Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Transaction that double-spends a pegin should not be accepted in mempool #612

Closed
stevenroose opened this issue May 7, 2019 · 0 comments · Fixed by #614
Closed

Transaction that double-spends a pegin should not be accepted in mempool #612

stevenroose opened this issue May 7, 2019 · 0 comments · Fixed by #614
Labels

Comments

@stevenroose
Copy link
Member

No description provided.

@stevenroose stevenroose added the bug label May 7, 2019
instagibbs added a commit that referenced this issue May 8, 2019
52ef283 Improve the fedpeg test with extra double claim tests (Steven Roose)
48a82fa Make claimpegin fail in the case of a double claim (Steven Roose)
af22646 Prevent pegin double spends from entering the mempool (Steven Roose)
50c5570 Report IsValidPeginWitness error message (Steven Roose)

Pull request description:

  Fixes #612 and #613.

  - prevents a double claim from entering mempool
  - makes `claimpegin` throw an exception when trying to double claim a pegin
  - check the last commit message on all the extra cases that are tested.

Tree-SHA512: dd9602cd4bc78a3e8f7a6b566f881ede09dba54900425348c1eb528268a3e869416e3c9ca97c1a8da4d120875ef59c4e21a857256312ce77e06b7b6ae04abf92
instagibbs added a commit to instagibbs/elements that referenced this issue Jun 6, 2019
44db4d8 Merge pull request ElementsProject#57 from apoelstra/2019-04-surjectionproof-stack
f7e4d08 surjection proof: Reject proofs with too many used inputs in reduced mode
112edb2 allow reducing surjection proof size (to lower generation stack usage)
d512d78 surjectionproof: introduce `SECP256K1_SURJECTIONPROOF_MAX_USED_INPUTS` constant and set it to 16
a118acc surjectionproof: reduce stack usage
e7f4ff4 Merge pull request ElementsProject#70 from apoelstra/2019-06-surjection-count
f94d46e Merge pull request ElementsProject#71 from real-or-random/fix-trailing-test
49a1e01 surjectionproof: fix malleability in surjection proof parsing
55311b0 Fix read of wrong buffer (and OOB) in surjectionproof tests
290a27b surjectionproof: add test vectors for "set padding bits"
7bc3daa surjectionproof: add fixed test vectors
6f3b0c0 Improve comments for surctionproof init+alloc/destroy funcs
250ebb3 work in progress: add _allocate_initialized/destroy funcs
4a77633 Improve explanation of key cancellation attack in whitelist.md
898c9f0 Clarify how to derive alternative generator H
15d9278 Add bench_generator and bench_rangeproof to .gitignore
86240b2 Clean up ./configure help strings (zkp extensions)
865b761 Fix a small typo in the generator parameter name
cd5ba5c generator: remove `CHECK` abort calls exposed by public API
ff16651 musig: add user documentation
0ad6b60 Add 3-of-3 MuSig example
b61a1a9 Add MuSig module which allows creating n-of-n multisignatures and adaptor signatures.
5d5374f Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification.
a8ae6ba add chacha20 function
9a8a71e use proper types for rangeproof min/max
14769b9 rangeproof: reduce iteration count in unit tests
0593861 Enable more builds with rest of experimental flags
e9fea74 Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting
dec1b9c Add comment to explain effect of max_n_iterations in surjectionproof_init
ea62bfe add unit test for generator and pedersen commitment roundtripping
e32924f rangeproof: fix serialization of pedersen commintments
972d056 rangeproof: verify correctness of pedersen commitments when parsing
2cc4c6f generator: verify correctness of point when parsing
65ffea4 rangeproof: check that points deserialize correctly when verifying rangeproof
cb786d6 rangeproof: add fixed vector test case
b387ba0 Expose generator in shared library
8da4328 fix spelling in documentation
6f14fe4 Test for rejection of trailing bytes in range proofs
ab4fbc1 Test for rejection of trailing bytes in surjection proofs
c908c97 Reject surjection proofs with trailing garbage
f723bf5 Minor bugfix. Wrong length due to NUL character.
6872069 Add whitelisting benchmark
6ceccb7 add whitelist_impl.h to include for dist
a3ad4a8 generator: add API tests
e93e886 generator: remove unnecessary ARG_CHECK from generate()
f1d6e4b Fix generator makefile
68be611 Fix pedersen_blind_generator_blind_sum return value documentation
51fc58a Add n_keys argument to whitelist_verify
36b100c Fix checks of whitelist serialize/parse arguments
c8f54e1 whitelist: fix serialize/parse API to take serialized length
56fca50 Fix include/secp256k1_rangeproof.h function argument documentation.
4617f04 rangeproof: add API tests
cd4e438 surjectionproof: rename unit test functions to be more consistent with other modules
2cc7f1e surjectionproof: add API unit tests
c4097f7 surjectionproof: tests_impl.h s/assert/CHECK/g
5ee6bf3 rangeproof: fix memory leak in unit tests
94e81a2 add surjection proof module
a66ea35 Implement ring-signature based whitelist delegation scheme
2bb5133 rangeproof: several API changes
9b00b61 Expose generator in pedersen/rangeproof API
54fa263 Constant-time generator module
023aa86 rangeproof: expose sidechannel message field in the signing API
89e7451 [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup
f126331 Pedersen commitments, borromean ring signatures, and ZK range proofs.
e1fb4af Add 64-bit integer utilities
e541a90 Merge ElementsProject#629: Avoid calling _is_zero when _set_b32 fails.
f34b0c3 Merge ElementsProject#630: Note intention of timing sidechannel freeness.
8d1563b Note intention of timing sidechannel freeness.
1669bb2 Merge ElementsProject#628: Fix ability to compile tests without -DVERIFY.
ecc94ab Merge ElementsProject#627: Guard memcmp in tests against mixed size inputs.
544435f Merge ElementsProject#578: Avoid implementation-defined and undefined behavior when dealing with sizes
143dc6e Merge ElementsProject#595: Allow to use external default callbacks
e49f799 Add missing #(un)defines to base-config.h
77defd2 Add secp256k1_ prefix to default callback functions
908bdce Include stdio.h and stdlib.h explicitly in secp256k1.c
5db782e Allow usage of external default callbacks
6095a86 Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return
cd473e0 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails.
6c36de7 Merge ElementsProject#600: scratch space: use single allocation
98836b1 scratch: replace frames with "checkpoint" system
7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory
a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated
5a4bc0b scratch: unify allocations
c2b028a scratch space: thread `error_callback` into all scratch space functions
0be1a4a scratch: add magic bytes to beginning of structure
92a48a7 scratch space: use single allocation
40839e2 Merge ElementsProject#592: Use trivial algorithm in ecmult_multi if scratch space is small
dcf3920 Fix ability to compile tests without -DVERIFY.
a484e00 Merge ElementsProject#566: Enable context creation in preallocated memory
0522caa Explain caller's obligations for preallocated memory
238305f Move _preallocated functions to separate header
695feb6 Export _preallocated functions
814cc78 Add tests for contexts in preallocated memory
ba12dd0 Check arguments of _preallocated functions
5feadde Support cloning a context into preallocated memory
c4fd5da Switch to a single malloc call
ef020de Add size constants for preallocated memory
1bf7c05 Prepare for manual memory management in preallocated memory
248bffb Guard memcmp in tests against mixed size inputs.
36698dc Merge ElementsProject#596: Make WINDOW_G configurable
a61a93f Clean up ./configure help strings
2842dc5 Make WINDOW_G configurable
1a02d6c Merge ElementsProject#626: Revert "Merge ElementsProject#620: Install headers automatically"
662918c Revert "Merge ElementsProject#620: Install headers automatically"
14c7dbd Simplify control flow in DER parsing
ec8f20b Avoid out-of-bound pointers and integer overflows in size comparisons
01ee1b3 Parse DER-enconded length into a size_t instead of an int
912680e Merge ElementsProject#561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config
91fae3a Merge ElementsProject#620: Install headers automatically
5df77a0 Merge ElementsProject#533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...)
975e51e Merge ElementsProject#617: Pass scalar by reference in secp256k1_wnaf_const()
735fbde Merge ElementsProject#619: Clear a copied secret key after negation
16e8615 Install headers automatically
069870d Clear a copied secret key after negation
8979ec0 Pass scalar by reference in secp256k1_wnaf_const()
84a8085 Merge ElementsProject#612: Allow field_10x26_arm.s to compile for ARMv7 architecture
d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture
b19c000 Merge ElementsProject#607: Use size_t shifts when computing a size_t
4d01bc2 Merge ElementsProject#606: travis: Remove unused sudo:false
e6d01e9 Use size_t shifts when computing a size_t
7667532 travis: Remove unused sudo:false
248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...)
