Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add secp256k1_pubkey_sort #1518

Merged
merged 1 commit into from
May 6, 2024
Merged

Conversation

jonasnick
Copy link
Contributor

This PR adds a secp256k1_pubkey_sort function the the public API which was originally part of the musig PR (#1479). However, I opened a separate PR because it adds internal functions that are also used by the WIP silent payments module.

@real-or-random
Copy link
Contributor

Concept ACK. This is useful independently of MuSig and Silent Payments. Also for users with no standard library, e.g., on hardware wallets.

cc @roconnor-blockstream who wrote most of this code


Just out of curiosity, I checked what glibc actually does. They have Quicksort, Insertionsort, Mergesort, and Heapsort in their code base. If malloc fails, they'll always fall back to Heapsort. I think they had been using Quicksort and Mergesort for decades (perhaps selected depending on the platform?), but they changed their mind quite often lately, and this was indeed related to degenerate and adversarially constructed inputs:

  • Oct 2023: They added Heapsort and used it to implement Introsort. Introsort is basically Quicksort two fallbacks: 1) a fallback on some O(n log n) sorting algorithm in degenerate cases, and 2) a fallback on Insertion sort for small arrays (bminor/glibc@274a46c). They had also removed Mergesort, making Introsort the algorithm used everywhere. (bminor/glibc@03bf835)
  • Nov 2023: The logic for the fallback to Heapsort was tightened, and a test with a degerate array. (bminor/glibc@64e4acf: "To avoid a denial-of-service condition with adversarial input, it is necessary to fall over to heapsort if tail-recursing deeply, too [...]")
  • Jan 2024: They reverted to Mergesort because it turns out that people rely on the sorting being stable, even though this is not guaranteed by the standard, and even though their Heapsort fallback won't guarantee it anyway. (bminor/glibc@709fbd3)

This means that the current libc is probably fine. But old versions may be problematic, and other implementations of the standard library may also be problematic. If anything, all of this confirms that Heapsort is a good choice, and that we should not rely on the standard library here.

Copy link
Member

@josibake josibake left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Concept ACK. This is particularly useful for the silent payments module in that we are able to hide a lot of complexity from the caller. In addition, I agree with Tim's assessment that this is a generally useful thing to have (not specific to Musig2/Silent payments).

Left a small nit regarding documentation but overall I found this pretty easy to work with as implemented when creating a custom cmp for silent payments.

src/hsort.h Outdated Show resolved Hide resolved
@jonasnick jonasnick changed the title extrakeys: add secp256k1_pubkey_sort Add secp256k1_pubkey_sort Apr 17, 2024
@jonasnick jonasnick force-pushed the pubkey-sort branch 2 times, most recently from d986553 to 4520d75 Compare April 17, 2024 18:44
Copy link
Contributor

@theStack theStack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Concept ACK

include/secp256k1.h Outdated Show resolved Hide resolved
src/hsort_impl.h Outdated Show resolved Hide resolved
@elichai
Copy link
Contributor

elichai commented Apr 18, 2024

A wild idea:
What if we used something simple(like shellsort or even bubblesort) that is very easy to verify, and has good performance in the best case (when it's already sorted) and then we recommend users that use huge list of pub keys to sort them before passing them in with the stdlib sort function of the platform their using.

Needing to reimplement and maintaining highly efficient in place sorting every time is very sad

About it being useful, I'll say that embedded rust still gives you sorting via libcore, and I think every embedded C toolkit has some sort of sorting utility, but I might be wrong on this

@real-or-random
Copy link
Contributor

A wild idea: What if we used something simple(like shellsort or even bubblesort) that is very easy to verify, and has good performance in the best case (when it's already sorted) and then we recommend users that use huge list of pub keys to sort them before passing them in with the stdlib sort function of the platform their using.

Hm, I think this gives us the worst of both worlds in the end:

  • We have to maintain the implementation of sorting algorithm.
  • We still tell users to rely on the stdlib.

Also, I doubt that Shellsort or Bubblesort are much easier to implement than Heapsort. (And look at the nature of the bug I found: The swap was wrong, not the Heapsort itself. And you'll need a swap for every algorithm.)

Needing to reimplement and maintaining highly efficient in place sorting every time is very sad

Yeah, but that's because C is sad (sometimes).

@josibake
Copy link
Member

I'll echo @real-or-random 's point and add:

and then we recommend users that use huge list of pub keys to sort them before passing them in with the stdlib sort function of the platform their using.

I think this is fine if the sorting step is a convenience, but in the case of the silent payments module sorting is a required step for generating the outputs correctly. For this, I think it's far better to have sorting handled inside the module vs requiring the user to sort before passing the public keys. Doing the sorting for the users eliminates a difficult to catch error and we'd need to sort anyways to be able to detect and alert the user that they did not sort (or sorted incorrectly).

Copy link
Contributor

@real-or-random real-or-random left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK mod nits, I've inspected the code and the proofs again.

New improved tests are nice.

src/tests.c Outdated Show resolved Hide resolved
src/tests.c Outdated Show resolved Hide resolved
src/hsort_impl.h Outdated Show resolved Hide resolved
src/tests.c Show resolved Hide resolved
Comment on lines +6730 to +6759
{
int32_t ecount = 0;
secp256k1_context_set_illegal_callback(CTX, counting_callback_fn, &ecount);
CHECK(secp256k1_ec_pubkey_sort(CTX, pks_ptr, 2) == 1);
CHECK(ecount == 2);
secp256k1_context_set_illegal_callback(CTX, NULL, NULL);
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not exactly this PR, but do you think it's worth noting in the API docs that callbacks may be triggered more than once per API call? This may be interesting in the case of the illegal callback because you wouldn't need to crash necessarily for this type of callback (e.g., thinking of python bindings that could choose to raise). If yes, we could track this separately.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm good point. But if we think that calling the callback multiple times causes problems, it may makes more sense to fix/change that because it's unlikely someone will read this and take it into account.

For the error callback the documentation says "After this callback returns, anything may happen, including crashing." and for the illegal callback "When this callback is triggered, the API function called is guaranteed not to cause a crash, though its return value and output arguments are undefined."

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But if we think that calling the callback multiple times causes problems, it may makes more sense to fix/change that because it's unlikely someone will read this and take it into account.

Let's maybe track this in a separate issue. It's certainly not great to call the callback twice, but last time when I tried to "fix" it, I wasn't happy with the added code complexity.

