Merge #25251: Consolidate Windows ASLR workarounds for upstream secp2…

…56k1 changes c41bfd1 Squashed 'src/secp256k1/' changes from 8746600..44c2452 (fanquake) fbae8c5 compat: Consolidate mingw-w64 ASLR workaround for upstream libsecp changes (fanquake) Pull request description: #18702 added a work around for `bitcoin-cli.exe`, to fix ASLR on Windows. ASLR was functioning for the rest of our binaries, mostly by accident, because: > [All other Windows binaries that we distribute (bitcoind, bitcoin-qt, bitcoin-wallet, bitcoin-tx and test_bitcoin) do not suffer this issue, and currently having working ASLR. This is due to them exporting (inadvertent or not) libsecp256k1 symbols, and, as a result, the .reloc section is not stripped by ld.](#18702) Upstream, libsecp256k1 has recently made a change to [no-longer export symbols in static libraries](bitcoin-core/secp256k1#1105) (see related discussion in #25008). This would mean that on the next subtree update, anyone building using an older binutils (< 2.36) would be (silently) producing Windows binaries with non-functioning ASLR. Our release binaries would not be affected, as in our Guix environment we currently use binutils 2.37. To prevent users building with older binutils from silently losing ASLR on Windows, this PR applies our work around (export `main`) to the rest of our binaries, and updates the associated documentation to mention the affected binutils versions, so we know when it can be dropped. I've included both the libsecp256k1 subtree update, and the ASLR related changes in this PR. Happy to split the changes up if reviewers would prefer. Guix Build (x86_64): ```bash 24fa1053fa3d310c4274f0700ac36f3c6e5b4486dc7f1aa7b2a5ded6937cf2b6 guix-build-913b1f2a5eb2/output/aarch64-linux-gnu/SHA256SUMS.part 96c4150f93c1356dc02f3d383699bcd856da7f769344606324fdc111fbfa8031 guix-build-913b1f2a5eb2/output/aarch64-linux-gnu/bitcoin-913b1f2a5eb2-aarch64-linux-gnu-debug.tar.gz 5e4adcaddf20a33cd4803e5a10f9a0653bcd40b1dfc7b680a741a17047103948 guix-build-913b1f2a5eb2/output/aarch64-linux-gnu/bitcoin-913b1f2a5eb2-aarch64-linux-gnu.tar.gz adfdac8fef797b13d845c13ab682611d0cc49a9772c2bd40f7aa6dbb1b4f11a8 guix-build-913b1f2a5eb2/output/arm-linux-gnueabihf/SHA256SUMS.part d51849bf907eecb168066a208b702314779fc12ae6fcaa8b5c2c3497e91820b9 guix-build-913b1f2a5eb2/output/arm-linux-gnueabihf/bitcoin-913b1f2a5eb2-arm-linux-gnueabihf-debug.tar.gz ca33ebed13316410d6d79e2db06f9bce8839fbc7216a5bc01a06745b2e470c2e guix-build-913b1f2a5eb2/output/arm-linux-gnueabihf/bitcoin-913b1f2a5eb2-arm-linux-gnueabihf.tar.gz 799fd15fa1e53d773a5ce391b7059920b54680591ee76bdc56bc7485a12d2af6 guix-build-913b1f2a5eb2/output/arm64-apple-darwin/SHA256SUMS.part 0122eb5fdd4cce7077ee1a2bba8c5bd3557c1d3f12f2f2aad7216de33bea213e guix-build-913b1f2a5eb2/output/arm64-apple-darwin/bitcoin-913b1f2a5eb2-arm64-apple-darwin-unsigned.dmg 