9ab96f7 Use trivial algorithm in ecmult_multi if scratch space is small
ee99f12 Merge ElementsProject#599: Switch x86_64 asm to use "i" instead of "n" for immediate values.
d58bc93 Switch x86_64 asm to use "i" instead of "n" for immediate values.
05362ee Merge ElementsProject#597: Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build
8348386 Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build
aa15154 Merge ElementsProject#568: Fix integer overflow in ecmult_multi_var when n is large
2277af5 Fix integer overflow in ecmult_multi_var when n is large
dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config
310111e Keep LDFLAGS if `--coverage`
85d0e1b Merge ElementsProject#591: Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing.
1419637 Merge ElementsProject#580: Add trivial ecmult_multi algorithm which does not require a scratch space
a697d82 Add trivial ecmult_multi to the benchmark tool
bade617 Add trivial ecmult_multi algorithm. It is selected when no scratch space is given and just multiplies and adds the points.
5545e13 Merge ElementsProject#584: configure: Use CFLAGS_FOR_BUILD when checking native compiler
20c5869 Merge ElementsProject#516: improvements to random seed in src/tests.c
b76e45d Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing.
870a977 Merge ElementsProject#562: Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse
be40c4d Fixup for C90 mixed declarations.
c71dd2c Merge ElementsProject#509: Fix algorithm selection in bench_ecmult
6492bf8 Merge ElementsProject#518: Summarize build options after running configure
0e9ada1 Merge ElementsProject#567: Correct order of libs returned on pkg-config --libs --static libsecp2…
e96901a Merge ElementsProject#587: Make randomization of a non-signing context a noop
58df8d0 Merge ElementsProject#511: Portability fix for the configure scripts generated
2ebdad7 Merge ElementsProject#552: Make constants static:
1c131af Merge ElementsProject#551: secp256k1_fe_sqrt: Verify that the arguments don't alias.
ba698f8 Merge ElementsProject#539: Assorted minor corrections
949e85b Merge ElementsProject#550: Optimize secp256k1_fe_normalize_weak calls.
a34bcaa Actually pass CFLAGS_FOR_BUILD and LDFLAGS_FOR_BUILD to linker
2d5f4ce configure: Use CFLAGS_FOR_BUILD when checking native compiler
b408c6a Merge ElementsProject#579: Use __GNUC_PREREQ for detecting __builtin_expect
6198375 Make randomization of a non-signing context a noop
c663397 Use __GNUC_PREREQ for detecting __builtin_expect
3cb057f Fix possible integer overflow in DER parsing
89a20a8 Correct order of libs returned on pkg-config --libs --static libsecp256k1 call.
d3cb1f9 Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse
496c5b4 Make constants static: static const secp256k1_ge secp256k1_ge_const_g; static const int CURVE_B;
bf8b86c secp256k1_fe_sqrt: Verify that the arguments don't alias.
9bd89c8 Optimize secp256k1_fe_normalize_weak calls. Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead.
52ab96f clean dependendies in field_*_impl.h
deff5ed Correct math typos in field_*.h
4efb3f8 Add check that restrict pointers don't alias with all parameters.
3965027 Summarize build options in configure script
0f05173 Fix algorithm selection in bench_ecmult
8b3841c fix bug in fread() failure check
cddef0c tests: add warning message when /dev/urandom fails
270f6c8 Portability fix for the configure scripts generated
REVERT: 43dd1f4 Merge pull request ElementsProject#40 from instagibbs/size_t
REVERT: 6532fa0 Merge pull request ElementsProject#39 from instagibbs/more_builds
REVERT: 2b2429d rangeproof: reduce iteration count in unit tests
REVERT: 12b0e5d Enable more builds with rest of experimental flags
REVERT: 8c444ee use proper types for rangeproof min/max
REVERT: 53ad841 Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting
REVERT: 71c5fe0 Add comment to explain effect of max_n_iterations in surjectionproof_init
REVERT: 85fd42f add unit test for generator and pedersen commitment roundtripping
REVERT: 2ccf885 rangeproof: fix serialization of pedersen commintments
REVERT: 60c173b rangeproof: verify correctness of pedersen commitments when parsing
REVERT: 32d7526 generator: verify correctness of point when parsing
REVERT: ae14e8a rangeproof: check that points deserialize correctly when verifying rangeproof
REVERT: 44fe43d rangeproof: add fixed vector test case
REVERT: e065d7d Expose generator in shared library
REVERT: fb1ba32 fix spelling in documentation
REVERT: fb75faa Test for rejection of trailing bytes in range proofs
REVERT: 9b2cf17 Test for rejection of trailing bytes in surjection proofs
REVERT: a3a1800 Reject surjection proofs with trailing garbage
REVERT: 0c77ae9 Minor bugfix. Wrong length due to NUL character.
REVERT: b1f31bc Add whitelisting benchmark
REVERT: 52a9f8f add whitelist_impl.h to include for dist
REVERT: a707865 generator: add API tests
REVERT: ec1ef04 generator: remove unnecessary ARG_CHECK from generate()
REVERT: b0e9aa8 Fix generator makefile
REVERT: 526c654 Fix pedersen_blind_generator_blind_sum return value documentation
REVERT: b51886e Add n_keys argument to whitelist_verify
REVERT: 37c57de Fix checks of whitelist serialize/parse arguments
REVERT: 9b8a9d9 whitelist: fix serialize/parse API to take serialized length
REVERT: 7f17515 Fix include/secp256k1_rangeproof.h function argument documentation.
REVERT: 0d81702 rangeproof: add API tests
REVERT: 417bb06 surjectionproof: rename unit test functions to be more consistent with other modules
REVERT: 1e2d5c1 surjectionproof: add API unit tests
REVERT: 7878a29 surjectionproof: tests_impl.h s/assert/CHECK/g
REVERT: e609591 rangeproof: fix memory leak in unit tests
REVERT: 0c17f79 add surjection proof module
REVERT: c174f0c Implement ring-signature based whitelist delegation scheme
REVERT: a2bc660 rangeproof: several API changes
REVERT: 21bfb3c Expose generator in pedersen/rangeproof API
REVERT: f4620de Constant-time generator module
REVERT: d46fc3c rangeproof: expose sidechannel message field in the signing API
REVERT: cf40b1b [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup
REVERT: 6d28767 Get rid of precomputed H tables (Pieter Wuille)
REVERT: ae1e576 Pedersen commitments, borromean ring signatures, and ZK range proofs.
REVERT: efc61dc Add 64-bit integer utilities

git-subtree-dir: src/secp256k1
git-subtree-split: 44db4d801fff3cd94105136cb443d603683baad2
stevenroose added a commit to stevenroose/elements that referenced this issue Jun 6, 2019
44db4d801 Merge pull request ElementsProject#57 from apoelstra/2019-04-surjectionproof-stack
f7e4d08da surjection proof: Reject proofs with too many used inputs in reduced mode
112edb2c6 allow reducing surjection proof size (to lower generation stack usage)
d512d7865 surjectionproof: introduce `SECP256K1_SURJECTIONPROOF_MAX_USED_INPUTS` constant and set it to 16
a118acc02 surjectionproof: reduce stack usage
e7f4ff4c6 Merge pull request ElementsProject#70 from apoelstra/2019-06-surjection-count
f94d46e65 Merge pull request ElementsProject#71 from real-or-random/fix-trailing-test
49a1e0173 surjectionproof: fix malleability in surjection proof parsing
55311b0e0 Fix read of wrong buffer (and OOB) in surjectionproof tests
290a27bb7 surjectionproof: add test vectors for "set padding bits"
7bc3daa48 surjectionproof: add fixed test vectors
6f3b0c05c Improve comments for surctionproof init+alloc/destroy funcs
250ebb364 work in progress: add _allocate_initialized/destroy funcs
4a7763361 Improve explanation of key cancellation attack in whitelist.md
898c9f05b Clarify how to derive alternative generator H
15d92782d Add bench_generator and bench_rangeproof to .gitignore
86240b207 Clean up ./configure help strings (zkp extensions)
865b76186 Fix a small typo in the generator parameter name
cd5ba5c3b generator: remove `CHECK` abort calls exposed by public API
ff1665127 musig: add user documentation
0ad6b6036 Add 3-of-3 MuSig example
b61a1a9d9 Add MuSig module which allows creating n-of-n multisignatures and adaptor signatures.