@jonasnick
Copy link
Contributor Author

I added a description of the interface to the hsort doc. Apparently mac OS uses a different order of arguments.

src/tests.c Outdated
secp256k1_hsort(elements, 1, element_len, test_hsort_cmp, &data);
CHECK(data.counter == 0);
secp256k1_hsort(elements, NUM, element_len, test_hsort_cmp, &data);
CHECK(data.counter >= NUM);
Copy link
Contributor

@roconnor-blockstream roconnor-blockstream Apr 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not entirely sure what we are trying to do with this check, but if we are thinking of hsort as a black box sorting function, the minimum number of comparisons is NUM-1 (min 0).

If we are thinking of hsort as a white box heap sort, then the minimum number of comparisons is larger, on the order of (3/2 n) or so. We can probably figure it out if that's your intention.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed to NUM-1.

@roconnor-blockstream
Copy link
Contributor

Doing the sorting for the users eliminates a difficult to catch error and we'd need to sort anyways to be able to detect and alert the user that they did not sort (or sorted incorrectly).

You can test that a list is sorted in O(n) time, but sorting (by comparisons) take O(n log n) time

That said, I do agree that we should just sort ourselves, in O(n log n) worst case time, with constant memory overhead.

@jonasnick
Copy link
Contributor Author

Rebased on master and added change log entry.

src/hsort_impl.h Outdated Show resolved Hide resolved
src/hsort_impl.h Show resolved Hide resolved
src/secp256k1.c Outdated Show resolved Hide resolved
Co-authored-by: Tim Ruffing <crypto@timruffing.de>
Co-authored-by: Russell O'Connor <roconnor@blockstream.io>
Copy link
Member

@josibake josibake left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 7d2591c

Don't have much to offer on the hsort side, but did review the secp256k1 specific parts and have been using this commit in #1519 without any issues.

Comment on lines +329 to +332
static int secp256k1_ec_pubkey_sort_cmp(const void* pk1, const void* pk2, void *ctx) {
return secp256k1_ec_pubkey_cmp((secp256k1_context *)ctx,
*(secp256k1_pubkey **)pk1,
*(secp256k1_pubkey **)pk2);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In #1519, I initially created a secp256k1_silentpayments_recipient_sort_cmp function using (secp256k1_silentpayments_recipient *)r->scan_pubkey instead of *(secp256k1_silentpayments_recipient **)r->scan_pubkey. Everything compiled fine, but the end result was my array was not sorted correctly. Took me awhile to figure out that it was due to using (typedef *) instead of *(typedef **).

This could just be a me problem in not having a strong C background, but wanted to mention it in case its worth documenting.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, this is documented. The hsort doc says "comparison function is called with two arguments that point to the objects being compared" (which was copied from the qsort_r manpage). If the array you give to hsort consists of elements of type secp256k1_silentpayments_recipient *, the comparison function is called with pointers to the elements (secp256k1_silentpayments_recipient **).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess seeing stuff like *(secp256k1_pubkey **)pk1 can be confusing even to seasoned C programmers at first glance, due to the asterisk being used for two related but different things here (first as a dereference operator and then in the cast for indicating a pointer type). But yeah, I don't think we can do anything to improve this.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be *(const secp256k1_pubkey * const *)pk1 or something?

@sipa
Copy link
Contributor

sipa commented May 3, 2024

ACK 7d2591c

Copy link
Contributor

@real-or-random real-or-random left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 7d2591c

Comment on lines +339 to +352
/* Suppress wrong warning (fixed in MSVC 19.33) */
#if defined(_MSC_VER) && (_MSC_VER < 1933)
#pragma warning(push)
#pragma warning(disable: 4090)
#endif

/* Casting away const is fine because neither secp256k1_hsort nor
* secp256k1_ec_pubkey_sort_cmp modify the data pointed to by the cmp_data
* argument. */
secp256k1_hsort(pubkeys, n_pubkeys, sizeof(*pubkeys), secp256k1_ec_pubkey_sort_cmp, (void *)ctx);

#if defined(_MSC_VER) && (_MSC_VER < 1933)
#pragma warning(pop)
#endif
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I verified that the pragmas are still necessary now that the call to secp256k1_hsort was changed. See https://godbolt.org/z/13MY3acP1 .