3a630cc96bf9a43cbb89976aabdddb7a9069f74320277a499f3bbb96526d9c5d guix-build-913b1f2a5eb2/output/arm64-apple-darwin/bitcoin-913b1f2a5eb2-arm64-apple-darwin-unsigned.tar.gz e2530bab501750fd3d60776ba077bc4a8b145cc95e3a77105d86b388a1d961e1 guix-build-913b1f2a5eb2/output/arm64-apple-darwin/bitcoin-913b1f2a5eb2-arm64-apple-darwin.tar.gz f8fbc07221bd21f996dc29c65725740e9c2bfc9365367c806601f12b8e2d2691 guix-build-913b1f2a5eb2/output/dist-archive/bitcoin-913b1f2a5eb2.tar.gz fdbc8224d774f2428f037e65d9ac5728613cddee4ddcf6f1d144421cb1f37b3b guix-build-913b1f2a5eb2/output/powerpc64-linux-gnu/SHA256SUMS.part c1098cba38aee264ee7de82be3d5f8c1ec2c915c30763292fa9b6dc37aba8de8 guix-build-913b1f2a5eb2/output/powerpc64-linux-gnu/bitcoin-913b1f2a5eb2-powerpc64-linux-gnu-debug.tar.gz 567b8bf896a79e2f1b4961ec4f6c3501e414822f84f6fb40c9e3546e67ab08ff guix-build-913b1f2a5eb2/output/powerpc64-linux-gnu/bitcoin-913b1f2a5eb2-powerpc64-linux-gnu.tar.gz cbd7713550c5922ee28e0915b0425dc702bb299ad6809ff60e389604f4da3a31 guix-build-913b1f2a5eb2/output/powerpc64le-linux-gnu/SHA256SUMS.part e50fa6e370602a956942703ab349808c01e7365a00faead941d9e6be3800c65c guix-build-913b1f2a5eb2/output/powerpc64le-linux-gnu/bitcoin-913b1f2a5eb2-powerpc64le-linux-gnu-debug.tar.gz 2380fbdf6916769783a0e6c7848fb8d3b3cb5c44c26817009a8481e815098e3a guix-build-913b1f2a5eb2/output/powerpc64le-linux-gnu/bitcoin-913b1f2a5eb2-powerpc64le-linux-gnu.tar.gz a0fecb7b0d0a93aa15825572a0e1284f4776a5808f9f5eda7b2ddddaf2457fb2 guix-build-913b1f2a5eb2/output/riscv64-linux-gnu/SHA256SUMS.part 14fe505f06de009b50c2b4ce0e0430ba09fa66385ff50aa90f9ed0b03a321e61 guix-build-913b1f2a5eb2/output/riscv64-linux-gnu/bitcoin-913b1f2a5eb2-riscv64-linux-gnu-debug.tar.gz 98a70df9a6851d5221d8f8404f9656048ecf7cac2c9dffd2b6a55107783a60ad guix-build-913b1f2a5eb2/output/riscv64-linux-gnu/bitcoin-913b1f2a5eb2-riscv64-linux-gnu.tar.gz decb20f8de61e3eeda7e8f6fefcbaf56593c37d989672c6e7e2cd5c8e982c342 guix-build-913b1f2a5eb2/output/x86_64-apple-darwin/SHA256SUMS.part e14275e1bbbe54179fb68b50ed7c72de4c7ebc5b442c7793daf9974be523e8da guix-build-913b1f2a5eb2/output/x86_64-apple-darwin/bitcoin-913b1f2a5eb2-x86_64-apple-darwin-unsigned.dmg 6bb2d9f6c8123156b0e11b73f67f4e4e780e6bccb739e600f4e9b06b29aa3832 guix-build-913b1f2a5eb2/output/x86_64-apple-darwin/bitcoin-913b1f2a5eb2-x86_64-apple-darwin-unsigned.tar.gz 1f0fab16e32e4c9892b272edf43beb8e5de60bf8a04f41744809dc2a31b4f1b9 guix-build-913b1f2a5eb2/output/x86_64-apple-darwin/bitcoin-913b1f2a5eb2-x86_64-apple-darwin.tar.gz 3d7e45c7189a8855ea8a0d498dcd4d3189aa01c528eac194300cdb59f79471f2 guix-build-913b1f2a5eb2/output/x86_64-linux-gnu/SHA256SUMS.part 87b75a47a620dbd8ccf20768a3d82adf0b797ad86b7384cca62a7cf489b7a74c guix-build-913b1f2a5eb2/output/x86_64-linux-gnu/bitcoin-913b1f2a5eb2-x86_64-linux-gnu-debug.tar.gz 7e06af11bcef3ba6fd48501a09fbac86746537bad063f36caf39cd6bb857d3a8 