Skip to content

Commit e53ed2e

Browse files
roconnor-blockstreamroconnor-blockstream
committed
f can never equal -m
In fact, before reaching this particular VERIFY_CHECK, we had already successfully passed through VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, -1) > 0); /* f > -modulus */ ensuring that f is not -m.
1 parent 1988855 commit e53ed2e

File tree

2 files changed

+4
-6
lines changed

2 files changed

+4
-6
lines changed

src/modinv32_impl.h

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -643,13 +643,12 @@ static void secp256k1_modinv32_var(secp256k1_modinv32_signed30 *x, const secp256
643643

644644
/* g == 0 */
645645
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, len, &SECP256K1_SIGNED30_ONE, 0) == 0);
646-
/* |f| == 1, or (x == 0 and d == 0 and |f|=modulus) */
646+
/* |f| == 1, or (x == 0 and d == 0 and f=modulus) */
647647
VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, len, &SECP256K1_SIGNED30_ONE, -1) == 0 ||
648648
secp256k1_modinv32_mul_cmp_30(&f, len, &SECP256K1_SIGNED30_ONE, 1) == 0 ||
649649
(secp256k1_modinv32_mul_cmp_30(x, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 &&
650650
secp256k1_modinv32_mul_cmp_30(&d, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 &&
651-
(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) == 0 ||
652-
secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, -1) == 0)));
651+
secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) == 0));
653652

654653
/* Optionally negate d, normalize to [0,modulus), and return it. */
655654
secp256k1_modinv32_normalize_30(&d, f.v[len - 1], modinfo);

src/modinv64_impl.h

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -698,13 +698,12 @@ static void secp256k1_modinv64_var(secp256k1_modinv64_signed62 *x, const secp256
698698

699699
/* g == 0 */
700700
VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&g, len, &SECP256K1_SIGNED62_ONE, 0) == 0);
701-
/* |f| == 1, or (x == 0 and d == 0 and |f|=modulus) */
701+
/* |f| == 1, or (x == 0 and d == 0 and f=modulus) */
702702
VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, len, &SECP256K1_SIGNED62_ONE, -1) == 0 ||
703703
secp256k1_modinv64_mul_cmp_62(&f, len, &SECP256K1_SIGNED62_ONE, 1) == 0 ||
704704
(secp256k1_modinv64_mul_cmp_62(x, 5, &SECP256K1_SIGNED62_ONE, 0) == 0 &&
705705
secp256k1_modinv64_mul_cmp_62(&d, 5, &SECP256K1_SIGNED62_ONE, 0) == 0 &&
706-
(secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 1) == 0 ||
707-
secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, -1) == 0)));
706+
secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 1) == 0));
708707

709708
/* Optionally negate d, normalize to [0,modulus), and return it. */
710709
secp256k1_modinv64_normalize_62(&d, f.v[len - 1], modinfo);

0 commit comments

Comments
 (0)