Squashed 'src/secp256k1/' changes from 21ffe4b..95779fd91f

95779fd91f ci: Add "x86_64: Windows (VS 2022)" task
7e4ec7b37e cmake: Export config files
572ef69767 build: Add CMake-based build system
cbd2555 Merge bitcoin-core/secp256k1#1209: build: Add SECP256K1_API_VAR to fix importing variables from DLLs
1b21aa5 Merge bitcoin-core/secp256k1#1078: group: Save a normalize_to_zero in gej_add_ge
e433034 ci: Shutdown wineserver whenever CI script exits
9a5a611 build: Suppress stupid MSVC linker warning
739c53b examples: Extend sig examples by call that uses static context
914276e build: Add SECP256K1_API_VAR to fix importing variables from DLLs
1cca7c1 Merge bitcoin-core/secp256k1#1206: build: Add -Wreserved-identifier supported by clang
8c7e0fc build: Add -Wreserved-identifier supported by clang
8ebe5c5 Merge bitcoin-core/secp256k1#1201: ci: Do not set git's `user.{email,name}` config options
5596ec5 Merge bitcoin-core/secp256k1#1203: Do not link `bench` and `ctime_tests` to `COMMON_LIB`
ef39721 Do not link `bench` and `ctime_tests` to `COMMON_LIB`
9b60e31 ci: Do not set git's `user.{email,name}` config options
e1817a6 Merge bitcoin-core/secp256k1#1199: ci: Minor improvements inspired by Bitcoin Core
1bff200 Merge bitcoin-core/secp256k1#1200: Drop no longer used Autoheader macros
9b7d186 Drop no longer used Autoheader macros
c241586 ci: Don't fetch git history
0ecf318 ci: Use remote pull/merge ref instead of local git merge
2b77240 Merge bitcoin-core/secp256k1#1172: benchmarks: fix bench_scalar_split
eb6beba scalar: restrict split_lambda args, improve doc and VERIFY_CHECKs
7f49aa7 ci: add test job with -DVERIFY
620ba3d benchmarks: fix bench_scalar_split
5fbff5d Merge bitcoin-core/secp256k1#1170: contexts: Forbid destroying, cloning and randomizing the static context
233822d Merge bitcoin-core/secp256k1#1195: ctime_tests: improve output when CHECKMEM_RUNNING is not defined
ad7433b Merge bitcoin-core/secp256k1#1196: Drop no longer used variables from the build system
e39d954 tests: Add CHECK_ILLEGAL(_VOID) macros and use in static ctx tests
2cd4e3c Drop no longer used `SECP_{LIBS,INCLUDE}` variables
613626f Drop no longer used `SECP_TEST_{LIBS,INCLUDE}` variables
61841fc contexts: Forbid randomizing secp256k1_context_static
4b6df5e contexts: Forbid cloning/destroying secp256k1_context_static
b1579cf Merge bitcoin-core/secp256k1#1194: Ensure safety of ctz_debruijn implementation.
8f51229 ctime_tests: improve output when CHECKMEM_RUNNING is not defined
d6ff738 Ensure safety of ctz_debruijn implementation.
a01a7d8 Merge bitcoin-core/secp256k1#1192: Switch to exhaustive groups with small B coefficient
a7a7bfa Merge bitcoin-core/secp256k1#1190: Make all non-API functions (except main) static
f29a327 Merge bitcoin-core/secp256k1#1169: Add support for msan instead of valgrind (for memcheck and ctime test)
ff8edf8 Merge bitcoin-core/secp256k1#1193: Add `noverify_tests` to `.gitignore`
ce60785 Introduce SECP256K1_B macro for curve b coefficient
4934aa7 Switch to exhaustive groups with small B coefficient
d4a6b58 Add `noverify_tests` to `.gitignore`
88e8072 Merge bitcoin-core/secp256k1#1160: Makefile: add `-I$(top_srcdir)/{include,src}` to `CPPFLAGS` for precomputed
0f088ec Rename CTIMETEST -> CTIMETESTS
74b026f Add runtime checking for DECLASSIFY flag
