Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Squashed 'src/secp256k1/' changes from 43dd1f4fe..44db4d801
44db4d801 Merge pull request #57 from apoelstra/2019-04-surjectionproof-stack f7e4d08da surjection proof: Reject proofs with too many used inputs in reduced mode 112edb2c6 allow reducing surjection proof size (to lower generation stack usage) d512d7865 surjectionproof: introduce `SECP256K1_SURJECTIONPROOF_MAX_USED_INPUTS` constant and set it to 16 a118acc02 surjectionproof: reduce stack usage e7f4ff4c6 Merge pull request #70 from apoelstra/2019-06-surjection-count f94d46e65 Merge pull request #71 from real-or-random/fix-trailing-test 49a1e0173 surjectionproof: fix malleability in surjection proof parsing 55311b0e0 Fix read of wrong buffer (and OOB) in surjectionproof tests 290a27bb7 surjectionproof: add test vectors for "set padding bits" 7bc3daa48 surjectionproof: add fixed test vectors 6f3b0c05c Improve comments for surctionproof init+alloc/destroy funcs 250ebb364 work in progress: add _allocate_initialized/destroy funcs 4a7763361 Improve explanation of key cancellation attack in whitelist.md 898c9f05b Clarify how to derive alternative generator H 15d92782d Add bench_generator and bench_rangeproof to .gitignore 86240b207 Clean up ./configure help strings (zkp extensions) 865b76186 Fix a small typo in the generator parameter name cd5ba5c3b generator: remove `CHECK` abort calls exposed by public API ff1665127 musig: add user documentation 0ad6b6036 Add 3-of-3 MuSig example b61a1a9d9 Add MuSig module which allows creating n-of-n multisignatures and adaptor signatures. 5d5374f92 Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification. a8ae6baff add chacha20 function 9a8a71e8b use proper types for rangeproof min/max 14769b964 rangeproof: reduce iteration count in unit tests 0593861cc Enable more builds with rest of experimental flags e9fea7427 Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting dec1b9ce2 Add comment to explain effect of max_n_iterations in surjectionproof_init ea62bfe22 add unit test for generator and pedersen commitment roundtripping e32924f0e rangeproof: fix serialization of pedersen commintments 972d056fa rangeproof: verify correctness of pedersen commitments when parsing 2cc4c6fef generator: verify correctness of point when parsing 65ffea43d rangeproof: check that points deserialize correctly when verifying rangeproof cb786d6d1 rangeproof: add fixed vector test case b387ba038 Expose generator in shared library 8da432855 fix spelling in documentation 6f14fe40d Test for rejection of trailing bytes in range proofs ab4fbc1be Test for rejection of trailing bytes in surjection proofs c908c97d6 Reject surjection proofs with trailing garbage f723bf5b3 Minor bugfix. Wrong length due to NUL character. 6872069de Add whitelisting benchmark 6ceccb75b add whitelist_impl.h to include for dist a3ad4a866 generator: add API tests e93e886cb generator: remove unnecessary ARG_CHECK from generate() f1d6e4b83 Fix generator makefile 68be61131 Fix pedersen_blind_generator_blind_sum return value documentation 51fc58ae6 Add n_keys argument to whitelist_verify 36b100c77 Fix checks of whitelist serialize/parse arguments c8f54e12e whitelist: fix serialize/parse API to take serialized length 56fca5077 Fix include/secp256k1_rangeproof.h function argument documentation. 4617f0478 rangeproof: add API tests cd4e438a3 surjectionproof: rename unit test functions to be more consistent with other modules 2cc7f1e04 surjectionproof: add API unit tests c4097f758 surjectionproof: tests_impl.h s/assert/CHECK/g 5ee6bf341 rangeproof: fix memory leak in unit tests 94e81a250 add surjection proof module a66ea3522 Implement ring-signature based whitelist delegation scheme 2bb513361 rangeproof: several API changes 9b00b61d9 Expose generator in pedersen/rangeproof API 54fa2639e Constant-time generator module 023aa86ac rangeproof: expose sidechannel message field in the signing API 89e7451d4 [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup f126331bc Pedersen commitments, borromean ring signatures, and ZK range proofs. e1fb4af90 Add 64-bit integer utilities e541a90ef Merge #629: Avoid calling _is_zero when _set_b32 fails. f34b0c3f3 Merge #630: Note intention of timing sidechannel freeness. 8d1563b0f Note intention of timing sidechannel freeness. 1669bb286 Merge #628: Fix ability to compile tests without -DVERIFY. ecc94abcc Merge #627: Guard memcmp in tests against mixed size inputs. 