remove overflow check in aggregation

b-wagn · b-wagn · commit efd98c1de225 · 2024-02-18T19:20:06.000+01:00
diff --git a/src/modules/schnorrsig_halfagg/main_impl.h b/src/modules/schnorrsig_halfagg/main_impl.h
@@ -25,7 +25,6 @@ void secp256k1_schnorrsig_sha256_tagged_aggregation(secp256k1_sha256 *sha) {
 int secp256k1_schnorrsig_inc_aggregate(const secp256k1_context *ctx, unsigned char *aggsig, size_t *aggsig_len, const secp256k1_xonly_pubkey *all_pubkeys, const unsigned char *all_msgs32, const unsigned char *new_sigs64, size_t n_before, size_t n_new) {
     size_t i;
     size_t n;
-    int overflow;
     secp256k1_sha256 hash;
     secp256k1_scalar s;
 
@@ -64,12 +63,7 @@ int secp256k1_schnorrsig_inc_aggregate(const secp256k1_context *ctx, unsigned ch
     /* Compute s = s_old + sum_{i = n_before}^{n} z_i*s_i */
     /* where s_old = 0 if n_before = 0 */
     secp256k1_scalar_set_int(&s, 0);
-    if (n_before > 0) {
-        secp256k1_scalar_set_b32(&s, &aggsig[n_before*32], &overflow);
-        if (overflow) {
-            return 0;
-        }
-    }
+    if (n_before > 0) secp256k1_scalar_set_b32(&s, &aggsig[n_before*32], NULL);
     for (i = n_before; i < n; ++i) {
         unsigned char pk_ser[32];
         unsigned char hashoutput[32];
@@ -96,10 +90,7 @@ int secp256k1_schnorrsig_inc_aggregate(const secp256k1_context *ctx, unsigned ch
 
         /* Step 2: s := s + zi*si */
         /* except if i == 0, then zi = 1 implicitly */
-        secp256k1_scalar_set_b32(&si, &new_sigs64[(i-n_before)*64+32], &overflow);
-        if (overflow) {
-            return 0;
-        }
+        secp256k1_scalar_set_b32(&si, &new_sigs64[(i-n_before)*64+32], NULL);
         if (i != 0) secp256k1_scalar_mul(&si, &si, &zi);
         secp256k1_scalar_add(&s, &s, &si);
     }
diff --git a/src/modules/schnorrsig_halfagg/tests_impl.h b/src/modules/schnorrsig_halfagg/tests_impl.h
@@ -304,18 +304,7 @@ static void test_schnorrsig_aggregate_overflow(void) {
     unsigned char aggsig[32*(N_MAX + 1)];
     size_t n = secp256k1_testrand_int(N_MAX + 1);
 
-    /* Test 1: We check that aggregation returns 0 if one s overflows. */
-    test_schnorrsig_aggregate_input_helper(pubkeys, msgs32, sigs64, n);
-    if (n > 0) {
-        size_t aggsig_len = sizeof(aggsig);
-        size_t k = secp256k1_testrand_int(n);
-        /* Make one randomly chosen s overflow */
-        memset(&sigs64[k*64+32], 0xFF, 32);
-        /* Check that aggregating fails */
-        CHECK(secp256k1_schnorrsig_aggregate(CTX, aggsig, &aggsig_len, pubkeys, msgs32, sigs64, n) == 0);
-    }
-
-    /* Test 2: We check that verification returns 0 if the s in aggsig overflows. */
+    /* We check that verification returns 0 if the s in aggsig overflows. */
     test_schnorrsig_aggregate_input_helper(pubkeys, msgs32, sigs64, n);
     {
         size_t aggsig_len = sizeof(aggsig);