@sipa sipa merged commit bb528cf into bitcoin-core:master May 6, 2024
107 checks passed
hebasto added a commit to hebasto/secp256k1-CMake-example that referenced this pull request May 11, 2024
e3a885d Merge bitcoin-core/secp256k1#1522: release: prepare for 0.5.0
c0e4ec3 release: prepare for 0.5.0
bb528cf Merge bitcoin-core/secp256k1#1518: Add secp256k1_pubkey_sort
7d2591c Add secp256k1_pubkey_sort
da51507 Merge bitcoin-core/secp256k1#1058: Signed-digit multi-comb ecmult_gen algorithm
4c341f8 Add changelog entry for SDMC
a043940 Permit COMB_BITS < 256 for exhaustive tests
39b2f2a Add test case for ecmult_gen recoded = {-1,0,1}
644e86d Reintroduce projective blinding
07810d9 Reduce side channels from single-bit reads
a0d32b5 Optimization: use Nx32 representation for recoded bits
e03dcc4 Make secp256k1_scalar_get_bits support 32-bit reads
5005abe Rename scalar_get_bits -> scalar_get_bits_limb32; return uint32_t
6247f48 Optimization: avoid unnecessary doublings in precomputation
15d0cca Optimization: first table lookup needs no point addition
7a33db3 Optimization: move (2^COMB_BITS-1)/2 term into ctx->scalar_offset
ed2a056 Provide 3 configurations accessible through ./configure
5f7be9f Always generate tables for current (blocks,teeth) config
fde1dfc Signed-digit multi-comb ecmult_gen algorithm
486518b Make exhaustive tests's scalar_inverse(&x,&x) work
ab45c3e Initial gej blinding -> final ge blinding
aa00a6b Introduce CEIL_DIV macro and use it
d831168 Merge bitcoin-core/secp256k1#1515: ci: Note affected clangs in comment on ASLR quirk
a85e223 ci: Note affected clangs in comment on ASLR quirk
4b77fec Merge bitcoin-core/secp256k1#1512: msan: notate more variable assignments from assembly code
f7f0184 msan: notate more variable assignments from assembly code
a613391 change inconsistent array param to pointer
05bfab6 Merge bitcoin-core/secp256k1#1507: ci: Add workaround for ASLR bug in sanitizers
a5e8ab2 ci: Add sanitizer env variables to debug output
84a93de ci: Add workaround for ASLR bug in sanitizers
427e86b Merge bitcoin-core/secp256k1#1490: tests: improve fe_sqr test (issue #1472)
2028069 doc: clarify input requirements for secp256k1_fe_mul
11420a7 tests: improve fe_sqr test
cdc9a62 Merge bitcoin-core/secp256k1#1489: tests: add missing fe comparison checks for inverse field test cases
d926510 Merge bitcoin-core/secp256k1#1496: msan: notate variable assignments from assembly code
31ba404 msan: notate variable assignments from assembly code
e7ea32e msan: Add SECP256K1_CHECKMEM_MSAN_DEFINE which applies to memory sanitizer and not valgrind
e7bdddd refactor: rename `check_fe_equal` -> `fe_equal`
00111c9 tests: add missing fe comparison checks for inverse field test cases
0653a25 Merge bitcoin-core/secp256k1#1486: ci: Update cache action
94a14d5 ci: Update cache action
2483627 Merge bitcoin-core/secp256k1#1483: cmake: Recommend native CMake commands in README
5ad3aa3 Merge bitcoin-core/secp256k1#1484: tests: Drop redundant _scalar_check_overflow calls
51df2d9 tests: Drop redundant _scalar_check_overflow calls
3777e3f cmake: Recommend native CMake commands in README
e4af41c Merge bitcoin-core/secp256k1#1249: cmake: Add `SECP256K1_LATE_CFLAGS` configure option
3bf4d68 Merge bitcoin-core/secp256k1#1482: build: Clean up handling of module dependencies
e682267 build: Error if required module explicitly off
89ec583 build: Clean up handling of module dependencies
4437886 Merge bitcoin-core/secp256k1#1468: v0.4.1 release aftermath
a9db9f2 Merge bitcoin-core/secp256k1#1480: Get rid of untested sizeof(secp256k1_ge_storage) == 64 code path
74b7c3b Merge bitcoin-core/secp256k1#1476: include: make docs more consistent
b37fdb2 check-abi: Minor UI improvements
ad5f589 check-abi: Default to HEAD for new version
9fb7e2f release process: Style and formatting nits
ba5d72d assumptions: Use new STATIC_ASSERT macro
e53c2d9 Require that sizeof(secp256k1_ge_storage) == 64
d0ba2ab util: Add STATIC_ASSERT macro
da7bc1b include: in doc, remove article in front of "pointer"
aa3dd52 include: make doc about ctx more consistent
e3f6900 include: remove obvious "cannot be NULL" doc
d373bf6 Merge bitcoin-core/secp256k1#1474: tests: restore scalar_mul test
79e0945 Merge bitcoin-core/secp256k1#1473: Fix typos
3dbfb48 tests: restore scalar_mul test
d77170a Fix typos
e7053d0 release process: Add email step
429d21d release process: Run sanity checks on release PR
efe85c7 Merge bitcoin-core/secp256k1#1466: release cleanup: bump version after 0.4.1
4b2e06f release cleanup: bump version after 0.4.1
1ad5185 Merge bitcoin-core/secp256k1#1465: release: prepare for 0.4.1
672053d release: prepare for 0.4.1
1a81df8 Merge bitcoin-core/secp256k1#1380: Add ABI checking tool for release process
74a4d97 doc: Add ABI checking with `check-abi.sh` to the Release Process
e7f830e Add `tools/check-abi.sh`
77af1da Merge bitcoin-core/secp256k1#1455: doc: improve secp256k1_fe_set_b32_mod doc
3928b7c doc: improve secp256k1_fe_set_b32_mod doc
5e9a4d7 Merge bitcoin-core/secp256k1#990: Add comment on length checks when parsing ECDSA sigs
4197d66 Merge bitcoin-core/secp256k1#1431: Add CONTRIBUTING.md
0e5ea62 CONTRIBUTING: add some coding and style conventions
e2c9888 Merge bitcoin-core/secp256k1#1451: changelog: add entry for "field: Remove x86_64 asm"
d2e36a2 changelog: add entry for "field: Remove x86_64 asm"
1a432cb README: update first sentence
0922a04 docs: move coverage report instructions to CONTRIBUTING
76880e4 Add CONTRIBUTING.md including scope and guidelines for new code
d3e29db Merge bitcoin-core/secp256k1#1450: Add group.h ge/gej equality functions
04af0ba Replace ge_equals_ge[,j] calls with group.h equality calls
60525f6 Add unit tests for group.h equality functions
a47cd97 Add group.h ge/gej equality functions
10e6d29 Merge bitcoin-core/secp256k1#1446: field: Remove x86_64 asm
07687e8 Merge bitcoin-core/secp256k1#1393: Implement new policy for VERIFY_CHECK and #ifdef VERIFY (issue #1381)
bb46723 remove VERIFY_SETUP define
a3a3e11 remove unneeded VERIFY_SETUP uses in ECMULT_CONST_TABLE_GET_GE macro
a0fb68a introduce and use SECP256K1_SCALAR_VERIFY macro
cf25c86 introduce and use SECP256K1_{FE,GE,GEJ}_VERIFY macros
5d89bc0 remove superfluous `#ifdef VERIFY`/`#endif` preprocessor conditions
c2688f8 redefine VERIFY_CHECK to empty in production (non-VERIFY) mode
5814d84 Merge bitcoin-core/secp256k1#1438: correct assertion for secp256k1_fe_mul_inner
c1b4966 Merge bitcoin-core/secp256k1#1445: bench: add --help option to bench_internal
f07cead build: Don't call assembly an optimization
2f0762f field: Remove x86_64 asm
1ddd76a bench: add --help option to bench_internal
e721039 Merge bitcoin-core/secp256k1#1441: asm: add .note.GNU-stack section for non-exec stack
ea47c82 Merge bitcoin-core/secp256k1#1442: Return temporaries to being unsigned in secp256k1_fe_sqr_inner
dcdda31 Tighten secp256k1_fe_mul_inner's VERIFY_BITS checks
1027135 Return temporaries to being unsigned in secp256k1_fe_sqr_inner
33dc7e4 asm: add .note.GNU-stack section for non-exec stack
c891c5c Merge bitcoin-core/secp256k1#1437: ci: Ignore internal errors of snapshot compilers
8185e72 ci: Ignore internal errors in snapshot compilers
40f50d0 Merge bitcoin-core/secp256k1#1184: Signed-digit based ecmult_const algorithm
8e2a5fe correct assertion for secp256k1_fe_mul_inner
355bbdf Add changelog entry for signed-digit ecmult_const algorithm
21f49d9 Remove unused secp256k1_scalar_shr_int
115fdc7 Remove unused secp256k1_wnaf_const
aa9f3a3 ecmult_const: add/improve tests
4d16e90 Signed-digit based ecmult_const algorithm
ba523be make SECP256K1_SCALAR_CONST reduce modulo exhaustive group order
2140da9 Add secp256k1_scalar_half for halving scalars (+ tests/benchmarks).
1f1bb78 Merge bitcoin-core/secp256k1#1430: README: remove CI badge
5dab0ba README: remove CI badge
b314cf2 Merge bitcoin-core/secp256k1#1426: ci/cirrus: Add native ARM64 jobs
fa4d6c7 ci/cirrus: Add native ARM64 persistent workers
ee7aaf2 Merge bitcoin-core/secp256k1#1395: tests: simplify `random_fe_non_zero` (remove loop limit and unneeded normalize)
ba9cb6f Merge bitcoin-core/secp256k1#1424: ci: Bump major versions for docker actions
d9d80fd ci: Bump major versions for docker actions
4fd00f4 Merge bitcoin-core/secp256k1#1422: cmake: Install `libsecp256k1.pc` file
421d848 ci: Align Autotools/CMake `CI_INSTALL` directory names
9f005c6 cmake: Install `libsecp256k1.pc` file
2262d0e ci/cirrus: Bring back skeleton .cirrus.yml without jobs
b10ddd2 Merge bitcoin-core/secp256k1#1416: doc: Align documented scripts with CI ones
49be5be Merge bitcoin-core/secp256k1#1390: tests: Replace counting_illegal_callbacks with CHECK_ILLEGAL_VOID
cbf3053 Merge bitcoin-core/secp256k1#1417: release cleanup: bump version after 0.4.0
9b118bc release cleanup: bump version after 0.4.0
199d27c Merge bitcoin-core/secp256k1#1415: release: Prepare for 0.4.0
7030364 tests: add CHECK_ERROR_VOID and use it in scratch tests
f8d7ea6 tests: Replace counting_illegal_callbacks with CHECK_ILLEGAL_VOID
1633980 release: Prepare for 0.4.0
d9a8506 changelog: Catch up in preparation of release
b0f7bfe doc: Do not mention soname in CHANGELOG.md "ABI Compatibility" section
bd9d98d doc: Align documented scripts with CI ones
0b4640a Merge bitcoin-core/secp256k1#1413: ci: Add `release` job
8659a01 ci: Add `release` job
f9b3889 ci: Update `actions/checkout` version
a1d52e3 tests: remove unnecessary test in run_ec_pubkey_parse_test
875b0ad tests: remove unnecessary set_illegal_callback
727bec5 Merge bitcoin-core/secp256k1#1414: ci/gha: Add ARM64 QEMU jobs for clang and clang-snapshot
2635068 ci/gha: Let MSan continue checking after errors in all jobs
e78c7b6 ci/Dockerfile: Reduce size of Docker image further
2f0d3bb ci/Dockerfile: Warn if `ulimit -n` is too high when running Docker
4b8a647 ci/gha: Add ARM64 QEMU jobs for clang and clang-snapshot
6ebe7d2 ci/Dockerfile: Always use versioned clang packages
65c79fe Merge bitcoin-core/secp256k1#1412: ci: Switch macOS from Ventura to Monterey and add Valgrind
c223d7e ci: Switch macOS from Ventura to Monterey and add Valgrind
ea26b71 Merge bitcoin-core/secp256k1#1411: ci: Make repetitive command the default one
cce0456 ci: Make repetitive command the default one
317a4c4 ci: Move `git config ...` to `run-in-docker-action`
4d7fe60 Merge bitcoin-core/secp256k1#1409: ci: Move remained task from Cirrus to GitHub Actions
676ed8f ci: Move "C++ (public headers)" from Cirrus to GitHub Actions
61fc3a2 ci: Move "C++ -fpermissive..." from Cirrus to GitHub Actions
d51fb0a ci: Move "MSan" from Cirrus to GitHub Actions
c22ac27 ci: Move sanitizers task from Cirrus to GitHub Actions
26a9899 Merge bitcoin-core/secp256k1#1410: ci: Use concurrency for pull requests only
ee1be62 ci: Use concurrency for pull requests only
6ee1455 Merge bitcoin-core/secp256k1#1406: ci, gha: Move more non-x86_64 tasks from Cirrus CI to GitHub Actions
fc3dea2 ci: Move "ppc64le: Linux..." from Cirrus to GitHub Actions
7782dc8 ci: Move "ARM64: Linux..." from Cirrus to GitHub Actions
0a16de6 ci: Move "ARM32: Linux..." from Cirrus to GitHub Actions
ea33914 ci: Move "s390x (big-endian): Linux..." from Cirrus to GitHub Actions
880be8a ci: Move "i686: Linux (Debian stable)" from Cirrus to GiHub Actions
2e6cf9b Merge bitcoin-core/secp256k1#1396: ci, gha: Add "x86_64: Linux (Debian stable)" GitHub Actions job
5373693 Merge bitcoin-core/secp256k1#1405: ci: Drop no longer needed workaround
ef9fe95 ci: Drop no longer needed workaround
e10878f ci, gha: Drop `driver-opts.network` input for `setup-buildx-action`
4ad4914 ci, gha: Add `retry_builder` Docker image builder
6617a62 ci: Remove "x86_64: Linux (Debian stable)" task from Cirrus CI
03c9e65 ci, gha: Add "x86_64: Linux (Debian stable)" GitHub Actions job
ad3e65d ci: Remove GCC build files and sage to reduce size of Docker image
6b9507a Merge bitcoin-core/secp256k1#1398: ci, gha: Add Windows jobs based on Linux image
87d35f3 ci: Rename `cirrus.sh` to more general `ci.sh`
d6281dd ci: Remove Windows tasks from Cirrus CI
2b6f9cd ci, gha: Add Windows jobs based on Linux image
48b1d93 Merge bitcoin-core/secp256k1#1403: ci, gha: Ensure only a single workflow processes `github.ref` at a time
0ba2b94 Merge bitcoin-core/secp256k1#1373: Add invariant checking for scalars
c45b7c4 refactor: introduce testutil.h (deduplicate `random_fe_`, `ge_equals_` helpers)
dc55141 tests: simplify `random_fe_non_zero` (remove loop limit and unneeded normalize)
060e32c Merge bitcoin-core/secp256k1#1401: ci, gha: Run all MSVC tests on Windows natively
de657c2 Merge bitcoin-core/secp256k1#1062: Removes `_fe_equal_var`, and unwanted `_fe_normalize_weak` calls (in tests)
bcffeb1 Merge bitcoin-core/secp256k1#1404: ci: Remove "arm64: macOS Ventura" task from Cirrus CI
c2f6435 ci: Add comment about switching macOS to M1 on GHA later
4a24fae ci: Remove "arm64: macOS Ventura" task from Cirrus CI
b0886fd ci, gha: Ensure only a single workflow processes `github.ref` at a time
3d05c86 Merge bitcoin-core/secp256k1#1394: ci, gha: Run "x86_64: macOS Ventura" job on GitHub Actions
d78bec7 ci: Remove Windows MSVC tasks from Cirrus CI
3545dc2 ci, gha: Run all MSVC tests on Windows natively
5d8fa82 Merge bitcoin-core/secp256k1#1274: test: Silent noisy clang warnings about Valgrind code on macOS x86_64
8e54a34 ci, gha: Run "x86_64: macOS Ventura" job on GitHub Actions
b327abf Merge bitcoin-core/secp256k1#1402: ci: Use Homebrew's gcc in native macOS task
d62db57 ci: Use Homebrew's gcc in native macOS task
54058d1 field: remove `secp256k1_fe_equal_var`
bb4efd6 tests: remove unwanted `secp256k1_fe_normalize_weak` call
eedd781 Merge bitcoin-core/secp256k1#1348: tighten group magnitude limits, save normalize_weak calls in group add methods (revival of #1032)
b2f6712 Merge bitcoin-core/secp256k1#1400: ctimetests: Use new SECP256K1_CHECKMEM macros also for ellswift
9c91ea4 ci: Enable ellswift module where it's missing
db32a24 ctimetests: Use new SECP256K1_CHECKMEM macros also for ellswift
ce765a5 Merge bitcoin-core/secp256k1#1399: ci, gha: Run "SageMath prover" job on GitHub Actions
8408dfd Revert "ci: Run sage prover on CI"
c8d9914 ci, gha: Run "SageMath prover" job on GitHub Actions
8d2960c Merge bitcoin-core/secp256k1#1397: ci: Remove "Windows (VS 2022)" task from Cirrus CI
f1774e5 ci, gha: Make MSVC job presentation more explicit
5ee039b ci: Remove "Windows (VS 2022)" task from Cirrus CI
96294c0 Merge bitcoin-core/secp256k1#1389: ci: Run "Windows (VS 2022)" job on GitHub Actions
a2f7ccd ci: Run "Windows (VS 2022)" job on GitHub Actions
374e2b5 Merge bitcoin-core/secp256k1#1290: cmake: Set `ENVIRONMENT` property for examples on Windows
1b13415 Merge bitcoin-core/secp256k1#1391: refactor: take use of `secp256k1_scalar_{zero,one}` constants (part 2)
a1bd497 refactor: take use of `secp256k1_scalar_{zero,one}` constants (part 2)
b7c685e Save _normalize_weak calls in group add methods
c83afa6 Tighten group magnitude limits
26392da Merge bitcoin-core/secp256k1#1386: ci: print $ELLSWIFT in cirrus.sh
d23da6d use secp256k1_scalar_verify checks
4692478 ci: print $ELLSWIFT in cirrus.sh
c7d0454 add verification for scalars
c734c64 Merge bitcoin-core/secp256k1#1384: build: enable ellswift module via SECP_CONFIG_DEFINES
ad15215 update max scalar in scalar_cmov_test and fix schnorrsig_verify exhaustive test
78ca880 build: enable ellswift module via SECP_CONFIG_DEFINES
0e00fc7 Merge bitcoin-core/secp256k1#1383: util: remove unused checked_realloc
b097a46 util: remove unused checked_realloc
2bd5f3e Merge bitcoin-core/secp256k1#1382: refactor: Drop unused cast
4f8c5bd refactor: Drop unused cast
173e8d0 Implement current magnitude assumptions
49afd2f Take use of _fe_verify_magnitude in field_impl.h
4e9661f Add _fe_verify_magnitude (no-op unless VERIFY is enabled)
690b0fc add missing group element invariant checks
175db31 ci: Drop no longer needed `PATH` variable update on Windows
116d2ab cmake: Set `ENVIRONMENT` property for examples on Windows
cef3739 cmake, refactor: Use helper function instead of interface library
747ada3 test: Silent noisy clang warnings about Valgrind code on macOS x86_64
42f8c51 cmake: Add `SECP256K1_LATE_CFLAGS` configure option
e02f313 Add comment on length checks when parsing ECDSA sigs

