Upstream PRs 1794, 1775, 1814, 1816, 1813, 1804, 1818, 1817, 1815, 1819, 1823, 1821, 1760, 1828, 1829, 1825, 1832, 1811#333
Merged
real-or-random merged 49 commits intoBlockstreamResearch:masterfrom Mar 4, 2026
Conversation
This change improves separation from CMake build directories, which typically use the "build" prefix. Additionally, corresponding `.gitignore` entries have been refactored.
Co-authored-by: furszy <matiasfurszyfer@protonmail.com>
Co-authored-by: Daniel Pfeifer <daniel@pfeifer-mail.de>
Updates the build system to use the new DiscoverTests module. This also standardizes test names to use dot-separated parts for consistency.
The existing message only shows the libtool command, which is specific to Autotools builds. Fixes #1697
47eb709 ecmult: Use size_t for array indices in _odd_multiplies_table (Tim Ruffing) bb1d199 ecmult: Use size_t for array indices into tables (Tim Ruffing) Pull request description: I don't think the current code is incorrect, but using `size_t` improves readability because the type makes it clear that we're dealing with array indices. Also, making the result of the `ECMULT_TABLE_SIZE` macro (hopefully) a `size_t` fixes a compiler warning on MSVC, see #1791. ACKs for top commit: hebasto: re-ACK 47eb709. jonasnick: ACK 47eb709 theStack: ACK 47eb709 Tree-SHA512: e484fd610d50e972021c0184a683993364290eb58e09b65f9521b4507ec8d0639b402c67002005630b389bc863a7aa05b75f7224524dbcbafbfa5f9a4812b4a5
… to `.gitignore` 748c0fd Add CMake build directory patterns to `.gitignore` (Hennadii Stepanov) 7eb86bd autotools: Rename `build-aux` to `autotools-aux` (Hennadii Stepanov) Pull request description: Whenever I work on changes that require comparison, such as benchmarking, I end up with two or more build directories that provide different binary variants simultaneously. Adding these build directories to `.gitignore` makes the workflow a bit easier. Additionally, a trivial refactoring is included to reduce the code. ACKs for top commit: real-or-random: utACK 748c0fd furszy: ACK 748c0fd Tree-SHA512: 948917dcdc2ec6d5a2227f35ef9208fdbc62c56047db1c60b39f6da632642847aefa18f136986f9f15f08e0b2385964afe9a311346b728536323c54b4f0e3f04
Adding this link was forgotten in the first version of the 0.7.1 release PR but caught in PR review.
The LLVM apt repository uses legacy SHA1 signatures which are now rejected by the stricter Sequoia PGP policy. This change extends the 'sha1.second_preimage_resistance' cutoff date to 9999-01-01 in the default Sequoia config. This effectively whitelists the legacy signature algorithm, preventing "OpenPGP signature verification failed" errors during `apt-get update`. See llvm/llvm-project#153385.
This forces a periodic clean build to ensure we do not rely on stale cache layers indefinitely.
…eleased]` link clearly 0267b65 release process: mention the `[Unreleased]` link clearly (Jonas Nick) Pull request description: Adding this link was forgotten in the first version of the 0.7.1 release PR but caught in PR review. ACKs for top commit: hebasto: ACK 0267b65. sipa: ACK 0267b65 real-or-random: utACK bitcoin-core/secp256k1@0267b65 Tree-SHA512: a7eb30bbd3a0760402a61170a986c4de3f62c99f15780b336c474ddcb044d7916122fd1521c57cf31bb6c9fd466484542027bcbf699b3880564b8822d5af5520
