Tim Ruffing)
2842dc5 Make WINDOW_G configurable (Tim Ruffing)
Pull request description:
This makes WINDOW_G a configurable value in the range of [2..24].
The upper limit of 24 is a defensive choice. The code is probably
correct for values up to 33 but those larger values yield in huge
tables (>= 256MiB), which are i) unlikely to be really beneficial
in practice and ii) increasingly difficult to test.
The main point of this is not to make the window size configurable (using ./configure) but rather to use an external #define for the window size, which makes it configurable for embedded system that rely on their own build system (like in #595).
ACKs for commit a61a93:
Tree-SHA512: 0d58fdf4763340ddab992e95f6302a33d891476a7ac1748202ee99808e72b20754bb6935cbeaf0bb36077abaaff7d65f4848b1af64f1a0a5258239ba0d27020c
This makes WINDOW_G a configurable value in the range of [2..24].
The upper limit of 24 is a defensive choice. The code is probably
correct for values up to 27 but those larger values yield in huge
tables (>= 256MiB), which are i) unlikely to be really beneficial
in practice and ii) increasingly difficult to test.
662918c Revert "Merge #620: Install headers automatically" (ian)
Pull request description:
This reverts commit 91fae3ace0291b144b27fd8bbda509042f5400f1, reversing
changes made to 5df77a0eda6e902a1aa9c6249cdeaec197b1e0cd.
See discussion in https://github.com/bitcoin-core/secp256k1/pull/625
After the change, if we enable any module, `make install` fails because of the
duplicated files in the command line arguments.
Closes https://github.com/bitcoin-core/secp256k1/issues/624
Tree-SHA512: 7769ede527ac307bff094603e5974c56b19e41bc2ef55113173d3dbc8e545d6add7ae044753fa0361595e5e7a746d6c8d641f98caa3381b683aa2b61a1742097
This reverts commit 91fae3ace0291b144b27fd8bbda509042f5400f1, reversing
changes made to 5df77a0eda6e902a1aa9c6249cdeaec197b1e0cd.
See discussion in https://github.com/bitcoin-core/secp256k1/pull/625
After the change, if we enable any module, `make install` fails because of the
duplicated files in the command line arguments.
This changes pointer calculations in size comparions to a form that
ensures that no out-of-bound pointers are computed, because even their
computation yields undefined behavior.
Also, this changes size comparions to a form that ensures that neither
the left-hand side nor the right-hand side can overflow.
dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config (DesWurstes)
310111e Keep LDFLAGS if `--coverage` (DesWurstes)
Pull request description:
Update: **This is a trimmed pull request with strong rationale.**
- Adding `--coverage` shouldn't reset `LDFLAGS`, this is definitely a typo
- The basic configuration should undefine `STATIC_PRECOMPUTATION`, as generating it is not supported and it complicates #549
Tree-SHA512: 29f0dd4c870ec60d535346446b453da459ca843ed1265c2bc966bf0fcbdf3c5c79f9e48a419662e81d790a7003f8877a16e2a5a74aa5c0b79645e15ad56a0f66
16e8615 Install headers automatically (Víctor Mayoral Vilches)
Pull request description:
This fix install all the headers under include/ into
/usr/local/include. The fix solves problems that arise
when building libraries that depend on secp256k1 such
as libbitcoin-system which require all the headers
Tree-SHA512: 8a5dc664b278e47340bf7478ad278306c44c4c8ad17a023b198c6a927c67c7a7a50100357388342129078afdf7606d2ed06579ce1fc14195fa974510b933021b
248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) (practicalswift)
Pull request description:
Make sure we're not using an uninitialized variable in `secp256k1_wnaf_const(...)`:
```
In file included from src/secp256k1.c:15:0,
from src/tests.c:17:
src/ecmult_const_impl.h: In function ‘secp256k1_wnaf_const’:
src/ecmult_const_impl.h:117:20: warning: ‘u’ may be used uninitialized in this function [-Wmaybe-uninitialized]
wnaf[word] = u * global_sign;
^
```
**Note to reviewers:** Perhaps an `assert(…);` is a bit drastic. What would be a more graceful way to handle this? :-)
Tree-SHA512: 536cd7cc5b87a84fbaac578cecbba81b8d82e4672a30a2db9a674b82856132e79b0158a6a88609bc24942ebdbf1fcd2c4399a4c31ab0654b88ace9c0e6f1eaf3
8979ec0 Pass scalar by reference in secp256k1_wnaf_const() (Tim Ruffing)
Pull request description:
After this change, no struct or union is passed by value in the
entire codebase. This makes it easier to compile the library with
CompCert.