git-subtree-dir: src/secp256k1
git-subtree-split: e3a885d42a7800c1ccebad94ad1e2b82c4df5c65
fanquake added a commit to fanquake/bitcoin that referenced this pull request May 16, 2024
06bff6dec8 Merge bitcoin-core/secp256k1#1528: tests: call `secp256k1_ecmult_multi_var` with a non-`NULL` error callback
4155e62fcc Merge bitcoin-core/secp256k1#1526: cmake: Fix `check_arm32_assembly` when using as subproject
9554362b15 tests: call secp256k1_ecmult_multi_var with a non-NULL error callback
9f4c8cd730 cmake: Fix `check_arm32_assembly` when using as subproject
7712a53061 Merge bitcoin-core/secp256k1#1524: check-abi: explicitly provide public headers
7d0bc0870f Merge bitcoin-core/secp256k1#1525: changelog: Correct 0.5.0 release date
d45d9b74bb changelog: Correct 0.5.0 release date
d7f6613dbb Merge bitcoin-core/secp256k1#1523: release cleanup: bump version after 0.5.0
2f05e2da4b release cleanup: bump version after 0.5.0
e3a885d42a Merge bitcoin-core/secp256k1#1522: release: prepare for 0.5.0
dd695563e6 check-abi: explicitly provide public headers
c0e4ec3fee release: prepare for 0.5.0
bb528cfb08 Merge bitcoin-core/secp256k1#1518: Add secp256k1_pubkey_sort
7d2591ce12 Add secp256k1_pubkey_sort
da515074e3 Merge bitcoin-core/secp256k1#1058: Signed-digit multi-comb ecmult_gen algorithm
4c341f89ab Add changelog entry for SDMC
a043940253 Permit COMB_BITS < 256 for exhaustive tests
39b2f2a321 Add test case for ecmult_gen recoded = {-1,0,1}
644e86de9a Reintroduce projective blinding
07810d9abb Reduce side channels from single-bit reads
a0d32b597d Optimization: use Nx32 representation for recoded bits
e03dcc44b5 Make secp256k1_scalar_get_bits support 32-bit reads
5005abee60 Rename scalar_get_bits -> scalar_get_bits_limb32; return uint32_t
6247f485b6 Optimization: avoid unnecessary doublings in precomputation
15d0cca2a6 Optimization: first table lookup needs no point addition
7a33db35cd Optimization: move (2^COMB_BITS-1)/2 term into ctx->scalar_offset
ed2a056f3d Provide 3 configurations accessible through ./configure
5f7be9f6a5 Always generate tables for current (blocks,teeth) config
fde1dfcd8d Signed-digit multi-comb ecmult_gen algorithm
486518b350 Make exhaustive tests's scalar_inverse(&x,&x) work
ab45c3e089 Initial gej blinding -> final ge blinding
aa00a6b892 Introduce CEIL_DIV macro and use it

