Squashed 'src/secp256k1/' changes from 0b70241..98540d5

98540d5 Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting
2cbec92 add unit test for generator and pedersen commitment roundtripping
3ed6f80 rangeproof: fix serialization of pedersen commintments
39746c4 rangeproof: verify correctness of pedersen commitments when parsing
181e7c7 generator: verify correctness of point when parsing
96fd877 rangeproof: check that points deserialize correctly when verifying rangeproof
6447f58 rangeproof: add fixed vector test case
972b2f7 Expose generator in shared library
dd87bdb fix spelling in documentation
1b4a6bd Test for rejection of trailing bytes in range proofs
eee5219 Test for rejection of trailing bytes in surjection proofs
415094f Reject surjection proofs with trailing garbage
71c0f06 Minor bugfix. Wrong length due to NUL character.
ab4618a Add comment to explain effect of max_n_iterations in surjectionproof_init
5cbe2a4 Add whitelisting benchmark
343edc8 add whitelist_impl.h to include for dist
cfa25d5 generator: add API tests
6b180e8 generator: remove unnecessary ARG_CHECK from generate()
148c24e Fix generator makefile
56f7992 Fix pedersen_blind_generator_blind_sum return value documentation
28c2297 Add n_keys argument to whitelist_verify
ca0f26d Fix checks of whitelist serialize/parse arguments
a9c14a3 whitelist: fix serialize/parse API to take serialized length
2b010c1 Fix include/secp256k1_rangeproof.h function argument documentation.
5fc1ca8 rangeproof: add API tests
88a5258 surjectionproof: rename unit test functions to be more consistent with other modules
00d3d20 surjectionproof: add API unit tests
7ac795a surjectionproof: tests_impl.h s/assert/CHECK/g
9432569 rangeproof: fix memory leak in unit tests
4c845d7 add surjection proof module
f67971d Implement ring-signature based whitelist delegation scheme
cfeac22 rangeproof: several API changes
5cc1483 Expose generator in pedersen/rangeproof API
201f3d7 Constant-time generator module
71c04ae rangeproof: expose sidechannel message field in the signing API
72646ee [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup
306e9dd Get rid of precomputed H tables (Pieter Wuille)
4b22ba2 Pedersen commitments, borromean ring signatures, and ZK range proofs.
d013dff Add 64-bit integer utilities
e34ceb3 Merge ElementsProject#557: Eliminate scratch memory used when generating contexts
b3bf5f9 ecmult_impl: expand comment to explain how effective affine interacts with everything
efa783f Store z-ratios in the 'x' coord they'll recover
ffd3b34 add `secp256k1_ge_set_all_gej_var` test which deals with many infinite points
84740ac ecmult_impl: save one fe_inv_var
4704527 ecmult_impl: eliminate scratch memory used when generating context
7f7a2ed ecmult_gen_impl: eliminate scratch memory used when generating context
314a61d Merge ElementsProject#553: add static context object which has no capabilities
1086fda Merge ElementsProject#354: [ECDH API change] Support custom hash function
40fde61 prevent attempts to modify `secp256k1_context_no_precomp`
ed7c084 add static context object which has no capabilities
1e6f1f5 Merge ElementsProject#529: fix tests.c in the count == 0 case
c8fbc3c [ECDH API change] Allow pass arbitrary data to hash function
