Squashed 'src/secp256k1/' changes from 06bff6dec8..4af241b320

4af241b320 Merge bitcoin-core/secp256k1#1535: build: Replace hardcoded "auto" value with default one
f473c959f0 Merge bitcoin-core/secp256k1#1543: cmake: Do not modify build types when integrating by downstream project
d403eea484 Merge bitcoin-core/secp256k1#1546: cmake: Rename `SECP256K1_LATE_CFLAGS` and switch to Bitcoin Core's approach
d7ae25ce6f Merge bitcoin-core/secp256k1#1550: fix: typos in secp256k1.c
0e2fadb20c fix: typos in secp256k1.c
69b2192ad4 Merge bitcoin-core/secp256k1#1545: cmake: Do not set `CTEST_TEST_TARGET_ALIAS`
5dd637f3cf Merge bitcoin-core/secp256k1#1548: README: mention ellswift module
7454a53736 README: mention ellswift module
4706be2cd0 cmake: Reimplement `SECP256K1_APPEND_CFLAGS` using Bitcoin Core approach
c2764dbb99 cmake: Rename `SECP256K1_LATE_CFLAGS` to `SECP256K1_APPEND_CFLAGS`
f87a3589f4 cmake: Do not set `CTEST_TEST_TARGET_ALIAS`
158f9e5eae cmake: Do not modify build types when integrating by downstream project
35c0fdc86b Merge bitcoin-core/secp256k1#1529: cmake: Fix cache issue when integrating by downstream project
4392f0f717 Merge bitcoin-core/secp256k1#1533: tests: refactor: tidy up util functions (#1491)
bedffd53d8 Merge bitcoin-core/secp256k1#1488: ci: Add native macOS arm64 job
4b8d5eeacf Merge bitcoin-core/secp256k1#1532: cmake: Disable eager MSan in ctime_tests
f55703ba49 autotools: Delete unneeded compiler test
396e885886 autotools: Align MSan checking code with CMake's implementation
abde59f52d cmake: Report more compiler details in summary
7abf979a43 cmake: Disable `ctime_tests` if build with `-fsanitize=memory`
4d9645bee0 cmake: Remove "AUTO" value of `SECP256K1_ECMULT_GEN_KB` option
a06805ee74 cmake: Remove "AUTO" value of `SECP256K1_ECMULT_WINDOW_SIZE` option
1791f6fce4 Merge bitcoin-core/secp256k1#1517: autotools: Disable eager MSan in ctime_tests
26b94ee92a autotools: Remove "auto" value of `--with-ecmult-gen-kb` option
122dbaeb37 autotools: Remove "auto" value of `--with-ecmult-window` option
e73f6f8fd9 tests: refactor: drop `secp256k1_` prefix from testrand.h functions
0ee7453a99 tests: refactor: add `testutil_` prefix to testutil.h functions
0c6bc76dcd tests: refactor: move `random_` helpers from tests.c to testutil.h
0fef8479be tests: refactor: rename `random_field_element_magnitude` -> `random_fe_magnitude`
59db007f0f tests: refactor: rename `random_group_element_...` -> `random_ge_...`
ebfb82ee2f ci: Add job with -fsanitize-memory-param-retval
e1bef0961c configure: Move "experimental" warning to bottom
55e5d975db autotools: Disable eager MSan in ctime_tests
ec4c002faa cmake: Simplify `PROJECT_IS_TOP_LEVEL` emulation
cae9a7ad14 cmake: Do not set emulated PROJECT_IS_TOP_LEVEL as cache variable
218f0cc93b ci: Add native macOS arm64 job

git-subtree-dir: src/secp256k1
git-subtree-split: 4af241b32099067464e015fa66daac5096206dea