git-subtree-dir: src/secp256k1
git-subtree-split: 06bff6dec8d038f7b4112664a9b882293ebc5178
vmta added a commit to umkoin/umkoin that referenced this pull request May 22, 2024
06bff6dec Merge bitcoin-core/secp256k1#1528: tests: call `secp256k1_ecmult_multi_var` with a non-`NULL` error callback
4155e62fc Merge bitcoin-core/secp256k1#1526: cmake: Fix `check_arm32_assembly` when using as subproject
9554362b1 tests: call secp256k1_ecmult_multi_var with a non-NULL error callback
9f4c8cd73 cmake: Fix `check_arm32_assembly` when using as subproject
7712a5306 Merge bitcoin-core/secp256k1#1524: check-abi: explicitly provide public headers
7d0bc0870 Merge bitcoin-core/secp256k1#1525: changelog: Correct 0.5.0 release date
d45d9b74b changelog: Correct 0.5.0 release date
d7f6613db Merge bitcoin-core/secp256k1#1523: release cleanup: bump version after 0.5.0
2f05e2da4 release cleanup: bump version after 0.5.0
e3a885d42 Merge bitcoin-core/secp256k1#1522: release: prepare for 0.5.0
dd695563e check-abi: explicitly provide public headers
c0e4ec3fe release: prepare for 0.5.0
bb528cfb0 Merge bitcoin-core/secp256k1#1518: Add secp256k1_pubkey_sort
7d2591ce1 Add secp256k1_pubkey_sort