b00be65 [ECDH API change] Support custom hash function
95e99f1 fix tests.c in the count == 0 case
452d8e4 Merge ElementsProject#523: scratch: add stack frame support
6fe5043 scratch: add stack frame support
9bc2e26 Merge ElementsProject#522: parameterize ecmult_const over input size
7c1b91b parameterize ecmult_const over input size
dbc3ddd Merge ElementsProject#513: Increase sparsity of pippenger fixed window naf representation
fb9271d Merge ElementsProject#510: add a couple missing `const`s to ecmult_pippenger_wnaf
cd5f602 Merge ElementsProject#515: Fix typo
09146ae Merge ElementsProject#512: secp256k1_ec_privkey_negate - fix documentation
ec0a7b3 Don't touch leading zeros in wnaf_fixed.
9e36d1b Fix bug in wnaf_fixed where the wnaf array is not completely zeroed when given a 0 scalar.
96f68a0 Don't invert scalar in wnaf_fixed when it is even because a caller might intentionally give a scalar with many leading zeros.
9b7c47a Fix typo
6dbb007 Increase sparsity of pippenger fixed window naf representation
1646ace secp256k1_ec_privkey_negate - fix documentation
9b3ff03 add a couple missing `const`s to ecmult_pippenger_wnaf
cd329db Merge ElementsProject#460: [build] Update ax_jni_include_dir.m4 macro
7f9c1a1 Merge ElementsProject#498: tests: Avoid calling fclose(...) with an invalid argument
f99aa8d Merge ElementsProject#499: tests: Make sure we get the requested number of bytes from /dev/urandom
b549d3d Merge ElementsProject#472: [build] Set --enable-jni to no by default instead of auto.
d333521 Merge ElementsProject#494: Support OpenSSL versions >= 1.1 for ENABLE_OPENSSL_TESTS
2ef8ea5 Merge ElementsProject#495: Add bench_ecmult to .gitignore
82a96e4 tests: Make sure we get the requested number of bytes from /dev/urandom
5aae5b5 Avoid calling fclose(...) with an invalid argument
cb32940 Add bench_ecmult to .gitignore
31abd3a Support OpenSSL versions >= 1.1 for ENABLE_OPENSSL_TESTS
c95f6f1 Merge ElementsProject#487: fix tests typo, s/changed/unchanged
fb46c83 Merge ElementsProject#463: Reduce usage of hardcoded size constants
02f5001 Merge ElementsProject#490: Disambiguate bench functions and types
1f46d60 Disambiguate bench functions and types
f54c6c5 Merge ElementsProject#480: Enable benchmark building by default
c77fc08 Merge ElementsProject#486: Add pippenger_wnaf for multi-multiplication
d2f9c6b Use more precise pippenger bucket windows
4c950bb Save some additions per window in _pippenger_wnaf
a58f543 Add flags for choosing algorithm in ecmult_multi benchmark
36b22c9 Use scratch space dependent batching in ecmult_multi
355a38f Add pippenger_wnaf ecmult_multi
bc65aa7 Add bench_ecmult
dba5471 Add ecmult_multi tests
8c1c831 Generalize Strauss to support multiple points
548de42 add resizeable scratch space API
0e96cdc fix typo, s/changed/unchanged
c7680e5 Reduce usage of hardcoded size constants
6ad5cdb Merge ElementsProject#479: Get rid of reserved _t in type names
7a78f60 Print whether we're building benchmarks
4afec9f Build benchmarks by default
d1dc9df Get rid of reserved _t in type names
57752d2 [build] Set --enable-jni to no by default instead of auto.
e7daa9b [build] Tweak JNI macro to warn instead of error for JNI not found.
5b22977 [build] Update ax_jni_include_dir.m4 macro to deal with recent versions of macOS

