Debian build #600

TheBlueMatt · 2011-10-30T18:09:07Z

I know jgarzik didn't want this, but IMHO it belongs in the repo instead of (insert name of third party here)'s repo.

If the ubuntu/ubuntu ppa is to be linked on bitcoin.org (which I very much believe it should be), I would say its much better to have a debian folder in bitcoin's src, even if it just sits there and only one or two third-partys update it via pull requests instead of the core team keeping it up-to-date.

Note that this is essentially how the gitian scripts have been done for the past many releases, also just because a debian/ folder is here, doesn't mean any core devs have to deal with releases or the bitcoin/bitcoin ppa, it just makes the build process a bit more transparent and a bit more public.

Anyway, its open for discussion.

graingert · 2011-10-30T18:48:23Z

I don't see the harm in this

laanwj · 2011-10-30T19:11:12Z

I don't have problems with adding this either. The provided files can be useful for other distributions as well.

Except I don't really see the point of the included patch; we could support using the system json-spirit in the build system, this would save the need for including a diff in the repository (which can run out of date, not apply cleanly anymore etc...)

TheBlueMatt · 2011-10-30T19:40:18Z

The included patch isn't actually used (see debian/patches/series) it was added by the bitcoind debian maintainer and I just decided to leave it since it is disabled anyway.

"Wladimir J. van der Laan" reply@reply.github.com wrote:

I don't have problems with adding this either. The provided files can
be useful for other distributions as well.

Except I don't really see the point of the included patch; we could
support using the system json-spirit in the build system, this would
save the need for including a diff in the repository (which can run out
of date, not apply cleanly anymore etc...)

Reply to this email directly or view it on GitHub:
#600 (comment)

gavinandresen · 2011-11-01T00:07:29Z

Does this belong in the main repo? Or would another github repo be better (maybe 'bitcoin/distros'?)

laanwj · 2011-11-01T02:14:52Z

I think there are arguments for and against including it in the main repository.

For:

Many of us are using a debian-ish distribution, so having the files directly available (and versioned synchronously) aid in testing the debian package and debug issues like Segfault opening bitcoin on Ubuntu 11.10 #595
What applies to packaging for debian can also serve as an example for packaging for other distributions

Against:

As the debian maintainer is not currently part of the core team, it will eternally be out of date. It now already includes patches and other files that are not used. There is something to be said for keeping the main repository lean and mean.
If we made top-level directories for every distribution, we'd end up with total crazyness. Maybe moving it to contrib or even a separate repository makes sense. We could give the debian maintainer (and others) direct access there as well...

That said, quite a lot of open source packages have a "debian" directory in their main repository.

TheBlueMatt · 2011-11-01T14:56:46Z

I dont care too much where it goes, but at build-time the debian folder has to be at the top level, so if you move it, builders have to shuffle it around to commit updates and build.

Stemby · 2011-11-04T01:09:12Z

http://wiki.debian.org/DebianMentorsFaq#What.27s_wrong_with_upstream_shipping_a_debian.2BAC8_directory.3F

Ciao!

laanwj · 2011-11-04T07:40:45Z

Well if debian itself thinks it's undesirable we can close this issue.

If upstream has a debian directory in their releases, you should contact them 
and ask if they can remove the debian/ directory from their tarball releases. There's no 
need to remove the debian directory from their revision control system (although if it's 
out of date they may decide to do so anyway), but at the very least the directory 
shouldn't appear in releases. If you are upstream yourself, well, you can ask yourself to do it.

TheBlueMatt · 2011-11-04T12:33:42Z

The thing is, in this case the debian directory isn't for debian to use, it's for us.

"Wladimir J. van der Laan" reply@reply.github.com wrote:

Well if debian itself thinks it's undesirable we can close this issue.

If upstream has a debian directory in their releases, you should
contact them
and ask if they can remove the debian/ directory from their tarball
releases. There's no
need to remove the debian directory from their revision control system
(although if it's
out of date they may decide to do so anyway), but at the very least the
directory
shouldn't appear in releases. If you are upstream yourself, well, you
can ask yourself to do it.

Reply to this email directly or view it on GitHub:
#600 (comment)

Stemby · 2011-11-04T12:58:18Z

There's no need to remove the debian directory from their revision control system (although if it's out of date they may decide to do so anyway), but at the very least the directory shouldn't appear in releases.

If you think that having a debian/ directory is useful, you can keep it in Git (only in Git!) evenly.

Ciao!

TheBlueMatt · 2011-11-04T14:17:10Z

As I previously stated, the reasoning for adding our own debian directory is for distributed control/updates to the build-methods for the bitcoin/bitcoin ppa. Without this, the debian directory is manged in (insert name of third party's tree here) which just becomes a mess (we used to do that for gitian builds, but people complained too much and gitian descriptors were merged upstream).

Debian's arguments against upstream debian directories are (IMHO) very weak. All they argue is that it makes debian diffs more complicated, but if you've actually used debian's package system, it really handles diffs very cleanly and the added effort for maintainers is absolutely non-existent.

Also, if people don't want debian in the top level of bitcoin anyway, we can easily just move it to contrib and not have to worry about conflicting with debian's suggestions.

laanwj · 2011-11-04T14:32:06Z

yes, just move it to contrib, then it's in the tree and we don't have to
remove it before release every time...

TheBlueMatt · 2011-11-04T14:45:29Z

already did (though github wont update and show that if the pull is closed)

small misc stuff: fix size of total transactions, remove unused decl, and create test case for invalidateblock sync issue

98836b1 scratch: replace frames with "checkpoint" system (Andrew Poelstra) 7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory (Andrew Poelstra) a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated (Andrew Poelstra) 5a4bc0b scratch: unify allocations (Andrew Poelstra) c2b028a scratch space: thread `error_callback` into all scratch space functions (Andrew Poelstra) 0be1a4a scratch: add magic bytes to beginning of structure (Andrew Poelstra) 92a48a7 scratch space: use single allocation (Andrew Poelstra) Pull request description: ACKs for commit 98836b: Tree-SHA512: 6e251f704644a5f61b24aa05c6f7a31ad8c58d147195079d52fe45daacd28a9fd2f4aaf71273183b99b3795a01a88f8389170d4280489b2a28a14a56e03153d7

e729cc7 Merge bitcoin#657: Fix a nit in the recovery tests b64a2e2 Fix a nit in the recovery tests e028aa3 Merge bitcoin#650: secp256k1/src/tests.c: Properly handle sscanf return value f1e11d3 Merge bitcoin#654: Fix typo (∞) ef83281 Merge pull request bitcoin#656 from real-or-random/patch-1 556caad Fix typo in docs for _context_set_illegal_callback 786dfb4 Merge bitcoin#583: JNI: fix use sig array e95f8ab Merge bitcoin#644: Avoid optimizing out a verify_check 384f556 Merge bitcoin#652: README.md: update instruction to run tests ee56acc Merge bitcoin#651: Fix typo in secp256k1_preallocated.h 7b9b117 Merge bitcoin#640: scalar_impl.h: fix includes d99bec2 Merge bitcoin#655: jni: Use only Guava for hex encoding and decoding 2abcf95 jni: Use only Guava for hex encoding and decoding 271582b Fix typo ce6d438 README.md: update instruction to run tests b1e68cb Fix typo in secp256k1_preallocated.h a11c76c secp256k1/src/tests.c: Properly handle sscanf return value 94ae7cb Moved a dereference so the null check will be before the dereferencing 2cb73b1 scalar_impl.h: fix includes fa33017 Merge bitcoin#634: Add a descriptive comment for secp256k1_ecmult_const. ee9e68c Add a descriptive comment for secp256k1_ecmult_const. d0d738d Merge bitcoin#631: typo in comment for secp256k1_ec_pubkey_tweak_mul () 6914c25 typo in comment for secp256k1_ec_pubkey_tweak_mul () e541a90 Merge bitcoin#629: Avoid calling _is_zero when _set_b32 fails. f34b0c3 Merge bitcoin#630: Note intention of timing sidechannel freeness. 8d1563b Note intention of timing sidechannel freeness. 1669bb2 Merge bitcoin#628: Fix ability to compile tests without -DVERIFY. ecc94ab Merge bitcoin#627: Guard memcmp in tests against mixed size inputs. 544435f Merge bitcoin#578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e Merge bitcoin#595: Allow to use external default callbacks e49f799 Add missing #(un)defines to base-config.h 77defd2 Add secp256k1_ prefix to default callback functions 908bdce Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e Allow usage of external default callbacks 6095a86 Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e0 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails. 6c36de7 Merge bitcoin#600: scratch space: use single allocation 98836b1 scratch: replace frames with "checkpoint" system 7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0b scratch: unify allocations c2b028a scratch space: thread `error_callback` into all scratch space functions 0be1a4a scratch: add magic bytes to beginning of structure 92a48a7 scratch space: use single allocation 40839e2 Merge bitcoin#592: Use trivial algorithm in ecmult_multi if scratch space is small dcf3920 Fix ability to compile tests without -DVERIFY. a484e00 Merge bitcoin#566: Enable context creation in preallocated memory 0522caa Explain caller's obligations for preallocated memory 238305f Move _preallocated functions to separate header 695feb6 Export _preallocated functions 814cc78 Add tests for contexts in preallocated memory ba12dd0 Check arguments of _preallocated functions 5feadde Support cloning a context into preallocated memory c4fd5da Switch to a single malloc call ef020de Add size constants for preallocated memory 1bf7c05 Prepare for manual memory management in preallocated memory 248bffb Guard memcmp in tests against mixed size inputs. 36698dc Merge bitcoin#596: Make WINDOW_G configurable a61a93f Clean up ./configure help strings 2842dc5 Make WINDOW_G configurable 1a02d6c Merge bitcoin#626: Revert "Merge bitcoin#620: Install headers automatically" 662918c Revert "Merge bitcoin#620: Install headers automatically" 14c7dbd Simplify control flow in DER parsing ec8f20b Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3 Parse DER-enconded length into a size_t instead of an int 912680e Merge bitcoin#561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3a Merge bitcoin#620: Install headers automatically 5df77a0 Merge bitcoin#533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e Merge bitcoin#617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde Merge bitcoin#619: Clear a copied secret key after negation 16e8615 Install headers automatically 069870d Clear a copied secret key after negation 8979ec0 Pass scalar by reference in secp256k1_wnaf_const() 84a8085 Merge bitcoin#612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture 248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7 Use trivial algorithm in ecmult_multi if scratch space is small dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e Keep LDFLAGS if `--coverage` 74e2dbd JNI: fix use sig array 3cb057f Fix possible integer overflow in DER parsing git-subtree-dir: src/secp256k1 git-subtree-split: e729cc7

2e4ed392e1 f add tweak functions for xonly_pubkeys add8e78542 f use xonly_pubkeys in schnorrsig sign and verify 7eeb3aa498 f add xonly pubkey struct which is serialized as 32 byte and whose Y coordinate is a quadratic residue 2e76c5dc6d f don't allow counter != 0 in nonce function 639a8599ec f use tagged hashes in nonce derivation and signature hash 6bd94240b7 Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification. 8fcee9ab05 add chacha20 function 96cd94e Merge bitcoin#337: variable sized precomputed table for signing dcb2e3b variable signing precompute table b4bff99 Merge bitcoin#661: Make ./configure string consistent a467047 Make ./configure string consistent e729cc7 Merge bitcoin#657: Fix a nit in the recovery tests b64a2e2 Fix a nit in the recovery tests e028aa3 Merge bitcoin#650: secp256k1/src/tests.c: Properly handle sscanf return value f1e11d3 Merge bitcoin#654: Fix typo (∞) ef83281 Merge pull request bitcoin#656 from real-or-random/patch-1 556caad Fix typo in docs for _context_set_illegal_callback 786dfb4 Merge bitcoin#583: JNI: fix use sig array e95f8ab Merge bitcoin#644: Avoid optimizing out a verify_check 384f556 Merge bitcoin#652: README.md: update instruction to run tests ee56acc Merge bitcoin#651: Fix typo in secp256k1_preallocated.h 7b9b117 Merge bitcoin#640: scalar_impl.h: fix includes d99bec2 Merge bitcoin#655: jni: Use only Guava for hex encoding and decoding 2abcf95 jni: Use only Guava for hex encoding and decoding 271582b Fix typo ce6d438 README.md: update instruction to run tests b1e68cb Fix typo in secp256k1_preallocated.h a11c76c secp256k1/src/tests.c: Properly handle sscanf return value 94ae7cb Moved a dereference so the null check will be before the dereferencing 2cb73b1 scalar_impl.h: fix includes fa33017 Merge bitcoin#634: Add a descriptive comment for secp256k1_ecmult_const. ee9e68c Add a descriptive comment for secp256k1_ecmult_const. d0d738d Merge bitcoin#631: typo in comment for secp256k1_ec_pubkey_tweak_mul () 6914c25 typo in comment for secp256k1_ec_pubkey_tweak_mul () e541a90 Merge bitcoin#629: Avoid calling _is_zero when _set_b32 fails. f34b0c3 Merge bitcoin#630: Note intention of timing sidechannel freeness. 8d1563b Note intention of timing sidechannel freeness. 1669bb2 Merge bitcoin#628: Fix ability to compile tests without -DVERIFY. ecc94ab Merge bitcoin#627: Guard memcmp in tests against mixed size inputs. 544435f Merge bitcoin#578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e Merge bitcoin#595: Allow to use external default callbacks e49f799 Add missing #(un)defines to base-config.h 77defd2 Add secp256k1_ prefix to default callback functions 908bdce Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e Allow usage of external default callbacks 6095a86 Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e0 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails. 6c36de7 Merge bitcoin#600: scratch space: use single allocation 98836b1 scratch: replace frames with "checkpoint" system 7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0b scratch: unify allocations c2b028a scratch space: thread `error_callback` into all scratch space functions 0be1a4a scratch: add magic bytes to beginning of structure 92a48a7 scratch space: use single allocation 40839e2 Merge bitcoin#592: Use trivial algorithm in ecmult_multi if scratch space is small dcf3920 Fix ability to compile tests without -DVERIFY. a484e00 Merge bitcoin#566: Enable context creation in preallocated memory 0522caa Explain caller's obligations for preallocated memory 238305f Move _preallocated functions to separate header 695feb6 Export _preallocated functions 814cc78 Add tests for contexts in preallocated memory ba12dd0 Check arguments of _preallocated functions 5feadde Support cloning a context into preallocated memory c4fd5da Switch to a single malloc call ef020de Add size constants for preallocated memory 1bf7c05 Prepare for manual memory management in preallocated memory 248bffb Guard memcmp in tests against mixed size inputs. 36698dc Merge bitcoin#596: Make WINDOW_G configurable a61a93f Clean up ./configure help strings 2842dc5 Make WINDOW_G configurable 1a02d6c Merge bitcoin#626: Revert "Merge bitcoin#620: Install headers automatically" 662918c Revert "Merge bitcoin#620: Install headers automatically" 14c7dbd Simplify control flow in DER parsing ec8f20b Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3 Parse DER-enconded length into a size_t instead of an int 912680e Merge bitcoin#561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3a Merge bitcoin#620: Install headers automatically 5df77a0 Merge bitcoin#533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e Merge bitcoin#617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde Merge bitcoin#619: Clear a copied secret key after negation 16e8615 Install headers automatically 069870d Clear a copied secret key after negation 8979ec0 Pass scalar by reference in secp256k1_wnaf_const() 84a8085 Merge bitcoin#612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture 248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7 Use trivial algorithm in ecmult_multi if scratch space is small dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e Keep LDFLAGS if `--coverage` 74e2dbd JNI: fix use sig array 3cb057f Fix possible integer overflow in DER parsing git-subtree-dir: src/secp256k1 git-subtree-split: 2e4ed392e1fd8cb7c64787bde9b67ddc0b463e3d

