Make secp256k1_ec_pubkey_create skip processing invalid secret keys.

This makes it somewhat less constant time in error conditions, but
 avoids encountering an internal assertion failure when trying
 to write out the point at infinity.
This commit is contained in:
Gregory Maxwell 2015-10-19 23:30:27 +00:00
parent 6c476a8a9b
commit 70d4640172

View file

@ -399,13 +399,13 @@ int secp256k1_ec_pubkey_create(const secp256k1_context* ctx, secp256k1_pubkey *p
secp256k1_scalar_set_b32(&sec, seckey, &overflow); secp256k1_scalar_set_b32(&sec, seckey, &overflow);
ret = (!overflow) & (!secp256k1_scalar_is_zero(&sec)); ret = (!overflow) & (!secp256k1_scalar_is_zero(&sec));
secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pj, &sec); memset(pubkey, 0, sizeof(*pubkey));
secp256k1_ge_set_gej(&p, &pj); if (ret) {
secp256k1_pubkey_save(pubkey, &p); secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pj, &sec);
secp256k1_scalar_clear(&sec); secp256k1_ge_set_gej(&p, &pj);
if (!ret) { secp256k1_pubkey_save(pubkey, &p);
memset(pubkey, 0, sizeof(*pubkey));
} }
secp256k1_scalar_clear(&sec);
return ret; return ret;
} }