5d5374f92 Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification.
a8ae6baff add chacha20 function
9a8a71e8b use proper types for rangeproof min/max
14769b964 rangeproof: reduce iteration count in unit tests
0593861cc Enable more builds with rest of experimental flags
e9fea7427 Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting
dec1b9ce2 Add comment to explain effect of max_n_iterations in surjectionproof_init
ea62bfe22 add unit test for generator and pedersen commitment roundtripping
e32924f0e rangeproof: fix serialization of pedersen commintments
972d056fa rangeproof: verify correctness of pedersen commitments when parsing
2cc4c6fef generator: verify correctness of point when parsing
65ffea43d rangeproof: check that points deserialize correctly when verifying rangeproof
cb786d6d1 rangeproof: add fixed vector test case
b387ba038 Expose generator in shared library
8da432855 fix spelling in documentation
6f14fe40d Test for rejection of trailing bytes in range proofs
ab4fbc1be Test for rejection of trailing bytes in surjection proofs
c908c97d6 Reject surjection proofs with trailing garbage
f723bf5b3 Minor bugfix. Wrong length due to NUL character.
6872069de Add whitelisting benchmark
6ceccb75b add whitelist_impl.h to include for dist
a3ad4a866 generator: add API tests
e93e886cb generator: remove unnecessary ARG_CHECK from generate()
f1d6e4b83 Fix generator makefile
68be61131 Fix pedersen_blind_generator_blind_sum return value documentation
51fc58ae6 Add n_keys argument to whitelist_verify
36b100c77 Fix checks of whitelist serialize/parse arguments
c8f54e12e whitelist: fix serialize/parse API to take serialized length
56fca5077 Fix include/secp256k1_rangeproof.h function argument documentation.
4617f0478 rangeproof: add API tests
cd4e438a3 surjectionproof: rename unit test functions to be more consistent with other modules
2cc7f1e04 surjectionproof: add API unit tests
c4097f758 surjectionproof: tests_impl.h s/assert/CHECK/g
5ee6bf341 rangeproof: fix memory leak in unit tests
94e81a250 add surjection proof module
a66ea3522 Implement ring-signature based whitelist delegation scheme
2bb513361 rangeproof: several API changes
9b00b61d9 Expose generator in pedersen/rangeproof API
54fa2639e Constant-time generator module
023aa86ac rangeproof: expose sidechannel message field in the signing API
89e7451d4 [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup
f126331bc Pedersen commitments, borromean ring signatures, and ZK range proofs.
e1fb4af90 Add 64-bit integer utilities
e541a90ef Merge ElementsProject#629: Avoid calling _is_zero when _set_b32 fails.
f34b0c3f3 Merge ElementsProject#630: Note intention of timing sidechannel freeness.
8d1563b0f Note intention of timing sidechannel freeness.
1669bb286 Merge ElementsProject#628: Fix ability to compile tests without -DVERIFY.
ecc94abcc Merge ElementsProject#627: Guard memcmp in tests against mixed size inputs.
544435fc9 Merge ElementsProject#578: Avoid implementation-defined and undefined behavior when dealing with sizes
143dc6e9e Merge ElementsProject#595: Allow to use external default callbacks
e49f7991c Add missing #(un)defines to base-config.h
77defd2c3 Add secp256k1_ prefix to default callback functions
908bdce64 Include stdio.h and stdlib.h explicitly in secp256k1.c
5db782e65 Allow usage of external default callbacks
6095a863f Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return
cd473e02c Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails.
6c36de7a3 Merge ElementsProject#600: scratch space: use single allocation
98836b11f scratch: replace frames with "checkpoint" system
7623cf2b9 scratch: save a couple bytes of unnecessarily-allocated memory
a7a164f2c scratch: rename `max_size` to `size`, document that extra will actually be allocated
5a4bc0bb9 scratch: unify allocations
c2b028a28 scratch space: thread `error_callback` into all scratch space functions
0be1a4ae6 scratch: add magic bytes to beginning of structure
92a48a764 scratch space: use single allocation
40839e21b Merge ElementsProject#592: Use trivial algorithm in ecmult_multi if scratch space is small
dcf392027 Fix ability to compile tests without -DVERIFY.
a484e0008 Merge ElementsProject#566: Enable context creation in preallocated memory
0522caac8 Explain caller's obligations for preallocated memory
238305fdb Move _preallocated functions to separate header
695feb6fb Export _preallocated functions
814cc78d7 Add tests for contexts in preallocated memory
ba12dd08d Check arguments of _preallocated functions
5feadde46 Support cloning a context into preallocated memory
c4fd5dab4 Switch to a single malloc call
ef020de16 Add size constants for preallocated memory
1bf7c056b Prepare for manual memory management in preallocated memory
248bffb05 Guard memcmp in tests against mixed size inputs.
36698dcfe Merge ElementsProject#596: Make WINDOW_G configurable
a61a93ff5 Clean up ./configure help strings
2842dc523 Make WINDOW_G configurable
1a02d6ce5 Merge ElementsProject#626: Revert "Merge ElementsProject#620: Install headers automatically"
662918cb2 Revert "Merge ElementsProject#620: Install headers automatically"
14c7dbd44 Simplify control flow in DER parsing
ec8f20bab Avoid out-of-bound pointers and integer overflows in size comparisons
01ee1b3b3 Parse DER-enconded length into a size_t instead of an int
912680ed8 Merge ElementsProject#561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config
91fae3ace Merge ElementsProject#620: Install headers automatically
5df77a0ed Merge ElementsProject#533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...)
975e51e0d Merge ElementsProject#617: Pass scalar by reference in secp256k1_wnaf_const()
735fbde04 Merge ElementsProject#619: Clear a copied secret key after negation
16e86150d Install headers automatically
069870d92 Clear a copied secret key after negation
8979ec0d9 Pass scalar by reference in secp256k1_wnaf_const()
84a808598 Merge ElementsProject#612: Allow field_10x26_arm.s to compile for ARMv7 architecture
d4d270a59 Allow field_10x26_arm.s to compile for ARMv7 architecture
b19c00006 Merge ElementsProject#607: Use size_t shifts when computing a size_t
4d01bc2d9 Merge ElementsProject#606: travis: Remove unused sudo:false
e6d01e934 Use size_t shifts when computing a size_t
7667532bd travis: Remove unused sudo:false
248f04661 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...)
9ab96f7b1 Use trivial algorithm in ecmult_multi if scratch space is small
ee99f12f3 Merge ElementsProject#599: Switch x86_64 asm to use "i" instead of "n" for immediate values.
d58bc93f2 Switch x86_64 asm to use "i" instead of "n" for immediate values.
05362ee04 Merge ElementsProject#597: Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build
83483869a Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build
aa15154a4 Merge ElementsProject#568: Fix integer overflow in ecmult_multi_var when n is large
2277af5ff Fix integer overflow in ecmult_multi_var when n is large
dbed75d96 Undefine `STATIC_PRECOMPUTATION` if using the basic config
310111e09 Keep LDFLAGS if `--coverage`
85d0e1bcc Merge ElementsProject#591: Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing.
14196379e Merge ElementsProject#580: Add trivial ecmult_multi algorithm which does not require a scratch space
a697d82da Add trivial ecmult_multi to the benchmark tool
bade61741 Add trivial ecmult_multi algorithm. It is selected when no scratch space is given and just multiplies and adds the points.
5545e13de Merge ElementsProject#584: configure: Use CFLAGS_FOR_BUILD when checking native compiler
20c5869df Merge ElementsProject#516: improvements to random seed in src/tests.c
b76e45d5d Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing.