44db4d8 Merge pull request bitcoin#57 from apoelstra/2019-04-surjectionproof-stack f7e4d08 surjection proof: Reject proofs with too many used inputs in reduced mode 112edb2 allow reducing surjection proof size (to lower generation stack usage) d512d78 surjectionproof: introduce `SECP256K1_SURJECTIONPROOF_MAX_USED_INPUTS` constant and set it to 16 a118acc surjectionproof: reduce stack usage e7f4ff4 Merge pull request bitcoin#70 from apoelstra/2019-06-surjection-count f94d46e Merge pull request bitcoin#71 from real-or-random/fix-trailing-test 49a1e01 surjectionproof: fix malleability in surjection proof parsing 55311b0 Fix read of wrong buffer (and OOB) in surjectionproof tests 290a27b surjectionproof: add test vectors for "set padding bits" 7bc3daa surjectionproof: add fixed test vectors 6f3b0c0 Improve comments for surctionproof init+alloc/destroy funcs 250ebb3 work in progress: add _allocate_initialized/destroy funcs 4a77633 Improve explanation of key cancellation attack in whitelist.md 898c9f0 Clarify how to derive alternative generator H 15d9278 Add bench_generator and bench_rangeproof to .gitignore 86240b2 Clean up ./configure help strings (zkp extensions) 865b761 Fix a small typo in the generator parameter name cd5ba5c generator: remove `CHECK` abort calls exposed by public API ff16651 musig: add user documentation 0ad6b60 Add 3-of-3 MuSig example b61a1a9 Add MuSig module which allows creating n-of-n multisignatures and adaptor signatures. 5d5374f Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification. a8ae6ba add chacha20 function 9a8a71e use proper types for rangeproof min/max 14769b9 rangeproof: reduce iteration count in unit tests 0593861 Enable more builds with rest of experimental flags e9fea74 Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting dec1b9c Add comment to explain effect of max_n_iterations in surjectionproof_init ea62bfe add unit test for generator and pedersen commitment roundtripping e32924f rangeproof: fix serialization of pedersen commintments 972d056 rangeproof: verify correctness of pedersen commitments when parsing 2cc4c6f generator: verify correctness of point when parsing 65ffea4 rangeproof: check that points deserialize correctly when verifying rangeproof cb786d6 rangeproof: add fixed vector test case b387ba0 Expose generator in shared library 8da4328 fix spelling in documentation 6f14fe4 Test for rejection of trailing bytes in range proofs ab4fbc1 Test for rejection of trailing bytes in surjection proofs c908c97 Reject surjection proofs with trailing garbage f723bf5 Minor bugfix. Wrong length due to NUL character. 6872069 Add whitelisting benchmark 6ceccb7 add whitelist_impl.h to include for dist a3ad4a8 generator: add API tests e93e886 generator: remove unnecessary ARG_CHECK from generate() f1d6e4b Fix generator makefile 68be611 Fix pedersen_blind_generator_blind_sum return value documentation 51fc58a Add n_keys argument to whitelist_verify 36b100c Fix checks of whitelist serialize/parse arguments c8f54e1 whitelist: fix serialize/parse API to take serialized length 56fca50 Fix include/secp256k1_rangeproof.h function argument documentation. 4617f04 rangeproof: add API tests cd4e438 surjectionproof: rename unit test functions to be more consistent with other modules 2cc7f1e surjectionproof: add API unit tests c4097f7 surjectionproof: tests_impl.h s/assert/CHECK/g 5ee6bf3 rangeproof: fix memory leak in unit tests 94e81a2 add surjection proof module a66ea35 Implement ring-signature based whitelist delegation scheme 2bb5133 rangeproof: several API changes 9b00b61 Expose generator in pedersen/rangeproof API 54fa263 Constant-time generator module 023aa86 rangeproof: expose sidechannel message field in the signing API 89e7451 [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup f126331 Pedersen commitments, borromean ring signatures, and ZK range proofs. e1fb4af Add 64-bit integer utilities e541a90 Merge bitcoin#629: Avoid calling _is_zero when _set_b32 fails. f34b0c3 Merge bitcoin#630: Note intention of timing sidechannel freeness. 8d1563b Note intention of timing sidechannel freeness. 1669bb2 Merge bitcoin#628: Fix ability to compile tests without -DVERIFY. ecc94ab Merge bitcoin#627: Guard memcmp in tests against mixed size inputs. 544435f Merge bitcoin#578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e Merge bitcoin#595: Allow to use external default callbacks e49f799 Add missing #(un)defines to base-config.h 77defd2 Add secp256k1_ prefix to default callback functions 908bdce Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e Allow usage of external default callbacks 6095a86 Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e0 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails. 6c36de7 Merge bitcoin#600: scratch space: use single allocation 98836b1 scratch: replace frames with "checkpoint" system 7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0b scratch: unify allocations c2b028a scratch space: thread `error_callback` into all scratch space functions 0be1a4a scratch: add magic bytes to beginning of structure 92a48a7 scratch space: use single allocation 40839e2 Merge bitcoin#592: Use trivial algorithm in ecmult_multi if scratch space is small dcf3920 Fix ability to compile tests without -DVERIFY. a484e00 Merge bitcoin#566: Enable context creation in preallocated memory 0522caa Explain caller's obligations for preallocated memory 238305f Move _preallocated functions to separate header 695feb6 Export _preallocated functions 814cc78 Add tests for contexts in preallocated memory ba12dd0 Check arguments of _preallocated functions 5feadde Support cloning a context into preallocated memory c4fd5da Switch to a single malloc call ef020de Add size constants for preallocated memory 1bf7c05 Prepare for manual memory management in preallocated memory 248bffb Guard memcmp in tests against mixed size inputs. 36698dc Merge bitcoin#596: Make WINDOW_G configurable a61a93f Clean up ./configure help strings 2842dc5 Make WINDOW_G configurable 1a02d6c Merge bitcoin#626: Revert "Merge bitcoin#620: Install headers automatically" 662918c Revert "Merge bitcoin#620: Install headers automatically" 14c7dbd Simplify control flow in DER parsing ec8f20b Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3 Parse DER-enconded length into a size_t instead of an int 912680e Merge bitcoin#561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3a Merge bitcoin#620: Install headers automatically 5df77a0 Merge bitcoin#533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e Merge bitcoin#617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde Merge bitcoin#619: Clear a copied secret key after negation 16e8615 Install headers automatically 069870d Clear a copied secret key after negation 8979ec0 Pass scalar by reference in secp256k1_wnaf_const() 84a8085 Merge bitcoin#612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture b19c000 Merge bitcoin#607: Use size_t shifts when computing a size_t 4d01bc2 Merge bitcoin#606: travis: Remove unused sudo:false e6d01e9 Use size_t shifts when computing a size_t 7667532 travis: Remove unused sudo:false 248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7 Use trivial algorithm in ecmult_multi if scratch space is small ee99f12 Merge bitcoin#599: Switch x86_64 asm to use "i" instead of "n" for immediate values. d58bc93 Switch x86_64 asm to use "i" instead of "n" for immediate values. 05362ee Merge bitcoin#597: Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build 8348386 Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build aa15154 Merge bitcoin#568: Fix integer overflow in ecmult_multi_var when n is large 2277af5 Fix integer overflow in ecmult_multi_var when n is large dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e Keep LDFLAGS if `--coverage` 85d0e1b Merge bitcoin#591: Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing. 1419637 Merge bitcoin#580: Add trivial ecmult_multi algorithm which does not require a scratch space a697d82 Add trivial ecmult_multi to the benchmark tool bade617 Add trivial ecmult_multi algorithm. It is selected when no scratch space is given and just multiplies and adds the points. 5545e13 Merge bitcoin#584: configure: Use CFLAGS_FOR_BUILD when checking native compiler 20c5869 Merge bitcoin#516: improvements to random seed in src/tests.c b76e45d Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing. 870a977 Merge bitcoin#562: Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse be40c4d Fixup for C90 mixed declarations. c71dd2c Merge bitcoin#509: Fix algorithm selection in bench_ecmult 6492bf8 Merge bitcoin#518: Summarize build options after running configure 0e9ada1 Merge bitcoin#567: Correct order of libs returned on pkg-config --libs --static libsecp2… e96901a Merge bitcoin#587: Make randomization of a non-signing context a noop 58df8d0 Merge bitcoin#511: Portability fix for the configure scripts generated 2ebdad7 Merge bitcoin#552: Make constants static: 1c131af Merge bitcoin#551: secp256k1_fe_sqrt: Verify that the arguments don't alias. ba698f8 Merge bitcoin#539: Assorted minor corrections 949e85b Merge bitcoin#550: Optimize secp256k1_fe_normalize_weak calls. a34bcaa Actually pass CFLAGS_FOR_BUILD and LDFLAGS_FOR_BUILD to linker 2d5f4ce configure: Use CFLAGS_FOR_BUILD when checking native compiler b408c6a Merge bitcoin#579: Use __GNUC_PREREQ for detecting __builtin_expect 6198375 Make randomization of a non-signing context a noop c663397 Use __GNUC_PREREQ for detecting __builtin_expect 3cb057f Fix possible integer overflow in DER parsing 89a20a8 Correct order of libs returned on pkg-config --libs --static libsecp256k1 call. d3cb1f9 Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse 496c5b4 Make constants static: static const secp256k1_ge secp256k1_ge_const_g; static const int CURVE_B; bf8b86c secp256k1_fe_sqrt: Verify that the arguments don't alias. 9bd89c8 Optimize secp256k1_fe_normalize_weak calls. Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead. 52ab96f clean dependendies in field_*_impl.h deff5ed Correct math typos in field_*.h 4efb3f8 Add check that restrict pointers don't alias with all parameters. 3965027 Summarize build options in configure script 0f05173 Fix algorithm selection in bench_ecmult 8b3841c fix bug in fread() failure check cddef0c tests: add warning message when /dev/urandom fails 270f6c8 Portability fix for the configure scripts generated REVERT: 43dd1f4 Merge pull request bitcoin#40 from instagibbs/size_t REVERT: 6532fa0 Merge pull request bitcoin#39 from instagibbs/more_builds REVERT: 2b2429d rangeproof: reduce iteration count in unit tests REVERT: 12b0e5d Enable more builds with rest of experimental flags REVERT: 8c444ee use proper types for rangeproof min/max REVERT: 53ad841 Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting REVERT: 71c5fe0 Add comment to explain effect of max_n_iterations in surjectionproof_init REVERT: 85fd42f add unit test for generator and pedersen commitment roundtripping REVERT: 2ccf885 rangeproof: fix serialization of pedersen commintments REVERT: 60c173b rangeproof: verify correctness of pedersen commitments when parsing REVERT: 32d7526 generator: verify correctness of point when parsing REVERT: ae14e8a rangeproof: check that points deserialize correctly when verifying rangeproof REVERT: 44fe43d rangeproof: add fixed vector test case REVERT: e065d7d Expose generator in shared library REVERT: fb1ba32 fix spelling in documentation REVERT: fb75faa Test for rejection of trailing bytes in range proofs REVERT: 9b2cf17 Test for rejection of trailing bytes in surjection proofs REVERT: a3a1800 Reject surjection proofs with trailing garbage REVERT: 0c77ae9 Minor bugfix. Wrong length due to NUL character. REVERT: b1f31bc Add whitelisting benchmark REVERT: 52a9f8f add whitelist_impl.h to include for dist REVERT: a707865 generator: add API tests REVERT: ec1ef04 generator: remove unnecessary ARG_CHECK from generate() REVERT: b0e9aa8 Fix generator makefile REVERT: 526c654 Fix pedersen_blind_generator_blind_sum return value documentation REVERT: b51886e Add n_keys argument to whitelist_verify REVERT: 37c57de Fix checks of whitelist serialize/parse arguments REVERT: 9b8a9d9 whitelist: fix serialize/parse API to take serialized length REVERT: 7f17515 Fix include/secp256k1_rangeproof.h function argument documentation. REVERT: 0d81702 rangeproof: add API tests REVERT: 417bb06 surjectionproof: rename unit test functions to be more consistent with other modules REVERT: 1e2d5c1 surjectionproof: add API unit tests REVERT: 7878a29 surjectionproof: tests_impl.h s/assert/CHECK/g REVERT: e609591 rangeproof: fix memory leak in unit tests REVERT: 0c17f79 add surjection proof module REVERT: c174f0c Implement ring-signature based whitelist delegation scheme REVERT: a2bc660 rangeproof: several API changes REVERT: 21bfb3c Expose generator in pedersen/rangeproof API REVERT: f4620de Constant-time generator module REVERT: d46fc3c rangeproof: expose sidechannel message field in the signing API REVERT: cf40b1b [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup REVERT: 6d28767 Get rid of precomputed H tables (Pieter Wuille) REVERT: ae1e576 Pedersen commitments, borromean ring signatures, and ZK range proofs. REVERT: efc61dc Add 64-bit integer utilities git-subtree-dir: src/secp256k1 git-subtree-split: 44db4d801fff3cd94105136cb443d603683baad2

9d5373307c f add new bip-schnorr test vector 14 44881b21e3 f rename is_positive in schnorrsig module to has_square_y affa6e87e9 f rename is_positive in xonly_pubkey api to has_square_y b5fcf54149 f uninitialized memory in tests 7e4ea97582 f trigger travis 538052c950 f reenable test vectors 26f95c556a f feed seckey that is actually signed with (i.e. perhaps negated) into nonce functions 2b36bf7db3 f sign -> is_positive dfce048bde f remove xonly_pubkey_to_pubkey 74bb3b4318 f don't use secp256k1_pubkeys in xonly_tweak api and instead use is_positive flag 5764b2b2b7 f test that pubkey is zeroed after xonly_pubkey_parse returned 0 e28b61c290 f const casting 84fe42737d f address some of pieter's comments 2e4ed392e1 f add tweak functions for xonly_pubkeys add8e78542 f use xonly_pubkeys in schnorrsig sign and verify 7eeb3aa498 f add xonly pubkey struct which is serialized as 32 byte and whose Y coordinate is a quadratic residue 2e76c5dc6d f don't allow counter != 0 in nonce function 639a8599ec f use tagged hashes in nonce derivation and signature hash 6bd94240b7 Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification. 8fcee9ab05 add chacha20 function 96cd94e Merge bitcoin#337: variable sized precomputed table for signing dcb2e3b variable signing precompute table b4bff99 Merge bitcoin#661: Make ./configure string consistent a467047 Make ./configure string consistent e729cc7 Merge bitcoin#657: Fix a nit in the recovery tests b64a2e2 Fix a nit in the recovery tests e028aa3 Merge bitcoin#650: secp256k1/src/tests.c: Properly handle sscanf return value f1e11d3 Merge bitcoin#654: Fix typo (∞) ef83281 Merge pull request bitcoin#656 from real-or-random/patch-1 556caad Fix typo in docs for _context_set_illegal_callback 786dfb4 Merge bitcoin#583: JNI: fix use sig array e95f8ab Merge bitcoin#644: Avoid optimizing out a verify_check 384f556 Merge bitcoin#652: README.md: update instruction to run tests ee56acc Merge bitcoin#651: Fix typo in secp256k1_preallocated.h 7b9b117 Merge bitcoin#640: scalar_impl.h: fix includes d99bec2 Merge bitcoin#655: jni: Use only Guava for hex encoding and decoding 2abcf95 jni: Use only Guava for hex encoding and decoding 271582b Fix typo ce6d438 README.md: update instruction to run tests b1e68cb Fix typo in secp256k1_preallocated.h a11c76c secp256k1/src/tests.c: Properly handle sscanf return value 94ae7cb Moved a dereference so the null check will be before the dereferencing 2cb73b1 scalar_impl.h: fix includes fa33017 Merge bitcoin#634: Add a descriptive comment for secp256k1_ecmult_const. ee9e68c Add a descriptive comment for secp256k1_ecmult_const. d0d738d Merge bitcoin#631: typo in comment for secp256k1_ec_pubkey_tweak_mul () 6914c25 typo in comment for secp256k1_ec_pubkey_tweak_mul () e541a90 Merge bitcoin#629: Avoid calling _is_zero when _set_b32 fails. f34b0c3 Merge bitcoin#630: Note intention of timing sidechannel freeness. 8d1563b Note intention of timing sidechannel freeness. 1669bb2 Merge bitcoin#628: Fix ability to compile tests without -DVERIFY. ecc94ab Merge bitcoin#627: Guard memcmp in tests against mixed size inputs. 544435f Merge bitcoin#578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e Merge bitcoin#595: Allow to use external default callbacks e49f799 Add missing #(un)defines to base-config.h 77defd2 Add secp256k1_ prefix to default callback functions 908bdce Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e Allow usage of external default callbacks 6095a86 Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e0 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails. 6c36de7 Merge bitcoin#600: scratch space: use single allocation 98836b1 scratch: replace frames with "checkpoint" system 7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0b scratch: unify allocations c2b028a scratch space: thread `error_callback` into all scratch space functions 0be1a4a scratch: add magic bytes to beginning of structure 92a48a7 scratch space: use single allocation 40839e2 Merge bitcoin#592: Use trivial algorithm in ecmult_multi if scratch space is small dcf3920 Fix ability to compile tests without -DVERIFY. a484e00 Merge bitcoin#566: Enable context creation in preallocated memory 0522caa Explain caller's obligations for preallocated memory 238305f Move _preallocated functions to separate header 695feb6 Export _preallocated functions 814cc78 Add tests for contexts in preallocated memory ba12dd0 Check arguments of _preallocated functions 5feadde Support cloning a context into preallocated memory c4fd5da Switch to a single malloc call ef020de Add size constants for preallocated memory 1bf7c05 Prepare for manual memory management in preallocated memory 248bffb Guard memcmp in tests against mixed size inputs. 36698dc Merge bitcoin#596: Make WINDOW_G configurable a61a93f Clean up ./configure help strings 2842dc5 Make WINDOW_G configurable 1a02d6c Merge bitcoin#626: Revert "Merge bitcoin#620: Install headers automatically" 662918c Revert "Merge bitcoin#620: Install headers automatically" 14c7dbd Simplify control flow in DER parsing ec8f20b Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3 Parse DER-enconded length into a size_t instead of an int 912680e Merge bitcoin#561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3a Merge bitcoin#620: Install headers automatically 5df77a0 Merge bitcoin#533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e Merge bitcoin#617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde Merge bitcoin#619: Clear a copied secret key after negation 16e8615 Install headers automatically 069870d Clear a copied secret key after negation 8979ec0 Pass scalar by reference in secp256k1_wnaf_const() 84a8085 Merge bitcoin#612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture 248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7 Use trivial algorithm in ecmult_multi if scratch space is small dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e Keep LDFLAGS if `--coverage` 74e2dbd JNI: fix use sig array 3cb057f Fix possible integer overflow in DER parsing git-subtree-dir: src/secp256k1 git-subtree-split: 9d5373307cfad5fa1b53820d417a8155d2d557dc

c86c6cff66 Fixup rename 41b7be1dac f rename xonly_pubkey_tweak_verify to xonly_pubkey_tweak_test and add a few notes that this does not verify anything cryptographically a36d45d597 f don't use ec_pubkey_parse indirection in xonly_pubkey_parse a8686b9670 f don't use ec_pubkey_parse indirection in xonly_pubkey_parse 19c144ccca f rename schnorrsig_real_verify because it doesn't verify 7dbb2e8f9b f add macro SECP256K1_LEN_XONLY_PUBKEY equal to 32 to allow reducing magic numbers in calling code a87a0576dc f Move most of ec_pubkey_absolute into ge_absolute to make it available to functions which don't operate on pubkeys but on group elements. d727cb31c0 Add taproot test case to schnorrsig module e8b8e794b7 Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification 69f1e8923d Add initialize_tagged to sha256 which initializes and writes the 64 byte string SHA256(tag)||SHA256(tag) into it. 641ba4a238 Add chacha20 function 4d84cb8fdc Add tweak functions for xonly_pubkeys that allow to add a tweak to a secret key, xonly_public key and verify a tweak. 0a3a7f9b6c Add xonly_pubkeys which are serialized as 32 byte and whose Y coordinate is a quadratic residue 0c774d8 Merge bitcoin#688: Fix ASM setting in travis 5c5f71e Fix ASM setting in travis e2625f8 Merge bitcoin#684: Make no-float policy explicit bae1bea Make no-float policy explicit 770b3dc Merge bitcoin#677: Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var b76142f Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var which was removed in 4704527 137d304 Merge bitcoin#647: Increase robustness against UB in secp256k1_scalar_cadd_bit 0d9540b Merge bitcoin#664: Remove mention of ec_privkey_export because it doesn't exist 59782c6 Remove mention of ec_privkey_export because it doesn't exist 96cd94e Merge bitcoin#337: variable sized precomputed table for signing dcb2e3b variable signing precompute table b4bff99 Merge bitcoin#661: Make ./configure string consistent a467047 Make ./configure string consistent e729cc7 Merge bitcoin#657: Fix a nit in the recovery tests b64a2e2 Fix a nit in the recovery tests e028aa3 Merge bitcoin#650: secp256k1/src/tests.c: Properly handle sscanf return value f1e11d3 Merge bitcoin#654: Fix typo (∞) ef83281 Merge pull request bitcoin#656 from real-or-random/patch-1 556caad Fix typo in docs for _context_set_illegal_callback 0d82732 Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit. This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow. 786dfb4 Merge bitcoin#583: JNI: fix use sig array e95f8ab Merge bitcoin#644: Avoid optimizing out a verify_check 384f556 Merge bitcoin#652: README.md: update instruction to run tests ee56acc Merge bitcoin#651: Fix typo in secp256k1_preallocated.h 7b9b117 Merge bitcoin#640: scalar_impl.h: fix includes d99bec2 Merge bitcoin#655: jni: Use only Guava for hex encoding and decoding 2abcf95 jni: Use only Guava for hex encoding and decoding 271582b Fix typo ce6d438 README.md: update instruction to run tests b1e68cb Fix typo in secp256k1_preallocated.h a11c76c secp256k1/src/tests.c: Properly handle sscanf return value 8fe63e5 Increase robustness against UB. Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour. While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands. 94ae7cb Moved a dereference so the null check will be before the dereferencing 2cb73b1 scalar_impl.h: fix includes fa33017 Merge bitcoin#634: Add a descriptive comment for secp256k1_ecmult_const. ee9e68c Add a descriptive comment for secp256k1_ecmult_const. d0d738d Merge bitcoin#631: typo in comment for secp256k1_ec_pubkey_tweak_mul () 6914c25 typo in comment for secp256k1_ec_pubkey_tweak_mul () e541a90 Merge bitcoin#629: Avoid calling _is_zero when _set_b32 fails. f34b0c3 Merge bitcoin#630: Note intention of timing sidechannel freeness. 8d1563b Note intention of timing sidechannel freeness. 1669bb2 Merge bitcoin#628: Fix ability to compile tests without -DVERIFY. ecc94ab Merge bitcoin#627: Guard memcmp in tests against mixed size inputs. 544435f Merge bitcoin#578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e Merge bitcoin#595: Allow to use external default callbacks e49f799 Add missing #(un)defines to base-config.h 77defd2 Add secp256k1_ prefix to default callback functions 908bdce Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e Allow usage of external default callbacks 6095a86 Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e0 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails. 6c36de7 Merge bitcoin#600: scratch space: use single allocation 98836b1 scratch: replace frames with "checkpoint" system 7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0b scratch: unify allocations c2b028a scratch space: thread `error_callback` into all scratch space functions 0be1a4a scratch: add magic bytes to beginning of structure 92a48a7 scratch space: use single allocation 40839e2 Merge bitcoin#592: Use trivial algorithm in ecmult_multi if scratch space is small dcf3920 Fix ability to compile tests without -DVERIFY. a484e00 Merge bitcoin#566: Enable context creation in preallocated memory 0522caa Explain caller's obligations for preallocated memory 238305f Move _preallocated functions to separate header 695feb6 Export _preallocated functions 814cc78 Add tests for contexts in preallocated memory ba12dd0 Check arguments of _preallocated functions 5feadde Support cloning a context into preallocated memory c4fd5da Switch to a single malloc call ef020de Add size constants for preallocated memory 1bf7c05 Prepare for manual memory management in preallocated memory 248bffb Guard memcmp in tests against mixed size inputs. 36698dc Merge bitcoin#596: Make WINDOW_G configurable a61a93f Clean up ./configure help strings 2842dc5 Make WINDOW_G configurable 1a02d6c Merge bitcoin#626: Revert "Merge bitcoin#620: Install headers automatically" 662918c Revert "Merge bitcoin#620: Install headers automatically" 14c7dbd Simplify control flow in DER parsing ec8f20b Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3 Parse DER-enconded length into a size_t instead of an int 912680e Merge bitcoin#561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3a Merge bitcoin#620: Install headers automatically 5df77a0 Merge bitcoin#533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e Merge bitcoin#617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde Merge bitcoin#619: Clear a copied secret key after negation 16e8615 Install headers automatically 069870d Clear a copied secret key after negation 8979ec0 Pass scalar by reference in secp256k1_wnaf_const() 84a8085 Merge bitcoin#612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture 248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7 Use trivial algorithm in ecmult_multi if scratch space is small dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e Keep LDFLAGS if `--coverage` 74e2dbd JNI: fix use sig array 3cb057f Fix possible integer overflow in DER parsing git-subtree-dir: src/secp256k1 git-subtree-split: c86c6cff663e6c928c668623da2fced18e338ff5

