hash: Use size_t instead of int for RFC6979 outlen copy by john-moffett · Pull Request #1729 · bitcoin-core/secp256k1

john-moffett · 2025-09-01T14:40:50Z

If outlen > INT_MAX it results in segfault or hang (when outlen is a multiple of 2^32) on most implementations due to conversion in: int now = outlen producing negative values or zero. Unreachable in current code and highly improbable in future practice, but fits contract better and fixes a couple of compiler warnings.

If outlen is > INT_MAX, could trigger segfault or hang after copy int now = outlen.

fanquake · 2025-09-01T14:42:25Z

fixes a couple of compiler warnings

Which compiler / warnings?

john-moffett · 2025-09-01T14:53:19Z

Not with default flags. I used clang -Wimplicit-int-conversion -Wshorten-64-to-32. It'd probably show up with gcc -Wconversion. There are a lot of benign warnings, but this one stood out to me.

real-or-random · 2025-09-01T15:28:54Z

src/hash_impl.h

If you want to improve this further, I'd suggest

renaming now to chunk_len (consistency with the SHA256 implementation above)

moving the entire if block just below the initialization of now (or chunk_len). (The goal is to compute max(outlen, 32). Spreading this over two blocks is a bit silly. It's probably a result of the C89 rule that declarations need to be at the beginning of a block. edit: Indeed, see 792bcdb#diff-e91b67aa33d606267c28ce5da48a89cc789f4081c176eb581a9bff780afd1d6cR260-L262 )

Thanks! I'll hold off for the moment. Hopefully it'll inspire someone to replace this nonce generation process with something more lightweight and straightforward like BIP340's approach. :)

real-or-random

utACK 960ba5f

Thanks a lot! Consistency of integer types is indeed a bit of a weak spot, at least in the old parts of the library code.

theStack

Code-review ACK 960ba5f

36e76952c Merge bitcoin-core/secp256k1#1738: check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 4985ac0f8 Merge bitcoin-core/secp256k1#1737: doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 7ebaa134a check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 806de38bf doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 03fb60ad2 Merge bitcoin-core/secp256k1#1681: doc: Recommend clang-cl when building on Windows d93380fb3 Merge bitcoin-core/secp256k1#1731: schnorrsig: Securely clear buf containing k or its negation 8113671f8 Merge bitcoin-core/secp256k1#1729: hash: Use size_t instead of int for RFC6979 outlen copy 325d65a8c Rename and clear var containing k or -k 960ba5f9c Use size_t instead of int for RFC6979 outlen copy 737912430 ci: Add more tests for clang-cl 7379a5bed doc: Recommend clang-cl when building on Windows f36afb8b3 Merge bitcoin-core/secp256k1#1725: tests: refactor tagged hash verification 5153cf1c9 tests: refactor tagged hash tests d2dcf5209 Merge bitcoin-core/secp256k1#1726: docs: fix broken link to Tromer's cache.pdf paper 489a43d1b docs: fix broken link to eprint cache.pdf paper d59971414 Merge bitcoin-core/secp256k1#1722: docs: Exclude modules' `bench_impl.h` headers from coverage report 0458def51 doc: Add `--gcov-ignore-parse-errors=all` option to `gcovr` invocations 1aecce593 doc: Add `--merge-mode-functions=separate` option to `gcovr` invocations 106a7cbf4 doc: Exclude modules' `bench_impl.h` headers from coverage report a9e955d3e autotools, docs: Adjust help string for `--enable-coverage` option e523e4f90 Merge bitcoin-core/secp256k1#1720: chore(ci): Fix typo in Dockerfile comment 24ba8ff16 chore(ci): Fix typo in Dockerfile comment 74b8068c5 Merge bitcoin-core/secp256k1#1717: test: update wycheproof test vectors c25c3c8a8 test: update wycheproof test vectors 20e3b4474 Merge bitcoin-core/secp256k1#1688: cmake: Avoid contaminating parent project's cache with `BUILD_SHARED_LIBS` 2c076d907 Merge bitcoin-core/secp256k1#1711: tests: update Wycheproof 7b07b2295 cmake: Avoid contaminating parent project's cache with BUILD_SHARED_LIBS 5433648ca Fix typos and spellings 9ea54c69b tests: update Wycheproof files b9313c6e1 Merge bitcoin-core/secp256k1#1708: release cleanup: bump version after 0.7.0 a660a4976 Merge bitcoin-core/secp256k1#1707: release: Prepare for 0.7.0 7ab8b0cc0 release cleanup: bump version after 0.7.0 a3e742d94 release: Prepare for 0.7.0 f67b0ac1a ci: Don't hardcode ABI version 020ee6049 Merge bitcoin-core/secp256k1#1706: musig/tests: initialize keypair cde413089 musig/tests: initialize keypair 6037833c9 Merge bitcoin-core/secp256k1#1702: changelog: update 40b4a0652 changelog: update 5e74086dc Merge bitcoin-core/secp256k1#1705: musig/test: Remove dead code 7c3380423 Merge bitcoin-core/secp256k1#1696: build: Refactor visibility logic and add override 8d967a602 musig/test: Remove dead code 983711cd6 musig/tests: Refactor vectors_signverify 73a695958 Merge bitcoin-core/secp256k1#1704: cmake: Make `secp256k1_objs` inherit interface defines from `secp256k1` bf082221f cmake: Make `secp256k1_objs` inherit interface defines from `secp256k1` c82d84bb8 build: add CMake option for disabling symbol visibility attributes ce7923874 build: Add SECP256K1_NO_API_VISIBILITY_ATTRIBUTES e5297f6d7 build: Refactor visibility logic cbbbf3bd6 Merge bitcoin-core/secp256k1#1699: ci: enable musig module for native macOS arm64 job 943479a7a Merge bitcoin-core/secp256k1#1694: Revert "cmake: configure libsecp256k1.pc during install" 3352f9d66 ci: enable musig module for native macOS arm64 job ad60ef7ea Merge bitcoin-core/secp256k1#1689: ci: Convert `arm64` Cirrus tasks to GHA jobs c49877909 Merge bitcoin-core/secp256k1#1687: cmake: support the use of launchers in ctest -S scripts 44b205e9e Revert "cmake: configure libsecp256k1.pc during install" 0dfe387db cmake: support the use of launchers in ctest -S scripts 89096c234 Merge bitcoin-core/secp256k1#1692: cmake: configure libsecp256k1.pc during install 7106dce6f cmake: configure libsecp256k1.pc during install 29e73f4ba Merge bitcoin-core/secp256k1#1685: cmake: Emulate Libtool's behavior on FreeBSD 746e36b14 Merge bitcoin-core/secp256k1#1678: cmake: add a helper for linking into static libs a28c2ffa5 Merge bitcoin-core/secp256k1#1683: README: add link to musig example 2a9d37473 Merge bitcoin-core/secp256k1#1690: ci: Bump GCC snapshot major version to 16 add146e10 ci: Bump GCC snapshot major version to 16 004f57fcd ci: Move Valgrind build for `arm64` from Cirrus to GHA 5fafdfc30 ci: Move `gcc-snapshot` build for `arm64` from Cirrus to GHA e814b79a8 ci: Switch `arm64_debian` from QEMU to native `arm64` Docker image bcf77346b ci: Add `arm64` architecture to `docker_cache` job b77aae922 ci: Rename Docker image tag to reflect architecture 145ae3e28 cmake: add a helper for linking into static libs 819210974 README: add link to musig example, generalize module enabling hint 95db29b14 Merge bitcoin-core/secp256k1#1679: cmake: Use `PUBLIC_HEADER` target property in installation logic 37dd422b5 cmake: Emulate Libtool's behavior on FreeBSD f24b838be Merge bitcoin-core/secp256k1#1680: doc: Promote "Building with CMake" to standard procedure 3f31ac43e doc: Promote "Building with CMake" to standard procedure 6f67151ee cmake: Use `PUBLIC_HEADER` target property c32715b2a cmake, move-only: Move module option processing to `src/CMakeLists.txt` 201b2b8f0 Merge bitcoin-core/secp256k1#1675: cmake: Bump minimum required CMake version to 3.22 3af71987a cmake: Bump minimum required CMake version to 3.22 92394476e Merge bitcoin-core/secp256k1#1673: Assert field magnitude at control-flow join 3a4f448cb Assert field magnitude at control-flow join git-subtree-dir: src/secp256k1 git-subtree-split: 36e76952cbf1cf54ddd2d8756cc31a486e2ba1d9

d543c0d917 Merge bitcoin-core/secp256k1#1734: Introduce (mini) unit test framework f44c1ebd96 Merge bitcoin-core/secp256k1#1719: ci: DRY workflow using anchors a44a339384 Merge bitcoin-core/secp256k1#1750: ci: Use clang-snapshot in "MSan" job 15d014804e ci: Drop default for `inputs.command` in `run-in-docker-action` 1decc49a1f ci: Use YAML anchor and aliases for repeated "CI script" steps dff1bc107d ci, refactor: Generalize use of `matrix.configuration.env_vars` 4b644da199 ci: Use YAML anchor and aliases for repeated "Print logs" steps a889cd93df ci: Bump `actions/checkout` version 574c2f3080 ci: Use YAML anchor and aliases for repeated "Checkout" steps 53585f93b7 ci: Use clang-snapshot in "MSan" job 6894c964f3 Fix Clang 21+ `-Wuninitialized-const-pointer` warning when using MSan 2b7337f63a Merge bitcoin-core/secp256k1#1756: ci: Fix image caching and apply other improvements f163c35897 ci: Set `DEBIAN_FRONTEND=noninteractive` 70ae177ca0 ci: Bump `docker/build-push-action` version b2a95a420f ci: Drop `tags` input for `docker/build-push-action` 122014edb3 ci: Add `scope` parameter to `cache-{to,from}` options 2f4546ce56 test: add --log option to display tests execution 95b9953ea4 test: Add option to display all available tests 953f7b0088 test: support running specific tests/modules targets 0302c1a3d7 test: add --help for command-line options 9ec3bfe22d test: adapt modules to the new test infrastructure 48789dafc2 test: introduce (mini) unit test framework baa265429f Merge bitcoin-core/secp256k1#1727: docs: Clarify that callback can be called more than once 4d90585fea docs: Improve API docs of _context_set_illegal_callback 895f53d1cf docs: Clarify that callback can be called more than once de6af6ae35 Merge bitcoin-core/secp256k1#1748: bench: improve context creation in ECDH benchmark 5817885153 Merge bitcoin-core/secp256k1#1749: build: Fix warnings in x86_64 assembly check ab560078aa build: Fix warnings in x86_64 assembly check 10dab907e7 Merge bitcoin-core/secp256k1#1741: doc: clarify API doc of `secp256k1_ecdsa_recover` return value dfe284ed2d bench: improve context creation in ECDH benchmark 7321bdf27b doc: clarify API doc of `secp256k1_ecdsa_recover` return value b475654302 Merge bitcoin-core/secp256k1#1745: test: introduce group order byte-array constant for deduplication 9cce703863 refactor: move 'gettime_i64()' to tests_common.h 0c91c56041 test: introduce group order byte-array constant for deduplication 88be4e8d86 Merge bitcoin-core/secp256k1#1735: musig: Invalidate secnonce in secp256k1_musig_partial_sign 36e76952cb Merge bitcoin-core/secp256k1#1738: check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 399b582a5f Split memclear into two versions 4985ac0f89 Merge bitcoin-core/secp256k1#1737: doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 7ebaa134a7 check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 806de38bfc doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 03fb60ad2e Merge bitcoin-core/secp256k1#1681: doc: Recommend clang-cl when building on Windows d93380fb35 Merge bitcoin-core/secp256k1#1731: schnorrsig: Securely clear buf containing k or its negation 8113671f80 Merge bitcoin-core/secp256k1#1729: hash: Use size_t instead of int for RFC6979 outlen copy 325d65a8cf Rename and clear var containing k or -k 960ba5f9c6 Use size_t instead of int for RFC6979 outlen copy 737912430d ci: Add more tests for clang-cl 7379a5bed3 doc: Recommend clang-cl when building on Windows f36afb8b3d Merge bitcoin-core/secp256k1#1725: tests: refactor tagged hash verification 5153cf1c91 tests: refactor tagged hash tests d2dcf52091 Merge bitcoin-core/secp256k1#1726: docs: fix broken link to Tromer's cache.pdf paper 489a43d1bf docs: fix broken link to eprint cache.pdf paper d599714147 Merge bitcoin-core/secp256k1#1722: docs: Exclude modules' `bench_impl.h` headers from coverage report 0458def51e doc: Add `--gcov-ignore-parse-errors=all` option to `gcovr` invocations 1aecce5936 doc: Add `--merge-mode-functions=separate` option to `gcovr` invocations 106a7cbf41 doc: Exclude modules' `bench_impl.h` headers from coverage report a9e955d3ea autotools, docs: Adjust help string for `--enable-coverage` option e523e4f90e Merge bitcoin-core/secp256k1#1720: chore(ci): Fix typo in Dockerfile comment 24ba8ff168 chore(ci): Fix typo in Dockerfile comment 74b8068c5d Merge bitcoin-core/secp256k1#1717: test: update wycheproof test vectors c25c3c8a88 test: update wycheproof test vectors 20e3b44746 Merge bitcoin-core/secp256k1#1688: cmake: Avoid contaminating parent project's cache with `BUILD_SHARED_LIBS` 2c076d907a Merge bitcoin-core/secp256k1#1711: tests: update Wycheproof 7b07b22957 cmake: Avoid contaminating parent project's cache with BUILD_SHARED_LIBS 5433648ca0 Fix typos and spellings 9ea54c69b7 tests: update Wycheproof files git-subtree-dir: src/secp256k1 git-subtree-split: d543c0d917a76a201578948701cc30ef336e0fe6

1a53f4961f Merge bitcoin-core/secp256k1#1808: Prepare for 0.7.1 20a209f11c release: prepare for 0.7.1 c4b6a81a60 changelog: update in preparation for the v0.7.1 release ebb35882da Merge bitcoin-core/secp256k1#1796: bench: fail early if user inputs invalid value for SECP256K1_BENCH_ITERS c09215f7af bench: fail early if user inputs invalid value for SECP256K1_BENCH_ITERS 471e3a130d Merge bitcoin-core/secp256k1#1800: sage: verify Eisenstein integer connection for GLV constants 29ac4d8491 sage: verify Eisenstein integer connection for GLV constants 4721e077b4 Merge bitcoin-core/secp256k1#1793: doc/bench: added help text for SECP256K1_BENCH_ITERS env var for bench_ecmult bd5ced1fe1 doc/bench: added help text for SECP256K1_BENCH_ITERS env var for bench_ecmult 2d9137ce9d Merge bitcoin-core/secp256k1#1764: group: Avoid using infinity field directly in other modules f9a944ff2d Merge bitcoin-core/secp256k1#1790: doc: include arg -DSECP256K1_USE_EXTERNAL_DEFAULT_CALLBACKS=ON for cmake 0406cfc4d1 doc: include arg -DUSE_EXTERNAL_DEFAULT_CALLBACKS=1 for cmake 8d445730ec Merge bitcoin-core/secp256k1#1783: Add VERIFY_CHECKs and documentation that flags must be 0 or 1 aa2a39c1a7 Merge bitcoin-core/secp256k1#1778: doc/bench: Added cmake build options to bench error messages 540fec8ae9 Merge bitcoin-core/secp256k1#1788: test: split monolithic ellswift test into independent cases d822b29021 test: split monolithic ellswift test into independent cases ae00c552df Add VERIFY_CHECKs that flags are 0 or 1 5c75183344 Merge bitcoin-core/secp256k1#1784: refactor: remove ret from secp256k1_ec_pubkey_serialize be5e4f02fd Merge bitcoin-core/secp256k1#1779: Add ARG_CHECKs to ensure "array of pointers" elements are non-NULL 3daab83a60 refactor: remove ret from secp256k1_ec_pubkey_serialize 8bcda186d2 test: Add non-NULL checks for "pointer of array" API functions 5a08c1bcdc Add ARG_CHECKs to ensure "array of pointers" elements are non-NULL 3b5b03f301 doc/bench: Added cmake build options to bench error messages e7f7083b53 Merge bitcoin-core/secp256k1#1774: refactor: split up internal pubkey serialization function into compressed/uncompressed variants b6c2a3cd77 Merge bitcoin-core/secp256k1#1761: ecmult_multi: reduce strauss memory usage by 30% f5e815f430 remove secp256k1_eckey_pubkey_serialize function 0d3659c547 use new `_eckey_pubkey_serialize{33,65}` functions in modules (ellswift,musig) adb76f82ea use new `_eckey_pubkey_serialize{33,65}` functions in public API fc7458ca3e introduce `secp256k1_eckey_pubkey_serialize{33,65}` functions c8206b1ce6 Merge bitcoin-core/secp256k1#1771: ci: Use Python virtual environment in "x86_64-macos-native" job f252da7e6e ci: Use Python virtual environment in "x86_64-macos-native" job 115b135fe8 Merge bitcoin-core/secp256k1#1763: bench: Use `ALIGNMENT` macro instead of hardcoded value 2f73e5281d group: Avoid using infinity field directly in other modules 153eea20c2 bench: Use `ALIGNMENT` macro instead of hardcoded value 26166c4f5f ecmult_multi: reduce strauss memory usage by 30% 7a2fff85e8 Merge bitcoin-core/secp256k1#1758: ci: Drop workaround for Valgrind older than 3.20.0 43e7b115f7 Merge bitcoin-core/secp256k1#1759: ci: Switch to macOS 15 Sequoia Intel-based image 8bc50b72ff ci: Switch to macOS 15 Sequoia Intel-based image c09519f0e3 ci: Drop workaround for Valgrind older than 3.20.0 d543c0d917 Merge bitcoin-core/secp256k1#1734: Introduce (mini) unit test framework f44c1ebd96 Merge bitcoin-core/secp256k1#1719: ci: DRY workflow using anchors a44a339384 Merge bitcoin-core/secp256k1#1750: ci: Use clang-snapshot in "MSan" job 15d014804e ci: Drop default for `inputs.command` in `run-in-docker-action` 1decc49a1f ci: Use YAML anchor and aliases for repeated "CI script" steps dff1bc107d ci, refactor: Generalize use of `matrix.configuration.env_vars` 4b644da199 ci: Use YAML anchor and aliases for repeated "Print logs" steps a889cd93df ci: Bump `actions/checkout` version 574c2f3080 ci: Use YAML anchor and aliases for repeated "Checkout" steps 53585f93b7 ci: Use clang-snapshot in "MSan" job 6894c964f3 Fix Clang 21+ `-Wuninitialized-const-pointer` warning when using MSan 2b7337f63a Merge bitcoin-core/secp256k1#1756: ci: Fix image caching and apply other improvements f163c35897 ci: Set `DEBIAN_FRONTEND=noninteractive` 70ae177ca0 ci: Bump `docker/build-push-action` version b2a95a420f ci: Drop `tags` input for `docker/build-push-action` 122014edb3 ci: Add `scope` parameter to `cache-{to,from}` options 2f4546ce56 test: add --log option to display tests execution 95b9953ea4 test: Add option to display all available tests 953f7b0088 test: support running specific tests/modules targets 0302c1a3d7 test: add --help for command-line options 9ec3bfe22d test: adapt modules to the new test infrastructure 48789dafc2 test: introduce (mini) unit test framework baa265429f Merge bitcoin-core/secp256k1#1727: docs: Clarify that callback can be called more than once 4d90585fea docs: Improve API docs of _context_set_illegal_callback 895f53d1cf docs: Clarify that callback can be called more than once de6af6ae35 Merge bitcoin-core/secp256k1#1748: bench: improve context creation in ECDH benchmark 5817885153 Merge bitcoin-core/secp256k1#1749: build: Fix warnings in x86_64 assembly check ab560078aa build: Fix warnings in x86_64 assembly check 10dab907e7 Merge bitcoin-core/secp256k1#1741: doc: clarify API doc of `secp256k1_ecdsa_recover` return value dfe284ed2d bench: improve context creation in ECDH benchmark 7321bdf27b doc: clarify API doc of `secp256k1_ecdsa_recover` return value b475654302 Merge bitcoin-core/secp256k1#1745: test: introduce group order byte-array constant for deduplication 9cce703863 refactor: move 'gettime_i64()' to tests_common.h 0c91c56041 test: introduce group order byte-array constant for deduplication 88be4e8d86 Merge bitcoin-core/secp256k1#1735: musig: Invalidate secnonce in secp256k1_musig_partial_sign 36e76952cb Merge bitcoin-core/secp256k1#1738: check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 399b582a5f Split memclear into two versions 4985ac0f89 Merge bitcoin-core/secp256k1#1737: doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 7ebaa134a7 check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 806de38bfc doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 03fb60ad2e Merge bitcoin-core/secp256k1#1681: doc: Recommend clang-cl when building on Windows d93380fb35 Merge bitcoin-core/secp256k1#1731: schnorrsig: Securely clear buf containing k or its negation 8113671f80 Merge bitcoin-core/secp256k1#1729: hash: Use size_t instead of int for RFC6979 outlen copy 325d65a8cf Rename and clear var containing k or -k 960ba5f9c6 Use size_t instead of int for RFC6979 outlen copy 737912430d ci: Add more tests for clang-cl 7379a5bed3 doc: Recommend clang-cl when building on Windows f36afb8b3d Merge bitcoin-core/secp256k1#1725: tests: refactor tagged hash verification 5153cf1c91 tests: refactor tagged hash tests d2dcf52091 Merge bitcoin-core/secp256k1#1726: docs: fix broken link to Tromer's cache.pdf paper 489a43d1bf docs: fix broken link to eprint cache.pdf paper d599714147 Merge bitcoin-core/secp256k1#1722: docs: Exclude modules' `bench_impl.h` headers from coverage report 0458def51e doc: Add `--gcov-ignore-parse-errors=all` option to `gcovr` invocations 1aecce5936 doc: Add `--merge-mode-functions=separate` option to `gcovr` invocations 106a7cbf41 doc: Exclude modules' `bench_impl.h` headers from coverage report a9e955d3ea autotools, docs: Adjust help string for `--enable-coverage` option e523e4f90e Merge bitcoin-core/secp256k1#1720: chore(ci): Fix typo in Dockerfile comment 24ba8ff168 chore(ci): Fix typo in Dockerfile comment 74b8068c5d Merge bitcoin-core/secp256k1#1717: test: update wycheproof test vectors c25c3c8a88 test: update wycheproof test vectors 20e3b44746 Merge bitcoin-core/secp256k1#1688: cmake: Avoid contaminating parent project's cache with `BUILD_SHARED_LIBS` 2c076d907a Merge bitcoin-core/secp256k1#1711: tests: update Wycheproof 7b07b22957 cmake: Avoid contaminating parent project's cache with BUILD_SHARED_LIBS 5433648ca0 Fix typos and spellings 9ea54c69b7 tests: update Wycheproof files git-subtree-dir: src/secp256k1 git-subtree-split: 1a53f4961f337b4d166c25fce72ef0dc88806618

