Skip to content

Commit a88aa93

Browse files
real-or-randomreal-or-random
committed
Merge #1603: f can never equal -m
ef7ff03 f can never equal -m (Russell O'Connor) Pull request description: In fact, before reaching this particular VERIFY_CHECK, we had already successfully passed through VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, -1) > 0); /* f > -modulus */ ensuring that f is not -m. ACKs for top commit: sipa: ACK ef7ff03 real-or-random: utACK ef7ff03 Tree-SHA512: a8a8dcbad4dff36b9c49e40e07b212312cbf915132aea008eab6ea61b35bddb6d7782229c2cc528fb404d05132482c602cad768414d76153bb425a3d23714fff
2 parents 3660fe5 + ef7ff03 commit a88aa93

File tree

2 files changed

+8
-12
lines changed

2 files changed

+8
-12
lines changed

src/modinv32_impl.h

+4-6
Original file line numberDiff line numberDiff line change
@@ -565,13 +565,12 @@ static void secp256k1_modinv32(secp256k1_modinv32_signed30 *x, const secp256k1_m
565565

566566
/* g == 0 */
567567
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, 9, &SECP256K1_SIGNED30_ONE, 0) == 0);
568-
/* |f| == 1, or (x == 0 and d == 0 and |f|=modulus) */
568+
/* |f| == 1, or (x == 0 and d == 0 and f == modulus) */
569569
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, 9, &SECP256K1_SIGNED30_ONE, -1) == 0 ||
570570
secp256k1_modinv32_mul_cmp_30(&f, 9, &SECP256K1_SIGNED30_ONE, 1) == 0 ||
571571
(secp256k1_modinv32_mul_cmp_30(x, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 &&
572572
secp256k1_modinv32_mul_cmp_30(&d, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 &&
573-
(secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, 1) == 0 ||
574-
secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, -1) == 0)));
573+
secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, 1) == 0));
575574

576575
/* Optionally negate d, normalize to [0,modulus), and return it. */
577576
secp256k1_modinv32_normalize_30(&d, f.v[8], modinfo);
@@ -643,13 +642,12 @@ static void secp256k1_modinv32_var(secp256k1_modinv32_signed30 *x, const secp256
643642

644643
/* g == 0 */
645644
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, len, &SECP256K1_SIGNED30_ONE, 0) == 0);
646-
/* |f| == 1, or (x == 0 and d == 0 and |f|=modulus) */
645+
/* |f| == 1, or (x == 0 and d == 0 and f == modulus) */
647646
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, len, &SECP256K1_SIGNED30_ONE, -1) == 0 ||
648647
secp256k1_modinv32_mul_cmp_30(&f, len, &SECP256K1_SIGNED30_ONE, 1) == 0 ||
649648
(secp256k1_modinv32_mul_cmp_30(x, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 &&
650649
secp256k1_modinv32_mul_cmp_30(&d, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 &&
651-
(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) == 0 ||
652-
secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, -1) == 0)));
650+
secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) == 0));
653651

654652
/* Optionally negate d, normalize to [0,modulus), and return it. */
655653
secp256k1_modinv32_normalize_30(&d, f.v[len - 1], modinfo);

src/modinv64_impl.h

+4-6
Original file line numberDiff line numberDiff line change
@@ -621,13 +621,12 @@ static void secp256k1_modinv64(secp256k1_modinv64_signed62 *x, const secp256k1_m
621621

622622
/* g == 0 */
623623
VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&g, 5, &SECP256K1_SIGNED62_ONE, 0) == 0);
624-
/* |f| == 1, or (x == 0 and d == 0 and |f|=modulus) */
624+
/* |f| == 1, or (x == 0 and d == 0 and f == modulus) */
625625
VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, 5, &SECP256K1_SIGNED62_ONE, -1) == 0 ||
626626
secp256k1_modinv64_mul_cmp_62(&f, 5, &SECP256K1_SIGNED62_ONE, 1) == 0 ||
627627
(secp256k1_modinv64_mul_cmp_62(x, 5, &SECP256K1_SIGNED62_ONE, 0) == 0 &&
628628
secp256k1_modinv64_mul_cmp_62(&d, 5, &SECP256K1_SIGNED62_ONE, 0) == 0 &&
629-
(secp256k1_modinv64_mul_cmp_62(&f, 5, &modinfo->modulus, 1) == 0 ||
630-
secp256k1_modinv64_mul_cmp_62(&f, 5, &modinfo->modulus, -1) == 0)));
629+
secp256k1_modinv64_mul_cmp_62(&f, 5, &modinfo->modulus, 1) == 0));
631630

632631
/* Optionally negate d, normalize to [0,modulus), and return it. */
633632
secp256k1_modinv64_normalize_62(&d, f.v[4], modinfo);
@@ -698,13 +697,12 @@ static void secp256k1_modinv64_var(secp256k1_modinv64_signed62 *x, const secp256
698697

699698
/* g == 0 */
700699
VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&g, len, &SECP256K1_SIGNED62_ONE, 0) == 0);
701-
/* |f| == 1, or (x == 0 and d == 0 and |f|=modulus) */
700+
/* |f| == 1, or (x == 0 and d == 0 and f == modulus) */
702701
VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, len, &SECP256K1_SIGNED62_ONE, -1) == 0 ||
703702
secp256k1_modinv64_mul_cmp_62(&f, len, &SECP256K1_SIGNED62_ONE, 1) == 0 ||
704703
(secp256k1_modinv64_mul_cmp_62(x, 5, &SECP256K1_SIGNED62_ONE, 0) == 0 &&
705704
secp256k1_modinv64_mul_cmp_62(&d, 5, &SECP256K1_SIGNED62_ONE, 0) == 0 &&
706-
(secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 1) == 0 ||
707-
secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, -1) == 0)));
705+
secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 1) == 0));
708706

709707
/* Optionally negate d, normalize to [0,modulus), and return it. */
710708
secp256k1_modinv64_normalize_62(&d, f.v[len - 1], modinfo);

0 commit comments

Comments
 (0)