From 2888640132eb64ed30a8a208931f27447c3e0366 Mon Sep 17 00:00:00 2001 From: Russell O'Connor Date: Thu, 13 May 2021 10:40:50 -0400 Subject: [PATCH] VERIFY_CHECK precondition for secp256k1_fe_set_int. --- src/field.h | 5 +++-- src/field_10x26_impl.h | 1 + src/field_5x52_impl.h | 1 + 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/field.h b/src/field.h index 4ccadebf93be6..55679a2fc130a 100644 --- a/src/field.h +++ b/src/field.h @@ -50,8 +50,9 @@ static int secp256k1_fe_normalizes_to_zero(const secp256k1_fe *r); * without constant-time guarantee. */ static int secp256k1_fe_normalizes_to_zero_var(const secp256k1_fe *r); -/** Set a field element equal to a small integer. Resulting field element is normalized; it has - * magnitude 0 if a == 0, and magnitude 1 otherwise. */ +/** Set a field element equal to a small (not greater than 0x7FFF), non-negative integer. + * Resulting field element is normalized; it has magnitude 0 if a == 0, and magnitude 1 otherwise. + */ static void secp256k1_fe_set_int(secp256k1_fe *r, int a); /** Sets a field element equal to zero, initializing all fields. */ diff --git a/src/field_10x26_impl.h b/src/field_10x26_impl.h index cf6456e825205..4363e727e76e8 100644 --- a/src/field_10x26_impl.h +++ b/src/field_10x26_impl.h @@ -264,6 +264,7 @@ static int secp256k1_fe_normalizes_to_zero_var(const secp256k1_fe *r) { } SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe *r, int a) { + VERIFY_CHECK(0 <= a && a <= 0x7FFF); r->n[0] = a; r->n[1] = r->n[2] = r->n[3] = r->n[4] = r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0; #ifdef VERIFY diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h index afea1c48ed4c0..b56bdd13534c4 100644 --- a/src/field_5x52_impl.h +++ b/src/field_5x52_impl.h @@ -227,6 +227,7 @@ static int secp256k1_fe_normalizes_to_zero_var(const secp256k1_fe *r) { } SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe *r, int a) { + VERIFY_CHECK(0 <= a && a <= 0x7FFF); r->n[0] = a; r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0; #ifdef VERIFY