git-subtree-dir: src/secp256k1
git-subtree-split: 06bff6dec8d038f7b4112664a9b882293ebc5178
janus pushed a commit to BitgesellOfficial/bitgesell that referenced this pull request Jun 6, 2024
06bff6dec8 Merge bitcoin-core/secp256k1#1528: tests: call `secp256k1_ecmult_multi_var` with a non-`NULL` error callback
4155e62fcc Merge bitcoin-core/secp256k1#1526: cmake: Fix `check_arm32_assembly` when using as subproject
9554362b15 tests: call secp256k1_ecmult_multi_var with a non-NULL error callback
9f4c8cd730 cmake: Fix `check_arm32_assembly` when using as subproject
7712a53061 Merge bitcoin-core/secp256k1#1524: check-abi: explicitly provide public headers
7d0bc0870f Merge bitcoin-core/secp256k1#1525: changelog: Correct 0.5.0 release date
d45d9b74bb changelog: Correct 0.5.0 release date
d7f6613dbb Merge bitcoin-core/secp256k1#1523: release cleanup: bump version after 0.5.0
2f05e2da4b release cleanup: bump version after 0.5.0
e3a885d42a Merge bitcoin-core/secp256k1#1522: release: prepare for 0.5.0
dd695563e6 check-abi: explicitly provide public headers
c0e4ec3fee release: prepare for 0.5.0
bb528cfb08 Merge bitcoin-core/secp256k1#1518: Add secp256k1_pubkey_sort
7d2591ce12 Add secp256k1_pubkey_sort
da515074e3 Merge bitcoin-core/secp256k1#1058: Signed-digit multi-comb ecmult_gen algorithm
4c341f89ab Add changelog entry for SDMC
a043940253 Permit COMB_BITS < 256 for exhaustive tests
39b2f2a321 Add test case for ecmult_gen recoded = {-1,0,1}
644e86de9a Reintroduce projective blinding
07810d9abb Reduce side channels from single-bit reads
a0d32b597d Optimization: use Nx32 representation for recoded bits
e03dcc44b5 Make secp256k1_scalar_get_bits support 32-bit reads
5005abee60 Rename scalar_get_bits -> scalar_get_bits_limb32; return uint32_t
6247f485b6 Optimization: avoid unnecessary doublings in precomputation
15d0cca2a6 Optimization: first table lookup needs no point addition
7a33db35cd Optimization: move (2^COMB_BITS-1)/2 term into ctx->scalar_offset
ed2a056f3d Provide 3 configurations accessible through ./configure
5f7be9f6a5 Always generate tables for current (blocks,teeth) config
fde1dfcd8d Signed-digit multi-comb ecmult_gen algorithm
486518b350 Make exhaustive tests's scalar_inverse(&x,&x) work
ab45c3e089 Initial gej blinding -> final ge blinding
aa00a6b892 Introduce CEIL_DIV macro and use it

git-subtree-dir: src/secp256k1
git-subtree-split: 06bff6dec8d038f7b4112664a9b882293ebc5178
vmta added a commit to umkoin/umkoin that referenced this pull request Sep 6, 2024
06bff6dec Merge bitcoin-core/secp256k1#1528: tests: call `secp256k1_ecmult_multi_var` with a non-`NULL` error callback
4155e62fc Merge bitcoin-core/secp256k1#1526: cmake: Fix `check_arm32_assembly` when using as subproject
9554362b1 tests: call secp256k1_ecmult_multi_var with a non-NULL error callback
9f4c8cd73 cmake: Fix `check_arm32_assembly` when using as subproject
7712a5306 Merge bitcoin-core/secp256k1#1524: check-abi: explicitly provide public headers
7d0bc0870 Merge bitcoin-core/secp256k1#1525: changelog: Correct 0.5.0 release date
d45d9b74b changelog: Correct 0.5.0 release date
d7f6613db Merge bitcoin-core/secp256k1#1523: release cleanup: bump version after 0.5.0
2f05e2da4 release cleanup: bump version after 0.5.0
e3a885d42 Merge bitcoin-core/secp256k1#1522: release: prepare for 0.5.0
dd695563e check-abi: explicitly provide public headers
c0e4ec3fe release: prepare for 0.5.0
bb528cfb0 Merge bitcoin-core/secp256k1#1518: Add secp256k1_pubkey_sort
7d2591ce1 Add secp256k1_pubkey_sort

git-subtree-dir: src/secp256k1
git-subtree-split: 06bff6dec8d038f7b4112664a9b882293ebc5178
real-or-random added a commit that referenced this pull request Oct 7, 2024
…es (BIP 327)