df8c69879 f rename private to secret key to be compatible with PR 701 59f2fd7c1 f add test that xonly_add zeroes the output on failure af3f0e52a f do xonly_pubkey_tweak_add in place to be consistent with ec_pubkey_tweak_add 6e0290679 f is_negated and added test 1901f3bf9 Add taproot test case to schnorrsig module 6a7ee8a86 Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification c6473591a Add initialize_tagged to sha256 which initializes and writes the 64 byte string SHA256(tag)||SHA256(tag) into it. fd9609d7c Add chacha20 function 1abbe1bb6 Add tweak functions for xonly_pubkeys that allow to add a tweak to a secret key, xonly_public key and verify a tweak. 9eb303a0f Add xonly_pubkeys which are serialized as 32 byte and whose Y coordinate is a quadratic residue 387d723 Merge bitcoin#679: Add SECURITY.md 0db61d2 Merge bitcoin#685: Fix issue where travis does not show the ./tests seed… a0771d1 Explicitly disable buffering for stderr in tests fb424fb Make travis show the ./tests seed by removing stdout buffering and always cat tests.log after a travis run. 22a6031 Merge bitcoin#690: Add valgrind check to travis 544002c Merge bitcoin#678: Preventing compiler optimizations in benchmarks without a memory fence dd98cc9 travis: Added a valgrind test without endro and enabled recovery+ecdh b4c1382 Add valgrind check to travis 0c774d8 Merge bitcoin#688: Fix ASM setting in travis 5c5f71e Fix ASM setting in travis e2625f8 Merge bitcoin#684: Make no-float policy explicit bae1bea Make no-float policy explicit 78c3836 Add SECURITY.md 362bb25 Modified bench_scalar_split so it won't get optimized out 73a30c6 Added accumulators and checks on benchmarks so they won't get optimized out 770b3dc Merge bitcoin#677: Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var b76142f Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var which was removed in 4704527 137d304 Merge bitcoin#647: Increase robustness against UB in secp256k1_scalar_cadd_bit 0d9540b Merge bitcoin#664: Remove mention of ec_privkey_export because it doesn't exist 59782c6 Remove mention of ec_privkey_export because it doesn't exist 96cd94e Merge bitcoin#337: variable sized precomputed table for signing dcb2e3b variable signing precompute table b4bff99 Merge bitcoin#661: Make ./configure string consistent a467047 Make ./configure string consistent e729cc7 Merge bitcoin#657: Fix a nit in the recovery tests b64a2e2 Fix a nit in the recovery tests e028aa3 Merge bitcoin#650: secp256k1/src/tests.c: Properly handle sscanf return value f1e11d3 Merge bitcoin#654: Fix typo (∞) ef83281 Merge pull request bitcoin#656 from real-or-random/patch-1 556caad Fix typo in docs for _context_set_illegal_callback 0d82732 Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit. This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow. 786dfb4 Merge bitcoin#583: JNI: fix use sig array e95f8ab Merge bitcoin#644: Avoid optimizing out a verify_check 384f556 Merge bitcoin#652: README.md: update instruction to run tests ee56acc Merge bitcoin#651: Fix typo in secp256k1_preallocated.h 7b9b117 Merge bitcoin#640: scalar_impl.h: fix includes d99bec2 Merge bitcoin#655: jni: Use only Guava for hex encoding and decoding 2abcf95 jni: Use only Guava for hex encoding and decoding 271582b Fix typo ce6d438 README.md: update instruction to run tests b1e68cb Fix typo in secp256k1_preallocated.h a11c76c secp256k1/src/tests.c: Properly handle sscanf return value 8fe63e5 Increase robustness against UB. Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour. While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands. 94ae7cb Moved a dereference so the null check will be before the dereferencing 2cb73b1 scalar_impl.h: fix includes fa33017 Merge bitcoin#634: Add a descriptive comment for secp256k1_ecmult_const. ee9e68c Add a descriptive comment for secp256k1_ecmult_const. d0d738d Merge bitcoin#631: typo in comment for secp256k1_ec_pubkey_tweak_mul () 6914c25 typo in comment for secp256k1_ec_pubkey_tweak_mul () e541a90 Merge bitcoin#629: Avoid calling _is_zero when _set_b32 fails. f34b0c3 Merge bitcoin#630: Note intention of timing sidechannel freeness. 8d1563b Note intention of timing sidechannel freeness. 1669bb2 Merge bitcoin#628: Fix ability to compile tests without -DVERIFY. ecc94ab Merge bitcoin#627: Guard memcmp in tests against mixed size inputs. 544435f Merge bitcoin#578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e Merge bitcoin#595: Allow to use external default callbacks e49f799 Add missing #(un)defines to base-config.h 77defd2 Add secp256k1_ prefix to default callback functions 908bdce Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e Allow usage of external default callbacks 6095a86 Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e0 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails. 6c36de7 Merge bitcoin#600: scratch space: use single allocation 98836b1 scratch: replace frames with "checkpoint" system 7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0b scratch: unify allocations c2b028a scratch space: thread `error_callback` into all scratch space functions 0be1a4a scratch: add magic bytes to beginning of structure 92a48a7 scratch space: use single allocation 40839e2 Merge bitcoin#592: Use trivial algorithm in ecmult_multi if scratch space is small dcf3920 Fix ability to compile tests without -DVERIFY. a484e00 Merge bitcoin#566: Enable context creation in preallocated memory 0522caa Explain caller's obligations for preallocated memory 238305f Move _preallocated functions to separate header 695feb6 Export _preallocated functions 814cc78 Add tests for contexts in preallocated memory ba12dd0 Check arguments of _preallocated functions 5feadde Support cloning a context into preallocated memory c4fd5da Switch to a single malloc call ef020de Add size constants for preallocated memory 1bf7c05 Prepare for manual memory management in preallocated memory 248bffb Guard memcmp in tests against mixed size inputs. 36698dc Merge bitcoin#596: Make WINDOW_G configurable a61a93f Clean up ./configure help strings 2842dc5 Make WINDOW_G configurable 1a02d6c Merge bitcoin#626: Revert "Merge bitcoin#620: Install headers automatically" 662918c Revert "Merge bitcoin#620: Install headers automatically" 14c7dbd Simplify control flow in DER parsing ec8f20b Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3 Parse DER-enconded length into a size_t instead of an int 912680e Merge bitcoin#561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3a Merge bitcoin#620: Install headers automatically 5df77a0 Merge bitcoin#533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e Merge bitcoin#617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde Merge bitcoin#619: Clear a copied secret key after negation 16e8615 Install headers automatically 069870d Clear a copied secret key after negation 8979ec0 Pass scalar by reference in secp256k1_wnaf_const() 84a8085 Merge bitcoin#612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture 248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7 Use trivial algorithm in ecmult_multi if scratch space is small dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e Keep LDFLAGS if `--coverage` 74e2dbd JNI: fix use sig array 3cb057f Fix possible integer overflow in DER parsing git-subtree-dir: src/secp256k1 git-subtree-split: df8c698793a51639b6fdb5b908b1ddfaedbe1fd5

df8c698793 f rename private to secret key to be compatible with PR 701 59f2fd7c19 f add test that xonly_add zeroes the output on failure af3f0e52aa f do xonly_pubkey_tweak_add in place to be consistent with ec_pubkey_tweak_add 6e0290679c f is_negated and added test 1901f3bf9c Add taproot test case to schnorrsig module 6a7ee8a862 Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification c6473591a1 Add initialize_tagged to sha256 which initializes and writes the 64 byte string SHA256(tag)||SHA256(tag) into it. fd9609d7c5 Add chacha20 function 1abbe1bb6e Add tweak functions for xonly_pubkeys that allow to add a tweak to a secret key, xonly_public key and verify a tweak. 9eb303a0fa Add xonly_pubkeys which are serialized as 32 byte and whose Y coordinate is a quadratic residue 387d723 Merge bitcoin#679: Add SECURITY.md 0db61d2 Merge bitcoin#685: Fix issue where travis does not show the ./tests seed… a0771d1 Explicitly disable buffering for stderr in tests fb424fb Make travis show the ./tests seed by removing stdout buffering and always cat tests.log after a travis run. 22a6031 Merge bitcoin#690: Add valgrind check to travis 544002c Merge bitcoin#678: Preventing compiler optimizations in benchmarks without a memory fence dd98cc9 travis: Added a valgrind test without endro and enabled recovery+ecdh b4c1382 Add valgrind check to travis 0c774d8 Merge bitcoin#688: Fix ASM setting in travis 5c5f71e Fix ASM setting in travis e2625f8 Merge bitcoin#684: Make no-float policy explicit bae1bea Make no-float policy explicit 78c3836 Add SECURITY.md 362bb25 Modified bench_scalar_split so it won't get optimized out 73a30c6 Added accumulators and checks on benchmarks so they won't get optimized out 770b3dc Merge bitcoin#677: Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var b76142f Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var which was removed in 4704527 137d304 Merge bitcoin#647: Increase robustness against UB in secp256k1_scalar_cadd_bit 0d9540b Merge bitcoin#664: Remove mention of ec_privkey_export because it doesn't exist 59782c6 Remove mention of ec_privkey_export because it doesn't exist 96cd94e Merge bitcoin#337: variable sized precomputed table for signing dcb2e3b variable signing precompute table b4bff99 Merge bitcoin#661: Make ./configure string consistent a467047 Make ./configure string consistent e729cc7 Merge bitcoin#657: Fix a nit in the recovery tests b64a2e2 Fix a nit in the recovery tests e028aa3 Merge bitcoin#650: secp256k1/src/tests.c: Properly handle sscanf return value f1e11d3 Merge bitcoin#654: Fix typo (∞) ef83281 Merge pull request bitcoin#656 from real-or-random/patch-1 556caad Fix typo in docs for _context_set_illegal_callback 0d82732 Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit. This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow. 786dfb4 Merge bitcoin#583: JNI: fix use sig array e95f8ab Merge bitcoin#644: Avoid optimizing out a verify_check 384f556 Merge bitcoin#652: README.md: update instruction to run tests ee56acc Merge bitcoin#651: Fix typo in secp256k1_preallocated.h 7b9b117 Merge bitcoin#640: scalar_impl.h: fix includes d99bec2 Merge bitcoin#655: jni: Use only Guava for hex encoding and decoding 2abcf95 jni: Use only Guava for hex encoding and decoding 271582b Fix typo ce6d438 README.md: update instruction to run tests b1e68cb Fix typo in secp256k1_preallocated.h a11c76c secp256k1/src/tests.c: Properly handle sscanf return value 8fe63e5 Increase robustness against UB. Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour. While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands. 94ae7cb Moved a dereference so the null check will be before the dereferencing 2cb73b1 scalar_impl.h: fix includes fa33017 Merge bitcoin#634: Add a descriptive comment for secp256k1_ecmult_const. ee9e68c Add a descriptive comment for secp256k1_ecmult_const. d0d738d Merge bitcoin#631: typo in comment for secp256k1_ec_pubkey_tweak_mul () 6914c25 typo in comment for secp256k1_ec_pubkey_tweak_mul () e541a90 Merge bitcoin#629: Avoid calling _is_zero when _set_b32 fails. f34b0c3 Merge bitcoin#630: Note intention of timing sidechannel freeness. 8d1563b Note intention of timing sidechannel freeness. 1669bb2 Merge bitcoin#628: Fix ability to compile tests without -DVERIFY. ecc94ab Merge bitcoin#627: Guard memcmp in tests against mixed size inputs. 544435f Merge bitcoin#578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e Merge bitcoin#595: Allow to use external default callbacks e49f799 Add missing #(un)defines to base-config.h 77defd2 Add secp256k1_ prefix to default callback functions 908bdce Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e Allow usage of external default callbacks 6095a86 Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e0 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails. 6c36de7 Merge bitcoin#600: scratch space: use single allocation 98836b1 scratch: replace frames with "checkpoint" system 7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0b scratch: unify allocations c2b028a scratch space: thread `error_callback` into all scratch space functions 0be1a4a scratch: add magic bytes to beginning of structure 92a48a7 scratch space: use single allocation 40839e2 Merge bitcoin#592: Use trivial algorithm in ecmult_multi if scratch space is small dcf3920 Fix ability to compile tests without -DVERIFY. a484e00 Merge bitcoin#566: Enable context creation in preallocated memory 0522caa Explain caller's obligations for preallocated memory 238305f Move _preallocated functions to separate header 695feb6 Export _preallocated functions 814cc78 Add tests for contexts in preallocated memory ba12dd0 Check arguments of _preallocated functions 5feadde Support cloning a context into preallocated memory c4fd5da Switch to a single malloc call ef020de Add size constants for preallocated memory 1bf7c05 Prepare for manual memory management in preallocated memory 248bffb Guard memcmp in tests against mixed size inputs. 36698dc Merge bitcoin#596: Make WINDOW_G configurable a61a93f Clean up ./configure help strings 2842dc5 Make WINDOW_G configurable 1a02d6c Merge bitcoin#626: Revert "Merge bitcoin#620: Install headers automatically" 662918c Revert "Merge bitcoin#620: Install headers automatically" 14c7dbd Simplify control flow in DER parsing ec8f20b Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3 Parse DER-enconded length into a size_t instead of an int 912680e Merge bitcoin#561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3a Merge bitcoin#620: Install headers automatically 5df77a0 Merge bitcoin#533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e Merge bitcoin#617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde Merge bitcoin#619: Clear a copied secret key after negation 16e8615 Install headers automatically 069870d Clear a copied secret key after negation 8979ec0 Pass scalar by reference in secp256k1_wnaf_const() 84a8085 Merge bitcoin#612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture 248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7 Use trivial algorithm in ecmult_multi if scratch space is small dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e Keep LDFLAGS if `--coverage` 74e2dbd JNI: fix use sig array 3cb057f Fix possible integer overflow in DER parsing git-subtree-dir: src/secp256k1 git-subtree-split: df8c698793a51639b6fdb5b908b1ddfaedbe1fd5

819c3a6c1 f update schnorrsig test to new secp256k1_xonly_pubkey_tweak_test api 56d83fdca f secp256k1_xonly_pubkey_tweak_test avoids decompressing output pubkey e63c4d669 f remove remnants of square Y 8439ce171 f improve nonce_function_bip340 tests 3bb12e339 f reenable test vectors 29bdda7ef f mask key in bip340 nonce function 4650ae812 f add tagged hash for bip340 auxiliary random data 593ceddf2 f add comment about overflowing schnorrsig challenge hashes 23c3b0050 f need to serialize internal pk for tweak in taproot test 4c8cdc644 f use updated schnorrsig BIP340 challenge tag 32dfe512e f update schnorr signing to updated bip 340 nonce tag 92205468c f update bip 340 nonce function tag 3bb25272e f no need to allow NULL algo16 in the BIP-340 nonce because the nonce function is incompatible with ecdsa anyway fa8d65e6b f use extended nonce function in schnorrsigs 7c9f51c18 f add pubkey argument to "extended" nonce function and make bip340 instantiation of that 90384c606 f switch from squareness to evenness in schnorrsig sign ef38b0ca5 f switch from squareness to evenness as tiebreaker in xonly keys aacf9e043 f disable test vectors for now 04c0cf9a6 f typos c149dbf37 f rename bip-schnorr to BIP-340 and fix links bb252f13c f rename private to secret key to be compatible with PR 701 8be18c0ac f add test that xonly_add zeroes the output on failure fc45a12d6 f do xonly_pubkey_tweak_add in place to be consistent with ec_pubkey_tweak_add cb1be064d f is_negated and added test f90656db7 Add taproot test case to schnorrsig module a61d98658 Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification e72ce1b6f Add initialize_tagged to sha256 which initializes and writes the 64 byte string SHA256(tag)||SHA256(tag) into it. 72ebc184e Add chacha20 function cb4a86089 Add tweak functions for xonly_pubkeys that allow to add a tweak to a secret key, xonly_public key and verify a tweak. 2757437fd Add xonly_pubkeys which are serialized as 32 byte and whose Y coordinate is a quadratic residue 856a01d Merge bitcoin#714: doc: document the length requirements of output parameter. d72b9e2 Merge bitcoin#682: Remove Java Native Interface 4b48a43 doc: document the length requirements of output parameter. 1b4d256 Merge bitcoin#713: Docstrings dabfea7 field: extend docstring of secp256k1_fe_normalize dc7d8fd scalar: extend docstring of secp256k1_scalar_set_b32 074ab58 Merge bitcoin#704: README: add a section for test coverage acb7f97 README: add a section for test coverage 227a4f2 Merge bitcoin#709: Remove secret-dependant non-constant time operation in ecmult_const. d567b77 Clarify comments about use of rzr on ge functions and abs function. 2241ae6 Remove secret-dependant non-constant time operation in ecmult_const. 642cd06 Remove Java Native Interface f45d897 Merge bitcoin#703: Overhaul README.md 2e759ec Overhaul README.md d644dda Merge bitcoin#689: Remove "except in benchmarks" exception for fp math bde2a32 Convert bench.h to fixed-point math 387d723 Merge bitcoin#679: Add SECURITY.md 0db61d2 Merge bitcoin#685: Fix issue where travis does not show the ./tests seed… a0771d1 Explicitly disable buffering for stderr in tests fb424fb Make travis show the ./tests seed by removing stdout buffering and always cat tests.log after a travis run. 22a6031 Merge bitcoin#690: Add valgrind check to travis 544002c Merge bitcoin#678: Preventing compiler optimizations in benchmarks without a memory fence dd98cc9 travis: Added a valgrind test without endro and enabled recovery+ecdh b4c1382 Add valgrind check to travis 0c774d8 Merge bitcoin#688: Fix ASM setting in travis 5c5f71e Fix ASM setting in travis e2625f8 Merge bitcoin#684: Make no-float policy explicit bae1bea Make no-float policy explicit 78c3836 Add SECURITY.md 362bb25 Modified bench_scalar_split so it won't get optimized out 73a30c6 Added accumulators and checks on benchmarks so they won't get optimized out 770b3dc Merge bitcoin#677: Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var b76142f Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var which was removed in 4704527 137d304 Merge bitcoin#647: Increase robustness against UB in secp256k1_scalar_cadd_bit 0d9540b Merge bitcoin#664: Remove mention of ec_privkey_export because it doesn't exist 59782c6 Remove mention of ec_privkey_export because it doesn't exist 96cd94e Merge bitcoin#337: variable sized precomputed table for signing dcb2e3b variable signing precompute table b4bff99 Merge bitcoin#661: Make ./configure string consistent a467047 Make ./configure string consistent e729cc7 Merge bitcoin#657: Fix a nit in the recovery tests b64a2e2 Fix a nit in the recovery tests e028aa3 Merge bitcoin#650: secp256k1/src/tests.c: Properly handle sscanf return value f1e11d3 Merge bitcoin#654: Fix typo (∞) ef83281 Merge pull request bitcoin#656 from real-or-random/patch-1 556caad Fix typo in docs for _context_set_illegal_callback 0d82732 Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit. This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow. 786dfb4 Merge bitcoin#583: JNI: fix use sig array e95f8ab Merge bitcoin#644: Avoid optimizing out a verify_check 384f556 Merge bitcoin#652: README.md: update instruction to run tests ee56acc Merge bitcoin#651: Fix typo in secp256k1_preallocated.h 7b9b117 Merge bitcoin#640: scalar_impl.h: fix includes d99bec2 Merge bitcoin#655: jni: Use only Guava for hex encoding and decoding 2abcf95 jni: Use only Guava for hex encoding and decoding 271582b Fix typo ce6d438 README.md: update instruction to run tests b1e68cb Fix typo in secp256k1_preallocated.h a11c76c secp256k1/src/tests.c: Properly handle sscanf return value 8fe63e5 Increase robustness against UB. Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour. While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands. 94ae7cb Moved a dereference so the null check will be before the dereferencing 2cb73b1 scalar_impl.h: fix includes fa33017 Merge bitcoin#634: Add a descriptive comment for secp256k1_ecmult_const. ee9e68c Add a descriptive comment for secp256k1_ecmult_const. d0d738d Merge bitcoin#631: typo in comment for secp256k1_ec_pubkey_tweak_mul () 6914c25 typo in comment for secp256k1_ec_pubkey_tweak_mul () e541a90 Merge bitcoin#629: Avoid calling _is_zero when _set_b32 fails. f34b0c3 Merge bitcoin#630: Note intention of timing sidechannel freeness. 8d1563b Note intention of timing sidechannel freeness. 1669bb2 Merge bitcoin#628: Fix ability to compile tests without -DVERIFY. ecc94ab Merge bitcoin#627: Guard memcmp in tests against mixed size inputs. 544435f Merge bitcoin#578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e Merge bitcoin#595: Allow to use external default callbacks e49f799 Add missing #(un)defines to base-config.h 77defd2 Add secp256k1_ prefix to default callback functions 908bdce Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e Allow usage of external default callbacks 6095a86 Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e0 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails. 6c36de7 Merge bitcoin#600: scratch space: use single allocation 98836b1 scratch: replace frames with "checkpoint" system 7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0b scratch: unify allocations c2b028a scratch space: thread `error_callback` into all scratch space functions 0be1a4a scratch: add magic bytes to beginning of structure 92a48a7 scratch space: use single allocation 40839e2 Merge bitcoin#592: Use trivial algorithm in ecmult_multi if scratch space is small dcf3920 Fix ability to compile tests without -DVERIFY. a484e00 Merge bitcoin#566: Enable context creation in preallocated memory 0522caa Explain caller's obligations for preallocated memory 238305f Move _preallocated functions to separate header 695feb6 Export _preallocated functions 814cc78 Add tests for contexts in preallocated memory ba12dd0 Check arguments of _preallocated functions 5feadde Support cloning a context into preallocated memory c4fd5da Switch to a single malloc call ef020de Add size constants for preallocated memory 1bf7c05 Prepare for manual memory management in preallocated memory 248bffb Guard memcmp in tests against mixed size inputs. 36698dc Merge bitcoin#596: Make WINDOW_G configurable a61a93f Clean up ./configure help strings 2842dc5 Make WINDOW_G configurable 1a02d6c Merge bitcoin#626: Revert "Merge bitcoin#620: Install headers automatically" 662918c Revert "Merge bitcoin#620: Install headers automatically" 14c7dbd Simplify control flow in DER parsing ec8f20b Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3 Parse DER-enconded length into a size_t instead of an int 912680e Merge bitcoin#561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3a Merge bitcoin#620: Install headers automatically 5df77a0 Merge bitcoin#533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e Merge bitcoin#617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde Merge bitcoin#619: Clear a copied secret key after negation 16e8615 Install headers automatically 069870d Clear a copied secret key after negation 8979ec0 Pass scalar by reference in secp256k1_wnaf_const() 84a8085 Merge bitcoin#612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture 248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7 Use trivial algorithm in ecmult_multi if scratch space is small dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e Keep LDFLAGS if `--coverage` 74e2dbd JNI: fix use sig array 3cb057f Fix possible integer overflow in DER parsing git-subtree-dir: src/secp256k1 git-subtree-split: 819c3a6c1599ae35a0b6d163393d2030a2162a5b