2ccff6e ci: Add weekly schedule (Hennadii Stepanov) 2f18567 ci: Rotate Docker cache keys every 4 weeks (Hennadii Stepanov) 0ffb174 ci, docker: Fix LLVM repository signature failure (Hennadii Stepanov) Pull request description: This is an alternative to bitcoin-core/secp256k1#1807 that avoids introducing a new workflow with the write permissions. Closes bitcoin-core/secp256k1#1691. The 4-week rotation interval was chosen based on the following [rationale](bitcoin-core/secp256k1#1816 (comment)): > My thinking is that we may want to take only every fourth one. I assume this is still good enough to catch changes introduced by new compiler optimizations, and this is what we care about. > > We could just take the ISO week number mod 4. That results in an off-by-one error after every (rare) year with 53 ISO weeks, but ok, who cares... And if the cache is evicted for whatever other reason, we'll also get the most recent snapshot, but also that seems acceptable. --- **IMPORTANT NOTE:** Due to a mere coincidence, LLVM apt signatures became [rejected](llvm/llvm-project#153385) by Debian Trixie today. A commit containing a temporary workaround has been included to address this. ACKs for top commit: real-or-random: ACK 2ccff6e Tree-SHA512: c0362b107169d7cd7d36e0f7286d0bd183b734963beaa3915f198bedfd83f14222b779cb87eb6de2b1b940592954947d348a17a416e5db737a757397bd916447
…ce `-Wtrailing-whitespace=any` compiler flag 86cae58 build: Add `-Wleading-whitespace=spaces` compiler flag (Hennadii Stepanov) fb229e7 build: Add `-Wtrailing-whitespace=any` compiler flag (Hennadii Stepanov) 13e3bee refactor: Remove trailing whitespace (Hennadii Stepanov) Pull request description: This PR removes trailing whitespace and introduces the `-Wtrailing-whitespace=any` compiler flag. This enforces the rule from [CONTRIBUTING.md](https://github.com/bitcoin-core/secp256k1/blob/master/CONTRIBUTING.md#style-conventions) ("Avoid trailing whitespace") directly in the CI. This fix is required to unbreak Bitcoin Core CI builds [using GCC 15](https://github.com/hebasto/bitcoin-core-nightly/actions/runs/21436418669) after merging bitcoin/bitcoin#34412. ACKs for top commit: real-or-random: utACK 86cae58 Tree-SHA512: 87911af96321eb3fc185f4d5c30ca3546bfd952c5722e1eeac9dd8c278a4bc08d99a85b79342ca705598a7a64b940427402d32e46f5c078061ad7fdf2482334c
It seems that there is no good reason to do this and it's even considered bad practice, see e.g. https://stackoverflow.com/a/605858 This commit touches mostly test code, the only two functions used in production are `secp256k1_context_{create,clone}`. Instances were found manually via `$ git grep "malloc("`
These summaries provide little practical value to the development workflow and clutter the CI output.
…s usage for ctime_tests 1bc74a2 test: show both Autotools and CMake usage for ctime_tests (8144225309) Pull request description: When building with CMake and running `ctime_tests` outside valgrind, users see: ``` Usage: libtool --mode=execute valgrind ./ctime_tests ``` CMake users don't have libtool. Show both commands. ### Before ``` $ ./build/bin/ctime_tests This test can only usefully be run inside valgrind because it was not compiled under msan. Usage: libtool --mode=execute valgrind ./ctime_tests ``` ### After ``` $ ./build/bin/ctime_tests This test can only usefully be run inside valgrind because it was not compiled under msan. Usage: valgrind ./ctime_tests (or with Autotools: libtool --mode=execute valgrind ./ctime_tests) ``` Fixes #1697 ACKs for top commit: real-or-random: utACK 1bc74a2 Tree-SHA512: d35c332c75fe3df66928cb8b137e11995c67a57744985a50a539d1d9f24cf39ee46f17c6f6a501664a62f67e11b7bb041ba0e1eed6632bf7dccdb57a2c88f9bc
4fb7ccf ci: Enforce base-10 evaluation (Hennadii Stepanov) Pull request description: This PR is a follow-up to bitcoin-core/secp256k1#1816. It enforces base-10 evaluation the week number to prevent Bash from interpreting weeks "08" and "09" as invalid octal numbers. It was present in my initial [proposal](bitcoin-core/secp256k1#1807 (review)), but somehow I missed it in bitcoin-core/secp256k1#1816. ACKs for top commit: real-or-random: ACK 4fb7ccf Tree-SHA512: dc6d1e5d692ac82616c5c64e1093c19693aa81d3b693834fb0999130b5e3357340b8ed0a5322cfa8d2f9fefbfeb8285abbd580662d257529d9d767afa009e9ef
