Add Changes From Liquid, Bitcoin #107
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Rebased by Pieter Wuille. Cleanup by Matt Corallo.
I assume this was added to prevent deanonymization, but that doesn't matter anymore since its only used on regtest.
This re-adds the security-checks that were surreptitiously removed all the way back in 8d7849b.
…of -testnet and -regtest
|
This is meant to represent what was previously the |
|
@Christewart |
|
Pushed some changes to allow pegins into blocks without manually setting at the command-line. |
jtimon
reviewed
Jan 25, 2017
src/txdb.cpp
Outdated
| @@ -199,7 +199,7 @@ bool CBlockTreeDB::LoadBlockIndexGuts(boost::function<CBlockIndex*(const uint256 | |||
| pindexNew->nStatus = diskindex.nStatus; | |||
| pindexNew->nTx = diskindex.nTx; | |||
|
|
|||
| if (!CheckProofOfWork(pindexNew->GetBlockHash(), pindexNew->nBits, Params().GetConsensus())) | |||
| if (!CheckProofOfWork(pindexNew->GetBlockHash(), pindexNew->nBits, consensusParams)) | |||
There was a problem hiding this comment.
It seems this commit needs s/consensusParams/Params().GetConsensus()/ in this line to compile (or be moved upwards in the branch).
jtimon
reviewed
Jan 25, 2017
There was a problem hiding this comment.
This commit (ie 6848561) should be marked for upstream, these are unused variables that can be removed in bitcoin/master too atm (see bitcoin/bitcoin#9627).
Christewart
reviewed
Jan 29, 2017
| if (!GetLockedOutputs(genesisBlockHash, value+lockDust, lockedUTXO)) | ||
| throw JSONRPCError(RPC_INVALID_PARAMETER, "Failed to find inputs with sufficient value - are you sure bitcoinTx is valid?"); | ||
|
|
||
| while (lockedUTXO.size() != 1) { |
There was a problem hiding this comment.
This loop predicate seems rather strange to me. Why exactly lockecUTXO.size != 1? What happens if we are given 0 utxos? Maybe there is a guard against that in code leading up to this, but it seems like this is fragile.
Also, by reading this piece of code I have a hard time deciphering what is actually going on here. Are we creating a chain of transactions that consolidates locked UTXOs to one output on the sidechain?
There was a problem hiding this comment.
GetLockedOutputs will return true IFF enough unspent unlocked funds were found. This should pretty much never return false(?) as it will spend in-mempool locked utxos as well, as a last resort. If it returns true that guarantees a non-0 amount of utxos.
Are we creating a chain of transactions that consolidates locked UTXOs to one output on the sidechain?
Indeed. There are two types of OP_WPV spends(simplification):
- Claims, which consume a single locked utxo and output a normal utxo
- reductions, which take 2 utxos and combine them into 1
So if the value returned is spread among 5 utxos it will make a chain of 4 reductions, then a pegin transaction of the correct amount.
There was a problem hiding this comment.
So why create this chain of transactions instead adding all the inputs to one tx and creating a single output?
|
It's due to how the consolation transaction scripts work. You might have to
dive into the interpreter code to grok it.
…On Jan 29, 2017 3:56 PM, "Chris Stewart" ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In src/wallet/rpcwallet.cpp
<#107>:
> + relock_spk << OP_WITHDRAWPROOFVERIFY;
+
+ if (value > MAX_MONEY / 200)
+ throw JSONRPCError(RPC_VERIFY_REJECTED, "IsStandard rules prevent pegging-in > 0.105 million BTC reliably at a time - please work with your functionary to mine a large lock-merge transaction first");
+
+ //Pad the locked outputs by the IsStandard lock dust value
+ CTxOut dummyTxOut(0, relock_spk);
+ CAmount lockDust(dummyTxOut.GetDustThreshold(withdrawLockTxFee));
+
+ LOCK(cs_main);
+
+ std::vector<std::pair<COutPoint, CAmount> > lockedUTXO;
+ if (!GetLockedOutputs(genesisBlockHash, value+lockDust, lockedUTXO))
+ throw JSONRPCError(RPC_INVALID_PARAMETER, "Failed to find inputs with sufficient value - are you sure bitcoinTx is valid?");
+
+ while (lockedUTXO.size() != 1) {
So why create this chain of transactions instead adding all the inputs to
one tx and creating a single output?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#107>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AFgC09jj4ZAP00eZk2043g5p2pBTJUQ-ks5rXScSgaJpZM4LncdQ>
.
|
|
FYI, when I try to compile the refresh branch on OSX 10.12.3, it won't compile. This is due to a protobuf issue. This issue was fixed in 0.14 but doesn't seem to have been backported to 0.13. Anyway, the immediate workaround is to install protobuf 2.6. Backporting the 0.14 fix wouldn't hurt, though. :) I'll backport and test to make sure it works. EDIT: Confirmed that backporting the src/compat/byteswap.h change fixes the problem. EDIT 2: Backported the fix to 0.13. |
|
@droark thanks for the heads up. I've pushed the commit here and tests seem to be passing. Could you ACK the build on the last commit? |
|
Assuming we don't have any more major changes I'm going to squash and merge today so we have a stable base to work on. |
Note: this also changes the CHAINPARAMS_ELEMENTS constant! The new network name is simply `elements`, and similarly regtest is now `elementsregtest`
…ined. Defers to pre-defined version if found (e.g. protobuf). For protobuf case, the definitions are identical and thus include order should not affect results. Github-Pull: #9366 Rebased-From: 815f414
|
I still haven't reviewed this enough for a full utACK, but I've spent quite some time reviewing it during the last two weeks, finding mostly only things related to the order in which things are done for history cleanness. I plan to continue that work after this is merged to review further and as a preparation for the next rebase to 0.14. 8736efe complies, passes both unitttests and rpc tests. But I don't think that should slow down merging this, we can fix those tests later. There's already 3 open PRs based on this: #109 #111 #112 |
|
@instagibbs - Thanks. Posthumous ACK on the backport. OSX builds Elements with this patch set. Haven't run it yet, though. Will run it later. |
apoelstra
pushed a commit
to apoelstra/elements
that referenced
this pull request
Dec 3, 2020
… window without loaded wallets 7b2e42e qt: Add WalletFrame::sizeHint (Hennadii Stepanov) Pull request description: This PR fixes a bug in master (d67883d) and in 0.20.1 that could be easily reproduced with ``` $ src/qt/bitcoin-qt -regtest -resetguisettings -nowallet ```   **With this PR:**   --- Fix ElementsProject#104 Fix ElementsProject#113 This PR is an alternative to ElementsProject#107 without [hard-coding a size in pixels](bitcoin-core/gui#107 (comment)). ACKs for top commit: jonasschnelli: Tested ACK 7b2e42e - I can confirm this fixes ElementsProject#104 (Ubuntu 20.04 - HiDPI 200%). Tree-SHA512: eb0692dbeb3befdeecca0e41534c9783eab6637c14cc4f170ee42619235884f9354f8d22a10c20c08cc89dc5340a60b7dfa2523c12e64b3386b3fd2c6d5f934e
apoelstra
added a commit
to apoelstra/elements
that referenced
this pull request
Dec 13, 2020
