phantom/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-01-26 11:13:23 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions
bitcoin/CHANGELOG.md
fanquake ff061fde18 Squashed 'src/secp256k1/' changes from 705ce7ed8c..c545fdc374 
c545fdc374 Merge bitcoin-core/secp256k1#1298: Remove randomness tests
b40e2d30b7 Merge bitcoin-core/secp256k1#1378: ellswift: fix probabilistic test failure when swapping sides
c424e2fb43 ellswift: fix probabilistic test failure when swapping sides
907a67212e Merge bitcoin-core/secp256k1#1313: ci: Test on development snapshots of GCC and Clang
0f7657d59c Merge bitcoin-core/secp256k1#1366: field: Use `restrict` consistently in fe_sqrt
cc55757552 Merge bitcoin-core/secp256k1#1340: clean up in-comment Sage code (refer to secp256k1_params.sage, update to Python3)
600c5adcd5 clean up in-comment Sage code (refer to secp256k1_params.sage, update to Python3)
981e5be38c ci: Fix typo in comment
e9e9648219 ci: Reduce number of macOS tasks from 28 to 8
609093b387 ci: Add x86_64 Linux tasks for gcc and clang snapshots
1deecaaf3b ci: Install development snapshots of gcc and clang
b79ba8aa4c field: Use `restrict` consistently in fe_sqrt
c9ebca95f9 Merge bitcoin-core/secp256k1#1363: doc: minor ellswift.md updates
afd7eb4a55 Merge bitcoin-core/secp256k1#1371: Add exhaustive tests for ellswift (with create+decode roundtrip)
2792119278 Add exhaustive test for ellswift (create+decode roundtrip)
c7d900ffd1 doc: minor ellswift.md updates
332af315fc Merge bitcoin-core/secp256k1#1344: group: save normalize_weak calls in `secp256k1_ge_is_valid_var`/`secp256k1_gej_eq_x_var`
9e6d1b0e9b Merge bitcoin-core/secp256k1#1367: build: Improvements to symbol visibility logic on Windows (attempt 3)
0aacf64352 Merge bitcoin-core/secp256k1#1370: Corrected some typos
b6b9834e8d small fixes
07c0e8b82e group: remove unneeded normalize_weak in `secp256k1_gej_eq_x_var`
3fc1de5c55 Merge bitcoin-core/secp256k1#1364: Avoid `-Wmaybe-uninitialized` when compiling with `gcc -O1`
fb758fe8d6 Merge bitcoin-core/secp256k1#1323: tweak_add: fix API doc for tweak=0
c6cd2b15a0 ci: Add task for static library on Windows + CMake
020bf69a44 build: Add extensive docs on visibility issues
0196e8ade1 build: Introduce `SECP256k1_DLL_EXPORT` macro
9f1b1904a3 refactor: Replace `SECP256K1_API_VAR` with `SECP256K1_API`
ae9db95cea build: Introduce `SECP256K1_STATIC` macro for Windows users
7966aee31d Merge bitcoin-core/secp256k1#1369: ci: Print commit in Windows container
a7bec34231 ci: Print commit in Windows container
249c81eaa3 Merge bitcoin-core/secp256k1#1368: ci: Drop manual checkout of merge commit
98579e297b ci: Drop manual checkout of merge commit
5b9f37f136 ci: Add `CFLAGS: -O1` to task matrix
a6ca76cdf2 Avoid `-Wmaybe-uninitialized` when compiling with `gcc -O1`
0fa84f869d Merge bitcoin-core/secp256k1#1358: tests: introduce helper for non-zero `random_fe_test()` results
5a95a268b9 tests: introduce helper for non-zero `random_fe_test` results
304421d57b tests: refactor: remove duplicate function `random_field_element_test`
3aef6ab8e1 Merge bitcoin-core/secp256k1#1345: field: Static-assert that int args affecting magnitude are constant
4494a369b6 Merge bitcoin-core/secp256k1#1357: tests: refactor: take use of `secp256k1_ge_x_on_curve_var`
799f4eec27 Merge bitcoin-core/secp256k1#1356: ci: Adjust Docker image to Debian 12 "bookworm"
c862a9fb49 ci: Adjust Docker image to Debian 12 "bookworm"
a1782098a9 ci: Force DWARF v4 for Clang when Valgrind tests are expected
7d8d5c86df tests: refactor: take use of `secp256k1_ge_x_on_curve_var`
8a7273465b Help the compiler prove that a loop is entered
fd491ea1bb Merge bitcoin-core/secp256k1#1355: Fix a typo in the error message
ac43613d25 Merge bitcoin-core/secp256k1#1354: Add ellswift to CHANGELOG
67887ae65c Fix a typo in the error message
926dd3e962 Merge bitcoin-core/secp256k1#1295: abi: Use dllexport for mingw builds
10836832e7 Merge bitcoin-core/secp256k1#1336: Use `__shiftright128` intrinsic in `secp256k1_u128_rshift` on MSVC
7c7467ab7f Refer to ellswift.md in API docs
c32ffd8d8c Add ellswift to CHANGELOG
3c1a0fd37f Merge bitcoin-core/secp256k1#1347: field: Document return value of fe_sqrt()
5779137457 field: Document return value of fe_sqrt()
be8ff3a02a field: Static-assert that int args affecting magnitude are constant
efa76c4bf7 group: remove unneeded normalize_weak in `secp256k1_ge_is_valid_var`
5b7bf2e9d4 Use `__shiftright128` intrinsic in `secp256k1_u128_rshift` on MSVC
05873bb6b1 tweak_add: fix API doc for tweak=0
6ec3731e8c Simplify test PRNG implementation
fb5bfa4eed Add static test vector for Xoshiro256++
723e8ca8f7 Remove randomness tests
bc7c8db179 abi: Use dllexport for mingw builds