guix-build-913b1f2a5eb2/output/x86_64-linux-gnu/bitcoin-913b1f2a5eb2-x86_64-linux-gnu.tar.gz c9ca794f7307df6f891008d92997719be95794f4670d018d0275f2a6c580d160 guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/SHA256SUMS.part 7eb1551cdafc0a44e5b5fcea703c6eeb6fc0bca601b57ab52d1e5e62db3ccffc guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/bitcoin-913b1f2a5eb2-win64-debug.zip 8ef87c85c520aef150f4c11a9082e8a0b1ac74c5b6f4fcdceb9e734eb8106bca guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/bitcoin-913b1f2a5eb2-win64-setup-unsigned.exe c5886ab3d6303bf8c946e4aafcfdfb5ee7dc9fbb50c34dfc5224db2f1f3b2a44 guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/bitcoin-913b1f2a5eb2-win64-unsigned.tar.gz f473902cea9e763b98ad69c5dcfaa990430f9b0f777112af5f1d289492d8cefe guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/bitcoin-913b1f2a5eb2-win64.zip ``` Guix Build (arm64): ```bash a175ce0055b206fe7b2752fa5ae33eed0f31236f7b37bbb530425532d88007c2 guix-build-913b1f2a5eb2/output/arm-linux-gnueabihf/SHA256SUMS.part 1ab5d59685593eedbb59b5284d81cce568a6c9c900303f97c69e8194cb5bb7f5 guix-build-913b1f2a5eb2/output/arm-linux-gnueabihf/bitcoin-913b1f2a5eb2-arm-linux-gnueabihf-debug.tar.gz 8d1b48d38b8af696b929ac077ba7e3dabb7c565862409b2f35db2217ab9bdb06 guix-build-913b1f2a5eb2/output/arm-linux-gnueabihf/bitcoin-913b1f2a5eb2-arm-linux-gnueabihf.tar.gz 90230652cb39e2707ac79569899183dc1ff5d08c059e7a01d0c65144251679b5 guix-build-913b1f2a5eb2/output/arm64-apple-darwin/SHA256SUMS.part 2b86da5e1ccebf348478ca69463d1be09c0f563ffa370ee5170c82ba706a7577 guix-build-913b1f2a5eb2/output/arm64-apple-darwin/bitcoin-913b1f2a5eb2-arm64-apple-darwin-unsigned.dmg 648e968dbf3af3bf8a79d714f4395091058e2ff4294b202a0dc9b5e0092b4732 guix-build-913b1f2a5eb2/output/arm64-apple-darwin/bitcoin-913b1f2a5eb2-arm64-apple-darwin-unsigned.tar.gz bebe7ed21e4f74866ca99be31839beff01eac57afbaa2878f5c6637f0239c631 guix-build-913b1f2a5eb2/output/arm64-apple-darwin/bitcoin-913b1f2a5eb2-arm64-apple-darwin.tar.gz f8fbc07221bd21f996dc29c65725740e9c2bfc9365367c806601f12b8e2d2691 guix-build-913b1f2a5eb2/output/dist-archive/bitcoin-913b1f2a5eb2.tar.gz 87156fe1fb397eaa1d1f15c36f2677b6aeb32eefac02202b2735f7d3165fceb1 guix-build-913b1f2a5eb2/output/powerpc64-linux-gnu/SHA256SUMS.part 5f06e885564780d7dce78cc8cbb21b8dd5addba8b90bb2b8a7f03e946b6ed633 guix-build-913b1f2a5eb2/output/powerpc64-linux-gnu/bitcoin-913b1f2a5eb2-powerpc64-linux-gnu-debug.tar.gz 95b9c0a7d82e7055c99d013fa183abf654caf14539c5ec9cfe785838f45747fc guix-build-913b1f2a5eb2/output/powerpc64-linux-gnu/bitcoin-913b1f2a5eb2-powerpc64-linux-gnu.tar.gz 8da6f0fb2bdc492f96ee70ca323787521e7fce7ebe2b9adb43b7b6ae56ff1916 guix-build-913b1f2a5eb2/output/powerpc64le-linux-gnu/SHA256SUMS.part a60623ac5bb76b3eae3129b4f32fe7287e526e043bd2e58f80ce5fccf91ef20c