Skip to content

Commit

Permalink
Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit.
Browse files Browse the repository at this point in the history
This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow.
  • Loading branch information
roconnor-blockstream committed Jul 5, 2019
1 parent 8fe63e5 commit cf9c096
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions src/scalar_low_impl.h
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int
if (flag && bit < 32)
*r += ((uint32_t)1 << bit);
#ifdef VERIFY
VERIFY_CHECK(((uint32_t)1 << bit) - 1 <= UINT32_MAX - EXHAUSTIVE_TEST_ORDER);
VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0);
#endif
}
Expand Down

0 comments on commit cf9c096

Please sign in to comment.