frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit.

Browse Source 
This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow.
This commit is contained in:
Russell O'Connor 2019-07-05 00:30:36 -04:00
parent 8fe63e5654
commit 0d82732a9a
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/scalar_low_impl.h
View File

@ -40,6 +40,9 @@ static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int
if (flag && bit < 32) if (flag && bit < 32)
*r += ((uint32_t)1 << bit); *r += ((uint32_t)1 << bit);
#ifdef VERIFY #ifdef VERIFY
VERIFY_CHECK(bit < 32);
/* Verify that adding (1 << bit) will not overflow any in-range scalar *r by overflowing the underlying uint32_t. */
VERIFY_CHECK(((uint32_t)1 << bit) - 1 <= UINT32_MAX - EXHAUSTIVE_TEST_ORDER);
VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0); VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0);
#endif #endif
} }