168c920 build: allow enabling the musig module in cmake (Jonas Nick)
f411841 Add module "musig" that implements MuSig2 multi-signatures (BIP 327) (Jonas Nick)
0be7966 util: add constant-time is_zero_array function (Jonas Nick)
c8fbdb1 group: add ge_to_bytes_ext and ge_from_bytes_ext (Jonas Nick)
85e224d group: add ge_to_bytes and ge_from_bytes (Jonas Nick)

Pull request description:

  EDIT: based on #1518. Closes #1452. Most of the code is a copy from [libsecp256k1-zkp](https://github.com/BlockstreamResearch/secp256k1-zkp). The API added in this PR is identical with the exception of two modifications:

  1. I removed the unused `scratch_space` argument from `secp256k1_musig_pubkey_agg`. This argument was intended to allow using `ecmult_multi` algorithms for key aggregation in the future. But at this point it's unclear whether the `scratch_space` object will remain in its current form (see #1302).
  2. Support for adaptor signatures was removed and therefore the `adaptor` argument of `musig_nonce_process` was also removed.

  In contrast to the module in libsecp256k1-zkp, the module is non-experimental. I slightly cleaned up parts of the module, adjusted the code to the new definition of the VERIFY_CHECK macro and applied some simplifications that were possible because the module is now in the upstream repo (`ge_from_bytes`, `ge_to_bytes`). You can follow the changes I made to the libsecp256k1-zkp module at https://github.com/jonasnick/secp256k1-zkp/commits/musig2-upstream/.

ACKs for top commit:
  sipa:
    reACK 168c920
  real-or-random:
    reACK 168c920
  theStack:
    re-ACK 168c920

