Allow secp256k1_split_lambda_verify to pass even in the prensence of …

…GCC bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95189.
bitcoin-core · Sep 23, 2020 · d91408e · d91408e
1 parent aa83360
commit d91408e
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/src/scalar_impl.h b/src/scalar_impl.h
@@ -432,16 +432,16 @@ static void secp256k1_scalar_split_lambda_verify(const secp256k1_scalar *r1, con
         0x122E22EAUL, 0x20816678UL, 0xDF02967CUL, 0x1B23BD72UL
     );
 
-    /* (a1 + a2 + 1)/2 is 0xa2a8918ca85bafe22016d0b917e4dd77 */
+    /* (a1 + a2 - 1)/2 is 0xa2a8918ca85bafe22016d0b917e4dd76 */
     static const unsigned char k1_bound[32] = {
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0xa2, 0xa8, 0x91, 0x8c, 0xa8, 0x5b, 0xaf, 0xe2, 0x20, 0x16, 0xd0, 0xb9, 0x17, 0xe4, 0xdd, 0x77
+        0xa2, 0xa8, 0x91, 0x8c, 0xa8, 0x5b, 0xaf, 0xe2, 0x20, 0x16, 0xd0, 0xb9, 0x17, 0xe4, 0xdd, 0x76
     };
 
-    /* (-b1 + b2)/2 + 1 is 0x8a65287bd47179fb2be08846cea267ed */
+    /* (-b1 + b2)/2 is 0x8a65287bd47179fb2be08846cea267ec */
     static const unsigned char k2_bound[32] = {
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x8a, 0x65, 0x28, 0x7b, 0xd4, 0x71, 0x79, 0xfb, 0x2b, 0xe0, 0x88, 0x46, 0xce, 0xa2, 0x67, 0xed
+        0x8a, 0x65, 0x28, 0x7b, 0xd4, 0x71, 0x79, 0xfb, 0x2b, 0xe0, 0x88, 0x46, 0xce, 0xa2, 0x67, 0xec
     };
 
     secp256k1_scalar_mul(&s, &lambda, r2);
@@ -451,12 +451,12 @@ static void secp256k1_scalar_split_lambda_verify(const secp256k1_scalar *r1, con
     secp256k1_scalar_negate(&s, r1);
     secp256k1_scalar_get_b32(buf1, r1);
     secp256k1_scalar_get_b32(buf2, &s);
-    VERIFY_CHECK(memcmp(buf1, k1_bound, 32) < 0 || memcmp(buf2, k1_bound, 32) < 0);
+    VERIFY_CHECK(memcmp(buf1, k1_bound, 32) <= 0 || memcmp(buf2, k1_bound, 32) <= 0);
 
     secp256k1_scalar_negate(&s, r2);
     secp256k1_scalar_get_b32(buf1, r2);
     secp256k1_scalar_get_b32(buf2, &s);
-    VERIFY_CHECK(memcmp(buf1, k2_bound, 32) < 0 || memcmp(buf2, k2_bound, 32) < 0);
+    VERIFY_CHECK(memcmp(buf1, k2_bound, 32) <= 0 || memcmp(buf2, k2_bound, 32) <= 0);
 }
 #endif