…29, 1731, 1681, 1737, 1738 01b1b91 modules: Port bitcoin-core/secp256k1#1725 to zkp-specific code (DarkWindman) 7ebaa13 check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) (Sebastian Falbesoner) 806de38 doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) (Sebastian Falbesoner) 7379124 ci: Add more tests for clang-cl (Hennadii Stepanov) 7379a5b doc: Recommend clang-cl when building on Windows (Hennadii Stepanov) 325d65a Rename and clear var containing k or -k (John Moffett) 960ba5f Use size_t instead of int for RFC6979 outlen copy (John Moffett) 5153cf1 tests: refactor tagged hash tests (josibake) 489a43d docs: fix broken link to eprint cache.pdf paper (VolodymyrBg) 0458def doc: Add `--gcov-ignore-parse-errors=all` option to `gcovr` invocations (Hennadii Stepanov) 1aecce5 doc: Add `--merge-mode-functions=separate` option to `gcovr` invocations (Hennadii Stepanov) 106a7cb doc: Exclude modules' `bench_impl.h` headers from coverage report (Hennadii Stepanov) a9e955d autotools, docs: Adjust help string for `--enable-coverage` option (Hennadii Stepanov) 24ba8ff chore(ci): Fix typo in Dockerfile comment (Maximilian Hubert) c25c3c8 test: update wycheproof test vectors (josibake) 7b07b22 cmake: Avoid contaminating parent project's cache with BUILD_SHARED_LIBS (Hennadii Stepanov) 5433648 Fix typos and spellings (Adrien Ufferte) 9ea54c6 tests: update Wycheproof files (fanquake) Pull request description: Merge bitcoin-core/secp256k1#1711: tests: update Wycheproof Merge bitcoin-core/secp256k1#1688: cmake: Avoid contaminating parent project's cache with `BUILD_SHARED_LIBS` Merge bitcoin-core/secp256k1#1717: test: update wycheproof test vectors Merge bitcoin-core/secp256k1#1720: chore(ci): Fix typo in Dockerfile comment Merge bitcoin-core/secp256k1#1722: docs: Exclude modules' `bench_impl.h` headers from coverage report Merge bitcoin-core/secp256k1#1726: docs: fix broken link to Tromer's cache.pdf paper Merge bitcoin-core/secp256k1#1725: tests: refactor tagged hash verification Merge bitcoin-core/secp256k1#1729: hash: Use size_t instead of int for RFC6979 outlen copy Merge bitcoin-core/secp256k1#1731: schnorrsig: Securely clear buf containing k or its negation Merge bitcoin-core/secp256k1#1681: doc: Recommend clang-cl when building on Windows Merge bitcoin-core/secp256k1#1737: doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) Merge bitcoin-core/secp256k1#1738: check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) This PR can be recreated with `./contrib/sync-upstream.sh -b master range 36e7695`. Tips: * Use `git show --remerge-diff <pr-branch>` to show the conflict resolution in the merge commit. * Use `git read-tree --reset -u <pr-branch>` to replay these resolutions during the conflict resolution stage when recreating the PR branch locally. Be aware that this may discard your index as well as the uncommitted changes and untracked files in your worktree. ACKs for top commit: real-or-random: ACK 01b1b91 Tree-SHA512: 3d945e55313eb0afde66bd2064edd169854294f9e1e185e6199beec2a079f872cd3172d00e9c4da6cda25ccf296ddd3f205280076f94d009941eab4e319bcd0a

1a53f496 Merge bitcoin-core/secp256k1#1808: Prepare for 0.7.1 20a209f1 release: prepare for 0.7.1 c4b6a81a changelog: update in preparation for the v0.7.1 release ebb35882 Merge bitcoin-core/secp256k1#1796: bench: fail early if user inputs invalid value for SECP256K1_BENCH_ITERS c09215f7 bench: fail early if user inputs invalid value for SECP256K1_BENCH_ITERS 471e3a13 Merge bitcoin-core/secp256k1#1800: sage: verify Eisenstein integer connection for GLV constants 29ac4d84 sage: verify Eisenstein integer connection for GLV constants 4721e077 Merge bitcoin-core/secp256k1#1793: doc/bench: added help text for SECP256K1_BENCH_ITERS env var for bench_ecmult bd5ced1f doc/bench: added help text for SECP256K1_BENCH_ITERS env var for bench_ecmult 2d9137ce Merge bitcoin-core/secp256k1#1764: group: Avoid using infinity field directly in other modules f9a944ff Merge bitcoin-core/secp256k1#1790: doc: include arg -DSECP256K1_USE_EXTERNAL_DEFAULT_CALLBACKS=ON for cmake 0406cfc4 doc: include arg -DUSE_EXTERNAL_DEFAULT_CALLBACKS=1 for cmake 8d445730 Merge bitcoin-core/secp256k1#1783: Add VERIFY_CHECKs and documentation that flags must be 0 or 1 aa2a39c1 Merge bitcoin-core/secp256k1#1778: doc/bench: Added cmake build options to bench error messages 540fec8a Merge bitcoin-core/secp256k1#1788: test: split monolithic ellswift test into independent cases d822b290 test: split monolithic ellswift test into independent cases ae00c552 Add VERIFY_CHECKs that flags are 0 or 1 5c751833 Merge bitcoin-core/secp256k1#1784: refactor: remove ret from secp256k1_ec_pubkey_serialize be5e4f02 Merge bitcoin-core/secp256k1#1779: Add ARG_CHECKs to ensure "array of pointers" elements are non-NULL 3daab83a refactor: remove ret from secp256k1_ec_pubkey_serialize 8bcda186 test: Add non-NULL checks for "pointer of array" API functions 5a08c1bc Add ARG_CHECKs to ensure "array of pointers" elements are non-NULL 3b5b03f3 doc/bench: Added cmake build options to bench error messages e7f7083b Merge bitcoin-core/secp256k1#1774: refactor: split up internal pubkey serialization function into compressed/uncompressed variants b6c2a3cd Merge bitcoin-core/secp256k1#1761: ecmult_multi: reduce strauss memory usage by 30% f5e815f4 remove secp256k1_eckey_pubkey_serialize function 0d3659c5 use new `_eckey_pubkey_serialize{33,65}` functions in modules (ellswift,musig) adb76f82 use new `_eckey_pubkey_serialize{33,65}` functions in public API fc7458ca introduce `secp256k1_eckey_pubkey_serialize{33,65}` functions c8206b1c Merge bitcoin-core/secp256k1#1771: ci: Use Python virtual environment in "x86_64-macos-native" job f252da7e ci: Use Python virtual environment in "x86_64-macos-native" job 115b135f Merge bitcoin-core/secp256k1#1763: bench: Use `ALIGNMENT` macro instead of hardcoded value 2f73e528 group: Avoid using infinity field directly in other modules 153eea20 bench: Use `ALIGNMENT` macro instead of hardcoded value 26166c4f ecmult_multi: reduce strauss memory usage by 30% 7a2fff85 Merge bitcoin-core/secp256k1#1758: ci: Drop workaround for Valgrind older than 3.20.0 43e7b115 Merge bitcoin-core/secp256k1#1759: ci: Switch to macOS 15 Sequoia Intel-based image 8bc50b72 ci: Switch to macOS 15 Sequoia Intel-based image c09519f0 ci: Drop workaround for Valgrind older than 3.20.0 d543c0d9 Merge bitcoin-core/secp256k1#1734: Introduce (mini) unit test framework f44c1ebd Merge bitcoin-core/secp256k1#1719: ci: DRY workflow using anchors a44a3393 Merge bitcoin-core/secp256k1#1750: ci: Use clang-snapshot in "MSan" job 15d01480 ci: Drop default for `inputs.command` in `run-in-docker-action` 1decc49a ci: Use YAML anchor and aliases for repeated "CI script" steps dff1bc10 ci, refactor: Generalize use of `matrix.configuration.env_vars` 4b644da1 ci: Use YAML anchor and aliases for repeated "Print logs" steps a889cd93 ci: Bump `actions/checkout` version 574c2f30 ci: Use YAML anchor and aliases for repeated "Checkout" steps 53585f93 ci: Use clang-snapshot in "MSan" job 6894c964 Fix Clang 21+ `-Wuninitialized-const-pointer` warning when using MSan 2b7337f6 Merge bitcoin-core/secp256k1#1756: ci: Fix image caching and apply other improvements f163c358 ci: Set `DEBIAN_FRONTEND=noninteractive` 70ae177c ci: Bump `docker/build-push-action` version b2a95a42 ci: Drop `tags` input for `docker/build-push-action` 122014ed ci: Add `scope` parameter to `cache-{to,from}` options 2f4546ce test: add --log option to display tests execution 95b9953e test: Add option to display all available tests 953f7b00 test: support running specific tests/modules targets 0302c1a3 test: add --help for command-line options 9ec3bfe2 test: adapt modules to the new test infrastructure 48789daf test: introduce (mini) unit test framework baa26542 Merge bitcoin-core/secp256k1#1727: docs: Clarify that callback can be called more than once 4d90585f docs: Improve API docs of _context_set_illegal_callback 895f53d1 docs: Clarify that callback can be called more than once de6af6ae Merge bitcoin-core/secp256k1#1748: bench: improve context creation in ECDH benchmark 58178851 Merge bitcoin-core/secp256k1#1749: build: Fix warnings in x86_64 assembly check ab560078 build: Fix warnings in x86_64 assembly check 10dab907 Merge bitcoin-core/secp256k1#1741: doc: clarify API doc of `secp256k1_ecdsa_recover` return value dfe284ed bench: improve context creation in ECDH benchmark 7321bdf2 doc: clarify API doc of `secp256k1_ecdsa_recover` return value b4756543 Merge bitcoin-core/secp256k1#1745: test: introduce group order byte-array constant for deduplication 9cce7038 refactor: move 'gettime_i64()' to tests_common.h 0c91c560 test: introduce group order byte-array constant for deduplication 88be4e8d Merge bitcoin-core/secp256k1#1735: musig: Invalidate secnonce in secp256k1_musig_partial_sign 36e76952 Merge bitcoin-core/secp256k1#1738: check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 399b582a Split memclear into two versions 4985ac0f Merge bitcoin-core/secp256k1#1737: doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 7ebaa134 check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 806de38b doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 03fb60ad Merge bitcoin-core/secp256k1#1681: doc: Recommend clang-cl when building on Windows d93380fb Merge bitcoin-core/secp256k1#1731: schnorrsig: Securely clear buf containing k or its negation 8113671f Merge bitcoin-core/secp256k1#1729: hash: Use size_t instead of int for RFC6979 outlen copy 325d65a8 Rename and clear var containing k or -k 960ba5f9 Use size_t instead of int for RFC6979 outlen copy 73791243 ci: Add more tests for clang-cl 7379a5be doc: Recommend clang-cl when building on Windows f36afb8b Merge bitcoin-core/secp256k1#1725: tests: refactor tagged hash verification 5153cf1c tests: refactor tagged hash tests d2dcf520 Merge bitcoin-core/secp256k1#1726: docs: fix broken link to Tromer's cache.pdf paper 489a43d1 docs: fix broken link to eprint cache.pdf paper d5997141 Merge bitcoin-core/secp256k1#1722: docs: Exclude modules' `bench_impl.h` headers from coverage report 0458def5 doc: Add `--gcov-ignore-parse-errors=all` option to `gcovr` invocations 1aecce59 doc: Add `--merge-mode-functions=separate` option to `gcovr` invocations 106a7cbf doc: Exclude modules' `bench_impl.h` headers from coverage report a9e955d3 autotools, docs: Adjust help string for `--enable-coverage` option e523e4f9 Merge bitcoin-core/secp256k1#1720: chore(ci): Fix typo in Dockerfile comment 24ba8ff1 chore(ci): Fix typo in Dockerfile comment 74b8068c Merge bitcoin-core/secp256k1#1717: test: update wycheproof test vectors c25c3c8a test: update wycheproof test vectors 20e3b447 Merge bitcoin-core/secp256k1#1688: cmake: Avoid contaminating parent project's cache with `BUILD_SHARED_LIBS` 2c076d90 Merge bitcoin-core/secp256k1#1711: tests: update Wycheproof 7b07b229 cmake: Avoid contaminating parent project's cache with BUILD_SHARED_LIBS 5433648c Fix typos and spellings 9ea54c69 tests: update Wycheproof files b9313c6e Merge bitcoin-core/secp256k1#1708: release cleanup: bump version after 0.7.0 7ab8b0cc release cleanup: bump version after 0.7.0 git-subtree-dir: Vendor/secp256k1 git-subtree-split: 1a53f4961f337b4d166c25fce72ef0dc88806618

