Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

f can never equal -m #1603

Merged
merged 1 commit into from
Oct 8, 2024
Merged

f can never equal -m #1603

merged 1 commit into from
Oct 8, 2024

Conversation

roconnor-blockstream
Copy link
Contributor

@roconnor-blockstream roconnor-blockstream commented Sep 6, 2024
edited
Loading

In fact, before reaching this particular VERIFY_CHECK, we had already successfully passed through

VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, -1) > 0); /* f > -modulus */

ensuring that f is not -m.

real-or-random
real-or-random approved these changes Sep 25, 2024
View reviewed changes
Copy link
Contributor

@real-or-random real-or-random left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay yes. All VERIFY_CHECKs are redundant in a sense, but this one is really covered by another VERIFY_CHECK already.

utACK e53ed2e

src/modinv32_impl.h Outdated
@@ -643,13 +643,12 @@ static void secp256k1_modinv32_var(secp256k1_modinv32_signed30 *x, const secp256

/* g == 0 */
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, len, &SECP256K1_SIGNED30_ONE, 0) == 0);
/* |f| == 1, or (x == 0 and d == 0 and |f|=modulus) */
/* |f| == 1, or (x == 0 and d == 0 and f=modulus) */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

micro-nit:

Suggested change
/* |f| == 1, or (x == 0 and d == 0 and f=modulus) */
/* |f| == 1, or (x == 0 and d == 0 and f == modulus) */

@roconnor-blockstream
Copy link
Contributor Author

Just to be clear, this PR isn't removing a redundant check, it is strengthening the existing check by removing a disjunctive clause.

@real-or-random
Copy link
Contributor

Just to be clear, this PR isn't removing a redundant check, it is strengthening the existing check by removing a disjunctive clause.

Oh, right, I got this wrong. But I still think the change makes sense.

@roconnor-blockstream
f can never equal -m
ef7ff03 
In fact, before reaching this particular VERIFY_CHECK, we had already successfully passed through

    VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, -1) > 0); /* f > -modulus */

ensuring that f is not -m.
@roconnor-blockstream
Copy link
Contributor Author

Done. I've also added the same change to the constant-time versions of these functions.

real-or-random
real-or-random approved these changes Sep 25, 2024
View reviewed changes
Copy link
Contributor

@real-or-random real-or-random left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK ef7ff03

(There seems to be some CI hiccup unrelated to this PR.)

@sipa
Copy link
Contributor

sipa commented Oct 7, 2024

ACK ef7ff03

@real-or-random real-or-random merged commit a88aa93 into bitcoin-core:master Oct 8, 2024
124 checks passed
achow101 added a commit to achow101/bitcoin that referenced this pull request Oct 12, 2024
@achow101
Squashed 'src/secp256k1/' changes from 2f2ccc46954..a88aa935063
5a0d3f1 
a88aa935063 Merge bitcoin-core/secp256k1#1603: f can never equal -m
3660fe5e2a9 Merge bitcoin-core/secp256k1#1479: Add module "musig" that implements MuSig2 multi-signatures (BIP 327)
168c92011f5 build: allow enabling the musig module in cmake
f411841a46b Add module "musig" that implements MuSig2 multi-signatures (BIP 327)
0be79660f38 util: add constant-time is_zero_array function
c8fbdb1b972 group: add ge_to_bytes_ext and ge_from_bytes_ext
ef7ff03407f f can never equal -m
4c57c7a5a95 Merge bitcoin-core/secp256k1#1554: cmake: Clean up testing code
472faaa8ee6 Merge bitcoin-core/secp256k1#1604: doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description
292310fbb24 doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description
85e224dd97f group: add ge_to_bytes and ge_from_bytes
7c987ec89e6 cmake: Call `enable_testing()` unconditionally
6aa576515ef cmake: Delete `CTest` module

git-subtree-dir: src/secp256k1
git-subtree-split: a88aa9350633c2d2472bace5c290aa291c7f12c9
hebasto added a commit to hebasto/bitcoin that referenced this pull request Oct 16, 2024
@hebasto
Squashed 'src/secp256k1/' changes from 2f2ccc4695..4f64b9f4cd
5c425b5 
4f64b9f4cd build: Drop no longer needed  `-fvisibility=hidden` compiler option
5d978f1899 ci: Run `tools/symbol-check.py`
258dba9e11 test: Add `tools/symbol-check.py`
3144ba99f3 Introduce `SECP256K1_LOCAL_VAR` macro
e2571385e0 Do not export `secp256k1_musig_nonce_gen_internal`
e59158b6eb Merge bitcoin-core/secp256k1#1553: cmake: Set top-level target output locations
18f9b967c2 Merge bitcoin-core/secp256k1#1616: examples: do not retry generating seckey randomness in musig
5bab8f6d3c examples: make key generation doc consistent
e8908221a4 examples: do not retry generating seckey randomness in musig
70b6be1834 extrakeys: improve doc of keypair_create (don't suggest retry)
01b5893389 Merge bitcoin-core/secp256k1#1599: bitcoin#1570 improve examples: remove key generation loop
cd4f84f3ba Improve examples/documentation: remove key generation loops
a88aa93506 Merge bitcoin-core/secp256k1#1603: f can never equal -m
3660fe5e2a Merge bitcoin-core/secp256k1#1479: Add module "musig" that implements MuSig2 multi-signatures (BIP 327)
168c92011f build: allow enabling the musig module in cmake
f411841a46 Add module "musig" that implements MuSig2 multi-signatures (BIP 327)
0be79660f3 util: add constant-time is_zero_array function
c8fbdb1b97 group: add ge_to_bytes_ext and ge_from_bytes_ext
ef7ff03407 f can never equal -m
c232486d84 Revert "cmake: Set `ENVIRONMENT` property for examples on Windows"
26e4a7c214 cmake: Set top-level target output locations
4c57c7a5a9 Merge bitcoin-core/secp256k1#1554: cmake: Clean up testing code
472faaa8ee Merge bitcoin-core/secp256k1#1604: doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description
292310fbb2 doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description
85e224dd97 group: add ge_to_bytes and ge_from_bytes
7c987ec89e cmake: Call `enable_testing()` unconditionally
6aa576515e cmake: Delete `CTest` module

git-subtree-dir: src/secp256k1
git-subtree-split: 4f64b9f4cdf130d2c6d6b7bd855a04faf6f88e08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@real-or-random real-or-random real-or-random approved these changes

Assignees
No one assigned
Labels
assurance refactor/smell
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@roconnor-blockstream @real-or-random @sipa