…eneration 3ae72e7 ci: Disable Docker build summary generation (Hennadii Stepanov) Pull request description: The generated Docker build [summaries](https://github.com/bitcoin-core/secp256k1/actions/runs/21595861407) provide little practical value to the development workflow and clutter the CI output. This PR disables them. ACKs for top commit: real-or-random: utACK 3ae72e7 Tree-SHA512: 0b28520765d5aa1c43ae7025c9be082742bc3784f743b4983947236bceb0255b2fa82cdf81d284470eeb83bda72b442019e051048319681bff09ac190d9b52f6
…oc` result casts 97b3c47 refactor: remove unnecessary `malloc` result casts (Sebastian Falbesoner) Pull request description: While working on benchmark code for #1765, I noticed that in some instances we explicitly cast `malloc` results in the codebase. It seems that there is no good reason to do this in C, and it's even considered bad practice, see e.g. https://stackoverflow.com/a/605858. This commit touches mostly test code, the only two functions used in production are `secp256k1_context_{create,clone}`. Instances were found manually via `$ git grep "malloc("`. ACKs for top commit: real-or-random: Weak Concept ACK && Code Review ACK bitcoin-core/secp256k1@97b3c47 w0xlt: ACK 97b3c47 Tree-SHA512: 74aa9f47eb52b7f2a6fcb69deb6aef0c0daa136c5deedfba1228218ef178c722212d8e9936fd2946d2035df932637ca4df49c98ddde488c6b009a74c4d5df316
…eck_overflow tests (Issue #1812) f47bbc0 test: add unit tests for secp256k1_scalar_check_overflow (Rohit Yadav) Pull request description: This Pull Request improves the tests for `secp256k1_scalar_check_overflow` as requested in #1812. ### Changes: - Removed the redundant "all ones" check from `run_scalar_tests`. - Added a new dedicated test function `test_scalar_check_overflow`. - Added static checks for edge cases: `0`, `N-1`, `N`, `N+1`, and `MAX`. - Added random input tests that verify `check_overflow` against a manual byte comparison. Fixes #1812. ACKs for top commit: theStack: re-ACK f47bbc0 real-or-random: utACK f47bbc0 Tree-SHA512: dad3aa31ecf3f296843c907ac3d9aa5a9b9cb839b36aa3b59e49c853c60c58291412e70dff37dc15f8e14023a8f1e1aba87395065607612d5f6cfa92e14e73b5
In the bench and bench_internal help functions argv was not being passed, in this change we pass in argv[0] and use it in the help text. Additionally instead of passing all of argv in bench_ecmult we now just pass argv[0] and is used as the executable_path variable.
…uilder step ed02466 ci: Load Docker image by ID from builder step (Hennadii Stepanov) Pull request description: Fixes loading wrong Docker images. For instance, see bitcoin-core/secp256k1#1821 (comment). ACKs for top commit: real-or-random: utACK ed02466 Tree-SHA512: 4de31bebe64d2b2adfbc5e1f2cbdea5e609a5640d17949bfe5aef9071948693ae7d8ac81772dd9620b101a72b553f38511b882119987e3c8342b6544571eca93
The secp256k1_ellswift_xdh function uses overflow = secp256k1_scalar_is_zero(&s) which overwrites the overflow flag from the preceding secp256k1_scalar_set_b32 call. This means secret keys >= the curve order are silently accepted (reduced mod n) instead of being rejected. The fix changes = to |=, matching the correct pattern already used in secp256k1_ecdh (main_impl.h, line 51). The ECDH module's test suite explicitly tests overflow rejection (passes secp256k1_group_order_bytes as a key and checks the function returns 0). The ellswift test suite has no corresponding test, which is why this went undetected.
