mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-12 21:02:38 -03:00
c020cbaa5c
be8d9c262f Merge bitcoin-core/secp256k1#965: gen_context: Don't use any ASM aeece44599 gen_context: Don't use any ASM 7688a4f13a Merge bitcoin-core/secp256k1#963: "Schnorrsig API overhaul" fixups 90e83449b2 ci: Add C++ test f698caaff6 Use unsigned char consistently for byte arrays b5b8e7b719 Don't declare constants twice 769528f307 Don't use string literals for char arrays without NUL termination 2cc3cfa583 Fix -Wmissing-braces warning in clang 0440945fb5 Merge #844: schnorrsig API overhaul ec3aaa5014 Merge #960: tests_exhaustive: check the result of secp256k1_ecdsa_sign a1ee83c654 tests_exhaustive: check the result of secp256k1_ecdsa_sign 253f90cdeb Merge bitcoin-core/secp256k1#951: configure: replace AC_PATH_PROG to AC_CHECK_PROG 446d28d9de Merge bitcoin-core/secp256k1#944: Various improvements related to CFLAGS 0302138f75 ci: Make compiler warning into errors on CI b924e1e605 build: Ensure that configure's compile checks default to -O2 7939cd571c build: List *CPPFLAGS before *CFLAGS like on the compiler command line 595e8a35d8 build: Enable -Wcast-align=strict warning 07256267ff build: Use own variable SECP_CFLAGS instead of touching user CFLAGS 4866178dfc Merge bitcoin-core/secp256k1#955: Add random field multiply/square tests 75ce488c2a Merge bitcoin-core/secp256k1#959: tests: really test the non-var scalar inverse 41ed13942b tests: really test the non-var scalar inverse 5f6ceafcfa schnorrsig: allow setting MSGLEN != 32 in benchmark fdd06b7967 schnorrsig: add tests for sign_custom and varlen msg verification d8d806aaf3 schnorrsig: add extra parameter struct for sign_custom a0c3fc177f schnorrsig: allow signing and verification of variable length msgs 5a8e4991ad Add secp256k1_tagged_sha256 as defined in BIP-340 b6c0b72fb0 schnorrsig: remove noncefp args from sign; add sign_custom function bdf19f105c Add random field multiply/square tests 8ae56e33e7 Merge #879: Avoid passing out-of-bound pointers to 0-size memcpy a4642fa15e configure: replace AC_PATH_PROG to AC_CHECK_PROG 1758a92ffd Merge #950: ci: Add ppc64le build c58c4ea470 ci: Add ppc64le build 7973576f6e Merge #662: Add ecmult_gen, ecmult_const and ecmult to benchmark 8f879c2887 Fix array size in bench_ecmult 2fe1b50df1 Add ecmult_gen, ecmult_const and ecmult to benchmark 593e6bad9c Clean up ecmult_bench to make space for more benchmarks 50f3367712 Merge #947: ci: Run PRs on merge result even for i686 a35fdd3478 ci: Run PRs on merge result even for i686 442cee5baf schnorrsig: add algolen argument to nonce_function_hardened df3bfa12c3 schnorrsig: clarify result of calling nonce_function_bip340 without data 99e8614812 README: mention schnorrsig module 3dc8c072b6 Merge #846: ci: Run ASan/LSan and reorganize sanitizer and Valgrind jobs 02dcea1ad9 ci: Make test iterations configurable and tweak for sanitizer builds 489ff5c20a tests: Treat empty SECP2561_TEST_ITERS as if it was unset fcfcb97e74 ci: Simplify to use generic wrapper for QEMU, Valgrind, etc de4157f13a ci: Run ASan/LSan and reorganize sanitizer and Valgrind jobs 399722a63a Merge #941: Clean up git tree 09b3bb8648 Clean up git tree bf0ac46066 Merge #930: Add ARM32/ARM64 CI 202a030f7d Merge #850: add `secp256k1_ec_pubkey_cmp` method 1e78c18d5b Merge bitcoin-core/secp256k1#940: contrib: Explain explicit header guards 69394879b6 Merge #926: secp256k1.h: clarify that by default arguments must be != NULL 6eceec6d56 add `secp256k1_xonly_pubkey_cmp` method 0d9561ae87 add `secp256k1_ec_pubkey_cmp` method 22a9ea154a contrib: Explain explicit header guards 6c52ae8724 Merge #937: Have ge_set_gej_var, gej_double_var and ge_set_all_gej_var initialize all fields of their outputs. 185a6af227 Merge #925: changed include statements without prefix 'include/' 14c9739a1f tests: Improve secp256k1_ge_set_all_gej_var for some infinity inputs 4a19668c37 tests: Test secp256k1_ge_set_all_gej_var for all infinity inputs 3c90bdda95 change local lib headers to be relative for those pointing at "include/" dir 45b6468d7e Have secp256k1_ge_set_all_gej_var initialize all fields. Previous behaviour would not initialize r->y values in the case where infinity is passed in. Furthermore, the previous behaviour wouldn't initialize anything in the case where all inputs were infinity. 31c0f6de41 Have secp256k1_gej_double_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. dd6c3de322 Have secp256k1_ge_set_gej_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. d0bd2693e3 Merge bitcoin-core/secp256k1#936: Fix gen_context/ASM build on ARM 8bbad7a18e Add asm build to ARM32 CI 7d65ed5214 Add ARM32/ARM64 CI c8483520c9 Makefile.am: Don't pass a variable twice 2161f31785 Makefile.am: Honor config when building gen_context 99f47c20ec gen_context: Don't use external ASM because it complicates the build 98e0358d29 Merge #933: Avoids a missing brace warning in schnorrsig/tests_impl.h on old compilers 99e2d5be0d Avoids a missing brace warning in schnorrsig/tests_impl.h on old compilers. 34388af6b6 Merge #922: Add mingw32-w64/wine CI build 7012a188e6 Merge #928: Define SECP256K1_BUILD in secp256k1.c directly. ed5a199bed tests: fopen /dev/urandom in binary mode ae9e648526 Define SECP256K1_BUILD in secp256k1.c directly. 4dc37bf81b Add mingw32-w64/wine CI build 0881633dfd secp256k1.h: clarify that by default arguments must be != NULL 9570f674cc Avoid passing out-of-bound pointers to 0-size memcpy git-subtree-dir: src/secp256k1 git-subtree-split: be8d9c262f46309d9b4165b0498b71d704aba8fe
97 lines
4.1 KiB
C
97 lines
4.1 KiB
C
/***********************************************************************
|
|
* Copyright (c) 2015 Pieter Wuille *
|
|
* Distributed under the MIT software license, see the accompanying *
|
|
* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
|
|
***********************************************************************/
|
|
|
|
/****
|
|
* Please do not link this file directly. It is not part of the libsecp256k1
|
|
* project and does not promise any stability in its API, functionality or
|
|
* presence. Projects which use this code should instead copy this header
|
|
* and its accompanying .c file directly into their codebase.