42ae776d Merge BlockstreamResearch/secp256k1-zkp#327: Upstream PRs 1711, 1688, 1717, 1720, 1722, 1726, 1725, 1729, 1731, 1681, 1737, 1738 01b1b916 modules: Port bitcoin-core/secp256k1#1725 to zkp-specific code 38284aa0 Merge commits '2c076d90 20e3b447 74b8068c e523e4f9 d5997141 d2dcf520 f36afb8b 8113671f d93380fb 03fb60ad 4985ac0f 36e76952 ' into temp-merge-1738 a3733f33 Merge BlockstreamResearch/secp256k1-zkp#325: Upstream PRs 1685, 1692, 1687, 1689, 1694, 1699, 1704, 1696, 1705, 1702, 1706, 1707, 1708 9dcd857d Merge commits '29e73f4b 89096c23 c4987790 ad60ef7e 943479a7 cbbbf3bd 73a69595 7c338042 5e74086d 6037833c 020ee604 a660a497 b9313c6e ' into temp-merge-1708 64316eac Merge BlockstreamResearch/secp256k1-zkp#324: Upstream PRs 1662, 1669, 1492, 1670, 1668, 1673, 1675, 1680, 1679, 1690, 1683, 1678 cc4a92b5 Merge commits '70f149b9 13906b71 4187a466 bb597b3d 9fab4252 92394476 201b2b8f f24b838b 95db29b1 2a9d3747 a28c2ffa 746e36b1 ' into temp-merge-1678 6e071d18 Merge BlockstreamResearch/secp256k1-zkp#323: Upstream PRs 1642, 1639, 1614, 1656, 1647, 1655, 1593, 1359, 1657, 1660, 1659, 1661 4dda3122 ci: Use Python virtual environment in x86_64-macos-native job 795f19af ci: Switch to macOS 15 Sequoia Intel-based image 2f057a14 ci: Don't hardcode ABI version 17ad1960 schnorrsig_halfagg: Fix symbol visibility for internal function ec343f0b Port bitcoin-core/secp256k1#1642 to zkp-specific code 79953d07 Merge commits '1b1fc093 6c2a39da 31860823 abd25054 4ba1ba2a 03bbe8c6 13ed6f65 a7a51171 2abb35b0 e56716a3 3f54ed8c d84bb83e ' into temp-merge-1661 2d30d398 Merge BlockstreamResearch/secp256k1-zkp#322: Upstream PRs 1579, 1631, 1633, 1634, 1641, 1650, 1646, 1654 e3bddfa7 modules: Port bitcoin-core/secp256k1#1579 to zkp-specific code 913be29e Merge commits 'b161bffb 0cdc758a ec329c25 8deef00b f79f46c7 00774d07 2e3bf136 c0d9480f ' into temp-merge-1654 8aa05cb3 Merge BlockstreamResearch/secp256k1-zkp#320: Upstream PRs 1603, 1599, 1616, 1553, 1620, 1595, 1619, 1624, 1625, 1582, 1581, 1628 a8e6a3cc Port bitcoin-core/secp256k1#1628 to zkp public API 347d6adf Merge commits 'a88aa935 01b58933 18f9b967 e59158b6 1fae76f5 f0868a9b 68b55209 9b7c59cb 1464f15c 9a8db52f 7d48f5ed a38d879a ' into temp-merge-1628 7acd4a1f Merge BlockstreamResearch/secp256k1-zkp#319: Upstream PR 1479 8c7c24eb docs: simplify README description, fix musig docs 8d443b80 musig: Re-add adaptor signatures support 248358f2 Merge commit '3660fe5e' into temp-merge-1479 21c24fdc musig: Remove module in preparation for upstream merge 211323d6 Merge BlockstreamResearch/secp256k1-zkp#318: Upstream PRs 1574, 1576, 1575, 1577, 1578, 1583, 1586, 1600, 1604, 1554 551b5dd4 Merge commits 'fded437c cdf08c1a 642c885b f8c1b0e0 3fdf146b b3076144 19888550 2f2ccc46 472faaa8 4c57c7a5 ' into temp-merge-1554 4ae7cb4f Merge BlockstreamResearch/secp256k1-zkp#317: Upstream PRs 1529, 1548, 1545, 1550, 1546, 1543, 1535, 1555, 1565, 1564, 1563, 1551 d0dde4aa Merge commits '35c0fdc 5dd637f 69b2192 d7ae25c d403eea f473c95 4af241b a526937 fcc5d73 ca06e58 ea2d5f0 0055b86 ' into temp-merge-1551 84ca3b33 Merge BlockstreamResearch/secp256k1-zkp#316: Upstream PRs 1533 513e550e Merge commits '4392f0f7 ' into temp-merge-1533 0fb0eac9 Merge BlockstreamResearch/secp256k1-zkp#314: Upstream PRs 1522, 1523, 1525, 1524, 1526, 1528, 1517, 1532, 1488 91b2deab ci: Add zkp modules to arm64-macos-native job f5e9804e Merge remote-tracking branch 'zkp/master' into temp-merge-1488 e34dc812 Merge BlockstreamResearch/secp256k1-zkp#315: ci: Backport LLVM apt signature fix 040673bd ci, docker: Fix LLVM repository signature failure c946b097 Merge commits 'e3a885d4 d7f6613d 7d0bc087 7712a530 4155e62f 06bff6de 1791f6fc 4b8d5eea bedffd53 ' into temp-merge-1488 1cdc3e0f Merge BlockstreamResearch/secp256k1-zkp#311: sync-upstream: Extend git usage tips d176205d Merge BlockstreamResearch/secp256k1-zkp#313: Upstream PR 1518 ca68d088 Merge BlockstreamResearch/secp256k1-zkp#312: scalar: Add SECP256K1_SCALAR_VERIFY to zkp-specific function 2cb2e312 extrakeys: Migrate to bitcoin-core/secp256k1#1518 secp256k1_ec_pubkey_sort 3291b021 Merge commits 'bb528cf ' into temp-merge-1518 96a415b1 scalar: Port bitcoin-core/secp256k1#1393 to zkp-specific code 41cead8a sync-upstream: Extend git usage tips 36a7b874 Merge BlockstreamResearch/secp256k1-zkp#310: Upstream PRs 1058 9a57e3c6 Merge commits 'da515074 ' into temp-merge-1058 7e460db4 Merge BlockstreamResearch/secp256k1-zkp#307: Upstream PRs 1484, 1483, 1486, 1496, 1489, 1490, 1507, 1512, 1515 f9cf003d scalar: Port bitcoin-core/secp256k1#1512 to zkp-specific code 8c72644a Merge commits '5ad3aa3 2483627 0653a25 d926510 cdc9a62 427e86b 05bfab6 4b77fec d831168 ' into temp-merge-1515 797e2ed6 Merge BlockstreamResearch/secp256k1-zkp#306: sync-upstream: improve help text db8750de sync-upstream: improve help text 36e76952 Merge bitcoin-core/secp256k1#1738: check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 4985ac0f Merge bitcoin-core/secp256k1#1737: doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 7ebaa134 check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 806de38b doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 03fb60ad Merge bitcoin-core/secp256k1#1681: doc: Recommend clang-cl when building on Windows d93380fb Merge bitcoin-core/secp256k1#1731: schnorrsig: Securely clear buf containing k or its negation 8113671f Merge bitcoin-core/secp256k1#1729: hash: Use size_t instead of int for RFC6979 outlen copy 325d65a8 Rename and clear var containing k or -k 960ba5f9 Use size_t instead of int for RFC6979 outlen copy 73791243 ci: Add more tests for clang-cl 7379a5be doc: Recommend clang-cl when building on Windows f36afb8b Merge bitcoin-core/secp256k1#1725: tests: refactor tagged hash verification 5153cf1c tests: refactor tagged hash tests d2dcf520 Merge bitcoin-core/secp256k1#1726: docs: fix broken link to Tromer's cache.pdf paper 489a43d1 docs: fix broken link to eprint cache.pdf paper d5997141 Merge bitcoin-core/secp256k1#1722: docs: Exclude modules' `bench_impl.h` headers from coverage report 0458def5 doc: Add `--gcov-ignore-parse-errors=all` option to `gcovr` invocations 1aecce59 doc: Add `--merge-mode-functions=separate` option to `gcovr` invocations 106a7cbf doc: Exclude modules' `bench_impl.h` headers from coverage report a9e955d3 autotools, docs: Adjust help string for `--enable-coverage` option e523e4f9 Merge bitcoin-core/secp256k1#1720: chore(ci): Fix typo in Dockerfile comment 24ba8ff1 chore(ci): Fix typo in Dockerfile comment 74b8068c Merge bitcoin-core/secp256k1#1717: test: update wycheproof test vectors c25c3c8a test: update wycheproof test vectors 20e3b447 Merge bitcoin-core/secp256k1#1688: cmake: Avoid contaminating parent project's cache with `BUILD_SHARED_LIBS` 2c076d90 Merge bitcoin-core/secp256k1#1711: tests: update Wycheproof 7b07b229 cmake: Avoid contaminating parent project's cache with BUILD_SHARED_LIBS 5433648c Fix typos and spellings 9ea54c69 tests: update Wycheproof files b9313c6e Merge bitcoin-core/secp256k1#1708: release cleanup: bump version after 0.7.0 a660a497 Merge bitcoin-core/secp256k1#1707: release: Prepare for 0.7.0 7ab8b0cc release cleanup: bump version after 0.7.0 a3e742d9 release: Prepare for 0.7.0 f67b0ac1 ci: Don't hardcode ABI version 020ee604 Merge bitcoin-core/secp256k1#1706: musig/tests: initialize keypair cde41308 musig/tests: initialize keypair 6037833c Merge bitcoin-core/secp256k1#1702: changelog: update 40b4a065 changelog: update 5e74086d Merge bitcoin-core/secp256k1#1705: musig/test: Remove dead code 7c338042 Merge bitcoin-core/secp256k1#1696: build: Refactor visibility logic and add override 8d967a60 musig/test: Remove dead code 983711cd musig/tests: Refactor vectors_signverify 73a69595 Merge bitcoin-core/secp256k1#1704: cmake: Make `secp256k1_objs` inherit interface defines from `secp256k1` bf082221 cmake: Make `secp256k1_objs` inherit interface defines from `secp256k1` c82d84bb build: add CMake option for disabling symbol visibility attributes ce792387 build: Add SECP256K1_NO_API_VISIBILITY_ATTRIBUTES e5297f6d build: Refactor visibility logic cbbbf3bd Merge bitcoin-core/secp256k1#1699: ci: enable musig module for native macOS arm64 job 943479a7 Merge bitcoin-core/secp256k1#1694: Revert "cmake: configure libsecp256k1.pc during install" 3352f9d6 ci: enable musig module for native macOS arm64 job ad60ef7e Merge bitcoin-core/secp256k1#1689: ci: Convert `arm64` Cirrus tasks to GHA jobs c4987790 Merge bitcoin-core/secp256k1#1687: cmake: support the use of launchers in ctest -S scripts 44b205e9 Revert "cmake: configure libsecp256k1.pc during install" 0dfe387d cmake: support the use of launchers in ctest -S scripts 89096c23 Merge bitcoin-core/secp256k1#1692: cmake: configure libsecp256k1.pc during install 7106dce6 cmake: configure libsecp256k1.pc during install 29e73f4b Merge bitcoin-core/secp256k1#1685: cmake: Emulate Libtool's behavior on FreeBSD 746e36b1 Merge bitcoin-core/secp256k1#1678: cmake: add a helper for linking into static libs a28c2ffa Merge bitcoin-core/secp256k1#1683: README: add link to musig example 2a9d3747 Merge bitcoin-core/secp256k1#1690: ci: Bump GCC snapshot major version to 16 add146e1 ci: Bump GCC snapshot major version to 16 004f57fc ci: Move Valgrind build for `arm64` from Cirrus to GHA 5fafdfc3 ci: Move `gcc-snapshot` build for `arm64` from Cirrus to GHA e814b79a ci: Switch `arm64_debian` from QEMU to native `arm64` Docker image bcf77346 ci: Add `arm64` architecture to `docker_cache` job b77aae92 ci: Rename Docker image tag to reflect architecture 145ae3e2 cmake: add a helper for linking into static libs 81921097 README: add link to musig example, generalize module enabling hint 95db29b1 Merge bitcoin-core/secp256k1#1679: cmake: Use `PUBLIC_HEADER` target property in installation logic 37dd422b cmake: Emulate Libtool's behavior on FreeBSD f24b838b Merge bitcoin-core/secp256k1#1680: doc: Promote "Building with CMake" to standard procedure 3f31ac43 doc: Promote "Building with CMake" to standard procedure 6f67151e cmake: Use `PUBLIC_HEADER` target property c32715b2 cmake, move-only: Move module option processing to `src/CMakeLists.txt` 201b2b8f Merge bitcoin-core/secp256k1#1675: cmake: Bump minimum required CMake version to 3.22 3af71987 cmake: Bump minimum required CMake version to 3.22 92394476 Merge bitcoin-core/secp256k1#1673: Assert field magnitude at control-flow join 3a4f448c Assert field magnitude at control-flow join 9fab4252 Merge bitcoin-core/secp256k1#1668: bench_ecmult: add benchmark for ecmult_const_xonly 05445377 bench_ecmult: add benchmark for ecmult_const_xonly bb597b3d Merge bitcoin-core/secp256k1#1670: tests: update wycheproof files d73ed994 tests: update wycheproof files 4187a466 Merge bitcoin-core/secp256k1#1492: tests: Add Wycheproof ECDH vectors e266ba11 tests: Add Wycheproof ECDH vectors 13906b71 Merge bitcoin-core/secp256k1#1669: gitignore: Add Python cache files c1bcb032 gitignore: Add Python cache files 70f149b9 Merge bitcoin-core/secp256k1#1662: bench: add ellswift to bench help output 6b3fe51f bench: add ellswift to bench help output d84bb83e Merge bitcoin-core/secp256k1#1661: configure: Show exhaustive tests in summary 3f54ed8c Merge bitcoin-core/secp256k1#1659: include: remove WARN_UNUSED_RESULT for functions always returning 1 20b05c9d configure: Show exhaustive tests in summary e56716a3 Merge bitcoin-core/secp256k1#1660: ci: Fix exiting from ci.sh on error d87c3bc5 ci: Fix exiting from ci.sh on error 1b6e0815 include: remove WARN_UNUSED_RESULT for functions always returning 1 2abb35b0 Merge bitcoin-core/secp256k1#1657: tests: remove unused uncounting_illegal_callback_fn 51907fa9 tests: remove unused uncounting_illegal_callback_fn a7a51171 Merge bitcoin-core/secp256k1#1359: Fix symbol visibility issues, add test for it 13ed6f65 Merge bitcoin-core/secp256k1#1593: Remove deprecated `_ec_privkey_{negate,tweak_add,tweak_mul}` aliases from API d1478763 build: Drop no longer needed `-fvisibility=hidden` compiler option 8ed1d83d ci: Run `tools/symbol-check.py` 41d32ab2 test: Add `tools/symbol-check.py` 88548058 Introduce `SECP256K1_LOCAL_VAR` macro 03bbe8c6 Merge bitcoin-core/secp256k1#1655: gha: Print all *.log files, in a separate action 59860bcc gha: Print all *.log files, in a separate action 4ba1ba2a Merge bitcoin-core/secp256k1#1647: cmake: Adjust diagnostic flags for `clang-cl` abd25054 Merge bitcoin-core/secp256k1#1656: musig: Fix clearing of pubnonces 961ec25a musig: Fix clearing of pubnonces 31860823 Merge bitcoin-core/secp256k1#1614: Add _ge_set_all_gej and use it in musig for own public nonces 6c2a39da Merge bitcoin-core/secp256k1#1639: Make static context const 37d2c60b Remove deprecated _ec_privkey_{negate,tweak_add,tweak_mul} aliases 432ac577 Make static context const 1b1fc093 Merge bitcoin-core/secp256k1#1642: Verify `compressed` argument in `secp256k1_eckey_pubkey_serialize` c0d9480f Merge bitcoin-core/secp256k1#1654: use `EXIT_` constants over magic numbers for indicating program execution status 13d38962 CONTRIBUTING: mention that `EXIT_` codes should be used c8555817 test, bench, precompute_ecmult: use `EXIT_...` constants for `main` return values 965393fc examples: use `EXIT_...` constants for `main` return values 2e3bf136 Merge bitcoin-core/secp256k1#1646: README: add instructions for verifying GPG signatures b682dbcf README: add instructions for verifying GPG signatures 00774d07 Merge bitcoin-core/secp256k1#1650: schnorrsig: clear out masked secret key in BIP-340 nonce function a82287fb schnorrsig: clear out masked secret key in BIP-340 nonce function 4c50d73d ci: Add new "Windows (clang-cl)" job 84c0bd1f cmake: Adjust diagnostic flags for clang-cl f79f46c7 Merge bitcoin-core/secp256k1#1641: doc: Improve cmake instructions in README 2ac9f558 doc: Improve cmake instructions in README 18235947 Verify `compressed` argument in `secp256k1_eckey_pubkey_serialize` 8deef00b Merge bitcoin-core/secp256k1#1634: Fix some misspellings 39705450 Fix some misspellings ec329c25 Merge bitcoin-core/secp256k1#1633: release cleanup: bump version after 0.6.0 c97059f5 release cleanup: bump version after 0.6.0 0cdc758a Merge bitcoin-core/secp256k1#1631: release: prepare for 0.6.0 39d5dfd5 release: prepare for 0.6.0 df2eceb2 build: add ellswift.md and musig.md to release tarball a306bb7e tools: fix check-abi.sh after cmake out locations were changed 145868a8 Do not export `secp256k1_musig_nonce_gen_internal` b161bffb Merge bitcoin-core/secp256k1#1579: Clear sensitive memory without getting optimized out (revival of #636) 64228a64 musig: Use _ge_set_all_gej for own public nonces 300aab1c tests: Improve _ge_set_all_gej(_var) tests 365f274c group: Simplify secp256k1_ge_set_all_gej d3082dde group: Add constant-time secp256k1_ge_set_all_gej a38d879a Merge bitcoin-core/secp256k1#1628: Name public API structs 7d48f5ed Merge bitcoin-core/secp256k1#1581: test, ci: Lower default iteration count to 16 694342fd Name public API structs 0f73caf7 test, ci: Lower default iteration count to 16 9a8db52f Merge bitcoin-core/secp256k1#1582: cmake, test: Add `secp256k1_` prefix to test names 765ef533 Clear _gej instances after point multiplication to avoid potential leaks 349e6ab9 Introduce separate _clear functions for hash module 99cc9fd6 Don't rely on memset to set signed integers to 0 97c57f42 Implement various _clear() functions with secp256k1_memclear() 9bb368d1 Use secp256k1_memclear() to clear stack memory instead of memset() e3497bbf Separate between clearing memory and setting to zero in tests d79a6ccd Separate secp256k1_fe_set_int( . , 0 ) from secp256k1_fe_clear() 1c081262 Add secp256k1_memclear() for clearing secret data 1464f15c Merge bitcoin-core/secp256k1#1625: util: Remove unused (u)int64_t formatting macros 980c08df util: Remove unused (u)int64_t formatting macros 9b7c59cb Merge bitcoin-core/secp256k1#1624: ci: Update macOS image 096e3e23 ci: Update macOS image e7d38448 Don't clear secrets in pippenger implementation 68b55209 Merge bitcoin-core/secp256k1#1619: musig: ctimetests: fix _declassify range for generated nonce points f0868a9b Merge bitcoin-core/secp256k1#1595: build: 45839th attempt to fix symbol visibility on Windows 1fae76f5 Merge bitcoin-core/secp256k1#1620: Remove unused scratch space from API 8be3839f Remove unused scratch space from API 57eda3ba musig: ctimetests: fix _declassify range for generated nonce points 87384f5c cmake, test: Add `secp256k1_` prefix to test names e59158b6 Merge bitcoin-core/secp256k1#1553: cmake: Set top-level target output locations 18f9b967 Merge bitcoin-core/secp256k1#1616: examples: do not retry generating seckey randomness in musig 5bab8f6d examples: make key generation doc consistent e8908221 examples: do not retry generating seckey randomness in musig 70b6be18 extrakeys: improve doc of keypair_create (don't suggest retry) 01b58933 Merge bitcoin-core/secp256k1#1599: #1570 improve examples: remove key generation loop cd4f84f3 Improve examples/documentation: remove key generation loops a88aa935 Merge bitcoin-core/secp256k1#1603: f can never equal -m 3660fe5e Merge bitcoin-core/secp256k1#1479: Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 168c9201 build: allow enabling the musig module in cmake f411841a Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 0be79660 util: add constant-time is_zero_array function c8fbdb1b group: add ge_to_bytes_ext and ge_from_bytes_ext ef7ff034 f can never equal -m c232486d Revert "cmake: Set `ENVIRONMENT` property for examples on Windows" 26e4a7c2 cmake: Set top-level target output locations 4c57c7a5 Merge bitcoin-core/secp256k1#1554: cmake: Clean up testing code 447334cb include: Avoid visibility("default") on Windows 472faaa8 Merge bitcoin-core/secp256k1#1604: doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 292310fb doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 2f2ccc46 Merge bitcoin-core/secp256k1#1600: cmake: Introduce `SECP256K1_APPEND_LDFLAGS` variable 421ed1b4 cmake: Introduce `SECP256K1_APPEND_LDFLAGS` variable 85e224dd group: add ge_to_bytes and ge_from_bytes 19888550 Merge bitcoin-core/secp256k1#1586: fix: remove duplicate 'the' from header file comment b3076144 Merge bitcoin-core/secp256k1#1583: ci: Bump GCC_SNAPSHOT_MAJOR to 15 fa67b675 refactor: Use array initialization for unterminated strings 9b0f37bf fix: remove duplicate 'the' from header file comment e34b4767 ci: Bump GCC_SNAPSHOT_MAJOR to 15 3fdf146b Merge bitcoin-core/secp256k1#1578: ci: Silent Homebrew's noisy reinstall warnings f8c1b0e0 Merge bitcoin-core/secp256k1#1577: release cleanup: bump version after 0.5.1 7057d3c9 ci: Silent Homebrew's noisy reinstall warnings c3e40d75 release cleanup: bump version after 0.5.1 642c885b Merge bitcoin-core/secp256k1#1575: release: prepare for 0.5.1 cdf08c1a Merge bitcoin-core/secp256k1#1576: doc: mention `needs-changelog` github label in release process 40d87b8e release: prepare for 0.5.1 57702261 changelog: clarify CMake option 759bd4bb doc: mention `needs-changelog` github label in release process fded437c Merge bitcoin-core/secp256k1#1574: Fix compilation when extrakeys module isn't enabled 763d938c ci: only enable extrakeys module when schnorrsig is enabled af551ab9 tests: do not use functions from extrakeys module 0055b867 Merge bitcoin-core/secp256k1#1551: Add ellswift usage example ea2d5f0f Merge bitcoin-core/secp256k1#1563: doc: Add convention for defaults ca06e58b Merge bitcoin-core/secp256k1#1564: build, ci: Adjust the default size of the precomputed table for signing e2af4912 ci: Switch to the new default value of the precomputed table for signing d94a9273 build: Adjust the default size of the precomputed table for signing fcc5d738 Merge bitcoin-core/secp256k1#1565: cmake: Bump CMake minimum required version up to 3.16 9420eece cmake: Bump CMake minimum required version up to 3.16 16685649 doc: Add convention for defaults a5269373 Merge bitcoin-core/secp256k1#1555: Fixed O3 replacement b8fe3333 cmake: Fixed O3 replacement 7c987ec8 cmake: Call `enable_testing()` unconditionally 6aa57651 cmake: Delete `CTest` module 31f84595 Add ellswift usage example fe4fbaa7 examples: fix case typos in secret clearing paragraphs (s/, Or/, or/) 4af241b3 Merge bitcoin-core/secp256k1#1535: build: Replace hardcoded "auto" value with default one f473c959 Merge bitcoin-core/secp256k1#1543: cmake: Do not modify build types when integrating by downstream project d403eea4 Merge bitcoin-core/secp256k1#1546: cmake: Rename `SECP256K1_LATE_CFLAGS` and switch to Bitcoin Core's approach d7ae25ce Merge bitcoin-core/secp256k1#1550: fix: typos in secp256k1.c 0e2fadb2 fix: typos in secp256k1.c 69b2192a Merge bitcoin-core/secp256k1#1545: cmake: Do not set `CTEST_TEST_TARGET_ALIAS` 5dd637f3 Merge bitcoin-core/secp256k1#1548: README: mention ellswift module 7454a537 README: mention ellswift module 4706be2c cmake: Reimplement `SECP256K1_APPEND_CFLAGS` using Bitcoin Core approach c2764dbb cmake: Rename `SECP256K1_LATE_CFLAGS` to `SECP256K1_APPEND_CFLAGS` f87a3589 cmake: Do not set `CTEST_TEST_TARGET_ALIAS` 158f9e5e cmake: Do not modify build types when integrating by downstream project 35c0fdc8 Merge bitcoin-core/secp256k1#1529: cmake: Fix cache issue when integrating by downstream project 4392f0f7 Merge bitcoin-core/secp256k1#1533: tests: refactor: tidy up util functions (#1491) bedffd53 Merge bitcoin-core/secp256k1#1488: ci: Add native macOS arm64 job 4b8d5eea Merge bitcoin-core/secp256k1#1532: cmake: Disable eager MSan in ctime_tests f55703ba autotools: Delete unneeded compiler test 396e8858 autotools: Align MSan checking code with CMake's implementation abde59f5 cmake: Report more compiler details in summary 7abf979a cmake: Disable `ctime_tests` if build with `-fsanitize=memory` 4d9645be cmake: Remove "AUTO" value of `SECP256K1_ECMULT_GEN_KB` option a06805ee cmake: Remove "AUTO" value of `SECP256K1_ECMULT_WINDOW_SIZE` option 1791f6fc Merge bitcoin-core/secp256k1#1517: autotools: Disable eager MSan in ctime_tests 26b94ee9 autotools: Remove "auto" value of `--with-ecmult-gen-kb` option 122dbaeb autotools: Remove "auto" value of `--with-ecmult-window` option e73f6f8f tests: refactor: drop `secp256k1_` prefix from testrand.h functions 0ee7453a tests: refactor: add `testutil_` prefix to testutil.h functions 0c6bc76d tests: refactor: move `random_` helpers from tests.c to testutil.h 0fef8479 tests: refactor: rename `random_field_element_magnitude` -> `random_fe_magnitude` 59db007f tests: refactor: rename `random_group_element_...` -> `random_ge_...` ebfb82ee ci: Add job with -fsanitize-memory-param-retval e1bef096 configure: Move "experimental" warning to bottom 55e5d975 autotools: Disable eager MSan in ctime_tests 06bff6de Merge bitcoin-core/secp256k1#1528: tests: call `secp256k1_ecmult_multi_var` with a non-`NULL` error callback ec4c002f cmake: Simplify `PROJECT_IS_TOP_LEVEL` emulation cae9a7ad cmake: Do not set emulated PROJECT_IS_TOP_LEVEL as cache variable 4155e62f Merge bitcoin-core/secp256k1#1526: cmake: Fix `check_arm32_assembly` when using as subproject 9554362b tests: call secp256k1_ecmult_multi_var with a non-NULL error callback 9f4c8cd7 cmake: Fix `check_arm32_assembly` when using as subproject 7712a530 Merge bitcoin-core/secp256k1#1524: check-abi: explicitly provide public headers 7d0bc087 Merge bitcoin-core/secp256k1#1525: changelog: Correct 0.5.0 release date d45d9b74 changelog: Correct 0.5.0 release date d7f6613d Merge bitcoin-core/secp256k1#1523: release cleanup: bump version after 0.5.0 2f05e2da release cleanup: bump version after 0.5.0 e3a885d4 Merge bitcoin-core/secp256k1#1522: release: prepare for 0.5.0 dd695563 check-abi: explicitly provide public headers c0e4ec3f release: prepare for 0.5.0 bb528cfb Merge bitcoin-core/secp256k1#1518: Add secp256k1_pubkey_sort 7d2591ce Add secp256k1_pubkey_sort da515074 Merge bitcoin-core/secp256k1#1058: Signed-digit multi-comb ecmult_gen algorithm 4c341f89 Add changelog entry for SDMC a0439402 Permit COMB_BITS < 256 for exhaustive tests 39b2f2a3 Add test case for ecmult_gen recoded = {-1,0,1} 644e86de Reintroduce projective blinding 07810d9a Reduce side channels from single-bit reads a0d32b59 Optimization: use Nx32 representation for recoded bits e03dcc44 Make secp256k1_scalar_get_bits support 32-bit reads 5005abee Rename scalar_get_bits -> scalar_get_bits_limb32; return uint32_t 6247f485 Optimization: avoid unnecessary doublings in precomputation 15d0cca2 Optimization: first table lookup needs no point addition 7a33db35 Optimization: move (2^COMB_BITS-1)/2 term into ctx->scalar_offset ed2a056f Provide 3 configurations accessible through ./configure 5f7be9f6 Always generate tables for current (blocks,teeth) config fde1dfcd Signed-digit multi-comb ecmult_gen algorithm 486518b3 Make exhaustive tests's scalar_inverse(&x,&x) work ab45c3e0 Initial gej blinding -> final ge blinding aa00a6b8 Introduce CEIL_DIV macro and use it d8311688 Merge bitcoin-core/secp256k1#1515: ci: Note affected clangs in comment on ASLR quirk a85e2233 ci: Note affected clangs in comment on ASLR quirk 4b77fec6 Merge bitcoin-core/secp256k1#1512: msan: notate more variable assignments from assembly code f7f0184b msan: notate more variable assignments from assembly code a6133914 change inconsistent array param to pointer 05bfab69 Merge bitcoin-core/secp256k1#1507: ci: Add workaround for ASLR bug in sanitizers a5e8ab24 ci: Add sanitizer env variables to debug output 84a93de4 ci: Add workaround for ASLR bug in sanitizers 427e86b9 Merge bitcoin-core/secp256k1#1490: tests: improve fe_sqr test (issue #1472) 2028069d doc: clarify input requirements for secp256k1_fe_mul 11420a7a tests: improve fe_sqr test cdc9a625 Merge bitcoin-core/secp256k1#1489: tests: add missing fe comparison checks for inverse field test cases d926510c Merge bitcoin-core/secp256k1#1496: msan: notate variable assignments from assembly code 31ba4049 msan: notate variable assignments from assembly code e7ea32e3 msan: Add SECP256K1_CHECKMEM_MSAN_DEFINE which applies to memory sanitizer and not valgrind e7bdddd9 refactor: rename `check_fe_equal` -> `fe_equal` 00111c9c tests: add missing fe comparison checks for inverse field test cases 218f0cc9 ci: Add native macOS arm64 job 0653a25d Merge bitcoin-core/secp256k1#1486: ci: Update cache action 94a14d52 ci: Update cache action 24836272 Merge bitcoin-core/secp256k1#1483: cmake: Recommend native CMake commands in README 5ad3aa3d Merge bitcoin-core/secp256k1#1484: tests: Drop redundant _scalar_check_overflow calls 51df2d9a tests: Drop redundant _scalar_check_overflow calls 3777e3f3 cmake: Recommend native CMake commands in README git-subtree-dir: Vendor/secp256k1-zkp git-subtree-split: 42ae776d3b49f27f2a1edd5ec62c023e05b93607

1a53f496 Merge bitcoin-core/secp256k1#1808: Prepare for 0.7.1 20a209f1 release: prepare for 0.7.1 c4b6a81a changelog: update in preparation for the v0.7.1 release ebb35882 Merge bitcoin-core/secp256k1#1796: bench: fail early if user inputs invalid value for SECP256K1_BENCH_ITERS c09215f7 bench: fail early if user inputs invalid value for SECP256K1_BENCH_ITERS 471e3a13 Merge bitcoin-core/secp256k1#1800: sage: verify Eisenstein integer connection for GLV constants 29ac4d84 sage: verify Eisenstein integer connection for GLV constants 4721e077 Merge bitcoin-core/secp256k1#1793: doc/bench: added help text for SECP256K1_BENCH_ITERS env var for bench_ecmult bd5ced1f doc/bench: added help text for SECP256K1_BENCH_ITERS env var for bench_ecmult 2d9137ce Merge bitcoin-core/secp256k1#1764: group: Avoid using infinity field directly in other modules f9a944ff Merge bitcoin-core/secp256k1#1790: doc: include arg -DSECP256K1_USE_EXTERNAL_DEFAULT_CALLBACKS=ON for cmake 0406cfc4 doc: include arg -DUSE_EXTERNAL_DEFAULT_CALLBACKS=1 for cmake 8d445730 Merge bitcoin-core/secp256k1#1783: Add VERIFY_CHECKs and documentation that flags must be 0 or 1 aa2a39c1 Merge bitcoin-core/secp256k1#1778: doc/bench: Added cmake build options to bench error messages 540fec8a Merge bitcoin-core/secp256k1#1788: test: split monolithic ellswift test into independent cases d822b290 test: split monolithic ellswift test into independent cases ae00c552 Add VERIFY_CHECKs that flags are 0 or 1 5c751833 Merge bitcoin-core/secp256k1#1784: refactor: remove ret from secp256k1_ec_pubkey_serialize be5e4f02 Merge bitcoin-core/secp256k1#1779: Add ARG_CHECKs to ensure "array of pointers" elements are non-NULL 3daab83a refactor: remove ret from secp256k1_ec_pubkey_serialize 8bcda186 test: Add non-NULL checks for "pointer of array" API functions 5a08c1bc Add ARG_CHECKs to ensure "array of pointers" elements are non-NULL 3b5b03f3 doc/bench: Added cmake build options to bench error messages e7f7083b Merge bitcoin-core/secp256k1#1774: refactor: split up internal pubkey serialization function into compressed/uncompressed variants b6c2a3cd Merge bitcoin-core/secp256k1#1761: ecmult_multi: reduce strauss memory usage by 30% f5e815f4 remove secp256k1_eckey_pubkey_serialize function 0d3659c5 use new `_eckey_pubkey_serialize{33,65}` functions in modules (ellswift,musig) adb76f82 use new `_eckey_pubkey_serialize{33,65}` functions in public API fc7458ca introduce `secp256k1_eckey_pubkey_serialize{33,65}` functions c8206b1c Merge bitcoin-core/secp256k1#1771: ci: Use Python virtual environment in "x86_64-macos-native" job f252da7e ci: Use Python virtual environment in "x86_64-macos-native" job 115b135f Merge bitcoin-core/secp256k1#1763: bench: Use `ALIGNMENT` macro instead of hardcoded value 2f73e528 group: Avoid using infinity field directly in other modules 153eea20 bench: Use `ALIGNMENT` macro instead of hardcoded value 26166c4f ecmult_multi: reduce strauss memory usage by 30% 7a2fff85 Merge bitcoin-core/secp256k1#1758: ci: Drop workaround for Valgrind older than 3.20.0 43e7b115 Merge bitcoin-core/secp256k1#1759: ci: Switch to macOS 15 Sequoia Intel-based image 8bc50b72 ci: Switch to macOS 15 Sequoia Intel-based image c09519f0 ci: Drop workaround for Valgrind older than 3.20.0 d543c0d9 Merge bitcoin-core/secp256k1#1734: Introduce (mini) unit test framework f44c1ebd Merge bitcoin-core/secp256k1#1719: ci: DRY workflow using anchors a44a3393 Merge bitcoin-core/secp256k1#1750: ci: Use clang-snapshot in "MSan" job 15d01480 ci: Drop default for `inputs.command` in `run-in-docker-action` 1decc49a ci: Use YAML anchor and aliases for repeated "CI script" steps dff1bc10 ci, refactor: Generalize use of `matrix.configuration.env_vars` 4b644da1 ci: Use YAML anchor and aliases for repeated "Print logs" steps a889cd93 ci: Bump `actions/checkout` version 574c2f30 ci: Use YAML anchor and aliases for repeated "Checkout" steps 53585f93 ci: Use clang-snapshot in "MSan" job 6894c964 Fix Clang 21+ `-Wuninitialized-const-pointer` warning when using MSan 2b7337f6 Merge bitcoin-core/secp256k1#1756: ci: Fix image caching and apply other improvements f163c358 ci: Set `DEBIAN_FRONTEND=noninteractive` 70ae177c ci: Bump `docker/build-push-action` version b2a95a42 ci: Drop `tags` input for `docker/build-push-action` 122014ed ci: Add `scope` parameter to `cache-{to,from}` options 2f4546ce test: add --log option to display tests execution 95b9953e test: Add option to display all available tests 953f7b00 test: support running specific tests/modules targets 0302c1a3 test: add --help for command-line options 9ec3bfe2 test: adapt modules to the new test infrastructure 48789daf test: introduce (mini) unit test framework baa26542 Merge bitcoin-core/secp256k1#1727: docs: Clarify that callback can be called more than once 4d90585f docs: Improve API docs of _context_set_illegal_callback 895f53d1 docs: Clarify that callback can be called more than once de6af6ae Merge bitcoin-core/secp256k1#1748: bench: improve context creation in ECDH benchmark 58178851 Merge bitcoin-core/secp256k1#1749: build: Fix warnings in x86_64 assembly check ab560078 build: Fix warnings in x86_64 assembly check 10dab907 Merge bitcoin-core/secp256k1#1741: doc: clarify API doc of `secp256k1_ecdsa_recover` return value dfe284ed bench: improve context creation in ECDH benchmark 7321bdf2 doc: clarify API doc of `secp256k1_ecdsa_recover` return value b4756543 Merge bitcoin-core/secp256k1#1745: test: introduce group order byte-array constant for deduplication 9cce7038 refactor: move 'gettime_i64()' to tests_common.h 0c91c560 test: introduce group order byte-array constant for deduplication 88be4e8d Merge bitcoin-core/secp256k1#1735: musig: Invalidate secnonce in secp256k1_musig_partial_sign 36e76952 Merge bitcoin-core/secp256k1#1738: check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 399b582a Split memclear into two versions 4985ac0f Merge bitcoin-core/secp256k1#1737: doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 7ebaa134 check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 806de38b doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 03fb60ad Merge bitcoin-core/secp256k1#1681: doc: Recommend clang-cl when building on Windows d93380fb Merge bitcoin-core/secp256k1#1731: schnorrsig: Securely clear buf containing k or its negation 8113671f Merge bitcoin-core/secp256k1#1729: hash: Use size_t instead of int for RFC6979 outlen copy 325d65a8 Rename and clear var containing k or -k 960ba5f9 Use size_t instead of int for RFC6979 outlen copy 73791243 ci: Add more tests for clang-cl 7379a5be doc: Recommend clang-cl when building on Windows f36afb8b Merge bitcoin-core/secp256k1#1725: tests: refactor tagged hash verification 5153cf1c tests: refactor tagged hash tests d2dcf520 Merge bitcoin-core/secp256k1#1726: docs: fix broken link to Tromer's cache.pdf paper 489a43d1 docs: fix broken link to eprint cache.pdf paper d5997141 Merge bitcoin-core/secp256k1#1722: docs: Exclude modules' `bench_impl.h` headers from coverage report 0458def5 doc: Add `--gcov-ignore-parse-errors=all` option to `gcovr` invocations 1aecce59 doc: Add `--merge-mode-functions=separate` option to `gcovr` invocations 106a7cbf doc: Exclude modules' `bench_impl.h` headers from coverage report a9e955d3 autotools, docs: Adjust help string for `--enable-coverage` option e523e4f9 Merge bitcoin-core/secp256k1#1720: chore(ci): Fix typo in Dockerfile comment 24ba8ff1 chore(ci): Fix typo in Dockerfile comment 74b8068c Merge bitcoin-core/secp256k1#1717: test: update wycheproof test vectors c25c3c8a test: update wycheproof test vectors 20e3b447 Merge bitcoin-core/secp256k1#1688: cmake: Avoid contaminating parent project's cache with `BUILD_SHARED_LIBS` 2c076d90 Merge bitcoin-core/secp256k1#1711: tests: update Wycheproof 7b07b229 cmake: Avoid contaminating parent project's cache with BUILD_SHARED_LIBS 5433648c Fix typos and spellings 9ea54c69 tests: update Wycheproof files b9313c6e Merge bitcoin-core/secp256k1#1708: release cleanup: bump version after 0.7.0 7ab8b0cc release cleanup: bump version after 0.7.0 git-subtree-dir: Vendor/secp256k1 git-subtree-split: 1a53f4961f337b4d166c25fce72ef0dc88806618

