From 8e2a5fe908faa2ad0b847b3e5c42662614c8fa88 Mon Sep 17 00:00:00 2001 From: roconnor-blockstream Date: Mon, 6 Nov 2023 17:40:17 -0500 Subject: [PATCH] correct assertion for secp256k1_fe_mul_inner Based on the surrounding asserts, 112 bits before this line, and 61 bits after this line, this assertion should be 113 bits. Notably the commensurate line in secp256k1_fe_sqr_inner is correctly assert to be 113 bits. --- src/field_5x52_int128_impl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/field_5x52_int128_impl.h b/src/field_5x52_int128_impl.h index b2a391de..f7de0fd1 100644 --- a/src/field_5x52_int128_impl.h +++ b/src/field_5x52_int128_impl.h @@ -100,7 +100,7 @@ SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint64_t *r, const uint64_t VERIFY_BITS(u0, 56); /* [d 0 t4+(u0<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ secp256k1_u128_accum_mul(&c, u0, R >> 4); - VERIFY_BITS_128(&c, 115); + VERIFY_BITS_128(&c, 113); /* [d 0 t4 t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ r[0] = secp256k1_u128_to_u64(&c) & M; secp256k1_u128_rshift(&c, 52); VERIFY_BITS(r[0], 52);