Gregory Maxwell [Thu, 21 Feb 2019 11:42:08 +0000 (11:42 +0000)]
Merge #516: improvements to random seed in src/tests.c
be40c4d Fixup for C90 mixed declarations. (Gregory Maxwell) 8b3841c fix bug in fread() failure check (Don Viszneki) cddef0c tests: add warning message when /dev/urandom fails (Don Viszneki)
Pull request description:
I've made two small changes to `src/tests.c` circa random seed generation.
Added a warning when `/dev/urandom` fails, mostly to defend against the case that someone should use the code verbatim, but also to enhance its illustrative power.
Also I fixed a bug with how the return value of `fread()` was being evaluated. In fact, `/dev/urandom` was never being applied before as the check on the return value of `fread()` always failed!
Gregory Maxwell [Thu, 21 Feb 2019 04:31:26 +0000 (04:31 +0000)]
Merge #587: Make randomization of a non-signing context a noop
6198375 Make randomization of a non-signing context a noop (Tim Ruffing)
Pull request description:
Before this commit secp256k1_context_randomize called illegal_callback
when called on a context not initialized for signing. This is not
documented. Moreover, it is not desirable because non-signing contexts
may use randomization in the future.
This commit makes secp256k1_context_randomize a noop in this case. This
is safe because the context cannot be used for signing anyway.
This fixes #573 and it fixes rust-bitcoin/rust-secp256k1#82.
Gregory Maxwell [Thu, 21 Feb 2019 04:17:54 +0000 (04:17 +0000)]
Merge #539: Assorted minor corrections
52ab96f clean dependendies in field_*_impl.h (Russell O'Connor) deff5ed Correct math typos in field_*.h (Russell O'Connor) 4efb3f8 Add check that restrict pointers don't alias with all parameters. (Russell O'Connor)
Pull request description:
* add more checks for restrict pointers.
* correct math typos.
* refine dependencies on "num.h"
9bd89c8 Optimize secp256k1_fe_normalize_weak calls. Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead. (Russell O'Connor)
Pull request description:
Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead.
Tim Ruffing [Sun, 27 Jan 2019 12:17:37 +0000 (13:17 +0100)]
Make randomization of a non-signing context a noop
Before this commit secp256k1_context_randomize called illegal_callback
when called on a context not initialized for signing. This is not
documented. Moreover, it is not desirable because non-signing contexts
may use randomization in the future.
This commit makes secp256k1_context_randomize a noop in this case. This
is safe because the context cannot be used for signing anyway.
This fixes #573 and it fixes rust-bitcoin/rust-secp256k1#82.
Pieter Wuille [Mon, 26 Nov 2018 17:12:55 +0000 (09:12 -0800)]
Merge #557: Eliminate scratch memory used when generating contexts
b3bf5f9 ecmult_impl: expand comment to explain how effective affine interacts with everything (Andrew Poelstra) efa783f Store z-ratios in the 'x' coord they'll recover (Peter Dettman) ffd3b34 add `secp256k1_ge_set_all_gej_var` test which deals with many infinite points (Andrew Poelstra) 84740ac ecmult_impl: save one fe_inv_var (Andrew Poelstra) 4704527 ecmult_impl: eliminate scratch memory used when generating context (Andrew Poelstra) 7f7a2ed ecmult_gen_impl: eliminate scratch memory used when generating context (Andrew Poelstra)
Pieter Wuille [Tue, 6 Nov 2018 02:23:52 +0000 (18:23 -0800)]
Merge #553: add static context object which has no capabilities
40fde61 prevent attempts to modify `secp256k1_context_no_precomp` (Andrew Poelstra) ed7c084 add static context object which has no capabilities (Andrew Poelstra)
Pieter Wuille [Wed, 17 Oct 2018 19:12:31 +0000 (12:12 -0700)]
Merge #354: [ECDH API change] Support custom hash function
c8fbc3c [ECDH API change] Allow pass arbitrary data to hash function (Kirill Fomichev) b00be65 [ECDH API change] Support custom hash function (Kirill Fomichev)
Russell O'Connor [Mon, 13 Aug 2018 03:47:38 +0000 (23:47 -0400)]
Optimize secp256k1_fe_normalize_weak calls.
Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead.
6fe5043 scratch: add stack frame support (Andrew Poelstra)
Pull request description:
Replaces the single-blob stack space ith one that internally manages multiple blobs, which are exposed to the user as "frames". Users allocate new blobs with `secp256k1_scratch_allocate_frame` and deallocate them with `secp256k1_scratch_deallocate_frame`. Then any calls to `secp256k1_scratch_alloc` use the frame at the top of the stack. This is guaranteed to succeed, assuming that the frame allocation succeeded and that the user is not requesting more memory than the frame was allocated with.
Merge #513: Increase sparsity of pippenger fixed window naf representation
ec0a7b3 Don't touch leading zeros in wnaf_fixed. (Jonas Nick) 9e36d1b Fix bug in wnaf_fixed where the wnaf array is not completely zeroed when given a 0 scalar. (Jonas Nick) 96f68a0 Don't invert scalar in wnaf_fixed when it is even because a caller might intentionally give a scalar with many leading zeros. (Jonas Nick) 6dbb007 Increase sparsity of pippenger fixed window naf representation (Jonas Nick)
Don Viszneki [Tue, 6 Mar 2018 02:45:00 +0000 (18:45 -0800)]
fix bug in fread() failure check
the two middle arguments to fread() are easily confused, and cause the
checking of return value to fail incorrectly (and possibly succeed
incorrectly.)
e7daa9b [build] Tweak JNI macro to warn instead of error for JNI not found. (Karl-Johan Alm) 5b22977 [build] Update ax_jni_include_dir.m4 macro to deal with recent versions of macOS (Karl-Johan Alm)
Pull request description:
Prior to this patch, this macro fails to find a working directory for the JNI headers, and results in compile failure when doing
```
./configure --enable-experimental --enable-module-ecdh --enable-jni
```
on more recent macOS versions. The relevant commit upstream is [here](http://git.savannah.gnu.org/gitweb/?p=autoconf-archive.git;a=commit;h=ab23d25b1f1ae544fffdaa0a94a794798695c672) from the [GNU.org page for the macro](https://www.gnu.org/software/autoconf-archive/ax_jni_include_dir.html). The original (identical to the version in this commit) is [here](http://git.savannah.gnu.org/gitweb/?p=autoconf-archive.git;a=blob_plain;f=m4/ax_jni_include_dir.m4).
The compile failure:
```Bash
$ make
gcc -I. -g -O2 -Wall -Wextra -Wno-unused-function -c src/gen_context.c -o gen_context.o
gcc gen_context.o -o gen_context
./gen_context
CC src/libsecp256k1_la-secp256k1.lo
CC src/java/libsecp256k1_jni_la-org_bitcoin_NativeSecp256k1.lo
In file included from src/java/org_bitcoin_NativeSecp256k1.c:4:
In file included from src/java/org_bitcoin_NativeSecp256k1.h:2:
/Library/Java/JavaVirtualMachines/jdk1.7.0_71.jdk/Contents/Headers/jni.h:45:10: fatal error:
'jni_md.h' file not found
#include "jni_md.h"
^
1 error generated.