guix-build-913b1f2a5eb2/output/powerpc64le-linux-gnu/bitcoin-913b1f2a5eb2-powerpc64le-linux-gnu-debug.tar.gz c9bbdca3c41c3783d57734e0fda875a6353bbf8fec8c8e61f037259acaad28cd guix-build-913b1f2a5eb2/output/powerpc64le-linux-gnu/bitcoin-913b1f2a5eb2-powerpc64le-linux-gnu.tar.gz 5f76aef2eed312153b60712450b4376b4965c2b0c86d2ddfc0b7f3d23fb31eee guix-build-913b1f2a5eb2/output/riscv64-linux-gnu/SHA256SUMS.part 40ad7ca605bb75e153a481a455b344f27d9c0b713f1312fc2a7703116508a127 guix-build-913b1f2a5eb2/output/riscv64-linux-gnu/bitcoin-913b1f2a5eb2-riscv64-linux-gnu-debug.tar.gz 6031d28d6405f03b685884fdee6c2cc2126afffdc867ab743ca0c9cfcad81ac2 guix-build-913b1f2a5eb2/output/riscv64-linux-gnu/bitcoin-913b1f2a5eb2-riscv64-linux-gnu.tar.gz decb20f8de61e3eeda7e8f6fefcbaf56593c37d989672c6e7e2cd5c8e982c342 guix-build-913b1f2a5eb2/output/x86_64-apple-darwin/SHA256SUMS.part e14275e1bbbe54179fb68b50ed7c72de4c7ebc5b442c7793daf9974be523e8da guix-build-913b1f2a5eb2/output/x86_64-apple-darwin/bitcoin-913b1f2a5eb2-x86_64-apple-darwin-unsigned.dmg 6bb2d9f6c8123156b0e11b73f67f4e4e780e6bccb739e600f4e9b06b29aa3832 guix-build-913b1f2a5eb2/output/x86_64-apple-darwin/bitcoin-913b1f2a5eb2-x86_64-apple-darwin-unsigned.tar.gz 1f0fab16e32e4c9892b272edf43beb8e5de60bf8a04f41744809dc2a31b4f1b9 guix-build-913b1f2a5eb2/output/x86_64-apple-darwin/bitcoin-913b1f2a5eb2-x86_64-apple-darwin.tar.gz b90d8c7252fd42809ac9bf8c7e5cf9c9207f7412314e9e6904ee2e51222bc8c5 guix-build-913b1f2a5eb2/output/x86_64-linux-gnu/SHA256SUMS.part b6cbcd305a9b6b8dcc6be71703745835c9e3e7652a3f3b18e7018f5ddb0fc26d guix-build-913b1f2a5eb2/output/x86_64-linux-gnu/bitcoin-913b1f2a5eb2-x86_64-linux-gnu-debug.tar.gz 6da0cf8fedd9c285926c132102d1e8f9d6fde7e0ecdac3ba159a3464fc2e98c0 guix-build-913b1f2a5eb2/output/x86_64-linux-gnu/bitcoin-913b1f2a5eb2-x86_64-linux-gnu.tar.gz 30d2b25cdfce03edc2bfb8d39dcdcc6636ed3637cc0176f43f715dc795ab929e guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/SHA256SUMS.part 6028017fabcddac50857667d63da979b04a6dc331a26715f875e2db96b8935d7 guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/bitcoin-913b1f2a5eb2-win64-debug.zip 8ef87c85c520aef150f4c11a9082e8a0b1ac74c5b6f4fcdceb9e734eb8106bca guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/bitcoin-913b1f2a5eb2-win64-setup-unsigned.exe c5886ab3d6303bf8c946e4aafcfdfb5ee7dc9fbb50c34dfc5224db2f1f3b2a44 guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/bitcoin-913b1f2a5eb2-win64-unsigned.tar.gz 4af0477e156b9a0c6fa1754ba7446b8c6c021075531aa4051980e47fa586e196 guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/bitcoin-913b1f2a5eb2-win64.zip ``` Symbol exporting as of this PR (`bitcoind.exe`): ```bash Export Table: DLL name: bitcoind.exe Ordinal base: 1 Ordinal RVA Name 1 0xa09670 main ``` Symbol exporting in the 23.0 bins (`bitcoind.exe`): ```bash Export Table: DLL name: bitcoind.exe Ordinal base: 1 Ordinal RVA Name 1 0x5569f0 secp256k1_context_clone 