Update libsecp256k1 #6047

pull sipa wants to merge 3 commits into bitcoin:master from sipa:secp256k1 changing 31 files +1217 −492
  1. sipa commented at 9:40 PM on April 22, 2015: member

    Libsecp256k1 now has explicit context objects, which makes it completely thread-safe. In turn, keep an explicit context object in key.cpp, which is explicitly initialized destroyed. This is not really pretty now, but it's more efficient than the static initialized object in key.cpp (which made for example bitcoin-tx slow, as for most of its calls, libsecp256k1 wasn't actually needed).

    This also brings in the new blinding support in libsecp256k1. By passing in a random seed, temporary variables during the elliptic curve computations are altered, in such a way that if an attacker does not know the blind, observing the internal operations leaks even less information about the keys used. This was implemented by Greg Maxwell.

  2. Squashed 'src/secp256k1/' changes from 1897b8e..22f60a6
    22f60a6 Merge pull request #245
61c1b1e Merge pull request #190
d227579 Add scalar blinding and a secp256k1_context_randomize() call.
c146b4a Add bench_internal to gitignore.
9c4fb23 Add a secp256k1_fe_cmov unit test.
426fa52 Merge pull request #243
d505a89 Merge pull request #244
2d2707a travis: test i686 builds with gmp
cf7f702 travis: update to new build infrastructure
bb0ea50 Replace set/add with cmov in secp256k1_gej_add_ge.
f3d3519 Merge pull request #241
5c2a4fa Fix memory leak in context unit test
14aacdc Merge pull request #239
93226a5 secp256k1.c: Add missing DEBUG_CHECKs for sufficiently capable contexts
6099220 Merge pull request #237
6066bb6 Fix typo: avg -> max
9688030 Merge pull request #236
d899b5b Expose ability to deep-copy a context
3608c7f Merge pull request #208
a9b6595 [API BREAK] Introduce explicit contexts
a0d3b89 Merge pull request #233
9e8d89b Merge pull request #234
65e70e7 Merge pull request #235
5098f62 Improve documentation formatting consistency
4450e24 Add a comment about the avoidance of secret data in array indexes.
6534ee1 initialize variable
d5b53aa Merge pull request #232
c01df1a Avoid some implicit type conversions to make C++ compilers happy.
bfe96ba Merge pull request #231
33270bf Add a couple comments pointing to particular sections of RFC6979.
41603aa Merge pull request #230
2632019 Brace all the if/for/while.

git-subtree-dir: src/secp256k1
git-subtree-split: 22f60a62801a8a49ecd049e7a563f69a41affd8d
    a591d98c32
  3. Update libsecp256k1 4dda253190
  4. sipa force-pushed on Apr 22, 2015
  5. jtimon commented at 10:04 PM on April 23, 2015: contributor

    Random question would it make sense for libsecp256k1 a submodule (http://git-scm.com/book/en/v2/Git-Tools-Submodules) of bitcoin core? I've never used them but it seems to me that this could be a case where they make sense.

  6. sipa commented at 6:51 AM on April 24, 2015: member

    There is a long debate between users of submodules and of subtrees. I'd rather not repeat it here :)

  7. jtimon commented at 7:33 AM on April 24, 2015: contributor

    Oh, I see. But I assume in principle any of those would serve...shirt or t-shirt? Though choice, better go out naked.

  8. sipa commented at 8:28 AM on April 24, 2015: member

    We are using git subtree (for libsecp256k1 and for leveldb). This is a pull request with a merge made by git subtree. There is a script in contrib or devtools that can verify that the subdirectory matches the history of the external repo.

  9. jtimon commented at 8:49 AM on April 24, 2015: contributor

    Oh I see, great. Never mind then, thanks for explaining.

  10. laanwj added the label Improvement on May 4, 2015
  11. Update key.cpp to use new libsecp256k1
    libsecp256k1's API changed, so update key.cpp to use it.

Libsecp256k1 now has explicit context objects, which makes it completely thread-safe.
In turn, keep an explicit context object in key.cpp, which is explicitly initialized
destroyed. This is not really pretty now, but it's more efficient than the static
initialized object in key.cpp (which made for example bitcoin-tx slow, as for most of
its calls, libsecp256k1 wasn't actually needed).

This also brings in the new blinding support in libsecp256k1. By passing in a random
seed, temporary variables during the elliptic curve computations are altered, in such
a way that if an attacker does not know the blind, observing the internal operations
leaks less information about the keys used. This was implemented by Greg Maxwell.
    a56054be65
  12. in src/bitcoin-tx.cpp:None in ad55e879b8 outdated 
     477 | @@ -475,6 +478,8 @@ static void MutateTx(CMutableTransaction& tx, const string& command,
 478 |  
 479 |      else
 480 |          throw runtime_error("unknown command");
 481 | +
 482 | +    ECC_Stop();
    laanwj commented at 12:16 PM on May 4, 2015:

    Let's use a RAII approach here. Otherwise, there will be a leak when control flow leaves the function through an exception.

  13. sipa force-pushed on May 4, 2015
  14. laanwj commented at 12:51 PM on May 4, 2015: member

    utACK

  15. laanwj referenced this in commit a4efffa2d8 on May 4, 2015
  16. laanwj merged this on May 6, 2015
  17. laanwj closed this on May 6, 2015
  18. laanwj referenced this in commit 12f3488253 on May 6, 2015
  19. MarcoFalke locked this on Sep 8, 2021
Contributors
sipajtimonlaanwj
Labels
Refactoring
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-19 09:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me