ff4714e641 Merge pull request ElementsProject#105 from jonasnick/update-musig 3fb4d6db9c travis: run musig test whenever schnorrsig tests are run b9d91b3ecb musig: add pubkey_tweak_add function to allow taproot tweaking 0d71b6c61f Merge pull request ElementsProject#112 from jgriffiths/missed_rename 4721bec0ef Update renamed decl missed in e0ced690cff035b61763686cb69b7d06571e23e2 ebf57dc2f5 Merge pull request ElementsProject#107 from thomaseizinger/secp256k1-zkp 4d20713425 Remove unused context initializer functions 38a8b20991 musig: fix memory leak in musig test 5b4eb18ec5 musig: shorten partial nonce byte array from 33 to 32 bytes 62f0b2d867 musig: make musig partial nonces byte arrays instead of "pubkeys" 73792e4a27 musig: represent a combined_nonce as an xonly_pubkey 2117e7466a musig: improve variable naming and be consistent with schnorrsig module ebc31f1f9d musig: add ARG_CHECKs to functions to help debuggability ac2d0e6697 musig: add magic to session to detect if session is uninitalized 29b4bd85d7 musig: simplify state machine by adding explicit round to session struct 6370bdd537 Merge pull request ElementsProject#104 from jonasnick/temp-merge-835 e0ced690cf Rename rands64 to testrandi64 b0917f3de1 Merge remote-tracking branch 'upstream/master' into temp-merge-835 81052ca411 Merge ElementsProject#103: Merge upstream schnorrsig PR 9e5939d284 Merge ElementsProject#835: Don't use reserved identifiers memczero and benchmark_verify_t 96b9236c42 re-enable musig module 23900a0d86 Fix the MuSig module after integrating bip-schnorr updates 005fe79262 Merge commit '8ab24e8d' into tmp a11250330b (actually) remove schnorrsig module bac746c55e (temporarily) disable musig module d0a83f7328 Merge ElementsProject#839: Prevent arithmetic on NULL pointer if the scratch space is too small 903b16aa6c Merge ElementsProject#840: Return NULL early in context_preallocated_create if flags invalid 1f4dd03838 Typedef (u)int128_t only when they're not provided by the compiler ebfa2058e9 Return NULL early in context_preallocated_create if flags invalid 29a299e373 Run the undefined behaviour sanitizer on Travis 7506e064d7 Prevent arithmetic on NULL pointer if the scratch space is too small e89278f211 Don't use reserved identifiers memczero and benchmark_verify_t 73acc8fef6 Merge pull request ElementsProject#102 from jonasnick/temp-merge-797 8b70795b5e Fix BE platforms by updating endianness macros to match upstream d1b13b0014 Merge commit 'f3733c54' into temp-merge-797 23bf5b732b Merge pull request ElementsProject#101 from jonasnick/temp-merge-778 0a5b60d8b0 Merge commit '6034a04f' into temp-merge-778 caa5d24446 Merge ElementsProject#99: [upstream PR ElementsProject#774]: tests: Abort if malloc() fails during context cloning tests 1789183cba Merge commit '40412b19' into temp-merge-774 a39b08d672 Merge ElementsProject#95: [upstream PR ElementsProject#741]: Remove unnecessary sign variable from wnaf_const a3a3a17f47 Merge pull request ElementsProject#94 from apoelstra/temp-merge-1309c03c45beece646a7d21fdb6a0e3d38adee2b fabc8f74e7 Fix typo in MuSig documentation. 96201b4f6e Require message in musig protocol in an earlier state. In particular, remove the set_msg function and require the message in get_public_nonce at the latest. 4fd0d56e37 Fix my_index in musig state machine tests b74f2dc478 Remove mentions of DER in H derivation. b368a5d163 Fix ARG_NONNULL macro usage in musig include bedff79848 Add cplusplus directive to musig include 9957307c3f Fix explanation of H derivation. It doesn't use DER encoding. d924027765 Add tweak32 parameter to musig_partial_sig_combine which allows to sign for p2c/taproot commitments a4410ac779 Add musig module tests to travis d6738e890e surjection proof: Reject proofs with too many used inputs in reduced mode bd70820123 allow reducing surjection proof size (to lower generation stack usage) 56f69d979f surjectionproof: introduce `SECP256K1_SURJECTIONPROOF_MAX_USED_INPUTS` constant and set it to 16 b8a3ff5f3b surjectionproof: reduce stack usage 68d937fe11 surjectionproof: fix malleability in surjection proof parsing 41bc9ce129 surjectionproof: add test vectors for "set padding bits" b0644d4ab3 surjectionproof: add fixed test vectors c0415eb0cb Fix read of wrong buffer (and OOB) in surjectionproof tests 00fffeb172 Improve comments for surctionproof init+alloc/destroy funcs 2dc868f35b work in progress: add _allocate_initialized/destroy funcs 0d4ee3c62d Improve explanation of key cancellation attack in whitelist.md 2a1750dedd Clarify how to derive alternative generator H ed7394f005 Add bench_generator and bench_rangeproof to .gitignore 9dd117fd2b Clean up ./configure help strings (zkp extensions) f35b5e271f Fix a small typo in the generator parameter name 068f03c35b generator: remove `CHECK` abort calls exposed by public API 3424cb1fa3 musig: add user documentation 13ef445721 Add 3-of-3 MuSig example b86c210747 Add MuSig module which allows creating n-of-n multisignatures and adaptor signatures. c59c602dd6 Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification. a1f16a0a53 add chacha20 function 3cdc02ef8a use proper types for rangeproof min/max cf21c9d715 rangeproof: reduce iteration count in unit tests 0dfb356f95 Enable more builds with rest of experimental flags 4c231568fb Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting f416e039bb Add comment to explain effect of max_n_iterations in surjectionproof_init 936d62f248 add unit test for generator and pedersen commitment roundtripping e06540de8c rangeproof: fix serialization of pedersen commintments edb879f578 rangeproof: verify correctness of pedersen commitments when parsing fca4c3b62f generator: verify correctness of point when parsing c50b218698 rangeproof: check that points deserialize correctly when verifying rangeproof c33e597245 rangeproof: add fixed vector test case 0c5cb7cd08 Expose generator in shared library dbc49df80c fix spelling in documentation 47be098bac Test for rejection of trailing bytes in range proofs 16aaa4a02c Test for rejection of trailing bytes in surjection proofs 949e994cb3 Reject surjection proofs with trailing garbage c87618157e Minor bugfix. Wrong length due to NUL character. fc3dc94049 Add whitelisting benchmark edc7cb6cdd add whitelist_impl.h to include for dist 4320490e88 generator: add API tests 126493ef01 generator: remove unnecessary ARG_CHECK from generate() 253f131310 Fix generator makefile 3997128ad9 Fix pedersen_blind_generator_blind_sum return value documentation 04f4c09111 Add n_keys argument to whitelist_verify dbf3d752a8 Fix checks of whitelist serialize/parse arguments 29d0d562dc whitelist: fix serialize/parse API to take serialized length 660ad39fb3 Fix include/secp256k1_rangeproof.h function argument documentation. e13bdf2f23 rangeproof: add API tests 18c5c62b45 surjectionproof: rename unit test functions to be more consistent with other modules 5f1ad03d00 surjectionproof: add API unit tests f858a4e3d5 surjectionproof: tests_impl.h s/assert/CHECK/g 002002e735 rangeproof: fix memory leak in unit tests ba8b4f53ef add surjection proof module 8c77fe1590 Implement ring-signature based whitelist delegation scheme 94425d4a67 rangeproof: several API changes f6c84a02f3 Expose generator in pedersen/rangeproof API 360e218043 Constant-time generator module e7a8a5f638 rangeproof: expose sidechannel message field in the signing API a88db4a744 [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup 16618fcd8d Pedersen commitments, borromean ring signatures, and ZK range proofs. 3cf8f70ba1 Add 64-bit integer utilities git-subtree-dir: src/secp256k1 git-subtree-split: ff4714e6417c56f7235b287d4a9e555df10e09af