2 0x556890 secp256k1_context_create 3 0x556bd0 secp256k1_context_destroy 4 0xa12710 secp256k1_context_no_precomp 5 0x556900 secp256k1_context_preallocated_clone 6 0x556740 secp256k1_context_preallocated_clone_size 7 0x556750 secp256k1_context_preallocated_create 8 0x556ae0 secp256k1_context_preallocated_destroy 9 0x556710 secp256k1_context_preallocated_size 10 0x5589c0 secp256k1_context_randomize 11 0x556c80 secp256k1_context_set_error_callback 12 0x556c20 secp256k1_context_set_illegal_callback 13 0x558260 secp256k1_ec_privkey_negate 14 0x5584e0 secp256k1_ec_privkey_tweak_add 15 0x558730 secp256k1_ec_privkey_tweak_mul 16 0x5572a0 secp256k1_ec_pubkey_cmp 17 0x5589f0 secp256k1_ec_pubkey_combine 18 0x557f40 secp256k1_ec_pubkey_create 19 0x558270 secp256k1_ec_pubkey_negate 20 0x556dc0 secp256k1_ec_pubkey_parse 21 0x5570d0 secp256k1_ec_pubkey_serialize 22 0x5584f0 secp256k1_ec_pubkey_tweak_add 23 0x558740 secp256k1_ec_pubkey_tweak_mul 24 0x558100 secp256k1_ec_seckey_negate 25 0x5583a0 secp256k1_ec_seckey_tweak_add 26 0x5585f0 secp256k1_ec_seckey_tweak_mul 27 0x557ed0 secp256k1_ec_seckey_verify 28 0x559120 secp256k1_ecdsa_recover 29 0x558f50 secp256k1_ecdsa_recoverable_signature_convert 30 0x558d00 secp256k1_ecdsa_recoverable_signature_parse_compact 31 0x558e70 secp256k1_ecdsa_recoverable_signature_serialize_compact 32 0x557da0 secp256k1_ecdsa_sign 33 0x558fe0 secp256k1_ecdsa_sign_recoverable 34 0x557ab0 secp256k1_ecdsa_signature_normalize 35 0x557540 secp256k1_ecdsa_signature_parse_compact 36 0x5573b0 secp256k1_ecdsa_signature_parse_der 37 0x557a10 secp256k1_ecdsa_signature_serialize_compact 38 0x557660 secp256k1_ecdsa_signature_serialize_der 39 0x557bf0 secp256k1_ecdsa_verify 40 0x5598a0 secp256k1_keypair_create 41 0x559af0 secp256k1_keypair_pub 42 0x559a60 secp256k1_keypair_sec 43 0x559bc0 secp256k1_keypair_xonly_pub 44 0x559d20 secp256k1_keypair_xonly_tweak_add 45 0xa9e0c0 secp256k1_nonce_function_bip340 46 0xa9e0e0 secp256k1_nonce_function_default 47 0xa9e0e8 secp256k1_nonce_function_rfc6979 48 0x559f00 secp256k1_schnorrsig_sign 49 0x559f30 secp256k1_schnorrsig_sign_custom 50 0x559fd0 secp256k1_schnorrsig_verify 51 0x556ce0 secp256k1_scratch_space_create 52 0x556d50 secp256k1_scratch_space_destroy 53 0x558c20 secp256k1_tagged_sha256 54 0x559470 secp256k1_xonly_pubkey_cmp 55 0x559530 secp256k1_xonly_pubkey_from_pubkey 56 0x559290 secp256k1_xonly_pubkey_parse 57 0x5593a0 secp256k1_xonly_pubkey_serialize 58 0x559650 secp256k1_xonly_pubkey_tweak_add 59 0x559780 secp256k1_xonly_pubkey_tweak_add_check ``` ACKs for top commit: laanwj: Code review ACK 913b1f2 theuni: ACK 913b1f2 Tree-SHA512: d3811c5731fab05bb68af72b7af231de8505b026bd1b2cd710e3e60386e793c2743412529142aa9893893f9d24c6e94dbac48ea59451bf55ae637d2e75e2b0a9
bitcoin · Jun 13, 2022 · b91055e · b91055e
2 parents 506d9b2 + 913b1f2
commit b91055e
Show file tree