…ng in secp256k1_ellswift_xdh b99a94c Add tests for bad scalar inputs in ellswift XDH (gzJx0DuTRHytnHe7P5RmMbPf3wKy2BztweVGXTf) 307b49f ellswift: fix overflow flag handling in secp256k1_ellswift_xdh (gzJx0DuTRHytnHe7P5RmMbPf3wKy2BztweVGXTf) Pull request description: The secp256k1_ellswift_xdh function uses overflow = secp256k1_scalar_is_zero(&s) which overwrites the overflow flag from the preceding secp256k1_scalar_set_b32 call. This means secret keys >= the curve order are silently accepted (reduced mod n) instead of being rejected. The fix changes = to |=, matching the correct pattern already used in secp256k1_ecdh (main_impl.h, line 51). The ECDH module's test suite explicitly tests overflow rejection (passes secp256k1_group_order_bytes as a key and checks the function returns 0). The ellswift test suite has no corresponding test, which is why this went undetected. Previous PR to the wrong repository: bitcoin/bitcoin#34558 ACKs for top commit: kevkevinpal: ACK b99a94c real-or-random: utACK b99a94c theStack: re-ACK b99a94c Tree-SHA512: 6222cd7616c7429f4c05180257f925720b7f9743fa440667a2327f94cb134a160cdf498dca1713ffc470ab3a6ca3275aafbd14b2e790766fe10ddb5ce6970e80
…to improve parallelism 8354618 cmake: Set `LABELS` property for tests (Hennadii Stepanov) 29f26ec cmake: Integrate DiscoverTests and normalize test names (Hennadii Stepanov) f95b263 cmake: Add DiscoverTests module (Hennadii Stepanov) 4ac6511 cmake, refactor: Deduplicate test-related code (Hennadii Stepanov) Pull request description: This PR implements the idea suggested in bitcoin-core/secp256k1#1734 (review) and is based on the work from bitcoin/bitcoin#33483. Here is an example of the `ctest` output: ``` $ ctest --test-dir build -j $(nproc) Test project /home/hebasto/dev/secp256k1/secp256k1/build Start 1: secp256k1.noverify_tests.selftest_tests Start 2: secp256k1.noverify_tests.all_proper_context_tests Start 3: secp256k1.noverify_tests.all_static_context_tests Start 4: secp256k1.noverify_tests.deprecated_context_flags_test <snip> 193/196 Test BlockstreamResearch#31: secp256k1.noverify_tests.ecmult_constants ......................... Passed 5.32 sec 194/196 Test BlockstreamResearch#184: secp256k1.tests.ellswift_xdh_correctness_tests .................... Passed 5.62 sec 195/196 Test BlockstreamResearch#191: secp256k1.exhaustive_tests ........................................ Passed 6.97 sec 196/196 Test BlockstreamResearch#126: secp256k1.tests.ecmult_constants .................................. Passed 9.60 sec 100% tests passed, 0 tests failed out of 196 Label Time Summary: secp256k1_example = 0.02 sec*proc (5 tests) secp256k1_exhaustive = 6.97 sec*proc (1 test) secp256k1_noverify_tests = 23.77 sec*proc (95 tests) secp256k1_tests = 43.67 sec*proc (95 tests) Total Test time (real) = 10.21 sec ``` For comparison, here is the output for the master branch on the same machine: ``` $ ctest --test-dir build -j $(nproc) Test project /home/hebasto/dev/secp256k1/secp256k1/build Start 1: secp256k1_noverify_tests Start 2: secp256k1_tests Start 3: secp256k1_exhaustive_tests Start 4: secp256k1_ecdsa_example Start 5: secp256k1_ecdh_example Start 6: secp256k1_schnorr_example Start 7: secp256k1_ellswift_example Start 8: secp256k1_musig_example 1/8 Test #4: secp256k1_ecdsa_example .......... Passed 0.00 sec 2/8 Test #5: secp256k1_ecdh_example ........... Passed 0.00 sec 3/8 Test #6: secp256k1_schnorr_example ........ Passed 0.00 sec 4/8 Test #7: secp256k1_ellswift_example ....... Passed 0.00 sec 5/8 Test #8: secp256k1_musig_example .......... Passed 0.00 sec 6/8 Test #3: secp256k1_exhaustive_tests ....... Passed 6.26 sec 7/8 Test #1: secp256k1_noverify_tests ......... Passed 14.31 sec 8/8 Test #2: secp256k1_tests .................. Passed 31.65 sec 100% tests passed, 0 tests failed out of 8 Total Test time (real) = 31.65 sec ``` --- **New Feature:** As the number of tests has grown, the _labels_ have been introduced to simplify test management. Now, one can run: ``` $ ctest --test-dir build -j $(nproc) -L example Test project /home/hebasto/dev/secp256k1/secp256k1/build Start 192: secp256k1.example.ecdsa Start 193: secp256k1.example.ecdh Start 194: secp256k1.example.schnorr Start 195: secp256k1.example.ellswift Start 196: secp256k1.example.musig 1/5 Test BlockstreamResearch#192: secp256k1.example.ecdsa .......... Passed 0.00 sec 2/5 Test BlockstreamResearch#193: secp256k1.example.ecdh ........... Passed 0.00 sec 3/5 Test BlockstreamResearch#194: secp256k1.example.schnorr ........ Passed 0.00 sec 4/5 Test BlockstreamResearch#195: secp256k1.example.ellswift ....... Passed 0.00 sec 5/5 Test BlockstreamResearch#196: secp256k1.example.musig .......... Passed 0.00 sec 100% tests passed, 0 tests failed out of 5 Label Time Summary: secp256k1_example = 0.01 sec*proc (5 tests) Total Test time (real) = 0.01 sec ``` or ``` $ ctest --test-dir build -j $(nproc) -LE tests Test project /home/hebasto/dev/secp256k1/secp256k1/build Start 192: secp256k1.example.ecdsa Start 193: secp256k1.example.ecdh Start 194: secp256k1.example.schnorr Start 195: secp256k1.example.ellswift Start 196: secp256k1.example.musig Start 191: secp256k1.exhaustive_tests 1/6 Test BlockstreamResearch#192: secp256k1.example.ecdsa .......... Passed 0.00 sec 2/6 Test BlockstreamResearch#193: secp256k1.example.ecdh ........... Passed 0.00 sec 3/6 Test BlockstreamResearch#194: secp256k1.example.schnorr ........ Passed 0.00 sec 4/6 Test BlockstreamResearch#195: secp256k1.example.ellswift ....... Passed 0.00 sec 5/6 Test BlockstreamResearch#196: secp256k1.example.musig .......... Passed 0.00 sec 6/6 Test BlockstreamResearch#191: secp256k1.exhaustive_tests ....... Passed 6.19 sec 100% tests passed, 0 tests failed out of 6 Label Time Summary: secp256k1_example = 0.01 sec*proc (5 tests) secp256k1_exhaustive = 6.19 sec*proc (1 test) Total Test time (real) = 6.20 sec ``` ACKs for top commit: purpleKarrot: ACK 8354618 furszy: Tested ACK 8354618 Tree-SHA512: 8c506ab08491aba4836b3058a8a09c929c6dd097c11e4e6f4deb20cf602285e73c3fd8a2c2040f7e92a058c7f8fc09752fa9de2ce80f7673adbdd505237ed262
This reverts commit 0ffb174.
…itory signature failure" 76e92cf Revert "ci, docker: Fix LLVM repository signature failure" (Hennadii Stepanov) Pull request description: This reverts commit 0ffb174, as the underlying [issue](llvm/llvm-project#153385) has been resolved. ACKs for top commit: real-or-random: ACK 76e92cf Tree-SHA512: 3cab40ab5d3c1d180b81414ec212481468898ec36dba22acce5fd0dc0b506c0beefc5d9df27bf9e94c1aa006ba18f70072bb1fcbc31acdddaead678009f82c19
…GENPRECISION 79e9f25 ci: Fix leftover use of old ECMULTGENPRECISION (Tim Ruffing) Pull request description: ACKs for top commit: hebasto: ACK 79e9f25, it looks like there was a silent merge conflict between bitcoin-core/secp256k1#1058 and bitcoin-core/secp256k1#1488. Tree-SHA512: b3b47c427f6da254b20250cb4588ecb9cd40a5f347b95358feafe69b349be7a484f6a0dc9346364343b907d8520665d3d4ddf31711d9e52bae37e0d514d9275f
Introduce secp256k1_sha256_initialize_midstate() in the hash layer and use it at all tagged-hash midstate call sites across schnorrsig, musig, and ellswift. Document the byte-counter contract at the declaration site in hash.h and add run_sha256_initialize_midstate_tests() to directly verify helper behavior against initialize_tagged. Also switch the helper to take const uint32_t state[8] to reduce argument-order risk at call sites.
