Improve VERIFY_CHECK of overflow in secp256k1_scalar_cadd_bit.

This added check ensures that any curve order overflow doesn't go undetected due a uint32_t overflow.
bitcoin-core · Jul 5, 2019 · 57f25c8 · 57f25c8
1 parent 8fe63e5
commit 57f25c8
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/scalar_low_impl.h b/src/scalar_low_impl.h
@@ -40,6 +40,8 @@ static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int
     if (flag && bit < 32)
         *r += ((uint32_t)1 << bit);
 #ifdef VERIFY
+    VERIFY_CHECK(bit < 32);
+    VERIFY_CHECK(((uint32_t)1 << bit) - 1 <= UINT32_MAX - EXHAUSTIVE_TEST_ORDER);
     VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0);
 #endif
 }