This change eases the use of alternate build systems by moving
the variables in `src/libsecp256k1-config.h` to compiler macros
for each invocation, preventing duplication of these variables
for each build system.
Co-authored-by: Ali Sherief <ali@notatether.com>
a340d9500a ci: add int128_struct tests (Jonas Nick)
dceaa1f579 int128: Tidy #includes of int128.h and int128_impl.h (Tim Ruffing)
2914bccbc0 Simulated int128 type. (Russell O'Connor)
Pull request description:
Abstracts the int128 type and provides an native version, if available, or a implements it using a pair of int64_t's.
This is activated by setting the configuration flag `--with-test-override-wide-multiply=int128_struct`.
The primary purpose of this PR is to take advantage of MSVC's [umulh](https://docs.microsoft.com/en-us/cpp/intrinsics/umulh?view=msvc-170) intrinsic that we can use to simulate an int128 type which MSVC does not have (AFAIU). This PR lays out the groundwork for this level of MSVC support, but doesn't include the configuration logic to enable it yet.
For completeness, and implementation of `umulh` and `mulh` are also provided for compilers that support neither the intrinsic nor the int128 type (such as CompCert?). This also opens up the possibility of removing the 32-bit field and scalar implementations should that ever be desired.
ACKs for top commit:
sipa:
ACK a340d9500a
jonasnick:
ACK a340d9500a
Tree-SHA512: b4f2853fa3ab60ce9d77b4eaee1fd20c4b612850e19fcb3179d7e36986f420c6c4589ff72f0cf844f989584ace49a1cd23cca3f4e405dabefc8da647a0df679d
After this commit, int128.h and int128_impl.h are included as follows:
- .c files which use int128 include int128_impl.h (after util.h)
- .h files which use int128 include int128.h (after util.h)
This list is exhaustive. util.h needs to included first because it sets
up necessary #defines.
Currently CHECK is used only in test and bench mark files except for one
usage in `ecmult_impl.h`.
We would like to move the definition of CHECK out of `util.h` so that
`util.h` no longer has a hard dependency on `stdio.h`.
Done in preparation for moving the definition of `CHECK` as part of an
effort to allow secp256k1 to be compiled to WASM as part of
`rust-secp256k1`.
17065f48ae tests: Randomize the context with probability 15/16 instead of 1/4 (Tim Ruffing)
Pull request description:
ACKs for top commit:
sipa:
ACK 17065f48ae
jonasnick:
ACK 17065f48ae
Tree-SHA512: 3b7005770007b922a294be610f23da60b0dde74dfd7585d64a2cb04eaa6ec879de8d21a0ade31c1857019a8dd97260fa3aa167ae16fc55027ef280a3e3feaa6d
Whenever I read this code, I first think that rescaling ctx->initial is
a dead store because we overwrite it later with gb. But that's wrong.
The rescaling blinds the computation of gb and affects its result.
Running the RNG is pointless if no seed is available because the key
will be fixed. The computation just wastes time.
Previously, users could avoid this computation at least by asking for
a context without signing capabilities. But since 3b0c218 we always
build an ecmult_gen context, ignoring the context flags. Moreover,
users could never avoid this pointless computation when asking for
the creation of a signing context.
This simplifies building without a build system.
This is in line with #925; the paths fixed here were either forgotten
there or only introduced later. This commit also makes the Makefile
stricter so that further "wrong" #include paths will lead to build
errors even in autotools builds.
This belongs to #929.
Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
49e2acd927 configure: Improve rationale for WERROR_CFLAGS (Tim Ruffing)
8dc4b03341 ci: Add a C++ job that compiles the public headers without -fpermissive (Tim Ruffing)
51f296a46c ci: Run persistent wineserver to speed up wine (Tim Ruffing)
3fb3269c22 ci: Add 32-bit MinGW64 build (Tim Ruffing)
9efc2e5221 ci: Add MSVC builds (Tim Ruffing)
2be6ba0fed configure: Convince autotools to work with MSVC's archiver lib.exe (Tim Ruffing)
bd81f4140a schnorrsig bench: Suppress a stupid warning in MSVC (Tim Ruffing)
09f3d71c51 configure: Add a few CFLAGS for MSVC (Tim Ruffing)
3b4f3d0d46 build: Reject C++ compilers in the preprocessor (Tim Ruffing)
1cc0941414 configure: Don't abort if the compiler does not define __STDC__ (Tim Ruffing)
cca8cbbac8 configure: Output message when checking for valgrind (Tim Ruffing)
1a6be5745f bench: Make benchmarks compile on MSVC (Tim Ruffing)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 49e2acd927
Tree-SHA512: 986c498fb218231fff3519167d34a92e11dea6a4383788a9723be105c20578cd483c6b06ba5686c6669e3a02cfeebc29b8e5f1428552ebf4ec67fa7a86957548
2f984ffc45 Save negations in var-time group addition (Peter Dettman)
Pull request description:
- Updated _gej_add_var, _gej_add_ge_var, _gej_add_zinv_var
- 2 fewer _fe_negate in each method
- Updated operation counts and standardize layout
- Added internal benchmark for _gej_add_zinv_var
benchmark_internal shows about 2% speedup in each method as a result (64bit).
ACKs for top commit:
real-or-random:
ACK 2f984ffc45
jonasnick:
ACK 2f984ffc45
Tree-SHA512: 01366fa23c83a8dd37c9a0a24e0acc53ce38a201607fe4da6672ea5618d82c62d1299f0e0aa50317883821539af739ea52b6561faff230c148e6fdc5bc5af30b
Recent compilers compile the two new functions to very efficient code
on various platforms. In particular, already GCC >= 5 and clang >= 5
understand do this for the read function, which is the one critical
for performance (called 16 times per SHA256 transform).
Fixes#1080.
b8f8b99f0f docs: Fix return value for functions that don't have invalid inputs (Tim Ruffing)
f813bb0df3 schnorrsig: Adapt example to new API (Tim Ruffing)
99e6568fc6 schnorrsig: Rename schnorrsig_sign to schnorsig_sign32 and deprecate (Tim Ruffing)
fc94a2da44 Use SECP256K1_DEPRECATED for existing deprecated API functions (Tim Ruffing)
3db0560606 Add SECP256K1_DEPRECATED attribute for marking API parts as deprecated (Tim Ruffing)
Pull request description:
Should be merged before #995 if we want this.
I suspect the only change here which is debatable on a conceptual level is the renaming. I can drop this of course.
ACKs for top commit:
sipa:
utACK b8f8b99f0f
jonasnick:
ACK b8f8b99f0f
Tree-SHA512: 7c5b9715013002eecbf2e649032673204f6eaffe156f20e3ddf51fab938643847d23068f11b127ef3d7fe759e42a20ecaf2ec98718d901ef9eaadbc9853c1dfe
The vector has been taken from https://www.di-mgt.com.au/sha_testvectors.html.
It can be independently verified using the following Python code.
```
h = hashlib.sha256()
for i in range(1_000_000):
h.update(b'a')
print(h.hexdigest())
```
This avoids that the SHA256 implementation would produce wrong paddings
and thus wrong digests for messages of length >= 2^32 bytes on 32-bit
platforms.
This is not exploitable in any way since the SHA256 API is an internal
API and we never call it with that long messages.
e848c3799c Update sage files for new formulae (Peter Dettman)
d64bb5d4f3 Add fe_half tests for worst-case inputs (Peter Dettman)
4eb8b932ff Further improve doubling formula using fe_half (Peter Dettman)
557b31fac3 Doubling formula using fe_half (Pieter Wuille)
2cbb4b1a42 Run more iterations of run_field_misc (Pieter Wuille)
9cc5c257ed Add test for secp256k1_fe_half (Pieter Wuille)
925f78d55e Add _fe_half and use in _gej_add_ge (Peter Dettman)
Pull request description:
- Trades 1 _half for 3 _mul_int and 2 _normalize_weak
Gives around 2-3% faster signing and ECDH, depending on compiler/platform.
ACKs for top commit:
sipa:
utACK e848c3799c
jonasnick:
ACK e848c3799c
real-or-random:
ACK e848c3799c
Tree-SHA512: 81a6c93b3d983f1b48ec8e8b6f262ba914215045a95415147f41ee6e85296aa4d0cbbad9f370cdf475571447baad861d2cc8e0b04a71202d48959cb8a098f584
