aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2018-07-25 10:10:46 +0100
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2018-09-11 13:38:16 +0000
commit7ed496cc780489f9bb8fe13c4d97885666e0dfaf (patch)
tree30a8184777b05cd0ab54739395bc957a74838ac1
parentcryptonote_basic: check output type before using it (diff)
downloadmonero-7ed496cc780489f9bb8fe13c4d97885666e0dfaf.tar.xz
ringct: error out when hashToPoint* returns the point at infinity
Reported by QuarksLab.
-rw-r--r--src/ringct/bulletproofs.cc4
-rw-r--r--src/ringct/rctSigs.cpp1
2 files changed, 4 insertions, 1 deletions
diff --git a/src/ringct/bulletproofs.cc b/src/ringct/bulletproofs.cc
index 3f4a6fd10..2964fc469 100644
--- a/src/ringct/bulletproofs.cc
+++ b/src/ringct/bulletproofs.cc
@@ -130,7 +130,9 @@ static rct::key get_exponent(const rct::key &base, size_t idx)
{
static const std::string salt("bulletproof");
std::string hashed = std::string((const char*)base.bytes, sizeof(base)) + salt + tools::get_varint_data(idx);
- return rct::hashToPoint(rct::hash2rct(crypto::cn_fast_hash(hashed.data(), hashed.size())));
+ const rct::key e = rct::hashToPoint(rct::hash2rct(crypto::cn_fast_hash(hashed.data(), hashed.size())));
+ CHECK_AND_ASSERT_THROW_MES(!(e == rct::identity()), "Exponent is point at infinity");
+ return e;
}
static void init_exponents()
diff --git a/src/ringct/rctSigs.cpp b/src/ringct/rctSigs.cpp
index ae58ad12c..e98e62903 100644
--- a/src/ringct/rctSigs.cpp
+++ b/src/ringct/rctSigs.cpp
@@ -277,6 +277,7 @@ namespace rct {
for (j = 0; j < dsRows; j++) {
addKeys2(L, rv.ss[i][j], c_old, pk[i][j]);
hashToPoint(Hi, pk[i][j]);
+ CHECK_AND_ASSERT_MES(!(Hi == rct::identity()), false, "Data hashed to point at infinity");
addKeys3(R, rv.ss[i][j], Hi, c_old, Ip[j].k);
toHash[3 * j + 1] = pk[i][j];
toHash[3 * j + 2] = L;