Page MenuHomePhabricator
Differential D5365

Increase robustness against UB in secp256k1_scalar_cadd_bit
ClosedPublic
Actions

Authored by deadalnix on Feb 28 2020, 13:39.

Details

Reviewers
Fabien
Group Reviewers
Restricted Project
Commits
rSTAGINGe3c138cdadcd: Increase robustness against UB in secp256k1_scalar_cadd_bit
rABCe3c138cdadcd: Increase robustness against UB in secp256k1_scalar_cadd_bit
Summary
  • Increase robustness against UB.

Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour.
While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands.

  • Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit.

This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow.

This is a backport of libsecp256k1 PR647

Test Plan
ninja check-secp256k1

Diff Detail

Repository
rABC Bitcoin ABC
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
src/
secp256k1/
src/
5 lines

Diff 16620

View Options

src/secp256k1/src/scalar_low_impl.h

Loading...