544435fc9 Merge #578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e9e Merge #595: Allow to use external default callbacks e49f7991c Add missing #(un)defines to base-config.h 77defd2c3 Add secp256k1_ prefix to default callback functions 908bdce64 Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e65 Allow usage of external default callbacks 6095a863f Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e02c Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails. 6c36de7a3 Merge #600: scratch space: use single allocation 98836b11f scratch: replace frames with "checkpoint" system 7623cf2b9 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f2c scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0bb9 scratch: unify allocations c2b028a28 scratch space: thread `error_callback` into all scratch space functions 0be1a4ae6 scratch: add magic bytes to beginning of structure 92a48a764 scratch space: use single allocation 40839e21b Merge #592: Use trivial algorithm in ecmult_multi if scratch space is small dcf392027 Fix ability to compile tests without -DVERIFY. a484e0008 Merge #566: Enable context creation in preallocated memory 0522caac8 Explain caller's obligations for preallocated memory 238305fdb Move _preallocated functions to separate header 695feb6fb Export _preallocated functions 814cc78d7 Add tests for contexts in preallocated memory ba12dd08d Check arguments of _preallocated functions 5feadde46 Support cloning a context into preallocated memory c4fd5dab4 Switch to a single malloc call ef020de16 Add size constants for preallocated memory 1bf7c056b Prepare for manual memory management in preallocated memory 248bffb05 Guard memcmp in tests against mixed size inputs. 36698dcfe Merge #596: Make WINDOW_G configurable a61a93ff5 Clean up ./configure help strings 2842dc523 Make WINDOW_G configurable 1a02d6ce5 Merge #626: Revert "Merge #620: Install headers automatically" 662918cb2 Revert "Merge #620: Install headers automatically" 14c7dbd44 Simplify control flow in DER parsing ec8f20bab Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3b3 Parse DER-enconded length into a size_t instead of an int 912680ed8 Merge #561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3ace Merge #620: Install headers automatically 5df77a0ed Merge #533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e0d Merge #617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde04 Merge #619: Clear a copied secret key after negation 16e86150d Install headers automatically 069870d92 Clear a copied secret key after negation 8979ec0d9 Pass scalar by reference in secp256k1_wnaf_const() 84a808598 Merge #612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a59 Allow field_10x26_arm.s to compile for ARMv7 architecture b19c00006 Merge #607: Use size_t shifts when computing a size_t 4d01bc2d9 Merge #606: travis: Remove unused sudo:false e6d01e934 Use size_t shifts when computing a size_t 7667532bd travis: Remove unused sudo:false 248f04661 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7b1 Use trivial algorithm in ecmult_multi if scratch space is small ee99f12f3 Merge #599: Switch x86_64 asm to use "i" instead of "n" for immediate values. d58bc93f2 Switch x86_64 asm to use "i" instead of "n" for immediate values. 05362ee04 Merge #597: Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build 83483869a Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build aa15154a4 Merge #568: Fix integer overflow in ecmult_multi_var when n is large 2277af5ff Fix integer overflow in ecmult_multi_var when n is large dbed75d96 Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e09 Keep LDFLAGS if `--coverage` 85d0e1bcc Merge #591: Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing. 14196379e Merge #580: Add trivial ecmult_multi algorithm which does not require a scratch space a697d82da Add trivial ecmult_multi to the benchmark tool bade61741 Add trivial ecmult_multi algorithm. It is selected when no scratch space is given and just multiplies and adds the points. 5545e13de Merge #584: configure: Use CFLAGS_FOR_BUILD when checking native compiler 20c5869df Merge #516: improvements to random seed in src/tests.c b76e45d5d Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing. 870a97764 Merge #562: Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse be40c4d0b Fixup for C90 mixed declarations. c71dd2c08 Merge #509: Fix algorithm selection in bench_ecmult 6492bf88c Merge #518: Summarize build options after running configure 0e9ada194 Merge #567: Correct order of libs returned on pkg-config --libs --static libsecp2… e96901a4b Merge #587: Make randomization of a non-signing context a noop 58df8d03a Merge #511: Portability fix for the configure scripts