make: *** [src/java/libsecp256k1_jni_la-org_bitcoin_NativeSecp256k1.lo] Error 1
```
Gregory Maxwell [Tue, 6 Feb 2018 22:43:19 +0000 (22:43 +0000)]
Merge #494: Support OpenSSL versions >= 1.1 for ENABLE_OPENSSL_TESTS
31abd3a Support OpenSSL versions >= 1.1 for ENABLE_OPENSSL_TESTS (Alexander Block)
Pull request description:
The only reason OpenSSL 1.1 was not supported was the removal of direct
access to r and s in ECDSA_SIG. This commit adds a simplified version of
ECDSA_SIG_get0 for < 1.1 that can be used like ECDSA_SIG_get0 in >= 1.1
Alexander Block [Thu, 28 Dec 2017 10:36:24 +0000 (11:36 +0100)]
Support OpenSSL versions >= 1.1 for ENABLE_OPENSSL_TESTS
The only reason OpenSSL 1.1 was not supported was the removal of direct
access to r and s in ECDSA_SIG. This commit adds a simplified version of
ECDSA_SIG_get0 for < 1.1 that can be used like ECDSA_SIG_get0 in >= 1.1
Pieter Wuille [Thu, 21 Dec 2017 22:07:15 +0000 (14:07 -0800)]
Merge #463: Reduce usage of hardcoded size constants
c7680e5 Reduce usage of hardcoded size constants (Thomas Snider)
Pull request description:
In particular the usage of keylen in nonce_function_rfc6979 seemed precarious - in one conditional it was unconditionally set, then in the next it was added to. While it was clearly correct as written, I think this change makes it easier to reason about for new eyes and more resistant to breakage if there is any future change to what gets fed into the PRNG.
Pieter Wuille [Mon, 18 Dec 2017 22:38:35 +0000 (14:38 -0800)]
Merge #480: Enable benchmark building by default
7a78f60 Print whether we're building benchmarks (Pieter Wuille) 4afec9f Build benchmarks by default (Pieter Wuille)
Pull request description:
Building benchmarks is fast, and I have on more than one occasion forgotten to pass `--enable-benchmark`, resulting in accidentally benchmarking a former build.
Pieter Wuille [Fri, 8 Dec 2017 00:46:30 +0000 (16:46 -0800)]
Merge #486: Add pippenger_wnaf for multi-multiplication
d2f9c6b Use more precise pippenger bucket windows (Jonas Nick) 4c950bb Save some additions per window in _pippenger_wnaf (Peter Dettman) a58f543 Add flags for choosing algorithm in ecmult_multi benchmark (Jonas Nick) 36b22c9 Use scratch space dependent batching in ecmult_multi (Jonas Nick) 355a38f Add pippenger_wnaf ecmult_multi (Jonas Nick) bc65aa7 Add bench_ecmult (Pieter Wuille) dba5471 Add ecmult_multi tests (Andrew Poelstra) 8c1c831 Generalize Strauss to support multiple points (Pieter Wuille) 548de42 add resizeable scratch space API (Andrew Poelstra)
Pull request description:
This PR is based on #473 and adds a variant of "Pippengers algorithm" (see [Bernstein et al., Faster batch forgery identification](https://eprint.iacr.org/2012/549.pdf), page 15 and https://github.com/scipr-lab/libff/pull/10) for point multi-multiplication that performs better with a large number of points than Strauss' algorithm.
Thanks to @sipa for providing `wnaf_fixed`, benchmarking, and the crucial suggestion to use affine addition.
The PR also makes `ecmult_multi` decide which algorithm to use, based on the number of points and the available scratch space.
For restricted scratch spaces this can be further optimized in the future (f.e. a 35kB scratch space allows batches of 11 points with strauss or 95 points with pippenger; choosing pippenger would be 5% faster).
As soon as this PR has received some feedback I'll repeat the benchmarks to determine the optimal `pippenger_bucket_window` with the new benchmarking code in #473.
Pieter Wuille [Thu, 10 Aug 2017 23:41:39 +0000 (16:41 -0700)]
Merge #459: Add pubkey prefix constants to include/secp256k1.h
bc61b91 add pubkey prefix constants to include/secp256k1.h (Andrew Poelstra)
Pull request description:
In future multisig implementations we will need to pass nonces around, which are algebraically pubkeys but should not be decodable as pubkeys. The way to do this is to change the prefix byte from the ordinary 0x02/0x03 to something else. However, some forks (notably `secp256k1-zkp`) have started using some bytes for their own encodings, and if we continue to use hardcoded constants the risk of conflict is increased.
This commit puts the prefixes used by the main library into the `include/secp256k1.h` so that the constants we're using will at least be in a standard easy-to-reference place.
projects / secp256k1.git / log