870a97764 Merge ElementsProject#562: Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse
be40c4d0b Fixup for C90 mixed declarations.
c71dd2c08 Merge ElementsProject#509: Fix algorithm selection in bench_ecmult
6492bf88c Merge ElementsProject#518: Summarize build options after running configure
0e9ada194 Merge ElementsProject#567: Correct order of libs returned on pkg-config --libs --static libsecp2…
e96901a4b Merge ElementsProject#587: Make randomization of a non-signing context a noop
58df8d03a Merge ElementsProject#511: Portability fix for the configure scripts generated
2ebdad772 Merge ElementsProject#552: Make constants static:
1c131affd Merge ElementsProject#551: secp256k1_fe_sqrt: Verify that the arguments don't alias.
ba698f883 Merge ElementsProject#539: Assorted minor corrections
949e85b00 Merge ElementsProject#550: Optimize secp256k1_fe_normalize_weak calls.
a34bcaadf Actually pass CFLAGS_FOR_BUILD and LDFLAGS_FOR_BUILD to linker
2d5f4cebd configure: Use CFLAGS_FOR_BUILD when checking native compiler
b408c6a8b Merge ElementsProject#579: Use __GNUC_PREREQ for detecting __builtin_expect
619837521 Make randomization of a non-signing context a noop
c663397f4 Use __GNUC_PREREQ for detecting __builtin_expect
3cb057f84 Fix possible integer overflow in DER parsing
89a20a894 Correct order of libs returned on pkg-config --libs --static libsecp256k1 call.
d3cb1f95e Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse
496c5b43b Make constants static: static const secp256k1_ge secp256k1_ge_const_g; static const int CURVE_B;
bf8b86cc0 secp256k1_fe_sqrt: Verify that the arguments don't alias.
9bd89c836 Optimize secp256k1_fe_normalize_weak calls. Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead.
52ab96fed clean dependendies in field_*_impl.h
deff5edd4 Correct math typos in field_*.h
4efb3f8dd Add check that restrict pointers don't alias with all parameters.
3965027c8 Summarize build options in configure script
0f0517369 Fix algorithm selection in bench_ecmult
8b3841c91 fix bug in fread() failure check
cddef0c0b tests: add warning message when /dev/urandom fails
270f6c80d Portability fix for the configure scripts generated
REVERT: 43dd1f4fe Merge pull request ElementsProject#40 from instagibbs/size_t
REVERT: 6532fa0a9 Merge pull request ElementsProject#39 from instagibbs/more_builds
REVERT: 2b2429dfa rangeproof: reduce iteration count in unit tests
REVERT: 12b0e5dda Enable more builds with rest of experimental flags
REVERT: 8c444eef6 use proper types for rangeproof min/max
REVERT: 53ad841ca Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting
REVERT: 71c5fe0f6 Add comment to explain effect of max_n_iterations in surjectionproof_init
REVERT: 85fd42fb7 add unit test for generator and pedersen commitment roundtripping
REVERT: 2ccf88541 rangeproof: fix serialization of pedersen commintments
REVERT: 60c173b64 rangeproof: verify correctness of pedersen commitments when parsing
REVERT: 32d7526cd generator: verify correctness of point when parsing
REVERT: ae14e8a9d rangeproof: check that points deserialize correctly when verifying rangeproof
REVERT: 44fe43d75 rangeproof: add fixed vector test case
REVERT: e065d7df9 Expose generator in shared library
REVERT: fb1ba329a fix spelling in documentation
REVERT: fb75faa14 Test for rejection of trailing bytes in range proofs
REVERT: 9b2cf1708 Test for rejection of trailing bytes in surjection proofs
REVERT: a3a1800ba Reject surjection proofs with trailing garbage
REVERT: 0c77ae9a7 Minor bugfix. Wrong length due to NUL character.
REVERT: b1f31bc4b Add whitelisting benchmark
REVERT: 52a9f8f8f add whitelist_impl.h to include for dist
REVERT: a707865bc generator: add API tests
REVERT: ec1ef040f generator: remove unnecessary ARG_CHECK from generate()
REVERT: b0e9aa828 Fix generator makefile
REVERT: 526c65499 Fix pedersen_blind_generator_blind_sum return value documentation
REVERT: b51886e72 Add n_keys argument to whitelist_verify
REVERT: 37c57de08 Fix checks of whitelist serialize/parse arguments
REVERT: 9b8a9d91e whitelist: fix serialize/parse API to take serialized length
REVERT: 7f1751560 Fix include/secp256k1_rangeproof.h function argument documentation.
REVERT: 0d817020d rangeproof: add API tests
REVERT: 417bb0643 surjectionproof: rename unit test functions to be more consistent with other modules
REVERT: 1e2d5c1a2 surjectionproof: add API unit tests
REVERT: 7878a298b surjectionproof: tests_impl.h s/assert/CHECK/g
REVERT: e609591b6 rangeproof: fix memory leak in unit tests
REVERT: 0c17f7972 add surjection proof module
REVERT: c174f0c60 Implement ring-signature based whitelist delegation scheme
REVERT: a2bc6604f rangeproof: several API changes
REVERT: 21bfb3c91 Expose generator in pedersen/rangeproof API
REVERT: f4620de04 Constant-time generator module
REVERT: d46fc3c19 rangeproof: expose sidechannel message field in the signing API
REVERT: cf40b1bed [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup
REVERT: 6d28767c7 Get rid of precomputed H tables (Pieter Wuille)
REVERT: ae1e576f6 Pedersen commitments, borromean ring signatures, and ZK range proofs.
REVERT: efc61dc0c Add 64-bit integer utilities

git-subtree-dir: src/secp256k1
git-subtree-split: 44db4d801fff3cd94105136cb443d603683baad2
gwillen pushed a commit that referenced this issue Feb 27, 2021
0129b77767 Merge #113: Upstream PRs  #849 #851
e1756dfddc Merge commits '3a106966 8f0c6f15 ' into temp-merge-851
7093e633b8 Merge pull request #106 from apoelstra/2020-11-reduce-test-rounds
29f9a7dc62 reduce test rounds for rangeproof and surjectionproof
8f0c6f1545 Merge #851: make test count iteration configurable by environment variable
f4fa8d226a forbid a test iteration of 0 or less
ff4714e641 Merge pull request #105 from jonasnick/update-musig
3fb4d6db9c travis: run musig test whenever schnorrsig tests are run
b9d91b3ecb musig: add pubkey_tweak_add function to allow taproot tweaking
0d71b6c61f Merge pull request #112 from jgriffiths/missed_rename
4721bec0ef Update renamed decl missed in e0ced690cff035b61763686cb69b7d06571e23e2
ebf57dc2f5 Merge pull request #107 from thomaseizinger/secp256k1-zkp
4d20713425 Remove unused context initializer functions
3a106966aa Merge #849: Convert Sage code to Python 3 (as used by Sage >= 9)
13c88efed0 Convert Sage code to Python 3 (as used by Sage >= 9)
0ce4554881 make test count iteration configurable by environment variable
38a8b20991 musig: fix memory leak in musig test
5b4eb18ec5 musig: shorten partial nonce byte array from 33 to 32 bytes
62f0b2d867 musig: make musig partial nonces byte arrays instead of "pubkeys"
73792e4a27 musig: represent a combined_nonce as an xonly_pubkey
2117e7466a musig: improve variable naming and be consistent with schnorrsig module
ebc31f1f9d musig: add ARG_CHECKs to functions to help debuggability
ac2d0e6697 musig: add magic to session to detect if session is uninitalized
29b4bd85d7 musig: simplify state machine by adding explicit round to session struct
6370bdd537 Merge pull request #104 from jonasnick/temp-merge-835
e0ced690cf Rename rands64 to testrandi64
b0917f3de1 Merge remote-tracking branch 'upstream/master' into temp-merge-835
81052ca411 Merge #103: Merge upstream schnorrsig PR
9e5939d284 Merge #835: Don't use reserved identifiers memczero and benchmark_verify_t
96b9236c42 re-enable musig module
23900a0d86 Fix the MuSig module after integrating bip-schnorr updates
005fe79262 Merge commit '8ab24e8d' into tmp
a11250330b (actually) remove schnorrsig module
bac746c55e (temporarily) disable musig module
d0a83f7328 Merge #839: Prevent arithmetic on NULL pointer if the scratch space is too small
903b16aa6c Merge #840: Return NULL early in context_preallocated_create if flags invalid
1f4dd03838 Typedef (u)int128_t only when they're not provided by the compiler
3967d96bf1 Merge #838: Make autotools check for all the used openssl functions
