Squashed 'src/secp256k1/' changes from bccaf86..50cc6ab

50cc6ab Merge pull request bitcoin-core#178
941e221 Add tests for handling of the nonce function in signing.
10c81ff Merge pull request bitcoin-core#177
7688e34 Add magnitude limits to secp256k1_fe_verify to ensure that it's own tests function correctly.
4ee4f7a Merge pull request bitcoin-core#176
70ae0d2 Use secp256k1_fe_equal_var in secp256k1_fe_sqrt_var.
7767b4d Merge pull request bitcoin-core#175
9ab9335 Add a reference consistency test to ge_tests.
60571c6 Rework group tests
d26e26f Avoid constructing an invalid signature with probability 1:2^256.
b450c34 Merge pull request bitcoin-core#163
d57cae9 Merge pull request bitcoin-core#154
49ee0db Add _normalizes_to_zero_var variant
eed599d Add _fe_normalizes_to_zero method
d7174ed Weak normalization for secp256k1_fe_equal
0295f0a weak normalization
bbd5ba7 Use rfc6979 as default nonce generation function
b37fbc2 Implement SHA256 / HMAC-SHA256 / RFC6979.
c6e7f4e [API BREAK] Use a nonce-generation function instead of a nonce
cf0c48b Merge pull request bitcoin-core#169
603c33b Make signing fail if a too small buffer is passed.
6d16606 Merge pull request bitcoin-core#168
7277fd7 Remove GMP field implementation
e99c4c4 Merge pull request bitcoin-core#123
13278f6 Add explanation about how inversion can be avoided
ce7eb6f Optimize verification: avoid field inverse
a098f78 Merge pull request bitcoin-core#160
38acd01 Merge pull request bitcoin-core#165
6a59012 Make git ignore bench_recover when configured with benchmark enabled
1ba4a60 Configure options reorganization
3c0f246 Merge pull request bitcoin-core#157
808dd9b Merge pull request bitcoin-core#156
8dc75e9 Merge pull request bitcoin-core#158
28ade27 build: nuke bashisms
5190079 build: use subdir-objects for automake
8336040 build: disable benchmark by default

git-subtree-dir: src/secp256k1
git-subtree-split: 50cc6ab0625efda6dddf1dc86c1e2671f069b0d8

Author: sipa

.gitignore

@@ -1,6 +1,7 @@
 bench_inv
 bench_sign
 bench_verify
+bench_recover
 tests
 *.exe
 *.so

.travis.yml

@@ -4,24 +4,22 @@ compiler:
   - gcc
 install:
   - sudo apt-get install -qq libssl-dev
-  - if [ "$BIGNUM" = "gmp" -o "$BIGNUM" = "auto" -o "$FIELD" = "gmp" ]; then sudo apt-get install --no-install-recommends --no-upgrade -qq libgmp-dev; fi
+  - if [ "$BIGNUM" = "gmp" -o "$BIGNUM" = "auto" ]; then sudo apt-get install --no-install-recommends --no-upgrade -qq libgmp-dev; fi
   - if [ -n "$EXTRAPACKAGES" ]; then sudo apt-get update && sudo apt-get install --no-install-recommends --no-upgrade $EXTRAPACKAGES; fi
 env:
   global:
-    - FIELD=auto  BIGNUM=auto  SCALAR=auto  ENDOMORPHISM=no  BUILD=check  EXTRAFLAGS= HOST= EXTRAPACKAGES=
+    - FIELD=auto  BIGNUM=auto  SCALAR=auto  ENDOMORPHISM=no  ASM=no  BUILD=check  EXTRAFLAGS= HOST= EXTRAPACKAGES=
   matrix:
     - SCALAR=32bit
     - SCALAR=64bit
-    - FIELD=gmp
-    - FIELD=gmp       ENDOMORPHISM=yes
-    - FIELD=64bit_asm
-    - FIELD=64bit_asm ENDOMORPHISM=yes
     - FIELD=64bit
     - FIELD=64bit     ENDOMORPHISM=yes
+    - FIELD=64bit                       ASM=x86_64
+    - FIELD=64bit     ENDOMORPHISM=yes  ASM=x86_64
     - FIELD=32bit
     - FIELD=32bit     ENDOMORPHISM=yes
-    - BIGNUM=none
-    - BIGNUM=none     ENDOMORPHISM=yes
+    - BIGNUM=no
+    - BIGNUM=no       ENDOMORPHISM=yes
     - BUILD=distcheck
     - EXTRAFLAGS=CFLAGS=-DDETERMINISTIC
     - HOST=i686-linux-gnu EXTRAPACKAGES="gcc-multilib"