2 files changed, 28 insertions, 28 deletions

diff --git a/src/modules/schnorrsig/tests_exhaustive_impl.h b/src/modules/schnorrsig/tests_exhaustive_impl.h
index bc31d81107..601b54975d 100644
--- a/src/modules/schnorrsig/tests_exhaustive_impl.h
+++ b/src/modules/schnorrsig/tests_exhaustive_impl.h
@@ -104,7 +104,7 @@ static void test_exhaustive_schnorrsig_verify(const secp256k1_context *ctx, cons
             while (e_count_done < EXHAUSTIVE_TEST_ORDER) {
                 secp256k1_scalar e;
                 unsigned char msg32[32];
-                secp256k1_testrand256(msg32);
+                testrand256(msg32);
                 secp256k1_schnorrsig_challenge(&e, sig64, msg32, sizeof(msg32), pk32);
                 /* Only do work if we hit a challenge we haven't tried before. */
                 if (!e_done[e]) {
@@ -120,7 +120,7 @@ static void test_exhaustive_schnorrsig_verify(const secp256k1_context *ctx, cons
                             expect_valid = actual_k != -1 && s != EXHAUSTIVE_TEST_ORDER &&
                                            (s == (actual_k + actual_d * e) % EXHAUSTIVE_TEST_ORDER);
                         } else {
-                            secp256k1_testrand256(sig64 + 32);
+                            testrand256(sig64 + 32);
                             expect_valid = 0;
                         }
                         valid = secp256k1_schnorrsig_verify(ctx, sig64, msg32, sizeof(msg32), &pubkeys[d - 1]);
@@ -161,7 +161,7 @@ static void test_exhaustive_schnorrsig_sign(const secp256k1_context *ctx, unsign
             /* Generate random messages until all challenges have been tried. */
             while (e_count_done < EXHAUSTIVE_TEST_ORDER) {
                 secp256k1_scalar e;
-                secp256k1_testrand256(msg32);
+                testrand256(msg32);
                 secp256k1_schnorrsig_challenge(&e, xonly_pubkey_bytes[k - 1], msg32, sizeof(msg32), xonly_pubkey_bytes[d - 1]);
                 /* Only do work if we hit a challenge we haven't tried before. */
                 if (!e_done[e]) {
diff --git a/src/modules/schnorrsig/tests_impl.h b/src/modules/schnorrsig/tests_impl.h
index 8ada90a87b..aa4fc38270 100644
--- a/src/modules/schnorrsig/tests_impl.h
+++ b/src/modules/schnorrsig/tests_impl.h
@@ -15,7 +15,7 @@
 static void nonce_function_bip340_bitflip(unsigned char **args, size_t n_flip, size_t n_bytes, size_t msglen, size_t algolen) {
     unsigned char nonces[2][32];
     CHECK(nonce_function_bip340(nonces[0], args[0], msglen, args[1], args[2], args[3], algolen, args[4]) == 1);
-    secp256k1_testrand_flip(args[n_flip], n_bytes);
+    testrand_flip(args[n_flip], n_bytes);
     CHECK(nonce_function_bip340(nonces[1], args[0], msglen, args[1], args[2], args[3], algolen, args[4]) == 1);
     CHECK(secp256k1_memcmp_var(nonces[0], nonces[1], 32) != 0);
 }
@@ -50,10 +50,10 @@ static void run_nonce_function_bip340_tests(void) {
     secp256k1_nonce_function_bip340_sha256_tagged_aux(&sha_optimized);
     test_sha256_eq(&sha, &sha_optimized);
 
-    secp256k1_testrand256(msg);
-    secp256k1_testrand256(key);
-    secp256k1_testrand256(pk);
-    secp256k1_testrand256(aux_rand);
+    testrand256(msg);
+    testrand256(key);
+    testrand256(pk);
+    testrand256(aux_rand);
 
     /* Check that a bitflip in an argument results in different nonces. */
     args[0] = msg;
@@ -76,12 +76,12 @@ static void run_nonce_function_bip340_tests(void) {
     CHECK(nonce_function_bip340(nonce, msg, msglen, key, pk, NULL, 0, NULL) == 0);
     CHECK(nonce_function_bip340(nonce, msg, msglen, key, pk, algo, algolen, NULL) == 1);
     /* Other algo is fine */
-    secp256k1_testrand_bytes_test(algo, algolen);
+    testrand_bytes_test(algo, algolen);
     CHECK(nonce_function_bip340(nonce, msg, msglen, key, pk, algo, algolen, NULL) == 1);
 
     for (i = 0; i < COUNT; i++) {
         unsigned char nonce2[32];
-        uint32_t offset = secp256k1_testrand_int(msglen - 1);
+        uint32_t offset = testrand_int(msglen - 1);
         size_t msglen_tmp = (msglen + offset) % msglen;
         size_t algolen_tmp;
 
@@ -90,7 +90,7 @@ static void run_nonce_function_bip340_tests(void) {
         CHECK(secp256k1_memcmp_var(nonce, nonce2, 32) != 0);
 
         /* Different algolen gives different nonce */
-        offset = secp256k1_testrand_int(algolen - 1);
+        offset = testrand_int(algolen - 1);
         algolen_tmp = (algolen + offset) % algolen;
         CHECK(nonce_function_bip340(nonce2, msg, msglen, key, pk, algo, algolen_tmp, NULL) == 1);
         CHECK(secp256k1_memcmp_var(nonce, nonce2, 32) != 0);
@@ -116,10 +116,10 @@ static void test_schnorrsig_api(void) {
     secp256k1_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT;
     secp256k1_schnorrsig_extraparams invalid_extraparams = {{ 0 }, NULL, NULL};
 