3734b68200 Configure echo if openssl tests are enabled
ebfa2058e9 Return NULL early in context_preallocated_create if flags invalid
6f54e69f03 Merge #841: Avoids a potentially shortening size_t to int cast in strauss_wnaf_
29a299e373 Run the undefined behaviour sanitizer on Travis
7506e064d7 Prevent arithmetic on NULL pointer if the scratch space is too small
8893f42438 Avoids a potentially shortening size_t to int cast in strauss_wnaf_
e6692778d3 Modify bitcoin_secp.m4's openssl check to call all the functions that we use in the tests/benchmarks. That way linking will fail if those symbols are missing
ac05f61fcf Merge #809: Stop treating ECDH as experimental
e6e3d5da2f travis: add schnorrsig to valgrind and big endian platform test
353dff156f Stop treating ECDH as experimental
e89278f211 Don't use reserved identifiers memczero and benchmark_verify_t
c6b6b8f1bb Merge #830: Rip out non-endomorphism code + dependencies
c582abade1 Consistency improvements to the comments
63c6b71616 Reorder comments/function around scalar_split_lambda
2edc514c90 WNAF of lambda_split output has max size 129
4232e5b7da Rip out non-endomorphism code
ebad8414b0 Check correctness of lambda split without -DVERIFY
fe7fc1fda8 Make lambda constant accessible
9d2f2b44d8 Add tests to exercise lambda split near bounds
9aca2f7f07 Add secp256k1_split_lambda_verify
acab934d24 Detailed comments for secp256k1_scalar_split_lambda
73acc8fef6 Merge pull request #102 from jonasnick/temp-merge-797
8b70795b5e Fix BE platforms by updating endianness macros to match upstream
76ed922a5f Increase precision of g1 and g2
6173839c90 Switch to our own memcmp function
d1b13b0014 Merge commit 'f3733c54' into temp-merge-797
23bf5b732b Merge pull request #101 from jonasnick/temp-merge-778
0a5b60d8b0 Merge commit '6034a04f' into temp-merge-778
caa5d24446 Merge #99: [upstream PR #774]: tests: Abort if malloc() fails during context cloning tests
1789183cba Merge commit '40412b19' into temp-merge-774
63150ab4da Merge #827: Rename testrand functions to have test in name
c5257aed0b Merge #821: travis: Explicitly set --with-valgrind
bb1f54280f Merge #818: Add static assertion that uint32_t is unsigned int or wider
a45c1fa63c Rename testrand functions to have test in name
5006895bd6 Merge #808: Exhaustive test improvements + exhaustive schnorrsig tests
a39b08d672 Merge #95: [upstream PR #741]: Remove unnecessary sign variable from wnaf_const
a3a3a17f47 Merge pull request #94 from apoelstra/temp-merge-1309c03c45beece646a7d21fdb6a0e3d38adee2b
4eecb4d6ef travis: VALGRIND->RUN_VALGRIND to avoid confusion with WITH_VALGRIND
66a765c775 travis: Explicitly set --with-valgrind
d7838ba6a6 Merge #813: Enable configuring Valgrind support
7ceb0b7611 Merge #819: Enable -Wundef warning
8b7dcdd955 Add exhaustive test for extrakeys and schnorrsig
08d7d89299 Make pubkey parsing test whether points are in the correct subgroup
87af00b511 Abstract out challenge computation in schnorrsig
63e1b2aa7d Disable output buffering in tests_exhaustive.c
39f67dd072 Support splitting exhaustive tests across cores
e99b26fcd5 Give exhaustive_tests count and seed cmdline inputs
49e6630bca refactor: move RNG seeding to testrand
b110c106fa Change exhaustive test groups so they have a point with X=1
cec7b18a34 Select exhaustive lambda in function of order
78f6cdfaae Make the curve B constant a secp256k1_fe
d7f39ae4b6 Delete gej_is_valid_var: unused outside tests
8bcd78cd79 Make secp256k1_scalar_b32 detect overflow in scalar_low
c498366e5b Move exhaustive tests for recovery to module
be31791543 Make group order purely compile-time in exhaustive tests
e73ff30922 Enable -Wundef warning
c0041b5cfc Add static assertion that uint32_t is unsigned int or wider
4ad408faf3 Merge #782: Check if variable=yes instead of if var is set in travis.sh
412bf874d0 configure: Allow specifying --with[out]-valgrind explicitly
34debf7a6d Modify .travis.yml to explictly pass no in env vars instead of setting to nothing
a0e99fc121 Merge #814: tests: Initialize random group elements fully
5738e8622d tests: Initialize random group elements fully
c9939ba55d Merge #812: travis: run bench_schnorrsig
a51f2af62b travis: run bench_schnorrsig
8ab24e8dad Merge #558: Add schnorrsig module which implements BIP-340 compliant signatures
f3733c5433 Merge #797: Fix Jacobi benchmarks and other benchmark improvements
cb5524adc5 Add benchmark for secp256k1_ge_set_gej_var
5c6af60ec5 Make jacobi benchmarks vary inputs
d0fdd5f009 Randomize the Z coordinates in bench_internal
c7a3424c5f Rename bench_internal variables
875d68b95f Merge #699: Initialize field elements when resulting in infinity
54caf2e74f Merge #799: Add fallback LE/BE for architectures with known endianness + SHA256 selftest
f431b3f28a valgrind_ctime_test: Add schnorrsig_sign
16ffa9d97c schnorrsig: Add taproot test case
8dfd53ee3f schnorrsig: Add benchmark for sign and verify
4e43520026 schnorrsig: Add BIP-340 compatible signing and verification
7332d2db6b schnorrsig: Add BIP-340 nonce function
7a703fd97d schnorrsig: Init empty experimental module
eabd9bc46a Allow initializing tagged sha256
6fcb5b845d extrakeys: Add keypair_xonly_tweak_add
58254463f9 extrakeys: Add keypair struct with create, pub and pub_xonly
f0010349b8 Separate helper functions for pubkey_create and seckey_tweak_add
910d9c284c extrakeys: Add xonly_pubkey_tweak_add & xonly_pubkey_tweak_add_test
176bfb1110 Separate helper function for ec_pubkey_tweak_add
4cd2ee474d extrakeys: Add xonly_pubkey with serialize, parse and from_pubkey
f49c9896b0 Merge #806: Trivial: Add test logs to gitignore
aabf00c155 Merge #648: Prevent ints from wrapping around in scratch space functions
f5adab16a9 Merge #805: Remove the extremely outdated TODO file.
bceefd6547 Add test logs to gitignore
1c325199d5 Remove the extremely outdated TODO file.
47e6618e11 extrakeys: Init empty experimental module
3e08b02e2a Make the secp256k1_declassify argument constant
8bc6aeffa9 Add SHA256 selftest
670cdd3f8b Merge #798: Check assumptions on integer implementation at compile time
5e5fb28b4a Use additional system macros to figure out endianness
7c068998ba Compile-time check assumptions on integer types
02b6c87b52 Add support for (signed) __int128
979961c506 Merge #787: Use preprocessor macros instead of autoconf to detect endianness
887bd1f8b6 Merge #793: Make scalar/field choice depend on C-detected __int128 availability
0dccf98a21 Use preprocessor macros instead of autoconf to detect endianness
b2c8c42cf1 Merge #795: Avoid linking libcrypto in the valgrind ct test.
57d3a3c64c Avoid linking libcrypto in the valgrind ct test.
79f1f7a4f1 Autodetect __int128 availability on the C side
0d7727f95e Add SECP256K1_FE_STORAGE_CONST_GET to 5x52 field
805082de11 Merge #696: Run a Travis test on s390x (big endian)
39295362cf Test travis s390x (big endian)
ef37761fee Change travis.sh to check if variables are equal to yes instead of not-empty. Before this, setting `VALGRIND=wat` was considered as true, and to make it evaluate as false you had to unset the variable `VALGRIND=` but not it checks if `VALGRIND=yes` and if it's not `yes` then it's evaluated to false
6034a04fb1 Merge #778: secp256k1_gej_double_nonzero supports infinity
f60915906d Merge #779: travis: Fix argument quoting for ./configure
9e49a9b255 travis: Fix argument quoting for ./configure
18d36327fd secp256k1_gej_double_nonzero supports infinity
214cb3c321 Merge #772: Improve constant-timeness on PowerPC
40412b1930 Merge #774: tests: Abort if malloc() fails during context cloning tests
2e1b9e0458 tests: Abort if malloc() fails during context cloning tests
67a429f31f Suppress a harmless variable-time optimization by clang in _int_cmov
5b196338f0 Remove redundant "? 1 : 0" after comparisons in scalar code
3e5cfc5c73 Merge #741: Remove unnecessary sign variable from wnaf_const
66bb9320c0 Merge #773: Fix some compile problems on weird/old compilers.