42ae776d Merge BlockstreamResearch/secp256k1-zkp#327: Upstream PRs 1711, 1688, 1717, 1720, 1722, 1726, 1725, 1729, 1731, 1681, 1737, 1738 01b1b916 modules: Port bitcoin-core/secp256k1#1725 to zkp-specific code 38284aa0 Merge commits '2c076d90 20e3b447 74b8068c e523e4f9 d5997141 d2dcf520 f36afb8b 8113671f d93380fb 03fb60ad 4985ac0f 36e76952 ' into temp-merge-1738 a3733f33 Merge BlockstreamResearch/secp256k1-zkp#325: Upstream PRs 1685, 1692, 1687, 1689, 1694, 1699, 1704, 1696, 1705, 1702, 1706, 1707, 1708 9dcd857d Merge commits '29e73f4b 89096c23 c4987790 ad60ef7e 943479a7 cbbbf3bd 73a69595 7c338042 5e74086d 6037833c 020ee604 a660a497 b9313c6e ' into temp-merge-1708 64316eac Merge BlockstreamResearch/secp256k1-zkp#324: Upstream PRs 1662, 1669, 1492, 1670, 1668, 1673, 1675, 1680, 1679, 1690, 1683, 1678 cc4a92b5 Merge commits '70f149b9 13906b71 4187a466 bb597b3d 9fab4252 92394476 201b2b8f f24b838b 95db29b1 2a9d3747 a28c2ffa 746e36b1 ' into temp-merge-1678 6e071d18 Merge BlockstreamResearch/secp256k1-zkp#323: Upstream PRs 1642, 1639, 1614, 1656, 1647, 1655, 1593, 1359, 1657, 1660, 1659, 1661 4dda3122 ci: Use Python virtual environment in x86_64-macos-native job 795f19af ci: Switch to macOS 15 Sequoia Intel-based image 2f057a14 ci: Don't hardcode ABI version 17ad1960 schnorrsig_halfagg: Fix symbol visibility for internal function ec343f0b Port bitcoin-core/secp256k1#1642 to zkp-specific code 79953d07 Merge commits '1b1fc093 6c2a39da 31860823 abd25054 4ba1ba2a 03bbe8c6 13ed6f65 a7a51171 2abb35b0 e56716a3 3f54ed8c d84bb83e ' into temp-merge-1661 2d30d398 Merge BlockstreamResearch/secp256k1-zkp#322: Upstream PRs 1579, 1631, 1633, 1634, 1641, 1650, 1646, 1654 e3bddfa7 modules: Port bitcoin-core/secp256k1#1579 to zkp-specific code 913be29e Merge commits 'b161bffb 0cdc758a ec329c25 8deef00b f79f46c7 00774d07 2e3bf136 c0d9480f ' into temp-merge-1654 8aa05cb3 Merge BlockstreamResearch/secp256k1-zkp#320: Upstream PRs 1603, 1599, 1616, 1553, 1620, 1595, 1619, 1624, 1625, 1582, 1581, 1628 a8e6a3cc Port bitcoin-core/secp256k1#1628 to zkp public API 347d6adf Merge commits 'a88aa935 01b58933 18f9b967 e59158b6 1fae76f5 f0868a9b 68b55209 9b7c59cb 1464f15c 9a8db52f 7d48f5ed a38d879a ' into temp-merge-1628 7acd4a1f Merge BlockstreamResearch/secp256k1-zkp#319: Upstream PR 1479 8c7c24eb docs: simplify README description, fix musig docs 8d443b80 musig: Re-add adaptor signatures support 248358f2 Merge commit '3660fe5e' into temp-merge-1479 21c24fdc musig: Remove module in preparation for upstream merge 211323d6 Merge BlockstreamResearch/secp256k1-zkp#318: Upstream PRs 1574, 1576, 1575, 1577, 1578, 1583, 1586, 1600, 1604, 1554 551b5dd4 Merge commits 'fded437c cdf08c1a 642c885b f8c1b0e0 3fdf146b b3076144 19888550 2f2ccc46 472faaa8 4c57c7a5 ' into temp-merge-1554 4ae7cb4f Merge BlockstreamResearch/secp256k1-zkp#317: Upstream PRs 1529, 1548, 1545, 1550, 1546, 1543, 1535, 1555, 1565, 1564, 1563, 1551 d0dde4aa Merge commits '35c0fdc 5dd637f 69b2192 d7ae25c d403eea f473c95 4af241b a526937 fcc5d73 ca06e58 ea2d5f0 0055b86 ' into temp-merge-1551 84ca3b33 Merge BlockstreamResearch/secp256k1-zkp#316: Upstream PRs 1533 513e550e Merge commits '4392f0f7 ' into temp-merge-1533 0fb0eac9 Merge BlockstreamResearch/secp256k1-zkp#314: Upstream PRs 1522, 1523, 1525, 1524, 1526, 1528, 1517, 1532, 1488 91b2deab ci: Add zkp modules to arm64-macos-native job f5e9804e Merge remote-tracking branch 'zkp/master' into temp-merge-1488 e34dc812 Merge BlockstreamResearch/secp256k1-zkp#315: ci: Backport LLVM apt signature fix 040673bd ci, docker: Fix LLVM repository signature failure c946b097 Merge commits 'e3a885d4 d7f6613d 7d0bc087 7712a530 4155e62f 06bff6de 1791f6fc 4b8d5eea bedffd53 ' into temp-merge-1488 1cdc3e0f Merge BlockstreamResearch/secp256k1-zkp#311: sync-upstream: Extend git usage tips d176205d Merge BlockstreamResearch/secp256k1-zkp#313: Upstream PR 1518 ca68d088 Merge BlockstreamResearch/secp256k1-zkp#312: scalar: Add SECP256K1_SCALAR_VERIFY to zkp-specific function 2cb2e312 extrakeys: Migrate to bitcoin-core/secp256k1#1518 secp256k1_ec_pubkey_sort 3291b021 Merge commits 'bb528cf ' into temp-merge-1518 96a415b1 scalar: Port bitcoin-core/secp256k1#1393 to zkp-specific code 41cead8a sync-upstream: Extend git usage tips 36a7b874 Merge BlockstreamResearch/secp256k1-zkp#310: Upstream PRs 1058 9a57e3c6 Merge commits 'da515074 ' into temp-merge-1058 7e460db4 Merge BlockstreamResearch/secp256k1-zkp#307: Upstream PRs 1484, 1483, 1486, 1496, 1489, 1490, 1507, 1512, 1515 f9cf003d scalar: Port bitcoin-core/secp256k1#1512 to zkp-specific code 8c72644a Merge commits '5ad3aa3 2483627 0653a25 d926510 cdc9a62 427e86b 05bfab6 4b77fec d831168 ' into temp-merge-1515 797e2ed6 Merge BlockstreamResearch/secp256k1-zkp#306: sync-upstream: improve help text db8750de sync-upstream: improve help text 36e76952 Merge bitcoin-core/secp256k1#1738: check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 4985ac0f Merge bitcoin-core/secp256k1#1737: doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 7ebaa134 check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 806de38b doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 03fb60ad Merge bitcoin-core/secp256k1#1681: doc: Recommend clang-cl when building on Windows d93380fb Merge bitcoin-core/secp256k1#1731: schnorrsig: Securely clear buf containing k or its negation 8113671f Merge bitcoin-core/secp256k1#1729: hash: Use size_t instead of int for RFC6979 outlen copy 325d65a8 Rename and clear var containing k or -k 960ba5f9 Use size_t instead of int for RFC6979 outlen copy 73791243 ci: Add more tests for clang-cl 7379a5be doc: Recommend clang-cl when building on Windows f36afb8b Merge bitcoin-core/secp256k1#1725: tests: refactor tagged hash verification 5153cf1c tests: refactor tagged hash tests d2dcf520 Merge bitcoin-core/secp256k1#1726: docs: fix broken link to Tromer's cache.pdf paper 489a43d1 docs: fix broken link to eprint cache.pdf paper d5997141 Merge bitcoin-core/secp256k1#1722: docs: Exclude modules' `bench_impl.h` headers from coverage report 0458def5 doc: Add `--gcov-ignore-parse-errors=all` option to `gcovr` invocations 1aecce59 doc: Add `--merge-mode-functions=separate` option to `gcovr` invocations 106a7cbf doc: Exclude modules' `bench_impl.h` headers from coverage report a9e955d3 autotools, docs: Adjust help string for `--enable-coverage` option e523e4f9 Merge bitcoin-core/secp256k1#1720: chore(ci): Fix typo in Dockerfile comment 24ba8ff1 chore(ci): Fix typo in Dockerfile comment 74b8068c Merge bitcoin-core/secp256k1#1717: test: update wycheproof test vectors c25c3c8a test: update wycheproof test vectors 20e3b447 Merge bitcoin-core/secp256k1#1688: cmake: Avoid contaminating parent project's cache with `BUILD_SHARED_LIBS` 2c076d90 Merge bitcoin-core/secp256k1#1711: tests: update Wycheproof 7b07b229 cmake: Avoid contaminating parent project's cache with BUILD_SHARED_LIBS 5433648c Fix typos and spellings 9ea54c69 tests: update Wycheproof files b9313c6e Merge bitcoin-core/secp256k1#1708: release cleanup: bump version after 0.7.0 a660a497 Merge bitcoin-core/secp256k1#1707: release: Prepare for 0.7.0 7ab8b0cc release cleanup: bump version after 0.7.0 a3e742d9 release: Prepare for 0.7.0 f67b0ac1 ci: Don't hardcode ABI version 020ee604 Merge bitcoin-core/secp256k1#1706: musig/tests: initialize keypair cde41308 musig/tests: initialize keypair 6037833c Merge bitcoin-core/secp256k1#1702: changelog: update 40b4a065 changelog: update 5e74086d Merge bitcoin-core/secp256k1#1705: musig/test: Remove dead code 7c338042 Merge bitcoin-core/secp256k1#1696: build: Refactor visibility logic and add override 8d967a60 musig/test: Remove dead code 983711cd musig/tests: Refactor vectors_signverify 73a69595 Merge bitcoin-core/secp256k1#1704: cmake: Make `secp256k1_objs` inherit interface defines from `secp256k1` bf082221 cmake: Make `secp256k1_objs` inherit interface defines from `secp256k1` c82d84bb build: add CMake option for disabling symbol visibility attributes ce792387 build: Add SECP256K1_NO_API_VISIBILITY_ATTRIBUTES e5297f6d build: Refactor visibility logic cbbbf3bd Merge bitcoin-core/secp256k1#1699: ci: enable musig module for native macOS arm64 job 943479a7 Merge bitcoin-core/secp256k1#1694: Revert "cmake: configure libsecp256k1.pc during install" 3352f9d6 ci: enable musig module for native macOS arm64 job ad60ef7e Merge bitcoin-core/secp256k1#1689: ci: Convert `arm64` Cirrus tasks to GHA jobs c4987790 Merge bitcoin-core/secp256k1#1687: cmake: support the use of launchers in ctest -S scripts 44b205e9 Revert "cmake: configure libsecp256k1.pc during install" 0dfe387d cmake: support the use of launchers in ctest -S scripts 89096c23 Merge bitcoin-core/secp256k1#1692: cmake: configure libsecp256k1.pc during install 7106dce6 cmake: configure libsecp256k1.pc during install 29e73f4b Merge bitcoin-core/secp256k1#1685: cmake: Emulate Libtool's behavior on FreeBSD 746e36b1 Merge bitcoin-core/secp256k1#1678: cmake: add a helper for linking into static libs a28c2ffa Merge bitcoin-core/secp256k1#1683: README: add link to musig example 2a9d3747 Merge bitcoin-core/secp256k1#1690: ci: Bump GCC snapshot major version to 16 add146e1 ci: Bump GCC snapshot major version to 16 004f57fc ci: Move Valgrind build for `arm64` from Cirrus to GHA 5fafdfc3 ci: Move `gcc-snapshot` build for `arm64` from Cirrus to GHA e814b79a ci: Switch `arm64_debian` from QEMU to native `arm64` Docker image bcf77346 ci: Add `arm64` architecture to `docker_cache` job b77aae92 ci: Rename Docker image tag to reflect architecture 145ae3e2 cmake: add a helper for linking into static libs 81921097 README: add link to musig example, generalize module enabling hint 95db29b1 Merge bitcoin-core/secp256k1#1679: cmake: Use `PUBLIC_HEADER` target property in installation logic 37dd422b cmake: Emulate Libtool's behavior on FreeBSD f24b838b Merge bitcoin-core/secp256k1#1680: doc: Promote "Building with CMake" to standard procedure 3f31ac43 doc: Promote "Building with CMake" to standard procedure 6f67151e cmake: Use `PUBLIC_HEADER` target property c32715b2 cmake, move-only: Move module option processing to `src/CMakeLists.txt` 201b2b8f Merge bitcoin-core/secp256k1#1675: cmake: Bump minimum required CMake version to 3.22 3af71987 cmake: Bump minimum required CMake version to 3.22 92394476 Merge bitcoin-core/secp256k1#1673: Assert field magnitude at control-flow join 3a4f448c Assert field magnitude at control-flow join 9fab4252 Merge bitcoin-core/secp256k1#1668: bench_ecmult: add benchmark for ecmult_const_xonly 05445377 bench_ecmult: add benchmark for ecmult_const_xonly bb597b3d Merge bitcoin-core/secp256k1#1670: tests: update wycheproof files d73ed994 tests: update wycheproof files 4187a466 Merge bitcoin-core/secp256k1#1492: tests: Add Wycheproof ECDH vectors e266ba11 tests: Add Wycheproof ECDH vectors 13906b71 Merge bitcoin-core/secp256k1#1669: gitignore: Add Python cache files c1bcb032 gitignore: Add Python cache files 70f149b9 Merge bitcoin-core/secp256k1#1662: bench: add ellswift to bench help output 6b3fe51f bench: add ellswift to bench help output d84bb83e Merge bitcoin-core/secp256k1#1661: configure: Show exhaustive tests in summary 3f54ed8c Merge bitcoin-core/secp256k1#1659: include: remove WARN_UNUSED_RESULT for functions always returning 1 20b05c9d configure: Show exhaustive tests in summary e56716a3 Merge bitcoin-core/secp256k1#1660: ci: Fix exiting from ci.sh on error d87c3bc5 ci: Fix exiting from ci.sh on error 1b6e0815 include: remove WARN_UNUSED_RESULT for functions always returning 1 2abb35b0 Merge bitcoin-core/secp256k1#1657: tests: remove unused uncounting_illegal_callback_fn 51907fa9 tests: remove unused uncounting_illegal_callback_fn a7a51171 Merge bitcoin-core/secp256k1#1359: Fix symbol visibility issues, add test for it 13ed6f65 Merge bitcoin-core/secp256k1#1593: Remove deprecated `_ec_privkey_{negate,tweak_add,tweak_mul}` aliases from API d1478763 build: Drop no longer needed `-fvisibility=hidden` compiler option 8ed1d83d ci: Run `tools/symbol-check.py` 41d32ab2 test: Add `tools/symbol-check.py` 88548058 Introduce `SECP256K1_LOCAL_VAR` macro 03bbe8c6 Merge bitcoin-core/secp256k1#1655: gha: Print all *.log files, in a separate action 59860bcc gha: Print all *.log files, in a separate action 4ba1ba2a Merge bitcoin-core/secp256k1#1647: cmake: Adjust diagnostic flags for `clang-cl` abd25054 Merge bitcoin-core/secp256k1#1656: musig: Fix clearing of pubnonces 961ec25a musig: Fix clearing of pubnonces 31860823 Merge bitcoin-core/secp256k1#1614: Add _ge_set_all_gej and use it in musig for own public nonces 6c2a39da Merge bitcoin-core/secp256k1#1639: Make static context const 37d2c60b Remove deprecated _ec_privkey_{negate,tweak_add,tweak_mul} aliases 432ac577 Make static context const 1b1fc093 Merge bitcoin-core/secp256k1#1642: Verify `compressed` argument in `secp256k1_eckey_pubkey_serialize` c0d9480f Merge bitcoin-core/secp256k1#1654: use `EXIT_` constants over magic numbers for indicating program execution status 13d38962 CONTRIBUTING: mention that `EXIT_` codes should be used c8555817 test, bench, precompute_ecmult: use `EXIT_...` constants for `main` return values 965393fc examples: use `EXIT_...` constants for `main` return values 2e3bf136 Merge bitcoin-core/secp256k1#1646: README: add instructions for verifying GPG signatures b682dbcf README: add instructions for verifying GPG signatures 00774d07 Merge bitcoin-core/secp256k1#1650: schnorrsig: clear out masked secret key in BIP-340 nonce function a82287fb schnorrsig: clear out masked secret key in BIP-340 nonce function 4c50d73d ci: Add new "Windows (clang-cl)" job 84c0bd1f cmake: Adjust diagnostic flags for clang-cl f79f46c7 Merge bitcoin-core/secp256k1#1641: doc: Improve cmake instructions in README 2ac9f558 doc: Improve cmake instructions in README 18235947 Verify `compressed` argument in `secp256k1_eckey_pubkey_serialize` 8deef00b Merge bitcoin-core/secp256k1#1634: Fix some misspellings 39705450 Fix some misspellings ec329c25 Merge bitcoin-core/secp256k1#1633: release cleanup: bump version after 0.6.0 c97059f5 release cleanup: bump version after 0.6.0 0cdc758a Merge bitcoin-core/secp256k1#1631: release: prepare for 0.6.0 39d5dfd5 release: prepare for 0.6.0 df2eceb2 build: add ellswift.md and musig.md to release tarball a306bb7e tools: fix check-abi.sh after cmake out locations were changed 145868a8 Do not export `secp256k1_musig_nonce_gen_internal` b161bffb Merge bitcoin-core/secp256k1#1579: Clear sensitive memory without getting optimized out (revival of #636) 64228a64 musig: Use _ge_set_all_gej for own public nonces 300aab1c tests: Improve _ge_set_all_gej(_var) tests 365f274c group: Simplify secp256k1_ge_set_all_gej d3082dde group: Add constant-time secp256k1_ge_set_all_gej a38d879a Merge bitcoin-core/secp256k1#1628: Name public API structs 7d48f5ed Merge bitcoin-core/secp256k1#1581: test, ci: Lower default iteration count to 16 694342fd Name public API structs 0f73caf7 test, ci: Lower default iteration count to 16 9a8db52f Merge bitcoin-core/secp256k1#1582: cmake, test: Add `secp256k1_` prefix to test names 765ef533 Clear _gej instances after point multiplication to avoid potential leaks 349e6ab9 Introduce separate _clear functions for hash module 99cc9fd6 Don't rely on memset to set signed integers to 0 97c57f42 Implement various _clear() functions with secp256k1_memclear() 9bb368d1 Use secp256k1_memclear() to clear stack memory instead of memset() e3497bbf Separate between clearing memory and setting to zero in tests d79a6ccd Separate secp256k1_fe_set_int( . , 0 ) from secp256k1_fe_clear() 1c081262 Add secp256k1_memclear() for clearing secret data 1464f15c Merge bitcoin-core/secp256k1#1625: util: Remove unused (u)int64_t formatting macros 980c08df util: Remove unused (u)int64_t formatting macros 9b7c59cb Merge bitcoin-core/secp256k1#1624: ci: Update macOS image 096e3e23 ci: Update macOS image e7d38448 Don't clear secrets in pippenger implementation 68b55209 Merge bitcoin-core/secp256k1#1619: musig: ctimetests: fix _declassify range for generated nonce points f0868a9b Merge bitcoin-core/secp256k1#1595: build: 45839th attempt to fix symbol visibility on Windows 1fae76f5 Merge bitcoin-core/secp256k1#1620: Remove unused scratch space from API 8be3839f Remove unused scratch space from API 57eda3ba musig: ctimetests: fix _declassify range for generated nonce points 87384f5c cmake, test: Add `secp256k1_` prefix to test names e59158b6 Merge bitcoin-core/secp256k1#1553: cmake: Set top-level target output locations 18f9b967 Merge bitcoin-core/secp256k1#1616: examples: do not retry generating seckey randomness in musig 5bab8f6d examples: make key generation doc consistent e8908221 examples: do not retry generating seckey randomness in musig 70b6be18 extrakeys: improve doc of keypair_create (don't suggest retry) 01b58933 Merge bitcoin-core/secp256k1#1599: #1570 improve examples: remove key generation loop cd4f84f3 Improve examples/documentation: remove key generation loops a88aa935 Merge bitcoin-core/secp256k1#1603: f can never equal -m 3660fe5e Merge bitcoin-core/secp256k1#1479: Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 168c9201 build: allow enabling the musig module in cmake f411841a Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 0be79660 util: add constant-time is_zero_array function c8fbdb1b group: add ge_to_bytes_ext and ge_from_bytes_ext ef7ff034 f can never equal -m c232486d Revert "cmake: Set `ENVIRONMENT` property for examples on Windows" 26e4a7c2 cmake: Set top-level target output locations 4c57c7a5 Merge bitcoin-core/secp256k1#1554: cmake: Clean up testing code 447334cb include: Avoid visibility("default") on Windows 472faaa8 Merge bitcoin-core/secp256k1#1604: doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 292310fb doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 2f2ccc46 Merge bitcoin-core/secp256k1#1600: cmake: Introduce `SECP256K1_APPEND_LDFLAGS` variable 421ed1b4 cmake: Introduce `SECP256K1_APPEND_LDFLAGS` variable 85e224dd group: add ge_to_bytes and ge_from_bytes 19888550 Merge bitcoin-core/secp256k1#1586: fix: remove duplicate 'the' from header file comment b3076144 Merge bitcoin-core/secp256k1#1583: ci: Bump GCC_SNAPSHOT_MAJOR to 15 fa67b675 refactor: Use array initialization for unterminated strings 9b0f37bf fix: remove duplicate 'the' from header file comment e34b4767 ci: Bump GCC_SNAPSHOT_MAJOR to 15 3fdf146b Merge bitcoin-core/secp256k1#1578: ci: Silent Homebrew's noisy reinstall warnings f8c1b0e0 Merge bitcoin-core/secp256k1#1577: release cleanup: bump version after 0.5.1 7057d3c9 ci: Silent Homebrew's noisy reinstall warnings c3e40d75 release cleanup: bump version after 0.5.1 642c885b Merge bitcoin-core/secp256k1#1575: release: prepare for 0.5.1 cdf08c1a Merge bitcoin-core/secp256k1#1576: doc: mention `needs-changelog` github label in release process 40d87b8e release: prepare for 0.5.1 57702261 changelog: clarify CMake option 759bd4bb doc: mention `needs-changelog` github label in release process fded437c Merge bitcoin-core/secp256k1#1574: Fix compilation when extrakeys module isn't enabled 763d938c ci: only enable extrakeys module when schnorrsig is enabled af551ab9 tests: do not use functions from extrakeys module 0055b867 Merge bitcoin-core/secp256k1#1551: Add ellswift usage example ea2d5f0f Merge bitcoin-core/secp256k1#1563: doc: Add convention for defaults ca06e58b Merge bitcoin-core/secp256k1#1564: build, ci: Adjust the default size of the precomputed table for signing e2af4912 ci: Switch to the new default value of the precomputed table for signing d94a9273 build: Adjust the default size of the precomputed table for signing fcc5d738 Merge bitcoin-core/secp256k1#1565: cmake: Bump CMake minimum required version up to 3.16 9420eece cmake: Bump CMake minimum required version up to 3.16 16685649 doc: Add convention for defaults a5269373 Merge bitcoin-core/secp256k1#1555: Fixed O3 replacement b8fe3333 cmake: Fixed O3 replacement 7c987ec8 cmake: Call `enable_testing()` unconditionally 6aa57651 cmake: Delete `CTest` module 31f84595 Add ellswift usage example fe4fbaa7 examples: fix case typos in secret clearing paragraphs (s/, Or/, or/) 4af241b3 Merge bitcoin-core/secp256k1#1535: build: Replace hardcoded "auto" value with default one f473c959 Merge bitcoin-core/secp256k1#1543: cmake: Do not modify build types when integrating by downstream project d403eea4 Merge bitcoin-core/secp256k1#1546: cmake: Rename `SECP256K1_LATE_CFLAGS` and switch to Bitcoin Core's approach d7ae25ce Merge bitcoin-core/secp256k1#1550: fix: typos in secp256k1.c 0e2fadb2 fix: typos in secp256k1.c 69b2192a Merge bitcoin-core/secp256k1#1545: cmake: Do not set `CTEST_TEST_TARGET_ALIAS` 5dd637f3 Merge bitcoin-core/secp256k1#1548: README: mention ellswift module 7454a537 README: mention ellswift module 4706be2c cmake: Reimplement `SECP256K1_APPEND_CFLAGS` using Bitcoin Core approach c2764dbb cmake: Rename `SECP256K1_LATE_CFLAGS` to `SECP256K1_APPEND_CFLAGS` f87a3589 cmake: Do not set `CTEST_TEST_TARGET_ALIAS` 158f9e5e cmake: Do not modify build types when integrating by downstream project 35c0fdc8 Merge bitcoin-core/secp256k1#1529: cmake: Fix cache issue when integrating by downstream project 4392f0f7 Merge bitcoin-core/secp256k1#1533: tests: refactor: tidy up util functions (#1491) bedffd53 Merge bitcoin-core/secp256k1#1488: ci: Add native macOS arm64 job 4b8d5eea Merge bitcoin-core/secp256k1#1532: cmake: Disable eager MSan in ctime_tests f55703ba autotools: Delete unneeded compiler test 396e8858 autotools: Align MSan checking code with CMake's implementation abde59f5 cmake: Report more compiler details in summary 7abf979a cmake: Disable `ctime_tests` if build with `-fsanitize=memory` 4d9645be cmake: Remove "AUTO" value of `SECP256K1_ECMULT_GEN_KB` option a06805ee cmake: Remove "AUTO" value of `SECP256K1_ECMULT_WINDOW_SIZE` option 1791f6fc Merge bitcoin-core/secp256k1#1517: autotools: Disable eager MSan in ctime_tests 26b94ee9 autotools: Remove "auto" value of `--with-ecmult-gen-kb` option 122dbaeb autotools: Remove "auto" value of `--with-ecmult-window` option e73f6f8f tests: refactor: drop `secp256k1_` prefix from testrand.h functions 0ee7453a tests: refactor: add `testutil_` prefix to testutil.h functions 0c6bc76d tests: refactor: move `random_` helpers from tests.c to testutil.h 0fef8479 tests: refactor: rename `random_field_element_magnitude` -> `random_fe_magnitude` 59db007f tests: refactor: rename `random_group_element_...` -> `random_ge_...` ebfb82ee ci: Add job with -fsanitize-memory-param-retval e1bef096 configure: Move "experimental" warning to bottom 55e5d975 autotools: Disable eager MSan in ctime_tests 06bff6de Merge bitcoin-core/secp256k1#1528: tests: call `secp256k1_ecmult_multi_var` with a non-`NULL` error callback ec4c002f cmake: Simplify `PROJECT_IS_TOP_LEVEL` emulation cae9a7ad cmake: Do not set emulated PROJECT_IS_TOP_LEVEL as cache variable 4155e62f Merge bitcoin-core/secp256k1#1526: cmake: Fix `check_arm32_assembly` when using as subproject 9554362b tests: call secp256k1_ecmult_multi_var with a non-NULL error callback 9f4c8cd7 cmake: Fix `check_arm32_assembly` when using as subproject 7712a530 Merge bitcoin-core/secp256k1#1524: check-abi: explicitly provide public headers 7d0bc087 Merge bitcoin-core/secp256k1#1525: changelog: Correct 0.5.0 release date d45d9b74 changelog: Correct 0.5.0 release date d7f6613d Merge bitcoin-core/secp256k1#1523: release cleanup: bump version after 0.5.0 2f05e2da release cleanup: bump version after 0.5.0 e3a885d4 Merge bitcoin-core/secp256k1#1522: release: prepare for 0.5.0 dd695563 check-abi: explicitly provide public headers c0e4ec3f release: prepare for 0.5.0 bb528cfb Merge bitcoin-core/secp256k1#1518: Add secp256k1_pubkey_sort 7d2591ce Add secp256k1_pubkey_sort da515074 Merge bitcoin-core/secp256k1#1058: Signed-digit multi-comb ecmult_gen algorithm 4c341f89 Add changelog entry for SDMC a0439402 Permit COMB_BITS < 256 for exhaustive tests 39b2f2a3 Add test case for ecmult_gen recoded = {-1,0,1} 644e86de Reintroduce projective blinding 07810d9a Reduce side channels from single-bit reads a0d32b59 Optimization: use Nx32 representation for recoded bits e03dcc44 Make secp256k1_scalar_get_bits support 32-bit reads 5005abee Rename scalar_get_bits -> scalar_get_bits_limb32; return uint32_t 6247f485 Optimization: avoid unnecessary doublings in precomputation 15d0cca2 Optimization: first table lookup needs no point addition 7a33db35 Optimization: move (2^COMB_BITS-1)/2 term into ctx->scalar_offset ed2a056f Provide 3 configurations accessible through ./configure 5f7be9f6 Always generate tables for current (blocks,teeth) config fde1dfcd Signed-digit multi-comb ecmult_gen algorithm 486518b3 Make exhaustive tests's scalar_inverse(&x,&x) work ab45c3e0 Initial gej blinding -> final ge blinding aa00a6b8 Introduce CEIL_DIV macro and use it d8311688 Merge bitcoin-core/secp256k1#1515: ci: Note affected clangs in comment on ASLR quirk a85e2233 ci: Note affected clangs in comment on ASLR quirk 4b77fec6 Merge bitcoin-core/secp256k1#1512: msan: notate more variable assignments from assembly code f7f0184b msan: notate more variable assignments from assembly code a6133914 change inconsistent array param to pointer 05bfab69 Merge bitcoin-core/secp256k1#1507: ci: Add workaround for ASLR bug in sanitizers a5e8ab24 ci: Add sanitizer env variables to debug output 84a93de4 ci: Add workaround for ASLR bug in sanitizers 427e86b9 Merge bitcoin-core/secp256k1#1490: tests: improve fe_sqr test (issue #1472) 2028069d doc: clarify input requirements for secp256k1_fe_mul 11420a7a tests: improve fe_sqr test cdc9a625 Merge bitcoin-core/secp256k1#1489: tests: add missing fe comparison checks for inverse field test cases d926510c Merge bitcoin-core/secp256k1#1496: msan: notate variable assignments from assembly code 31ba4049 msan: notate variable assignments from assembly code e7ea32e3 msan: Add SECP256K1_CHECKMEM_MSAN_DEFINE which applies to memory sanitizer and not valgrind e7bdddd9 refactor: rename `check_fe_equal` -> `fe_equal` 00111c9c tests: add missing fe comparison checks for inverse field test cases 218f0cc9 ci: Add native macOS arm64 job 0653a25d Merge bitcoin-core/secp256k1#1486: ci: Update cache action 94a14d52 ci: Update cache action 24836272 Merge bitcoin-core/secp256k1#1483: cmake: Recommend native CMake commands in README 5ad3aa3d Merge bitcoin-core/secp256k1#1484: tests: Drop redundant _scalar_check_overflow calls 51df2d9a tests: Drop redundant _scalar_check_overflow calls 3777e3f3 cmake: Recommend native CMake commands in README git-subtree-dir: Vendor/secp256k1-zkp git-subtree-split: 42ae776d3b49f27f2a1edd5ec62c023e05b93607