apoelstra
added a commit
to apoelstra/elements
that referenced
this pull request
Dec 13, 2020
ff4714e641 Merge pull request ElementsProject#105 from jonasnick/update-musig 3fb4d6db9c travis: run musig test whenever schnorrsig tests are run b9d91b3ecb musig: add pubkey_tweak_add function to allow taproot tweaking 0d71b6c61f Merge pull request ElementsProject#112 from jgriffiths/missed_rename 4721bec0ef Update renamed decl missed in e0ced690cff035b61763686cb69b7d06571e23e2 ebf57dc2f5 Merge pull request ElementsProject#107 from thomaseizinger/secp256k1-zkp 4d20713425 Remove unused context initializer functions 38a8b20991 musig: fix memory leak in musig test 5b4eb18ec5 musig: shorten partial nonce byte array from 33 to 32 bytes 62f0b2d867 musig: make musig partial nonces byte arrays instead of "pubkeys" 73792e4a27 musig: represent a combined_nonce as an xonly_pubkey 2117e7466a musig: improve variable naming and be consistent with schnorrsig module ebc31f1f9d musig: add ARG_CHECKs to functions to help debuggability ac2d0e6697 musig: add magic to session to detect if session is uninitalized 29b4bd85d7 musig: simplify state machine by adding explicit round to session struct 6370bdd537 Merge pull request ElementsProject#104 from jonasnick/temp-merge-835 e0ced690cf Rename rands64 to testrandi64 b0917f3de1 Merge remote-tracking branch 'upstream/master' into temp-merge-835 81052ca411 Merge ElementsProject#103: Merge upstream schnorrsig PR 9e5939d284 Merge ElementsProject#835: Don't use reserved identifiers memczero and benchmark_verify_t 96b9236c42 re-enable musig module 23900a0d86 Fix the MuSig module after integrating bip-schnorr updates 005fe79262 Merge commit '8ab24e8d' into tmp a11250330b (actually) remove schnorrsig module bac746c55e (temporarily) disable musig module d0a83f7328 Merge ElementsProject#839: Prevent arithmetic on NULL pointer if the scratch space is too small 903b16aa6c Merge ElementsProject#840: Return NULL early in context_preallocated_create if flags invalid 1f4dd03838 Typedef (u)int128_t only when they're not provided by the compiler ebfa2058e9 Return NULL early in context_preallocated_create if flags invalid 29a299e373 Run the undefined behaviour sanitizer on Travis 7506e064d7 Prevent arithmetic on NULL pointer if the scratch space is too small e89278f211 Don't use reserved identifiers memczero and benchmark_verify_t 73acc8fef6 Merge pull request ElementsProject#102 from jonasnick/temp-merge-797 8b70795b5e Fix BE platforms by updating endianness macros to match upstream d1b13b0014 Merge commit 'f3733c54' into temp-merge-797 23bf5b732b Merge pull request ElementsProject#101 from jonasnick/temp-merge-778 0a5b60d8b0 Merge commit '6034a04f' into temp-merge-778 caa5d24446 Merge ElementsProject#99: [upstream PR ElementsProject#774]: tests: Abort if malloc() fails during context cloning tests 1789183cba Merge commit '40412b19' into temp-merge-774 a39b08d672 Merge ElementsProject#95: [upstream PR ElementsProject#741]: Remove unnecessary sign variable from wnaf_const a3a3a17f47 Merge pull request ElementsProject#94 from apoelstra/temp-merge-1309c03c45beece646a7d21fdb6a0e3d38adee2b fabc8f74e7 Fix typo in MuSig documentation. 96201b4f6e Require message in musig protocol in an earlier state. In particular, remove the set_msg function and require the message in get_public_nonce at the latest. 4fd0d56e37 Fix my_index in musig state machine tests b74f2dc478 Remove mentions of DER in H derivation. b368a5d163 Fix ARG_NONNULL macro usage in musig include bedff79848 Add cplusplus directive to musig include 9957307c3f Fix explanation of H derivation. It doesn't use DER encoding. d924027765 Add tweak32 parameter to musig_partial_sig_combine which allows to sign for p2c/taproot commitments a4410ac779 Add musig module tests to travis d6738e890e surjection proof: Reject proofs with too many used inputs in reduced mode bd70820123 allow reducing surjection proof size (to lower generation stack usage) 56f69d979f surjectionproof: introduce `SECP256K1_SURJECTIONPROOF_MAX_USED_INPUTS` constant and set it to 16 b8a3ff5f3b surjectionproof: reduce stack usage 68d937fe11 surjectionproof: fix malleability in surjection proof parsing 41bc9ce129 surjectionproof: add test vectors for "set padding bits" b0644d4ab3 surjectionproof: add fixed test vectors c0415eb0cb Fix read of wrong buffer (and OOB) in surjectionproof tests 00fffeb172 Improve comments for surctionproof init+alloc/destroy funcs 2dc868f35b work in progress: add _allocate_initialized/destroy funcs 0d4ee3c62d Improve explanation of key cancellation attack in whitelist.md 2a1750dedd Clarify how to derive alternative generator H ed7394f005 Add bench_generator and bench_rangeproof to .gitignore 9dd117fd2b Clean up ./configure help strings (zkp extensions) f35b5e271f Fix a small typo in the generator parameter name 068f03c35b generator: remove `CHECK` abort calls exposed by public API 3424cb1fa3 musig: add user documentation 13ef445721 Add 3-of-3 MuSig example b86c210747 Add MuSig module which allows creating n-of-n multisignatures and adaptor signatures. c59c602dd6 Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification. a1f16a0a53 add chacha20 function 3cdc02ef8a use proper types for rangeproof min/max cf21c9d715 rangeproof: reduce iteration count in unit tests 0dfb356f95 Enable more builds with rest of experimental flags 4c231568fb Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting f416e039bb Add comment to explain effect of max_n_iterations in surjectionproof_init 936d62f248 add unit test for generator and pedersen commitment roundtripping e06540de8c rangeproof: fix serialization of pedersen commintments edb879f578 rangeproof: verify correctness of pedersen commitments when parsing fca4c3b62f generator: verify correctness of point when parsing c50b218698 rangeproof: check that points deserialize correctly when verifying rangeproof c33e597245 rangeproof: add fixed vector test case 0c5cb7cd08 Expose generator in shared library dbc49df80c fix spelling in documentation 47be098bac Test for rejection of trailing bytes in range proofs 16aaa4a02c Test for rejection of trailing bytes in surjection proofs 949e994cb3 Reject surjection proofs with trailing garbage c87618157e Minor bugfix. Wrong length due to NUL character. fc3dc94049 Add whitelisting benchmark edc7cb6cdd add whitelist_impl.h to include for dist 4320490e88 generator: add API tests 126493ef01 generator: remove unnecessary ARG_CHECK from generate() 253f131310 Fix generator makefile 3997128ad9 Fix pedersen_blind_generator_blind_sum return value documentation 04f4c09111 Add n_keys argument to whitelist_verify dbf3d752a8 Fix checks of whitelist serialize/parse arguments 29d0d562dc whitelist: fix serialize/parse API to take serialized length 660ad39fb3 Fix include/secp256k1_rangeproof.h function argument documentation. e13bdf2f23 rangeproof: add API tests 18c5c62b45 surjectionproof: rename unit test functions to be more consistent with other modules 5f1ad03d00 surjectionproof: add API unit tests f858a4e3d5 surjectionproof: tests_impl.h s/assert/CHECK/g 002002e735 rangeproof: fix memory leak in unit tests ba8b4f53ef add surjection proof module 8c77fe1590 Implement ring-signature based whitelist delegation scheme 94425d4a67 rangeproof: several API changes f6c84a02f3 Expose generator in pedersen/rangeproof API 360e218043 Constant-time generator module e7a8a5f638 rangeproof: expose sidechannel message field in the signing API a88db4a744 [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup 16618fcd8d Pedersen commitments, borromean ring signatures, and ZK range proofs. 3cf8f70ba1 Add 64-bit integer utilities git-subtree-dir: src/secp256k1 git-subtree-split: ff4714e6417c56f7235b287d4a9e555df10e09af