git-subtree-dir: src/secp256k1
git-subtree-split: 98540d5d178ae03ced3b4e9d5aa587156655c590

.gitignore

@@ -1,5 +1,6 @@
 bench_inv
 bench_ecdh
+bench_ecmult
 bench_sign
 bench_verify
 bench_schnorr_verify

.travis.yml

@@ -11,7 +11,7 @@ cache:
   - src/java/guava/
 env:
   global:
-    - FIELD=auto  BIGNUM=auto  SCALAR=auto  ENDOMORPHISM=no  STATICPRECOMPUTATION=yes  ASM=no  BUILD=check  EXTRAFLAGS=  HOST=  ECDH=no  RECOVERY=no  EXPERIMENTAL=no
+    - FIELD=auto  BIGNUM=auto  SCALAR=auto  ENDOMORPHISM=no  STATICPRECOMPUTATION=yes  ASM=no  BUILD=check  EXTRAFLAGS=  HOST=  ECDH=no  RECOVERY=no  EXPERIMENTAL=no  JNI=no
     - GUAVA_URL=https://search.maven.org/remotecontent?filepath=com/google/guava/guava/18.0/guava-18.0.jar GUAVA_JAR=src/java/guava/guava-18.0.jar
   matrix:
     - SCALAR=32bit    RECOVERY=yes
@@ -29,7 +29,7 @@ env:
     - BUILD=distcheck
     - EXTRAFLAGS=CPPFLAGS=-DDETERMINISTIC
     - EXTRAFLAGS=CFLAGS=-O0
-    - BUILD=check-java ECDH=yes EXPERIMENTAL=yes
+    - BUILD=check-java JNI=yes ECDH=yes EXPERIMENTAL=yes
 matrix:
   fast_finish: true
   include:
@@ -65,5 +65,5 @@ before_script: ./autogen.sh
 script:
  - if [ -n "$HOST" ]; then export USE_HOST="--host=$HOST"; fi
  - if [ "x$HOST" = "xi686-linux-gnu" ]; then export CC="$CC -m32"; fi
- - ./configure --enable-experimental=$EXPERIMENTAL --enable-endomorphism=$ENDOMORPHISM --with-field=$FIELD --with-bignum=$BIGNUM --with-scalar=$SCALAR --enable-ecmult-static-precomputation=$STATICPRECOMPUTATION --enable-module-ecdh=$ECDH --enable-module-recovery=$RECOVERY $EXTRAFLAGS $USE_HOST && make -j2 $BUILD
+ - ./configure --enable-experimental=$EXPERIMENTAL --enable-endomorphism=$ENDOMORPHISM --with-field=$FIELD --with-bignum=$BIGNUM --with-scalar=$SCALAR --enable-ecmult-static-precomputation=$STATICPRECOMPUTATION --enable-module-ecdh=$ECDH --enable-module-recovery=$RECOVERY --enable-jni=$JNI $EXTRAFLAGS $USE_HOST && make -j2 $BUILD
 os: linux

Makefile.am

@@ -42,6 +42,8 @@ noinst_HEADERS += src/field_5x52_asm_impl.h
 noinst_HEADERS += src/java/org_bitcoin_NativeSecp256k1.h
 noinst_HEADERS += src/java/org_bitcoin_Secp256k1Context.h
 noinst_HEADERS += src/util.h
+noinst_HEADERS += src/scratch.h
+noinst_HEADERS += src/scratch_impl.h
 noinst_HEADERS += src/testrand.h
 noinst_HEADERS += src/testrand_impl.h
 noinst_HEADERS += src/hash.h
@@ -79,14 +81,17 @@ libsecp256k1_jni_la_CPPFLAGS = -DSECP256K1_BUILD $(JNI_INCLUDES)
 
 noinst_PROGRAMS =
 if USE_BENCHMARK
-noinst_PROGRAMS += bench_verify bench_sign bench_internal
+noinst_PROGRAMS += bench_verify bench_sign bench_internal bench_ecmult
 bench_verify_SOURCES = src/bench_verify.c
 bench_verify_LDADD = libsecp256k1.la $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB)
 bench_sign_SOURCES = src/bench_sign.c
 bench_sign_LDADD = libsecp256k1.la $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB)
 bench_internal_SOURCES = src/bench_internal.c
 bench_internal_LDADD = $(SECP_LIBS) $(COMMON_LIB)
 bench_internal_CPPFLAGS = -DSECP256K1_BUILD $(SECP_INCLUDES)
+bench_ecmult_SOURCES = src/bench_ecmult.c
+bench_ecmult_LDADD = $(SECP_LIBS) $(COMMON_LIB)
+bench_ecmult_CPPFLAGS = -DSECP256K1_BUILD $(SECP_INCLUDES)
 endif
 
