diff options
author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2018-07-25 10:10:46 +0100 |
---|---|---|
committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2018-09-11 13:38:16 +0000 |
commit | 7ed496cc780489f9bb8fe13c4d97885666e0dfaf (patch) | |
tree | 30a8184777b05cd0ab54739395bc957a74838ac1 | |
parent | cryptonote_basic: check output type before using it (diff) | |
download | monero-7ed496cc780489f9bb8fe13c4d97885666e0dfaf.tar.xz |
ringct: error out when hashToPoint* returns the point at infinity
Reported by QuarksLab.
-rw-r--r-- | src/ringct/bulletproofs.cc | 4 | ||||
-rw-r--r-- | src/ringct/rctSigs.cpp | 1 |
2 files changed, 4 insertions, 1 deletions
diff --git a/src/ringct/bulletproofs.cc b/src/ringct/bulletproofs.cc index 3f4a6fd10..2964fc469 100644 --- a/src/ringct/bulletproofs.cc +++ b/src/ringct/bulletproofs.cc @@ -130,7 +130,9 @@ static rct::key get_exponent(const rct::key &base, size_t idx) { static const std::string salt("bulletproof"); std::string hashed = std::string((const char*)base.bytes, sizeof(base)) + salt + tools::get_varint_data(idx); - return rct::hashToPoint(rct::hash2rct(crypto::cn_fast_hash(hashed.data(), hashed.size()))); + const rct::key e = rct::hashToPoint(rct::hash2rct(crypto::cn_fast_hash(hashed.data(), hashed.size()))); + CHECK_AND_ASSERT_THROW_MES(!(e == rct::identity()), "Exponent is point at infinity"); + return e; } static void init_exponents() diff --git a/src/ringct/rctSigs.cpp b/src/ringct/rctSigs.cpp index ae58ad12c..e98e62903 100644 --- a/src/ringct/rctSigs.cpp +++ b/src/ringct/rctSigs.cpp @@ -277,6 +277,7 @@ namespace rct { for (j = 0; j < dsRows; j++) { addKeys2(L, rv.ss[i][j], c_old, pk[i][j]); hashToPoint(Hi, pk[i][j]); + CHECK_AND_ASSERT_MES(!(Hi == rct::identity()), false, "Data hashed to point at infinity"); addKeys3(R, rv.ss[i][j], Hi, c_old, Ip[j].k); toHash[3 * j + 1] = pk[i][j]; toHash[3 * j + 2] = L; |