Page MenuHomePhabricator

Increase robustness against UB in secp256k1_scalar_cadd_bit
ClosedPublic

Authored by deadalnix on Feb 28 2020, 13:39.

Details

Summary
  • Increase robustness against UB.

Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour.
While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands.

  • Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit.

This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow.

This is a backport of libsecp256k1 PR647

Test Plan
ninja check-secp256k1

Diff Detail

Repository
rABC Bitcoin ABC
Lint
Lint Not Applicable
Unit
Tests Not Applicable