1897b8e Merge pull request #229efc571c Add simple testcases for signing with rfc6979 extra entropy.
1573a10 Add ability to pass extra entropy to rfc6979
3087bc4 Merge pull request #228d9b9f11 Merge pull request #2180065a8f Eliminate multiple-returns from secp256k1.c.
354ffa3 Make secp256k1_ec_pubkey_create reject oversized secrets.
27bc131 Silence some warnings from pedantic static analysis tools, improve compatibility with C++.
3b7ea63 Merge pull request #221f789c5b Merge pull request #2154bc273b Merge pull request #222137a8ec Merge pull request #2167c3771d Disable overlength-strings warnings.
8956111 use 128-bit hex seed
02efd06 Use RFC6979 for test PRNGs
ae55e85 Use faster byteswapping and avoid alignment-increasing casts.
443cd4b Get rid of hex format and some binary conversions
0bada0e Merge #214: Improve signing API documentation & specification
8030d7c Improve signing API documentation & specification
7b2fc1c Merge #213: Removed gotos, which are hard to trace and maintain.
11690d3 Removed gotos, which are hard to trace and maintain.
122a1ec Merge pull request #205035406d Merge pull request #2062d4cd53 Merge pull request #16134b898d Additional comments for the testing PRNG and a seeding fix.
6efd6e7 Some comments explaining some of the constants in the code.
ffccfd2 x86_64 assembly optimization for scalar_4x64
67cbdf0 Merge pull request #207039723d Benchmarks for all internal operations
6cc8425 Include a comment on secp256k1_ecdsa_sign explaining low-s.
f88343f Merge pull request #203d61e899 Add group operation counts
2473f17 Merge pull request #202b5bbce6 Some readme updates, e.g. removal of the GMP field.
f0d851e Merge pull request #201a0ea884 Merge pull request #200f735446 Convert the rest of the codebase to C89.
bf2e1ac Convert tests to C89. (also fixes a use of bare "inline" in field)
fc8285f Merge pull request #199fff412e Merge pull request #1974be8d6f Centralize the definition of uint128_t and use it uniformly.
d9543c9 Switch scalar code to C89.
fcc48c4 Remove the non-storage cmov
55422b6 Switch ecmult_gen to use storage types
41f8455 Use group element storage type in EC multiplications
e68d720 Add group element storage type
ff889f7 Field storage type
7137be8 Merge pull request #1960768bd5 Get rid of variable-length hex string conversions
e84e761 Merge pull request #195792bcdb Covert several more files to C89.
45cdf44 Merge pull request #19317db09e Merge pull request #194402878a fix ifdef/ifndef
25b35c7 Convert field code to strict C89 (+ long long, +__int128)
3627437 C89 nits and dead code removal.
a9f350d Merge pull request #1914732d26 Convert the field/group/ecdsa constant initialization to static consts
19f3e76 Remove unused secp256k1_fe_inner_{start, stop} functions
f1ebfe3 Convert the scalar constant initialization to static consts
git-subtree-dir: src/secp256k1
git-subtree-split: 1897b8e90b
50cc6ab Merge pull request #178941e221 Add tests for handling of the nonce function in signing.
10c81ff Merge pull request #1777688e34 Add magnitude limits to secp256k1_fe_verify to ensure that it's own tests function correctly.
4ee4f7a Merge pull request #17670ae0d2 Use secp256k1_fe_equal_var in secp256k1_fe_sqrt_var.
7767b4d Merge pull request #1759ab9335 Add a reference consistency test to ge_tests.
60571c6 Rework group tests
d26e26f Avoid constructing an invalid signature with probability 1:2^256.
b450c34 Merge pull request #163d57cae9 Merge pull request #15449ee0db Add _normalizes_to_zero_var variant
eed599d Add _fe_normalizes_to_zero method
d7174ed Weak normalization for secp256k1_fe_equal
0295f0a weak normalization
bbd5ba7 Use rfc6979 as default nonce generation function
b37fbc2 Implement SHA256 / HMAC-SHA256 / RFC6979.
c6e7f4e [API BREAK] Use a nonce-generation function instead of a nonce
cf0c48b Merge pull request #169603c33b Make signing fail if a too small buffer is passed.