Hide file tree

Showing 12 changed files with 137 additions and 107 deletions.
diff --git a/src/bitcoin-cli.cpp b/src/bitcoin-cli.cpp
@@ -9,6 +9,7 @@
 
 #include <chainparamsbase.h>
 #include <clientversion.h>
+#include <compat.h>
 #include <compat/stdin.h>
 #include <policy/feerate.h>
 #include <rpc/client.h>
@@ -1212,19 +1213,11 @@ static int CommandLineRPC(int argc, char *argv[])
     return nRet;
 }
 
-#ifdef WIN32
-// Export main() and ensure working ASLR on Windows.
-// Exporting a symbol will prevent the linker from stripping
-// the .reloc section from the binary, which is a requirement
-// for ASLR. This is a temporary workaround until a fixed
-// version of binutils is used for releases.
-__declspec(dllexport) int main(int argc, char* argv[])
+MAIN_FUNCTION
 {
+#ifdef WIN32
     util::WinCmdLineArgs winArgs;
     std::tie(argc, argv) = winArgs.get();
-#else
-int main(int argc, char* argv[])
-{
 #endif
     SetupEnvironment();
     if (!SetupNetworking()) {

diff --git a/src/bitcoin-tx.cpp b/src/bitcoin-tx.cpp
@@ -8,6 +8,7 @@
 
 #include <clientversion.h>
 #include <coins.h>
+#include <compat.h>
 #include <consensus/amount.h>
 #include <consensus/consensus.h>
 #include <core_io.h>
@@ -854,7 +855,7 @@ static int CommandLineRawTx(int argc, char* argv[])
     return nRet;
 }
 
-int main(int argc, char* argv[])
+MAIN_FUNCTION
 {
     SetupEnvironment();
 

diff --git a/src/bitcoin-util.cpp b/src/bitcoin-util.cpp
@@ -11,6 +11,7 @@
 #include <chainparams.h>
 #include <chainparamsbase.h>
 #include <clientversion.h>
+#include <compat.h>
 #include <core_io.h>
 #include <streams.h>
 #include <util/system.h>
@@ -142,16 +143,7 @@ static int Grind(const std::vector<std::string>& args, std::string& strPrint)
     return EXIT_SUCCESS;
 }
 
-#ifdef WIN32
-// Export main() and ensure working ASLR on Windows.
-// Exporting a symbol will prevent the linker from stripping
-// the .reloc section from the binary, which is a requirement
-// for ASLR. This is a temporary workaround until a fixed
-// version of binutils is used for releases.
-__declspec(dllexport) int main(int argc, char* argv[])
-#else
-int main(int argc, char* argv[])
-#endif
+MAIN_FUNCTION
 {
     ArgsManager& args = gArgs;
     SetupEnvironment();

diff --git a/src/bitcoin-wallet.cpp b/src/bitcoin-wallet.cpp
@@ -9,6 +9,7 @@
 #include <chainparams.h>
 #include <chainparamsbase.h>
 #include <clientversion.h>
+#include <compat.h>
 #include <interfaces/init.h>
 #include <key.h>
 #include <logging.h>
@@ -88,7 +89,7 @@ static bool WalletAppInit(ArgsManager& args, int argc, char* argv[])
     return true;
 }
 
-int main(int argc, char* argv[])
+MAIN_FUNCTION
 {
     ArgsManager& args = gArgs;
 #ifdef WIN32

diff --git a/src/bitcoind.cpp b/src/bitcoind.cpp
@@ -256,7 +256,7 @@ static bool AppInit(NodeContext& node, int argc, char* argv[])
     return fRet;
 }
 
-int main(int argc, char* argv[])
+MAIN_FUNCTION
 {
 #ifdef WIN32
     util::WinCmdLineArgs winArgs;

diff --git a/src/compat.h b/src/compat.h
@@ -86,6 +86,17 @@ typedef void* sockopt_arg_type;
 typedef char* sockopt_arg_type;
 #endif
 
+#ifdef WIN32
+// Export main() and ensure working ASLR when using mingw-w64.
+// Exporting a symbol will prevent the linker from stripping
+// the .reloc section from the binary, which is a requirement
+// for ASLR. While release builds are not affected, anyone
+// building with a binutils < 2.36 is subject to this ld bug.
+#define MAIN_FUNCTION __declspec(dllexport) int main(int argc, char* argv[])
+#else
+#define MAIN_FUNCTION int main(int argc, char* argv[])
+#endif
+
 // Note these both should work with the current usage of poll, but best to be safe
 // WIN32 poll is broken https://daniel.haxx.se/blog/2012/10/10/wsapoll-is-broken/
 // __APPLE__ poll is broke https://github.com/bitcoin/bitcoin/pull/14336#issuecomment-437384408

diff --git a/src/qt/main.cpp b/src/qt/main.cpp
@@ -4,6 +4,7 @@
 
 #include <qt/bitcoin.h>
 
+#include <compat.h>
 #include <util/translation.h>
 #include <util/url.h>
 
@@ -18,4 +19,7 @@ extern const std::function<std::string(const char*)> G_TRANSLATION_FUN = [](cons
 };
 UrlDecodeFn* const URL_DECODE = urlDecode;
 