5e2e6fc Run ctime test in Linux MSan CI job
1897406 Make ctime tests building configurable
5048be1 Rename valgrind_ctime_test -> ctime_tests
6eed6c1 Update error messages to suggest msan as well
8e11f89 Add support for msan integration to checkmem.h
8dc6407 Add compile-time error to valgrind_ctime_test
0db05a7 Abstract interactions with valgrind behind new checkmem.h
4f1a54e Move valgrind CPPFLAGS into SECP_CONFIG_DEFINES
cc3b8a4 Merge bitcoin-core/secp256k1#1187: refactor: Rename global variables in tests
9a93f48 refactor: Rename STTC to STATIC_CTX in tests
3385a26 refactor: Rename global variables to uppercase in tests
e03ef86 Make all non-API functions (except main) static
cbe41ac Merge bitcoin-core/secp256k1#1188: tests: Add noverify_tests which is like tests but without VERIFY
2037600 tests: Add noverify_tests which is like tests but without VERIFY
e862c4a Makefile: add -I$(top_srcdir)/src to CPPFLAGS for precomputed
0eb3000 Merge bitcoin-core/secp256k1#1186: tests: Tidy context tests
39e8f0e refactor: Separate run_context_tests into static vs proper contexts
a4a0937 tests: Clean up and improve run_context_tests() further
fc90bb5 refactor: Tidy up main()
f32a36f tests: Don't use global context for context tests
ce4f936 tests: Tidy run_context_tests() by extracting functions
18e0db3 tests: Don't recreate global context in scratch space test
b198061 tests: Use global copy of secp256k1_context_static instead of clone
2a39ac1 Merge bitcoin-core/secp256k1#1185: Drop `SECP_CONFIG_DEFINES` from examples
2f9ca28 Drop `SECP_CONFIG_DEFINES` from examples
31ed538 Merge bitcoin-core/secp256k1#1183: Bugfix: pass SECP_CONFIG_DEFINES to bench compilation
c0a555b Bugfix: pass SECP_CONFIG_DEFINES to bench compilation
01b819a Merge bitcoin-core/secp256k1#1158: Add a secp256k1_i128_to_u64 function.
eacad90 Merge bitcoin-core/secp256k1#1171: Change ARG_CHECK_NO_RETURN to ARG_CHECK_VOID which returns (void)
3f57b9f Merge bitcoin-core/secp256k1#1177: Some improvements to the changelog
c30b889 Clarify that the ABI-incompatible versions are earlier
881fc33 Consistency in naming of modules
665ba77 Merge bitcoin-core/secp256k1#1178: Drop `src/libsecp256k1-config.h`
75d7b7f Merge bitcoin-core/secp256k1#1154: ci: set -u in cirrus.sh to treat unset variables as an error
7a74688 ci: add missing CFLAGS & CPPFLAGS variable to print_environment
c2e0fda ci: set -u in cirrus.sh to treat unset variables as an error
9c5a4d2 Do not define unused `HAVE_VALGRIND` macro
ad8647f Drop no longer relevant files from `.gitignore`
b627ba7 Remove dependency on `src/libsecp256k1-config.h`
9ecf814 Reduce font size in changelog
2dc133a Add more changelog entries
ac233e1 Add links to diffs to changelog
cee8223 Mention semantic versioning in changelog
9a8d65f Merge bitcoin-core/secp256k1#1174: release cleanup: bump version after 0.2.0
02ebc29 release cleanup: bump version after 0.2.0
b6b360e doc: improve message of cleanup commit
a49e094 docs: Fix typo
2551cda tests: Fix code formatting
c635c1b Change ARG_CHECK_NO_RETURN to ARG_CHECK_VOID which returns (void)
cf66f23 refactor: Add helper function secp256k1_context_is_proper()
d216475 test secp256k1_i128_to_i64
4bc4290 Add a secp256k1_i128_to_u64 function.
e089eec group: Further simply gej_add_ge
ac71020 group: Save a normalize_to_zero in gej_add_ge

