Skip to content

Commit

Permalink
Squashed 'src/secp256k1/' changes from efe85c70a2..d8311688bd
Browse files Browse the repository at this point in the history 
d8311688bd Merge bitcoin-core/secp256k1#1515: ci: Note affected clangs in comment on ASLR quirk
a85e2233e7 ci: Note affected clangs in comment on ASLR quirk
4b77fec67a Merge bitcoin-core/secp256k1#1512: msan: notate more variable assignments from assembly code
f7f0184ba1 msan: notate more variable assignments from assembly code
a61339149f change inconsistent array param to pointer
05bfab69ae Merge bitcoin-core/secp256k1#1507: ci: Add workaround for ASLR bug in sanitizers
a5e8ab2484 ci: Add sanitizer env variables to debug output
84a93de4d2 ci: Add workaround for ASLR bug in sanitizers
427e86b9ed Merge bitcoin-core/secp256k1#1490: tests: improve fe_sqr test (issue #1472)
2028069df2 doc: clarify input requirements for secp256k1_fe_mul
11420a7a28 tests: improve fe_sqr test
cdc9a6258e Merge bitcoin-core/secp256k1#1489: tests: add missing fe comparison checks for inverse field test cases
d926510cf7 Merge bitcoin-core/secp256k1#1496: msan: notate variable assignments from assembly code
31ba404944 msan: notate variable assignments from assembly code
e7ea32e30a msan: Add SECP256K1_CHECKMEM_MSAN_DEFINE which applies to memory sanitizer and not valgrind
e7bdddd9c9 refactor: rename `check_fe_equal` -> `fe_equal`
00111c9c56 tests: add missing fe comparison checks for inverse field test cases
0653a25d50 Merge bitcoin-core/secp256k1#1486: ci: Update cache action
94a14d5290 ci: Update cache action
2483627299 Merge bitcoin-core/secp256k1#1483: cmake: Recommend native CMake commands in README
5ad3aa3dcd Merge bitcoin-core/secp256k1#1484: tests: Drop redundant _scalar_check_overflow calls
51df2d9ab3 tests: Drop redundant _scalar_check_overflow calls
3777e3f36a cmake: Recommend native CMake commands in README
e4af41c61b Merge bitcoin-core/secp256k1#1249: cmake: Add `SECP256K1_LATE_CFLAGS` configure option
3bf4d68fc0 Merge bitcoin-core/secp256k1#1482: build: Clean up handling of module dependencies
e6822678ea build: Error if required module explicitly off
89ec583ccf build: Clean up handling of module dependencies
44378867a0 Merge bitcoin-core/secp256k1#1468: v0.4.1 release aftermath
a9db9f2d75 Merge bitcoin-core/secp256k1#1480: Get rid of untested sizeof(secp256k1_ge_storage) == 64 code path
74b7c3b53e Merge bitcoin-core/secp256k1#1476: include: make docs more consistent
b37fdb28ce check-abi: Minor UI improvements
ad5f589a94 check-abi: Default to HEAD for new version
9fb7e2f156 release process: Style and formatting nits
ba5d72d626 assumptions: Use new STATIC_ASSERT macro
e53c2d9ffc Require that sizeof(secp256k1_ge_storage) == 64
d0ba2abbff util: Add STATIC_ASSERT macro
da7bc1b803 include: in doc, remove article in front of "pointer"
aa3dd5280b include: make doc about ctx more consistent
e3f690015a include: remove obvious "cannot be NULL" doc
d373bf6d08 Merge bitcoin-core/secp256k1#1474: tests: restore scalar_mul test
79e094517c Merge bitcoin-core/secp256k1#1473: Fix typos
3dbfb48946 tests: restore scalar_mul test
d77170a88d Fix typos
e7053d065b release process: Add email step
429d21dc79 release process: Run sanity checks on release PR
42f8c51402 cmake: Add `SECP256K1_LATE_CFLAGS` configure option

git-subtree-dir: src/secp256k1
git-subtree-split: d8311688bd383d3a923a1b11789cded3cc8e5e03
  • Loading branch information
@fanquake @janus
fanquake authored and janus committed Jun 3, 2024
1 parent 1093da6 commit 9392628
Show file tree
Hide file tree
Showing 27 changed files with 366 additions and 369 deletions.
2 changes: 1 addition & 1 deletion .github/actions/install-homebrew-valgrind/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ runs:
cat valgrind_fingerprint
shell: bash
- uses: actions/cache@v3
- uses: actions/cache@v4
id: cache
with:
path: ${{ env.CI_HOMEBREW_CELLAR_VALGRIND }}
Expand Down
5 changes: 5 additions & 0 deletions .github/actions/run-in-docker-action/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,11 @@ runs:
load: true
cache-from: type=gha

- # Workaround for https://github.com/google/sanitizers/issues/1614 .
# The underlying issue has been fixed in clang 18.1.3.
run: sudo sysctl -w vm.mmap_rnd_bits=28
shell: bash

- # Tell Docker to pass environment variables in `env` into the container.
run: >
docker run \
Expand Down
2 changes: 1 addition & 1 deletion CONTRIBUTING.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ The Contributor Workflow & Peer Review in libsecp256k1 are similar to Bitcoin Co

In addition, libsecp256k1 tries to maintain the following coding conventions:

* No runtime heap allocation (e.g., no `malloc`) unless explicitly requested by the caller (via `secp256k1_context_create` or `secp256k1_scratch_space_create`, for example). Morever, it should be possible to use the library without any heap allocations.
* No runtime heap allocation (e.g., no `malloc`) unless explicitly requested by the caller (via `secp256k1_context_create` or `secp256k1_scratch_space_create`, for example). Moreover, it should be possible to use the library without any heap allocations.
* The tests should cover all lines and branches of the library (see [Test coverage](#coverage)).
* Operations involving secret data should be tested for being constant time with respect to the secrets (see [src/ctime_tests.c](src/ctime_tests.c)).
* Local variables containing secret data should be cleared explicitly to try to delete secrets from memory.
Expand Down
6 changes: 3 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,9 +101,9 @@ To maintain a pristine source tree, CMake encourages to perform an out-of-source

$ mkdir build && cd build
$ cmake ..
$ make
$ make check # run the test suite
$ sudo make install # optional
$ cmake --build .
$ ctest # run the test suite
$ sudo cmake --build . --target install # optional

To compile optional modules (such as Schnorr signatures), you need to run `cmake` with additional flags (such as `-DSECP256K1_ENABLE_MODULE_SCHNORRSIG=ON`). Run `cmake .. -LH` to see the full list of available flags.

Expand Down
3 changes: 2 additions & 1 deletion ci/ci.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@ print_environment() {
SECP256K1_TEST_ITERS BENCH SECP256K1_BENCH_ITERS CTIMETESTS\
EXAMPLES \
HOST WRAPPER_CMD \
CC CFLAGS CPPFLAGS AR NM
CC CFLAGS CPPFLAGS AR NM \
UBSAN_OPTIONS ASAN_OPTIONS LSAN_OPTIONS
do
eval "isset=\${$var+x}"
if [ -n "$isset" ]; then
Expand Down
126 changes: 17 additions & 109 deletions configure.ac
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1541,126 +1541,34 @@ fi

dnl ZMQ check

if test "$use_zmq" = "yes"; then
PKG_CHECK_MODULES([ZMQ], [libzmq >= 4],
AC_DEFINE([ENABLE_ZMQ], [1], [Define this symbol to enable ZMQ functions]),
[AC_MSG_WARN([libzmq version 4.x or greater not found, disabling])
use_zmq=no])
# Processing must be done in a reverse topological sorting of the dependency graph
# (dependent module first).
if test x"$enable_module_ellswift" = x"yes"; then
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_ELLSWIFT=1"
fi

if test "$use_zmq" = "yes"; then
dnl Assume libzmq was built for static linking
case $host in
*mingw*)
ZMQ_CFLAGS="$ZMQ_CFLAGS -DZMQ_STATIC"
;;
esac
fi