819c3a6c15 f update schnorrsig test to new secp256k1_xonly_pubkey_tweak_test api 56d83fdcad f secp256k1_xonly_pubkey_tweak_test avoids decompressing output pubkey e63c4d6692 f remove remnants of square Y 8439ce1719 f improve nonce_function_bip340 tests 3bb12e3391 f reenable test vectors 29bdda7ef3 f mask key in bip340 nonce function 4650ae812e f add tagged hash for bip340 auxiliary random data 593ceddf23 f add comment about overflowing schnorrsig challenge hashes 23c3b0050e f need to serialize internal pk for tweak in taproot test 4c8cdc6440 f use updated schnorrsig BIP340 challenge tag 32dfe512e4 f update schnorr signing to updated bip 340 nonce tag 92205468c3 f update bip 340 nonce function tag 3bb25272e8 f no need to allow NULL algo16 in the BIP-340 nonce because the nonce function is incompatible with ecdsa anyway fa8d65e6bd f use extended nonce function in schnorrsigs 7c9f51c183 f add pubkey argument to "extended" nonce function and make bip340 instantiation of that 90384c6061 f switch from squareness to evenness in schnorrsig sign ef38b0ca53 f switch from squareness to evenness as tiebreaker in xonly keys aacf9e0433 f disable test vectors for now 04c0cf9a6f f typos c149dbf37b f rename bip-schnorr to BIP-340 and fix links bb252f13cd f rename private to secret key to be compatible with PR 701 8be18c0ac9 f add test that xonly_add zeroes the output on failure fc45a12d6c f do xonly_pubkey_tweak_add in place to be consistent with ec_pubkey_tweak_add cb1be064d6 f is_negated and added test f90656db7a Add taproot test case to schnorrsig module a61d986587 Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification e72ce1b6fb Add initialize_tagged to sha256 which initializes and writes the 64 byte string SHA256(tag)||SHA256(tag) into it. 72ebc184e7 Add chacha20 function cb4a86089d Add tweak functions for xonly_pubkeys that allow to add a tweak to a secret key, xonly_public key and verify a tweak. 2757437fd4 Add xonly_pubkeys which are serialized as 32 byte and whose Y coordinate is a quadratic residue 856a01d Merge bitcoin#714: doc: document the length requirements of output parameter. d72b9e2 Merge bitcoin#682: Remove Java Native Interface 4b48a43 doc: document the length requirements of output parameter. 1b4d256 Merge bitcoin#713: Docstrings dabfea7 field: extend docstring of secp256k1_fe_normalize dc7d8fd scalar: extend docstring of secp256k1_scalar_set_b32 074ab58 Merge bitcoin#704: README: add a section for test coverage acb7f97 README: add a section for test coverage 227a4f2 Merge bitcoin#709: Remove secret-dependant non-constant time operation in ecmult_const. d567b77 Clarify comments about use of rzr on ge functions and abs function. 2241ae6 Remove secret-dependant non-constant time operation in ecmult_const. 642cd06 Remove Java Native Interface f45d897 Merge bitcoin#703: Overhaul README.md 2e759ec Overhaul README.md d644dda Merge bitcoin#689: Remove "except in benchmarks" exception for fp math bde2a32 Convert bench.h to fixed-point math 387d723 Merge bitcoin#679: Add SECURITY.md 0db61d2 Merge bitcoin#685: Fix issue where travis does not show the ./tests seed… a0771d1 Explicitly disable buffering for stderr in tests fb424fb Make travis show the ./tests seed by removing stdout buffering and always cat tests.log after a travis run. 22a6031 Merge bitcoin#690: Add valgrind check to travis 544002c Merge bitcoin#678: Preventing compiler optimizations in benchmarks without a memory fence dd98cc9 travis: Added a valgrind test without endro and enabled recovery+ecdh b4c1382 Add valgrind check to travis 0c774d8 Merge bitcoin#688: Fix ASM setting in travis 5c5f71e Fix ASM setting in travis e2625f8 Merge bitcoin#684: Make no-float policy explicit bae1bea Make no-float policy explicit 78c3836 Add SECURITY.md 362bb25 Modified bench_scalar_split so it won't get optimized out 73a30c6 Added accumulators and checks on benchmarks so they won't get optimized out 770b3dc Merge bitcoin#677: Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var b76142f Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var which was removed in 4704527 137d304 Merge bitcoin#647: Increase robustness against UB in secp256k1_scalar_cadd_bit 0d9540b Merge bitcoin#664: Remove mention of ec_privkey_export because it doesn't exist 59782c6 Remove mention of ec_privkey_export because it doesn't exist 96cd94e Merge bitcoin#337: variable sized precomputed table for signing dcb2e3b variable signing precompute table b4bff99 Merge bitcoin#661: Make ./configure string consistent a467047 Make ./configure string consistent e729cc7 Merge bitcoin#657: Fix a nit in the recovery tests b64a2e2 Fix a nit in the recovery tests e028aa3 Merge bitcoin#650: secp256k1/src/tests.c: Properly handle sscanf return value f1e11d3 Merge bitcoin#654: Fix typo (∞) ef83281 Merge pull request bitcoin#656 from real-or-random/patch-1 556caad Fix typo in docs for _context_set_illegal_callback 0d82732 Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit. This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow. 786dfb4 Merge bitcoin#583: JNI: fix use sig array e95f8ab Merge bitcoin#644: Avoid optimizing out a verify_check 384f556 Merge bitcoin#652: README.md: update instruction to run tests ee56acc Merge bitcoin#651: Fix typo in secp256k1_preallocated.h 7b9b117 Merge bitcoin#640: scalar_impl.h: fix includes d99bec2 Merge bitcoin#655: jni: Use only Guava for hex encoding and decoding 2abcf95 jni: Use only Guava for hex encoding and decoding 271582b Fix typo ce6d438 README.md: update instruction to run tests b1e68cb Fix typo in secp256k1_preallocated.h a11c76c secp256k1/src/tests.c: Properly handle sscanf return value 8fe63e5 Increase robustness against UB. Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour. While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands. 94ae7cb Moved a dereference so the null check will be before the dereferencing 2cb73b1 scalar_impl.h: fix includes fa33017 Merge bitcoin#634: Add a descriptive comment for secp256k1_ecmult_const. ee9e68c Add a descriptive comment for secp256k1_ecmult_const. d0d738d Merge bitcoin#631: typo in comment for secp256k1_ec_pubkey_tweak_mul () 6914c25 typo in comment for secp256k1_ec_pubkey_tweak_mul () e541a90 Merge bitcoin#629: Avoid calling _is_zero when _set_b32 fails. f34b0c3 Merge bitcoin#630: Note intention of timing sidechannel freeness. 8d1563b Note intention of timing sidechannel freeness. 1669bb2 Merge bitcoin#628: Fix ability to compile tests without -DVERIFY. ecc94ab Merge bitcoin#627: Guard memcmp in tests against mixed size inputs. 544435f Merge bitcoin#578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e Merge bitcoin#595: Allow to use external default callbacks e49f799 Add missing #(un)defines to base-config.h 77defd2 Add secp256k1_ prefix to default callback functions 908bdce Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e Allow usage of external default callbacks 6095a86 Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e0 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails. 6c36de7 Merge bitcoin#600: scratch space: use single allocation 98836b1 scratch: replace frames with "checkpoint" system 7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0b scratch: unify allocations c2b028a scratch space: thread `error_callback` into all scratch space functions 0be1a4a scratch: add magic bytes to beginning of structure 92a48a7 scratch space: use single allocation 40839e2 Merge bitcoin#592: Use trivial algorithm in ecmult_multi if scratch space is small dcf3920 Fix ability to compile tests without -DVERIFY. a484e00 Merge bitcoin#566: Enable context creation in preallocated memory 0522caa Explain caller's obligations for preallocated memory 238305f Move _preallocated functions to separate header 695feb6 Export _preallocated functions 814cc78 Add tests for contexts in preallocated memory ba12dd0 Check arguments of _preallocated functions 5feadde Support cloning a context into preallocated memory c4fd5da Switch to a single malloc call ef020de Add size constants for preallocated memory 1bf7c05 Prepare for manual memory management in preallocated memory 248bffb Guard memcmp in tests against mixed size inputs. 36698dc Merge bitcoin#596: Make WINDOW_G configurable a61a93f Clean up ./configure help strings 2842dc5 Make WINDOW_G configurable 1a02d6c Merge bitcoin#626: Revert "Merge bitcoin#620: Install headers automatically" 662918c Revert "Merge bitcoin#620: Install headers automatically" 14c7dbd Simplify control flow in DER parsing ec8f20b Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3 Parse DER-enconded length into a size_t instead of an int 912680e Merge bitcoin#561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3a Merge bitcoin#620: Install headers automatically 5df77a0 Merge bitcoin#533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e Merge bitcoin#617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde Merge bitcoin#619: Clear a copied secret key after negation 16e8615 Install headers automatically 069870d Clear a copied secret key after negation 8979ec0 Pass scalar by reference in secp256k1_wnaf_const() 84a8085 Merge bitcoin#612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture 248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7 Use trivial algorithm in ecmult_multi if scratch space is small dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e Keep LDFLAGS if `--coverage` 74e2dbd JNI: fix use sig array 3cb057f Fix possible integer overflow in DER parsing git-subtree-dir: src/secp256k1 git-subtree-split: 819c3a6c1599ae35a0b6d163393d2030a2162a5b

372c4555ca Add schnorrsig_sign to the valgrind ctime test bf2df44284 f make schnorrsig_sign constant time in edge cases 7178b4430e f add test for overflowing nonce (which is fine) 925e959946 Add taproot test case to schnorrsig module 9971d6ce89 Add schnorrsig module which implements BIP-340 compatible signing, verification and batch verification e85b0bbafc Add BIP-340 nonce function a2a1b2cbb9 Add initialize_tagged to sha256 which initializes and writes the 64 byte string SHA256(tag)||SHA256(tag) into it. 1771840df4 Add chacha20 function f59da5a6f0 Add tweak functions for xonly_pubkeys that allow to add a tweak to a secret key, xonly_public key and verify a tweak. 43aee84671 Add xonly_pubkeys which are serialized as 32 byte and whose Y coordinate is a quadratic residue e9fccd4 Merge bitcoin#708: Constant-time behaviour test using valgrind memtest. 08fb6c4 Run valgrind_ctime_test in travis 3d23022 Constant-time behaviour test using valgrind memtest. 96d8ccb Merge bitcoin#710: Eliminate harmless non-constant time operations on secret data. 0585b8b Merge bitcoin#718: Clarify that a secp256k1_ecdh_hash_function must return 0 or 1 7b50483 Adds a declassify operation to aid constant-time analysis. 34a67c7 Eliminate harmless non-constant time operations on secret data. eb45ef3 Clarify that a secp256k1_ecdh_hash_function must return 0 or 1 856a01d Merge bitcoin#714: doc: document the length requirements of output parameter. d72b9e2 Merge bitcoin#682: Remove Java Native Interface 4b48a43 doc: document the length requirements of output parameter. 1b4d256 Merge bitcoin#713: Docstrings dabfea7 field: extend docstring of secp256k1_fe_normalize dc7d8fd scalar: extend docstring of secp256k1_scalar_set_b32 074ab58 Merge bitcoin#704: README: add a section for test coverage acb7f97 README: add a section for test coverage 227a4f2 Merge bitcoin#709: Remove secret-dependant non-constant time operation in ecmult_const. d567b77 Clarify comments about use of rzr on ge functions and abs function. 2241ae6 Remove secret-dependant non-constant time operation in ecmult_const. 642cd06 Remove Java Native Interface f45d897 Merge bitcoin#703: Overhaul README.md 2e759ec Overhaul README.md d644dda Merge bitcoin#689: Remove "except in benchmarks" exception for fp math bde2a32 Convert bench.h to fixed-point math 387d723 Merge bitcoin#679: Add SECURITY.md 0db61d2 Merge bitcoin#685: Fix issue where travis does not show the ./tests seed… a0771d1 Explicitly disable buffering for stderr in tests fb424fb Make travis show the ./tests seed by removing stdout buffering and always cat tests.log after a travis run. 22a6031 Merge bitcoin#690: Add valgrind check to travis 544002c Merge bitcoin#678: Preventing compiler optimizations in benchmarks without a memory fence dd98cc9 travis: Added a valgrind test without endro and enabled recovery+ecdh b4c1382 Add valgrind check to travis 0c774d8 Merge bitcoin#688: Fix ASM setting in travis 5c5f71e Fix ASM setting in travis e2625f8 Merge bitcoin#684: Make no-float policy explicit bae1bea Make no-float policy explicit 78c3836 Add SECURITY.md 362bb25 Modified bench_scalar_split so it won't get optimized out 73a30c6 Added accumulators and checks on benchmarks so they won't get optimized out 770b3dc Merge bitcoin#677: Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var b76142f Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var which was removed in 4704527 137d304 Merge bitcoin#647: Increase robustness against UB in secp256k1_scalar_cadd_bit 0d9540b Merge bitcoin#664: Remove mention of ec_privkey_export because it doesn't exist 59782c6 Remove mention of ec_privkey_export because it doesn't exist 96cd94e Merge bitcoin#337: variable sized precomputed table for signing dcb2e3b variable signing precompute table b4bff99 Merge bitcoin#661: Make ./configure string consistent a467047 Make ./configure string consistent e729cc7 Merge bitcoin#657: Fix a nit in the recovery tests b64a2e2 Fix a nit in the recovery tests e028aa3 Merge bitcoin#650: secp256k1/src/tests.c: Properly handle sscanf return value f1e11d3 Merge bitcoin#654: Fix typo (∞) ef83281 Merge pull request bitcoin#656 from real-or-random/patch-1 556caad Fix typo in docs for _context_set_illegal_callback 0d82732 Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit. This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow. 786dfb4 Merge bitcoin#583: JNI: fix use sig array e95f8ab Merge bitcoin#644: Avoid optimizing out a verify_check 384f556 Merge bitcoin#652: README.md: update instruction to run tests ee56acc Merge bitcoin#651: Fix typo in secp256k1_preallocated.h 7b9b117 Merge bitcoin#640: scalar_impl.h: fix includes d99bec2 Merge bitcoin#655: jni: Use only Guava for hex encoding and decoding 2abcf95 jni: Use only Guava for hex encoding and decoding 271582b Fix typo ce6d438 README.md: update instruction to run tests b1e68cb Fix typo in secp256k1_preallocated.h a11c76c secp256k1/src/tests.c: Properly handle sscanf return value 8fe63e5 Increase robustness against UB. Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour. While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands. 94ae7cb Moved a dereference so the null check will be before the dereferencing 2cb73b1 scalar_impl.h: fix includes fa33017 Merge bitcoin#634: Add a descriptive comment for secp256k1_ecmult_const. ee9e68c Add a descriptive comment for secp256k1_ecmult_const. d0d738d Merge bitcoin#631: typo in comment for secp256k1_ec_pubkey_tweak_mul () 6914c25 typo in comment for secp256k1_ec_pubkey_tweak_mul () e541a90 Merge bitcoin#629: Avoid calling _is_zero when _set_b32 fails. f34b0c3 Merge bitcoin#630: Note intention of timing sidechannel freeness. 8d1563b Note intention of timing sidechannel freeness. 1669bb2 Merge bitcoin#628: Fix ability to compile tests without -DVERIFY. ecc94ab Merge bitcoin#627: Guard memcmp in tests against mixed size inputs. 544435f Merge bitcoin#578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e Merge bitcoin#595: Allow to use external default callbacks e49f799 Add missing #(un)defines to base-config.h 77defd2 Add secp256k1_ prefix to default callback functions 908bdce Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e Allow usage of external default callbacks 6095a86 Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e0 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails. 6c36de7 Merge bitcoin#600: scratch space: use single allocation 98836b1 scratch: replace frames with "checkpoint" system 7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0b scratch: unify allocations c2b028a scratch space: thread `error_callback` into all scratch space functions 0be1a4a scratch: add magic bytes to beginning of structure 92a48a7 scratch space: use single allocation 40839e2 Merge bitcoin#592: Use trivial algorithm in ecmult_multi if scratch space is small dcf3920 Fix ability to compile tests without -DVERIFY. a484e00 Merge bitcoin#566: Enable context creation in preallocated memory 0522caa Explain caller's obligations for preallocated memory 238305f Move _preallocated functions to separate header 695feb6 Export _preallocated functions 814cc78 Add tests for contexts in preallocated memory ba12dd0 Check arguments of _preallocated functions 5feadde Support cloning a context into preallocated memory c4fd5da Switch to a single malloc call ef020de Add size constants for preallocated memory 1bf7c05 Prepare for manual memory management in preallocated memory 248bffb Guard memcmp in tests against mixed size inputs. 36698dc Merge bitcoin#596: Make WINDOW_G configurable a61a93f Clean up ./configure help strings 2842dc5 Make WINDOW_G configurable 1a02d6c Merge bitcoin#626: Revert "Merge bitcoin#620: Install headers automatically" 662918c Revert "Merge bitcoin#620: Install headers automatically" 14c7dbd Simplify control flow in DER parsing ec8f20b Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3 Parse DER-enconded length into a size_t instead of an int 912680e Merge bitcoin#561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3a Merge bitcoin#620: Install headers automatically 5df77a0 Merge bitcoin#533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e Merge bitcoin#617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde Merge bitcoin#619: Clear a copied secret key after negation 16e8615 Install headers automatically 069870d Clear a copied secret key after negation 8979ec0 Pass scalar by reference in secp256k1_wnaf_const() 84a8085 Merge bitcoin#612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture 248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7 Use trivial algorithm in ecmult_multi if scratch space is small dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e Keep LDFLAGS if `--coverage` 74e2dbd JNI: fix use sig array 3cb057f Fix possible integer overflow in DER parsing git-subtree-dir: src/secp256k1 git-subtree-split: 372c4555cac1d2cba747ea691006876818c6adef

