From 70d46401728699b49a2489ce0943d14764b55bd5 Mon Sep 17 00:00:00 2001 From: Gregory Maxwell Date: Mon, 19 Oct 2015 23:30:27 +0000 Subject: [PATCH] Make secp256k1_ec_pubkey_create skip processing invalid secret keys. This makes it somewhat less constant time in error conditions, but avoids encountering an internal assertion failure when trying to write out the point at infinity. --- src/secp256k1.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/secp256k1.c b/src/secp256k1.c index 9529d9f6bc2..a9e5a6d0816 100644 --- a/src/secp256k1.c +++ b/src/secp256k1.c @@ -399,13 +399,13 @@ int secp256k1_ec_pubkey_create(const secp256k1_context* ctx, secp256k1_pubkey *p secp256k1_scalar_set_b32(&sec, seckey, &overflow); ret = (!overflow) & (!secp256k1_scalar_is_zero(&sec)); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pj, &sec); - secp256k1_ge_set_gej(&p, &pj); - secp256k1_pubkey_save(pubkey, &p); - secp256k1_scalar_clear(&sec); - if (!ret) { - memset(pubkey, 0, sizeof(*pubkey)); + memset(pubkey, 0, sizeof(*pubkey)); + if (ret) { + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pj, &sec); + secp256k1_ge_set_gej(&p, &pj); + secp256k1_pubkey_save(pubkey, &p); } + secp256k1_scalar_clear(&sec); return ret; }