Tree-SHA512: e3a599a8d5a466107b9a86f76582b8fb9dc87ec95416c784c3ef39d1c64686e6c739806ed6ba62c91793eb7fa418a6270cf999027ee7bd3dd85c67bc2c74f677
vmta added a commit to umkoin/umkoin that referenced this pull request Oct 29, 2024
1464f15c8 Merge bitcoin-core/secp256k1#1625: util: Remove unused (u)int64_t formatting macros
980c08df8 util: Remove unused (u)int64_t formatting macros
9b7c59cbb Merge bitcoin-core/secp256k1#1624: ci: Update macOS image
096e3e23f ci: Update macOS image
68b55209f Merge bitcoin-core/secp256k1#1619: musig: ctimetests: fix _declassify range for generated nonce points
f0868a9b3 Merge bitcoin-core/secp256k1#1595: build: 45839th attempt to fix symbol visibility on Windows
1fae76f50 Merge bitcoin-core/secp256k1#1620: Remove unused scratch space from API
8be3839fb Remove unused scratch space from API
57eda3ba3 musig: ctimetests: fix _declassify range for generated nonce points
e59158b6e Merge bitcoin-core/secp256k1#1553: cmake: Set top-level target output locations
18f9b967c Merge bitcoin-core/secp256k1#1616: examples: do not retry generating seckey randomness in musig
5bab8f6d3 examples: make key generation doc consistent
e8908221a examples: do not retry generating seckey randomness in musig
70b6be183 extrakeys: improve doc of keypair_create (don't suggest retry)
01b589338 Merge bitcoin-core/secp256k1#1599: #1570 improve examples: remove key generation loop
cd4f84f3b Improve examples/documentation: remove key generation loops
a88aa9350 Merge bitcoin-core/secp256k1#1603: f can never equal -m
3660fe5e2 Merge bitcoin-core/secp256k1#1479: Add module "musig" that implements MuSig2 multi-signatures (BIP 327)
168c92011 build: allow enabling the musig module in cmake
f411841a4 Add module "musig" that implements MuSig2 multi-signatures (BIP 327)
0be79660f util: add constant-time is_zero_array function
c8fbdb1b9 group: add ge_to_bytes_ext and ge_from_bytes_ext
ef7ff0340 f can never equal -m
c232486d8 Revert "cmake: Set `ENVIRONMENT` property for examples on Windows"
26e4a7c21 cmake: Set top-level target output locations
4c57c7a5a Merge bitcoin-core/secp256k1#1554: cmake: Clean up testing code
447334cb0 include: Avoid visibility("default") on Windows
472faaa8e Merge bitcoin-core/secp256k1#1604: doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description
292310fbb doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description
2f2ccc469 Merge bitcoin-core/secp256k1#1600: cmake: Introduce `SECP256K1_APPEND_LDFLAGS` variable
421ed1b46 cmake: Introduce `SECP256K1_APPEND_LDFLAGS` variable
85e224dd9 group: add ge_to_bytes and ge_from_bytes
198885507 Merge bitcoin-core/secp256k1#1586: fix: remove duplicate 'the' from header file comment
b30761440 Merge bitcoin-core/secp256k1#1583: ci: Bump GCC_SNAPSHOT_MAJOR to 15
fa67b6752 refactor: Use array initialization for unterminated strings
9b0f37bff fix: remove duplicate 'the' from header file comment
e34b47673 ci: Bump GCC_SNAPSHOT_MAJOR to 15
3fdf146ba Merge bitcoin-core/secp256k1#1578: ci: Silent Homebrew's noisy reinstall warnings
f8c1b0e0e Merge bitcoin-core/secp256k1#1577: release cleanup: bump version after 0.5.1
7057d3c9a ci: Silent Homebrew's noisy reinstall warnings
c3e40d75d release cleanup: bump version after 0.5.1
642c885b6 Merge bitcoin-core/secp256k1#1575: release: prepare for 0.5.1
cdf08c1a2 Merge bitcoin-core/secp256k1#1576: doc: mention `needs-changelog` github label in release process
40d87b8e4 release: prepare for 0.5.1
577022617 changelog: clarify CMake option
759bd4bbc doc: mention `needs-changelog` github label in release process
fded437c4 Merge bitcoin-core/secp256k1#1574: Fix compilation when extrakeys module isn't enabled
763d938cf ci: only enable extrakeys module when schnorrsig is enabled
af551ab9d tests: do not use functions from extrakeys module
0055b8678 Merge bitcoin-core/secp256k1#1551: Add ellswift usage example
ea2d5f0f1 Merge bitcoin-core/secp256k1#1563: doc: Add convention for defaults
ca06e58b2 Merge bitcoin-core/secp256k1#1564: build, ci: Adjust the default size of the precomputed table for signing
e2af49126 ci: Switch to the new default value of the precomputed table for signing
d94a9273f build: Adjust the default size of the precomputed table for signing
fcc5d7381 Merge bitcoin-core/secp256k1#1565: cmake: Bump CMake minimum required version up to 3.16
9420eece2 cmake: Bump CMake minimum required version up to 3.16
16685649d doc: Add convention for defaults
a5269373f Merge bitcoin-core/secp256k1#1555: Fixed O3 replacement
b8fe33332 cmake: Fixed O3 replacement
7c987ec89 cmake: Call `enable_testing()` unconditionally
6aa576515 cmake: Delete `CTest` module
31f84595c Add ellswift usage example
fe4fbaa7f examples: fix case typos in secret clearing paragraphs (s/, Or/, or/)
4af241b32 Merge bitcoin-core/secp256k1#1535: build: Replace hardcoded "auto" value with default one
f473c959f Merge bitcoin-core/secp256k1#1543: cmake: Do not modify build types when integrating by downstream project
d403eea48 Merge bitcoin-core/secp256k1#1546: cmake: Rename `SECP256K1_LATE_CFLAGS` and switch to Bitcoin Core's approach
d7ae25ce6 Merge bitcoin-core/secp256k1#1550: fix: typos in secp256k1.c
0e2fadb20 fix: typos in secp256k1.c
69b2192ad Merge bitcoin-core/secp256k1#1545: cmake: Do not set `CTEST_TEST_TARGET_ALIAS`
5dd637f3c Merge bitcoin-core/secp256k1#1548: README: mention ellswift module
7454a5373 README: mention ellswift module
4706be2cd cmake: Reimplement `SECP256K1_APPEND_CFLAGS` using Bitcoin Core approach
c2764dbb9 cmake: Rename `SECP256K1_LATE_CFLAGS` to `SECP256K1_APPEND_CFLAGS`
f87a3589f cmake: Do not set `CTEST_TEST_TARGET_ALIAS`
158f9e5ea cmake: Do not modify build types when integrating by downstream project
35c0fdc86 Merge bitcoin-core/secp256k1#1529: cmake: Fix cache issue when integrating by downstream project
4392f0f71 Merge bitcoin-core/secp256k1#1533: tests: refactor: tidy up util functions (#1491)
bedffd53d Merge bitcoin-core/secp256k1#1488: ci: Add native macOS arm64 job
4b8d5eeac Merge bitcoin-core/secp256k1#1532: cmake: Disable eager MSan in ctime_tests
f55703ba4 autotools: Delete unneeded compiler test
396e88588 autotools: Align MSan checking code with CMake's implementation
abde59f52 cmake: Report more compiler details in summary
7abf979a4 cmake: Disable `ctime_tests` if build with `-fsanitize=memory`
4d9645bee cmake: Remove "AUTO" value of `SECP256K1_ECMULT_GEN_KB` option
a06805ee7 cmake: Remove "AUTO" value of `SECP256K1_ECMULT_WINDOW_SIZE` option
1791f6fce Merge bitcoin-core/secp256k1#1517: autotools: Disable eager MSan in ctime_tests
26b94ee92 autotools: Remove "auto" value of `--with-ecmult-gen-kb` option
122dbaeb3 autotools: Remove "auto" value of `--with-ecmult-window` option
e73f6f8fd tests: refactor: drop `secp256k1_` prefix from testrand.h functions
0ee7453a9 tests: refactor: add `testutil_` prefix to testutil.h functions
0c6bc76dc tests: refactor: move `random_` helpers from tests.c to testutil.h
0fef8479b tests: refactor: rename `random_field_element_magnitude` -> `random_fe_magnitude`
59db007f0 tests: refactor: rename `random_group_element_...` -> `random_ge_...`
ebfb82ee2 ci: Add job with -fsanitize-memory-param-retval
e1bef0961 configure: Move "experimental" warning to bottom
55e5d975d autotools: Disable eager MSan in ctime_tests
06bff6dec Merge bitcoin-core/secp256k1#1528: tests: call `secp256k1_ecmult_multi_var` with a non-`NULL` error callback
ec4c002fa cmake: Simplify `PROJECT_IS_TOP_LEVEL` emulation
cae9a7ad1 cmake: Do not set emulated PROJECT_IS_TOP_LEVEL as cache variable
4155e62fc Merge bitcoin-core/secp256k1#1526: cmake: Fix `check_arm32_assembly` when using as subproject
9554362b1 tests: call secp256k1_ecmult_multi_var with a non-NULL error callback
9f4c8cd73 cmake: Fix `check_arm32_assembly` when using as subproject
7712a5306 Merge bitcoin-core/secp256k1#1524: check-abi: explicitly provide public headers
7d0bc0870 Merge bitcoin-core/secp256k1#1525: changelog: Correct 0.5.0 release date
d45d9b74b changelog: Correct 0.5.0 release date
d7f6613db Merge bitcoin-core/secp256k1#1523: release cleanup: bump version after 0.5.0
2f05e2da4 release cleanup: bump version after 0.5.0
e3a885d42 Merge bitcoin-core/secp256k1#1522: release: prepare for 0.5.0
dd695563e check-abi: explicitly provide public headers
c0e4ec3fe release: prepare for 0.5.0
bb528cfb0 Merge bitcoin-core/secp256k1#1518: Add secp256k1_pubkey_sort
7d2591ce1 Add secp256k1_pubkey_sort
218f0cc93 ci: Add native macOS arm64 job

git-subtree-dir: src/secp256k1
git-subtree-split: 1464f15c812b00de0f3d397b3cfb67d1f91f6967
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants