2018-07-24 03:47:47 +03:00
|
|
|
// Copyright 2015 Jeffrey Wilcke, Felix Lange, Gustav Simonsson. All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style license that can be found in
|
|
|
|
// the LICENSE file.
|
2015-11-16 19:04:56 +02:00
|
|
|
|
2021-08-25 19:46:29 +03:00
|
|
|
//go:build !gofuzz && cgo
|
|
|
|
// +build !gofuzz,cgo
|
crypto/secp256k1: fix undefined behavior in BitCurve.Add (#22621)
This commit changes the behavior of BitCurve.Add to be more inline
with btcd. It fixes two different bugs:
1) When adding a point at infinity to another point, the other point
should be returned. While this is undefined behavior, it is better
to be more inline with the go standard library.
Thus (0,0) + (a, b) = (a,b)
2) Adding the same point to itself produced the point at infinity.
This is incorrect, now doubleJacobian is used to correctly calculate it.
Thus (a,b) + (a,b) == 2* (a,b) and not (0,0) anymore.
The change also adds a differential fuzzer for Add, testing it against btcd.
Co-authored-by: Felix Lange <fjl@twurst.com>
2021-05-27 14:30:25 +03:00
|
|
|
|
2015-11-16 19:04:56 +02:00
|
|
|
package secp256k1
|
|
|
|
|
|
|
|
import "C"
|
|
|
|
import "unsafe"
|
|
|
|
|
|
|
|
// Callbacks for converting libsecp256k1 internal faults into
|
|
|
|
// recoverable Go panics.
|
|
|
|
|
|
|
|
//export secp256k1GoPanicIllegal
|
|
|
|
func secp256k1GoPanicIllegal(msg *C.char, data unsafe.Pointer) {
|
|
|
|
panic("illegal argument: " + C.GoString(msg))
|
|
|
|
}
|
|
|
|
|
|
|
|
//export secp256k1GoPanicError
|
|
|
|
func secp256k1GoPanicError(msg *C.char, data unsafe.Pointer) {
|
|
|
|
panic("internal error: " + C.GoString(msg))
|
|
|
|
}
|