overflow check in inc_aggregate

BlockstreamResearch · Oct 12, 2023 · 6c03afa · 6c03afa
1 parent a469204
commit 6c03afa
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/src/modules/schnorrsig/main_impl.h b/src/modules/schnorrsig/main_impl.h
@@ -351,10 +351,14 @@ int secp256k1_schnorrsig_inc_aggregate(const secp256k1_context *ctx, unsigned ch
  hashcopy = hash;
  /* 1.c) Finalize the copy to get zi*/
  secp256k1_sha256_finalize(&hashcopy, hashoutput);
+ /* Note: No need to check overflow, comes from hash */
  secp256k1_scalar_set_b32(&zi, hashoutput, NULL);
 
- /* Step2: s := s + zi*si */
- secp256k1_scalar_set_b32(&si, &new_sigs64[(i-n_before)*64+32], NULL);
+ /* Step 2: s := s + zi*si */
+ secp256k1_scalar_set_b32(&si, &new_sigs64[(i-n_before)*64+32], &overflow);
+ if (overflow) {
+ return 0;
+ }
  secp256k1_scalar_mul(&si, &si, &zi);
  secp256k1_scalar_add(&s, &s, &si);
  }