Diffusion Bitcoin ABC staging e3c138cdadcd

Increase robustness against UB in secp256k1_scalar_cadd_bit
e3c138cdadcd
Actions

Description

Increase robustness against UB in secp256k1_scalar_cadd_bit

Summary:

Increase robustness against UB.

Thanks to elichai2 who noted that the literal '1' is a signed integer, and that shifting a signed 32-bit integer by 31 bits causes an overflow and yields undefined behaviour.
While 'scalar_low_impl''s 'secp256k1_scalar_cadd_bit' is only used for testing purposes and currently the 'bit' parameter is only 0 or 1, it is better to avoid undefined behaviour in case the used domain of 'secp256k1_scalar_cadd_bit' expands.

Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit.

This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow.

This is a backport of libsecp256k1 PR647

Test Plan:

ninja check-secp256k1

Reviewers: #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Differential Revision: https://reviews.bitcoinabc.org/D5365

Details

Provenance

roconnor-blockstream <roconnor@blockstream.com>	Authored on Jul 3 2019, 15:23
deadalnix	Committed on Feb 28 2020, 15:48
deadalnix	Pushed on Feb 28 2020, 15:59

Reviewer

Restricted Project

Differential Revision

D5365: Increase robustness against UB in secp256k1_scalar_cadd_bit

Parents