git-subtree-dir: src/secp256k1
git-subtree-split: 95779fd91f0b59f4affc19012335b6791320719d

.cirrus.yml

@@ -1,6 +1,9 @@
 env:
+  ### cirrus config
+  CIRRUS_CLONE_DEPTH: 1
   ### compiler options
   HOST:
+  WRAPPER_CMD:
   # Specific warnings can be disabled with -Wno-error=foo.
   # -pedantic-errors is not equivalent to -Werror=pedantic and thus not implied by -Werror according to the GCC manual.
   WERROR_CFLAGS: -Werror -pedantic-errors
@@ -22,7 +25,7 @@ env:
   SECP256K1_TEST_ITERS:
   BENCH: yes
   SECP256K1_BENCH_ITERS: 2
-  CTIMETEST: yes
+  CTIMETESTS: yes
   # Compile and run the tests
   EXAMPLES: yes
 
@@ -35,10 +38,12 @@ cat_logs_snippet: &CAT_LOGS
   always:
     cat_tests_log_script:
       - cat tests.log || true
+    cat_noverify_tests_log_script:
+      - cat noverify_tests.log || true
     cat_exhaustive_tests_log_script:
       - cat exhaustive_tests.log || true
-    cat_valgrind_ctime_test_log_script:
-      - cat valgrind_ctime_test.log || true
+    cat_ctime_tests_log_script:
+      - cat ctime_tests.log || true
     cat_bench_log_script:
       - cat bench.log || true
     cat_config_log_script:
@@ -51,10 +56,8 @@ cat_logs_snippet: &CAT_LOGS
 merge_base_script_snippet: &MERGE_BASE
   merge_base_script:
     - if [ "$CIRRUS_PR" = "" ]; then exit 0; fi
-    - git fetch $CIRRUS_REPO_CLONE_URL $CIRRUS_BASE_BRANCH
-    - git config --global user.email "ci@ci.ci"
-    - git config --global user.name "ci"
-    - git merge FETCH_HEAD  # Merge base to detect silent merge conflicts
+    - git fetch --depth=1 $CIRRUS_REPO_CLONE_URL "pull/${CIRRUS_PR}/merge"
+    - git checkout FETCH_HEAD  # Use merged changes to detect silent merge conflicts
 