AM_CONDITIONAL([ENABLE_ZMQ], [test "$use_zmq" = "yes"])

dnl libmultiprocess library check

libmultiprocess_found=no
if test "$with_libmultiprocess" = "yes" || test "$with_libmultiprocess" = "auto"; then
PKG_CHECK_MODULES([LIBMULTIPROCESS], [libmultiprocess], [
libmultiprocess_found=yes;
libmultiprocess_prefix=`$PKG_CONFIG --variable=prefix libmultiprocess`;
], [true])
elif test "$with_libmultiprocess" != "no"; then
AC_MSG_ERROR([--with-libmultiprocess=$with_libmultiprocess value is not yes, auto, or no])
fi

dnl Enable multiprocess check

if test "$enable_multiprocess" = "yes"; then
if test "$libmultiprocess_found" != "yes"; then
AC_MSG_ERROR([--enable-multiprocess=yes option specified but libmultiprocess library was not found. May need to install libmultiprocess library, or specify install path with PKG_CONFIG_PATH environment variable. Running 'pkg-config --debug libmultiprocess' may be helpful for debugging.])
if test x"$enable_module_schnorrsig" = x"yes"; then
if test x"$enable_module_extrakeys" = x"no"; then
AC_MSG_ERROR([Module dependency error: You have disabled the extrakeys module explicitly, but it is required by the schnorrsig module.])
fi
build_multiprocess=yes
elif test "$enable_multiprocess" = "auto"; then
build_multiprocess=$libmultiprocess_found
else
build_multiprocess=no
enable_module_extrakeys=yes
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_SCHNORRSIG=1"
fi

AM_CONDITIONAL([BUILD_MULTIPROCESS], [test "$build_multiprocess" = "yes"])
AM_CONDITIONAL([BUILD_BGL_NODE], [test "$build_multiprocess" = "yes"])
AM_CONDITIONAL([BUILD_BGL_GUI], [test "$build_multiprocess" = "yes"])

dnl codegen tools check

if test "$build_multiprocess" != "no"; then
if test "$with_mpgen" = "yes" || test "$with_mpgen" = "auto"; then
MPGEN_PREFIX="$libmultiprocess_prefix"
elif test "$with_mpgen" != "no"; then
MPGEN_PREFIX="$with_mpgen";
fi
AC_SUBST(MPGEN_PREFIX)
if test x"$enable_module_extrakeys" = x"yes"; then
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_EXTRAKEYS=1"
fi

AC_MSG_CHECKING([whether to build BGLd])
AM_CONDITIONAL([BUILD_BGLD], [test $build_BGLd = "yes"])
AC_MSG_RESULT($build_BGLd)

AC_MSG_CHECKING([whether to build BGL-cli])
AM_CONDITIONAL([BUILD_BGL_CLI], [test $build_BGL_cli = "yes"])
AC_MSG_RESULT($build_BGL_cli)

AC_MSG_CHECKING([whether to build BGL-tx])
AM_CONDITIONAL([BUILD_BGL_TX], [test $build_BGL_tx = "yes"])
AC_MSG_RESULT($build_BGL_tx)

AC_MSG_CHECKING([whether to build BGL-wallet])
AM_CONDITIONAL([BUILD_BGL_WALLET], [test $build_BGL_wallet = "yes"])
AC_MSG_RESULT($build_BGL_wallet)

AC_MSG_CHECKING([whether to build BGL-util])
AM_CONDITIONAL([BUILD_BGL_UTIL], [test $build_BGL_util = "yes"])
AC_MSG_RESULT($build_BGL_util)