1309c03c45 Fix some compile problems on weird/old compilers.
fabc8f74e7 Fix typo in MuSig documentation.
96201b4f6e Require message in musig protocol in an earlier state. In particular, remove the set_msg function and require the message in get_public_nonce at the latest.
4fd0d56e37 Fix my_index in musig state machine tests
b74f2dc478 Remove mentions of DER in H derivation.
b368a5d163 Fix ARG_NONNULL macro usage in musig include
bedff79848 Add cplusplus directive to musig include
9957307c3f Fix explanation of H derivation. It doesn't use DER encoding.
d924027765 Add tweak32 parameter to musig_partial_sig_combine which allows to sign for p2c/taproot commitments
a4410ac779 Add musig module tests to travis
d6738e890e surjection proof: Reject proofs with too many used inputs in reduced mode
bd70820123 allow reducing surjection proof size (to lower generation stack usage)
56f69d979f surjectionproof: introduce `SECP256K1_SURJECTIONPROOF_MAX_USED_INPUTS` constant and set it to 16
b8a3ff5f3b surjectionproof: reduce stack usage
68d937fe11 surjectionproof: fix malleability in surjection proof parsing
41bc9ce129 surjectionproof: add test vectors for "set padding bits"
b0644d4ab3 surjectionproof: add fixed test vectors
c0415eb0cb Fix read of wrong buffer (and OOB) in surjectionproof tests
00fffeb172 Improve comments for surctionproof init+alloc/destroy funcs
2dc868f35b work in progress: add _allocate_initialized/destroy funcs
0d4ee3c62d Improve explanation of key cancellation attack in whitelist.md
2a1750dedd Clarify how to derive alternative generator H
ed7394f005 Add bench_generator and bench_rangeproof to .gitignore
9dd117fd2b Clean up ./configure help strings (zkp extensions)
f35b5e271f Fix a small typo in the generator parameter name
068f03c35b generator: remove `CHECK` abort calls exposed by public API
3424cb1fa3 musig: add user documentation
13ef445721 Add 3-of-3 MuSig example
b86c210747 Add MuSig module which allows creating n-of-n multisignatures and adaptor signatures.
c59c602dd6 Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification.
a1f16a0a53 add chacha20 function
3cdc02ef8a use proper types for rangeproof min/max
cf21c9d715 rangeproof: reduce iteration count in unit tests
0dfb356f95 Enable more builds with rest of experimental flags
4c231568fb Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting
f416e039bb Add comment to explain effect of max_n_iterations in surjectionproof_init
936d62f248 add unit test for generator and pedersen commitment roundtripping
e06540de8c rangeproof: fix serialization of pedersen commintments
edb879f578 rangeproof: verify correctness of pedersen commitments when parsing
fca4c3b62f generator: verify correctness of point when parsing
c50b218698 rangeproof: check that points deserialize correctly when verifying rangeproof
c33e597245 rangeproof: add fixed vector test case
0c5cb7cd08 Expose generator in shared library
dbc49df80c fix spelling in documentation
47be098bac Test for rejection of trailing bytes in range proofs
16aaa4a02c Test for rejection of trailing bytes in surjection proofs
949e994cb3 Reject surjection proofs with trailing garbage
c87618157e Minor bugfix. Wrong length due to NUL character.
fc3dc94049 Add whitelisting benchmark
edc7cb6cdd add whitelist_impl.h to include for dist
4320490e88 generator: add API tests
126493ef01 generator: remove unnecessary ARG_CHECK from generate()
253f131310 Fix generator makefile
3997128ad9 Fix pedersen_blind_generator_blind_sum return value documentation
04f4c09111 Add n_keys argument to whitelist_verify
dbf3d752a8 Fix checks of whitelist serialize/parse arguments
29d0d562dc whitelist: fix serialize/parse API to take serialized length
660ad39fb3 Fix include/secp256k1_rangeproof.h function argument documentation.
e13bdf2f23 rangeproof: add API tests
18c5c62b45 surjectionproof: rename unit test functions to be more consistent with other modules
5f1ad03d00 surjectionproof: add API unit tests
f858a4e3d5 surjectionproof: tests_impl.h s/assert/CHECK/g
002002e735 rangeproof: fix memory leak in unit tests
ba8b4f53ef add surjection proof module
8c77fe1590 Implement ring-signature based whitelist delegation scheme
94425d4a67 rangeproof: several API changes
f6c84a02f3 Expose generator in pedersen/rangeproof API
360e218043 Constant-time generator module
e7a8a5f638 rangeproof: expose sidechannel message field in the signing API
a88db4a744 [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup
16618fcd8d Pedersen commitments, borromean ring signatures, and ZK range proofs.
3cf8f70ba1 Add 64-bit integer utilities
2309c7dd4a Merge #769: Undef HAVE___INT128 in basic-config.h to fix gen_context compilation
22e578bb11 Undef HAVE___INT128 in basic-config.h to fix gen_context compilation
3f4a5a10e4 Merge #765: remove dead store in ecdsa_signature_parse_der_lax
f00d6575ca remove dead store in ecdsa_signature_parse_der_lax
dbd41db16a Merge #759: Fix uninitialized variables in ecmult_multi test
2e7fc5b537 Fix uninitialized variables in ecmult_multi test
2ed54da18a Merge #755: Recovery signing: add to constant time test, and eliminate non ct operators
28609507e7 Add tests for the cmov implementations
73596a85a2 Add ecdsa_sign_recoverable to the ctime tests
2876af4f8d Split ecdsa_sign logic into a new function and use it from ecdsa_sign and recovery
5e1c885efb Merge #754: Fix uninit values passed into cmov
f79a7adcf5 Add valgrind uninit check to cmovs output
05d315affe Merge #752: autoconf: Use ":" instead of "dnl" as a noop
a39c2b09de Fixed UB(arithmetics on uninit values) in cmovs
3a6fd7f636 Merge #750: Add macOS to the CI
5e8747ae2a autoconf: Use ":" instead of "dnl" as a noop
71757da5cc Explictly pass SECP256K1_BENCH_ITERS to the benchmarks in travis.sh
99bd661d71 Replace travis_wait with a loop printing "\a" to stdout every minute
bc818b160c Bump travis Ubuntu from xenial(16.04) to bionic(18.04)
0c5ff9066e Add macOS support to travis
b6807d91d8 Move travis script into a standalone sh file
f39f99be0e Merge #701: Make ec_ arithmetic more consistent and add documentation
37dba329c6 Remove unnecessary sign variable from wnaf_const
6bb0b77e15 Fix test_constant_wnaf for -1 and add a test for it.
39198a03ea Merge #732: Retry if r is zero during signing
59a8de8f64 Merge #742: Fix typo in ecmult_const_impl.h
4e284655d9 Fix typo in ecmult_const_impl.h
f862b4ca13 Merge #740: Make recovery/main_impl.h non-executable
ffef45c98a Make recovery/main_impl.h non-executable
2361b3719a Merge #735: build: fix OpenSSL EC detection on macOS
3b7d26b23c build: add SECP_TEST_INCLUDES to bench_verify CPPFLAGS
84b5fc5bc3 build: fix OpenSSL EC detection on macOS
37ed51a7ea Make ecdsa_sig_sign constant-time again after reverting 25e3cfb
93d343bfc5 Revert "ecdsa_impl: replace scalar if-checks with VERIFY_CHECKs in ecdsa_sig_sign"
7e3952ae82 Clarify documentation of tweak functions.
89853a0f2e Make tweak function documentation more consistent.
41fc785602 Make ec_privkey functions aliases for ec_seckey_negate, ec_seckey_tweak_add and ec_seckey_mul
22911ee6da Rename private key to secret key in public API (with the exception of function names)
5a73f14d6c Mention that value is unspecified for In/Out parameters if the function returns 0
f03df0e6d7 Define valid ECDSA keys in the documentation of seckey_verify
5894e1f1df Return 0 if the given seckey is invalid in privkey_negate, privkey_tweak_add and privkey_tweak_mul
8f814cddb9 Add test for boundary conditions of scalar_set_b32 with respect to overflows
3fec982608 Use scalar_set_b32_seckey in ecdsa_sign, pubkey_create and seckey_verify
9ab2cbe0eb Add scalar_set_b32_seckey which does the same as scalar_set_b32 and also returns whether it's a valid secret key
4f27e344c6 Merge #728: Suppress a harmless variable-time optimization by clang in memczero
01993878bb Add test for memczero()
52a03512c1 Suppress a harmless variable-time optimization by clang in memczero
8f78e208ad Merge #722: Context isn't freed in the ECDH benchmark
ed1b91171a Merge #700: Allow overriding default flags
85b35afa76 Add running benchmarks regularly and under valgrind in travis
ca4906b02e Pass num of iters to benchmarks as variable, and define envvar
02dd5f1bbb free the ctx at the end of bench_ecdh
e9fccd4de1 Merge #708: Constant-time behaviour test using valgrind memtest.