git-subtree-dir: src/secp256k1
git-subtree-split: c545fdc374964424683d9dac31a828adedabe860
2023-07-18 15:25:05 +01:00

7.1 KiB
Raw Blame History

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

Added

  • New module ellswift implements ElligatorSwift encoding for public keys and x-only Diffie-Hellman key exchange for them. ElligatorSwift permits representing secp256k1 public keys as 64-byte arrays which cannot be distinguished from uniformly random. See:
    • Header file include/secp256k1_ellswift.h which defines the new API.
    • Document doc/ellswift.md which explains the mathematical background of the scheme.
    • The paper on which the scheme is based.

Changed

  • When consuming libsecp256k1 as a static library on Windows, the user must now define the SECP256K1_STATIC macro before including secp256k1.h.

0.3.2 - 2023-05-13

We strongly recommend updating to 0.3.2 if you use or plan to use GCC >=13 to compile libsecp256k1. When in doubt, check the GCC version using gcc -v.

Security

  • Module ecdh: Fix "constant-timeness" issue with GCC 13.1 (and potentially future versions of GCC) that could leave applications using libsecp256k1's ECDH module vulnerable to a timing side-channel attack. The fix avoids secret-dependent control flow during ECDH computations when libsecp256k1 is compiled with GCC 13.1.

Fixed

  • Fixed an old bug that permitted compilers to potentially output bad assembly code on x86_64. In theory, it could lead to a crash or a read of unrelated memory, but this has never been observed on any compilers so far.

Changed

  • Various improvements and changes to CMake builds. CMake builds remain experimental.
    • Made API versioning consistent with GNU Autotools builds.
    • Switched to BUILD_SHARED_LIBS variable for controlling whether to build a static or a shared library.
    • Added SECP256K1_INSTALL variable for the controlling whether to install the build artefacts.
  • Renamed asm build option arm to arm32. Use --with-asm=arm32 instead of --with-asm=arm (GNU Autotools), and -DSECP256K1_ASM=arm32 instead of -DSECP256K1_ASM=arm (CMake).

ABI Compatibility

The ABI is compatible with versions 0.3.0 and 0.3.1.