AC_MSG_CHECKING([whether to build experimental BGL-chainstate])
if test "$build_BGL_chainstate" = "yes"; then
if test "$build_experimental_kernel_lib" = "no"; then
AC_MSG_ERROR([experimental BGL-chainstate cannot be built without the experimental BGLkernel library. Use --with-experimental-kernel-lib]);
fi
if test x"$enable_module_recovery" = x"yes"; then
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_RECOVERY=1"
fi
AM_CONDITIONAL([BUILD_BGL_CHAINSTATE], [test $build_BGL_chainstate = "yes"])
AC_MSG_RESULT($build_BGL_chainstate)

AM_CONDITIONAL([BUILD_BGL_KERNEL_LIB], [test "$build_experimental_kernel_lib" != "no" && ( test "$build_experimental_kernel_lib" = "yes" || test "$build_BGL_chainstate" = "yes" )])

AC_LANG_POP

if test "$use_ccache" != "no"; then
AC_MSG_CHECKING([if ccache should be used])
if test "$CCACHE" = ""; then
if test "$use_ccache" = "yes"; then
AC_MSG_ERROR([ccache not found.]);
else
use_ccache=no
fi
else
use_ccache=yes
CC="$ac_cv_path_CCACHE $CC"
CXX="$ac_cv_path_CCACHE $CXX"
fi
AC_MSG_RESULT($use_ccache)
if test "$use_ccache" = "yes"; then
AX_CHECK_COMPILE_FLAG([-fdebug-prefix-map=A=B], [DEBUG_CXXFLAGS="$DEBUG_CXXFLAGS -fdebug-prefix-map=\$(abs_top_srcdir)=."], [], [$CXXFLAG_WERROR])
AX_CHECK_PREPROC_FLAG([-fmacro-prefix-map=A=B], [DEBUG_CPPFLAGS="$DEBUG_CPPFLAGS -fmacro-prefix-map=\$(abs_top_srcdir)=."], [], [$CXXFLAG_WERROR])
fi
if test x"$enable_module_ecdh" = x"yes"; then
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_ECDH=1"
fi

dnl enable wallet
AC_MSG_CHECKING([if wallet should be enabled])
if test "$enable_wallet" != "no"; then
AC_MSG_RESULT([yes])
AC_DEFINE_UNQUOTED([ENABLE_WALLET],[1],[Define to 1 to enable wallet functions])
enable_wallet=yes

else
AC_MSG_RESULT([no])
if test x"$enable_external_default_callbacks" = x"yes"; then
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_EXTERNAL_DEFAULT_CALLBACKS=1"
fi

dnl enable upnp support
Expand Down
79 changes: 41 additions & 38 deletions doc/release-process.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Release Process
# Release process

This document outlines the process for releasing versions of the form `$MAJOR.$MINOR.$PATCH`.

Expand All @@ -17,8 +17,9 @@ This process also assumes that there will be no minor releases for old major rel
* Update manpages (see previous section)
* Write release notes (see "Write the release notes" below).

## Sanity Checks
Perform these checks before creating a release:
## Sanity checks
Perform these checks when reviewing the release PR (see below):