08fb6c4926 Run valgrind_ctime_test in travis
3d2302257f Constant-time behaviour test using valgrind memtest.
96d8ccbd16 Merge #710: Eliminate harmless non-constant time operations on secret data.
0585b8b2ee Merge #718: Clarify that a secp256k1_ecdh_hash_function must return 0 or 1
7b50483ad7 Adds a declassify operation to aid constant-time analysis.
34a67c773b Eliminate harmless non-constant time operations on secret data.
ca739cba23 Compile with optimization flag -O2 by default instead of -O3
eb45ef3384 Clarify that a secp256k1_ecdh_hash_function must return 0 or 1
856a01d6ad Merge #714: doc: document the length requirements of output parameter.
d72b9e2483 Merge #682: Remove Java Native Interface
4b48a43106 doc: document the length requirements of output parameter.
1b4d256e2e Merge #713: Docstrings
dabfea7e21 field: extend docstring of secp256k1_fe_normalize
dc7d8fd9e2 scalar: extend docstring of secp256k1_scalar_set_b32
074ab582dd Merge #704: README: add a section for test coverage
acb7f97eb8 README: add a section for test coverage
227a4f2d07 Merge #709: Remove secret-dependant non-constant time operation in ecmult_const.
d567b779fe Clarify comments about use of rzr on ge functions and abs function.
2241ae6d14 Remove secret-dependant non-constant time operation in ecmult_const.
642cd062bd Remove Java Native Interface
83fb1bcef4 Remove -O2 from default CFLAGS because this would override the -O3 flag (see AC_PROG_CC in the Autoconf manual)
ecba8138ec Append instead of Prepend user-CFLAGS to default CFLAGS allowing the user to override default variables
613c34cd86 Remove test in configure.ac because it doesn't have an effect
f45d897101 Merge #703: Overhaul README.md
2e759ec753 Overhaul README.md
d644dda5c9 Merge #689: Remove "except in benchmarks" exception for fp math
bde2a32286 Convert bench.h to fixed-point math
47a7b8382f Clear field elements when writing infinity
61d1ecb028 Added test with additions resulting in infinity
387d723c3f Merge #679: Add SECURITY.md
0db61d25c9 Merge #685: Fix issue where travis does not show the ./tests seed…
a0771d15e6 Explicitly disable buffering for stderr in tests
fb424fbba2 Make travis show the ./tests seed by removing stdout buffering and always cat tests.log after a travis run.
22a6031184 Merge #690: Add valgrind check to travis
544002c008 Merge #678: Preventing compiler optimizations in benchmarks without a memory fence
dd98cc988f travis: Added a valgrind test without endro and enabled recovery+ecdh
b4c1382a87 Add valgrind check to travis
0c774d89e6 Merge #688: Fix ASM setting in travis
5c5f71eea5 Fix ASM setting in travis
e2625f8a98 Merge #684: Make no-float policy explicit
bae1bea3c4 Make no-float policy explicit
78c3836341 Add SECURITY.md
362bb25608 Modified bench_scalar_split so it won't get optimized out
73a30c6b58 Added accumulators and checks on benchmarks so they won't get optimized out
770b3dcd6f Merge #677: Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var
b76142ff25 Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var which was removed in 47045270fa90f81205d989f7107769bce1e71c4d
137d304a6b Merge #647: Increase robustness against UB in secp256k1_scalar_cadd_bit
0d9540b13f Merge #664: Remove mention of ec_privkey_export because it doesn't exist
59782c68b4 Remove mention of ec_privkey_export because it doesn't exist
96cd94e385 Merge #337: variable sized precomputed table for signing
dcb2e3b3ff variable signing precompute table
b4bff99028 Merge #661: Make ./configure string consistent
a467047e11 Make ./configure string consistent
e729cc7f5a Merge #657: Fix a nit in the recovery tests
b64a2e2597 Fix a nit in the recovery tests
e028aa33d3 Merge #650: secp256k1/src/tests.c:  Properly handle sscanf return value
f1e11d363d Merge #654: Fix typo (∞)
ef83281c3a Merge pull request #656 from real-or-random/patch-1
556caad2ca Fix typo in docs for _context_set_illegal_callback
0d82732a9a Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit. This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow.
786dfb49f5 Merge #583: JNI: fix use sig array
e95f8ab098 Merge #644: Avoid optimizing out a verify_check
384f55606a Merge #652: README.md: update instruction to run tests
ee56accd47 Merge #651: Fix typo in secp256k1_preallocated.h
7b9b117230 Merge #640: scalar_impl.h: fix includes
d99bec2e21 Merge #655: jni: Use only Guava for hex encoding and decoding
2abcf951af jni: Use only Guava for hex encoding and decoding
271582b3b7 Fix typo
60f7f2de5d Don't assume that ALIGNMENT > 1 in tests
ada6361dec Use ROUND_TO_ALIGN in scratch_create
8ecc6ce50e Add check preventing rounding to alignment from wrapping around in scratch_alloc
4edaf06fb0 Add check preventing integer multiplication wrapping around in scratch_max_allocation
ce6d438266 README.md: update instruction to run tests
b1e68cb8e6 Fix typo in secp256k1_preallocated.h
a11c76c59a secp256k1/src/tests.c:  Properly handle sscanf return value
8fe63e5654 Increase robustness against UB. Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour. While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands.
94ae7cbf83 Moved a dereference so the null check will be before the dereferencing
2cb73b1064 scalar_impl.h: fix includes
fa33017135 Merge #634: Add a descriptive comment for secp256k1_ecmult_const.
ee9e68cd30 Add a descriptive comment for secp256k1_ecmult_const.
d0d738d32d Merge #631: typo in comment for secp256k1_ec_pubkey_tweak_mul ()
6914c25276 typo in comment for secp256k1_ec_pubkey_tweak_mul ()
e541a90ef6 Merge #629: Avoid calling _is_zero when _set_b32 fails.
f34b0c3f35 Merge #630: Note intention of timing sidechannel freeness.
8d1563b0ff Note intention of timing sidechannel freeness.
1669bb2865 Merge #628: Fix ability to compile tests without -DVERIFY.
ecc94abcc8 Merge #627: Guard memcmp in tests against mixed size inputs.
544435fc90 Merge #578: Avoid implementation-defined and undefined behavior when dealing with sizes
143dc6e9ee Merge #595: Allow to use external default callbacks
e49f7991c2 Add missing #(un)defines to base-config.h
77defd2c3b Add secp256k1_ prefix to default callback functions
908bdce64e Include stdio.h and stdlib.h explicitly in secp256k1.c
5db782e655 Allow usage of external default callbacks
6095a863fa Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return
cd473e02c3 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails.
6c36de7a33 Merge #600: scratch space: use single allocation
98836b11f0 scratch: replace frames with "checkpoint" system
7623cf2b97 scratch: save a couple bytes of unnecessarily-allocated memory
a7a164f2c6 scratch: rename `max_size` to `size`, document that extra will actually be allocated
5a4bc0bb95 scratch: unify allocations
c2b028a281 scratch space: thread `error_callback` into all scratch space functions
0be1a4ae62 scratch: add magic bytes to beginning of structure
92a48a764d scratch space: use single allocation
40839e21b9 Merge #592: Use trivial algorithm in ecmult_multi if scratch space is small
dcf392027b Fix ability to compile tests without -DVERIFY.
a484e0008b Merge #566: Enable context creation in preallocated memory
0522caac8f Explain caller's obligations for preallocated memory
238305fdbb Move _preallocated functions to separate header
695feb6fbd Export _preallocated functions
814cc78d71 Add tests for contexts in preallocated memory
ba12dd08da Check arguments of _preallocated functions
5feadde462 Support cloning a context into preallocated memory
c4fd5dab45 Switch to a single malloc call
ef020de16f Add size constants for preallocated memory
1bf7c056ba Prepare for manual memory management in preallocated memory
248bffb052 Guard memcmp in tests against mixed size inputs.