Tree-SHA512: 6b23e2b39701c3eeb6ae8c8d660cabe8872ac8f13141504c1ec55c47f2009e206129b34b31796e618114b60350598187df6df4c2be0e5c1b138a6126ad6a7484
This fix install all the headers under include/ into
/usr/local/include. The fix solves problems that arise
when building libraries that depend on secp256k1 such
as bitcoin-system which require all the headers
d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture (Roman Zeyde)
Pull request description:
It would allow using optimized field operations on the TREZOR device, which is using ARMv7 Cortex-M4.
Following https://github.com/trezor/trezor-core/pull/500 and part of https://github.com/trezor/trezor-firmware/issues/66.
Tree-SHA512: 73c0f03503feff01c6f4efd884e916ae1f43f55d525e8c3ea9372cf777aef6901585b74774c316dd7937abfff5e86be5b1acb569f9eeee9b73ae088f0f6b589d
e6d01e9 Use size_t shifts when computing a size_t (Pieter Wuille)
Pull request description:
This was detected by compiling with MSVC; it triggers warning C4334.
I don't think this is necessary, as we know the maximum shift is a very small integer, but this makes the code more obviously correct.
Tree-SHA512: 3c0cf412c75b4361d01e78bf13fe81c3f28b82abd40b0706285cc691124381cb1ff1f1c3512420250180b7612a471ce48357b282b1e34a08f5359e58af25e198
7667532 travis: Remove unused sudo:false (MarcoFalke)
Pull request description:
Builds in sudo-disabled docker containers are no longer available as of last year and all builds happen on sudo enabled vms.
Source: https://blog.travis-ci.com/2018-11-19-required-linux-infrastructure-migration#timeline---its-happening-fast
Tree-SHA512: 882585ba4e1596ad34ddf163acecd043da63443fa95653fba63b03dacf3a669128f1ed142527484cc8dab98de341b425425f418b8151cf7303b0e906ae259a9a
d58bc93 Switch x86_64 asm to use "i" instead of "n" for immediate values. (Gregory Maxwell)
Pull request description:
The constraint "n" is a more obscure setting which is needed for
special cases that don't apply to our use.
Use of "n" exposed some bugs in pre-release versions of clang.
This fixes#594
Tree-SHA512: 1ffba02aa6bfcd0b6f731196e5d007f4ddb0f03f53b30a2633f0e376578cf7f828570579502f2de721dcda8034fd8e7bea822542bf36032d98ef802b4cf27725
The constraint "n" is a more obscure setting which is needed for
special cases that don't apply to our use.
Use of "n" exposed some bugs in pre-release versions of clang.
This fixes#594
2277af5 Fix integer overflow in ecmult_multi_var when n is large (Jonas Nick)
Pull request description:
Without this PR ecmult_multi could return wrong results. If the number of points `n` is large enough then some or all multiplications could be skipped or the function could end up in an infinite loop. This PR adds two checks to prevent `n` from wrapping around.
Tree-SHA512: 342944369b24776fa3ec0694eee159259ff67e94d2d8176c1d3159875f387d943d5bfdff7cde59f058e13f07fd09bde1cbc609426e63c8a5b8040e382dd865d8
a697d82 Add trivial ecmult_multi to the benchmark tool (Jonas Nick)
bade617 Add trivial ecmult_multi algorithm. It is selected when no scratch space is given and just multiplies and adds the points. (Jonas Nick)
Pull request description:
This commit adds a new ecmult_multi algorithm that is automatically selected when `ecmult_multi_var` is called with scratch space set to `NULL`. This is a trivial algorithm that simply multiplies the points with the corresponding scalars and adds them up.
The use case is to allow creating exposed function that uses `ecmult_multi` but without requiring a scratch space argument. For example, in MuSig when computing the combined public key we need to compute a weighted sum of points but we most likely don't care about the performance. And if we do we can still provide a scratch space. Having the option of not providing a scratch space is useful because creating a scratch space is not entirely trivial. One needs to decide on a size and it needs to be destroyed.
Tree-SHA512: 2de20feeff00902ca0936ec1f8d81cf7a95d0917f80e76e9eacbd739c8c2e248fbdaeb468a0aeaf715ec251c2c79b5e271ff4d77456218d02332e26e003d796e
a34bcaa Actually pass CFLAGS_FOR_BUILD and LDFLAGS_FOR_BUILD to linker (Tim Ruffing)
2d5f4ce configure: Use CFLAGS_FOR_BUILD when checking native compiler (Tim Ruffing)
Pull request description:
This fixes a bug where configure would fail or disable static
ecmult tables because it wrongly checks the native compiler using
the target CFLAGS (instead of the native CFLAGS_FOR_BUILD).
Moreover, this commit adds tests to figure out whether the native
compiler supports the warning flags passed during the build, and it
contains a few minor improvements to the code that checks the native
compiler.
