Separate secp256k1_fe_set_int( . , 0 ) from secp256k1_fe_clear()

real-or-random · isle2983 · theStack · commit d79a6ccd43ae · 2024-10-25T18:44:48.000+02:00
There are two uses of the secp256k1_fe_clear() function that are now separated
into these two functions in order to reflect the intent:

1) initializing the memory prior to being used -&gt; converted to fe_set_int( . , 0 )
2) zeroing the memory after being used such that no sensitive data remains. -&gt;
    remains as fe_clear()

In the latter case, 'magnitude' and 'normalized' need to be overwritten when
VERIFY is enabled.

Co-Authored-By: isle2983 &lt;isle2983@yahoo.com&gt;
diff --git a/src/field.h b/src/field.h
@@ -144,11 +144,7 @@ static int secp256k1_fe_normalizes_to_zero_var(const secp256k1_fe *r);
  */
 static void secp256k1_fe_set_int(secp256k1_fe *r, int a);
 
-/** Set a field element to 0.
- *
- * On input, a does not need to be initialized.
- * On output, a represents 0, is normalized and has magnitude 0.
- */
+/** Clear a field element to prevent leaking sensitive information. */
 static void secp256k1_fe_clear(secp256k1_fe *a);
 
 /** Determine whether a represents field element 0.
diff --git a/src/field_impl.h b/src/field_impl.h
@@ -235,7 +235,7 @@ SECP256K1_INLINE static void secp256k1_fe_add_int(secp256k1_fe *r, int a) {
 static void secp256k1_fe_impl_clear(secp256k1_fe *a);
 SECP256K1_INLINE static void secp256k1_fe_clear(secp256k1_fe *a) {
     a->magnitude = 0;
-    a->normalized = 1;
+    a->normalized = 0;
     secp256k1_fe_impl_clear(a);
 
     SECP256K1_FE_VERIFY(a);
diff --git a/src/group_impl.h b/src/group_impl.h
@@ -283,17 +283,17 @@ static void secp256k1_ge_table_set_globalz(size_t len, secp256k1_ge *a, const se
 
 static void secp256k1_gej_set_infinity(secp256k1_gej *r) {
     r->infinity = 1;
-    secp256k1_fe_clear(&r->x);
-    secp256k1_fe_clear(&r->y);
-    secp256k1_fe_clear(&r->z);
+    secp256k1_fe_set_int(&r->x, 0);
+    secp256k1_fe_set_int(&r->y, 0);
+    secp256k1_fe_set_int(&r->z, 0);
 
     SECP256K1_GEJ_VERIFY(r);
 }
 
 static void secp256k1_ge_set_infinity(secp256k1_ge *r) {
     r->infinity = 1;
-    secp256k1_fe_clear(&r->x);
-    secp256k1_fe_clear(&r->y);
+    secp256k1_fe_set_int(&r->x, 0);
+    secp256k1_fe_set_int(&r->y, 0);
 
     SECP256K1_GE_VERIFY(r);
 }
diff --git a/src/testutil.h b/src/testutil.h
@@ -34,7 +34,7 @@ static void testutil_random_fe_magnitude(secp256k1_fe *fe, int m) {
     if (n == 0) {
         return;
     }
-    secp256k1_fe_clear(&zero);
+    secp256k1_fe_set_int(&zero, 0);
     secp256k1_fe_negate(&zero, &zero, 0);
     secp256k1_fe_mul_int_unchecked(&zero, n - 1);
     secp256k1_fe_add(fe, &zero);

Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ static void testutil_random_fe_magnitude(secp256k1_fe *fe, int m) {`
`34`	`34`	`if (n == 0) {`
`35`	`35`	`return;`
`36`	`36`	`}`
`37`		`- secp256k1_fe_clear(&zero);`
	`37`	`+ secp256k1_fe_set_int(&zero, 0);`
`38`	`38`	`secp256k1_fe_negate(&zero, &zero, 0);`
`39`	`39`	`secp256k1_fe_mul_int_unchecked(&zero, n - 1);`
`40`	`40`	`secp256k1_fe_add(fe, &zero);`