crypto/secp256k1: add checking z sign in affineFromJacobian (#18419)

The z == 0 check is hit whenever we Add two points with the same x1/x2
coordinate. crypto/elliptic uses the same check in their affineFromJacobian
function. This change does not affect block processing or tx signature verification
in any way, because it does not use the Add or Double methods.
This commit is contained in:
Abd ar-Rahman Hamidi 2020-11-17 15:47:17 +05:00 committed by Igor Mandrigin
parent 5e5f43ad88
commit ff28ab5bbc

View File

@ -116,6 +116,10 @@ func (BitCurve *BitCurve) IsOnCurve(x, y *big.Int) bool {
// affineFromJacobian reverses the Jacobian transform. See the comment at the // affineFromJacobian reverses the Jacobian transform. See the comment at the
// top of the file. // top of the file.
func (BitCurve *BitCurve) affineFromJacobian(x, y, z *big.Int) (xOut, yOut *big.Int) { func (BitCurve *BitCurve) affineFromJacobian(x, y, z *big.Int) (xOut, yOut *big.Int) {
if z.Sign() == 0 {
return new(big.Int), new(big.Int)
}
zinv := new(big.Int).ModInverse(z, BitCurve.P) zinv := new(big.Int).ModInverse(z, BitCurve.P)
zinvsq := new(big.Int).Mul(zinv, zinv) zinvsq := new(big.Int).Mul(zinv, zinv)