-int main(int argc, char* argv[]) { return GuiMain(argc, argv); }
+MAIN_FUNCTION
+{
+    return GuiMain(argc, argv);
+}
diff --git a/src/secp256k1/build-aux/m4/bitcoin_secp.m4 b/src/secp256k1/build-aux/m4/bitcoin_secp.m4
@@ -1,7 +1,7 @@
 dnl escape "$0x" below using the m4 quadrigaph @S|@, and escape it again with a \ for the shell.
 AC_DEFUN([SECP_64BIT_ASM_CHECK],[
 AC_MSG_CHECKING(for x86_64 assembly availability)
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[
   #include <stdint.h>]],[[
   uint64_t a = 11, tmp;
   __asm__ __volatile__("movq \@S|@0x100000000,%1; mulq %%rsi" : "+a"(a) : "S"(tmp) : "cc", "%rdx");

diff --git a/src/secp256k1/include/secp256k1.h b/src/secp256k1/include/secp256k1.h
@@ -141,9 +141,13 @@ typedef int (*secp256k1_nonce_function)(
 # define SECP256K1_NO_BUILD
 #endif
 
+/** At secp256k1 build-time DLL_EXPORT is defined when building objects destined
+ *  for a shared library, but not for those intended for static libraries.
+ */
+
 #ifndef SECP256K1_API
 # if defined(_WIN32)
-#  ifdef SECP256K1_BUILD
+#  if defined(SECP256K1_BUILD) && defined(DLL_EXPORT)
 #   define SECP256K1_API __declspec(dllexport)
 #  else
 #   define SECP256K1_API

diff --git a/src/secp256k1/sage/prove_group_implementations.sage b/src/secp256k1/sage/prove_group_implementations.sage
@@ -40,29 +40,26 @@ def formula_secp256k1_gej_add_var(branch, a, b):
   s2 = s2 * a.Z
   h = -u1
   h = h + u2
-  i = -s1
-  i = i + s2
+  i = -s2
+  i = i + s1
   if branch == 2:
     r = formula_secp256k1_gej_double_var(a)
     return (constraints(), constraints(zero={h : 'h=0', i : 'i=0', a.Infinity : 'a_finite', b.Infinity : 'b_finite'}), r)
   if branch == 3:
     return (constraints(), constraints(zero={h : 'h=0', a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={i : 'i!=0'}), point_at_infinity())
-  i2 = i^2
+  t = h * b.Z
+  rz = a.Z * t
   h2 = h^2
+  h2 = -h2
   h3 = h2 * h
-  h = h * b.Z
-  rz = a.Z * h
   t = u1 * h2
-  rx = t
-  rx = rx * 2
+  rx = i^2
   rx = rx + h3
-  rx = -rx
-  rx = rx + i2
-  ry = -rx
-  ry = ry + t
-  ry = ry * i
+  rx = rx + t
+  rx = rx + t
+  t = t + rx
+  ry = t * i
   h3 = h3 * s1
-  h3 = -h3
   ry = ry + h3
   return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz))
 
@@ -80,43 +77,41 @@ def formula_secp256k1_gej_add_ge_var(branch, a, b):
   s2 = s2 * a.Z
   h = -u1
   h = h + u2
-  i = -s1
-  i = i + s2
+  i = -s2
+  i = i + s1
   if (branch == 2):
     r = formula_secp256k1_gej_double_var(a)
     return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0', i : 'i=0'}), r)
   if (branch == 3):
     return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0'}, nonzero={i : 'i!=0'}), point_at_infinity())
-  i2 = i^2
-  h2 = h^2
-  h3 = h * h2
   rz = a.Z * h
+  h2 = h^2
+  h2 = -h2
+  h3 = h2 * h
   t = u1 * h2
-  rx = t
-  rx = rx * 2
+  rx = i^2
   rx = rx + h3
-  rx = -rx
-  rx = rx + i2
-  ry = -rx
-  ry = ry + t
-  ry = ry * i
+  rx = rx + t
+  rx = rx + t
+  t = t + rx
+  ry = t * i
   h3 = h3 * s1
-  h3 = -h3
   ry = ry + h3
   return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz))
 