0.3.1 - 2023-04-10

We strongly recommend updating to 0.3.1 if you use or plan to use Clang >=14 to compile libsecp256k1, e.g., Xcode >=14 on macOS has Clang >=14. When in doubt, check the Clang version using clang -v.

Security

  • Fix "constant-timeness" issue with Clang >=14 that could leave applications using libsecp256k1 vulnerable to a timing side-channel attack. The fix avoids secret-dependent control flow and secret-dependent memory accesses in conditional moves of memory objects when libsecp256k1 is compiled with Clang >=14.

Added

  • Added tests against Project Wycheproof's set of ECDSA test vectors (Bitcoin "low-S" variant), a fixed set of test cases designed to trigger various edge cases.

Changed

  • Increased minimum required CMake version to 3.13. CMake builds remain experimental.

ABI Compatibility

The ABI is compatible with version 0.3.0.

0.3.0 - 2023-03-08

Added

  • Added experimental support for CMake builds. Traditional GNU Autotools builds (./configure and make) remain fully supported.
  • Usage examples: Added a recommended method for securely clearing sensitive data, e.g., secret keys, from memory.
  • Tests: Added a new test binary noverify_tests. This binary runs the tests without some additional checks present in the ordinary tests binary and is thereby closer to production binaries. The noverify_tests binary is automatically run as part of the make check target.

Fixed

  • Fixed declarations of API variables for MSVC (__declspec(dllimport)). This fixes MSVC builds of programs which link against a libsecp256k1 DLL dynamically and use API variables (and not only API functions). Unfortunately, the MSVC linker now will emit warning LNK4217 when trying to link against libsecp256k1 statically. Pass /ignore:4217 to the linker to suppress this warning.

Changed

  • Forbade cloning or destroying secp256k1_context_static. Create a new context instead of cloning the static context. (If this change breaks your code, your code is probably wrong.)
  • Forbade randomizing (copies of) secp256k1_context_static. Randomizing a copy of secp256k1_context_static did not have any effect and did not provide defense-in-depth protection against side-channel attacks. Create a new context if you want to benefit from randomization.

Removed

  • Removed the configuration header src/libsecp256k1-config.h. We recommend passing flags to ./configure or cmake to set configuration options (see ./configure --help or cmake -LH). If you cannot or do not want to use one of the supported build systems, pass configuration flags such as -DSECP256K1_ENABLE_MODULE_SCHNORRSIG manually to the compiler (see the file configure.ac for supported flags).

ABI Compatibility

Due to changes in the API regarding secp256k1_context_static described above, the ABI is not compatible with previous versions.

0.2.0 - 2022-12-12

Added

  • Added usage examples for common use cases in a new examples/ directory.
  • Added secp256k1_selftest, to be used in conjunction with secp256k1_context_static.
  • Added support for 128-bit wide multiplication on MSVC for x86_64 and arm64, giving roughly a 20% speedup on those platforms.

Changed

  • Enabled modules schnorrsig, extrakeys and ecdh by default in ./configure.
  • The secp256k1_nonce_function_rfc6979 nonce function, used by default by secp256k1_ecdsa_sign, now reduces the message hash modulo the group order to match the specification. This only affects improper use of ECDSA signing API.

Deprecated

  • Deprecated context flags SECP256K1_CONTEXT_VERIFY and SECP256K1_CONTEXT_SIGN. Use SECP256K1_CONTEXT_NONE instead.
  • Renamed secp256k1_context_no_precomp to secp256k1_context_static.
  • Module schnorrsig: renamed secp256k1_schnorrsig_sign to secp256k1_schnorrsig_sign32.

ABI Compatibility

Since this is the first release, we do not compare application binary interfaces. However, there are earlier unreleased versions of libsecp256k1 that are not ABI compatible with this version.

0.1.0 - 2013-03-05 to 2021-12-25

This version was in fact never released. The number was given by the build system since the introduction of autotools in Jan 2014 (ea0fe5a5bf). Therefore, this version number does not uniquely identify a set of source files.