Makefile.am

@@ -33,8 +33,8 @@ noinst_HEADERS += src/java/org_bitcoin_NativeSecp256k1.h
 noinst_HEADERS += src/util.h
 noinst_HEADERS += src/testrand.h
 noinst_HEADERS += src/testrand_impl.h
-noinst_HEADERS += src/field_gmp.h
-noinst_HEADERS += src/field_gmp_impl.h
+noinst_HEADERS += src/hash.h
+noinst_HEADERS += src/hash_impl.h
 noinst_HEADERS += src/field.h
 noinst_HEADERS += src/field_impl.h
 noinst_HEADERS += src/bench.h

build-aux/m4/bitcoin_secp.m4

@@ -1,12 +1,6 @@
 dnl libsecp25k1 helper checks
 AC_DEFUN([SECP_INT128_CHECK],[
 has_int128=$ac_cv_type___int128
-if test x"$has_int128" != x"yes" && test x"$set_field" = x"64bit"; then
-  AC_MSG_ERROR([$set_field field support explicitly requested but is not compatible with this host])
-fi
-if test x"$has_int128" != x"yes" && test x"$set_scalar" = x"64bit"; then
-  AC_MSG_ERROR([$set_scalar scalar support explicitly requested but is not compatible with this host])
-fi
 ])
 
 dnl 
@@ -18,11 +12,6 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   __asm__ __volatile__("movq $0x100000000,%1; mulq %%rsi" : "+a"(a) : "S"(tmp) : "cc", "%rdx");
   ]])],[has_64bit_asm=yes],[has_64bit_asm=no])
 AC_MSG_RESULT([$has_64bit_asm])
-if test x"$set_field" == x"64bit_asm"; then
-  if test x"$has_64bit_asm" == x"no"; then
-    AC_MSG_ERROR([$set_field field support explicitly requested but no x86_64 assembly available])
-  fi
-fi
 ])
 
 dnl
@@ -43,7 +32,7 @@ else
 )])
   LIBS=
 fi
-if test x"$has_libcrypto" == x"yes" && test x"$has_openssl_ec" = x; then
+if test x"$has_libcrypto" = x"yes" && test x"$has_openssl_ec" = x; then
   AC_MSG_CHECKING(for EC functions in libcrypto)
   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
     #include <openssl/ec.h>
@@ -69,11 +58,4 @@ if test x"$has_gmp" != x"yes"; then
   CPPFLAGS="$CPPFLAGS_TEMP"
   LIBS="$LIBS_TEMP"
 fi
-if test x"$set_field" = x"gmp" && test x"$has_gmp" != x"yes"; then
-    AC_MSG_ERROR([$set_field field support explicitly requested but libgmp was not found])
-fi
-if test x"$set_bignum" = x"gmp" && test x"$has_gmp" != x"yes"; then
-    AC_MSG_ERROR([$set_bignum field support explicitly requested but libgmp was not found])
-fi
 ])
-

configure.ac

@@ -6,7 +6,7 @@ AC_CANONICAL_HOST
 AH_TOP([#ifndef LIBSECP256K1_CONFIG_H])
 AH_TOP([#define LIBSECP256K1_CONFIG_H])
 AH_BOTTOM([#endif //LIBSECP256K1_CONFIG_H])
-AM_INIT_AUTOMAKE([foreign])
+AM_INIT_AUTOMAKE([foreign subdir-objects])
 LT_INIT
 
 dnl make the compilation flags quiet unless V=1 is used
@@ -23,7 +23,7 @@ if test "x$CFLAGS" = "x"; then
 fi
 
 AC_PROG_CC_C99
-if test x"$ac_cv_prog_cc_c99" == x"no"; then
+if test x"$ac_cv_prog_cc_c99" = x"no"; then
   AC_MSG_ERROR([c99 compiler support required])
 fi
 
@@ -82,9 +82,9 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])],
 
 
 AC_ARG_ENABLE(benchmark,
-    AS_HELP_STRING([--enable-benchmark],[compile benchmark (default is yes)]),
+    AS_HELP_STRING([--enable-benchmark],[compile benchmark (default is no)]),
     [use_benchmark=$enableval],
-    [use_benchmark=yes])
+    [use_benchmark=no])
 
 AC_ARG_ENABLE(tests,
     AS_HELP_STRING([--enable-tests],[compile tests (default is yes)]),
@@ -96,15 +96,18 @@ AC_ARG_ENABLE(endomorphism,
     [use_endomorphism=$enableval],
     [use_endomorphism=no])
 
-AC_ARG_WITH([field], [AS_HELP_STRING([--with-field=gmp|64bit|64bit_asm|32bit|auto],
+AC_ARG_WITH([field], [AS_HELP_STRING([--with-field=64bit|32bit|auto],
 [Specify Field Implementation. Default is auto])],[req_field=$withval], [req_field=auto])
 