gwillen
pushed a commit
that referenced
this pull request
Feb 27, 2021
0129b77767 Merge #113: Upstream PRs #849 #851 e1756dfddc Merge commits '3a106966 8f0c6f15 ' into temp-merge-851 7093e633b8 Merge pull request #106 from apoelstra/2020-11-reduce-test-rounds 29f9a7dc62 reduce test rounds for rangeproof and surjectionproof 8f0c6f1545 Merge #851: make test count iteration configurable by environment variable f4fa8d226a forbid a test iteration of 0 or less ff4714e641 Merge pull request #105 from jonasnick/update-musig 3fb4d6db9c travis: run musig test whenever schnorrsig tests are run b9d91b3ecb musig: add pubkey_tweak_add function to allow taproot tweaking 0d71b6c61f Merge pull request #112 from jgriffiths/missed_rename 4721bec0ef Update renamed decl missed in e0ced690cff035b61763686cb69b7d06571e23e2 ebf57dc2f5 Merge pull request #107 from thomaseizinger/secp256k1-zkp 4d20713425 Remove unused context initializer functions 3a106966aa Merge #849: Convert Sage code to Python 3 (as used by Sage >= 9) 13c88efed0 Convert Sage code to Python 3 (as used by Sage >= 9) 0ce4554881 make test count iteration configurable by environment variable 38a8b20991 musig: fix memory leak in musig test 5b4eb18ec5 musig: shorten partial nonce byte array from 33 to 32 bytes 62f0b2d867 musig: make musig partial nonces byte arrays instead of "pubkeys" 73792e4a27 musig: represent a combined_nonce as an xonly_pubkey 2117e7466a musig: improve variable naming and be consistent with schnorrsig module ebc31f1f9d musig: add ARG_CHECKs to functions to help debuggability ac2d0e6697 musig: add magic to session to detect if session is uninitalized 29b4bd85d7 musig: simplify state machine by adding explicit round to session struct 6370bdd537 Merge pull request #104 from jonasnick/temp-merge-835 e0ced690cf Rename rands64 to testrandi64 b0917f3de1 Merge remote-tracking branch 'upstream/master' into temp-merge-835 81052ca411 Merge #103: Merge upstream schnorrsig PR 9e5939d284 Merge #835: Don't use reserved identifiers memczero and benchmark_verify_t 96b9236c42 re-enable musig module 23900a0d86 Fix the MuSig module after integrating bip-schnorr updates 005fe79262 Merge commit '8ab24e8d' into tmp a11250330b (actually) remove schnorrsig module bac746c55e (temporarily) disable musig module d0a83f7328 Merge #839: Prevent arithmetic on NULL pointer if the scratch space is too small 903b16aa6c Merge #840: Return NULL early in context_preallocated_create if flags invalid 1f4dd03838 Typedef (u)int128_t only when they're not provided by the compiler 3967d96bf1 Merge #838: Make autotools check for all the used openssl functions 3734b68200 Configure echo if openssl tests are enabled ebfa2058e9 Return NULL early in context_preallocated_create if flags invalid 6f54e69f03 Merge #841: Avoids a potentially shortening size_t to int cast in strauss_wnaf_ 29a299e373 Run the undefined behaviour sanitizer on Travis 7506e064d7 Prevent arithmetic on NULL pointer if the scratch space is too small 8893f42438 Avoids a potentially shortening size_t to int cast in strauss_wnaf_ e6692778d3 Modify bitcoin_secp.m4's openssl check to call all the functions that we use in the tests/benchmarks. That way linking will fail if those symbols are missing ac05f61fcf Merge #809: Stop treating ECDH as experimental e6e3d5da2f travis: add schnorrsig to valgrind and big endian platform test 353dff156f Stop treating ECDH as experimental e89278f211 Don't use reserved identifiers memczero and benchmark_verify_t c6b6b8f1bb Merge #830: Rip out non-endomorphism code + dependencies c582abade1 Consistency improvements to the comments 63c6b71616 Reorder comments/function around scalar_split_lambda 2edc514c90 WNAF of lambda_split output has max size 129 4232e5b7da Rip out non-endomorphism code ebad8414b0 Check correctness of lambda split without -DVERIFY fe7fc1fda8 Make lambda constant accessible 9d2f2b44d8 Add tests to exercise lambda split near bounds 9aca2f7f07 Add secp256k1_split_lambda_verify acab934d24 Detailed comments for secp256k1_scalar_split_lambda 73acc8fef6 Merge pull request #102 from jonasnick/temp-merge-797 8b70795b5e Fix BE platforms by updating endianness macros to match upstream 76ed922a5f Increase precision of g1 and g2 6173839c90 Switch to our own memcmp function d1b13b0014 Merge commit 'f3733c54' into temp-merge-797 23bf5b732b Merge pull request #101 from jonasnick/temp-merge-778 0a5b60d8b0 Merge commit '6034a04f' into temp-merge-778 caa5d24446 Merge #99: [upstream PR #774]: tests: Abort if malloc() fails during context cloning tests 1789183cba Merge commit '40412b19' into temp-merge-774 63150ab4da Merge #827: Rename testrand functions to have test in name c5257aed0b Merge #821: travis: Explicitly set --with-valgrind bb1f54280f Merge #818: Add static assertion that uint32_t is unsigned int or wider a45c1fa63c Rename testrand functions to have test in name 5006895bd6 Merge #808: Exhaustive test improvements + exhaustive schnorrsig tests a39b08d672 Merge #95: [upstream PR #741]: Remove unnecessary sign variable from wnaf_const a3a3a17f47 Merge pull request #94 from apoelstra/temp-merge-1309c03c45beece646a7d21fdb6a0e3d38adee2b 4eecb4d6ef travis: VALGRIND->RUN_VALGRIND to avoid confusion with WITH_VALGRIND 66a765c775 travis: Explicitly set --with-valgrind d7838ba6a6 Merge #813: Enable configuring Valgrind support 7ceb0b7611 Merge #819: Enable -Wundef warning 8b7dcdd955 Add exhaustive test for extrakeys and schnorrsig 08d7d89299 Make pubkey parsing test whether points are in the correct subgroup 87af00b511 Abstract out challenge computation in schnorrsig 63e1b2aa7d Disable output buffering in tests_exhaustive.c 39f67dd072 Support splitting exhaustive tests across cores e99b26fcd5 Give exhaustive_tests count and seed cmdline inputs 49e6630bca refactor: move RNG seeding to testrand b110c106fa Change exhaustive test groups so they have a point with X=1 cec7b18a34 Select exhaustive lambda in function of order 78f6cdfaae Make the curve B constant a secp256k1_fe d7f39ae4b6 Delete gej_is_valid_var: unused outside tests 8bcd78cd79 Make secp256k1_scalar_b32 detect overflow in scalar_low c498366e5b