36698dcfee Merge #596: Make WINDOW_G configurable
a61a93ff50 Clean up ./configure help strings
2842dc523e Make WINDOW_G configurable
1a02d6ce51 Merge #626: Revert "Merge #620: Install headers automatically"
662918cb29 Revert "Merge #620: Install headers automatically"
14c7dbd444 Simplify control flow in DER parsing
ec8f20babd Avoid out-of-bound pointers and integer overflows in size comparisons
01ee1b3b3c Parse DER-enconded length into a size_t instead of an int
912680ed86 Merge #561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config
91fae3ace0 Merge #620: Install headers automatically
5df77a0eda Merge #533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...)
975e51e0d9 Merge #617: Pass scalar by reference in secp256k1_wnaf_const()
735fbde04e Merge #619: Clear a copied secret key after negation
16e86150d0 Install headers automatically
069870d92a Clear a copied secret key after negation
8979ec0d9a Pass scalar by reference in secp256k1_wnaf_const()
84a808598b Merge #612: Allow field_10x26_arm.s to compile for ARMv7 architecture
d4d270a59c Allow field_10x26_arm.s to compile for ARMv7 architecture
b19c000063 Merge #607: Use size_t shifts when computing a size_t
4d01bc2d9c Merge #606: travis: Remove unused sudo:false
e6d01e9347 Use size_t shifts when computing a size_t
7667532bd7 travis: Remove unused sudo:false
248f046611 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...)
9ab96f7b12 Use trivial algorithm in ecmult_multi if scratch space is small
ee99f12f3d Merge #599: Switch x86_64 asm to use "i" instead of "n" for immediate values.
d58bc93f2c Switch x86_64 asm to use "i" instead of "n" for immediate values.
05362ee042 Merge #597: Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build
83483869ac Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build
aa15154a48 Merge #568: Fix integer overflow in ecmult_multi_var when n is large
2277af5ff0 Fix integer overflow in ecmult_multi_var when n is large
dbed75d969 Undefine `STATIC_PRECOMPUTATION` if using the basic config
310111e093 Keep LDFLAGS if `--coverage`
85d0e1bcce Merge #591: Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing.
14196379ec Merge #580: Add trivial ecmult_multi algorithm which does not require a scratch space
a697d82da9 Add trivial ecmult_multi to the benchmark tool
bade617417 Add trivial ecmult_multi algorithm. It is selected when no scratch space is given and just multiplies and adds the points.
5545e13dea Merge #584: configure: Use CFLAGS_FOR_BUILD when checking native compiler
20c5869df2 Merge #516: improvements to random seed in src/tests.c
b76e45d5d6 Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing.
870a977644 Merge #562: Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse
be40c4d0b5 Fixup for C90 mixed declarations.
c71dd2c08f Merge #509: Fix algorithm selection in bench_ecmult
6492bf88cc Merge #518: Summarize build options after running configure
0e9ada1941 Merge #567: Correct order of libs returned on pkg-config --libs --static libsecp2…
e96901a4b9 Merge #587: Make randomization of a non-signing context a noop
58df8d03ad Merge #511: Portability fix for the configure scripts generated
2ebdad772a Merge #552: Make constants static:
1c131affd3 Merge #551: secp256k1_fe_sqrt: Verify that the arguments don't alias.
ba698f883b Merge #539: Assorted minor corrections
949e85b009 Merge #550: Optimize secp256k1_fe_normalize_weak calls.
a34bcaadf1 Actually pass CFLAGS_FOR_BUILD and LDFLAGS_FOR_BUILD to linker
2d5f4cebdc configure: Use CFLAGS_FOR_BUILD when checking native compiler
b408c6a8b2 Merge #579: Use __GNUC_PREREQ for detecting __builtin_expect
6198375218 Make randomization of a non-signing context a noop
74e2dbd68e JNI: fix use sig array
c663397f46 Use __GNUC_PREREQ for detecting __builtin_expect
3cb057f842 Fix possible integer overflow in DER parsing
89a20a8945 Correct order of libs returned on pkg-config --libs --static libsecp256k1 call.
d3cb1f95eb Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse
496c5b43b8 Make constants static: static const secp256k1_ge secp256k1_ge_const_g; static const int CURVE_B;
bf8b86cc07 secp256k1_fe_sqrt: Verify that the arguments don't alias.
9bd89c836b Optimize secp256k1_fe_normalize_weak calls. Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead.
52ab96fedb clean dependendies in field_*_impl.h
deff5edd42 Correct math typos in field_*.h
4efb3f8dd1 Add check that restrict pointers don't alias with all parameters.
3965027c81 Summarize build options in configure script
0f0517369c Fix algorithm selection in bench_ecmult
8b3841c91d fix bug in fread() failure check
cddef0c0be tests: add warning message when /dev/urandom fails
270f6c80db Portability fix for the configure scripts generated
REVERT: 43dd1f4fe7 Merge pull request #40 from instagibbs/size_t
REVERT: 6532fa0a96 Merge pull request #39 from instagibbs/more_builds
REVERT: 2b2429dfaa rangeproof: reduce iteration count in unit tests
REVERT: 12b0e5dda7 Enable more builds with rest of experimental flags
REVERT: 8c444eef6a use proper types for rangeproof min/max
REVERT: 53ad841caf Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting
REVERT: 71c5fe0f6e Add comment to explain effect of max_n_iterations in surjectionproof_init
REVERT: 85fd42fb7e add unit test for generator and pedersen commitment roundtripping
REVERT: 2ccf885419 rangeproof: fix serialization of pedersen commintments
REVERT: 60c173b640 rangeproof: verify correctness of pedersen commitments when parsing
REVERT: 32d7526cd5 generator: verify correctness of point when parsing
REVERT: ae14e8a9d8 rangeproof: check that points deserialize correctly when verifying rangeproof
REVERT: 44fe43d757 rangeproof: add fixed vector test case
REVERT: e065d7df9f Expose generator in shared library
REVERT: fb1ba329aa fix spelling in documentation
REVERT: fb75faa147 Test for rejection of trailing bytes in range proofs
REVERT: 9b2cf1708d Test for rejection of trailing bytes in surjection proofs
REVERT: a3a1800ba6 Reject surjection proofs with trailing garbage
REVERT: 0c77ae9a75 Minor bugfix. Wrong length due to NUL character.
REVERT: b1f31bc4b6 Add whitelisting benchmark
REVERT: 52a9f8f8f3 add whitelist_impl.h to include for dist
REVERT: a707865bc5 generator: add API tests
REVERT: ec1ef040f5 generator: remove unnecessary ARG_CHECK from generate()
REVERT: b0e9aa828f Fix generator makefile
REVERT: 526c65499f Fix pedersen_blind_generator_blind_sum return value documentation
REVERT: b51886e722 Add n_keys argument to whitelist_verify
REVERT: 37c57de083 Fix checks of whitelist serialize/parse arguments
REVERT: 9b8a9d91eb whitelist: fix serialize/parse API to take serialized length
REVERT: 7f17515609 Fix include/secp256k1_rangeproof.h function argument documentation.
REVERT: 0d817020d9 rangeproof: add API tests
REVERT: 417bb0643f surjectionproof: rename unit test functions to be more consistent with other modules
REVERT: 1e2d5c1a26 surjectionproof: add API unit tests
REVERT: 7878a298b2 surjectionproof: tests_impl.h s/assert/CHECK/g
REVERT: e609591b66 rangeproof: fix memory leak in unit tests
REVERT: 0c17f7972a add surjection proof module
REVERT: c174f0c609 Implement ring-signature based whitelist delegation scheme
REVERT: a2bc6604f9 rangeproof: several API changes
REVERT: 21bfb3c91a Expose generator in pedersen/rangeproof API
REVERT: f4620de040 Constant-time generator module
REVERT: d46fc3c191 rangeproof: expose sidechannel message field in the signing API
REVERT: cf40b1bed2 [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup
REVERT: 6d28767c79 Get rid of precomputed H tables (Pieter Wuille)
REVERT: ae1e576f67 Pedersen commitments, borromean ring signatures, and ZK range proofs.
REVERT: efc61dc0ca Add 64-bit integer utilities

git-subtree-dir: src/secp256k1
git-subtree-split: 0129b77767ea001e5693e39ac6deecea0c461817
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant