From c36ea26e5c6b94f107cc1aeb02a45cfc5a7c38ef Mon Sep 17 00:00:00 2001
From: koe <ukoe@protonmail.com>
Date: Mon, 8 Nov 2021 18:14:17 -0600
Subject: fix ge_p3_is_point_at_infinity(), which is evaluating field elements
 that haven't been reduced by the field order

---
 src/ringct/multiexp.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/ringct/multiexp.cc')

diff --git a/src/ringct/multiexp.cc b/src/ringct/multiexp.cc
index 784c90a4e..f256325a1 100644
--- a/src/ringct/multiexp.cc
+++ b/src/ringct/multiexp.cc
@@ -235,7 +235,7 @@ rct::key bos_coster_heap_conv_robust(std::vector<MultiexpData> data)
   heap.reserve(points);
   for (size_t n = 0; n < points; ++n)
   {
-    if (!(data[n].scalar == rct::zero()) && !ge_p3_is_point_at_infinity(&data[n].point))
+    if (!(data[n].scalar == rct::zero()) && !ge_p3_is_point_at_infinity_vartime(&data[n].point))
       heap.push_back(n);
   }
   points = heap.size();
@@ -457,7 +457,7 @@ rct::key straus(const std::vector<MultiexpData> &data, const std::shared_ptr<str
   MULTIEXP_PERF(PERF_TIMER_START_UNIT(skip, 1000000));
   std::vector<uint8_t> skip(data.size());
   for (size_t i = 0; i < data.size(); ++i)
-    skip[i] = data[i].scalar == rct::zero() || ge_p3_is_point_at_infinity(&data[i].point);
+    skip[i] = data[i].scalar == rct::zero() || ge_p3_is_point_at_infinity_vartime(&data[i].point);
   MULTIEXP_PERF(PERF_TIMER_STOP(skip));
 #endif
 
-- 
cgit v1.2.3