|
|
****/
|
|
|
|
/* This file defines a function that parses DER with various errors and
|
|
* violations. This is not a part of the library itself, because the allowed
|
|
* violations are chosen arbitrarily and do not follow or establish any
|
|
* standard.
|
|
*
|
|
* In many places it matters that different implementations do not only accept
|
|
* the same set of valid signatures, but also reject the same set of signatures.
|
|
* The only means to accomplish that is by strictly obeying a standard, and not
|
|
* accepting anything else.
|
|
*
|
|
* Nonetheless, sometimes there is a need for compatibility with systems that
|
|
* use signatures which do not strictly obey DER. The snippet below shows how
|
|
* certain violations are easily supported. You may need to adapt it.
|
|
*
|
|
* Do not use this for new systems. Use well-defined DER or compact signatures
|
|
* instead if you have the choice (see secp256k1_ecdsa_signature_parse_der and
|
|
* secp256k1_ecdsa_signature_parse_compact).
|
|
*
|
|
* The supported violations are:
|
|
* - All numbers are parsed as nonnegative integers, even though X.609-0207
|
|
* section 8.3.3 specifies that integers are always encoded as two's
|
|
* complement.
|
|
* - Integers can have length 0, even though section 8.3.1 says they can't.
|
|
* - Integers with overly long padding are accepted, violation section
|
|
* 8.3.2.
|
|
* - 127-byte long length descriptors are accepted, even though section
|
|
* 8.1.3.5.c says that they are not.
|
|
* - Trailing garbage data inside or after the signature is ignored.
|
|
* - The length descriptor of the sequence is ignored.
|
|
*
|
|
* Compared to for example OpenSSL, many violations are NOT supported:
|
|
* - Using overly long tag descriptors for the sequence or integers inside,
|
|
* violating section 8.1.2.2.
|
|
* - Encoding primitive integers as constructed values, violating section
|
|
* 8.3.1.
|
|
*/
|
|
|
|
#ifndef SECP256K1_CONTRIB_LAX_DER_PARSING_H
|
|
#define SECP256K1_CONTRIB_LAX_DER_PARSING_H
|
|
|
|
/* #include secp256k1.h only when it hasn't been included yet.
|
|
This enables this file to be #included directly in other project
|
|
files (such as tests.c) without the need to set an explicit -I flag,
|
|
which would be necessary to locate secp256k1.h. */
|
|
#ifndef SECP256K1_H
|
|
#include <secp256k1.h>
|
|
#endif
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
/** Parse a signature in "lax DER" format
|
|
*
|
|
* Returns: 1 when the signature could be parsed, 0 otherwise.
|
|
* Args: ctx: a secp256k1 context object
|
|
* Out: sig: a pointer to a signature object
|
|
* In: input: a pointer to the signature to be parsed
|
|
* inputlen: the length of the array pointed to be input
|
|
*
|
|
* This function will accept any valid DER encoded signature, even if the
|
|
* encoded numbers are out of range. In addition, it will accept signatures
|
|
* which violate the DER spec in various ways. Its purpose is to allow
|
|
* validation of the Bitcoin blockchain, which includes non-DER signatures
|
|
* from before the network rules were updated to enforce DER. Note that
|
|
* the set of supported violations is a strict subset of what OpenSSL will
|
|
* accept.
|
|
*
|
|
* After the call, sig will always be initialized. If parsing failed or the
|
|
* encoded numbers are out of range, signature validation with it is
|
|
* guaranteed to fail for every message and public key.
|
|
*/
|
|
int ecdsa_signature_parse_der_lax(
|
|
const secp256k1_context* ctx,
|
|
secp256k1_ecdsa_signature* sig,
|
|
const unsigned char *input,
|
|
size_t inputlen
|
|
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* SECP256K1_CONTRIB_LAX_DER_PARSING_H */
|