From 8193edd493320ba4e23a32cafb0fe01278d0ec9e Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Tue, 16 Oct 2018 15:09:54 +0000 Subject: [PATCH] f batch verification n_sigs limit and ecmult_callback scalar copy --- include/secp256k1_schnorrsig.h | 4 ++-- src/modules/schnorrsig/main_impl.h | 9 ++++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/include/secp256k1_schnorrsig.h b/include/secp256k1_schnorrsig.h index f4cc68fa66..36f5df28df 100644 --- a/include/secp256k1_schnorrsig.h +++ b/include/secp256k1_schnorrsig.h @@ -101,8 +101,8 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorrsig_verify( * msg32: array of messages, or NULL if there are no signatures * pk: array of public keys, or NULL if there are no signatures * n_sigs: number of signatures in above arrays. Must be smaller than - * 2^31 and smaller than 2^(sizeof(size_t)*8-1) i.e. half the - * maximum size_t value. Must be 0 if above arrays are NULL. + * 2^31 and smaller than half the maximum size_t value. Must be 0 + * if above arrays are NULL. */ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorrsig_verify_batch( const secp256k1_context* ctx, diff --git a/src/modules/schnorrsig/main_impl.h b/src/modules/schnorrsig/main_impl.h index 38a3325965..4e4baffc54 100644 --- a/src/modules/schnorrsig/main_impl.h +++ b/src/modules/schnorrsig/main_impl.h @@ -191,8 +191,7 @@ static int secp256k1_schnorrsig_verify_batch_ecmult_callback(secp256k1_scalar *s /* R */ if (idx % 2 == 0) { secp256k1_fe rx; - secp256k1_scalar_clear(sc); - secp256k1_scalar_add(sc, sc, &ecmult_context->randomizer_cache[(idx / 2) % 2]); + *sc = ecmult_context->randomizer_cache[(idx / 2) % 2]; if (!secp256k1_fe_set_b32(&rx, &ecmult_context->sig[idx / 2]->data[0])) { return 0; } @@ -308,9 +307,9 @@ int secp256k1_schnorrsig_verify_batch(const secp256k1_context *ctx, secp256k1_sc ARG_CHECK(scratch != NULL); /* Check that n_sigs is less than half of the maximum size_t value. This is necessary because * the number of points given to ecmult_multi is 2*n_sigs. */ - ARG_CHECK(n_sigs < (size_t)1 << (sizeof(size_t)*8-1)); - /* Check that n_sigs is less 2^31 to ensure the same behavior of this function on 32-bit and - * 64-bit platforms. */ + ARG_CHECK(n_sigs <= (size_t)-1 / 2); + /* Check that n_sigs is less than 2^31 to ensure the same behavior of this function on 32-bit + * and 64-bit platforms. */ ARG_CHECK(n_sigs < (size_t)(1 << 31)); secp256k1_sha256_initialize(&sha);