diff --git a/src/field.h b/src/field.h index 854aaebab..55679a2fc 100644 --- a/src/field.h +++ b/src/field.h @@ -14,8 +14,8 @@ * - Each field element can be normalized or not. * - Each field element has a magnitude, which represents how far away * its representation is away from normalization. Normalized elements - * always have a magnitude of 1, but a magnitude of 1 doesn't imply - * normality. + * always have a magnitude of 0 or 1, but a magnitude of 1 doesn't + * imply normality. */ #if defined HAVE_CONFIG_H @@ -50,7 +50,9 @@ static int secp256k1_fe_normalizes_to_zero(const secp256k1_fe *r); * without constant-time guarantee. */ static int secp256k1_fe_normalizes_to_zero_var(const secp256k1_fe *r); -/** Set a field element equal to a small integer. Resulting field element is normalized. */ +/** Set a field element equal to a small (not greater than 0x7FFF), non-negative integer. + * Resulting field element is normalized; it has magnitude 0 if a == 0, and magnitude 1 otherwise. + */ static void secp256k1_fe_set_int(secp256k1_fe *r, int a); /** Sets a field element equal to zero, initializing all fields. */ diff --git a/src/field_10x26_impl.h b/src/field_10x26_impl.h index 724474906..4363e727e 100644 --- a/src/field_10x26_impl.h +++ b/src/field_10x26_impl.h @@ -264,10 +264,11 @@ static int secp256k1_fe_normalizes_to_zero_var(const secp256k1_fe *r) { } SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe *r, int a) { + VERIFY_CHECK(0 <= a && a <= 0x7FFF); r->n[0] = a; r->n[1] = r->n[2] = r->n[3] = r->n[4] = r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0; #ifdef VERIFY - r->magnitude = 1; + r->magnitude = (a != 0); r->normalized = 1; secp256k1_fe_verify(r); #endif diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h index ed52297e9..b56bdd135 100644 --- a/src/field_5x52_impl.h +++ b/src/field_5x52_impl.h @@ -227,10 +227,11 @@ static int secp256k1_fe_normalizes_to_zero_var(const secp256k1_fe *r) { } SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe *r, int a) { + VERIFY_CHECK(0 <= a && a <= 0x7FFF); r->n[0] = a; r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0; #ifdef VERIFY - r->magnitude = 1; + r->magnitude = (a != 0); r->normalized = 1; secp256k1_fe_verify(r); #endif