-AC_ARG_WITH([bignum], [AS_HELP_STRING([--with-bignum=gmp|none|auto],
+AC_ARG_WITH([bignum], [AS_HELP_STRING([--with-bignum=gmp|no|auto],
 [Specify Bignum Implementation. Default is auto])],[req_bignum=$withval], [req_bignum=auto])
 
 AC_ARG_WITH([scalar], [AS_HELP_STRING([--with-scalar=64bit|32bit|auto],
 [Specify scalar implementation. Default is auto])],[req_scalar=$withval], [req_scalar=auto])
 
+AC_ARG_WITH([asm], [AS_HELP_STRING([--with-asm=x86_64|no|auto]
+[Specify assembly optimizations to use. Default is auto])],[req_asm=$withval], [req_asm=auto])
+
 AC_CHECK_TYPES([__int128])
 
 AC_MSG_CHECKING([for __builtin_expect])
@@ -113,40 +116,54 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[void myfunc() {__builtin_expect(0,0);}]])],
     [ AC_MSG_RESULT([no])
     ])
 
-if test x"$req_field" = x"auto"; then
+if test x"$req_asm" = x"auto"; then
   SECP_64BIT_ASM_CHECK
   if test x"$has_64bit_asm" = x"yes"; then
-    set_field=64bit_asm
+    set_asm=x86_64
+  fi
+  if test x"$set_asm" = x; then
+    set_asm=no
   fi
+else
+  set_asm=$req_asm
+  case $set_asm in
+  x86_64)
+    SECP_64BIT_ASM_CHECK
+    if test x"$has_64bit_asm" != x"yes"; then
+      AC_MSG_ERROR([x86_64 assembly optimization requested but not available])
+    fi
+    ;;
+  no)
+    ;;
+  *)
+    AC_MSG_ERROR([invalid assembly optimization selection])
+    ;;
+  esac
+fi
 
+if test x"$req_field" = x"auto"; then
+  if test x"set_asm" = x"x86_64"; then
+    set_field=64bit
+  fi
   if test x"$set_field" = x; then
     SECP_INT128_CHECK
     if test x"$has_int128" = x"yes"; then
       set_field=64bit
     fi
   fi
-
-  if test x"$set_field" = x; then
-    SECP_GMP_CHECK
-    if test x"$has_gmp" = x"yes"; then
-      set_field=gmp
-    fi
-  fi
-
   if test x"$set_field" = x; then
     set_field=32bit
   fi
 else
   set_field=$req_field
   case $set_field in
-  64bit_asm)
-    SECP_64BIT_ASM_CHECK
-    ;;
   64bit)
-    SECP_INT128_CHECK
-    ;;
-  gmp)
-    SECP_GMP_CHECK
+    if test x"$set_asm" != x"x86_64"; then
+      SECP_INT128_CHECK
+      if test x"$has_int128" != x"yes"; then
+        AC_MSG_ERROR([64bit field explicitly requested but neither __int128 support or x86_64 assembly available])
+      fi
+    fi
     ;;
   32bit)
     ;;
@@ -157,11 +174,9 @@ else
 fi
 
 if test x"$req_scalar" = x"auto"; then
-  if test x"$set_scalar" = x; then
-    SECP_INT128_CHECK
-    if test x"$has_int128" = x"yes"; then
-      set_scalar=64bit
-    fi
+  SECP_INT128_CHECK
+  if test x"$has_int128" = x"yes"; then
+    set_scalar=64bit
   fi
   if test x"$set_scalar" = x; then
     set_scalar=32bit
@@ -171,6 +186,9 @@ else
   case $set_scalar in
   64bit)
     SECP_INT128_CHECK
+    if test x"$has_int128" != x"yes"; then
+      AC_MSG_ERROR([64bit scalar explicitly requested but __int128 support not available])
+    fi
     ;;
   32bit)
     ;;
@@ -187,36 +205,42 @@ if test x"$req_bignum" = x"auto"; then
   fi
 
   if test x"$set_bignum" = x; then
-    set_bignum=none
+    set_bignum=no
   fi
 else
   set_bignum=$req_bignum
   case $set_bignum in
   gmp)
     SECP_GMP_CHECK
+    if test x"$has_gmp" != x"yes"; then
+      AC_MSG_ERROR([gmp bignum explicitly requested but libgmp not available])
+    fi
     ;;
-  none)
+  no)
     ;;
   *)
     AC_MSG_ERROR([invalid bignum implementation selection])
     ;;
   esac
 fi
 