-    secp256k1_testrand256(sk1);
-    secp256k1_testrand256(sk2);
-    secp256k1_testrand256(sk3);
-    secp256k1_testrand256(msg);
+    testrand256(sk1);
+    testrand256(sk2);
+    testrand256(sk3);
+    testrand256(msg);
     CHECK(secp256k1_keypair_create(CTX, &keypairs[0], sk1) == 1);
     CHECK(secp256k1_keypair_create(CTX, &keypairs[1], sk2) == 1);
     CHECK(secp256k1_keypair_create(CTX, &keypairs[2], sk3) == 1);
@@ -813,8 +813,8 @@ static void test_schnorrsig_sign(void) {
     secp256k1_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT;
     unsigned char aux_rand[32];
 
-    secp256k1_testrand256(sk);
-    secp256k1_testrand256(aux_rand);
+    testrand256(sk);
+    testrand256(aux_rand);
     CHECK(secp256k1_keypair_create(CTX, &keypair, sk));
     CHECK(secp256k1_keypair_xonly_pub(CTX, &pk, NULL, &keypair));
     CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypair, NULL) == 1);
@@ -861,12 +861,12 @@ static void test_schnorrsig_sign_verify(void) {
     secp256k1_xonly_pubkey pk;
     secp256k1_scalar s;
 
-    secp256k1_testrand256(sk);
+    testrand256(sk);
     CHECK(secp256k1_keypair_create(CTX, &keypair, sk));
     CHECK(secp256k1_keypair_xonly_pub(CTX, &pk, NULL, &keypair));
 
     for (i = 0; i < N_SIGS; i++) {
-        secp256k1_testrand256(msg[i]);
+        testrand256(msg[i]);
         CHECK(secp256k1_schnorrsig_sign32(CTX, sig[i], msg[i], &keypair, NULL));
         CHECK(secp256k1_schnorrsig_verify(CTX, sig[i], msg[i], sizeof(msg[i]), &pk));
     }
@@ -874,19 +874,19 @@ static void test_schnorrsig_sign_verify(void) {
     {
         /* Flip a few bits in the signature and in the message and check that
          * verify and verify_batch (TODO) fail */
-        size_t sig_idx = secp256k1_testrand_int(N_SIGS);
-        size_t byte_idx = secp256k1_testrand_bits(5);
-        unsigned char xorbyte = secp256k1_testrand_int(254)+1;
+        size_t sig_idx = testrand_int(N_SIGS);
+        size_t byte_idx = testrand_bits(5);
+        unsigned char xorbyte = testrand_int(254)+1;
         sig[sig_idx][byte_idx] ^= xorbyte;
         CHECK(!secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk));
         sig[sig_idx][byte_idx] ^= xorbyte;
 
-        byte_idx = secp256k1_testrand_bits(5);
+        byte_idx = testrand_bits(5);
         sig[sig_idx][32+byte_idx] ^= xorbyte;
         CHECK(!secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk));
         sig[sig_idx][32+byte_idx] ^= xorbyte;
 
-        byte_idx = secp256k1_testrand_bits(5);
+        byte_idx = testrand_bits(5);
         msg[sig_idx][byte_idx] ^= xorbyte;
         CHECK(!secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk));
         msg[sig_idx][byte_idx] ^= xorbyte;
@@ -916,9 +916,9 @@ static void test_schnorrsig_sign_verify(void) {
     {
         /* Test varying message lengths */
         unsigned char msg_large[32 * 8];
-        uint32_t msglen  = secp256k1_testrand_int(sizeof(msg_large));
+        uint32_t msglen  = testrand_int(sizeof(msg_large));
         for (i = 0; i < sizeof(msg_large); i += 32) {
-            secp256k1_testrand256(&msg_large[i]);
+            testrand256(&msg_large[i]);
         }
         CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig[0], msg_large, msglen, &keypair, NULL) == 1);
         CHECK(secp256k1_schnorrsig_verify(CTX, sig[0], msg_large, msglen, &pk) == 1);
@@ -942,7 +942,7 @@ static void test_schnorrsig_taproot(void) {
     unsigned char sig[64];
 
     /* Create output key */
-    secp256k1_testrand256(sk);
+    testrand256(sk);
     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
     CHECK(secp256k1_keypair_xonly_pub(CTX, &internal_pk, NULL, &keypair) == 1);
     /* In actual taproot the tweak would be hash of internal_pk */
@@ -952,7 +952,7 @@ static void test_schnorrsig_taproot(void) {
     CHECK(secp256k1_xonly_pubkey_serialize(CTX, output_pk_bytes, &output_pk) == 1);
 
     /* Key spend */
-    secp256k1_testrand256(msg);
+    testrand256(msg);
     CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypair, NULL) == 1);
     /* Verify key spend */
     CHECK(secp256k1_xonly_pubkey_parse(CTX, &output_pk, output_pk_bytes) == 1);