Move exhaustive tests for recovery to module be31791543 Make group order purely compile-time in exhaustive tests e73ff30922 Enable -Wundef warning c0041b5cfc Add static assertion that uint32_t is unsigned int or wider 4ad408faf3 Merge #782: Check if variable=yes instead of if var is set in travis.sh 412bf874d0 configure: Allow specifying --with[out]-valgrind explicitly 34debf7a6d Modify .travis.yml to explictly pass no in env vars instead of setting to nothing a0e99fc121 Merge #814: tests: Initialize random group elements fully 5738e8622d tests: Initialize random group elements fully c9939ba55d Merge #812: travis: run bench_schnorrsig a51f2af62b travis: run bench_schnorrsig 8ab24e8dad Merge #558: Add schnorrsig module which implements BIP-340 compliant signatures f3733c5433 Merge #797: Fix Jacobi benchmarks and other benchmark improvements cb5524adc5 Add benchmark for secp256k1_ge_set_gej_var 5c6af60ec5 Make jacobi benchmarks vary inputs d0fdd5f009 Randomize the Z coordinates in bench_internal c7a3424c5f Rename bench_internal variables 875d68b95f Merge #699: Initialize field elements when resulting in infinity 54caf2e74f Merge #799: Add fallback LE/BE for architectures with known endianness + SHA256 selftest f431b3f28a valgrind_ctime_test: Add schnorrsig_sign 16ffa9d97c schnorrsig: Add taproot test case 8dfd53ee3f schnorrsig: Add benchmark for sign and verify 4e43520026 schnorrsig: Add BIP-340 compatible signing and verification 7332d2db6b schnorrsig: Add BIP-340 nonce function 7a703fd97d schnorrsig: Init empty experimental module eabd9bc46a Allow initializing tagged sha256 6fcb5b845d extrakeys: Add keypair_xonly_tweak_add 58254463f9 extrakeys: Add keypair struct with create, pub and pub_xonly f0010349b8 Separate helper functions for pubkey_create and seckey_tweak_add 910d9c284c extrakeys: Add xonly_pubkey_tweak_add & xonly_pubkey_tweak_add_test 176bfb1110 Separate helper function for ec_pubkey_tweak_add 4cd2ee474d extrakeys: Add xonly_pubkey with serialize, parse and from_pubkey f49c9896b0 Merge #806: Trivial: Add test logs to gitignore aabf00c155 Merge #648: Prevent ints from wrapping around in scratch space functions f5adab16a9 Merge #805: Remove the extremely outdated TODO file. bceefd6547 Add test logs to gitignore 1c325199d5 Remove the extremely outdated TODO file. 47e6618e11 extrakeys: Init empty experimental module 3e08b02e2a Make the secp256k1_declassify argument constant 8bc6aeffa9 Add SHA256 selftest 670cdd3f8b Merge #798: Check assumptions on integer implementation at compile time 5e5fb28b4a Use additional system macros to figure out endianness 7c068998ba Compile-time check assumptions on integer types 02b6c87b52 Add support for (signed) __int128 979961c506 Merge #787: Use preprocessor macros instead of autoconf to detect endianness 887bd1f8b6 Merge #793: Make scalar/field choice depend on C-detected __int128 availability 0dccf98a21 Use preprocessor macros instead of autoconf to detect endianness b2c8c42cf1 Merge #795: Avoid linking libcrypto in the valgrind ct test. 57d3a3c64c Avoid linking libcrypto in the valgrind ct test. 79f1f7a4f1 Autodetect __int128 availability on the C side 0d7727f95e Add SECP256K1_FE_STORAGE_CONST_GET to 5x52 field 805082de11 Merge #696: Run a Travis test on s390x (big endian) 39295362cf Test travis s390x (big endian) ef37761fee Change travis.sh to check if variables are equal to yes instead of not-empty. Before this, setting `VALGRIND=wat` was considered as true, and to make it evaluate as false you had to unset the variable `VALGRIND=` but not it checks if `VALGRIND=yes` and if it's not `yes` then it's evaluated to false 6034a04fb1 Merge #778: secp256k1_gej_double_nonzero supports infinity f60915906d Merge #779: travis: Fix argument quoting for ./configure 9e49a9b255 travis: Fix argument quoting for ./configure 18d36327fd secp256k1_gej_double_nonzero supports infinity 214cb3c321 Merge #772: Improve constant-timeness on PowerPC 40412b1930 Merge #774: tests: Abort if malloc() fails during context cloning tests 2e1b9e0458 tests: Abort if malloc() fails during context cloning tests 67a429f31f Suppress a harmless variable-time optimization by clang in _int_cmov 5b196338f0 Remove redundant "? 1 : 0" after comparisons in scalar code 3e5cfc5c73 Merge #741: Remove unnecessary sign variable from wnaf_const 66bb9320c0 Merge #773: Fix some compile problems on weird/old compilers. 1309c03c45 Fix some compile problems on weird/old compilers. fabc8f74e7 Fix typo in MuSig documentation. 96201b4f6e Require message in musig protocol in an earlier state. In particular, remove the set_msg function and require the message in get_public_nonce at the latest. 4fd0d56e37 Fix my_index in musig state machine tests b74f2dc478 Remove mentions of DER in H derivation. b368a5d163 Fix ARG_NONNULL macro usage in musig include bedff79848 Add cplusplus directive to musig include 9957307c3f Fix explanation of H derivation. It doesn't use DER encoding. d924027765 Add tweak32 parameter to musig_partial_sig_combine which allows to sign for p2c/taproot commitments a4410ac779 Add musig module tests to travis d6738e890e surjection proof: Reject proofs with too many used inputs in reduced mode bd70820123 allow reducing surjection proof size (to lower generation stack usage) 56f69d979f surjectionproof: introduce `SECP256K1_SURJECTIONPROOF_MAX_USED_INPUTS` constant and set it to 16 b8a3ff5f3b surjectionproof: reduce stack usage 68d937fe11 surjectionproof: fix malleability in surjection proof parsing 41bc9ce129 surjectionproof: add test vectors for "set padding bits" b0644d4ab3 surjectionproof: add fixed test vectors c0415eb0cb Fix read of wrong buffer (and OOB) in surjectionproof tests 00fffeb172 Improve comments for surctionproof init+alloc/destroy funcs 2dc868f35b work in progress: add _allocate_initialized/destroy funcs 0d4ee3c62d Improve explanation of key cancellation attack in whitelist.md 2a1750dedd Clarify how to derive alternative generator H ed7394f005 Add bench_generator and bench_rangeproof to .gitignore 9dd117fd2b Clean up ./configure help strings (zkp extensions) f35b5e271f Fix a small typo in the generator parameter name 068f03c35b generator: remove `CHECK` abort calls exposed by public API 3424cb1fa3 musig: add user documentation 13ef445721 Add 3-of-3 MuSig example b86c210747 Add MuSig module which allows creating n-of-n multisignatures and adaptor signatures. c59c602dd6 Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification. a1f16a0a53 add chacha20 function 3cdc02ef8a use proper types for rangeproof min/max cf21c9d715 rangeproof: reduce iteration count in unit tests 0dfb356f95 Enable more builds with rest of experimental flags 4c231568fb Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting f416e039bb Add comment to explain effect of max_n_iterations in surjectionproof_init 936d62f248 add unit test for generator and pedersen commitment roundtripping e06540de8c rangeproof: fix serialization of pedersen commintments edb879f578 rangeproof: verify correctness of pedersen commitments when parsing fca4c3b62f generator: verify correctness of point when parsing c50b218698 rangeproof: check that points deserialize correctly when verifying rangeproof c33e597245 rangeproof: add fixed vector test case 0c5cb7cd08 Expose generator in shared library dbc49df80c fix spelling in documentation 47be098bac Test for rejection of trailing bytes in range proofs 16aaa4a02c Test for rejection of trailing bytes in surjection proofs 949e994cb3 Reject surjection proofs with trailing garbage c87618157e Minor bugfix. Wrong length due to NUL character. fc3dc94049 Add whitelisting benchmark edc7cb6cdd add whitelist_impl.h to include for dist 4320490e88 generator: add API tests 126493ef01 generator: remove unnecessary ARG_CHECK from generate() 253f131310 Fix generator makefile 3997128ad9 Fix pedersen_blind_generator_blind_sum return value documentation 04f4c09111 Add n_keys argument to whitelist_verify dbf3d752a8 Fix checks of whitelist serialize/parse arguments 29d0d562dc whitelist: fix serialize/parse API to take serialized length 660ad39fb3 Fix include/secp256k1_rangeproof.h function argument documentation. e13bdf2f23 rangeproof: add API tests 18c5c62b45 surjectionproof: rename unit test functions to be more consistent with other modules 5f1ad03d00 surjectionproof: add API unit tests f858a4e3d5 surjectionproof: tests_impl.h s/assert/CHECK/g 002002e735 rangeproof: fix memory leak in unit tests ba8b4f53ef add surjection proof module 8c77fe1590 Implement ring-signature based whitelist delegation scheme 94425d4a67 rangeproof: several API changes f6c84a02f3 Expose generator in pedersen/rangeproof API 360e218043 Constant-time generator module e7a8a5f638 rangeproof: expose sidechannel message field in the signing API a88db4a744 [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup 16618fcd8d Pedersen commitments, borromean ring signatures, and ZK range proofs. 3cf8f70ba1 Add 64-bit integer utilities 2309c7dd4a Merge #769: Undef HAVE___INT128 in basic-config.h to fix gen_context compilation 22e578bb11 Undef HAVE___INT128 in basic-config.h to fix gen_context compilation 3f4a5a10e4 Merge #765: remove dead store in ecdsa_signature_parse_der_lax f00d6575ca remove dead store in ecdsa_signature_parse_der_lax dbd41db16a Merge #759: Fix uninitialized variables in ecmult_multi test 2e7fc5b537 Fix uninitialized variables in ecmult_multi test 2ed54da18a Merge #755: Recovery signing: add to constant time test, and eliminate non ct operators 28609507e7 Add tests for the cmov implementations 73596a85a2 Add ecdsa_sign_recoverable to the ctime tests 2876af4f8d Split ecdsa_sign logic into a new function and use it from ecdsa_sign and recovery 5e1c885efb Merge #754: Fix uninit values passed into cmov f79a7adcf5 Add valgrind uninit check to cmovs output 05d315affe Merge #752: autoconf: Use ":" instead of "dnl" as a noop a39c2b09de Fixed UB(arithmetics on uninit values) in cmovs 3a6fd7f636 Merge #750: Add macOS to the CI 5e8747ae2a autoconf: Use ":" instead of "dnl" as a noop 71757da5cc Explictly pass SECP256K1_BENCH_ITERS to the benchmarks in travis.sh 99bd661d71 Replace travis_wait with a loop printing "\a" to stdout every minute bc818b160c Bump travis Ubuntu from xenial(16.04) to bionic(18.04) 0c5ff9066e Add macOS support to travis b6807d91d8 Move travis script into a standalone sh file f39f99be0e Merge #701: Make ec_ arithmetic more consistent and add documentation 37dba329c6 Remove unnecessary sign variable from wnaf_const 6bb0b77e15 Fix test_constant_wnaf for -1 and add a test for it. 39198a03ea Merge #732: Retry if r is zero during signing 59a8de8f64 Merge #742: Fix typo in ecmult_const_impl.h 4e284655d9 Fix typo in ecmult_const_impl.h f862b4ca13 Merge #740: Make recovery/main_impl.h non-executable ffef45c98a Make recovery/main_impl.h non-executable 2361b3719a Merge #735: build: fix OpenSSL EC detection on macOS 3b7d26b23c build: add SECP_TEST_INCLUDES to bench_verify CPPFLAGS 84b5fc5bc3 build: fix OpenSSL EC detection on macOS 37ed51a7ea Make ecdsa_sig_sign constant-time again after reverting 25e3cfb 93d343bfc5 Revert "ecdsa_impl: replace scalar if-checks with VERIFY_CHECKs in ecdsa_sig_sign" 7e3952ae82 Clarify documentation of tweak functions. 89853a0f2e Make tweak function documentation more consistent. 41fc785602 Make ec_privkey functions aliases for ec_seckey_negate, ec_seckey_tweak_add and ec_seckey_mul 22911ee6da Rename private key to secret key in public API (with the exception of function names) 5a73f14d6c Mention that value is unspecified for In/Out parameters if the function returns 0 f03df0e6d7 Define valid ECDSA keys in the documentation of seckey_verify 5894e1f1df Return 0 if the given seckey is invalid in privkey_negate, privkey_tweak_add and privkey_tweak_mul 8f814cddb9 Add test for boundary conditions of scalar_set_b32 with respect to overflows 3fec982608 Use scalar_set_b32_seckey in ecdsa_sign, pubkey_create and seckey_verify 9ab2cbe0eb Add scalar_set_b32_seckey which does the same as scalar_set_b32 and also returns whether it's a valid secret key 4f27e344c6 Merge #728: Suppress a harmless variable-time optimization by clang in memczero 01993878bb Add test for memczero() 52a03512c1 Suppress a harmless variable-time optimization by clang in memczero 8f78e208ad Merge #722: Context isn't freed in the ECDH benchmark ed1b91171a Merge #700: Allow overriding default flags 85b35afa76 Add running benchmarks regularly and under valgrind in travis ca4906b02e Pass num of iters to benchmarks as variable, and define envvar 02dd5f1bbb free the ctx at the end of bench_ecdh e9fccd4de1 Merge #708: Constant-time behaviour test using valgrind memtest. 08fb6c4926 Run valgrind_ctime_test in travis 3d2302257f Constant-time behaviour test using valgrind memtest. 96d8ccbd16 Merge #710: Eliminate harmless non-constant time operations on secret data. 0585b8b2ee Merge #718: Clarify that a secp256k1_ecdh_hash_function must return 0 or 1 7b50483ad7 Adds a declassify operation to aid constant-time analysis. 34a67c773b Eliminate harmless non-constant time operations on secret data. ca739cba23 Compile with optimization flag -O2 by default instead of -O3 eb45ef3384 Clarify that a secp256k1_ecdh_hash_function must return 0 or 1 856a01d6ad Merge #714: doc: document the length requirements of output parameter. d72b9e2483 Merge #682: Remove Java Native Interface 4b48a43106 doc: document the length requirements of output parameter. 1b4d256e2e Merge #713: Docstrings dabfea7e21 field: extend docstring of secp256k1_fe_normalize dc7d8fd9e2 scalar: extend docstring of secp256k1_scalar_set_b32 074ab582dd Merge #704: README: add a section for test coverage acb7f97eb8 README: add a section for test coverage 227a4f2d07 Merge #709: Remove secret-dependant non-constant time operation in ecmult_const. d567b779fe Clarify comments about use of rzr on ge functions and abs function. 2241ae6d14 Remove secret-dependant non-constant time operation in ecmult_const. 