 def formula_secp256k1_gej_add_zinv_var(branch, a, b):
   """libsecp256k1's secp256k1_gej_add_zinv_var"""
   bzinv = b.Z^(-1)
   if branch == 0:
-    return (constraints(), constraints(nonzero={b.Infinity : 'b_infinite'}), a)
-  if branch == 1:
+    rinf = b.Infinity
     bzinv2 = bzinv^2
     bzinv3 = bzinv2 * bzinv
     rx = b.X * bzinv2
     ry = b.Y * bzinv3
     rz = 1
-    return (constraints(), constraints(zero={b.Infinity : 'b_finite'}, nonzero={a.Infinity : 'a_infinite'}), jacobianpoint(rx, ry, rz))
+    return (constraints(), constraints(nonzero={a.Infinity : 'a_infinite'}), jacobianpoint(rx, ry, rz, rinf))
+  if branch == 1:
+    return (constraints(), constraints(zero={a.Infinity : 'a_finite'}, nonzero={b.Infinity : 'b_infinite'}), a)
   azz = a.Z * bzinv
   z12 = azz^2
   u1 = a.X
@@ -126,29 +121,25 @@ def formula_secp256k1_gej_add_zinv_var(branch, a, b):
   s2 = s2 * azz
   h = -u1
   h = h + u2
-  i = -s1
-  i = i + s2
+  i = -s2
+  i = i + s1
   if branch == 2:
     r = formula_secp256k1_gej_double_var(a)
     return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0', i : 'i=0'}), r)
   if branch == 3:
     return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0'}, nonzero={i : 'i!=0'}), point_at_infinity())
-  i2 = i^2
+  rz = a.Z * h
   h2 = h^2
-  h3 = h * h2
-  rz = a.Z
-  rz = rz * h
+  h2 = -h2
+  h3 = h2 * h
   t = u1 * h2
-  rx = t
-  rx = rx * 2
+  rx = i^2
   rx = rx + h3
-  rx = -rx
-  rx = rx + i2
-  ry = -rx
-  ry = ry + t
-  ry = ry * i
+  rx = rx + t
+  rx = rx + t
+  t = t + rx
+  ry = t * i
   h3 = h3 * s1
-  h3 = -h3
   ry = ry + h3
   return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz))
 

diff --git a/src/secp256k1/src/bench_internal.c b/src/secp256k1/src/bench_internal.c
@@ -254,6 +254,15 @@ void bench_group_add_affine_var(void* arg, int iters) {
     }
 }
 
+void bench_group_add_zinv_var(void* arg, int iters) {
+    int i;
+    bench_inv *data = (bench_inv*)arg;
+
+    for (i = 0; i < iters; i++) {
+        secp256k1_gej_add_zinv_var(&data->gej[0], &data->gej[0], &data->ge[1], &data->gej[0].y);
+    }
+}
+
 void bench_group_to_affine_var(void* arg, int iters) {
     int i;
     bench_inv *data = (bench_inv*)arg;
@@ -376,6 +385,7 @@ int main(int argc, char **argv) {
     if (d || have_flag(argc, argv, "group") || have_flag(argc, argv, "add")) run_benchmark("group_add_var", bench_group_add_var, bench_setup, NULL, &data, 10, iters*10);
     if (d || have_flag(argc, argv, "group") || have_flag(argc, argv, "add")) run_benchmark("group_add_affine", bench_group_add_affine, bench_setup, NULL, &data, 10, iters*10);
     if (d || have_flag(argc, argv, "group") || have_flag(argc, argv, "add")) run_benchmark("group_add_affine_var", bench_group_add_affine_var, bench_setup, NULL, &data, 10, iters*10);
+    if (d || have_flag(argc, argv, "group") || have_flag(argc, argv, "add")) run_benchmark("group_add_zinv_var", bench_group_add_zinv_var, bench_setup, NULL, &data, 10, iters*10);
     if (d || have_flag(argc, argv, "group") || have_flag(argc, argv, "to_affine")) run_benchmark("group_to_affine_var", bench_group_to_affine_var, bench_setup, NULL, &data, 10, iters);
 
     if (d || have_flag(argc, argv, "ecmult") || have_flag(argc, argv, "wnaf")) run_benchmark("wnaf_const", bench_wnaf_const, bench_setup, NULL, &data, 10, iters);