372c4555c Add schnorrsig_sign to the valgrind ctime test bf2df4428 f make schnorrsig_sign constant time in edge cases 7178b4430 f add test for overflowing nonce (which is fine) 925e95994 Add taproot test case to schnorrsig module 9971d6ce8 Add schnorrsig module which implements BIP-340 compatible signing, verification and batch verification e85b0bbaf Add BIP-340 nonce function a2a1b2cbb Add initialize_tagged to sha256 which initializes and writes the 64 byte string SHA256(tag)||SHA256(tag) into it. 1771840df Add chacha20 function f59da5a6f Add tweak functions for xonly_pubkeys that allow to add a tweak to a secret key, xonly_public key and verify a tweak. 43aee8467 Add xonly_pubkeys which are serialized as 32 byte and whose Y coordinate is a quadratic residue e9fccd4 Merge bitcoin#708: Constant-time behaviour test using valgrind memtest. 08fb6c4 Run valgrind_ctime_test in travis 3d23022 Constant-time behaviour test using valgrind memtest. 96d8ccb Merge bitcoin#710: Eliminate harmless non-constant time operations on secret data. 0585b8b Merge bitcoin#718: Clarify that a secp256k1_ecdh_hash_function must return 0 or 1 7b50483 Adds a declassify operation to aid constant-time analysis. 34a67c7 Eliminate harmless non-constant time operations on secret data. eb45ef3 Clarify that a secp256k1_ecdh_hash_function must return 0 or 1 856a01d Merge bitcoin#714: doc: document the length requirements of output parameter. d72b9e2 Merge bitcoin#682: Remove Java Native Interface 4b48a43 doc: document the length requirements of output parameter. 1b4d256 Merge bitcoin#713: Docstrings dabfea7 field: extend docstring of secp256k1_fe_normalize dc7d8fd scalar: extend docstring of secp256k1_scalar_set_b32 074ab58 Merge bitcoin#704: README: add a section for test coverage acb7f97 README: add a section for test coverage 227a4f2 Merge bitcoin#709: Remove secret-dependant non-constant time operation in ecmult_const. d567b77 Clarify comments about use of rzr on ge functions and abs function. 2241ae6 Remove secret-dependant non-constant time operation in ecmult_const. 642cd06 Remove Java Native Interface f45d897 Merge bitcoin#703: Overhaul README.md 2e759ec Overhaul README.md d644dda Merge bitcoin#689: Remove "except in benchmarks" exception for fp math bde2a32 Convert bench.h to fixed-point math 387d723 Merge bitcoin#679: Add SECURITY.md 0db61d2 Merge bitcoin#685: Fix issue where travis does not show the ./tests seed… a0771d1 Explicitly disable buffering for stderr in tests fb424fb Make travis show the ./tests seed by removing stdout buffering and always cat tests.log after a travis run. 22a6031 Merge bitcoin#690: Add valgrind check to travis 544002c Merge bitcoin#678: Preventing compiler optimizations in benchmarks without a memory fence dd98cc9 travis: Added a valgrind test without endro and enabled recovery+ecdh b4c1382 Add valgrind check to travis 0c774d8 Merge bitcoin#688: Fix ASM setting in travis 5c5f71e Fix ASM setting in travis e2625f8 Merge bitcoin#684: Make no-float policy explicit bae1bea Make no-float policy explicit 78c3836 Add SECURITY.md 362bb25 Modified bench_scalar_split so it won't get optimized out 73a30c6 Added accumulators and checks on benchmarks so they won't get optimized out 770b3dc Merge bitcoin#677: Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var b76142f Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var which was removed in 4704527 137d304 Merge bitcoin#647: Increase robustness against UB in secp256k1_scalar_cadd_bit 0d9540b Merge bitcoin#664: Remove mention of ec_privkey_export because it doesn't exist 59782c6 Remove mention of ec_privkey_export because it doesn't exist 96cd94e Merge bitcoin#337: variable sized precomputed table for signing dcb2e3b variable signing precompute table b4bff99 Merge bitcoin#661: Make ./configure string consistent a467047 Make ./configure string consistent e729cc7 Merge bitcoin#657: Fix a nit in the recovery tests b64a2e2 Fix a nit in the recovery tests e028aa3 Merge bitcoin#650: secp256k1/src/tests.c: Properly handle sscanf return value f1e11d3 Merge bitcoin#654: Fix typo (∞) ef83281 Merge pull request bitcoin#656 from real-or-random/patch-1 556caad Fix typo in docs for _context_set_illegal_callback 0d82732 Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit. This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow. 786dfb4 Merge bitcoin#583: JNI: fix use sig array e95f8ab Merge bitcoin#644: Avoid optimizing out a verify_check 384f556 Merge bitcoin#652: README.md: update instruction to run tests ee56acc Merge bitcoin#651: Fix typo in secp256k1_preallocated.h 7b9b117 Merge bitcoin#640: scalar_impl.h: fix includes d99bec2 Merge bitcoin#655: jni: Use only Guava for hex encoding and decoding 2abcf95 jni: Use only Guava for hex encoding and decoding 271582b Fix typo ce6d438 README.md: update instruction to run tests b1e68cb Fix typo in secp256k1_preallocated.h a11c76c secp256k1/src/tests.c: Properly handle sscanf return value 8fe63e5 Increase robustness against UB. Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour. While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands. 94ae7cb Moved a dereference so the null check will be before the dereferencing 2cb73b1 scalar_impl.h: fix includes fa33017 Merge bitcoin#634: Add a descriptive comment for secp256k1_ecmult_const. ee9e68c Add a descriptive comment for secp256k1_ecmult_const. d0d738d Merge bitcoin#631: typo in comment for secp256k1_ec_pubkey_tweak_mul () 6914c25 typo in comment for secp256k1_ec_pubkey_tweak_mul () e541a90 Merge bitcoin#629: Avoid calling _is_zero when _set_b32 fails. f34b0c3 Merge bitcoin#630: Note intention of timing sidechannel freeness. 8d1563b Note intention of timing sidechannel freeness. 1669bb2 Merge bitcoin#628: Fix ability to compile tests without -DVERIFY. ecc94ab Merge bitcoin#627: Guard memcmp in tests against mixed size inputs. 544435f Merge bitcoin#578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e Merge bitcoin#595: Allow to use external default callbacks e49f799 Add missing #(un)defines to base-config.h 77defd2 Add secp256k1_ prefix to default callback functions 908bdce Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e Allow usage of external default callbacks 6095a86 Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e0 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails. 6c36de7 Merge bitcoin#600: scratch space: use single allocation 98836b1 scratch: replace frames with "checkpoint" system 7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0b scratch: unify allocations c2b028a scratch space: thread `error_callback` into all scratch space functions 0be1a4a scratch: add magic bytes to beginning of structure 92a48a7 scratch space: use single allocation 40839e2 Merge bitcoin#592: Use trivial algorithm in ecmult_multi if scratch space is small dcf3920 Fix ability to compile tests without -DVERIFY. a484e00 Merge bitcoin#566: Enable context creation in preallocated memory 0522caa Explain caller's obligations for preallocated memory 238305f Move _preallocated functions to separate header 695feb6 Export _preallocated functions 814cc78 Add tests for contexts in preallocated memory ba12dd0 Check arguments of _preallocated functions 5feadde Support cloning a context into preallocated memory c4fd5da Switch to a single malloc call ef020de Add size constants for preallocated memory 1bf7c05 Prepare for manual memory management in preallocated memory 248bffb Guard memcmp in tests against mixed size inputs. 36698dc Merge bitcoin#596: Make WINDOW_G configurable a61a93f Clean up ./configure help strings 2842dc5 Make WINDOW_G configurable 1a02d6c Merge bitcoin#626: Revert "Merge bitcoin#620: Install headers automatically" 662918c Revert "Merge bitcoin#620: Install headers automatically" 14c7dbd Simplify control flow in DER parsing ec8f20b Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3 Parse DER-enconded length into a size_t instead of an int 912680e Merge bitcoin#561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3a Merge bitcoin#620: Install headers automatically 5df77a0 Merge bitcoin#533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e Merge bitcoin#617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde Merge bitcoin#619: Clear a copied secret key after negation 16e8615 Install headers automatically 069870d Clear a copied secret key after negation 8979ec0 Pass scalar by reference in secp256k1_wnaf_const() 84a8085 Merge bitcoin#612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture 248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7 Use trivial algorithm in ecmult_multi if scratch space is small dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e Keep LDFLAGS if `--coverage` 74e2dbd JNI: fix use sig array 3cb057f Fix possible integer overflow in DER parsing git-subtree-dir: src/secp256k1 git-subtree-split: 372c4555cac1d2cba747ea691006876818c6adef

372c4555ca Add schnorrsig_sign to the valgrind ctime test bf2df44284 f make schnorrsig_sign constant time in edge cases 7178b4430e f add test for overflowing nonce (which is fine) 925e959946 Add taproot test case to schnorrsig module 9971d6ce89 Add schnorrsig module which implements BIP-340 compatible signing, verification and batch verification e85b0bbafc Add BIP-340 nonce function a2a1b2cbb9 Add initialize_tagged to sha256 which initializes and writes the 64 byte string SHA256(tag)||SHA256(tag) into it. 1771840df4 Add chacha20 function f59da5a6f0 Add tweak functions for xonly_pubkeys that allow to add a tweak to a secret key, xonly_public key and verify a tweak. 43aee84671 Add xonly_pubkeys which are serialized as 32 byte and whose Y coordinate is a quadratic residue e9fccd4 Merge bitcoin#708: Constant-time behaviour test using valgrind memtest. 08fb6c4 Run valgrind_ctime_test in travis 3d23022 Constant-time behaviour test using valgrind memtest. 96d8ccb Merge bitcoin#710: Eliminate harmless non-constant time operations on secret data. 0585b8b Merge bitcoin#718: Clarify that a secp256k1_ecdh_hash_function must return 0 or 1 7b50483 Adds a declassify operation to aid constant-time analysis. 34a67c7 Eliminate harmless non-constant time operations on secret data. eb45ef3 Clarify that a secp256k1_ecdh_hash_function must return 0 or 1 856a01d Merge bitcoin#714: doc: document the length requirements of output parameter. d72b9e2 Merge bitcoin#682: Remove Java Native Interface 4b48a43 doc: document the length requirements of output parameter. 1b4d256 Merge bitcoin#713: Docstrings dabfea7 field: extend docstring of secp256k1_fe_normalize dc7d8fd scalar: extend docstring of secp256k1_scalar_set_b32 074ab58 Merge bitcoin#704: README: add a section for test coverage acb7f97 README: add a section for test coverage 227a4f2 Merge bitcoin#709: Remove secret-dependant non-constant time operation in ecmult_const. d567b77 Clarify comments about use of rzr on ge functions and abs function. 2241ae6 Remove secret-dependant non-constant time operation in ecmult_const. 642cd06 Remove Java Native Interface f45d897 Merge bitcoin#703: Overhaul README.md 2e759ec Overhaul README.md d644dda Merge bitcoin#689: Remove "except in benchmarks" exception for fp math bde2a32 Convert bench.h to fixed-point math 387d723 Merge bitcoin#679: Add SECURITY.md 0db61d2 Merge bitcoin#685: Fix issue where travis does not show the ./tests seed… a0771d1 Explicitly disable buffering for stderr in tests fb424fb Make travis show the ./tests seed by removing stdout buffering and always cat tests.log after a travis run. 22a6031 Merge bitcoin#690: Add valgrind check to travis 544002c Merge bitcoin#678: Preventing compiler optimizations in benchmarks without a memory fence dd98cc9 travis: Added a valgrind test without endro and enabled recovery+ecdh b4c1382 Add valgrind check to travis 0c774d8 Merge bitcoin#688: Fix ASM setting in travis 5c5f71e Fix ASM setting in travis e2625f8 Merge bitcoin#684: Make no-float policy explicit bae1bea Make no-float policy explicit 78c3836 Add SECURITY.md 362bb25 Modified bench_scalar_split so it won't get optimized out 73a30c6 Added accumulators and checks on benchmarks so they won't get optimized out 770b3dc Merge bitcoin#677: Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var b76142f Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var which was removed in 4704527 137d304 Merge bitcoin#647: Increase robustness against UB in secp256k1_scalar_cadd_bit 0d9540b Merge bitcoin#664: Remove mention of ec_privkey_export because it doesn't exist 59782c6 Remove mention of ec_privkey_export because it doesn't exist 96cd94e Merge bitcoin#337: variable sized precomputed table for signing dcb2e3b variable signing precompute table b4bff99 Merge bitcoin#661: Make ./configure string consistent a467047 Make ./configure string consistent e729cc7 Merge bitcoin#657: Fix a nit in the recovery tests b64a2e2 Fix a nit in the recovery tests e028aa3 Merge bitcoin#650: secp256k1/src/tests.c: Properly handle sscanf return value f1e11d3 Merge bitcoin#654: Fix typo (∞) ef83281 Merge pull request bitcoin#656 from real-or-random/patch-1 556caad Fix typo in docs for _context_set_illegal_callback 0d82732 Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit. This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow. 786dfb4 Merge bitcoin#583: JNI: fix use sig array e95f8ab Merge bitcoin#644: Avoid optimizing out a verify_check 384f556 Merge bitcoin#652: README.md: update instruction to run tests ee56acc Merge bitcoin#651: Fix typo in secp256k1_preallocated.h 7b9b117 Merge bitcoin#640: scalar_impl.h: fix includes d99bec2 Merge bitcoin#655: jni: Use only Guava for hex encoding and decoding 2abcf95 jni: Use only Guava for hex encoding and decoding 271582b Fix typo ce6d438 README.md: update instruction to run tests b1e68cb Fix typo in secp256k1_preallocated.h a11c76c secp256k1/src/tests.c: Properly handle sscanf return value 8fe63e5 Increase robustness against UB. Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour. While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands. 94ae7cb Moved a dereference so the null check will be before the dereferencing 2cb73b1 scalar_impl.h: fix includes fa33017 Merge bitcoin#634: Add a descriptive comment for secp256k1_ecmult_const. ee9e68c Add a descriptive comment for secp256k1_ecmult_const. d0d738d Merge bitcoin#631: typo in comment for secp256k1_ec_pubkey_tweak_mul () 6914c25 typo in comment for secp256k1_ec_pubkey_tweak_mul () e541a90 Merge bitcoin#629: Avoid calling _is_zero when _set_b32 fails. f34b0c3 Merge bitcoin#630: Note intention of timing sidechannel freeness. 8d1563b Note intention of timing sidechannel freeness. 1669bb2 Merge bitcoin#628: Fix ability to compile tests without -DVERIFY. ecc94ab Merge bitcoin#627: Guard memcmp in tests against mixed size inputs. 544435f Merge bitcoin#578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e Merge bitcoin#595: Allow to use external default callbacks e49f799 Add missing #(un)defines to base-config.h 77defd2 Add secp256k1_ prefix to default callback functions 908bdce Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e Allow usage of external default callbacks 6095a86 Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e0 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails. 6c36de7 Merge bitcoin#600: scratch space: use single allocation 98836b1 scratch: replace frames with "checkpoint" system 7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0b scratch: unify allocations c2b028a scratch space: thread `error_callback` into all scratch space functions 0be1a4a scratch: add magic bytes to beginning of structure 92a48a7 scratch space: use single allocation 40839e2 Merge bitcoin#592: Use trivial algorithm in ecmult_multi if scratch space is small dcf3920 Fix ability to compile tests without -DVERIFY. a484e00 Merge bitcoin#566: Enable context creation in preallocated memory 0522caa Explain caller's obligations for preallocated memory 238305f Move _preallocated functions to separate header 695feb6 Export _preallocated functions 814cc78 Add tests for contexts in preallocated memory ba12dd0 Check arguments of _preallocated functions 5feadde Support cloning a context into preallocated memory c4fd5da Switch to a single malloc call ef020de Add size constants for preallocated memory 1bf7c05 Prepare for manual memory management in preallocated memory 248bffb Guard memcmp in tests against mixed size inputs. 36698dc Merge bitcoin#596: Make WINDOW_G configurable a61a93f Clean up ./configure help strings 2842dc5 Make WINDOW_G configurable 1a02d6c Merge bitcoin#626: Revert "Merge bitcoin#620: Install headers automatically" 662918c Revert "Merge bitcoin#620: Install headers automatically" 14c7dbd Simplify control flow in DER parsing ec8f20b Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3 Parse DER-enconded length into a size_t instead of an int 912680e Merge bitcoin#561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3a Merge bitcoin#620: Install headers automatically 5df77a0 Merge bitcoin#533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e Merge bitcoin#617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde Merge bitcoin#619: Clear a copied secret key after negation 16e8615 Install headers automatically 069870d Clear a copied secret key after negation 8979ec0 Pass scalar by reference in secp256k1_wnaf_const() 84a8085 Merge bitcoin#612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture 248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7 Use trivial algorithm in ecmult_multi if scratch space is small dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e Keep LDFLAGS if `--coverage` 74e2dbd JNI: fix use sig array 3cb057f Fix possible integer overflow in DER parsing git-subtree-dir: src/secp256k1 git-subtree-split: 372c4555cac1d2cba747ea691006876818c6adef

ccb23e329d valgrind_ctime_test: Add schnorrsig_sign 682a113f3a schnorrsig: Add taproot test case a0a01a4915 schnorrsig: Add benchmark for sign and verify fa5b11cbb4 schnorrsig: Add BIP-340 compatible signing and verification bb888e4f63 schnorrsig: Add BIP-340 nonce function 07963e8843 schnorrsig: Init empty experimental module 87d98a4756 Allow initializing tagged sha256 6f4d0d86a9 extrakeys: Add keypair_xonly_tweak_add 37be855167 extrakeys: Add keypair struct with create, pub and pub_xonly 96ed0dd9d3 Separate helper functions for pubkey_create and seckey_tweak_add 7a3acdcef9 extrakeys: Add xonly_pubkey_tweak_add & xonly_pubkey_tweak_add_test 6d6f3e5fdf Separate helper function for ec_pubkey_tweak_add 4b2febf8fc extrakeys: Add xonly_pubkey with serialize, parse and from_pubkey d2d45afc16 extrakeys: Init empty experimental module 8f247275a0 Make the secp256k1_declassify argument constant f39f99b Merge bitcoin#701: Make ec_ arithmetic more consistent and add documentation 39198a0 Merge bitcoin#732: Retry if r is zero during signing 59a8de8 Merge bitcoin#742: Fix typo in ecmult_const_impl.h 4e28465 Fix typo in ecmult_const_impl.h f862b4c Merge bitcoin#740: Make recovery/main_impl.h non-executable ffef45c Make recovery/main_impl.h non-executable 2361b37 Merge bitcoin#735: build: fix OpenSSL EC detection on macOS 3b7d26b build: add SECP_TEST_INCLUDES to bench_verify CPPFLAGS 84b5fc5 build: fix OpenSSL EC detection on macOS 37ed51a Make ecdsa_sig_sign constant-time again after reverting 25e3cfb 93d343b Revert "ecdsa_impl: replace scalar if-checks with VERIFY_CHECKs in ecdsa_sig_sign" 7e3952a Clarify documentation of tweak functions. 89853a0 Make tweak function documentation more consistent. 41fc785 Make ec_privkey functions aliases for ec_seckey_negate, ec_seckey_tweak_add and ec_seckey_mul 22911ee Rename private key to secret key in public API (with the exception of function names) 5a73f14 Mention that value is unspecified for In/Out parameters if the function returns 0 f03df0e Define valid ECDSA keys in the documentation of seckey_verify 5894e1f Return 0 if the given seckey is invalid in privkey_negate, privkey_tweak_add and privkey_tweak_mul 8f814cd Add test for boundary conditions of scalar_set_b32 with respect to overflows 3fec982 Use scalar_set_b32_seckey in ecdsa_sign, pubkey_create and seckey_verify 9ab2cbe Add scalar_set_b32_seckey which does the same as scalar_set_b32 and also returns whether it's a valid secret key 4f27e34 Merge bitcoin#728: Suppress a harmless variable-time optimization by clang in memczero 0199387 Add test for memczero() 52a0351 Suppress a harmless variable-time optimization by clang in memczero 8f78e20 Merge bitcoin#722: Context isn't freed in the ECDH benchmark ed1b911 Merge bitcoin#700: Allow overriding default flags 85b35af Add running benchmarks regularly and under valgrind in travis ca4906b Pass num of iters to benchmarks as variable, and define envvar 02dd5f1 free the ctx at the end of bench_ecdh e9fccd4 Merge bitcoin#708: Constant-time behaviour test using valgrind memtest. 08fb6c4 Run valgrind_ctime_test in travis 3d23022 Constant-time behaviour test using valgrind memtest. 96d8ccb Merge bitcoin#710: Eliminate harmless non-constant time operations on secret data. 0585b8b Merge bitcoin#718: Clarify that a secp256k1_ecdh_hash_function must return 0 or 1 7b50483 Adds a declassify operation to aid constant-time analysis. 34a67c7 Eliminate harmless non-constant time operations on secret data. ca739cb Compile with optimization flag -O2 by default instead of -O3 eb45ef3 Clarify that a secp256k1_ecdh_hash_function must return 0 or 1 856a01d Merge bitcoin#714: doc: document the length requirements of output parameter. d72b9e2 Merge bitcoin#682: Remove Java Native Interface 4b48a43 doc: document the length requirements of output parameter. 1b4d256 Merge bitcoin#713: Docstrings dabfea7 field: extend docstring of secp256k1_fe_normalize dc7d8fd scalar: extend docstring of secp256k1_scalar_set_b32 074ab58 Merge bitcoin#704: README: add a section for test coverage acb7f97 README: add a section for test coverage 227a4f2 Merge bitcoin#709: Remove secret-dependant non-constant time operation in ecmult_const. d567b77 Clarify comments about use of rzr on ge functions and abs function. 2241ae6 Remove secret-dependant non-constant time operation in ecmult_const. 642cd06 Remove Java Native Interface 83fb1bc Remove -O2 from default CFLAGS because this would override the -O3 flag (see AC_PROG_CC in the Autoconf manual) ecba813 Append instead of Prepend user-CFLAGS to default CFLAGS allowing the user to override default variables 613c34c Remove test in configure.ac because it doesn't have an effect f45d897 Merge bitcoin#703: Overhaul README.md 2e759ec Overhaul README.md d644dda Merge bitcoin#689: Remove "except in benchmarks" exception for fp math bde2a32 Convert bench.h to fixed-point math 387d723 Merge bitcoin#679: Add SECURITY.md 0db61d2 Merge bitcoin#685: Fix issue where travis does not show the ./tests seed… a0771d1 Explicitly disable buffering for stderr in tests fb424fb Make travis show the ./tests seed by removing stdout buffering and always cat tests.log after a travis run. 22a6031 Merge bitcoin#690: Add valgrind check to travis 544002c Merge bitcoin#678: Preventing compiler optimizations in benchmarks without a memory fence dd98cc9 travis: Added a valgrind test without endro and enabled recovery+ecdh b4c1382 Add valgrind check to travis 0c774d8 Merge bitcoin#688: Fix ASM setting in travis 5c5f71e Fix ASM setting in travis e2625f8 Merge bitcoin#684: Make no-float policy explicit bae1bea Make no-float policy explicit 78c3836 Add SECURITY.md 362bb25 Modified bench_scalar_split so it won't get optimized out 73a30c6 Added accumulators and checks on benchmarks so they won't get optimized out 770b3dc Merge bitcoin#677: Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var b76142f Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var which was removed in 4704527 137d304 Merge bitcoin#647: Increase robustness against UB in secp256k1_scalar_cadd_bit 0d9540b Merge bitcoin#664: Remove mention of ec_privkey_export because it doesn't exist 59782c6 Remove mention of ec_privkey_export because it doesn't exist 96cd94e Merge bitcoin#337: variable sized precomputed table for signing dcb2e3b variable signing precompute table b4bff99 Merge bitcoin#661: Make ./configure string consistent a467047 Make ./configure string consistent e729cc7 Merge bitcoin#657: Fix a nit in the recovery tests b64a2e2 Fix a nit in the recovery tests e028aa3 Merge bitcoin#650: secp256k1/src/tests.c: Properly handle sscanf return value f1e11d3 Merge bitcoin#654: Fix typo (∞) ef83281 Merge pull request bitcoin#656 from real-or-random/patch-1 556caad Fix typo in docs for _context_set_illegal_callback 0d82732 Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit. This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow. 786dfb4 Merge bitcoin#583: JNI: fix use sig array e95f8ab Merge bitcoin#644: Avoid optimizing out a verify_check 384f556 Merge bitcoin#652: README.md: update instruction to run tests ee56acc Merge bitcoin#651: Fix typo in secp256k1_preallocated.h 7b9b117 Merge bitcoin#640: scalar_impl.h: fix includes d99bec2 Merge bitcoin#655: jni: Use only Guava for hex encoding and decoding 2abcf95 jni: Use only Guava for hex encoding and decoding 271582b Fix typo ce6d438 README.md: update instruction to run tests b1e68cb Fix typo in secp256k1_preallocated.h a11c76c secp256k1/src/tests.c: Properly handle sscanf return value 8fe63e5 Increase robustness against UB. Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour. While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands. 94ae7cb Moved a dereference so the null check will be before the dereferencing 2cb73b1 scalar_impl.h: fix includes fa33017 Merge bitcoin#634: Add a descriptive comment for secp256k1_ecmult_const. ee9e68c Add a descriptive comment for secp256k1_ecmult_const. d0d738d Merge bitcoin#631: typo in comment for secp256k1_ec_pubkey_tweak_mul () 6914c25 typo in comment for secp256k1_ec_pubkey_tweak_mul () e541a90 Merge bitcoin#629: Avoid calling _is_zero when _set_b32 fails. f34b0c3 Merge bitcoin#630: Note intention of timing sidechannel freeness. 8d1563b Note intention of timing sidechannel freeness. 1669bb2 Merge bitcoin#628: Fix ability to compile tests without -DVERIFY. ecc94ab Merge bitcoin#627: Guard memcmp in tests against mixed size inputs. 544435f Merge bitcoin#578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e Merge bitcoin#595: Allow to use external default callbacks e49f799 Add missing #(un)defines to base-config.h 77defd2 Add secp256k1_ prefix to default callback functions 908bdce Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e Allow usage of external default callbacks 6095a86 Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e0 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails. 6c36de7 Merge bitcoin#600: scratch space: use single allocation 98836b1 scratch: replace frames with "checkpoint" system 7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0b scratch: unify allocations c2b028a scratch space: thread `error_callback` into all scratch space functions 0be1a4a scratch: add magic bytes to beginning of structure 92a48a7 scratch space: use single allocation 40839e2 Merge bitcoin#592: Use trivial algorithm in ecmult_multi if scratch space is small dcf3920 Fix ability to compile tests without -DVERIFY. a484e00 Merge bitcoin#566: Enable context creation in preallocated memory 0522caa Explain caller's obligations for preallocated memory 238305f Move _preallocated functions to separate header 695feb6 Export _preallocated functions 814cc78 Add tests for contexts in preallocated memory ba12dd0 Check arguments of _preallocated functions 5feadde Support cloning a context into preallocated memory c4fd5da Switch to a single malloc call ef020de Add size constants for preallocated memory 1bf7c05 Prepare for manual memory management in preallocated memory 248bffb Guard memcmp in tests against mixed size inputs. 36698dc Merge bitcoin#596: Make WINDOW_G configurable a61a93f Clean up ./configure help strings 2842dc5 Make WINDOW_G configurable 1a02d6c Merge bitcoin#626: Revert "Merge bitcoin#620: Install headers automatically" 662918c Revert "Merge bitcoin#620: Install headers automatically" 14c7dbd Simplify control flow in DER parsing ec8f20b Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3 Parse DER-enconded length into a size_t instead of an int 912680e Merge bitcoin#561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3a Merge bitcoin#620: Install headers automatically 5df77a0 Merge bitcoin#533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e Merge bitcoin#617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde Merge bitcoin#619: Clear a copied secret key after negation 16e8615 Install headers automatically 069870d Clear a copied secret key after negation 8979ec0 Pass scalar by reference in secp256k1_wnaf_const() 84a8085 Merge bitcoin#612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture 248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7 Use trivial algorithm in ecmult_multi if scratch space is small dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e Keep LDFLAGS if `--coverage` 74e2dbd JNI: fix use sig array 3cb057f Fix possible integer overflow in DER parsing git-subtree-dir: src/secp256k1 git-subtree-split: ccb23e329d34e6717528c81c3bed76c7a45c547b