 TESTS =
@@ -159,6 +164,7 @@ $(gen_context_BIN): $(gen_context_OBJECTS)
 $(libsecp256k1_la_OBJECTS): src/ecmult_static_context.h
 $(tests_OBJECTS): src/ecmult_static_context.h
 $(bench_internal_OBJECTS): src/ecmult_static_context.h
+$(bench_ecmult_OBJECTS): src/ecmult_static_context.h
 
 src/ecmult_static_context.h: $(gen_context_BIN)
 	./$(gen_context_BIN)
@@ -175,3 +181,19 @@ endif
 if ENABLE_MODULE_RECOVERY
 include src/modules/recovery/Makefile.am.include
 endif
+
+if ENABLE_MODULE_GENERATOR
+include src/modules/generator/Makefile.am.include
+endif
+
+if ENABLE_MODULE_RANGEPROOF
+include src/modules/rangeproof/Makefile.am.include
+endif
+
+if ENABLE_MODULE_WHITELIST
+include src/modules/whitelist/Makefile.am.include
+endif
+
+if ENABLE_MODULE_SURJECTIONPROOF
+include src/modules/surjection/Makefile.am.include
+endif

build-aux/m4/ax_jni_include_dir.m4

@@ -1,5 +1,5 @@
 # ===========================================================================
-#    http://www.gnu.org/software/autoconf-archive/ax_jni_include_dir.html
+#    https://www.gnu.org/software/autoconf-archive/ax_jni_include_dir.html
 # ===========================================================================
 #
 # SYNOPSIS
@@ -44,7 +44,7 @@
 #   and this notice are preserved. This file is offered as-is, without any
 #   warranty.
 
-#serial 10
+#serial 14
 
 AU_ALIAS([AC_JNI_INCLUDE_DIR], [AX_JNI_INCLUDE_DIR])
 AC_DEFUN([AX_JNI_INCLUDE_DIR],[
@@ -66,40 +66,45 @@ else
 fi
 
 case "$host_os" in
-        darwin*)        _JTOPDIR=`echo "$_JTOPDIR" | sed -e 's:/[[^/]]*$::'`
-                        _JINC="$_JTOPDIR/Headers";;
-        *)              _JINC="$_JTOPDIR/include";;
+        darwin*)        # Apple Java headers are inside the Xcode bundle.
+            macos_version=$(sw_vers -productVersion | sed -n -e 's/^@<:@0-9@:>@*.\(@<:@0-9@:>@*\).@<:@0-9@:>@*/\1/p')
+            if @<:@ "$macos_version" -gt "7" @:>@; then
+                _JTOPDIR="$(xcrun --show-sdk-path)/System/Library/Frameworks/JavaVM.framework"
+                _JINC="$_JTOPDIR/Headers"
+            else
+                _JTOPDIR="/System/Library/Frameworks/JavaVM.framework"
+                _JINC="$_JTOPDIR/Headers"
+            fi
+            ;;
+        *) _JINC="$_JTOPDIR/include";;
 esac
 _AS_ECHO_LOG([_JTOPDIR=$_JTOPDIR])
 _AS_ECHO_LOG([_JINC=$_JINC])
 
 # On Mac OS X 10.6.4, jni.h is a symlink:
 # /System/Library/Frameworks/JavaVM.framework/Versions/Current/Headers/jni.h
 # -> ../../CurrentJDK/Headers/jni.h.
-
 AC_CACHE_CHECK(jni headers, ac_cv_jni_header_path,
 [
-if test -f "$_JINC/jni.h"; then
-  ac_cv_jni_header_path="$_JINC"
-  JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $ac_cv_jni_header_path"
-else
-  _JTOPDIR=`echo "$_JTOPDIR" | sed -e 's:/[[^/]]*$::'`
-  if test -f "$_JTOPDIR/include/jni.h"; then
-    ac_cv_jni_header_path="$_JTOPDIR/include"
+  if test -f "$_JINC/jni.h"; then
+    ac_cv_jni_header_path="$_JINC"
     JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $ac_cv_jni_header_path"
   else
-    ac_cv_jni_header_path=none
+    _JTOPDIR=`echo "$_JTOPDIR" | sed -e 's:/[[^/]]*$::'`
+    if test -f "$_JTOPDIR/include/jni.h"; then
+      ac_cv_jni_header_path="$_JTOPDIR/include"
+      JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $ac_cv_jni_header_path"
+    else
+      ac_cv_jni_header_path=none
+    fi
   fi
-fi
 ])
 
