Skip to content

Commit 2df0ded

Browse files
real-or-randomreal-or-random
committed
fixup! Make WINDOW_G configurable
1 parent e71fce1 commit 2df0ded

File tree

1 file changed

+23
-8
lines changed

1 file changed

+23
-8
lines changed

src/ecmult_impl.h

+23-8
Original file line numberDiff line numberDiff line change
@@ -45,10 +45,17 @@
4545
# endif
4646
#endif
4747

48-
/* Noone will ever need more than a window size of 24.
49-
* (The code probably works with window sizes up to 33 but
50-
* it is not tested for it. For WINDOW_G >= 34, the
51-
* expansion of ECMULT_TABLE_SIZE(WINDOW_G) will overflow. */
48+
/* Noone will ever need more than a window size of 24. The code might
49+
* be correct for larger values of ECMULT_WINDOW_SIZE but this is not
50+
* not tested.
51+
*
52+
* The following limitations are known, and there are probably more:
53+
* If WINDOW_G > 27 and size_t has 32 bits, then the code is incorrect
54+
* because the size of the memory object that we allocate (in bytes)
55+
* will not fit in a size_t.
56+
* If WINDOW_G > 31 and int has 32 bits, then the code is incorrect
57+
* because certain expressions will overflow.
58+
* */
5259
#if ECMULT_WINDOW_SIZE < 3 || ECMULT_WINDOW_SIZE > 24
5360
# error Set ECMULT_WINDOW_SIZE to an integer in range [3..24].
5461
#endif
@@ -322,7 +329,12 @@ static void secp256k1_ecmult_context_build(secp256k1_ecmult_context *ctx, const
322329
/* get the generator */
323330
secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g);
324331

325-
ctx->pre_g = (secp256k1_ge_storage (*)[])checked_malloc(cb, sizeof((*ctx->pre_g)[0]) * ECMULT_TABLE_SIZE(WINDOW_G));
332+
{
333+
size_t size = sizeof((*ctx->pre_g)[0]) * ((size_t)ECMULT_TABLE_SIZE(WINDOW_G));
334+
/* check for overflow */
335+
VERIFY_CHECK(size / sizeof((*ctx->pre_g)[0]) == ((size_t)ECMULT_TABLE_SIZE(WINDOW_G)));
336+
ctx->pre_g = (secp256k1_ge_storage (*)[])checked_malloc(cb, size);
337+
}
326338

327339
/* precompute the tables with odd multiples */
328340
secp256k1_ecmult_odd_multiples_table_storage_var(ECMULT_TABLE_SIZE(WINDOW_G), *ctx->pre_g, &gj);
@@ -332,7 +344,10 @@ static void secp256k1_ecmult_context_build(secp256k1_ecmult_context *ctx, const
332344
secp256k1_gej g_128j;
333345
int i;
334346

335-
ctx->pre_g_128 = (secp256k1_ge_storage (*)[])checked_malloc(cb, sizeof((*ctx->pre_g_128)[0]) * ECMULT_TABLE_SIZE(WINDOW_G));
347+
size_t size = sizeof((*ctx->pre_g_128)[0]) * ((size_t) ECMULT_TABLE_SIZE(WINDOW_G));
348+
/* check for overflow */
349+
VERIFY_CHECK(size / sizeof((*ctx->pre_g_128)[0]) == ((size_t)ECMULT_TABLE_SIZE(WINDOW_G)));
350+
ctx->pre_g_128 = (secp256k1_ge_storage (*)[])checked_malloc(cb, size);
336351

337352
/* calculate 2^128*generator */
338353
g_128j = gj;
@@ -349,15 +364,15 @@ static void secp256k1_ecmult_context_clone(secp256k1_ecmult_context *dst,
349364
if (src->pre_g == NULL) {
350365
dst->pre_g = NULL;
351366
} else {
352-
size_t size = sizeof((*dst->pre_g)[0]) * ECMULT_TABLE_SIZE(WINDOW_G);
367+
size_t size = sizeof((*dst->pre_g)[0]) * ((size_t)ECMULT_TABLE_SIZE(WINDOW_G));
353368
dst->pre_g = (secp256k1_ge_storage (*)[])checked_malloc(cb, size);
354369
memcpy(dst->pre_g, src->pre_g, size);
355370
}
356371
#ifdef USE_ENDOMORPHISM
357372
if (src->pre_g_128 == NULL) {
358373
dst->pre_g_128 = NULL;
359374
} else {
360-
size_t size = sizeof((*dst->pre_g_128)[0]) * ECMULT_TABLE_SIZE(WINDOW_G);
375+
size_t size = sizeof((*dst->pre_g_128)[0]) * ((size_t)ECMULT_TABLE_SIZE(WINDOW_G));
361376
dst->pre_g_128 = (secp256k1_ge_storage (*)[])checked_malloc(cb, size);
362377
memcpy(dst->pre_g_128, src->pre_g_128, size);
363378
}

0 commit comments

Comments
 (0)