6d16606 Merge pull request #1687277fd7 Remove GMP field implementation
e99c4c4 Merge pull request #12313278f6 Add explanation about how inversion can be avoided
ce7eb6f Optimize verification: avoid field inverse
a098f78 Merge pull request #16038acd01 Merge pull request #1656a59012 Make git ignore bench_recover when configured with benchmark enabled
1ba4a60 Configure options reorganization
3c0f246 Merge pull request #157808dd9b Merge pull request #1568dc75e9 Merge pull request #15828ade27 build: nuke bashisms
5190079 build: use subdir-objects for automake
8336040 build: disable benchmark by default
git-subtree-dir: src/secp256k1
git-subtree-split: 50cc6ab062
bccaf86 Merge pull request #1502a53a47 Merge pull request #1515f5a31f Merge pull request #1493907277 Merge pull request #142a3e0611 Enable tests in x86 travis builds
45da235 x86 builder
8bb0e93 Merge pull request #155971fe81 build: fix openssl detection for cross builds
f22d73e Explicitly access %0..%2 as 64-bit so we use the right registers for x32 ABI
e66d4d6 Avoid the stack in assembly and use explicit registers
cf7b2b4 Fix ECDSA message hashes to 32 bytes
056ad31 Really compile with -O3 by default
74ad63a Merge pull request #1469000458 Merge pull request #1451f46b00 build: fix __builtin_expect detection for clang
aaba2e0 Merge pull request #1368a0775c Merge pull request #144ee1eaa7 Merge pull request #141c88e2b8 Compile with -O3 by default
6558a26 Make the benchmarks print out stats
000bdf6 Rename bench_verify to bench_recovery
7c6fed2 Add a few more additional tests.
992e03b travis: add clang to the test matrix
b43b79a Merge pull request #143e06a924 Include time.h header for time().
8d11164 Add some additional tests.
3545627 Merge pull request #1186a9901e Merge pull request #137376b28b Merge pull request #1281728806 Merge pull request #138a5759c5 Check return value of malloc
39bd94d Variable time normalize
ad86bdf Merge pull request #14054b768c Another redundant secp256k1_fe_normalize
69dcaab Merge pull request #1391c29f2e Remove redundant secp256k1_fe_normalize from secp256k1_gej_add_ge_var.
2b9388b Remove unused secp256k1_fe_inv_all
f461b76 Allocate precomputation arrays on the heap
b2c9681 Make {mul,sqr}_inner use the same argument order as {mul,sqr}
6793505 Convert YASM code into inline assembly
f048615 Rewrite field assembly to match the C version
3ce74b1 Tweak precomputed table size for G
git-subtree-dir: src/secp256k1
git-subtree-split: bccaf86caa
b0210a9 Merge pull request #135ee3eb4b Fix a memory leak and add a number of small tests.
4d879a3 Merge pull request #134d5e8362 Merge pull request #1277b92cf6 Merge pull request #1320bf70a5 Merge pull request #13329ae131 Make scalar_add_bit test's overflow detection exact
9048def Avoid undefined shift behaviour
efb7d4b Use constant-time conditional moves instead of byte slicing
d220062 Merge pull request #13182f9254 Fix typo
601ca04 Merge pull request #12935399e0 Bugfix: b is restricted, not r
c35ff1e Convert lambda splitter to pure scalar code.
cc604e9 Avoid division when decomposing scalars
ff8746d Add secp256k1_scalar_mul_shift_var
bd313f7 Merge pull request #119276f987 Merge pull request #12425d125e Merge pull request #12624b3c65 Add a test case for ECDSA recomputing infinity
32600e5 Add a test for r >= order signature handling
4d4eeea Make secp256k1_fe_mul_inner use the r != property
be82e92 Require that r and b are different for field multiplication.
597128d Make num optional
659b554 Make constant initializers independent from num
0af5b47 Merge pull request #120e2e8a36 Merge pull request #117c76be9e Remove unused num functions
4285a98 Move lambda-splitting code to scalar.
f24041d Switch all EC/ECDSA logic from num to scalar
6794be6 Add scalar splitting functions
d1502eb Add secp256k1_scalar_inverse_var which delegates to GMP
b5c9ee7 Make test_point_times_order test meaningful again
0b73059 Switch wnaf splitting from num-based to scalar-based
1e6c77c Generalize secp256k1_scalar_get_bits
5213207 Add secp256k1_scalar_add_bit
3c0ae43 Merge pull request #1226e05287 Do signature recovery/verification with 4 possible recid case
e3d692f Explain why no y=0 check is necessary for doubling
f7dc1c6 Optimize doubling: secp256k1 has no y=0 point
666d3b5 Merge pull request #1212a54f9b Correct typo in comment
9d64145 Merge pull request #11499f0728 Fix secp256k1_num_set_bin handling of 0
d907ebc Add bounds checking to field element setters
bb2cd94 Merge pull request #116665775b Don't split the g factor when not using endomorphism
9431d6b Merge pull request #115e2274c5 build: osx: attempt to work with homebrew keg-only packages
git-subtree-dir: src/secp256k1
git-subtree-split: b0210a95da
