From 3d635c544e7e96a24c972e4f5f5710ead8ffca84 Mon Sep 17 00:00:00 2001 From: Abd ar-Rahman Hamidi Date: Tue, 17 Nov 2020 15:47:17 +0500 Subject: [PATCH] crypto/secp256k1: add checking z sign in affineFromJacobian (#18419) The z == 0 check is hit whenever we Add two points with the same x1/x2 coordinate. crypto/elliptic uses the same check in their affineFromJacobian function. This change does not affect block processing or tx signature verification in any way, because it does not use the Add or Double methods. --- crypto/secp256k1/curve.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/secp256k1/curve.go b/crypto/secp256k1/curve.go index a12752e77b..ecf7a238f0 100644 --- a/crypto/secp256k1/curve.go +++ b/crypto/secp256k1/curve.go @@ -96,6 +96,10 @@ func (BitCurve *BitCurve) IsOnCurve(x, y *big.Int) bool { // affineFromJacobian reverses the Jacobian transform. See the comment at the // top of the file. func (BitCurve *BitCurve) affineFromJacobian(x, y, z *big.Int) (xOut, yOut *big.Int) { + if z.Sign() == 0 { + return new(big.Int), new(big.Int) + } + zinv := new(big.Int).ModInverse(z, BitCurve.P) zinvsq := new(big.Int).Mul(zinv, zinv)