-
-
 # get the likely subdirectories for system specific java includes
 case "$host_os" in
 bsdi*)          _JNI_INC_SUBDIRS="bsdos";;
-darwin*)        _JNI_INC_SUBDIRS="darwin";;
 freebsd*)       _JNI_INC_SUBDIRS="freebsd";;
+darwin*)        _JNI_INC_SUBDIRS="darwin";;
 linux*)         _JNI_INC_SUBDIRS="linux genunix";;
 osf*)           _JNI_INC_SUBDIRS="alpha";;
 solaris*)       _JNI_INC_SUBDIRS="solaris";;
@@ -112,9 +117,9 @@ if test "x$ac_cv_jni_header_path" != "xnone"; then
   # add any subdirectories that are present
   for JINCSUBDIR in $_JNI_INC_SUBDIRS
   do
-      if test -d "$_JTOPDIR/include/$JINCSUBDIR"; then
-           JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $_JTOPDIR/include/$JINCSUBDIR"
-      fi
+    if test -d "$_JTOPDIR/include/$JINCSUBDIR"; then
+         JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $_JTOPDIR/include/$JINCSUBDIR"
+    fi
   done
 fi
 ])

build-aux/m4/bitcoin_secp.m4

@@ -48,7 +48,6 @@ if test x"$has_libcrypto" = x"yes" && test x"$has_openssl_ec" = x; then
     EC_KEY_free(eckey);
     ECDSA_SIG *sig_openssl;
     sig_openssl = ECDSA_SIG_new();
-    (void)sig_openssl->r;
     ECDSA_SIG_free(sig_openssl);
   ]])],[has_openssl_ec=yes],[has_openssl_ec=no])
   AC_MSG_RESULT([$has_openssl_ec])

configure.ac

@@ -85,9 +85,9 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])],
     ])
 
 AC_ARG_ENABLE(benchmark,
-    AS_HELP_STRING([--enable-benchmark],[compile benchmark (default is no)]),
+    AS_HELP_STRING([--enable-benchmark],[compile benchmark (default is yes)]),
     [use_benchmark=$enableval],
-    [use_benchmark=no])
+    [use_benchmark=yes])
 
 AC_ARG_ENABLE(coverage,
     AS_HELP_STRING([--enable-coverage],[enable compiler flags to support kcov coverage analysis]),
@@ -134,10 +134,30 @@ AC_ARG_ENABLE(module_recovery,
     [enable_module_recovery=$enableval],
     [enable_module_recovery=no])
 
+AC_ARG_ENABLE(module_generator,
+    AS_HELP_STRING([--enable-module-generator],[enable NUMS generator module (default is no)]),
+    [enable_module_generator=$enableval],
+    [enable_module_generator=no])
+
+AC_ARG_ENABLE(module_rangeproof,
+    AS_HELP_STRING([--enable-module-rangeproof],[enable Pedersen / zero-knowledge range proofs module (default is no)]),
+    [enable_module_rangeproof=$enableval],
+    [enable_module_rangeproof=no])
+
+AC_ARG_ENABLE(module_whitelist,
+    AS_HELP_STRING([--enable-module-whitelist],[enable key whitelisting module (default is no)]),
+    [enable_module_whitelist=$enableval],
+    [enable_module_whitelist=no])
+
 AC_ARG_ENABLE(jni,
-    AS_HELP_STRING([--enable-jni],[enable libsecp256k1_jni (default is auto)]),
+    AS_HELP_STRING([--enable-jni],[enable libsecp256k1_jni (default is no)]),
     [use_jni=$enableval],
-    [use_jni=auto])
+    [use_jni=no])
+
+AC_ARG_ENABLE(module_surjectionproof,
+    AS_HELP_STRING([--enable-module-surjectionproof],[enable surjection proof module (default is no)]),
+    [enable_module_surjectionproof=$enableval],
+    [enable_module_surjectionproof=no])
 