2ed54da Merge bitcoin#755: Recovery signing: add to constant time test, and eliminate non ct operators 2860950 Add tests for the cmov implementations 73596a8 Add ecdsa_sign_recoverable to the ctime tests 2876af4 Split ecdsa_sign logic into a new function and use it from ecdsa_sign and recovery 5e1c885 Merge bitcoin#754: Fix uninit values passed into cmov f79a7ad Add valgrind uninit check to cmovs output 05d315a Merge bitcoin#752: autoconf: Use ":" instead of "dnl" as a noop a39c2b0 Fixed UB(arithmetics on uninit values) in cmovs 3a6fd7f Merge bitcoin#750: Add macOS to the CI 5e8747a autoconf: Use ":" instead of "dnl" as a noop 71757da Explictly pass SECP256K1_BENCH_ITERS to the benchmarks in travis.sh 99bd661 Replace travis_wait with a loop printing "\a" to stdout every minute bc818b1 Bump travis Ubuntu from xenial(16.04) to bionic(18.04) 0c5ff90 Add macOS support to travis b6807d9 Move travis script into a standalone sh file f39f99b Merge bitcoin#701: Make ec_ arithmetic more consistent and add documentation 39198a0 Merge bitcoin#732: Retry if r is zero during signing 59a8de8 Merge bitcoin#742: Fix typo in ecmult_const_impl.h 4e28465 Fix typo in ecmult_const_impl.h f862b4c Merge bitcoin#740: Make recovery/main_impl.h non-executable ffef45c Make recovery/main_impl.h non-executable 2361b37 Merge bitcoin#735: build: fix OpenSSL EC detection on macOS 3b7d26b build: add SECP_TEST_INCLUDES to bench_verify CPPFLAGS 84b5fc5 build: fix OpenSSL EC detection on macOS 37ed51a Make ecdsa_sig_sign constant-time again after reverting 25e3cfb 93d343b Revert "ecdsa_impl: replace scalar if-checks with VERIFY_CHECKs in ecdsa_sig_sign" 7e3952a Clarify documentation of tweak functions. 89853a0 Make tweak function documentation more consistent. 41fc785 Make ec_privkey functions aliases for ec_seckey_negate, ec_seckey_tweak_add and ec_seckey_mul 22911ee Rename private key to secret key in public API (with the exception of function names) 5a73f14 Mention that value is unspecified for In/Out parameters if the function returns 0 f03df0e Define valid ECDSA keys in the documentation of seckey_verify 5894e1f Return 0 if the given seckey is invalid in privkey_negate, privkey_tweak_add and privkey_tweak_mul 8f814cd Add test for boundary conditions of scalar_set_b32 with respect to overflows 3fec982 Use scalar_set_b32_seckey in ecdsa_sign, pubkey_create and seckey_verify 9ab2cbe Add scalar_set_b32_seckey which does the same as scalar_set_b32 and also returns whether it's a valid secret key 4f27e34 Merge bitcoin#728: Suppress a harmless variable-time optimization by clang in memczero 0199387 Add test for memczero() 52a0351 Suppress a harmless variable-time optimization by clang in memczero 8f78e20 Merge bitcoin#722: Context isn't freed in the ECDH benchmark ed1b911 Merge bitcoin#700: Allow overriding default flags 85b35af Add running benchmarks regularly and under valgrind in travis ca4906b Pass num of iters to benchmarks as variable, and define envvar 02dd5f1 free the ctx at the end of bench_ecdh e9fccd4 Merge bitcoin#708: Constant-time behaviour test using valgrind memtest. 08fb6c4 Run valgrind_ctime_test in travis 3d23022 Constant-time behaviour test using valgrind memtest. 96d8ccb Merge bitcoin#710: Eliminate harmless non-constant time operations on secret data. 0585b8b Merge bitcoin#718: Clarify that a secp256k1_ecdh_hash_function must return 0 or 1 7b50483 Adds a declassify operation to aid constant-time analysis. 34a67c7 Eliminate harmless non-constant time operations on secret data. ca739cb Compile with optimization flag -O2 by default instead of -O3 eb45ef3 Clarify that a secp256k1_ecdh_hash_function must return 0 or 1 856a01d Merge bitcoin#714: doc: document the length requirements of output parameter. d72b9e2 Merge bitcoin#682: Remove Java Native Interface 4b48a43 doc: document the length requirements of output parameter. 1b4d256 Merge bitcoin#713: Docstrings dabfea7 field: extend docstring of secp256k1_fe_normalize dc7d8fd scalar: extend docstring of secp256k1_scalar_set_b32 074ab58 Merge bitcoin#704: README: add a section for test coverage acb7f97 README: add a section for test coverage 227a4f2 Merge bitcoin#709: Remove secret-dependant non-constant time operation in ecmult_const. d567b77 Clarify comments about use of rzr on ge functions and abs function. 2241ae6 Remove secret-dependant non-constant time operation in ecmult_const. 642cd06 Remove Java Native Interface 83fb1bc Remove -O2 from default CFLAGS because this would override the -O3 flag (see AC_PROG_CC in the Autoconf manual) ecba813 Append instead of Prepend user-CFLAGS to default CFLAGS allowing the user to override default variables 613c34c Remove test in configure.ac because it doesn't have an effect f45d897 Merge bitcoin#703: Overhaul README.md 2e759ec Overhaul README.md d644dda Merge bitcoin#689: Remove "except in benchmarks" exception for fp math bde2a32 Convert bench.h to fixed-point math 387d723 Merge bitcoin#679: Add SECURITY.md 0db61d2 Merge bitcoin#685: Fix issue where travis does not show the ./tests seed… a0771d1 Explicitly disable buffering for stderr in tests fb424fb Make travis show the ./tests seed by removing stdout buffering and always cat tests.log after a travis run. 22a6031 Merge bitcoin#690: Add valgrind check to travis 544002c Merge bitcoin#678: Preventing compiler optimizations in benchmarks without a memory fence dd98cc9 travis: Added a valgrind test without endro and enabled recovery+ecdh b4c1382 Add valgrind check to travis 0c774d8 Merge bitcoin#688: Fix ASM setting in travis 5c5f71e Fix ASM setting in travis e2625f8 Merge bitcoin#684: Make no-float policy explicit bae1bea Make no-float policy explicit 78c3836 Add SECURITY.md 362bb25 Modified bench_scalar_split so it won't get optimized out 73a30c6 Added accumulators and checks on benchmarks so they won't get optimized out 770b3dc Merge bitcoin#677: Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var b76142f Remove note about heap allocation in secp256k1_ecmult_odd_multiples_table_storage_var which was removed in 4704527 137d304 Merge bitcoin#647: Increase robustness against UB in secp256k1_scalar_cadd_bit 0d9540b Merge bitcoin#664: Remove mention of ec_privkey_export because it doesn't exist 59782c6 Remove mention of ec_privkey_export because it doesn't exist 96cd94e Merge bitcoin#337: variable sized precomputed table for signing dcb2e3b variable signing precompute table b4bff99 Merge bitcoin#661: Make ./configure string consistent a467047 Make ./configure string consistent e729cc7 Merge bitcoin#657: Fix a nit in the recovery tests b64a2e2 Fix a nit in the recovery tests e028aa3 Merge bitcoin#650: secp256k1/src/tests.c: Properly handle sscanf return value f1e11d3 Merge bitcoin#654: Fix typo (∞) ef83281 Merge pull request bitcoin#656 from real-or-random/patch-1 556caad Fix typo in docs for _context_set_illegal_callback 0d82732 Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit. This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow. 786dfb4 Merge bitcoin#583: JNI: fix use sig array e95f8ab Merge bitcoin#644: Avoid optimizing out a verify_check 384f556 Merge bitcoin#652: README.md: update instruction to run tests ee56acc Merge bitcoin#651: Fix typo in secp256k1_preallocated.h 7b9b117 Merge bitcoin#640: scalar_impl.h: fix includes d99bec2 Merge bitcoin#655: jni: Use only Guava for hex encoding and decoding 2abcf95 jni: Use only Guava for hex encoding and decoding 271582b Fix typo ce6d438 README.md: update instruction to run tests b1e68cb Fix typo in secp256k1_preallocated.h a11c76c secp256k1/src/tests.c: Properly handle sscanf return value 8fe63e5 Increase robustness against UB. Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour. While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands. 94ae7cb Moved a dereference so the null check will be before the dereferencing 2cb73b1 scalar_impl.h: fix includes fa33017 Merge bitcoin#634: Add a descriptive comment for secp256k1_ecmult_const. ee9e68c Add a descriptive comment for secp256k1_ecmult_const. d0d738d Merge bitcoin#631: typo in comment for secp256k1_ec_pubkey_tweak_mul () 6914c25 typo in comment for secp256k1_ec_pubkey_tweak_mul () e541a90 Merge bitcoin#629: Avoid calling _is_zero when _set_b32 fails. f34b0c3 Merge bitcoin#630: Note intention of timing sidechannel freeness. 8d1563b Note intention of timing sidechannel freeness. 1669bb2 Merge bitcoin#628: Fix ability to compile tests without -DVERIFY. ecc94ab Merge bitcoin#627: Guard memcmp in tests against mixed size inputs. 544435f Merge bitcoin#578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e Merge bitcoin#595: Allow to use external default callbacks e49f799 Add missing #(un)defines to base-config.h 77defd2 Add secp256k1_ prefix to default callback functions 908bdce Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e Allow usage of external default callbacks 6095a86 Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e0 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails. 6c36de7 Merge bitcoin#600: scratch space: use single allocation 98836b1 scratch: replace frames with "checkpoint" system 7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0b scratch: unify allocations c2b028a scratch space: thread `error_callback` into all scratch space functions 0be1a4a scratch: add magic bytes to beginning of structure 92a48a7 scratch space: use single allocation 40839e2 Merge bitcoin#592: Use trivial algorithm in ecmult_multi if scratch space is small dcf3920 Fix ability to compile tests without -DVERIFY. a484e00 Merge bitcoin#566: Enable context creation in preallocated memory 0522caa Explain caller's obligations for preallocated memory 238305f Move _preallocated functions to separate header 695feb6 Export _preallocated functions 814cc78 Add tests for contexts in preallocated memory ba12dd0 Check arguments of _preallocated functions 5feadde Support cloning a context into preallocated memory c4fd5da Switch to a single malloc call ef020de Add size constants for preallocated memory 1bf7c05 Prepare for manual memory management in preallocated memory 248bffb Guard memcmp in tests against mixed size inputs. 36698dc Merge bitcoin#596: Make WINDOW_G configurable a61a93f Clean up ./configure help strings 2842dc5 Make WINDOW_G configurable 1a02d6c Merge bitcoin#626: Revert "Merge bitcoin#620: Install headers automatically" 662918c Revert "Merge bitcoin#620: Install headers automatically" 14c7dbd Simplify control flow in DER parsing ec8f20b Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3 Parse DER-enconded length into a size_t instead of an int 912680e Merge bitcoin#561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3a Merge bitcoin#620: Install headers automatically 5df77a0 Merge bitcoin#533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e Merge bitcoin#617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde Merge bitcoin#619: Clear a copied secret key after negation 16e8615 Install headers automatically 069870d Clear a copied secret key after negation 8979ec0 Pass scalar by reference in secp256k1_wnaf_const() 84a8085 Merge bitcoin#612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture 248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7 Use trivial algorithm in ecmult_multi if scratch space is small dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e Keep LDFLAGS if `--coverage` 74e2dbd JNI: fix use sig array 3cb057f Fix possible integer overflow in DER parsing git-subtree-dir: src/secp256k1 git-subtree-split: 2ed54da