1a53f496 Merge bitcoin-core/secp256k1#1808: Prepare for 0.7.1 20a209f1 release: prepare for 0.7.1 c4b6a81a changelog: update in preparation for the v0.7.1 release ebb35882 Merge bitcoin-core/secp256k1#1796: bench: fail early if user inputs invalid value for SECP256K1_BENCH_ITERS c09215f7 bench: fail early if user inputs invalid value for SECP256K1_BENCH_ITERS 471e3a13 Merge bitcoin-core/secp256k1#1800: sage: verify Eisenstein integer connection for GLV constants 29ac4d84 sage: verify Eisenstein integer connection for GLV constants 4721e077 Merge bitcoin-core/secp256k1#1793: doc/bench: added help text for SECP256K1_BENCH_ITERS env var for bench_ecmult bd5ced1f doc/bench: added help text for SECP256K1_BENCH_ITERS env var for bench_ecmult 2d9137ce Merge bitcoin-core/secp256k1#1764: group: Avoid using infinity field directly in other modules f9a944ff Merge bitcoin-core/secp256k1#1790: doc: include arg -DSECP256K1_USE_EXTERNAL_DEFAULT_CALLBACKS=ON for cmake 0406cfc4 doc: include arg -DUSE_EXTERNAL_DEFAULT_CALLBACKS=1 for cmake 8d445730 Merge bitcoin-core/secp256k1#1783: Add VERIFY_CHECKs and documentation that flags must be 0 or 1 aa2a39c1 Merge bitcoin-core/secp256k1#1778: doc/bench: Added cmake build options to bench error messages 540fec8a Merge bitcoin-core/secp256k1#1788: test: split monolithic ellswift test into independent cases d822b290 test: split monolithic ellswift test into independent cases ae00c552 Add VERIFY_CHECKs that flags are 0 or 1 5c751833 Merge bitcoin-core/secp256k1#1784: refactor: remove ret from secp256k1_ec_pubkey_serialize be5e4f02 Merge bitcoin-core/secp256k1#1779: Add ARG_CHECKs to ensure "array of pointers" elements are non-NULL 3daab83a refactor: remove ret from secp256k1_ec_pubkey_serialize 8bcda186 test: Add non-NULL checks for "pointer of array" API functions 5a08c1bc Add ARG_CHECKs to ensure "array of pointers" elements are non-NULL 3b5b03f3 doc/bench: Added cmake build options to bench error messages e7f7083b Merge bitcoin-core/secp256k1#1774: refactor: split up internal pubkey serialization function into compressed/uncompressed variants b6c2a3cd Merge bitcoin-core/secp256k1#1761: ecmult_multi: reduce strauss memory usage by 30% f5e815f4 remove secp256k1_eckey_pubkey_serialize function 0d3659c5 use new `_eckey_pubkey_serialize{33,65}` functions in modules (ellswift,musig) adb76f82 use new `_eckey_pubkey_serialize{33,65}` functions in public API fc7458ca introduce `secp256k1_eckey_pubkey_serialize{33,65}` functions c8206b1c Merge bitcoin-core/secp256k1#1771: ci: Use Python virtual environment in "x86_64-macos-native" job f252da7e ci: Use Python virtual environment in "x86_64-macos-native" job 115b135f Merge bitcoin-core/secp256k1#1763: bench: Use `ALIGNMENT` macro instead of hardcoded value 2f73e528 group: Avoid using infinity field directly in other modules 153eea20 bench: Use `ALIGNMENT` macro instead of hardcoded value 26166c4f ecmult_multi: reduce strauss memory usage by 30% 7a2fff85 Merge bitcoin-core/secp256k1#1758: ci: Drop workaround for Valgrind older than 3.20.0 43e7b115 Merge bitcoin-core/secp256k1#1759: ci: Switch to macOS 15 Sequoia Intel-based image 8bc50b72 ci: Switch to macOS 15 Sequoia Intel-based image c09519f0 ci: Drop workaround for Valgrind older than 3.20.0 d543c0d9 Merge bitcoin-core/secp256k1#1734: Introduce (mini) unit test framework f44c1ebd Merge bitcoin-core/secp256k1#1719: ci: DRY workflow using anchors a44a3393 Merge bitcoin-core/secp256k1#1750: ci: Use clang-snapshot in "MSan" job 15d01480 ci: Drop default for `inputs.command` in `run-in-docker-action` 1decc49a ci: Use YAML anchor and aliases for repeated "CI script" steps dff1bc10 ci, refactor: Generalize use of `matrix.configuration.env_vars` 4b644da1 ci: Use YAML anchor and aliases for repeated "Print logs" steps a889cd93 ci: Bump `actions/checkout` version 574c2f30 ci: Use YAML anchor and aliases for repeated "Checkout" steps 53585f93 ci: Use clang-snapshot in "MSan" job 6894c964 Fix Clang 21+ `-Wuninitialized-const-pointer` warning when using MSan 2b7337f6 Merge bitcoin-core/secp256k1#1756: ci: Fix image caching and apply other improvements f163c358 ci: Set `DEBIAN_FRONTEND=noninteractive` 70ae177c ci: Bump `docker/build-push-action` version b2a95a42 ci: Drop `tags` input for `docker/build-push-action` 122014ed ci: Add `scope` parameter to `cache-{to,from}` options 2f4546ce test: add --log option to display tests execution 95b9953e test: Add option to display all available tests 953f7b00 test: support running specific tests/modules targets 0302c1a3 test: add --help for command-line options 9ec3bfe2 test: adapt modules to the new test infrastructure 48789daf test: introduce (mini) unit test framework baa26542 Merge bitcoin-core/secp256k1#1727: docs: Clarify that callback can be called more than once 4d90585f docs: Improve API docs of _context_set_illegal_callback 895f53d1 docs: Clarify that callback can be called more than once de6af6ae Merge bitcoin-core/secp256k1#1748: bench: improve context creation in ECDH benchmark 58178851 Merge bitcoin-core/secp256k1#1749: build: Fix warnings in x86_64 assembly check ab560078 build: Fix warnings in x86_64 assembly check 10dab907 Merge bitcoin-core/secp256k1#1741: doc: clarify API doc of `secp256k1_ecdsa_recover` return value dfe284ed bench: improve context creation in ECDH benchmark 7321bdf2 doc: clarify API doc of `secp256k1_ecdsa_recover` return value b4756543 Merge bitcoin-core/secp256k1#1745: test: introduce group order byte-array constant for deduplication 9cce7038 refactor: move 'gettime_i64()' to tests_common.h 0c91c560 test: introduce group order byte-array constant for deduplication 88be4e8d Merge bitcoin-core/secp256k1#1735: musig: Invalidate secnonce in secp256k1_musig_partial_sign 36e76952 Merge bitcoin-core/secp256k1#1738: check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 399b582a Split memclear into two versions 4985ac0f Merge bitcoin-core/secp256k1#1737: doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 7ebaa134 check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 806de38b doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 03fb60ad Merge bitcoin-core/secp256k1#1681: doc: Recommend clang-cl when building on Windows d93380fb Merge bitcoin-core/secp256k1#1731: schnorrsig: Securely clear buf containing k or its negation 8113671f Merge bitcoin-core/secp256k1#1729: hash: Use size_t instead of int for RFC6979 outlen copy 325d65a8 Rename and clear var containing k or -k 960ba5f9 Use size_t instead of int for RFC6979 outlen copy 73791243 ci: Add more tests for clang-cl 7379a5be doc: Recommend clang-cl when building on Windows f36afb8b Merge bitcoin-core/secp256k1#1725: tests: refactor tagged hash verification 5153cf1c tests: refactor tagged hash tests d2dcf520 Merge bitcoin-core/secp256k1#1726: docs: fix broken link to Tromer's cache.pdf paper 489a43d1 docs: fix broken link to eprint cache.pdf paper d5997141 Merge bitcoin-core/secp256k1#1722: docs: Exclude modules' `bench_impl.h` headers from coverage report 0458def5 doc: Add `--gcov-ignore-parse-errors=all` option to `gcovr` invocations 1aecce59 doc: Add `--merge-mode-functions=separate` option to `gcovr` invocations 106a7cbf doc: Exclude modules' `bench_impl.h` headers from coverage report a9e955d3 autotools, docs: Adjust help string for `--enable-coverage` option e523e4f9 Merge bitcoin-core/secp256k1#1720: chore(ci): Fix typo in Dockerfile comment 24ba8ff1 chore(ci): Fix typo in Dockerfile comment 74b8068c Merge bitcoin-core/secp256k1#1717: test: update wycheproof test vectors c25c3c8a test: update wycheproof test vectors 20e3b447 Merge bitcoin-core/secp256k1#1688: cmake: Avoid contaminating parent project's cache with `BUILD_SHARED_LIBS` 2c076d90 Merge bitcoin-core/secp256k1#1711: tests: update Wycheproof 7b07b229 cmake: Avoid contaminating parent project's cache with BUILD_SHARED_LIBS 5433648c Fix typos and spellings 9ea54c69 tests: update Wycheproof files b9313c6e Merge bitcoin-core/secp256k1#1708: release cleanup: bump version after 0.7.0 7ab8b0cc release cleanup: bump version after 0.7.0 git-subtree-dir: Vendor/secp256k1 git-subtree-split: 1a53f4961f337b4d166c25fce72ef0dc88806618