 linux_container_snippet: &LINUX_CONTAINER
   container:
@@ -78,9 +81,10 @@ task:
     - env: {WIDEMUL: int128,                 ECDH: yes, SCHNORRSIG: yes}
     - env: {WIDEMUL: int128,  ASM: x86_64}
     - env: {                  RECOVERY: yes,            SCHNORRSIG: yes}
-    - env: {BUILD: distcheck, WITH_VALGRIND: no, CTIMETEST: no, BENCH: no}
+    - env: {CTIMETESTS: no,    RECOVERY: yes, ECDH: yes, SCHNORRSIG: yes, CPPFLAGS: -DVERIFY}
+    - env: {BUILD: distcheck, WITH_VALGRIND: no, CTIMETESTS: no, BENCH: no}
     - env: {CPPFLAGS: -DDETERMINISTIC}
-    - env: {CFLAGS: -O0, CTIMETEST: no}
+    - env: {CFLAGS: -O0, CTIMETESTS: no}
     - env: { ECMULTGENPRECISION: 2, ECMULTWINDOW: 2 }
     - env: { ECMULTGENPRECISION: 8, ECMULTWINDOW: 4 }
   matrix:
@@ -125,7 +129,7 @@ task:
   env:
     ASM: no
     WITH_VALGRIND: no
-    CTIMETEST: no
+    CTIMETESTS: no
   matrix:
     - env:
         CC: gcc
@@ -150,7 +154,7 @@ task:
     ECDH: yes
     RECOVERY: yes
     SCHNORRSIG: yes
-    CTIMETEST: no
+    CTIMETESTS: no
   << : *MERGE_BASE
   test_script:
     # https://sourceware.org/bugzilla/show_bug.cgi?id=27008
@@ -169,7 +173,7 @@ task:
     ECDH: yes
     RECOVERY: yes
     SCHNORRSIG: yes
-    CTIMETEST: no
+    CTIMETESTS: no
   matrix:
     - env: {}
     - env: {EXPERIMENTAL: yes, ASM: arm}
@@ -189,7 +193,7 @@ task:
     ECDH: yes
     RECOVERY: yes
     SCHNORRSIG: yes
-    CTIMETEST: no
+    CTIMETESTS: no
   << : *MERGE_BASE
   test_script:
     - ./ci/cirrus.sh
@@ -206,7 +210,7 @@ task:
     ECDH: yes
     RECOVERY: yes
     SCHNORRSIG: yes
-    CTIMETEST: no
+    CTIMETESTS: no
   << : *MERGE_BASE
   test_script:
     - ./ci/cirrus.sh
@@ -220,7 +224,7 @@ task:
     ECDH: yes
     RECOVERY: yes
     SCHNORRSIG: yes
-    CTIMETEST: no
+    CTIMETESTS: no
   matrix:
     - name: "x86_64 (mingw32-w64): Windows (Debian stable, Wine)"
       env:
@@ -243,7 +247,7 @@ task:
     RECOVERY: yes
     EXPERIMENTAL: yes
     SCHNORRSIG: yes
-    CTIMETEST: no
+    CTIMETESTS: no
     # Use a MinGW-w64 host to tell ./configure we're building for Windows.
     # This will detect some MinGW-w64 tools but then make will need only
     # the MSVC tools CC, AR and NM as specified below.
@@ -254,7 +258,7 @@ task:
     # Set non-essential options that affect the CLI messages here.
     # (They depend on the user's taste, so we don't want to set them automatically in configure.ac.)
     CFLAGS: -nologo -diagnostics:caret
-    LDFLAGS: -XCClinker -nologo -XCClinker -diagnostics:caret
+    LDFLAGS: -Xlinker -Xlinker -Xlinker -nologo
   matrix:
     - name: "x86_64 (MSVC): Windows (Debian stable, Wine)"
     - name: "x86_64 (MSVC): Windows (Debian stable, Wine, int128_struct)"
@@ -282,7 +286,7 @@ task:
     ECDH: yes
     RECOVERY: yes
     SCHNORRSIG: yes
-    CTIMETEST: no
+    CTIMETESTS: no
   matrix:
     - name: "Valgrind (memcheck)"
       container:
@@ -327,10 +331,11 @@ task:
     ECDH: yes
     RECOVERY: yes
     SCHNORRSIG: yes
-    CTIMETEST: no
+    CTIMETESTS: yes
     CC: clang
     SECP256K1_TEST_ITERS: 32
     ASM: no
+    WITH_VALGRIND: no
   container:
     memory: 2G
   matrix:
@@ -375,3 +380,30 @@ task:
   test_script:
     - cd sage
     - sage prove_group_implementations.sage
+
+task:
+  name: "x86_64: Windows (VS 2022)"
+  windows_container:
+    image: cirrusci/windowsservercore:visualstudio2022
+    cpu: 4
+    memory: 3840MB
+  env:
+    PATH: '%CIRRUS_WORKING_DIR%\build\src\RelWithDebInfo;%PATH%'
+    x64_NATIVE_TOOLS: '"C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\VC\Auxiliary\Build\vcvars64.bat"'
+    # Ignore MSBuild warning MSB8029.
+    # See: https://learn.microsoft.com/en-us/visualstudio/msbuild/errors/msb8029?view=vs-2022
+    IgnoreWarnIntDirInTempDetected: 'true'
+  merge_script:
+    - PowerShell -NoLogo -Command if ($env:CIRRUS_PR -ne $null) { git fetch $env:CIRRUS_REPO_CLONE_URL pull/$env:CIRRUS_PR/merge; git reset --hard FETCH_HEAD; }
+  configure_script:
+    - '%x64_NATIVE_TOOLS%'
+    - cmake -G "Visual Studio 17 2022" -A x64 -S . -B build -DSECP256K1_ENABLE_MODULE_RECOVERY=ON -DSECP256K1_BUILD_EXAMPLES=ON
+  build_script:
+    - '%x64_NATIVE_TOOLS%'
+    - cmake --build build --config RelWithDebInfo -- -property:UseMultiToolTask=true;CL_MPcount=5
+  check_script:
+    - '%x64_NATIVE_TOOLS%'
+    - ctest --test-dir build -j 5
+    - build\src\RelWithDebInfo\bench_ecmult.exe
+    - build\src\RelWithDebInfo\bench_internal.exe
+    - build\src\RelWithDebInfo\bench.exe