* Updated from PIVX v3.1.1 (bitcoin#49) * Merge bitcoin#524: Add blocksizenotify command 44e4d2e Add blocksizenotify command (Jeremy) Tree-SHA512: 0deb5a883c5d52d0b4e4681fd5ea6c845363ede4299bb59f10a22b23f00aff4e5bb62a7954b752d7d33db5a422ec169f60360868296aa833849cc3e35145250b * Merge bitcoin#528: Readme changes 42fa274 Readme changes (Sieres) Tree-SHA512: d5112531283a9554fd6c01ba75bda532cf8cebffc98ea16e7432663f88a9fe1378ba40eb242e6daf8b1666ba1f276f885bdd7a4a8c3300a04cf855d2150749ec # Conflicts: # README.md * Merge bitcoin#518: [Wallet] Combine fees when possible and fix autocombine insufficient funds eb603b4 [Wallet] Fix autocombine (warrows) 3f9e746 [Wallet] Combine change to output when possible & provide it in autocombine (warrows) 10426c7 [Wallet] Increase fee margin to up to 10% of autocombine send (warrows) Tree-SHA512: e3452b0862b30c5c7f21697d12485e7b009dda3b4225e9685209425cb4a16baf35dd9d591b39ece077c3314f7c344f23b3810e5d0d840a8003c7d7d09f5c7ae4 # Conflicts: # src/wallet.cpp * Merge bitcoin#523: Give high priority to zerocoinspends to make it into the next block. 84a4f91 Give high priority to zerocoinspends to make it into the next block. (presstab) Tree-SHA512: d7bf91433a2059d8acc4b322dc21b98ca97af7e03d47a7225a8fe0ccb1265c625aaab758071d2b950b07b4d11814e1baca384c213c49215d976d7d9f323e3660 * Merge bitcoin#533: [Doc] Update OSX build notes: zmq, libevent, and notes to handle possible glibtoolize error fde9f94 osx build notes: libzmq -> zmq in brew install, add libevent (Tim Uy) Tree-SHA512: eb44a499c3f42da2a296161bc01be49cd63fbd928c513018010a564cd1192e1000beb1987d536f4ab93782cd2930527552108418e973448c80e6c5a59c2a78ef # Conflicts: # doc/build-osx.md * Merge bitcoin#532: [Depends] Update depends package versions. bc4ffd5 [Depends] Update depends package versions. (Fuzzbawls) Tree-SHA512: 814f769d65657e1bd02daca583dd5b63fc3ee9af53afcabeaafa661fe9e584c484ebfef7763a59d41ac81b4ade03a9d85d40b86b25ab873bf578cfe8063acdd6 # Conflicts: # depends/patches/zeromq/0001-fix-build-with-older-mingw64.patch * Merge bitcoin#538: [Qt] Fix warning dialog popup for the Blockchain Explorer 50088b8 [Qt] Fix warning dialog popup for the Blockchain Explorer (Fuzzbawls) Tree-SHA512: 5bef022ea6ebbe36dfd58ccc6e0c0b48a2f1268934f4fb0ec34100e05be38b325d0a832e650104b2e1e2741c9d118e7d9894e99dafeb2bf7b5a43f180e597fff # Conflicts: # src/qt/blockexplorer.cpp * Merge bitcoin#542: [Network] Remove vfReachable and modify IsReachable to only use vfLimited. 38ed737 Remove vfReachable and modify IsReachable to only use vfLimited. (Patrick Strateman) Tree-SHA512: 8aa61f9abd8356522f3ba71b35497aac07e10333a39ff4b98bb635d1246e6b1be6b0ee0b236944fbfaa558af0e6c0cc219e540eacb2232bc05db393e4a72b088 * Merge bitcoin#526: Refactor ConnectBlock() to segregate state tracking items 00cd668 Refactor ConnectBlock() to segregate state tracking items from the 'Just Check' section. (presstab) Tree-SHA512: 457019024cd8e786810611efb776dc16e12ed7cb71c9df79bc52d5cab9fe32d55cefaf1653d11e3d348b8008456c613c1fc5f17f53520de5c157a6cc861e8379 # Conflicts: # src/main.cpp * Rename coin name * Fixed compiling error * Merge bitcoin#535: [core] Minor refacturing + unused variable removed 7633516 [core] Minor refacturing + unused variable removed (Mrs-X) Tree-SHA512: aa43dec1f95b56bfd8ae51ec3ea8e1a23e6011262b39a2492b006802a9da7f52aec99afd3d4e4259067911557a986ba52e18838feb4c7b117345610c3234a16a * Merge bitcoin#543: [RPC] Segfault pivx-cli getinfo while loading block index 336e3d8 [RPC] Segfault pivx-cli getinfo while loading block index (Mrs-X) Tree-SHA512: 30bf65f7f527ba78bdcd0e2fef4da77f15a049f605a0cb3000b565c0e19e8dd274a137d1371435c0793617004591757b6b5e31029ed7a247d46bb6368cfec88b * Merge bitcoin#539: [RPC] Allow watchonly coins to be shown for listunspent c3671b5 Allow rpc listunspent to have options for watchonly transactions (blondfrogs) Tree-SHA512: 5c998c1c5d0da8c4245662e528cbee5f70855fb941baa82524610d6f52810df0a70b6c29677f3f666e33995bf823778a58b2cb3e7b4182a2c644f1b383ba8506 * Merge bitcoin#544: [Trivial] Add debug info for CWallet::ReconsiderZerocoins(). 993fcee Add debug info for CWallet::ReconsiderZerocoins(). (presstab) Tree-SHA512: 494803e04778eec487ae35e12efd2cf3b5acdc094c98913998563d8386d98142b7525d6703a41dabba10e5126041d56c6ddd61e2130ae6f439d23439b7c6ee2c * Merge bitcoin#552: [Trivial] Fix errant LogPrint in UpdateZPIVSupply 2d5aa5b [Trivial] Fix errant LogPrint in UpdateZPIVSupply (Fuzzbawls) Tree-SHA512: b514a5aaa04b573af991c2eec518db0593dedd26e917f6275d308719b83059728d51fb9f50b721011393f4a73412998f88315d0587008a1f0cb940a272df6ceb * Merge bitcoin#551: [Consensus] Require standard transactions for testnet d3c60aa [Consensus] Require standard transactions for testnet (Fuzzbawls) Tree-SHA512: ef0d1ed46623ce15d59f63f0c857fbdda7d9cf52825957f631548908cfe03d79f18b9fc5c7cfb01ff14e90b1a6e2f41e190bc64d7f4561a83b5ab2e287ef75a9 * Merge bitcoin#554: [Docs] Added release notes for autocombine and proxy GUI. 68e1a20 [Docs] Added release notes for autocombine and proxy GUI. (warrows) Tree-SHA512: 59baa3bfe46489c288cc06d4dc9d3fc5486c9d2de5e41574333f1ada5438a9087f754a0c33eabf6bfb92b91ec71ae60464db48b7bed27c00cf7fb683e6e86904 * Merge bitcoin#558: [Core] Remove Gitan-OSX warning for High Sierra builds 390e49b [Core] Remove Gitan-OSX warning for High Sierra builds (Mrs-X) Tree-SHA512: d914f13ff8f8b4d15334ba4aaea21fa43035489bb2c5932c168a6299095b4e85a9f1bd54cc85a287251956a24bfa384b1998ca051ebc4a75510e4568b891c3d8 * Merge bitcoin#447: [Consensus] Fix compilation with OpenSSL 1.1 094fa11 [Compilation] Add additional information to compile with unsupported SSL (warrows) 903c4f1 [Consensus] Allow for compilation with OpenSSL 1.1 (warrows) Tree-SHA512: 9c843279cb889e72bb44b019a7859510f4fe39f3a358f18c4d09a35a9bede1d940a07c2c3781f388fdab42bd0e5acd51160e5e0b07a33050e293214b3e4db0a4 * Merge bitcoin#559: [Bug] Segfault with -enableswifttx=0 / -enableswifttx=false 0bc66f3 [Bug] Segfault with -enableswifttx=0 / -enableswifttx=false (Mrs-X) Tree-SHA512: e71de283ae5708bc7f844ebc7d5cf2a62a2c3928d5164661d66ed0b770eccfa9f84cf69de3d7bdd1dee6160439d916563045dc7d5173e0d70e6c7ec51ac1cbb7 * Merge bitcoin#562: [Wallet/RPC] Add argument to mint zerocoin from specific UTXO a5123c2 [Documentation] Improve help for mintzerocoin rpc command (warrows) 9a0b734 [Wallet/RPC] Add argument to mint zerocoin from specific UTXO (warrows) Tree-SHA512: fb5056eb7d81e06b66ced7ea8e92f053a04c0ad71df0eb84a08180ced2edd4313c5fa15fde7345dd1d8f65b1c93480e141049a570abec9dd7c14ecb6f8cde0e3 # Conflicts: # src/rpcwallet.cpp * Merge bitcoin#568: [Qt] Connect automint icon to the UI automint setting change 28466e2 [Qt] connect automint icon to the UI automint setting change (warrows) Tree-SHA512: 1107b842a0d0a9a7044922a6c997b05fb030dc5e6014217f09e6b769ad685bd5b7bdc32699eb2b6514259d719bdef8bc89b2fe1dd5b59beb0c64185a00783501 * Merge bitcoin#571: [Qt] Update privacy tab info about zeromint on config change c0ffe24 [Qt] Update privacy tab info about zeromint on config change (warrows) Tree-SHA512: 54016bef392a010541d1ab3373a0144100dc0b99f3cfed804b395dc0ab08f60bb93c22b52decdfbbabd6e5e39ffcba1d80bd23a92fb9986c722062de1f47ddd7 * Merge bitcoin#570: [Wallet] Add a check on zPIV spend to avoid a segfault b8185ae [Wallet] Add a check on zPIV spend to avoid a segfault (warrows) Tree-SHA512: 960c0d06a5fc040e290be334224fd224cf78f698cc99e4db7b618f25085091e19b2e02d906114008bb2e6315d343a46960b5f1f817c5975ac46d62fe498a8843 * Merge bitcoin#572: [Qt] Refresh zPIV balance after resetting mints or spends 992763b [Qt] Refresh zPIV balance after resetting mints or spends (warrows) Tree-SHA512: bea53d1632e6410144613f4a83de3ed232dc21c05b5eb091b5f6dcde55f67057190708d3493b54a7b243a60c6701054bdc85239625c41d3d5a32c630192b4b54 * Staking zPiv. # Conflicts: # src/chainparams.cpp # src/kernel.cpp # src/main.cpp # src/main.h # src/miner.cpp # src/qt/forms/zpivcontroldialog.ui # src/qt/transactionrecord.cpp # src/qt/transactiontablemodel.cpp # src/wallet.cpp # src/wallet.h # src/walletdb.cpp * Fixed compiling error * Add libzerocoin::SpendType enum. This allows for more transaction types using zPIV, including using zPIV without actually spending it (for example if needing to show proof of zPIV for voting or for masternode collateral). * Validate that the correct spend type is used for zPIV spend and zPIV stake. * V2 zPIV must have serials that have the 1st byte as 00. Requiring that v2 zPIV use serials that have the first byte as 00 will make zPIV v2 serials unique from v1 serials. This prevents a 'serial troller' from reminting with someone elses v2 serial and simply changing the version flag to v1 when they spend the zerocoin, which would negate any of the additional v2 requirements. It is unlikely that many (if any) serials were minted with the first byte as 00. Note that if there are existing v1 zPIV with 00 prefixed serials, it would make them unspendable since the owner would not have an associated private key. * change to using first nibble as 0xF for v2 serial mark. * Switch to a new accumulator with the correct modulus. # Conflicts: # src/libzerocoin/Commitment.cpp # src/miner.cpp # src/wallet.cpp * Fixed compiling error * Change zpiv stake to use serial hash. # Conflicts: # src/init.cpp # src/qt/transactiontablemodel.cpp # src/wallet.cpp * Fixed compiling error * Add description for -pivstake= and -zpivstake=. * Make RPC export/import zerocoins compatible with v2. * [P2P] Update ActiveProtocol for 70913 protocol version # Conflicts: # src/main.cpp # src/version.h * [Wallet] Add missing variable to 2 AvailableCoins() calls This is mostly depreciated code since the removal of coinjoin style privacy (Obfuscation), but the missing boolean variable in these two calls was causing compiler warnings on newer versions of gcc for always evaluating to true. The use of a static `false` was taken from upstream DASH. * [zPIV] Adjust testnet v2 starting block * Fix coinbase check. Add override specifiers. Proper init for SetDec. * [Budget] Change finalization collateral to 5 PIV * Merge bitcoin#513: [core] Fix masternode broadcast for networks != MAINNET bc8be7c [core] Fix masternode broadcast for networks != MAINNET (update) (Mrs-X) Tree-SHA512: de1a713e166a45d26848d45d656ab36d68dc0d52810e0a66865c635442d4ac75a5602dbf39455b986356f17d3552e697607bb4464657b727ebaef0a8580f5657 # Conflicts: # src/activemasternode.cpp # src/masternode.cpp # src/masternode.h * implemented masternode_broadcast # Conflicts: # src/activemasternode.cpp # src/activemasternode.h # src/masternode.cpp # src/masternode.h # src/masternodeman.cpp # src/masternodeman.h # src/rpcserver.cpp # src/rpcserver.h * Updated fundamental node * broke up the RPC commands in create/decode/relay # Conflicts: # src/masternode.cpp # src/rpcserver.cpp # src/rpcserver.h * Updated fundamental node * restore protocolVersion (lowered for testing purposes) # Conflicts: # src/masternode.cpp * factor out GetStrMessage() - define MIN_PEER_MNANNOUNCE # Conflicts: # src/masternode.cpp # src/masternode.h * Updated fundamental node * use error() instead of LogPrintf() # Conflicts: # src/masternode.cpp * Style Changes - don't print masternode ip in the logs - join fHelp and wrong command clauses - use more descriptive names for pubkeys variables - change "result" to "success" and make it a boolean value - use array for resultsObj in createmasternode all - use lowercase for json objects - add detailed output example to decodemasternodebroadcast help - fix rpcserver.cpp indentation # Conflicts: # src/masternodeman.cpp # src/rpcserver.cpp * Updated fundamental node * [P2P] Add new spork key and handling logic - New spork key added - Sporks signed with the old key are valid until a pre-determined time - No NEW spork changes can be signed with the old key # Conflicts: # src/chainparams.cpp # src/spork.cpp * [Wallet] use GetTime() for nStartupTime `nStartupTime` is initalized before the P2P network initialization takes place, making the use of `GetAdjustedTime()` cause a lock ordering segfault under certain situations. * Clean up lockorder data of destroyed mutexes # Conflicts: # src/sync.h * Clean up apparent locking issues These locks address compiler warnings when compiling with clang's `-Wthread-safety-analysis` * Remove extra typedef This slipped in from some other testing i was doing, shouldn't be included yet. * [Build] Add missing files to src/Makefile.am These were left out, and break Travis/Gigian building due to them not being included in the dist tarball. * Load mint version based on serial parsing. * Fix typo in ban reason output * [RPC] Fix spork command input length Sporks are uint64, but the input variable was being parsed as an int, causing an out-of-range error for larger values. * [Qt] Show correct data for MN reward on a zPIV stake block * [Wallet] Stop removing spent zPIV hashes from map * [QT] Fix zPIV stake transaction record # Conflicts: # src/qt/transactionrecord.cpp * GetOldStrMessage() / GetNewStrMessage(): check against both # Conflicts: # src/masternode.cpp # src/masternode.h * Merge bitcoin#513: [core] Fix masternode broadcast for networks != MAINNET bc8be7c [core] Fix masternode broadcast for networks != MAINNET (update) (Mrs-X) Tree-SHA512: de1a713e166a45d26848d45d656ab36d68dc0d52810e0a66865c635442d4ac75a5602dbf39455b986356f17d3552e697607bb4464657b727ebaef0a8580f5657 # Conflicts: # src/activemasternode.cpp # src/masternode.cpp # src/masternode.h * Sign "old" strMessage before nBlockZerocoinV2 # Conflicts: # src/masternode.cpp * minor style change (replace 'LogPrintf'+'return false' with 'return error') # Conflicts: # src/masternode.cpp * Fix zPIV mint databasing. * [Budget] Finalization fixes # Conflicts: # src/masternode-budget.cpp * Working model for deterministic zPIV. Deterministic zPIV minting. Unit test added to zerocoin_implementation_tests.cpp. This deterministic generation model will likely be changed with further testing. Update mapSerialHashes each time SelectStakeCoins() is called. Better tracking of zPIV mint status updates. - Removed several walletdb ListMintedCoins reads and replaced them with iterating over the serialhashes map. - Disconnect block will now update a mint's status that is part of the disconnected block. - Shorten CTxIn.ToString() print out when it is a zerocoinspend. - Remove several stake logging items that were flagged with any debug type. - Use a larger mintpool of 20 mints which will be more likely to see any blockchain mints that are ours. - Refactor zPIVWallet::SyncWithChain() to not get stuck in an infinite loop. - Remove locking of cs_main on GetUnconfirmedZerocoinBalance() because it now loops over mapSerialHashes and does not grab any chain data. - LOCK cs_wallet in CreateCoinStake() once a stake has been found. - LOCK cs_main when generating accumulator witness. # Conflicts: # src/Makefile.am # src/init.cpp # src/wallet.cpp * Fixed compile error and coin name. * Add zpivTracker. Add mint maturity filtering. Directly add wallet transactions from zpiv found on IBD. Fix ResetZerocoins. Use pubcoin hashes for mintpool instead of CBigNum. CBigNum may be a bit slower to iterate. # Conflicts: # src/Makefile.am # src/init.cpp # src/wallet.h * Fixed compile error * Database mints generated by the mintpool. - Load all generated mints on initialization. Then remove mints from the mintpool that are already known. * Do not database zerocoinmint too early. - A mint should only be recorded when it is added to the blockchain, not when it is simply checked for validity. - Remove a database of zPIV spend that should not be done as well (it is done later in connectblock). * Check for existence of zpivTracker in ListMintedCoins(). * Use unique databasing for dzpiv and do not database private info. -Feed majority of zpiv read/write/update operations through zpivTracker. fix # Conflicts: # src/denomination_functions.cpp # src/main.cpp # src/qt/privacydialog.cpp # src/qt/zVitcontroldialog.cpp # src/wallet.cpp # src/wallet.h # src/walletdb.h # src/zvittracker.cpp * [Qt] Fix zPIV transactions details * [Core] Guard against a segfault in serialization * [GUI] Update GUI depending on SPORK_16 without restart # Conflicts: # src/qt/privacydialog.cpp * Fixed coin name * [Staking] Fix MintableCoins and fMintableCoins This fixes an edge case where `fMintableCoins` evaluates to `false` during initialization, which was causing an infinate loop in the staking thread. Also refactor `MintableCoins()` to allow for cases when PIV balance is 0 but zPIV balance is not (and wallet has eligible zPIV mints) # Conflicts: # src/miner.cpp * [Wallet] Fix GetImmatureZerocoinBalance need to use `GetUnconfirmedZerocoinBalance()` instead of `GetUnconfirmedBalance()` here. * [P2P] Guard CInv::ToString against unknown types * Fix parsing of QT transaction records on fresh import of seed. # Conflicts: # src/qt/transactionrecord.cpp * Fixed compile error * Correct confirmation count on qt transaction records. * Use 1 second GUI update time. * Handle generating witness from mint less than checkpointed value. * Fix segfault on chainparams. * Remove AddToWallet() from miner.cpp. * Remove uneeded lock on createcoinstake(). * Make zPiv wallet consistently use nCount as the last count used and remove comparison against nCountLastGenerated that resulted in adding to the mintpool every time the wallet got opened. # Conflicts: # src/zvitwallet.cpp * Make sure mints are added to zerocoinDB even when it is a zcspend. * Add -reindexzerocoin arg to wipe zerocoindb and reindex blockchain. # Conflicts: # src/init.cpp * Fix mature zPIV balance calculation Overview and Privacy tabs were missing the subtraction of unconfirmed zPIV in their calculation. # Conflicts: # src/qt/overviewpage.cpp * Don't exit early in ReconsiderZerocoins Only exit if **BOTH** listMints and listDMints are empty. * Fix timing inconsistency with mature/unconfirmed zpiv balances This fixes a timing issue where a zPIV mint that had not yet been included in a block was being incorrectly accounted for in the "Mature/Spendable/Available" balance until it was included in a block. Now, the new mint is correctly accounted as "Unconfirmed" right away. * Load only the mintpool for the current seed, prevent the generation of mints already in the mintpool, and prevent the zpivwallet count from being updated when an error occurs during zpiv minting. * Fix MintPool logprint. * Do not try to add all zpiv stakes on init. * Fix QT transaction record when staking zpiv that was not deterministic. - Also add full information about merkle tree to the WalletTx. # Conflicts: # src/qt/transactionrecord.cpp * zpivTracker better check for orphans. Also no redundant adding wtx's. * Remove balance check from CreateCoinStake(). * Use correct params for spend when checking serial in miner. * Fix checking if mint is in chain. * Fixed compile error * [Qt] Properly set involvesWatchAddress in the transaction record This prevents "the eye" from watching you when it shouldn't * [Qt] Fix mn reward showing as zPIV stake # Conflicts: # src/qt/transactionrecord.cpp * [Qt] Fix normal PIV transaction record amount * [Wallet] Fix compilation on windows * Encryption of zpiv seeds seed routed through wallet before db to be encrypted (if IsCrypted()) when crypting, the hash of the vMasterKey is used as nIV # Conflicts: # src/init.cpp # src/qt/multisigdialog.cpp # src/walletdb.cpp # src/walletdb.h # src/zvitwallet.cpp * Fixed compile error * [Qt] Fix another instance of a wayward eye # Conflicts: # src/qt/transactionrecord.cpp * [Budget] Add debug to find 'Couldn't find opReturn' error * [Budget] Fix 'Couldn't find opReturn' error 1 # Conflicts: # src/masternode-budget.cpp * Updated fundamental node * [Budget] Remove obsolete finalized budgets + better debug info * Updated fundamental node * [Budget] Add debug info to CBudgetManager::IsTransactionValid() * Updated fundamental node * [Budget] Add debug info to CFinalizedBudget::IsTransactionValid() * Updated fundamental node * Mark orphan zPIV stake input as not used. Change listMints() to std::set. Add mapPendingSpends to track spends. -Change to set to reduce BigO complexity. -add mapPendingSpends to keep track of spends that were made so that they do not get considered as falsly marked as not used while they are in the mempool. Check mempool for pending spends. # Conflicts: # src/miner.cpp # src/qt/privacydialog.cpp # src/qt/zVitcontroldialog.cpp * Fixed compile error * [RPC] Fix clang error with vMintsToFind * Handle zPIV seed db transition. # Conflicts: # src/walletdb.cpp # src/walletdb.h * Fixed compile error * [Qt] Fix zPIV spend's nCount Actually increment `nCount` in the loop when displaying the transaction details so it doesn't stay at `0`. * Require v1 zPIV to use security level 100. * More description for spend that fails without using zpiv control dialog. # Conflicts: # src/wallet.h * Fixed compile error * Add better help text to all zerocoin related RPC commands Each command now includes the following: - Numbered arguments (if any) - Result example - Sample call execution `listzerocoinamounts` was also changed to return propper JSON # Conflicts: # src/rpcwallet.cpp * Fixed compile error * Make all RPC commands use the same styling format Added some missing help output, used EnsureWalletIsLocked where applicable (more in the next commit), and improved code readability for the help sections for each command. # Conflicts: # src/rpcdump.cpp # src/rpcmisc.cpp # src/rpcwallet.cpp * Teach EnsureWalletIsUnlocked() to accept unlock for anon only Add an optional bool paramater to `EnsureWalletIsUnlocked()` that defaults to `false` (current bahavior). If passed `true`, then only require a partial unlock. * [Staking] Fix Stake Split Threshold for PIV staking This reintroduces the calculation on wither or not the wallet should "split" the PIV stake input. Note: zPIV staking never splits, and it shouldn't. * [tests] Fix zPIV determinism test * Make zpiv unarchiving work with zpivtracker. * [Budget] Fix double-payment issue and replace "zPiv" by "zPIV" strings # Conflicts: # src/init.cpp # src/libzerocoin/Denominations.cpp # src/main.cpp # src/masternode-budget.cpp # src/miner.cpp # src/qt/forms/privacydialog.ui # src/qt/pivxstrings.cpp # src/qt/privacydialog.cpp # src/qt/transactiontablemodel.cpp # src/qt/transactionview.cpp # src/rpcwallet.cpp # src/wallet.cpp * Updated fundamental node * [Budget] Additional log for Budget debugging # Conflicts: # src/masternode-budget.cpp * Updated fundamental node * [Crypto] Bignum getcompact return correct result * [Crypto] Remove BigNum constructor implicitly calling SetHex * [Crypto] Fix %= and /= bignum operators * [Crypto] minor changes on BigNum uses * dzpivstate RPC call. Displays state of deterministic zpiv wallet. * Do not archive zpiv orphans on IDB. - Do not archive zpiv orphans on IDB. This should handle most problems with zpiv being archived when resyncing. - Speed up CzPIVWallet::SyncWithChain() by reducing calls to GetTransaction(). - Speed up CzPIVWallet::SyncWithChain() by adding a LOCK(cs_main). - Do not remove mints from the mint pool from init, let the syncing process do it naturally. * Make sure that mintpool checks all mints. * Readd zPIV tx's during -zapwallettxs # Conflicts: # src/init.cpp * Fix segfault on importzerocoins RPC. * More efficient scanning during zapwallettxes. # Conflicts: # src/init.cpp * Add multithreading to RPC searchdzpiv. * Save searched dzpiv to DB. Less verbosity. * [Budget] Improved double-payment-handling. # Conflicts: # src/masternode-budget.cpp * Updated fundamental node * [Wallet] Fix ListMints when returning only unused mints Needed to move up the logic/checks for filtering out unused mints to get a propper output with `exportzerocoins false`. * custom wallet backup paths # Conflicts: # src/wallet.cpp * Fixed compile error * Fix first run initialization of zwallet with encrypted wallet.dat file When running the client with a `wallet.dat` file that has never initialized it's zwallet or dzPIV, there is an incorrect code pathway that leads to the dzPIV seed hash never being written to the wallet file. Instead, we copy the seed generation code into `crypter.cpp` which will allow for proper dzPIV seed generation upon first unlock. * Use smart pointers to keep better track of memory. - Convert the raw ptr to zpivTracker in CWallet to unique_ptr. - Change the CheckProofOfStake() process to use unique_ptr. * [Fix] fix translation build error # Conflicts: # src/qt/walletmodel.cpp * Do not rely on chainActive with contextual checks. This can lead to situations of rejecting valid blocks that are from a competing fork. * Use unique_ptr for stake input list. * [Wallet] Refactor ListMints to more quickly detect orphan/failed stakes * [Staking] Exit CreateCoinStake loop if wallet locked/shutdown If the wallet gets locked or a shutdown is requested in the middle of the stakeinput loop, there is no sense in continuing. * [Output] Log network message receives as "net" debug category These messages spam the log constantly and should be classified in the "net" debug category instead of uncategorized. * Remove/replace logging that is not necessary. * [Budget] Handling of too few votes for finalized budget fixed * Updated fundamental node * Fix compilation * Add minimum zPIV maturity consideration to GetMintMaturityHeight(). The zPIV should not be considered mature unless it has 1 mint that occured after it AND the mint is at least two checkpoints deep. * Factor out components of ListMints() so that it is more legible. * Simplify and document -custombackupthreshold Also move -backuppath and -zpivbackuppath to more appropriate areas in the help output. # Conflicts: # src/init.cpp * Cleanup log spam & add additional check to archive zpiv stake orphans. My log was showing stake orphans getting stuck with the message "Found orphanded mint txid=.....". This is supposed to ignore it for the existing iteration and then clean it up next time ListMints() is called. This was not happening to stake transactions, so logic is added to archive the mint if it is coinstake. * [Budget] Spread out voting on finalized budget for testnet also. # Conflicts: # src/masternode-budget.cpp * Updated fundamental node * Display -backuppath, -zpivbackuppath, -custombackupthreshold in wallet repair menu also fix segfault when permission denied since trying to create directories before checking permissions * Guard against non-integer input for GUI's custombackupthreshold * [Core] Initialzed seed for rand() (trivial change) * Change spork key validity period. Minor spork code refactor. * Merge bitcoin#583: [Docs] Update release notes for v3.1.0 53fc2dd [Docs] Update release notes for v3.1.0 (Fuzzbawls) Tree-SHA512: 2df4411b3376aea24956f8c3e602bece66c92f6f74488bb5a22005bfaa7fab272a93417a76c520aae26a29dd2714270b73f72f3e7922377410a870ee68669c1b # Conflicts: # doc/release-notes.md * Merge bitcoin#584: [Doc] Update to zPIV staking and Thank you's e46e49b Update to zPIV staking and Thank you's (Sieres) Tree-SHA512: 21a43784106ea774e362c2b7d0ca7c1dfb8cb28460a9d7b56057c8becb68599b263510e6f838c441cef13835b722af49c497707b02c80f874432f8c5e7c2e8a6 # Conflicts: # doc/release-notes.md * PIVX Core v3.1.0 # Conflicts: # configure.ac * [Bug] Fix CMasternodeConfig::read rebase from upstream. Windows doesn't initialize CService properly during startup before the masternode.conf file is read. # Conflicts: # src/masternodeconfig.cpp * Updated fundamental node * Fixed compile error * Bump version to 3.1.0.1 Bugfix for Windows MN Controllers * Merge bitcoin#593: 3.1.0.2 backport 43f6f1b Add unit test for budget value. (presstab) 9ee7d98 Update protocol to 70914. (presstab) ebc4527 [Budget] Fix wrong budget amount (Mrs-X) Tree-SHA512: 6d813ee5e9cc548ffd8b3c816f669a9b79a6b8118de73941fd3fc6d7be46ae2dbfa935d94d1b62c32c1700165ad5a637f87eeaa8cd36927d4d281193b9c84ada # Conflicts: # src/version.h * Bump version to 3.1.0.2 * Bump to 3.1.0.3 one-line change for `listtransactions`, this won't be a full release with gitian builds, but a tag that exchanges/services can use as a fixed-point reference if they need `listtransactions` compatibility. * Merge bitcoin#584: [Doc] Update to zPIV staking and Thank you's e46e49b Update to zPIV staking and Thank you's (Sieres) Tree-SHA512: 21a43784106ea774e362c2b7d0ca7c1dfb8cb28460a9d7b56057c8becb68599b263510e6f838c441cef13835b722af49c497707b02c80f874432f8c5e7c2e8a6 # Conflicts: # doc/release-notes.md * Merge bitcoin#585: [Doc] Change aarch assert sign output folder a810714 [Doc] Change aarch assert sign output folder (Warrows) Tree-SHA512: 1b454a87f526ec8edf96f28952f4dccce444bbedd7512a21188d155ab5e57e494d8306529eccc0a280417895dc0e4b7718a233b883cfcffd84fd89f5c9d4e280 # Conflicts: # doc/release-process.md * Merge bitcoin#595: [Tests] Fix chain ordering in budget tests 3a6b152 [Tests] Fix chain ordering in budget tests (Fuzzbawls) Tree-SHA512: c94c7511d088bffc9568045b48b5fac8f10cceb4561e1d3a58fda3cb64227aee163280e9ad553157b206bd36257f516c34c697e8df4eeea153ffc8a44753a17a * Merge bitcoin#596: [Build] Bump master to 3.1.99 5d73f63 [Build] Bump master to 3.1.99 (Fuzzbawls) Tree-SHA512: 7d421685e1f3b90dfc4f536b679436f0d8bbd82614996aa7e76541ff9ad572e729063fb699d70778ea3f4acb2576713ebd3bbb49966d8e82a79945723419b256 # Conflicts: # configure.ac # contrib/gitian-descriptors/gitian-aarch64.yml # contrib/gitian-descriptors/gitian-linux.yml # contrib/gitian-descriptors/gitian-osx.yml # contrib/gitian-descriptors/gitian-win.yml * Merge bitcoin#597: [Wallet] Write new transactions to wtxOrdered properly b2fdbbf [Wallet] Write new transactions to wtxOrdered properly (Fuzzbawls) Tree-SHA512: b0bd54c9bd7fb44c18d7d4d84213b96b48dc22b35825c0a0f268b3f99086e8beeea7de5aed07cc575ee7dae0ce095e0438eb7e89454bae54551478ea5f81661d * [Refactor] Delete secp256k1 folder for subtreefication # Conflicts: # src/secp256k1/.gitignore # src/secp256k1/.travis.yml # src/secp256k1/COPYING # src/secp256k1/Makefile.am # src/secp256k1/README.md # src/secp256k1/TODO # src/secp256k1/configure.ac # src/secp256k1/include/secp256k1.h # src/secp256k1/libsecp256k1.pc.in # src/secp256k1/obj/.gitignore # src/secp256k1/src/bench_inv.c # src/secp256k1/src/bench_sign.c # src/secp256k1/src/bench_verify.c # src/secp256k1/src/ecdsa.h # src/secp256k1/src/ecdsa_impl.h # src/secp256k1/src/eckey.h # src/secp256k1/src/eckey_impl.h # src/secp256k1/src/ecmult.h # src/secp256k1/src/ecmult_gen.h # src/secp256k1/src/ecmult_gen_impl.h # src/secp256k1/src/ecmult_impl.h # src/secp256k1/src/field.h # src/secp256k1/src/field_10x26.h # src/secp256k1/src/field_10x26_impl.h # src/secp256k1/src/field_5x52.h # src/secp256k1/src/field_5x52_asm.asm # src/secp256k1/src/field_5x52_asm_impl.h # src/secp256k1/src/field_5x52_impl.h # src/secp256k1/src/field_5x52_int128_impl.h # src/secp256k1/src/field_gmp.h # src/secp256k1/src/field_gmp_impl.h # src/secp256k1/src/field_impl.h # src/secp256k1/src/group.h # src/secp256k1/src/group_impl.h # src/secp256k1/src/java/org/bitcoin/NativeSecp256k1.java # src/secp256k1/src/java/org_bitcoin_NativeSecp256k1.c # src/secp256k1/src/java/org_bitcoin_NativeSecp256k1.h # src/secp256k1/src/num.h # src/secp256k1/src/num_gmp.h # src/secp256k1/src/num_gmp_impl.h # src/secp256k1/src/num_impl.h # src/secp256k1/src/scalar.h # src/secp256k1/src/scalar_4x64.h # src/secp256k1/src/scalar_4x64_impl.h # src/secp256k1/src/scalar_8x32.h # src/secp256k1/src/scalar_8x32_impl.h # src/secp256k1/src/scalar_impl.h # src/secp256k1/src/secp256k1.c # src/secp256k1/src/testrand.h # src/secp256k1/src/testrand_impl.h # src/secp256k1/src/tests.c # src/secp256k1/src/util.h * Merge commit '8a901f93d505af3516353837600fd71a0c53a692' as 'src/secp256k1' * [Crypto] Switch from openssl to secp256k1 for consensus [Refactoring] Moved and removed some stuff -Removed duplicated arith uint files -Removed unused variables -Move keystore impls to .cpp instead of .h -Removed useless function in key.cpp [Crypto] fix bip38 compilation for latest libsecp256k1 [Compilation] Change compilation and some code to use libsec instead of sslcrypto [Crypto] Update keys to comply with latest secp256k1 lib # Conflicts: # src/Makefile.am # src/arith_uint256.cpp # src/arith_uint256.h # src/eccryptoverify.cpp # src/eccryptoverify.h # src/ecwrapper.cpp # src/ecwrapper.h # src/key.cpp # src/key.h # src/pubkey.cpp # src/pubkey.h # src/uint512.h * [Tests] Add new auto generated script tests * [Crypto] Bring back function CKey.SetPrivKey for zPIV * Fixed compile error * [Crypto] Add ctx initialisation for bip38 * [Tests] Fix chain ordering in budget tests check testnet params first, then check mainnet so as to not interfere with subsequent unit tests that rely on mainnet params. Also clean up include ordering. Github-Pull: bitcoin#595 Rebased-From: 3a6b152 * Only enable/disable PrivacyDialog zPIV elements if needed. Currently the zPIV buttons are constantly updated to enabled or disabled even if they are already in the correct state. Github-Pull: bitcoin#600 Rebased-From: 2b76f31 # Conflicts: # src/qt/privacydialog.cpp * Fix spending for v1 zPIV created before block 1050020. The transition to v2 zPIV and reset of the accumulators caused blocks 1050000 - 1050010 to be accumulated twice. This was causing many v1 zPIV to not create valid witnesses. This problem is fixed by double accumulating blocks 1050000-1050010 when creating the witness. Github-Pull: bitcoin#603 Rebased-From: abee3d9 * Add getaccumulatorvalues RPC. Return the accumulator values associated with a particular block height. Github-Pull: bitcoin#603 Rebased-From: 8a6d425 * Remove log spam and ensure proper zpiv version is used. Github-Pull: bitcoin#603 Rebased-From: ccf6c77 # Conflicts: # src/wallet.cpp * [GUI] Fix wrongly displayed balance on Overview tab Github-Pull: bitcoin#598 Rebased-From: 6030877 # Conflicts: # src/qt/overviewpage.cpp * Fixed Multisend dialog to show settings properly Multisend will display a message if it has only been enabled for masternodes and if its enabled for both (Displaying this didnt work if multisend was only enabled for masternodes) Github-Pull: bitcoin#580 Rebased-From: 40baa7d # Conflicts: # src/qt/multisenddialog.cpp * Update multisenddialog.cpp Github-Pull: bitcoin#580 Rebased-From: 8dca829 # Conflicts: # src/qt/multisenddialog.cpp * [Build] Remove unnecessary BOOST dependency Github-Pull: bitcoin#605 Rebased-From: da3a6a5 * [Budget] Make sorting of finalized budgets deterministic Github-Pull: bitcoin#608 Rebased-From: 93e637f * Updated fundamental node * Remove zPIV code from main.cpp Github-Pull: bitcoin#609 Rebased-From: 873ef19 # Conflicts: # src/Makefile.am * Renamed zpivchain to zvitchain * Fixed compile error * [Output] Properly log reason(s) for increasing a peer's DoS score. Many of the MN related DoS checks had their log messages output only if the client was running in debug mode, leading to unexplained peer bans. Github-Pull: bitcoin#611 Rebased-From: fe14f5f # Conflicts: # src/masternode-budget.cpp # src/masternodeman.cpp * [Build] Make sure Boost headers are included for libzerocoin Custom boost locations not using pkg_config can result in a header include not being found when compiling the libzerocoin library. This quick fix ensures that the `BOOST_CPPFLAGS` are explicitely included. Github-Pull: bitcoin#622 Rebased-From: 811785c # Conflicts: # src/Makefile.am * Update zPIV stake set more frequently. Github-Pull: bitcoin#617 Rebased-From: 355e2d3 * Lower stake hashdrift to 30 seconds. Lower the hash drift which should reduce the amount of orphans. Github-Pull: bitcoin#617 Rebased-From: 4c862f2 * [UI] Remove useless help button from QT dialogs Github-Pull: bitcoin#629 Rebased-From: 4dc636c # Conflicts: # src/qt/askpassphrasedialog.cpp # src/qt/zVitcontroldialog.cpp * Merge bitcoin#521: [GUI] Make "For anonymization and staking only" checked by default 4e5b73e [GUI] Make "For anonymization and staking only" checked by default (Mrs-X) Tree-SHA512: 53d5aa663269efdb82cb2d8961f2eae4aebc03a6d96d15d990b357385584e365935f012eb9410b81de891a1d1ed75fbfe88937b2e87df12db148b1d6e3c015a5 # Conflicts: # src/qt/askpassphrasedialog.cpp # src/qt/masternodelist.cpp # src/qt/walletview.h * Fixed compile error * [Wallet] Add some LOCK to avoid crash Github-Pull: bitcoin#625 Rebased-From: ed23d0d * [Qt] Show progress percent for zpiv reindex operations `-reindexaccumulators` and `-reindexzerocoin` can take a considerable time to complete depending on system hardware. Lets show a progress percent similar to `VerifyDB()` on the splashscreen. Github-Pull: bitcoin#612 Rebased-From: 48e502a # Conflicts: # src/main.cpp * Guard against division by zero for reindex zerocoin/accumulators in the event that the local chainActive is equal or below that of the relevant zerocoin block heights, there is nothing to do, so bypass the internal process. Github-Pull: bitcoin#612 Rebased-From: bed79e2 # Conflicts: # src/main.cpp * Move ReindexAccumulators() call to be inside parent conditional Not much point in checking if the listAccCheckpointsNoDB list is empty outside of when the wallet is started using `-reindexaccumulators`, as it is always empty outside of that case. Github-Pull: bitcoin#612 Rebased-From: 5127486 # Conflicts: # src/init.cpp * [Travis] Add separate job to check doc/logprint/subtree Break out a new job to do the basic linting that check-dock.py and logprint-scanner.py did. Also add new scripts to check the sanity of any git subtrees and to check that new pull requests don't contain any trailing whitespace. Also, remove the outdated slack notification callback Github-Pull: bitcoin#639 Rebased-From: 6f695b5 # Conflicts: # .travis.yml * [Main] Write to the zerocoinDB in batches instead of using a separate write operation for each and every bit of data that needs to be flushed to disk, utilize leveldb's batch writing capability. Github-Pull: bitcoin#636 Rebased-From: cd672cd * Remove unnecessary whitespaces Github-Pull: bitcoin#646 Rebased-From: a554259 # Conflicts: # src/qt/privacydialog.cpp * [Utils] Add copyright header to logprint-scanner.py Github-Pull: bitcoin#649 Rebased-From: 79d618f * [Doc] Change aarch assert sign output folder Github-Pull: bitcoin#585 Rebased-From: a810714 # Conflicts: # doc/release-process.md * Check whether tx is in chain in ContextualCheckZerocoinMint(). Github-Pull: bitcoin#610 Rebased-From: c4141aa * Merge bitcoin#651: [Doc] Release notes for v3.1.1 6bdef7a [Doc] Release notes for v3.1.1 (Fuzzbawls) Tree-SHA512: 8fb6c3ef52064b5542c5acdd2b93165fd2f1054b9e2ba607fcdfde3c5c4bbd6e6b8f05ac2fff53e97791c23be6366d60af1957e6e76786daecad591d3d4f8f9b # Conflicts: # doc/release-notes.md * Bump version to 3.1.1 # Conflicts: # configure.ac * Fixed coin name * Fixed coin name * Fixed coin name * Fixed coin name * Fixed coin name * Fixed coin name * Fixed wrongly replaced coin names * Update Nomenclature CzPIVWallet to CzVITWallet * More Nomenclature Fixes CzPIVWallet to CzVITTracker * Fixed compile error Co-authored-by: Mrs-X <Mrs-X@users.noreply.github.com> Co-authored-by: Fuzzbawls <fuzzbawls@gmail.com> Co-authored-by: presstab <presstab1337@gmail.com> Co-authored-by: gpdionisio <gianpiero.dionisio@protonmail.ch> Co-authored-by: warrows <warrows@gamer666.fr> Co-authored-by: Anthony Posselli <anthony@paddington.services> Co-authored-by: Warrows <Warrows@users.noreply.github.com> Co-authored-by: rejectedpromise <rejectedpromise@gmail.com> Co-authored-by: SHTDJ <36552562+SHTDJ@users.noreply.github.com> Co-authored-by: Crypto Pliskin <13294167+2a5A1Ghu1@users.noreply.github.com> * Fixed testnet * Update testnet spork key * Fixed travis error that caused by check-doc.py * Removed unused check in travis * Fixed travis error * Disabled some unit tests to pass travis * Disabled some unit tests to pass travis * Fixed missing bracket in rpcwallet.cpp from merge * Incremented version to v4.5.0 * Updated spork and zerocoin chain parameters * Incremented protocol and swapped protocol spork from 18 to 14 * Removed seesaw * Added spork for enabling removal of seesaw reward algorithm * Added spork for enabling removal of seesaw reward algorithm & updated spork parameters * Updated DNS and fixed seeds * Updated DNS and fixed seeds * Updated spork parameters * Adjusted spork parameters * Fixes for OSX builds on newer OS versions * Updated release copyright year * Updated release-nodes.md * Updated macro name in blocksignature.h * Updated MIN_PEER_MNANNOUNCE protocol version * Fixed references to zerocoin spork * Fixed wrong balance displayed in overview * Removed unused function SliceHash * Fixed references to Spork 16 * Fixing compiler warning for rpcfundamentalnode.cpp * Updated macro names * Fixed naming for staking rewards * Fixed references to zVITAE * Fix FN Label There may be some compatability issues with this fix and upstream. * Added checkpoint * Added checkpoint * Updated release-notes.md * Reject blocks that have no previous block * Adding const to exception catching * Set AA_EnableHighDpiScaling attribute early * Updated VITAE copyright string * Fixed wrongly removed code about mapStakeSpent * [Wallet] Increase valid range for automint percentage * [Docs] OSX Build - Instructions on how to make the Homebrew OpenSSL headers visible * [Qt] Remove Growl support Growl hasn't been free nor needed for many years. MacOS versions since 10.8 have the OS notification center, which is still supported after this. * [Qt] Add Tor service icon to status bar Tor Icon is displayed when the client is initialized with a successful tor service connection. Icon is hidden otherwise. * Updated naming for zvitaebackuppath * Updated exception to const in rpcwallet.cpp * Updated spork key dates for testnet * Added checkpoint Co-authored-by: Wang Qi <wqking@users.noreply.github.com> Co-authored-by: Mrs-X <Mrs-X@users.noreply.github.com> Co-authored-by: Fuzzbawls <fuzzbawls@gmail.com> Co-authored-by: presstab <presstab1337@gmail.com> Co-authored-by: gpdionisio <gianpiero.dionisio@protonmail.ch> Co-authored-by: warrows <warrows@gamer666.fr> Co-authored-by: Anthony Posselli <anthony@paddington.services> Co-authored-by: Warrows <Warrows@users.noreply.github.com> Co-authored-by: rejectedpromise <rejectedpromise@gmail.com> Co-authored-by: SHTDJ <36552562+SHTDJ@users.noreply.github.com> Co-authored-by: Crypto Pliskin <13294167+2a5A1Ghu1@users.noreply.github.com> Co-authored-by: wqking <wqking@outlook.com>