42ae776d Merge BlockstreamResearch/secp256k1-zkp#327: Upstream PRs 1711, 1688, 1717, 1720, 1722, 1726, 1725, 1729, 1731, 1681, 1737, 1738 01b1b916 modules: Port bitcoin-core/secp256k1#1725 to zkp-specific code 38284aa0 Merge commits '2c076d90 20e3b447 74b8068c e523e4f9 d5997141 d2dcf520 f36afb8b 8113671f d93380fb 03fb60ad 4985ac0f 36e76952 ' into temp-merge-1738 a3733f33 Merge BlockstreamResearch/secp256k1-zkp#325: Upstream PRs 1685, 1692, 1687, 1689, 1694, 1699, 1704, 1696, 1705, 1702, 1706, 1707, 1708 9dcd857d Merge commits '29e73f4b 89096c23 c4987790 ad60ef7e 943479a7 cbbbf3bd 73a69595 7c338042 5e74086d 6037833c 020ee604 a660a497 b9313c6e ' into temp-merge-1708 64316eac Merge BlockstreamResearch/secp256k1-zkp#324: Upstream PRs 1662, 1669, 1492, 1670, 1668, 1673, 1675, 1680, 1679, 1690, 1683, 1678 cc4a92b5 Merge commits '70f149b9 13906b71 4187a466 bb597b3d 9fab4252 92394476 201b2b8f f24b838b 95db29b1 2a9d3747 a28c2ffa 746e36b1 ' into temp-merge-1678 6e071d18 Merge BlockstreamResearch/secp256k1-zkp#323: Upstream PRs 1642, 1639, 1614, 1656, 1647, 1655, 1593, 1359, 1657, 1660, 1659, 1661 4dda3122 ci: Use Python virtual environment in x86_64-macos-native job 795f19af ci: Switch to macOS 15 Sequoia Intel-based image 2f057a14 ci: Don't hardcode ABI version 17ad1960 schnorrsig_halfagg: Fix symbol visibility for internal function ec343f0b Port bitcoin-core/secp256k1#1642 to zkp-specific code 79953d07 Merge commits '1b1fc093 6c2a39da 31860823 abd25054 4ba1ba2a 03bbe8c6 13ed6f65 a7a51171 2abb35b0 e56716a3 3f54ed8c d84bb83e ' into temp-merge-1661 2d30d398 Merge BlockstreamResearch/secp256k1-zkp#322: Upstream PRs 1579, 1631, 1633, 1634, 1641, 1650, 1646, 1654 e3bddfa7 modules: Port bitcoin-core/secp256k1#1579 to zkp-specific code 913be29e Merge commits 'b161bffb 0cdc758a ec329c25 8deef00b f79f46c7 00774d07 2e3bf136 c0d9480f ' into temp-merge-1654 8aa05cb3 Merge BlockstreamResearch/secp256k1-zkp#320: Upstream PRs 1603, 1599, 1616, 1553, 1620, 1595, 1619, 1624, 1625, 1582, 1581, 1628 a8e6a3cc Port bitcoin-core/secp256k1#1628 to zkp public API 347d6adf Merge commits 'a88aa935 01b58933 18f9b967 e59158b6 1fae76f5 f0868a9b 68b55209 9b7c59cb 1464f15c 9a8db52f 7d48f5ed a38d879a ' into temp-merge-1628 7acd4a1f Merge BlockstreamResearch/secp256k1-zkp#319: Upstream PR 1479 8c7c24eb docs: simplify README description, fix musig docs 8d443b80 musig: Re-add adaptor signatures support 248358f2 Merge commit '3660fe5e' into temp-merge-1479 21c24fdc musig: Remove module in preparation for upstream merge 211323d6 Merge BlockstreamResearch/secp256k1-zkp#318: Upstream PRs 1574, 1576, 1575, 1577, 1578, 1583, 1586, 1600, 1604, 1554 551b5dd4 Merge commits 'fded437c cdf08c1a 642c885b f8c1b0e0 3fdf146b b3076144 19888550 2f2ccc46 472faaa8 4c57c7a5 ' into temp-merge-1554 4ae7cb4f Merge BlockstreamResearch/secp256k1-zkp#317: Upstream PRs 1529, 1548, 1545, 1550, 1546, 1543, 1535, 1555, 1565, 1564, 1563, 1551 d0dde4aa Merge commits '35c0fdc 5dd637f 69b2192 d7ae25c d403eea f473c95 4af241b a526937 fcc5d73 ca06e58 ea2d5f0 0055b86 ' into temp-merge-1551 84ca3b33 Merge BlockstreamResearch/secp256k1-zkp#316: Upstream PRs 1533 513e550e Merge commits '4392f0f7 ' into temp-merge-1533 0fb0eac9 Merge BlockstreamResearch/secp256k1-zkp#314: Upstream PRs 1522, 1523, 1525, 1524, 1526, 1528, 1517, 1532, 1488 91b2deab ci: Add zkp modules to arm64-macos-native job f5e9804e Merge remote-tracking branch 'zkp/master' into temp-merge-1488 e34dc812 Merge BlockstreamResearch/secp256k1-zkp#315: ci: Backport LLVM apt signature fix 040673bd ci, docker: Fix LLVM repository signature failure c946b097 Merge commits 'e3a885d4 d7f6613d 7d0bc087 7712a530 4155e62f 06bff6de 1791f6fc 4b8d5eea bedffd53 ' into temp-merge-1488 1cdc3e0f Merge BlockstreamResearch/secp256k1-zkp#311: sync-upstream: Extend git usage tips d176205d Merge BlockstreamResearch/secp256k1-zkp#313: Upstream PR 1518 ca68d088 Merge BlockstreamResearch/secp256k1-zkp#312: scalar: Add SECP256K1_SCALAR_VERIFY to zkp-specific function 2cb2e312 extrakeys: Migrate to bitcoin-core/secp256k1#1518 secp256k1_ec_pubkey_sort 3291b021 Merge commits 'bb528cf ' into temp-merge-1518 96a415b1 scalar: Port bitcoin-core/secp256k1#1393 to zkp-specific code 41cead8a sync-upstream: Extend git usage tips 36a7b874 Merge BlockstreamResearch/secp256k1-zkp#310: Upstream PRs 1058 9a57e3c6 Merge commits 'da515074 ' into temp-merge-1058 7e460db4 Merge BlockstreamResearch/secp256k1-zkp#307: Upstream PRs 1484, 1483, 1486, 1496, 1489, 1490, 1507, 1512, 1515 f9cf003d scalar: Port bitcoin-core/secp256k1#1512 to zkp-specific code 8c72644a Merge commits '5ad3aa3 2483627 0653a25 d926510 cdc9a62 427e86b 05bfab6 4b77fec d831168 ' into temp-merge-1515 797e2ed6 Merge BlockstreamResearch/secp256k1-zkp#306: sync-upstream: improve help text db8750de sync-upstream: improve help text 36e76952 Merge bitcoin-core/secp256k1#1738: check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 4985ac0f Merge bitcoin-core/secp256k1#1737: doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 7ebaa134 check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 806de38b doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 03fb60ad Merge bitcoin-core/secp256k1#1681: doc: Recommend clang-cl when building on Windows d93380fb Merge bitcoin-core/secp256k1#1731: schnorrsig: Securely clear buf containing k or its negation 8113671f Merge bitcoin-core/secp256k1#1729: hash: Use size_t instead of int for RFC6979 outlen copy 325d65a8 Rename and clear var containing k or -k 960ba5f9 Use size_t instead of int for RFC6979 outlen copy 73791243 ci: Add more tests for clang-cl 7379a5be doc: Recommend clang-cl when building on Windows f36afb8b Merge bitcoin-core/secp256k1#1725: tests: refactor tagged hash verification 5153cf1c tests: refactor tagged hash tests d2dcf520 Merge bitcoin-core/secp256k1#1726: docs: fix broken link to Tromer's cache.pdf paper 489a43d1 docs: fix broken link to eprint cache.pdf paper d5997141 Merge bitcoin-core/secp256k1#1722: docs: Exclude modules' `bench_impl.h` headers from coverage report 0458def5 doc: Add `--gcov-ignore-parse-errors=all` option to `gcovr` invocations 1aecce59 doc: Add `--merge-mode-functions=separate` option to `gcovr` invocations 106a7cbf doc: Exclude modules' `bench_impl.h` headers from coverage report a9e955d3 autotools, docs: Adjust help string for `--enable-coverage` option e523e4f9 Merge bitcoin-core/secp256k1#1720: chore(ci): Fix typo in Dockerfile comment 24ba8ff1 chore(ci): Fix typo in Dockerfile comment 74b8068c Merge bitcoin-core/secp256k1#1717: test: update wycheproof test vectors c25c3c8a test: update wycheproof test vectors 20e3b447 Merge bitcoin-core/secp256k1#1688: cmake: Avoid contaminating parent project's cache with `BUILD_SHARED_LIBS` 2c076d90 Merge bitcoin-core/secp256k1#1711: tests: update Wycheproof 7b07b229 cmake: Avoid contaminating parent project's cache with BUILD_SHARED_LIBS 5433648c Fix typos and spellings 9ea54c69 tests: update Wycheproof files b9313c6e Merge bitcoin-core/secp256k1#1708: release cleanup: bump version after 0.7.0 a660a497 Merge bitcoin-core/secp256k1#1707: release: Prepare for 0.7.0 7ab8b0cc release cleanup: bump version after 0.7.0 a3e742d9 release: Prepare for 0.7.0 f67b0ac1 ci: Don't hardcode ABI version 020ee604 Merge bitcoin-core/secp256k1#1706: musig/tests: initialize keypair cde41308 musig/tests: initialize keypair 6037833c Merge bitcoin-core/secp256k1#1702: changelog: update 40b4a065 changelog: update 5e74086d Merge bitcoin-core/secp256k1#1705: musig/test: Remove dead code 7c338042 Merge bitcoin-core/secp256k1#1696: build: Refactor visibility logic and add override 8d967a60 musig/test: Remove dead code 983711cd musig/tests: Refactor vectors_signverify 73a69595 Merge bitcoin-core/secp256k1#1704: cmake: Make `secp256k1_objs` inherit interface defines from `secp256k1` bf082221 cmake: Make `secp256k1_objs` inherit interface defines from `secp256k1` c82d84bb build: add CMake option for disabling symbol visibility attributes ce792387 build: Add SECP256K1_NO_API_VISIBILITY_ATTRIBUTES e5297f6d build: Refactor visibility logic cbbbf3bd Merge bitcoin-core/secp256k1#1699: ci: enable musig module for native macOS arm64 job 943479a7 Merge bitcoin-core/secp256k1#1694: Revert "cmake: configure libsecp256k1.pc during install" 3352f9d6 ci: enable musig module for native macOS arm64 job ad60ef7e Merge bitcoin-core/secp256k1#1689: ci: Convert `arm64` Cirrus tasks to GHA jobs c4987790 Merge bitcoin-core/secp256k1#1687: cmake: support the use of launchers in ctest -S scripts 44b205e9 Revert "cmake: configure libsecp256k1.pc during install" 0dfe387d cmake: support the use of launchers in ctest -S scripts 89096c23 Merge bitcoin-core/secp256k1#1692: cmake: configure libsecp256k1.pc during install 7106dce6 cmake: configure libsecp256k1.pc during install 29e73f4b Merge bitcoin-core/secp256k1#1685: cmake: Emulate Libtool's behavior on FreeBSD 746e36b1 Merge bitcoin-core/secp256k1#1678: cmake: add a helper for linking into static libs a28c2ffa Merge bitcoin-core/secp256k1#1683: README: add link to musig example 2a9d3747 Merge bitcoin-core/secp256k1#1690: ci: Bump GCC snapshot major version to 16 add146e1 ci: Bump GCC snapshot major version to 16 004f57fc ci: Move Valgrind build for `arm64` from Cirrus to GHA 5fafdfc3 ci: Move `gcc-snapshot` build for `arm64` from Cirrus to GHA e814b79a ci: Switch `arm64_debian` from QEMU to native `arm64` Docker image bcf77346 ci: Add `arm64` architecture to `docker_cache` job b77aae92 ci: Rename Docker image tag to reflect architecture 145ae3e2 cmake: add a helper for linking into static libs 81921097 README: add link to musig example, generalize module enabling hint 95db29b1 Merge bitcoin-core/secp256k1#1679: cmake: Use `PUBLIC_HEADER` target property in installation logic 37dd422b cmake: Emulate Libtool's behavior on FreeBSD f24b838b Merge bitcoin-core/secp256k1#1680: doc: Promote "Building with CMake" to standard procedure 3f31ac43 doc: Promote "Building with CMake" to standard procedure 6f67151e cmake: Use `PUBLIC_HEADER` target property c32715b2 cmake, move-only: Move module option processing to `src/CMakeLists.txt` 201b2b8f Merge bitcoin-core/secp256k1#1675: cmake: Bump minimum required CMake version to 3.22 3af71987 cmake: Bump minimum required CMake version to 3.22 92394476 Merge bitcoin-core/secp256k1#1673: Assert field magnitude at control-flow join 3a4f448c Assert field magnitude at control-flow join 9fab4252 Merge bitcoin-core/secp256k1#1668: bench_ecmult: add benchmark for ecmult_const_xonly 05445377 bench_ecmult: add benchmark for ecmult_const_xonly bb597b3d Merge bitcoin-core/secp256k1#1670: tests: update wycheproof files d73ed994 tests: update wycheproof files 4187a466 Merge bitcoin-core/secp256k1#1492: tests: Add Wycheproof ECDH vectors e266ba11 tests: Add Wycheproof ECDH vectors 13906b71 Merge bitcoin-core/secp256k1#1669: gitignore: Add Python cache files c1bcb032 gitignore: Add Python cache files 70f149b9 Merge bitcoin-core/secp256k1#1662: bench: add ellswift to bench help output 6b3fe51f bench: add ellswift to bench help output d84bb83e Merge bitcoin-core/secp256k1#1661: configure: Show exhaustive tests in summary 3f54ed8c Merge bitcoin-core/secp256k1#1659: include: remove WARN_UNUSED_RESULT for functions always returning 1 20b05c9d configure: Show exhaustive tests in summary e56716a3 Merge bitcoin-core/secp256k1#1660: ci: Fix exiting from ci.sh on error d87c3bc5 ci: Fix exiting from ci.sh on error 1b6e0815 include: remove WARN_UNUSED_RESULT for functions always returning 1 2abb35b0 Merge bitcoin-core/secp256k1#1657: tests: remove unused uncounting_illegal_callback_fn 51907fa9 tests: remove unused uncounting_illegal_callback_fn a7a51171 Merge bitcoin-core/secp256k1#1359: Fix symbol visibility issues, add test for it 13ed6f65 Merge bitcoin-core/secp256k1#1593: Remove deprecated `_ec_privkey_{negate,tweak_add,tweak_mul}` aliases from API d1478763 build: Drop no longer needed `-fvisibility=hidden` compiler option 8ed1d83d ci: Run `tools/symbol-check.py` 41d32ab2 test: Add `tools/symbol-check.py` 88548058 Introduce `SECP256K1_LOCAL_VAR` macro 03bbe8c6 Merge bitcoin-core/secp256k1#1655: gha: Print all *.log files, in a separate action 59860bcc gha: Print all *.log files, in a separate action 4ba1ba2a Merge bitcoin-core/secp256k1#1647: cmake: Adjust diagnostic flags for `clang-cl` abd25054 Merge bitcoin-core/secp256k1#1656: musig: Fix clearing of pubnonces 961ec25a musig: Fix clearing of pubnonces 31860823 Merge bitcoin-core/secp256k1#1614: Add _ge_set_all_gej and use it in musig for own public nonces 6c2a39da Merge bitcoin-core/secp256k1#1639: Make static context const 37d2c60b Remove deprecated _ec_privkey_{negate,tweak_add,tweak_mul} aliases 432ac577 Make static context const 1b1fc093 Merge bitcoin-core/secp256k1#1642: Verify `compressed` argument in `secp256k1_eckey_pubkey_serialize` c0d9480f Merge bitcoin-core/secp256k1#1654: use `EXIT_` constants over magic numbers for indicating program execution status 13d38962 CONTRIBUTING: mention that `EXIT_` codes should be used c8555817 test, bench, precompute_ecmult: use `EXIT_...` constants for `main` return values 965393fc examples: use `EXIT_...` constants for `main` return values 2e3bf136 Merge bitcoin-core/secp256k1#1646: README: add instructions for verifying GPG signatures b682dbcf README: add instructions for verifying GPG signatures 00774d07 Merge bitcoin-core/secp256k1#1650: schnorrsig: clear out masked secret key in BIP-340 nonce function a82287fb schnorrsig: clear out masked secret key in BIP-340 nonce function 4c50d73d ci: Add new "Windows (clang-cl)" job 84c0bd1f cmake: Adjust diagnostic flags for clang-cl f79f46c7 Merge bitcoin-core/secp256k1#1641: doc: Improve cmake instructions in README 2ac9f558 doc: Improve cmake instructions in README 18235947 Verify `compressed` argument in `secp256k1_eckey_pubkey_serialize` 8deef00b Merge bitcoin-core/secp256k1#1634: Fix some misspellings 39705450 Fix some misspellings ec329c25 Merge bitcoin-core/secp256k1#1633: release cleanup: bump version after 0.6.0 c97059f5 release cleanup: bump version after 0.6.0 0cdc758a Merge bitcoin-core/secp256k1#1631: release: prepare for 0.6.0 39d5dfd5 release: prepare for 0.6.0 df2eceb2 build: add ellswift.md and musig.md to release tarball a306bb7e tools: fix check-abi.sh after cmake out locations were changed 145868a8 Do not export `secp256k1_musig_nonce_gen_internal` b161bffb Merge bitcoin-core/secp256k1#1579: Clear sensitive memory without getting optimized out (revival of #636) 64228a64 musig: Use _ge_set_all_gej for own public nonces 300aab1c tests: Improve _ge_set_all_gej(_var) tests 365f274c group: Simplify secp256k1_ge_set_all_gej d3082dde group: Add constant-time secp256k1_ge_set_all_gej a38d879a Merge bitcoin-core/secp256k1#1628: Name public API structs 7d48f5ed Merge bitcoin-core/secp256k1#1581: test, ci: Lower default iteration count to 16 694342fd Name public API structs 0f73caf7 test, ci: Lower default iteration count to 16 9a8db52f Merge bitcoin-core/secp256k1#1582: cmake, test: Add `secp256k1_` prefix to test names 765ef533 Clear _gej instances after point multiplication to avoid potential leaks 349e6ab9 Introduce separate _clear functions for hash module 99cc9fd6 Don't rely on memset to set signed integers to 0 97c57f42 Implement various _clear() functions with secp256k1_memclear() 9bb368d1 Use secp256k1_memclear() to clear stack memory instead of memset() e3497bbf Separate between clearing memory and setting to zero in tests d79a6ccd Separate secp256k1_fe_set_int( . , 0 ) from secp256k1_fe_clear() 1c081262 Add secp256k1_memclear() for clearing secret data 1464f15c Merge bitcoin-core/secp256k1#1625: util: Remove unused (u)int64_t formatting macros 980c08df util: Remove unused (u)int64_t formatting macros 9b7c59cb Merge bitcoin-core/secp256k1#1624: ci: Update macOS image 096e3e23 ci: Update macOS image e7d38448 Don't clear secrets in pippenger implementation 68b55209 Merge bitcoin-core/secp256k1#1619: musig: ctimetests: fix _declassify range for generated nonce points f0868a9b Merge bitcoin-core/secp256k1#1595: build: 45839th attempt to fix symbol visibility on Windows 1fae76f5 Merge bitcoin-core/secp256k1#1620: Remove unused scratch space from API 8be3839f Remove unused scratch space from API 57eda3ba musig: ctimetests: fix _declassify range for generated nonce points 87384f5c cmake, test: Add `secp256k1_` prefix to test names e59158b6 Merge bitcoin-core/secp256k1#1553: cmake: Set top-level target output locations 18f9b967 Merge bitcoin-core/secp256k1#1616: examples: do not retry generating seckey randomness in musig 5bab8f6d examples: make key generation doc consistent e8908221 examples: do not retry generating seckey randomness in musig 70b6be18 extrakeys: improve doc of keypair_create (don't suggest retry) 01b58933 Merge bitcoin-core/secp256k1#1599: #1570 improve examples: remove key generation loop cd4f84f3 Improve examples/documentation: remove key generation loops a88aa935 Merge bitcoin-core/secp256k1#1603: f can never equal -m 3660fe5e Merge bitcoin-core/secp256k1#1479: Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 168c9201 build: allow enabling the musig module in cmake f411841a Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 0be79660 util: add constant-time is_zero_array function c8fbdb1b group: add ge_to_bytes_ext and ge_from_bytes_ext ef7ff034 f can never equal -m c232486d Revert "cmake: Set `ENVIRONMENT` property for examples on Windows" 26e4a7c2 cmake: Set top-level target output locations 4c57c7a5 Merge bitcoin-core/secp256k1#1554: cmake: Clean up testing code 447334cb include: Avoid visibility("default") on Windows 472faaa8 Merge bitcoin-core/secp256k1#1604: doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 292310fb doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 2f2ccc46 Merge bitcoin-core/secp256k1#1600: cmake: Introduce `SECP256K1_APPEND_LDFLAGS` variable 421ed1b4 cmake: Introduce `SECP256K1_APPEND_LDFLAGS` variable 85e224dd group: add ge_to_bytes and ge_from_bytes 19888550 Merge bitcoin-core/secp256k1#1586: fix: remove duplicate 'the' from header file comment b3076144 Merge bitcoin-core/secp256k1#1583: ci: Bump GCC_SNAPSHOT_MAJOR to 15 fa67b675 refactor: Use array initialization for unterminated strings 9b0f37bf fix: remove duplicate 'the' from header file comment e34b4767 ci: Bump GCC_SNAPSHOT_MAJOR to 15 3fdf146b Merge bitcoin-core/secp256k1#1578: ci: Silent Homebrew's noisy reinstall warnings f8c1b0e0 Merge bitcoin-core/secp256k1#1577: release cleanup: bump version after 0.5.1 7057d3c9 ci: Silent Homebrew's noisy reinstall warnings c3e40d75 release cleanup: bump version after 0.5.1 642c885b Merge bitcoin-core/secp256k1#1575: release: prepare for 0.5.1 cdf08c1a Merge bitcoin-core/secp256k1#1576: doc: mention `needs-changelog` github label in release process 40d87b8e release: prepare for 0.5.1 57702261 changelog: clarify CMake option 759bd4bb doc: mention `needs-changelog` github label in release process fded437c Merge bitcoin-core/secp256k1#1574: Fix compilation when extrakeys module isn't enabled 763d938c ci: only enable extrakeys module when schnorrsig is enabled af551ab9 tests: do not use functions from extrakeys module 0055b867 Merge bitcoin-core/secp256k1#1551: Add ellswift usage example ea2d5f0f Merge bitcoin-core/secp256k1#1563: doc: Add convention for defaults ca06e58b Merge bitcoin-core/secp256k1#1564: build, ci: Adjust the default size of the precomputed table for signing e2af4912 ci: Switch to the new default value of the precomputed table for signing d94a9273 build: Adjust the default size of the precomputed table for signing fcc5d738 Merge bitcoin-core/secp256k1#1565: cmake: Bump CMake minimum required version up to 3.16 9420eece cmake: Bump CMake minimum required version up to 3.16 16685649 doc: Add convention for defaults a5269373 Merge bitcoin-core/secp256k1#1555: Fixed O3 replacement b8fe3333 cmake: Fixed O3 replacement 7c987ec8 cmake: Call `enable_testing()` unconditionally 6aa57651 cmake: Delete `CTest` module 31f84595 Add ellswift usage example fe4fbaa7 examples: fix case typos in secret clearing paragraphs (s/, Or/, or/) 4af241b3 Merge bitcoin-core/secp256k1#1535: build: Replace hardcoded "auto" value with default one f473c959 Merge bitcoin-core/secp256k1#1543: cmake: Do not modify build types when integrating by downstream project d403eea4 Merge bitcoin-core/secp256k1#1546: cmake: Rename `SECP256K1_LATE_CFLAGS` and switch to Bitcoin Core's approach d7ae25ce Merge bitcoin-core/secp256k1#1550: fix: typos in secp256k1.c 0e2fadb2 fix: typos in secp256k1.c 69b2192a Merge bitcoin-core/secp256k1#1545: cmake: Do not set `CTEST_TEST_TARGET_ALIAS` 5dd637f3 Merge bitcoin-core/secp256k1#1548: README: mention ellswift module 7454a537 README: mention ellswift module 4706be2c cmake: Reimplement `SECP256K1_APPEND_CFLAGS` using Bitcoin Core approach c2764dbb cmake: Rename `SECP256K1_LATE_CFLAGS` to `SECP256K1_APPEND_CFLAGS` f87a3589 cmake: Do not set `CTEST_TEST_TARGET_ALIAS` 158f9e5e cmake: Do not modify build types when integrating by downstream project 35c0fdc8 Merge bitcoin-core/secp256k1#1529: cmake: Fix cache issue when integrating by downstream project 4392f0f7 Merge bitcoin-core/secp256k1#1533: tests: refactor: tidy up util functions (#1491) bedffd53 Merge bitcoin-core/secp256k1#1488: ci: Add native macOS arm64 job 4b8d5eea Merge bitcoin-core/secp256k1#1532: cmake: Disable eager MSan in ctime_tests f55703ba autotools: Delete unneeded compiler test 396e8858 autotools: Align MSan checking code with CMake's implementation abde59f5 cmake: Report more compiler details in summary 7abf979a cmake: Disable `ctime_tests` if build with `-fsanitize=memory` 4d9645be cmake: Remove "AUTO" value of `SECP256K1_ECMULT_GEN_KB` option a06805ee cmake: Remove "AUTO" value of `SECP256K1_ECMULT_WINDOW_SIZE` option 1791f6fc Merge bitcoin-core/secp256k1#1517: autotools: Disable eager MSan in ctime_tests 26b94ee9 autotools: Remove "auto" value of `--with-ecmult-gen-kb` option 122dbaeb autotools: Remove "auto" value of `--with-ecmult-window` option e73f6f8f tests: refactor: drop `secp256k1_` prefix from testrand.h functions 0ee7453a tests: refactor: add `testutil_` prefix to testutil.h functions 0c6bc76d tests: refactor: move `random_` helpers from tests.c to testutil.h 0fef8479 tests: refactor: rename `random_field_element_magnitude` -> `random_fe_magnitude` 59db007f tests: refactor: rename `random_group_element_...` -> `random_ge_...` ebfb82ee ci: Add job with -fsanitize-memory-param-retval e1bef096 configure: Move "experimental" warning to bottom 55e5d975 autotools: Disable eager MSan in ctime_tests 06bff6de Merge bitcoin-core/secp256k1#1528: tests: call `secp256k1_ecmult_multi_var` with a non-`NULL` error callback ec4c002f cmake: Simplify `PROJECT_IS_TOP_LEVEL` emulation cae9a7ad cmake: Do not set emulated PROJECT_IS_TOP_LEVEL as cache variable 4155e62f Merge bitcoin-core/secp256k1#1526: cmake: Fix `check_arm32_assembly` when using as subproject 9554362b tests: call secp256k1_ecmult_multi_var with a non-NULL error callback 9f4c8cd7 cmake: Fix `check_arm32_assembly` when using as subproject 7712a530 Merge bitcoin-core/secp256k1#1524: check-abi: explicitly provide public headers 7d0bc087 Merge bitcoin-core/secp256k1#1525: changelog: Correct 0.5.0 release date d45d9b74 changelog: Correct 0.5.0 release date d7f6613d Merge bitcoin-core/secp256k1#1523: release cleanup: bump version after 0.5.0 2f05e2da release cleanup: bump version after 0.5.0 e3a885d4 Merge bitcoin-core/secp256k1#1522: release: prepare for 0.5.0 dd695563 check-abi: explicitly provide public headers c0e4ec3f release: prepare for 0.5.0 bb528cfb Merge bitcoin-core/secp256k1#1518: Add secp256k1_pubkey_sort 7d2591ce Add secp256k1_pubkey_sort da515074 Merge bitcoin-core/secp256k1#1058: Signed-digit multi-comb ecmult_gen algorithm 4c341f89 Add changelog entry for SDMC a0439402 Permit COMB_BITS < 256 for exhaustive tests 39b2f2a3 Add test case for ecmult_gen recoded = {-1,0,1} 644e86de Reintroduce projective blinding 07810d9a Reduce side channels from single-bit reads a0d32b59 Optimization: use Nx32 representation for recoded bits e03dcc44 Make secp256k1_scalar_get_bits support 32-bit reads 5005abee Rename scalar_get_bits -> scalar_get_bits_limb32; return uint32_t 6247f485 Optimization: avoid unnecessary doublings in precomputation 15d0cca2 Optimization: first table lookup needs no point addition 7a33db35 Optimization: move (2^COMB_BITS-1)/2 term into ctx->scalar_offset ed2a056f Provide 3 configurations accessible through ./configure 5f7be9f6 Always generate tables for current (blocks,teeth) config fde1dfcd Signed-digit multi-comb ecmult_gen algorithm 486518b3 Make exhaustive tests's scalar_inverse(&x,&x) work ab45c3e0 Initial gej blinding -> final ge blinding aa00a6b8 Introduce CEIL_DIV macro and use it d8311688 Merge bitcoin-core/secp256k1#1515: ci: Note affected clangs in comment on ASLR quirk a85e2233 ci: Note affected clangs in comment on ASLR quirk 4b77fec6 Merge bitcoin-core/secp256k1#1512: msan: notate more variable assignments from assembly code f7f0184b msan: notate more variable assignments from assembly code a6133914 change inconsistent array param to pointer 05bfab69 Merge bitcoin-core/secp256k1#1507: ci: Add workaround for ASLR bug in sanitizers a5e8ab24 ci: Add sanitizer env variables to debug output 84a93de4 ci: Add workaround for ASLR bug in sanitizers 427e86b9 Merge bitcoin-core/secp256k1#1490: tests: improve fe_sqr test (issue #1472) 2028069d doc: clarify input requirements for secp256k1_fe_mul 11420a7a tests: improve fe_sqr test cdc9a625 Merge bitcoin-core/secp256k1#1489: tests: add missing fe comparison checks for inverse field test cases d926510c Merge bitcoin-core/secp256k1#1496: msan: notate variable assignments from assembly code 31ba4049 msan: notate variable assignments from assembly code e7ea32e3 msan: Add SECP256K1_CHECKMEM_MSAN_DEFINE which applies to memory sanitizer and not valgrind e7bdddd9 refactor: rename `check_fe_equal` -> `fe_equal` 00111c9c tests: add missing fe comparison checks for inverse field test cases 218f0cc9 ci: Add native macOS arm64 job 0653a25d Merge bitcoin-core/secp256k1#1486: ci: Update cache action 94a14d52 ci: Update cache action 24836272 Merge bitcoin-core/secp256k1#1483: cmake: Recommend native CMake commands in README 5ad3aa3d Merge bitcoin-core/secp256k1#1484: tests: Drop redundant _scalar_check_overflow calls 51df2d9a tests: Drop redundant _scalar_check_overflow calls 3777e3f3 cmake: Recommend native CMake commands in README git-subtree-dir: Vendor/secp256k1-zkp git-subtree-split: 42ae776d3b49f27f2a1edd5ec62c023e05b93607