Tree-SHA512: 31a92a5516cf2f9801c918edfba0059aa4f8549b0c1de94fc166b5e92ad1868a480c48cdc5ff62679ba20e26f4a0e2948c71fd2b3e80766673d2bf7512da3875
be40c4d Fixup for C90 mixed declarations. (Gregory Maxwell)
8b3841c fix bug in fread() failure check (Don Viszneki)
cddef0c tests: add warning message when /dev/urandom fails (Don Viszneki)
Pull request description:
I've made two small changes to `src/tests.c` circa random seed generation.
Added a warning when `/dev/urandom` fails, mostly to defend against the case that someone should use the code verbatim, but also to enhance its illustrative power.
Also I fixed a bug with how the return value of `fread()` was being evaluated. In fact, `/dev/urandom` was never being applied before as the check on the return value of `fread()` always failed!
Tree-SHA512: 239dbe8316220c2f0e5b370bf9a18f78196e96cc4a7edea58cf2521b2c9cbc8da065be96aa859f90324d57e388d30f7670ce6bc1cca52e5162e5ca66b1a55b34
d3cb1f9 Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse (Ben Woosley)
Pull request description:
This results in more self-documenting code.
Constants defined here:
1e6f1f5ad5/include/secp256k1.h (L175-L180)
Tree-SHA512: 2026103c487a5ebdea9a2f5ec2be96d74e38d5b2269b4df11e354bb54aba2925b47c3185f530205019840b00fc3501121acfa5234faf1d095d71777826414f69
0f05173 Fix algorithm selection in bench_ecmult (Jonas Nick)
Pull request description:
Without this commit using an unknown argument results in a segmentation fault.
Tree-SHA512: 85b8f977e62fa360ff6dc923bd86f08725c30e178d58f43d33cbd8eb69e54fa4ec76e4407624611a80554cf9961689bce6b216da735ac95b256d0d2f60fe3328
3965027 Summarize build options in configure script (Evan Klitzke)
Pull request description:
This is a trivial build system change to summarize the build options after running configure.
Example output:
```
$ ./configure
....
<many lines omitted>
...
config.status: src/libsecp256k1-config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands
Build Options:
with endomorphism = no
with ecmult precomp = yes
with jni = no
module ecdh = no
module recovery = no
asm = x86_64
bignum = gmp
field = 64bit
scalar = 64bit
CC = gcc
CFLAGS = -g -O2 -W -std=c89 -pedantic -Wall -Wextra -Wcast-align -Wnested-externs -Wshadow -Wstrict-prototypes -Wno-unused-function -Wno-long-long -Wno-overlength-strings -fvisibility=hidden -O3
CPPFLAGS =
LDFLAGS =
```
I tried to just include the configure options that looked interesting; let me know if there are any I didn't include that I should have.
Tree-SHA512: 428381654d772f76bc81210d39ba5c3f07a94dc6a6378a02ccc6f23ebce7f501896268bcd2e94e2b0d8aea54c9c70c44a9238a0f0960600f463b1e2847c7ed1f
6198375 Make randomization of a non-signing context a noop (Tim Ruffing)
Pull request description:
Before this commit secp256k1_context_randomize called illegal_callback
when called on a context not initialized for signing. This is not
documented. Moreover, it is not desirable because non-signing contexts
may use randomization in the future.
This commit makes secp256k1_context_randomize a noop in this case. This
is safe because the context cannot be used for signing anyway.
This fixes#573 and it fixesrust-bitcoin/rust-secp256k1#82.
Tree-SHA512: 34ddfeb004d9da8f4a77c739fa2110544c28939378e779226da52f410a0e36b3aacb3ebd2e3f3918832a9027684c161789cfdc27a133f2f0e0f1c47e8363029c
270f6c8 Portability fix for the configure scripts generated (Pierre Pronchery)
Pull request description:
Found thanks to the developer checks from the pkgsrc software
distribution (for NetBSD, SmartOS, Minix, MacOS X, Linux, and more).
Tree-SHA512: 2589545aa4d0620db66e79df1dc148a487384b5169ba7323937490d802973388859d30d45b35ee3e614be6d49cb694f37f585a16caa87ad1e500a0b7368dcc0a
52ab96f clean dependendies in field_*_impl.h (Russell O'Connor)
deff5ed Correct math typos in field_*.h (Russell O'Connor)
4efb3f8 Add check that restrict pointers don't alias with all parameters. (Russell O'Connor)
Pull request description:
* add more checks for restrict pointers.
* correct math typos.
* refine dependencies on "num.h"
Tree-SHA512: c368f577927db2ace3e7f46850cb2fdf9d7d169b698a9697767e1f82e9e7091f2b2fea0f7cf173048eb4c1bb56824c884fa849c04c595ee97766c01f346a54ec