642cd062bd Remove Java Native Interface 83fb1bcef4 Remove -O2 from default CFLAGS because this would override the -O3 flag (see AC_PROG_CC in the Autoconf manual) ecba8138ec Append instead of Prepend user-CFLAGS to default CFLAGS allowing the user to override default variables 613c34cd86 Remove test in configure.ac because it doesn't have an effect f45d897101 Merge #703: Overhaul README.md 2e759ec753 Overhaul README.md d644dda5c9 Merge #689: Remove "except in benchmarks" exception for fp math bde2a32286 Convert bench.h to fixed-point math 47a7b8382f Clear field elements when writing infinity 61d1ecb028 Added test with additions resulting in infinity 387d723c3f Merge #679: Add SECURITY.md 0db61d25c9 Merge #685: Fix issue where travis does not show the ./tests seed… a0771d15e6 Explicitly disable buffering for stderr in tests fb424fbba2 Make travis show the ./tests seed by removing stdout buffering and always cat tests.log after a travis run. 22a6031184 Merge #690: Add valgrind check to travis 544002c008 Merge #678: Preventing compiler optimizations in benchmarks without a memory fence dd98cc988f travis: Added a valgrind test without endro and enabled recovery+ecdh b4c1382a87 Add valgrind check to travis 0c774d89e6 Merge #688: Fix ASM setting in travis 5c5f71eea5 Fix ASM setting in travis e2625f8a98 Merge #684: Make no-float policy explicit bae1bea3c4 Make no-float policy explicit 78c3836341 Add SECURITY.md 362bb25608 Modified bench_scalar_split so it won't get optimized out 73a30c6b58 Added accumulators and checks on benchmarks so they won't get optimized out 770b3dcd6f Merge #677: Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var b76142ff25 Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var which was removed in 47045270fa90f81205d989f7107769bce1e71c4d 137d304a6b Merge #647: Increase robustness against UB in secp256k1_scalar_cadd_bit 0d9540b13f Merge #664: Remove mention of ec_privkey_export because it doesn't exist 59782c68b4 Remove mention of ec_privkey_export because it doesn't exist 96cd94e385 Merge #337: variable sized precomputed table for signing dcb2e3b3ff variable signing precompute table b4bff99028 Merge #661: Make ./configure string consistent a467047e11 Make ./configure string consistent e729cc7f5a Merge #657: Fix a nit in the recovery tests b64a2e2597 Fix a nit in the recovery tests e028aa33d3 Merge #650: secp256k1/src/tests.c: Properly handle sscanf return value f1e11d363d Merge #654: Fix typo (∞) ef83281c3a Merge pull request #656 from real-or-random/patch-1 556caad2ca Fix typo in docs for _context_set_illegal_callback 0d82732a9a Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit. This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow. 786dfb49f5 Merge #583: JNI: fix use sig array e95f8ab098 Merge #644: Avoid optimizing out a verify_check 384f55606a Merge #652: README.md: update instruction to run tests ee56accd47 Merge #651: Fix typo in secp256k1_preallocated.h 7b9b117230 Merge #640: scalar_impl.h: fix includes d99bec2e21 Merge #655: jni: Use only Guava for hex encoding and decoding 2abcf951af jni: Use only Guava for hex encoding and decoding 271582b3b7 Fix typo 60f7f2de5d Don't assume that ALIGNMENT > 1 in tests ada6361dec Use ROUND_TO_ALIGN in scratch_create 8ecc6ce50e Add check preventing rounding to alignment from wrapping around in scratch_alloc 4edaf06fb0 Add check preventing integer multiplication wrapping around in scratch_max_allocation ce6d438266 README.md: update instruction to run tests b1e68cb8e6 Fix typo in secp256k1_preallocated.h a11c76c59a secp256k1/src/tests.c: Properly handle sscanf return value 8fe63e5654 Increase robustness against UB. Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour. While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands. 94ae7cbf83 Moved a dereference so the null check will be before the dereferencing 2cb73b1064 scalar_impl.h: fix includes fa33017135 Merge #634: Add a descriptive comment for secp256k1_ecmult_const. ee9e68cd30 Add a descriptive comment for secp256k1_ecmult_const. d0d738d32d Merge #631: typo in comment for secp256k1_ec_pubkey_tweak_mul () 6914c25276 typo in comment for secp256k1_ec_pubkey_tweak_mul () e541a90ef6 Merge #629: Avoid calling _is_zero when _set_b32 fails. f34b0c3f35 Merge #630: Note intention of timing sidechannel freeness. 8d1563b0ff Note intention of timing sidechannel freeness. 1669bb2865 Merge #628: Fix ability to compile tests without -DVERIFY. ecc94abcc8 Merge #627: Guard memcmp in tests against mixed size inputs. 544435fc90 Merge #578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e9ee Merge #595: Allow to use external default callbacks e49f7991c2 Add missing #(un)defines to base-config.h 77defd2c3b Add secp256k1_ prefix to default callback functions 908bdce64e Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e655 Allow usage of external default callbacks 6095a863fa Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e02c3 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails. 6c36de7a33 Merge #600: scratch space: use single allocation 98836b11f0 scratch: replace frames with "checkpoint" system 7623cf2b97 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f2c6 scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0bb95 scratch: unify allocations c2b028a281 scratch space: thread `error_callback` into all scratch space functions 0be1a4ae62 scratch: add magic bytes to beginning of structure 92a48a764d scratch space: use single allocation 40839e21b9 Merge #592: Use trivial algorithm in ecmult_multi if scratch space is small dcf392027b Fix ability to compile tests without -DVERIFY. a484e0008b Merge #566: Enable context creation in preallocated memory 0522caac8f Explain caller's obligations for preallocated memory 238305fdbb Move _preallocated functions to separate header 695feb6fbd Export _preallocated functions 814cc78d71 Add tests for contexts in preallocated memory ba12dd08da Check arguments of _preallocated functions 5feadde462 Support cloning a context into preallocated memory c4fd5dab45 Switch to a single malloc call ef020de16f Add size constants for preallocated memory 1bf7c056ba Prepare for manual memory management in preallocated memory 248bffb052 Guard memcmp in tests against mixed size inputs. 36698dcfee Merge #596: Make WINDOW_G configurable a61a93ff50 Clean up ./configure help strings 2842dc523e Make WINDOW_G configurable 1a02d6ce51 Merge #626: Revert "Merge #620: Install headers automatically" 662918cb29 Revert "Merge #620: Install headers automatically" 14c7dbd444 Simplify control flow in DER parsing ec8f20babd Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3b3c Parse DER-enconded length into a size_t instead of an int 912680ed86 Merge #561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3ace0 Merge #620: Install headers automatically 5df77a0eda Merge #533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e0d9 Merge #617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde04e Merge #619: Clear a copied secret key after negation 16e86150d0 Install headers automatically 069870d92a Clear a copied secret key after negation 8979ec0d9a Pass scalar by reference in secp256k1_wnaf_const() 84a808598b Merge #612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a59c Allow field_10x26_arm.s to compile for ARMv7 architecture b19c000063 Merge #607: Use size_t shifts when computing a size_t 4d01bc2d9c Merge #606: travis: Remove unused sudo:false e6d01e9347 Use size_t shifts when computing a size_t 7667532bd7 travis: Remove unused sudo:false 248f046611 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7b12 Use trivial algorithm in ecmult_multi if scratch space is small ee99f12f3d Merge #599: Switch x86_64 asm to use "i" instead of "n" for immediate values. d58bc93f2c Switch x86_64 asm to use "i" instead of "n" for immediate values. 