* chore: clean stale extractions for secp256k1 * Squashed 'Vendor/secp256k1/' content from commit a660a497 git-subtree-dir: Vendor/secp256k1 git-subtree-split: a660a4976efe880bae7982ee410b9e0dc59ac983 * Squashed 'Vendor/secp256k1/' changes from a660a497..1a53f496 1a53f496 Merge bitcoin-core/secp256k1#1808: Prepare for 0.7.1 20a209f1 release: prepare for 0.7.1 c4b6a81a changelog: update in preparation for the v0.7.1 release ebb35882 Merge bitcoin-core/secp256k1#1796: bench: fail early if user inputs invalid value for SECP256K1_BENCH_ITERS c09215f7 bench: fail early if user inputs invalid value for SECP256K1_BENCH_ITERS 471e3a13 Merge bitcoin-core/secp256k1#1800: sage: verify Eisenstein integer connection for GLV constants 29ac4d84 sage: verify Eisenstein integer connection for GLV constants 4721e077 Merge bitcoin-core/secp256k1#1793: doc/bench: added help text for SECP256K1_BENCH_ITERS env var for bench_ecmult bd5ced1f doc/bench: added help text for SECP256K1_BENCH_ITERS env var for bench_ecmult 2d9137ce Merge bitcoin-core/secp256k1#1764: group: Avoid using infinity field directly in other modules f9a944ff Merge bitcoin-core/secp256k1#1790: doc: include arg -DSECP256K1_USE_EXTERNAL_DEFAULT_CALLBACKS=ON for cmake 0406cfc4 doc: include arg -DUSE_EXTERNAL_DEFAULT_CALLBACKS=1 for cmake 8d445730 Merge bitcoin-core/secp256k1#1783: Add VERIFY_CHECKs and documentation that flags must be 0 or 1 aa2a39c1 Merge bitcoin-core/secp256k1#1778: doc/bench: Added cmake build options to bench error messages 540fec8a Merge bitcoin-core/secp256k1#1788: test: split monolithic ellswift test into independent cases d822b290 test: split monolithic ellswift test into independent cases ae00c552 Add VERIFY_CHECKs that flags are 0 or 1 5c751833 Merge bitcoin-core/secp256k1#1784: refactor: remove ret from secp256k1_ec_pubkey_serialize be5e4f02 Merge bitcoin-core/secp256k1#1779: Add ARG_CHECKs to ensure "array of pointers" elements are non-NULL 3daab83a refactor: remove ret from secp256k1_ec_pubkey_serialize 8bcda186 test: Add non-NULL checks for "pointer of array" API functions 5a08c1bc Add ARG_CHECKs to ensure "array of pointers" elements are non-NULL 3b5b03f3 doc/bench: Added cmake build options to bench error messages e7f7083b Merge bitcoin-core/secp256k1#1774: refactor: split up internal pubkey serialization function into compressed/uncompressed variants b6c2a3cd Merge bitcoin-core/secp256k1#1761: ecmult_multi: reduce strauss memory usage by 30% f5e815f4 remove secp256k1_eckey_pubkey_serialize function 0d3659c5 use new `_eckey_pubkey_serialize{33,65}` functions in modules (ellswift,musig) adb76f82 use new `_eckey_pubkey_serialize{33,65}` functions in public API fc7458ca introduce `secp256k1_eckey_pubkey_serialize{33,65}` functions c8206b1c Merge bitcoin-core/secp256k1#1771: ci: Use Python virtual environment in "x86_64-macos-native" job f252da7e ci: Use Python virtual environment in "x86_64-macos-native" job 115b135f Merge bitcoin-core/secp256k1#1763: bench: Use `ALIGNMENT` macro instead of hardcoded value 2f73e528 group: Avoid using infinity field directly in other modules 153eea20 bench: Use `ALIGNMENT` macro instead of hardcoded value 26166c4f ecmult_multi: reduce strauss memory usage by 30% 7a2fff85 Merge bitcoin-core/secp256k1#1758: ci: Drop workaround for Valgrind older than 3.20.0 43e7b115 Merge bitcoin-core/secp256k1#1759: ci: Switch to macOS 15 Sequoia Intel-based image 8bc50b72 ci: Switch to macOS 15 Sequoia Intel-based image c09519f0 ci: Drop workaround for Valgrind older than 3.20.0 d543c0d9 Merge bitcoin-core/secp256k1#1734: Introduce (mini) unit test framework f44c1ebd Merge bitcoin-core/secp256k1#1719: ci: DRY workflow using anchors a44a3393 Merge bitcoin-core/secp256k1#1750: ci: Use clang-snapshot in "MSan" job 15d01480 ci: Drop default for `inputs.command` in `run-in-docker-action` 1decc49a ci: Use YAML anchor and aliases for repeated "CI script" steps dff1bc10 ci, refactor: Generalize use of `matrix.configuration.env_vars` 4b644da1 ci: Use YAML anchor and aliases for repeated "Print logs" steps a889cd93 ci: Bump `actions/checkout` version 574c2f30 ci: Use YAML anchor and aliases for repeated "Checkout" steps 53585f93 ci: Use clang-snapshot in "MSan" job 6894c964 Fix Clang 21+ `-Wuninitialized-const-pointer` warning when using MSan 2b7337f6 Merge bitcoin-core/secp256k1#1756: ci: Fix image caching and apply other improvements f163c358 ci: Set `DEBIAN_FRONTEND=noninteractive` 70ae177c ci: Bump `docker/build-push-action` version b2a95a42 ci: Drop `tags` input for `docker/build-push-action` 122014ed ci: Add `scope` parameter to `cache-{to,from}` options 2f4546ce test: add --log option to display tests execution 95b9953e test: Add option to display all available tests 953f7b00 test: support running specific tests/modules targets 0302c1a3 test: add --help for command-line options 9ec3bfe2 test: adapt modules to the new test infrastructure 48789daf test: introduce (mini) unit test framework baa26542 Merge bitcoin-core/secp256k1#1727: docs: Clarify that callback can be called more than once 4d90585f docs: Improve API docs of _context_set_illegal_callback 895f53d1 docs: Clarify that callback can be called more than once de6af6ae Merge bitcoin-core/secp256k1#1748: bench: improve context creation in ECDH benchmark 58178851 Merge bitcoin-core/secp256k1#1749: build: Fix warnings in x86_64 assembly check ab560078 build: Fix warnings in x86_64 assembly check 10dab907 Merge bitcoin-core/secp256k1#1741: doc: clarify API doc of `secp256k1_ecdsa_recover` return value dfe284ed bench: improve context creation in ECDH benchmark 7321bdf2 doc: clarify API doc of `secp256k1_ecdsa_recover` return value b4756543 Merge bitcoin-core/secp256k1#1745: test: introduce group order byte-array constant for deduplication 9cce7038 refactor: move 'gettime_i64()' to tests_common.h 0c91c560 test: introduce group order byte-array constant for deduplication 88be4e8d Merge bitcoin-core/secp256k1#1735: musig: Invalidate secnonce in secp256k1_musig_partial_sign 36e76952 Merge bitcoin-core/secp256k1#1738: check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 399b582a Split memclear into two versions 4985ac0f Merge bitcoin-core/secp256k1#1737: doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 7ebaa134 check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 806de38b doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 03fb60ad Merge bitcoin-core/secp256k1#1681: doc: Recommend clang-cl when building on Windows d93380fb Merge bitcoin-core/secp256k1#1731: schnorrsig: Securely clear buf containing k or its negation 8113671f Merge bitcoin-core/secp256k1#1729: hash: Use size_t instead of int for RFC6979 outlen copy 325d65a8 Rename and clear var containing k or -k 960ba5f9 Use size_t instead of int for RFC6979 outlen copy 73791243 ci: Add more tests for clang-cl 7379a5be doc: Recommend clang-cl when building on Windows f36afb8b Merge bitcoin-core/secp256k1#1725: tests: refactor tagged hash verification 5153cf1c tests: refactor tagged hash tests d2dcf520 Merge bitcoin-core/secp256k1#1726: docs: fix broken link to Tromer's cache.pdf paper 489a43d1 docs: fix broken link to eprint cache.pdf paper d5997141 Merge bitcoin-core/secp256k1#1722: docs: Exclude modules' `bench_impl.h` headers from coverage report 0458def5 doc: Add `--gcov-ignore-parse-errors=all` option to `gcovr` invocations 1aecce59 doc: Add `--merge-mode-functions=separate` option to `gcovr` invocations 106a7cbf doc: Exclude modules' `bench_impl.h` headers from coverage report a9e955d3 autotools, docs: Adjust help string for `--enable-coverage` option e523e4f9 Merge bitcoin-core/secp256k1#1720: chore(ci): Fix typo in Dockerfile comment 24ba8ff1 chore(ci): Fix typo in Dockerfile comment 74b8068c Merge bitcoin-core/secp256k1#1717: test: update wycheproof test vectors c25c3c8a test: update wycheproof test vectors 20e3b447 Merge bitcoin-core/secp256k1#1688: cmake: Avoid contaminating parent project's cache with `BUILD_SHARED_LIBS` 2c076d90 Merge bitcoin-core/secp256k1#1711: tests: update Wycheproof 7b07b229 cmake: Avoid contaminating parent project's cache with BUILD_SHARED_LIBS 5433648c Fix typos and spellings 9ea54c69 tests: update Wycheproof files b9313c6e Merge bitcoin-core/secp256k1#1708: release cleanup: bump version after 0.7.0 7ab8b0cc release cleanup: bump version after 0.7.0 git-subtree-dir: Vendor/secp256k1 git-subtree-split: 1a53f4961f337b4d166c25fce72ef0dc88806618 * chore(deps): update subtree secp256k1 to v0.7.1 * refactor: remove unit test framework files Remove unit_test.c and unit_test.h which are no longer needed after the test infrastructure refactoring. These files provided the mini unit test framework that has been replaced by the new test infrastructure. --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: csjones <csjones@users.noreply.github.com>

