From b989f937650d2f0dc26bbbcc6843e05665b43a83 Mon Sep 17 00:00:00 2001 From: Benedikt Date: Thu, 12 Oct 2023 15:32:13 +0200 Subject: [PATCH] overflow check in inc_aggregate --- src/modules/schnorrsig/main_impl.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/modules/schnorrsig/main_impl.h b/src/modules/schnorrsig/main_impl.h index c443ed688..d3826139b 100644 --- a/src/modules/schnorrsig/main_impl.h +++ b/src/modules/schnorrsig/main_impl.h @@ -351,10 +351,14 @@ int secp256k1_schnorrsig_inc_aggregate(const secp256k1_context *ctx, unsigned ch hashcopy = hash; /* 1.c) Finalize the copy to get zi*/ secp256k1_sha256_finalize(&hashcopy, hashoutput); + /* Note: No need to check overflow, comes from hash */ secp256k1_scalar_set_b32(&zi, hashoutput, NULL); - /* Step2: s := s + zi*si */ - secp256k1_scalar_set_b32(&si, &new_sigs64[(i-n_before)*64+32], NULL); + /* Step 2: s := s + zi*si */ + secp256k1_scalar_set_b32(&si, &new_sigs64[(i-n_before)*64+32], &overflow); + if (overflow) { + return 0; + } secp256k1_scalar_mul(&si, &si, &zi); secp256k1_scalar_add(&s, &s, &si); }