 AC_ARG_WITH([field], [AS_HELP_STRING([--with-field=64bit|32bit|auto],
 [Specify Field Implementation. Default is auto])],[req_field=$withval], [req_field=auto])
@@ -167,6 +187,12 @@ else
     CFLAGS="$CFLAGS -O3"
 fi
 
+AC_MSG_CHECKING([for __builtin_popcount])
+AC_COMPILE_IFELSE([AC_LANG_SOURCE([[void myfunc() {__builtin_popcount(0);}]])],
+    [ AC_MSG_RESULT([yes]);AC_DEFINE(HAVE_BUILTIN_POPCOUNT,1,[Define this symbol if __builtin_popcount is available]) ],
+    [ AC_MSG_RESULT([no])
+    ])
+
 if test x"$use_ecmult_static_precomputation" != x"no"; then
   save_cross_compiling=$cross_compiling
   cross_compiling=no
@@ -195,6 +221,12 @@ else
   set_precomp=no
 fi
 
+AC_MSG_CHECKING([for  __builtin_clzll])
+AC_COMPILE_IFELSE([AC_LANG_SOURCE([[void myfunc() { __builtin_clzll(1);}]])],
+    [ AC_MSG_RESULT([yes]);AC_DEFINE(HAVE_BUILTIN_CLZLL,1,[Define this symbol if  __builtin_clzll is available]) ],
+    [ AC_MSG_RESULT([no])
+    ])
+
 if test x"$req_asm" = x"auto"; then
   SECP_64BIT_ASM_CHECK
   if test x"$has_64bit_asm" = x"yes"; then
@@ -435,6 +467,22 @@ if test x"$enable_module_recovery" = x"yes"; then
   AC_DEFINE(ENABLE_MODULE_RECOVERY, 1, [Define this symbol to enable the ECDSA pubkey recovery module])
 fi
 
+if test x"$enable_module_generator" = x"yes"; then
+  AC_DEFINE(ENABLE_MODULE_GENERATOR, 1, [Define this symbol to enable the NUMS generator module])
+fi
+
+if test x"$enable_module_rangeproof" = x"yes"; then
+  AC_DEFINE(ENABLE_MODULE_RANGEPROOF, 1, [Define this symbol to enable the Pedersen / zero knowledge range proof module])
+fi
+
+if test x"$enable_module_whitelist" = x"yes"; then
+  AC_DEFINE(ENABLE_MODULE_WHITELIST, 1, [Define this symbol to enable the key whitelisting module])
+fi
+
+if test x"$enable_module_surjectionproof" = x"yes"; then
+  AC_DEFINE(ENABLE_MODULE_SURJECTIONPROOF, 1, [Define this symbol to enable the surjection proof module])
+fi
+
 AC_C_BIGENDIAN()
 