+# select assembly optimization
+case $set_asm in
+x86_64)
+  AC_DEFINE(USE_ASM_X86_64, 1, [Define this symbol to enable x86_64 assembly optimizations])
+  ;;
+no)
+  ;;
+*)
+  AC_MSG_ERROR([invalid assembly optimizations])
+  ;;
+esac
+
 # select field implementation
 case $set_field in
-64bit_asm)
-  AC_DEFINE(USE_FIELD_5X52_ASM, 1, [Define this symbol to use the assembly version for the 5x52 field implementation])
-  AC_DEFINE(USE_FIELD_5X52, 1, [Define this symbol to use the FIELD_5X52 implementation])
-  ;;
 64bit)
-  AC_DEFINE(USE_FIELD_5X52_INT128, 1, [Define this symbol to use the __int128 version for the 5x52 field implementation])
   AC_DEFINE(USE_FIELD_5X52, 1, [Define this symbol to use the FIELD_5X52 implementation])
   ;;
-gmp)
-  AC_DEFINE(HAVE_LIBGMP,1,[Define this symbol if libgmp is installed])
-  AC_DEFINE(USE_FIELD_GMP, 1, [Define this symbol to use the FIELD_GMP implementation])
-  ;;
 32bit)
   AC_DEFINE(USE_FIELD_10X26, 1, [Define this symbol to use the FIELD_10X26 implementation])
   ;;
@@ -233,7 +257,7 @@ gmp)
   AC_DEFINE(USE_FIELD_INV_NUM, 1, [Define this symbol to use the num-based field inverse implementation])
   AC_DEFINE(USE_SCALAR_INV_NUM, 1, [Define this symbol to use the num-based scalar inverse implementation])
   ;;
-none)
+no)
   AC_DEFINE(USE_NUM_NONE, 1, [Define this symbol to use no num implementation])
   AC_DEFINE(USE_FIELD_INV_BUILTIN, 1, [Define this symbol to use the native field inverse implementation])
   AC_DEFINE(USE_SCALAR_INV_BUILTIN, 1, [Define this symbol to use the native scalar inverse implementation])
@@ -258,7 +282,7 @@ esac
 
 if test x"$use_tests" = x"yes"; then
   SECP_OPENSSL_CHECK
-  if test x"$has_openssl_ec" == x"yes"; then
+  if test x"$has_openssl_ec" = x"yes"; then
     AC_DEFINE(ENABLE_OPENSSL_TESTS, 1, [Define this symbol if OpenSSL EC functions are available])
     SECP_TEST_INCLUDES="$SSL_CFLAGS $CRYPTO_CFLAGS"
     SECP_TEST_LIBS="$CRYPTO_LIBS"
@@ -272,7 +296,7 @@ if test x"$use_tests" = x"yes"; then
   fi
 fi
 
-if test x"$set_field" = x"gmp" || test x"$set_bignum" = x"gmp"; then
+if test x"$set_bignum" = x"gmp"; then
   SECP_LIBS="$SECP_LIBS $GMP_LIBS"
   SECP_INCLUDES="$SECP_INCLUDES $GMP_CPPFLAGS"
 fi
@@ -281,19 +305,20 @@ if test x"$use_endomorphism" = x"yes"; then
   AC_DEFINE(USE_ENDOMORPHISM, 1, [Define this symbol to use endomorphism optimization])
 fi
 
+AC_MSG_NOTICE([Using assembly optimizations: $set_asm])
 AC_MSG_NOTICE([Using field implementation: $set_field])
 AC_MSG_NOTICE([Using bignum implementation: $set_bignum])
 AC_MSG_NOTICE([Using scalar implementation: $set_scalar])
+AC_MSG_NOTICE([Using endomorphism optimizations: $use_endomorphism])
 
 AC_CONFIG_HEADERS([src/libsecp256k1-config.h])
 AC_CONFIG_FILES([Makefile libsecp256k1.pc])
 AC_SUBST(SECP_INCLUDES)
 AC_SUBST(SECP_LIBS)
 AC_SUBST(SECP_TEST_LIBS)
 AC_SUBST(SECP_TEST_INCLUDES)
-AM_CONDITIONAL([USE_ASM], [test x"$set_field" == x"64bit_asm"])
 AM_CONDITIONAL([USE_TESTS], [test x"$use_tests" != x"no"])
-AM_CONDITIONAL([USE_BENCHMARK], [test x"$use_benchmark" != x"no"])
+AM_CONDITIONAL([USE_BENCHMARK], [test x"$use_benchmark" = x"yes"])
 
 dnl make sure nothing new is exported so that we don't break the cache
 PKGCONFIG_PATH_TEMP="$PKG_CONFIG_PATH"