05362ee042 Merge #597: Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build 83483869ac Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build aa15154a48 Merge #568: Fix integer overflow in ecmult_multi_var when n is large 2277af5ff0 Fix integer overflow in ecmult_multi_var when n is large dbed75d969 Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e093 Keep LDFLAGS if `--coverage` 85d0e1bcce Merge #591: Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing. 14196379ec Merge #580: Add trivial ecmult_multi algorithm which does not require a scratch space a697d82da9 Add trivial ecmult_multi to the benchmark tool bade617417 Add trivial ecmult_multi algorithm. It is selected when no scratch space is given and just multiplies and adds the points. 5545e13dea Merge #584: configure: Use CFLAGS_FOR_BUILD when checking native compiler 20c5869df2 Merge #516: improvements to random seed in src/tests.c b76e45d5d6 Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing. 870a977644 Merge #562: Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse be40c4d0b5 Fixup for C90 mixed declarations. c71dd2c08f Merge #509: Fix algorithm selection in bench_ecmult 6492bf88cc Merge #518: Summarize build options after running configure 0e9ada1941 Merge #567: Correct order of libs returned on pkg-config --libs --static libsecp2… e96901a4b9 Merge #587: Make randomization of a non-signing context a noop 58df8d03ad Merge #511: Portability fix for the configure scripts generated 2ebdad772a Merge #552: Make constants static: 1c131affd3 Merge #551: secp256k1_fe_sqrt: Verify that the arguments don't alias. ba698f883b Merge #539: Assorted minor corrections 949e85b009 Merge #550: Optimize secp256k1_fe_normalize_weak calls. a34bcaadf1 Actually pass CFLAGS_FOR_BUILD and LDFLAGS_FOR_BUILD to linker 2d5f4cebdc configure: Use CFLAGS_FOR_BUILD when checking native compiler b408c6a8b2 Merge #579: Use __GNUC_PREREQ for detecting __builtin_expect 6198375218 Make randomization of a non-signing context a noop 74e2dbd68e JNI: fix use sig array c663397f46 Use __GNUC_PREREQ for detecting __builtin_expect 3cb057f842 Fix possible integer overflow in DER parsing 89a20a8945 Correct order of libs returned on pkg-config --libs --static libsecp256k1 call. d3cb1f95eb Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse 496c5b43b8 Make constants static: static const secp256k1_ge secp256k1_ge_const_g; static const int CURVE_B; bf8b86cc07 secp256k1_fe_sqrt: Verify that the arguments don't alias. 9bd89c836b Optimize secp256k1_fe_normalize_weak calls. Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead. 52ab96fedb clean dependendies in field_*_impl.h deff5edd42 Correct math typos in field_*.h 4efb3f8dd1 Add check that restrict pointers don't alias with all parameters. 3965027c81 Summarize build options in configure script 0f0517369c Fix algorithm selection in bench_ecmult 8b3841c91d fix bug in fread() failure check cddef0c0be tests: add warning message when /dev/urandom fails 270f6c80db Portability fix for the configure scripts generated REVERT: 43dd1f4fe7 Merge pull request #40 from instagibbs/size_t REVERT: 6532fa0a96 Merge pull request #39 from instagibbs/more_builds REVERT: 2b2429dfaa rangeproof: reduce iteration count in unit tests REVERT: 12b0e5dda7 Enable more builds with rest of experimental flags REVERT: 8c444eef6a use proper types for rangeproof min/max REVERT: 53ad841caf Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting REVERT: 71c5fe0f6e Add comment to explain effect of max_n_iterations in surjectionproof_init REVERT: 85fd42fb7e add unit test for generator and pedersen commitment roundtripping REVERT: 2ccf885419 rangeproof: fix serialization of pedersen commintments REVERT: 60c173b640 rangeproof: verify correctness of pedersen commitments when parsing REVERT: 32d7526cd5 generator: verify correctness of point when parsing REVERT: ae14e8a9d8 rangeproof: check that points deserialize correctly when verifying rangeproof REVERT: 44fe43d757 rangeproof: add fixed vector test case REVERT: e065d7df9f Expose generator in shared library REVERT: fb1ba329aa fix spelling in documentation REVERT: fb75faa147 Test for rejection of trailing bytes in range proofs REVERT: 9b2cf1708d Test for rejection of trailing bytes in surjection proofs REVERT: a3a1800ba6 Reject surjection proofs with trailing garbage REVERT: 0c77ae9a75 Minor bugfix. Wrong length due to NUL character. REVERT: b1f31bc4b6 Add whitelisting benchmark REVERT: 52a9f8f8f3 add whitelist_impl.h to include for dist REVERT: a707865bc5 generator: add API tests REVERT: ec1ef040f5 generator: remove unnecessary ARG_CHECK from generate() REVERT: b0e9aa828f Fix generator makefile REVERT: 526c65499f Fix pedersen_blind_generator_blind_sum return value documentation REVERT: b51886e722 Add n_keys argument to whitelist_verify REVERT: 37c57de083 Fix checks of whitelist serialize/parse arguments REVERT: 9b8a9d91eb whitelist: fix serialize/parse API to take serialized length REVERT: 7f17515609 Fix include/secp256k1_rangeproof.h function argument documentation. REVERT: 0d817020d9 rangeproof: add API tests REVERT: 417bb0643f surjectionproof: rename unit test functions to be more consistent with other modules REVERT: 1e2d5c1a26 surjectionproof: add API unit tests REVERT: 7878a298b2 surjectionproof: tests_impl.h s/assert/CHECK/g REVERT: e609591b66 rangeproof: fix memory leak in unit tests REVERT: 0c17f7972a add surjection proof module REVERT: c174f0c609 Implement ring-signature based whitelist delegation scheme REVERT: a2bc6604f9 rangeproof: several API changes REVERT: 21bfb3c91a Expose generator in pedersen/rangeproof API REVERT: f4620de040 Constant-time generator module REVERT: d46fc3c191 rangeproof: expose sidechannel message field in the signing API REVERT: cf40b1bed2 [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup REVERT: 6d28767c79 Get rid of precomputed H tables (Pieter Wuille) REVERT: ae1e576f67 Pedersen commitments, borromean ring signatures, and ZK range proofs. REVERT: efc61dc0ca Add 64-bit integer utilities git-subtree-dir: src/secp256k1 git-subtree-split: 0129b77767ea001e5693e39ac6deecea0c461817
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request adds a wide body of changes from both Liquid and the upstream Bitcoin project, including most notably an import of the Segregated Witness code as included in Bitcoin 0.13.1, replacing the original implementation in Elements Alpha. Special thanks to @instagibbs, @jonasnick, and @jtimon for working on this.
Some highlights:
The new Elements codebase also continues to include support for creating your own sidechain in a single-signer test environment, convenient for local development and experimentation.
Several more updates to follow.