generated 2ebdad772 Merge #552: Make constants static: 1c131affd Merge #551: secp256k1_fe_sqrt: Verify that the arguments don't alias. ba698f883 Merge #539: Assorted minor corrections 949e85b00 Merge #550: Optimize secp256k1_fe_normalize_weak calls. a34bcaadf Actually pass CFLAGS_FOR_BUILD and LDFLAGS_FOR_BUILD to linker 2d5f4cebd configure: Use CFLAGS_FOR_BUILD when checking native compiler b408c6a8b Merge #579: Use __GNUC_PREREQ for detecting __builtin_expect 619837521 Make randomization of a non-signing context a noop c663397f4 Use __GNUC_PREREQ for detecting __builtin_expect 3cb057f84 Fix possible integer overflow in DER parsing 89a20a894 Correct order of libs returned on pkg-config --libs --static libsecp256k1 call. d3cb1f95e Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse 496c5b43b Make constants static: static const secp256k1_ge secp256k1_ge_const_g; static const int CURVE_B; bf8b86cc0 secp256k1_fe_sqrt: Verify that the arguments don't alias. 9bd89c836 Optimize secp256k1_fe_normalize_weak calls. Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead. 52ab96fed clean dependendies in field_*_impl.h deff5edd4 Correct math typos in field_*.h 4efb3f8dd Add check that restrict pointers don't alias with all parameters. 3965027c8 Summarize build options in configure script 0f0517369 Fix algorithm selection in bench_ecmult 8b3841c91 fix bug in fread() failure check cddef0c0b tests: add warning message when /dev/urandom fails 270f6c80d Portability fix for the configure scripts generated REVERT: 43dd1f4fe Merge pull request #40 from instagibbs/size_t REVERT: 6532fa0a9 Merge pull request #39 from instagibbs/more_builds REVERT: 2b2429dfa rangeproof: reduce iteration count in unit tests REVERT: 12b0e5dda Enable more builds with rest of experimental flags REVERT: 8c444eef6 use proper types for rangeproof min/max REVERT: 53ad841ca Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting REVERT: 71c5fe0f6 Add comment to explain effect of max_n_iterations in surjectionproof_init REVERT: 85fd42fb7 add unit test for generator and pedersen commitment roundtripping REVERT: 2ccf88541 rangeproof: fix serialization of pedersen commintments REVERT: 60c173b64 rangeproof: verify correctness of pedersen commitments when parsing REVERT: 32d7526cd generator: verify correctness of point when parsing REVERT: ae14e8a9d rangeproof: check that points deserialize correctly when verifying rangeproof REVERT: 44fe43d75 rangeproof: add fixed vector test case REVERT: e065d7df9 Expose generator in shared library REVERT: fb1ba329a fix spelling in documentation REVERT: fb75faa14 Test for rejection of trailing bytes in range proofs REVERT: 9b2cf1708 Test for rejection of trailing bytes in surjection proofs REVERT: a3a1800ba Reject surjection proofs with trailing garbage REVERT: 0c77ae9a7 Minor bugfix. Wrong length due to NUL character. REVERT: b1f31bc4b Add whitelisting benchmark REVERT: 52a9f8f8f add whitelist_impl.h to include for dist REVERT: a707865bc generator: add API tests REVERT: ec1ef040f generator: remove unnecessary ARG_CHECK from generate() REVERT: b0e9aa828 Fix generator makefile REVERT: 526c65499 Fix pedersen_blind_generator_blind_sum return value documentation REVERT: b51886e72 Add n_keys argument to whitelist_verify REVERT: 37c57de08 Fix checks of whitelist serialize/parse arguments REVERT: 9b8a9d91e whitelist: fix serialize/parse API to take serialized length REVERT: 7f1751560 Fix include/secp256k1_rangeproof.h function argument documentation. REVERT: 0d817020d rangeproof: add API tests REVERT: 417bb0643 surjectionproof: rename unit test functions to be more consistent with other modules REVERT: 1e2d5c1a2 surjectionproof: add API unit tests REVERT: 7878a298b surjectionproof: tests_impl.h s/assert/CHECK/g REVERT: e609591b6 rangeproof: fix memory leak in unit tests REVERT: 0c17f7972 add surjection proof module REVERT: c174f0c60 Implement ring-signature based whitelist delegation scheme REVERT: a2bc6604f rangeproof: several API changes REVERT: 21bfb3c91 Expose generator in pedersen/rangeproof API REVERT: f4620de04 Constant-time generator module REVERT: d46fc3c19 rangeproof: expose sidechannel message field in the signing API REVERT: cf40b1bed [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup REVERT: 6d28767c7 Get rid of precomputed H tables (Pieter Wuille) REVERT: ae1e576f6 Pedersen commitments, borromean ring signatures, and ZK range proofs. REVERT: efc61dc0c Add 64-bit integer utilities git-subtree-dir: src/secp256k1 git-subtree-split: 44db4d801fff3cd94105136cb443d603683baad2
- Loading branch information