* chore: clean stale extractions for secp256k1-zkp * Squashed 'Vendor/secp256k1-zkp/' content from commit 42e75b61 git-subtree-dir: Vendor/secp256k1-zkp git-subtree-split: 42e75b613bc2c6b23d1ff75de49b9011f542baee * Squashed 'Vendor/secp256k1-zkp/' changes from 42e75b61..42ae776d 42ae776d Merge BlockstreamResearch/secp256k1-zkp#327: Upstream PRs 1711, 1688, 1717, 1720, 1722, 1726, 1725, 1729, 1731, 1681, 1737, 1738 01b1b916 modules: Port bitcoin-core/secp256k1#1725 to zkp-specific code 38284aa0 Merge commits '2c076d90 20e3b447 74b8068c e523e4f9 d5997141 d2dcf520 f36afb8b 8113671f d93380fb 03fb60ad 4985ac0f 36e76952 ' into temp-merge-1738 a3733f33 Merge BlockstreamResearch/secp256k1-zkp#325: Upstream PRs 1685, 1692, 1687, 1689, 1694, 1699, 1704, 1696, 1705, 1702, 1706, 1707, 1708 9dcd857d Merge commits '29e73f4b 89096c23 c4987790 ad60ef7e 943479a7 cbbbf3bd 73a69595 7c338042 5e74086d 6037833c 020ee604 a660a497 b9313c6e ' into temp-merge-1708 64316eac Merge BlockstreamResearch/secp256k1-zkp#324: Upstream PRs 1662, 1669, 1492, 1670, 1668, 1673, 1675, 1680, 1679, 1690, 1683, 1678 cc4a92b5 Merge commits '70f149b9 13906b71 4187a466 bb597b3d 9fab4252 92394476 201b2b8f f24b838b 95db29b1 2a9d3747 a28c2ffa 746e36b1 ' into temp-merge-1678 6e071d18 Merge BlockstreamResearch/secp256k1-zkp#323: Upstream PRs 1642, 1639, 1614, 1656, 1647, 1655, 1593, 1359, 1657, 1660, 1659, 1661 4dda3122 ci: Use Python virtual environment in x86_64-macos-native job 795f19af ci: Switch to macOS 15 Sequoia Intel-based image 2f057a14 ci: Don't hardcode ABI version 17ad1960 schnorrsig_halfagg: Fix symbol visibility for internal function ec343f0b Port bitcoin-core/secp256k1#1642 to zkp-specific code 79953d07 Merge commits '1b1fc093 6c2a39da 31860823 abd25054 4ba1ba2a 03bbe8c6 13ed6f65 a7a51171 2abb35b0 e56716a3 3f54ed8c d84bb83e ' into temp-merge-1661 2d30d398 Merge BlockstreamResearch/secp256k1-zkp#322: Upstream PRs 1579, 1631, 1633, 1634, 1641, 1650, 1646, 1654 e3bddfa7 modules: Port bitcoin-core/secp256k1#1579 to zkp-specific code 913be29e Merge commits 'b161bffb 0cdc758a ec329c25 8deef00b f79f46c7 00774d07 2e3bf136 c0d9480f ' into temp-merge-1654 8aa05cb3 Merge BlockstreamResearch/secp256k1-zkp#320: Upstream PRs 1603, 1599, 1616, 1553, 1620, 1595, 1619, 1624, 1625, 1582, 1581, 1628 a8e6a3cc Port bitcoin-core/secp256k1#1628 to zkp public API 347d6adf Merge commits 'a88aa935 01b58933 18f9b967 e59158b6 1fae76f5 f0868a9b 68b55209 9b7c59cb 1464f15c 9a8db52f 7d48f5ed a38d879a ' into temp-merge-1628 7acd4a1f Merge BlockstreamResearch/secp256k1-zkp#319: Upstream PR 1479 8c7c24eb docs: simplify README description, fix musig docs 8d443b80 musig: Re-add adaptor signatures support 248358f2 Merge commit '3660fe5e' into temp-merge-1479 21c24fdc musig: Remove module in preparation for upstream merge 211323d6 Merge BlockstreamResearch/secp256k1-zkp#318: Upstream PRs 1574, 1576, 1575, 1577, 1578, 1583, 1586, 1600, 1604, 1554 551b5dd4 Merge commits 'fded437c cdf08c1a 642c885b f8c1b0e0 3fdf146b b3076144 19888550 2f2ccc46 472faaa8 4c57c7a5 ' into temp-merge-1554 4ae7cb4f Merge BlockstreamResearch/secp256k1-zkp#317: Upstream PRs 1529, 1548, 1545, 1550, 1546, 1543, 1535, 1555, 1565, 1564, 1563, 1551 d0dde4aa Merge commits '35c0fdc 5dd637f 69b2192 d7ae25c d403eea f473c95 4af241b a526937 fcc5d73 ca06e58 ea2d5f0 0055b86 ' into temp-merge-1551 84ca3b33 Merge BlockstreamResearch/secp256k1-zkp#316: Upstream PRs 1533 513e550e Merge commits '4392f0f7 ' into temp-merge-1533 0fb0eac9 Merge BlockstreamResearch/secp256k1-zkp#314: Upstream PRs 1522, 1523, 1525, 1524, 1526, 1528, 1517, 1532, 1488 91b2deab ci: Add zkp modules to arm64-macos-native job f5e9804e Merge remote-tracking branch 'zkp/master' into temp-merge-1488 e34dc812 Merge BlockstreamResearch/secp256k1-zkp#315: ci: Backport LLVM apt signature fix 040673bd ci, docker: Fix LLVM repository signature failure c946b097 Merge commits 'e3a885d4 d7f6613d 7d0bc087 7712a530 4155e62f 06bff6de 1791f6fc 4b8d5eea bedffd53 ' into temp-merge-1488 1cdc3e0f Merge BlockstreamResearch/secp256k1-zkp#311: sync-upstream: Extend git usage tips d176205d Merge BlockstreamResearch/secp256k1-zkp#313: Upstream PR 1518 ca68d088 Merge BlockstreamResearch/secp256k1-zkp#312: scalar: Add SECP256K1_SCALAR_VERIFY to zkp-specific function 2cb2e312 extrakeys: Migrate to bitcoin-core/secp256k1#1518 secp256k1_ec_pubkey_sort 3291b021 Merge commits 'bb528cf ' into temp-merge-1518 96a415b1 scalar: Port bitcoin-core/secp256k1#1393 to zkp-specific code 41cead8a sync-upstream: Extend git usage tips 36a7b874 Merge BlockstreamResearch/secp256k1-zkp#310: Upstream PRs 1058 9a57e3c6 Merge commits 'da515074 ' into temp-merge-1058 7e460db4 Merge BlockstreamResearch/secp256k1-zkp#307: Upstream PRs 1484, 1483, 1486, 1496, 1489, 1490, 1507, 1512, 1515 f9cf003d scalar: Port bitcoin-core/secp256k1#1512 to zkp-specific code 8c72644a Merge commits '5ad3aa3 2483627 0653a25 d926510 cdc9a62 427e86b 05bfab6 4b77fec d831168 ' into temp-merge-1515 797e2ed6 Merge BlockstreamResearch/secp256k1-zkp#306: sync-upstream: improve help text db8750de sync-upstream: improve help text 36e76952 Merge bitcoin-core/secp256k1#1738: check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 4985ac0f Merge bitcoin-core/secp256k1#1737: doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 7ebaa134 check-abi: remove support for obsolete CMake library output location (src/libsecp256k1.so) 806de38b doc: mention ctx requirement for `_ellswift_create` (not secp256k1_context_static) 03fb60ad Merge bitcoin-core/secp256k1#1681: doc: Recommend clang-cl when building on Windows d93380fb Merge bitcoin-core/secp256k1#1731: schnorrsig: Securely clear buf containing k or its negation 8113671f Merge bitcoin-core/secp256k1#1729: hash: Use size_t instead of int for RFC6979 outlen copy 325d65a8 Rename and clear var containing k or -k 960ba5f9 Use size_t instead of int for RFC6979 outlen copy 73791243 ci: Add more tests for clang-cl 7379a5be doc: Recommend clang-cl when building on Windows f36afb8b Merge bitcoin-core/secp256k1#1725: tests: refactor tagged hash verification 5153cf1c tests: refactor tagged hash tests d2dcf520 Merge bitcoin-core/secp256k1#1726: docs: fix broken link to Tromer's cache.pdf paper 489a43d1 docs: fix broken link to eprint cache.pdf paper d5997141 Merge bitcoin-core/secp256k1#1722: docs: Exclude modules' `bench_impl.h` headers from coverage report 0458def5 doc: Add `--gcov-ignore-parse-errors=all` option to `gcovr` invocations 1aecce59 doc: Add `--merge-mode-functions=separate` option to `gcovr` invocations 106a7cbf doc: Exclude modules' `bench_impl.h` headers from coverage report a9e955d3 autotools, docs: Adjust help string for `--enable-coverage` option e523e4f9 Merge bitcoin-core/secp256k1#1720: chore(ci): Fix typo in Dockerfile comment 24ba8ff1 chore(ci): Fix typo in Dockerfile comment 74b8068c Merge bitcoin-core/secp256k1#1717: test: update wycheproof test vectors c25c3c8a test: update wycheproof test vectors 20e3b447 Merge bitcoin-core/secp256k1#1688: cmake: Avoid contaminating parent project's cache with `BUILD_SHARED_LIBS` 2c076d90 Merge bitcoin-core/secp256k1#1711: tests: update Wycheproof 7b07b229 cmake: Avoid contaminating parent project's cache with BUILD_SHARED_LIBS 5433648c Fix typos and spellings 9ea54c69 tests: update Wycheproof files b9313c6e Merge bitcoin-core/secp256k1#1708: release cleanup: bump version after 0.7.0 a660a497 Merge bitcoin-core/secp256k1#1707: release: Prepare for 0.7.0 7ab8b0cc release cleanup: bump version after 0.7.0 a3e742d9 release: Prepare for 0.7.0 f67b0ac1 ci: Don't hardcode ABI version 020ee604 Merge bitcoin-core/secp256k1#1706: musig/tests: initialize keypair cde41308 musig/tests: initialize keypair 6037833c Merge bitcoin-core/secp256k1#1702: changelog: update 40b4a065 changelog: update 5e74086d Merge bitcoin-core/secp256k1#1705: musig/test: Remove dead code 7c338042 Merge bitcoin-core/secp256k1#1696: build: Refactor visibility logic and add override 8d967a60 musig/test: Remove dead code 983711cd musig/tests: Refactor vectors_signverify 73a69595 Merge bitcoin-core/secp256k1#1704: cmake: Make `secp256k1_objs` inherit interface defines from `secp256k1` bf082221 cmake: Make `secp256k1_objs` inherit interface defines from `secp256k1` c82d84bb build: add CMake option for disabling symbol visibility attributes ce792387 build: Add SECP256K1_NO_API_VISIBILITY_ATTRIBUTES e5297f6d build: Refactor visibility logic cbbbf3bd Merge bitcoin-core/secp256k1#1699: ci: enable musig module for native macOS arm64 job 943479a7 Merge bitcoin-core/secp256k1#1694: Revert "cmake: configure libsecp256k1.pc during install" 3352f9d6 ci: enable musig module for native macOS arm64 job ad60ef7e Merge bitcoin-core/secp256k1#1689: ci: Convert `arm64` Cirrus tasks to GHA jobs c4987790 Merge bitcoin-core/secp256k1#1687: cmake: support the use of launchers in ctest -S scripts 44b205e9 Revert "cmake: configure libsecp256k1.pc during install" 0dfe387d cmake: support the use of launchers in ctest -S scripts 89096c23 Merge bitcoin-core/secp256k1#1692: cmake: configure libsecp256k1.pc during install 7106dce6 cmake: configure libsecp256k1.pc during install 29e73f4b Merge bitcoin-core/secp256k1#1685: cmake: Emulate Libtool's behavior on FreeBSD 746e36b1 Merge bitcoin-core/secp256k1#1678: cmake: add a helper for linking into static libs a28c2ffa Merge bitcoin-core/secp256k1#1683: README: add link to musig example 2a9d3747 Merge bitcoin-core/secp256k1#1690: ci: Bump GCC snapshot major version to 16 add146e1 ci: Bump GCC snapshot major version to 16 004f57fc ci: Move Valgrind build for `arm64` from Cirrus to GHA 5fafdfc3 ci: Move `gcc-snapshot` build for `arm64` from Cirrus to GHA e814b79a ci: Switch `arm64_debian` from QEMU to native `arm64` Docker image bcf77346 ci: Add `arm64` architecture to `docker_cache` job b77aae92 ci: Rename Docker image tag to reflect architecture 145ae3e2 cmake: add a helper for linking into static libs 81921097 README: add link to musig example, generalize module enabling hint 95db29b1 Merge bitcoin-core/secp256k1#1679: cmake: Use `PUBLIC_HEADER` target property in installation logic 37dd422b cmake: Emulate Libtool's behavior on FreeBSD f24b838b Merge bitcoin-core/secp256k1#1680: doc: Promote "Building with CMake" to standard procedure 3f31ac43 doc: Promote "Building with CMake" to standard procedure 6f67151e cmake: Use `PUBLIC_HEADER` target property c32715b2 cmake, move-only: Move module option processing to `src/CMakeLists.txt` 201b2b8f Merge bitcoin-core/secp256k1#1675: cmake: Bump minimum required CMake version to 3.22 3af71987 cmake: Bump minimum required CMake version to 3.22 92394476 Merge bitcoin-core/secp256k1#1673: Assert field magnitude at control-flow join 3a4f448c Assert field magnitude at control-flow join 9fab4252 Merge bitcoin-core/secp256k1#1668: bench_ecmult: add benchmark for ecmult_const_xonly 05445377 bench_ecmult: add benchmark for ecmult_const_xonly bb597b3d Merge bitcoin-core/secp256k1#1670: tests: update wycheproof files d73ed994 tests: update wycheproof files 4187a466 Merge bitcoin-core/secp256k1#1492: tests: Add Wycheproof ECDH vectors e266ba11 tests: Add Wycheproof ECDH vectors 13906b71 Merge bitcoin-core/secp256k1#1669: gitignore: Add Python cache files c1bcb032 gitignore: Add Python cache files 70f149b9 Merge bitcoin-core/secp256k1#1662: bench: add ellswift to bench help output 6b3fe51f bench: add ellswift to bench help output d84bb83e Merge bitcoin-core/secp256k1#1661: configure: Show exhaustive tests in summary 3f54ed8c Merge bitcoin-core/secp256k1#1659: include: remove WARN_UNUSED_RESULT for functions always returning 1 20b05c9d configure: Show exhaustive tests in summary e56716a3 Merge bitcoin-core/secp256k1#1660: ci: Fix exiting from ci.sh on error d87c3bc5 ci: Fix exiting from ci.sh on error 1b6e0815 include: remove WARN_UNUSED_RESULT for functions always returning 1 2abb35b0 Merge bitcoin-core/secp256k1#1657: tests: remove unused uncounting_illegal_callback_fn 51907fa9 tests: remove unused uncounting_illegal_callback_fn a7a51171 Merge bitcoin-core/secp256k1#1359: Fix symbol visibility issues, add test for it 13ed6f65 Merge bitcoin-core/secp256k1#1593: Remove deprecated `_ec_privkey_{negate,tweak_add,tweak_mul}` aliases from API d1478763 build: Drop no longer needed `-fvisibility=hidden` compiler option 8ed1d83d ci: Run `tools/symbol-check.py` 41d32ab2 test: Add `tools/symbol-check.py` 88548058 Introduce `SECP256K1_LOCAL_VAR` macro 03bbe8c6 Merge bitcoin-core/secp256k1#1655: gha: Print all *.log files, in a separate action 59860bcc gha: Print all *.log files, in a separate action 4ba1ba2a Merge bitcoin-core/secp256k1#1647: cmake: Adjust diagnostic flags for `clang-cl` abd25054 Merge bitcoin-core/secp256k1#1656: musig: Fix clearing of pubnonces 961ec25a musig: Fix clearing of pubnonces 31860823 Merge bitcoin-core/secp256k1#1614: Add _ge_set_all_gej and use it in musig for own public nonces 6c2a39da Merge bitcoin-core/secp256k1#1639: Make static context const 37d2c60b Remove deprecated _ec_privkey_{negate,tweak_add,tweak_mul} aliases 432ac577 Make static context const 1b1fc093 Merge bitcoin-core/secp256k1#1642: Verify `compressed` argument in `secp256k1_eckey_pubkey_serialize` c0d9480f Merge bitcoin-core/secp256k1#1654: use `EXIT_` constants over magic numbers for indicating program execution status 13d38962 CONTRIBUTING: mention that `EXIT_` codes should be used c8555817 test, bench, precompute_ecmult: use `EXIT_...` constants for `main` return values 965393fc examples: use `EXIT_...` constants for `main` return values 2e3bf136 Merge bitcoin-core/secp256k1#1646: README: add instructions for verifying GPG signatures b682dbcf README: add instructions for verifying GPG signatures 00774d07 Merge bitcoin-core/secp256k1#1650: schnorrsig: clear out masked secret key in BIP-340 nonce function a82287fb schnorrsig: clear out masked secret key in BIP-340 nonce function 4c50d73d ci: Add new "Windows (clang-cl)" job 84c0bd1f cmake: Adjust diagnostic flags for clang-cl f79f46c7 Merge bitcoin-core/secp256k1#1641: doc: Improve cmake instructions in README 2ac9f558 doc: Improve cmake instructions in README 18235947 Verify `compressed` argument in `secp256k1_eckey_pubkey_serialize` 8deef00b Merge bitcoin-core/secp256k1#1634: Fix some misspellings 39705450 Fix some misspellings ec329c25 Merge bitcoin-core/secp256k1#1633: release cleanup: bump version after 0.6.0 c97059f5 release cleanup: bump version after 0.6.0 0cdc758a Merge bitcoin-core/secp256k1#1631: release: prepare for 0.6.0 39d5dfd5 release: prepare for 0.6.0 df2eceb2 build: add ellswift.md and musig.md to release tarball a306bb7e tools: fix check-abi.sh after cmake out locations were changed 145868a8 Do not export `secp256k1_musig_nonce_gen_internal` b161bffb Merge bitcoin-core/secp256k1#1579: Clear sensitive memory without getting optimized out (revival of #636) 64228a64 musig: Use _ge_set_all_gej for own public nonces 300aab1c tests: Improve _ge_set_all_gej(_var) tests 365f274c group: Simplify secp256k1_ge_set_all_gej d3082dde group: Add constant-time secp256k1_ge_set_all_gej a38d879a Merge bitcoin-core/secp256k1#1628: Name public API structs 7d48f5ed Merge bitcoin-core/secp256k1#1581: test, ci: Lower default iteration count to 16 694342fd Name public API structs 0f73caf7 test, ci: Lower default iteration count to 16 9a8db52f Merge bitcoin-core/secp256k1#1582: cmake, test: Add `secp256k1_` prefix to test names 765ef533 Clear _gej instances after point multiplication to avoid potential leaks 349e6ab9 Introduce separate _clear functions for hash module 99cc9fd6 Don't rely on memset to set signed integers to 0 97c57f42 Implement various _clear() functions with secp256k1_memclear() 9bb368d1 Use secp256k1_memclear() to clear stack memory instead of memset() e3497bbf Separate between clearing memory and setting to zero in tests d79a6ccd Separate secp256k1_fe_set_int( . , 0 ) from secp256k1_fe_clear() 1c081262 Add secp256k1_memclear() for clearing secret data 1464f15c Merge bitcoin-core/secp256k1#1625: util: Remove unused (u)int64_t formatting macros 980c08df util: Remove unused (u)int64_t formatting macros 9b7c59cb Merge bitcoin-core/secp256k1#1624: ci: Update macOS image 096e3e23 ci: Update macOS image e7d38448 Don't clear secrets in pippenger implementation 68b55209 Merge bitcoin-core/secp256k1#1619: musig: ctimetests: fix _declassify range for generated nonce points f0868a9b Merge bitcoin-core/secp256k1#1595: build: 45839th attempt to fix symbol visibility on Windows 1fae76f5 Merge bitcoin-core/secp256k1#1620: Remove unused scratch space from API 8be3839f Remove unused scratch space from API 57eda3ba musig: ctimetests: fix _declassify range for generated nonce points 87384f5c cmake, test: Add `secp256k1_` prefix to test names e59158b6 Merge bitcoin-core/secp256k1#1553: cmake: Set top-level target output locations 18f9b967 Merge bitcoin-core/secp256k1#1616: examples: do not retry generating seckey randomness in musig 5bab8f6d examples: make key generation doc consistent e8908221 examples: do not retry generating seckey randomness in musig 70b6be18 extrakeys: improve doc of keypair_create (don't suggest retry) 01b58933 Merge bitcoin-core/secp256k1#1599: #1570 improve examples: remove key generation loop cd4f84f3 Improve examples/documentation: remove key generation loops a88aa935 Merge bitcoin-core/secp256k1#1603: f can never equal -m 3660fe5e Merge bitcoin-core/secp256k1#1479: Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 168c9201 build: allow enabling the musig module in cmake f411841a Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 0be79660 util: add constant-time is_zero_array function c8fbdb1b group: add ge_to_bytes_ext and ge_from_bytes_ext ef7ff034 f can never equal -m c232486d Revert "cmake: Set `ENVIRONMENT` property for examples on Windows" 26e4a7c2 cmake: Set top-level target output locations 4c57c7a5 Merge bitcoin-core/secp256k1#1554: cmake: Clean up testing code 447334cb include: Avoid visibility("default") on Windows 472faaa8 Merge bitcoin-core/secp256k1#1604: doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 292310fb doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 2f2ccc46 Merge bitcoin-core/secp256k1#1600: cmake: Introduce `SECP256K1_APPEND_LDFLAGS` variable 421ed1b4 cmake: Introduce `SECP256K1_APPEND_LDFLAGS` variable 85e224dd group: add ge_to_bytes and ge_from_bytes 19888550 Merge bitcoin-core/secp256k1#1586: fix: remove duplicate 'the' from header file comment b3076144 Merge bitcoin-core/secp256k1#1583: ci: Bump GCC_SNAPSHOT_MAJOR to 15 fa67b675 refactor: Use array initialization for unterminated strings 9b0f37bf fix: remove duplicate 'the' from header file comment e34b4767 ci: Bump GCC_SNAPSHOT_MAJOR to 15 3fdf146b Merge bitcoin-core/secp256k1#1578: ci: Silent Homebrew's noisy reinstall warnings f8c1b0e0 Merge bitcoin-core/secp256k1#1577: release cleanup: bump version after 0.5.1 7057d3c9 ci: Silent Homebrew's noisy reinstall warnings c3e40d75 release cleanup: bump version after 0.5.1 642c885b Merge bitcoin-core/secp256k1#1575: release: prepare for 0.5.1 cdf08c1a Merge bitcoin-core/secp256k1#1576: doc: mention `needs-changelog` github label in release process 40d87b8e release: prepare for 0.5.1 57702261 changelog: clarify CMake option 759bd4bb doc: mention `needs-changelog` github label in release process fded437c Merge bitcoin-core/secp256k1#1574: Fix compilation when extrakeys module isn't enabled 763d938c ci: only enable extrakeys module when schnorrsig is enabled af551ab9 tests: do not use functions from extrakeys module 0055b867 Merge bitcoin-core/secp256k1#1551: Add ellswift usage example ea2d5f0f Merge bitcoin-core/secp256k1#1563: doc: Add convention for defaults ca06e58b Merge bitcoin-core/secp256k1#1564: build, ci: Adjust the default size of the precomputed table for signing e2af4912 ci: Switch to the new default value of the precomputed table for signing d94a9273 build: Adjust the default size of the precomputed table for signing fcc5d738 Merge bitcoin-core/secp256k1#1565: cmake: Bump CMake minimum required version up to 3.16 9420eece cmake: Bump CMake minimum required version up to 3.16 16685649 doc: Add convention for defaults a5269373 Merge bitcoin-core/secp256k1#1555: Fixed O3 replacement b8fe3333 cmake: Fixed O3 replacement 7c987ec8 cmake: Call `enable_testing()` unconditionally 6aa57651 cmake: Delete `CTest` module 31f84595 Add ellswift usage example fe4fbaa7 examples: fix case typos in secret clearing paragraphs (s/, Or/, or/) 4af241b3 Merge bitcoin-core/secp256k1#1535: build: Replace hardcoded "auto" value with default one f473c959 Merge bitcoin-core/secp256k1#1543: cmake: Do not modify build types when integrating by downstream project d403eea4 Merge bitcoin-core/secp256k1#1546: cmake: Rename `SECP256K1_LATE_CFLAGS` and switch to Bitcoin Core's approach d7ae25ce Merge bitcoin-core/secp256k1#1550: fix: typos in secp256k1.c 0e2fadb2 fix: typos in secp256k1.c 69b2192a Merge bitcoin-core/secp256k1#1545: cmake: Do not set `CTEST_TEST_TARGET_ALIAS` 5dd637f3 Merge bitcoin-core/secp256k1#1548: README: mention ellswift module 7454a537 README: mention ellswift module 4706be2c cmake: Reimplement `SECP256K1_APPEND_CFLAGS` using Bitcoin Core approach c2764dbb cmake: Rename `SECP256K1_LATE_CFLAGS` to `SECP256K1_APPEND_CFLAGS` f87a3589 cmake: Do not set `CTEST_TEST_TARGET_ALIAS` 158f9e5e cmake: Do not modify build types when integrating by downstream project 35c0fdc8 Merge bitcoin-core/secp256k1#1529: cmake: Fix cache issue when integrating by downstream project 4392f0f7 Merge bitcoin-core/secp256k1#1533: tests: refactor: tidy up util functions (#1491) bedffd53 Merge bitcoin-core/secp256k1#1488: ci: Add native macOS arm64 job 4b8d5eea Merge bitcoin-core/secp256k1#1532: cmake: Disable eager MSan in ctime_tests f55703ba autotools: Delete unneeded compiler test 396e8858 autotools: Align MSan checking code with CMake's implementation abde59f5 cmake: Report more compiler details in summary 7abf979a cmake: Disable `ctime_tests` if build with `-fsanitize=memory` 4d9645be cmake: Remove "AUTO" value of `SECP256K1_ECMULT_GEN_KB` option a06805ee cmake: Remove "AUTO" value of `SECP256K1_ECMULT_WINDOW_SIZE` option 1791f6fc Merge bitcoin-core/secp256k1#1517: autotools: Disable eager MSan in ctime_tests 26b94ee9 autotools: Remove "auto" value of `--with-ecmult-gen-kb` option 122dbaeb autotools: Remove "auto" value of `--with-ecmult-window` option e73f6f8f tests: refactor: drop `secp256k1_` prefix from testrand.h functions 0ee7453a tests: refactor: add `testutil_` prefix to testutil.h functions 0c6bc76d tests: refactor: move `random_` helpers from tests.c to testutil.h 0fef8479 tests: refactor: rename `random_field_element_magnitude` -> `random_fe_magnitude` 59db007f tests: refactor: rename `random_group_element_...` -> `random_ge_...` ebfb82ee ci: Add job with -fsanitize-memory-param-retval e1bef096 configure: Move "experimental" warning to bottom 55e5d975 autotools: Disable eager MSan in ctime_tests 06bff6de Merge bitcoin-core/secp256k1#1528: tests: call `secp256k1_ecmult_multi_var` with a non-`NULL` error callback ec4c002f cmake: Simplify `PROJECT_IS_TOP_LEVEL` emulation cae9a7ad cmake: Do not set emulated PROJECT_IS_TOP_LEVEL as cache variable 4155e62f Merge bitcoin-core/secp256k1#1526: cmake: Fix `check_arm32_assembly` when using as subproject 9554362b tests: call secp256k1_ecmult_multi_var with a non-NULL error callback 9f4c8cd7 cmake: Fix `check_arm32_assembly` when using as subproject 7712a530 Merge bitcoin-core/secp256k1#1524: check-abi: explicitly provide public headers 7d0bc087 Merge bitcoin-core/secp256k1#1525: changelog: Correct 0.5.0 release date d45d9b74 changelog: Correct 0.5.0 release date d7f6613d Merge bitcoin-core/secp256k1#1523: release cleanup: bump version after 0.5.0 2f05e2da release cleanup: bump version after 0.5.0 e3a885d4 Merge bitcoin-core/secp256k1#1522: release: prepare for 0.5.0 dd695563 check-abi: explicitly provide public headers c0e4ec3f release: prepare for 0.5.0 bb528cfb Merge bitcoin-core/secp256k1#1518: Add secp256k1_pubkey_sort 7d2591ce Add secp256k1_pubkey_sort da515074 Merge bitcoin-core/secp256k1#1058: Signed-digit multi-comb ecmult_gen algorithm 4c341f89 Add changelog entry for SDMC a0439402 Permit COMB_BITS < 256 for exhaustive tests 39b2f2a3 Add test case for ecmult_gen recoded = {-1,0,1} 644e86de Reintroduce projective blinding 07810d9a Reduce side channels from single-bit reads a0d32b59 Optimization: use Nx32 representation for recoded bits e03dcc44 Make secp256k1_scalar_get_bits support 32-bit reads 5005abee Rename scalar_get_bits -> scalar_get_bits_limb32; return uint32_t 6247f485 Optimization: avoid unnecessary doublings in precomputation 15d0cca2 Optimization: first table lookup needs no point addition 7a33db35 Optimization: move (2^COMB_BITS-1)/2 term into ctx->scalar_offset ed2a056f Provide 3 configurations accessible through ./configure 5f7be9f6 Always generate tables for current (blocks,teeth) config fde1dfcd Signed-digit multi-comb ecmult_gen algorithm 486518b3 Make exhaustive tests's scalar_inverse(&x,&x) work ab45c3e0 Initial gej blinding -> final ge blinding aa00a6b8 Introduce CEIL_DIV macro and use it d8311688 Merge bitcoin-core/secp256k1#1515: ci: Note affected clangs in comment on ASLR quirk a85e2233 ci: Note affected clangs in comment on ASLR quirk 4b77fec6 Merge bitcoin-core/secp256k1#1512: msan: notate more variable assignments from assembly code f7f0184b msan: notate more variable assignments from assembly code a6133914 change inconsistent array param to pointer 05bfab69 Merge bitcoin-core/secp256k1#1507: ci: Add workaround for ASLR bug in sanitizers a5e8ab24 ci: Add sanitizer env variables to debug output 84a93de4 ci: Add workaround for ASLR bug in sanitizers 427e86b9 Merge bitcoin-core/secp256k1#1490: tests: improve fe_sqr test (issue #1472) 2028069d doc: clarify input requirements for secp256k1_fe_mul 11420a7a tests: improve fe_sqr test cdc9a625 Merge bitcoin-core/secp256k1#1489: tests: add missing fe comparison checks for inverse field test cases d926510c Merge bitcoin-core/secp256k1#1496: msan: notate variable assignments from assembly code 31ba4049 msan: notate variable assignments from assembly code e7ea32e3 msan: Add SECP256K1_CHECKMEM_MSAN_DEFINE which applies to memory sanitizer and not valgrind e7bdddd9 refactor: rename `check_fe_equal` -> `fe_equal` 00111c9c tests: add missing fe comparison checks for inverse field test cases 218f0cc9 ci: Add native macOS arm64 job 0653a25d Merge bitcoin-core/secp256k1#1486: ci: Update cache action 94a14d52 ci: Update cache action 24836272 Merge bitcoin-core/secp256k1#1483: cmake: Recommend native CMake commands in README 5ad3aa3d Merge bitcoin-core/secp256k1#1484: tests: Drop redundant _scalar_check_overflow calls 51df2d9a tests: Drop redundant _scalar_check_overflow calls 3777e3f3 cmake: Recommend native CMake commands in README git-subtree-dir: Vendor/secp256k1-zkp git-subtree-split: 42ae776d3b49f27f2a1edd5ec62c023e05b93607 * chore(deps): update subtree secp256k1-zkp to 42ae776d * refactor(musig): remove libsecp256k1_zkp conditional compilation for pubkey sorting --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: csjones <csjones@users.noreply.github.com>

Use size_t instead of int for RFC6979 outlen copy

960ba5f

If outlen is > INT_MAX, could trigger segfault or hang after copy int now = outlen.

real-or-random reviewed Sep 1, 2025

View reviewed changes

real-or-random approved these changes Sep 1, 2025

View reviewed changes

real-or-random added assurance tweak/refactor labels Sep 1, 2025

theStack approved these changes Sep 2, 2025

View reviewed changes

real-or-random merged commit 8113671 into bitcoin-core:master Sep 2, 2025
116 checks passed

john-moffett mentioned this pull request Sep 8, 2025

"implicit conversion loses integer precision" warnings #1617

Open

DarkWindman mentioned this pull request Feb 25, 2026

Upstream PRs 1711, 1688, 1717, 1720, 1722, 1726, 1725, 1729, 1731, 1681, 1737, 1738 BlockstreamResearch/secp256k1-zkp#327

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

hash: Use size_t instead of int for RFC6979 outlen copy#1729

hash: Use size_t instead of int for RFC6979 outlen copy#1729
real-or-random merged 1 commit intobitcoin-core:masterfrom
john-moffett:fix-rfc6979-size_t

john-moffett commented Sep 1, 2025

Uh oh!

fanquake commented Sep 1, 2025

Uh oh!

john-moffett commented Sep 1, 2025

Uh oh!

real-or-random Sep 1, 2025 •

edited

Loading

Uh oh!

john-moffett Sep 2, 2025

Uh oh!

real-or-random left a comment

Uh oh!

theStack left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

john-moffett commented Sep 1, 2025

Uh oh!

fanquake commented Sep 1, 2025

Uh oh!

john-moffett commented Sep 1, 2025

Uh oh!

real-or-random Sep 1, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

john-moffett Sep 2, 2025

Choose a reason for hiding this comment

Uh oh!

real-or-random left a comment

Choose a reason for hiding this comment

Uh oh!

theStack left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

real-or-random Sep 1, 2025 •

edited

Loading