* On both the master branch and the new release branch:
- update `CLIENT_VERSION_MAJOR` in [`configure.ac`](../configure.ac)
Expand Down Expand Up @@ -121,7 +122,7 @@ git fetch origin "v${VERSION}"
git checkout "v${VERSION}"
popd
```
<<<<<<< HEAD


Ensure your guix.sigs are up-to-date if you wish to `guix-verify` your builds
against other `guix-attest` signatures.
Expand Down Expand Up @@ -153,28 +154,30 @@ pushd ./guix.sigs
git add "${VERSION}/${SIGNER}"/noncodesigned.SHA256SUMS{,.asc}
git commit -m "Add attestations by ${SIGNER} for ${VERSION} non-codesigned"
popd
=======

1. Ensure `make distcheck` doesn't fail.
```shell
./autogen.sh && ./configure --enable-dev-mode && make distcheck
```
2. Check installation with autotools:
```shell
dir=$(mktemp -d)
./autogen.sh && ./configure --prefix=$dir && make clean && make install && ls -RlAh $dir
gcc -o ecdsa examples/ecdsa.c $(PKG_CONFIG_PATH=$dir/lib/pkgconfig pkg-config --cflags --libs libsecp256k1) -Wl,-rpath,"$dir/lib" && ./ecdsa
```
```shell
dir=$(mktemp -d)
./autogen.sh && ./configure --prefix=$dir && make clean && make install && ls -RlAh $dir
gcc -o ecdsa examples/ecdsa.c $(PKG_CONFIG_PATH=$dir/lib/pkgconfig pkg-config --cflags --libs libsecp256k1) -Wl,-rpath,"$dir/lib" && ./ecdsa
```
3. Check installation with CMake:
```shell
dir=$(mktemp -d)
build=$(mktemp -d)
cmake -B $build -DCMAKE_INSTALL_PREFIX=$dir && cmake --build $build --target install && ls -RlAh $dir
gcc -o ecdsa examples/ecdsa.c -I $dir/include -L $dir/lib*/ -l secp256k1 -Wl,-rpath,"$dir/lib",-rpath,"$dir/lib64" && ./ecdsa
>>>>>>> 29fde0223a... Squashed 'src/secp256k1/' changes from 199d27cea3..efe85c70a2
```
4. Use the [`check-abi.sh`](/tools/check-abi.sh) tool to ensure there are no unexpected ABI incompatibilities and that the version number and release notes accurately reflect all potential ABI changes. To run this tool, the `abi-dumper` and `abi-compliance-checker` packages are required.