Adding a section intro sentence to avoid stacked headings.

Matt Corallo added 2 commits October 26, 2011 12:06

Re-add bitcoin(32&80).xpm

486ee25

Add debian build folder

8248ee5

laanwj closed this Nov 4, 2011

TheBlueMatt mentioned this pull request Nov 5, 2011

Debian build #608

Merged

ptschip pushed a commit to ptschip/bitcoin that referenced this pull request May 22, 2017

Merge pull request bitcoin#600 from gandrewstone/dev3

b4b10c3

small misc stuff: fix size of total transactions, remove unused decl, and create test case for invalidateblock sync issue

rajarshimaitra pushed a commit to rajarshimaitra/bitcoin that referenced this pull request Aug 5, 2021

Merge pull request bitcoin#600 from HannahMR/stacked-headings

9ff862c

Adding a section intro sentence to avoid stacked headings.

bitcoin locked as resolved and limited conversation to collaborators Sep 8, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Debian build #600

Debian build #600

TheBlueMatt commented Oct 30, 2011

graingert commented Oct 30, 2011

laanwj commented Oct 30, 2011

TheBlueMatt commented Oct 30, 2011

gavinandresen commented Nov 1, 2011

laanwj commented Nov 1, 2011

TheBlueMatt commented Nov 1, 2011

Stemby commented Nov 4, 2011

laanwj commented Nov 4, 2011

TheBlueMatt commented Nov 4, 2011

Stemby commented Nov 4, 2011

TheBlueMatt commented Nov 4, 2011

laanwj commented Nov 4, 2011

TheBlueMatt commented Nov 4, 2011

Debian build #600

Debian build #600

Conversation

TheBlueMatt commented Oct 30, 2011

graingert commented Oct 30, 2011

laanwj commented Oct 30, 2011

TheBlueMatt commented Oct 30, 2011

gavinandresen commented Nov 1, 2011

laanwj commented Nov 1, 2011

TheBlueMatt commented Nov 1, 2011

Stemby commented Nov 4, 2011

laanwj commented Nov 4, 2011

TheBlueMatt commented Nov 4, 2011

Stemby commented Nov 4, 2011

TheBlueMatt commented Nov 4, 2011

laanwj commented Nov 4, 2011

TheBlueMatt commented Nov 4, 2011