Skip to content

Commit 5d0dbef

Browse files
Merge #942: Verify that secp256k1_ge_set_gej_zinv does not operate on infinity.
099bad9 Comment and check a parameter for inf in secp256k1_ecmult_const. (Russell O'Connor) 6c0be85 Verify that secp256k1_ge_set_gej_zinv does not operate on infinity. a->x and a->y should not be used if the infinity flag is set. (Russell O'Connor) Pull request description: a->x and a->y should not be used if the infinity flag is set. ACKs for top commit: robot-dreams: ACK 099bad9 real-or-random: ACK 099bad9 I inspected all call sites, they all ensure that a is not infinity Tree-SHA512: 495fcfe4ec4cacb3fc64bd5d04ecc67ab34f6b63666c6169d473abfd63c2041bc501a9a60d817566517435b986406ea2b7db3f5806043cecf30e214eba9892e9
2 parents 486205a + 099bad9 commit 5d0dbef

File tree

3 files changed

+3
-0
lines changed

3 files changed

+3
-0
lines changed

src/ecmult_const.h

+1
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
* Multiply: R = q*A (in constant-time)
1515
* Here `bits` should be set to the maximum bitlength of the _absolute value_ of `q`, plus
1616
* one because we internally sometimes add 2 to the number during the WNAF conversion.
17+
* A must not be infinity.
1718
*/
1819
static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, const secp256k1_scalar *q, int bits);
1920

src/ecmult_const_impl.h

+1
Original file line numberDiff line numberDiff line change
@@ -168,6 +168,7 @@ static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, cons
168168
* that the Z coordinate was 1, use affine addition formulae, and correct
169169
* the Z coordinate of the result once at the end.
170170
*/
171+
VERIFY_CHECK(!a->infinity);
171172
secp256k1_gej_set_ge(r, a);
172173
secp256k1_ecmult_odd_multiples_table_globalz_windowa(pre_a, &Z, r);
173174
for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++) {

src/group_impl.h

+1
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,7 @@ static const secp256k1_fe secp256k1_fe_const_b = SECP256K1_FE_CONST(0, 0, 0, 0,
6767
static void secp256k1_ge_set_gej_zinv(secp256k1_ge *r, const secp256k1_gej *a, const secp256k1_fe *zi) {
6868
secp256k1_fe zi2;
6969
secp256k1_fe zi3;
70+
VERIFY_CHECK(!a->infinity);
7071
secp256k1_fe_sqr(&zi2, zi);
7172
secp256k1_fe_mul(&zi3, &zi2, zi);
7273
secp256k1_fe_mul(&r->x, &a->x, &zi2);

0 commit comments

Comments
 (0)