```shell
tools/check-abi.sh
```
```shell
dir=$(mktemp -d)
build=$(mktemp -d)
cmake -B $build -DCMAKE_INSTALL_PREFIX=$dir && cmake --build $build --target install && ls -RlAh $dir
gcc -o ecdsa examples/ecdsa.c -I $dir/include -L $dir/lib*/ -l secp256k1 -Wl,-rpath,"$dir/lib",-rpath,"$dir/lib64" && ./ecdsa
```
4. Use the [`check-abi.sh`](/tools/check-abi.sh) tool to verify that there are no unexpected ABI incompatibilities and that the version number and the release notes accurately reflect all potential ABI changes. To run this tool, the `abi-dumper` and `abi-compliance-checker` packages are required.
```shell
tools/check-abi.sh
```
<<<<<<< HEAD
Then open a Pull Request to the [guix.sigs repository](https://github.com/bitcoin-core/guix.sigs).
## Codesigning
Expand Down Expand Up @@ -350,48 +353,48 @@ Notes:
* adding a section for the release (make sure that the version number is a link to a diff between the previous and new version),
* removing the `[Unreleased]` section header, and
* including an entry for `### ABI Compatibility` if it doesn't exist,
* sets `_PKG_VERSION_IS_RELEASE` to `true` in `configure.ac`, and
* if this is not a patch release
* updates `_PKG_VERSION_*` and `_LIB_VERSION_*` in `configure.ac` and
* sets `_PKG_VERSION_IS_RELEASE` to `true` in `configure.ac`, and,
* if this is not a patch release,
* updates `_PKG_VERSION_*` and `_LIB_VERSION_*` in `configure.ac`, and
* updates `project(libsecp256k1 VERSION ...)` and `${PROJECT_NAME}_LIB_VERSION_*` in `CMakeLists.txt`.
2. After the PR is merged, tag the commit and push it:
2. Perform the [sanity checks](#sanity-checks) on the PR branch.
3. After the PR is merged, tag the commit, and push the tag:
```
RELEASE_COMMIT=<merge commit of step 1>
git tag -s v$MAJOR.$MINOR.$PATCH -m "libsecp256k1 $MAJOR.$MINOR.$PATCH" $RELEASE_COMMIT
git push git@github.com:bitcoin-core/secp256k1.git v$MAJOR.$MINOR.$PATCH
```
3. Open a PR to the master branch with a commit (using message `"release cleanup: bump version after $MAJOR.$MINOR.$PATCH"`, for example) that
4. Open a PR to the master branch with a commit (using message `"release cleanup: bump version after $MAJOR.$MINOR.$PATCH"`, for example) that
* sets `_PKG_VERSION_IS_RELEASE` to `false` and increments `_PKG_VERSION_PATCH` and `_LIB_VERSION_REVISION` in `configure.ac`,
* increments the `$PATCH` component of `project(libsecp256k1 VERSION ...)` and `${PROJECT_NAME}_LIB_VERSION_REVISION` in `CMakeLists.txt`, and
* adds an `[Unreleased]` section header to the [CHANGELOG.md](../CHANGELOG.md).
If other maintainers are not present to approve the PR, it can be merged without ACKs.
4. Create a new GitHub release with a link to the corresponding entry in [CHANGELOG.md](../CHANGELOG.md).
5. Create a new GitHub release with a link to the corresponding entry in [CHANGELOG.md](../CHANGELOG.md).
6. Send an announcement email to the bitcoin-dev mailing list.
## Maintenance release
Note that bugfixes only need to be backported to releases for which no compatible release without the bug exists.
Note that bug fixes need to be backported only to releases for which no compatible release without the bug exists.
1. If there's no maintenance branch `$MAJOR.$MINOR`, create one:
```
git checkout -b $MAJOR.$MINOR v$MAJOR.$MINOR.$((PATCH - 1))
git push git@github.com:bitcoin-core/secp256k1.git $MAJOR.$MINOR
```
2. Open a pull request to the `$MAJOR.$MINOR` branch that
* includes the bugfixes,
* includes the bug fixes,
* finalizes the release notes similar to a regular release,
* increments `_PKG_VERSION_PATCH` and `_LIB_VERSION_REVISION` in `configure.ac`
and the `$PATCH` component of `project(libsecp256k1 VERSION ...)` and `${PROJECT_NAME}_LIB_VERSION_REVISION` in `CMakeLists.txt`
(with commit message `"release: bump versions for $MAJOR.$MINOR.$PATCH"`, for example).
3. After the PRs are merged, update the release branch and tag the commit:
3. Perform the [sanity checks](#sanity-checks) on the PR branch.
4. After the PRs are merged, update the release branch, tag the commit, and push the tag:
```
git checkout $MAJOR.$MINOR && git pull
git tag -s v$MAJOR.$MINOR.$PATCH -m "libsecp256k1 $MAJOR.$MINOR.$PATCH"
```
4. Push tag:
```
git push git@github.com:bitcoin-core/secp256k1.git v$MAJOR.$MINOR.$PATCH
```
5. Create a new GitHub release with a link to the corresponding entry in [CHANGELOG.md](../CHANGELOG.md).
6. Open PR to the master branch that includes a commit (with commit message `"release notes: add $MAJOR.$MINOR.$PATCH"`, for example) that adds release notes to [CHANGELOG.md](../CHANGELOG.md).
>>>>>>> 29fde0223a... Squashed 'src/secp256k1/' changes from 199d27cea3..efe85c70a2
6. Create a new GitHub release with a link to the corresponding entry in [CHANGELOG.md](../CHANGELOG.md).
7. Send an announcement email to the bitcoin-dev mailing list.
8. Open PR to the master branch that includes a commit (with commit message `"release notes: add $MAJOR.$MINOR.$PATCH"`, for example) that adds release notes to [CHANGELOG.md](../CHANGELOG.md).
Loading

0 comments on commit 9392628

Please sign in to comment.