 if test x"$use_external_asm" = x"yes"; then
@@ -447,6 +495,7 @@ AC_MSG_NOTICE([Using field implementation: $set_field])
 AC_MSG_NOTICE([Using bignum implementation: $set_bignum])
 AC_MSG_NOTICE([Using scalar implementation: $set_scalar])
 AC_MSG_NOTICE([Using endomorphism optimizations: $use_endomorphism])
+AC_MSG_NOTICE([Building benchmarks: $use_benchmark])
 AC_MSG_NOTICE([Building for coverage analysis: $enable_coverage])
 AC_MSG_NOTICE([Building ECDH module: $enable_module_ecdh])
 AC_MSG_NOTICE([Building ECDSA pubkey recovery module: $enable_module_recovery])
@@ -457,14 +506,45 @@ if test x"$enable_experimental" = x"yes"; then
   AC_MSG_NOTICE([WARNING: experimental build])
   AC_MSG_NOTICE([Experimental features do not have stable APIs or properties, and may not be safe for production use.])
   AC_MSG_NOTICE([Building ECDH module: $enable_module_ecdh])
+  AC_MSG_NOTICE([Building NUMS generator module: $enable_module_generator])
+  AC_MSG_NOTICE([Building range proof module: $enable_module_rangeproof])
+  AC_MSG_NOTICE([Building key whitelisting module: $enable_module_whitelist])
+  AC_MSG_NOTICE([Building surjection proof module: $enable_module_surjectionproof])
   AC_MSG_NOTICE([******])
+
+  if test x"$enable_module_generator" != x"yes"; then
+    if test x"$enable_module_rangeproof" = x"yes"; then
+      AC_MSG_ERROR([Rangeproof module requires the generator module. Use --enable-module-generator to allow.])
+    fi
+  fi
+
+  if test x"$enable_module_rangeproof" != x"yes"; then
+    if test x"$enable_module_whitelist" = x"yes"; then
+      AC_MSG_ERROR([Whitelist module requires the rangeproof module. Use --enable-module-rangeproof to allow.])
+    fi
+    if test x"$enable_module_surjectionproof" = x"yes"; then
+      AC_MSG_ERROR([Surjection proof module requires the rangeproof module. Use --enable-module-rangeproof to allow.])
+    fi
+  fi
 else
   if test x"$enable_module_ecdh" = x"yes"; then
     AC_MSG_ERROR([ECDH module is experimental. Use --enable-experimental to allow.])
   fi
   if test x"$set_asm" = x"arm"; then
     AC_MSG_ERROR([ARM assembly optimization is experimental. Use --enable-experimental to allow.])
   fi
+  if test x"$enable_module_generator" = x"yes"; then
+    AC_MSG_ERROR([NUMS generator module is experimental. Use --enable-experimental to allow.])
+  fi
+  if test x"$enable_module_rangeproof" = x"yes"; then
+    AC_MSG_ERROR([Range proof module is experimental. Use --enable-experimental to allow.])
+  fi
+  if test x"$enable_module_whitelist" = x"yes"; then
+    AC_MSG_ERROR([Key whitelisting module is experimental. Use --enable-experimental to allow.])
+  fi
+  if test x"$enable_module_surjectionproof" = x"yes"; then
+    AC_MSG_ERROR([Surjection proof module is experimental. Use --enable-experimental to allow.])
+  fi
 fi
 
 AC_CONFIG_HEADERS([src/libsecp256k1-config.h])
@@ -481,9 +561,13 @@ AM_CONDITIONAL([USE_BENCHMARK], [test x"$use_benchmark" = x"yes"])
 AM_CONDITIONAL([USE_ECMULT_STATIC_PRECOMPUTATION], [test x"$set_precomp" = x"yes"])
 AM_CONDITIONAL([ENABLE_MODULE_ECDH], [test x"$enable_module_ecdh" = x"yes"])
 AM_CONDITIONAL([ENABLE_MODULE_RECOVERY], [test x"$enable_module_recovery" = x"yes"])
+AM_CONDITIONAL([ENABLE_MODULE_GENERATOR], [test x"$enable_module_generator" = x"yes"])
+AM_CONDITIONAL([ENABLE_MODULE_RANGEPROOF], [test x"$enable_module_rangeproof" = x"yes"])
+AM_CONDITIONAL([ENABLE_MODULE_WHITELIST], [test x"$enable_module_whitelist" = x"yes"])
 AM_CONDITIONAL([USE_JNI], [test x"$use_jni" == x"yes"])
 AM_CONDITIONAL([USE_EXTERNAL_ASM], [test x"$use_external_asm" = x"yes"])
 AM_CONDITIONAL([USE_ASM_ARM], [test x"$set_asm" = x"arm"])
+AM_CONDITIONAL([ENABLE_MODULE_SURJECTIONPROOF], [test x"$enable_module_surjectionproof" = x"yes"])
 
 dnl make sure nothing new is exported so that we don't break the cache
 PKGCONFIG_PATH_TEMP="$PKG_CONFIG_PATH"