…sha256_initialize` in tagged hash midstate functions f48b1bf hash: add midstate initializer and use it for tagged hashes (w0xlt) Pull request description: Each tagged hash midstate function (e.g., `secp256k1_schnorrsig_sha256_tagged`) calls `secp256k1_sha256_initialize` before immediately overwriting every field it sets: `s[0]` through `s[7]` and `bytes`. The `buf[64]` member does not need initialization either, because `bytes` is set to 64, which means the buffer position (`bytes & 0x3F`) (`= bytes % 64`) is 0, so buf is always written before being read. Remove the 11 redundant `secp256k1_sha256_initialize` calls across the `schnorrsig`, `ellswift`, and `musig` modules. ACKs for top commit: real-or-random: utACK f48b1bf theStack: Code-review ACK f48b1bf Tree-SHA512: 769beb96f3921cc3c180ed0d17484ffa0dc78041c889a8e56603679d8eaca5fe13e63759ada78f83d8e0ff7aae392e6bcbc1a9fe8b959105ea4a3d8ef51abf15
This removes printing of the "random run = " at the end of the tests. I haven't seen a single case where this proved to be useful. And as of 48789da, this is anyway printed only at the end of the exhaustive tests and not the normal tests, so the probability that this will be useful in the future is very low.
8d0eda0 testrand: Remove testrand_finish (Tim Ruffing) Pull request description: This removes printing of the "random run = " at the end of the tests. I haven't seen a single case where this proved to be useful. And as of 48789da, this is anyway printed only at the end of the exhaustive tests and not the normal tests, so the probability that this will be useful in the future is very low. ACKs for top commit: sipa: ACK 8d0eda0 Tree-SHA512: e0a688e2c81afbf7a11204f1be71b472eb3ec23086c7dc742a069b7ddfc837fcf9ade9e04f8c3f79e8b07d38d05bf4979f6e3ca68a480e45de0c1ecb94b0a6f5
…nch and bench_internal c49c9be bench: Update help functions in bench and bench_internal (kevkevinpal) Pull request description: ### Motivation This change is motivated by bitcoin-core/secp256k1#1793 (review) > While aligning implementation across all benchmarks, argv could be passed to the help() in bench.c and bench_internal.c. ### Description In the `bench` and `bench_internal` `help` functions `argv` was not being passed. In this change, we pass in argv and use it in the help text. ACKs for top commit: real-or-random: ACK c49c9be Tree-SHA512: 77184db4bf5c16827f19d888af73939f4139cc2e84ae5256d995cf61f606d5865928480fc009a0185e1a6843f3c38dd1b858d1316e524c9b165459c7367f2318
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merge bitcoin-core/secp256k1#1794: ecmult: Use size_t for array indices
Merge bitcoin-core/secp256k1#1775: Add CMake build directory patterns to
.gitignoreMerge bitcoin-core/secp256k1#1814: release process: mention the
[Unreleased]link clearlyMerge bitcoin-core/secp256k1#1816: ci: Rotate Docker cache keys
Merge bitcoin-core/secp256k1#1813: Remove trailing spaces and introduce
-Wtrailing-whitespace=anycompiler flagMerge bitcoin-core/secp256k1#1804: test: show both CMake and Autotools usage for ctime_tests
Merge bitcoin-core/secp256k1#1818: ci: Enforce base-10 evaluation
Merge bitcoin-core/secp256k1#1817: ci: Disable Docker build summary generation
Merge bitcoin-core/secp256k1#1815: refactor: remove unnecessary
mallocresult castsMerge bitcoin-core/secp256k1#1819: tests: Improve secp256k1_scalar_check_overflow tests (Issue #1812)
Merge bitcoin-core/secp256k1#1823: ci: Load Docker image by ID from builder step
Merge bitcoin-core/secp256k1#1821: ellswift: fix overflow flag handling in secp256k1_ellswift_xdh
Merge bitcoin-core/secp256k1#1760: cmake: Add dynamic test discovery to improve parallelism
Merge bitcoin-core/secp256k1#1828: Revert "ci, docker: Fix LLVM repository signature failure"
Merge bitcoin-core/secp256k1#1829: ci: Fix leftover use of old ECMULTGENPRECISION
Merge bitcoin-core/secp256k1#1825: hash: remove redundant
secp256k1_sha256_initializein tagged hash midstate functionsMerge bitcoin-core/secp256k1#1832: testrand: Remove testrand_finish
Merge bitcoin-core/secp256k1#1811: bench: Update help functions in bench and bench_internal
This PR can be recreated with
./contrib/sync-upstream.sh -b master range c0a2aba0.Tips:
git show --remerge-diff <pr-branch>to show the conflict resolution in the merge commit.git read-tree --reset -u <pr-branch>to replay these resolutions during the conflict resolution stage when recreating the PR branch locally.Be aware that this may discard your index as well as the uncommitted changes and untracked files in your worktree.