.gitignore

@@ -1,11 +1,12 @@
 bench
 bench_ecmult
 bench_internal
+noverify_tests
 tests
 exhaustive_tests
 precompute_ecmult_gen
 precompute_ecmult
-valgrind_ctime_test
+ctime_tests
 ecdh_example
 ecdsa_example
 schnorr_example
@@ -42,8 +43,6 @@ coverage.*.html
 *.gcno
 *.gcov
 
-src/libsecp256k1-config.h
-src/libsecp256k1-config.h.in
 build-aux/ar-lib
 build-aux/config.guess
 build-aux/config.sub
@@ -58,5 +57,7 @@ build-aux/m4/ltversion.m4
 build-aux/missing
 build-aux/compile
 build-aux/test-driver
-src/stamp-h1
 libsecp256k1.pc
+
+# Default CMake build directory.
+/build

CHANGELOG.md

@@ -1,28 +1,43 @@
 # Changelog
 
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+#### Changed
+ - Forbade cloning or destroying `secp256k1_context_static`. Create a new context instead of cloning the static context. (If this change breaks your code, your code is probably wrong.)
+ - Forbade randomizing (copies of) `secp256k1_context_static`. Randomizing a copy of `secp256k1_context_static` did not have any effect and did not provide defense-in-depth protection against side-channel attacks. Create a new context if you want to benefit from randomization.
+
 ## [0.2.0] - 2022-12-12
 
-### Added
+#### Added
+ - Added usage examples for common use cases in a new `examples/` directory.
  - Added `secp256k1_selftest`, to be used in conjunction with `secp256k1_context_static`.
+ - Added support for 128-bit wide multiplication on MSVC for x86_64 and arm64, giving roughly a 20% speedup on those platforms.
 
-### Changed
- - Enabled modules schnorrsig, extrakeys and ECDH by default in `./configure`.
+#### Changed
+ - Enabled modules `schnorrsig`, `extrakeys` and `ecdh` by default in `./configure`.
+ - The `secp256k1_nonce_function_rfc6979` nonce function, used by default by `secp256k1_ecdsa_sign`, now reduces the message hash modulo the group order to match the specification. This only affects improper use of ECDSA signing API.
 
-### Deprecated
+#### Deprecated
  - Deprecated context flags `SECP256K1_CONTEXT_VERIFY` and `SECP256K1_CONTEXT_SIGN`. Use `SECP256K1_CONTEXT_NONE` instead.
  - Renamed `secp256k1_context_no_precomp` to `secp256k1_context_static`.
+ - Module `schnorrsig`: renamed `secp256k1_schnorrsig_sign` to `secp256k1_schnorrsig_sign32`.
 
-### ABI Compatibility
+#### ABI Compatibility
 
 Since this is the first release, we do not compare application binary interfaces.
-However, there are unreleased versions of libsecp256k1 that are *not* ABI compatible with this version.
+However, there are earlier unreleased versions of libsecp256k1 that are *not* ABI compatible with this version.
 
 ## [0.1.0] - 2013-03-05 to 2021-12-25
 
 This version was in fact never released.
 The number was given by the build system since the introduction of autotools in Jan 2014 (ea0fe5a5bf0c04f9cc955b2966b614f5f378c6f6).
 Therefore, this version number does not uniquely identify a set of source files.
+
+[unreleased]: https://github.com/bitcoin-core/secp256k1/compare/v0.2.0...HEAD
+[0.2.0]: https://github.com/bitcoin-core/secp256k1/compare/423b6d19d373f1224fd671a982584d7e7900bc93..v0.2.0
+[0.1.0]: https://github.com/bitcoin-core/secp256k1/commit/423b6d19d373f1224fd671a982584d7e7900bc93