Merge bitcoin-core/secp256k1#1349: Normalize ge produced from secp256k1_pubkey_load

real-or-random · real-or-random · commit 30574f22ea0d · 2023-06-18T20:34:43.000+02:00
f165252 Normalize ge produced from secp256k1_pubkey_load (stratospher) Pull request description: The output `ge` in secp256k1_pubkey_load is normalized when `sizeof(secp256k1_ge_storage) = 64` but not when it's not 64. ARG_CHECK at the end of the function assumes normalization. So normalize ge in the other code path too. context: [bitcoin#1129(comment)](https://github.com/bitcoin-core/secp256k1/pull/1129/files#r1196167066) ACKs for top commit: sipa: utACK f165252 real-or-random: ACK f165252 tested by changing the two `== 64` checks to `== 65` Tree-SHA512: 0de1caad85ccdb42053f8e09576135257c88fda88455ef25e7640049c05a1e03d1e9bae1cd132d2e6fc327fd79929257a8b21fe1cc41c82374b6cd88e6744aa3
diff --git a/src/secp256k1.c b/src/secp256k1.c
@@ -247,8 +247,8 @@ static int secp256k1_pubkey_load(const secp256k1_context* ctx, secp256k1_ge* ge,
     } else {
         /* Otherwise, fall back to 32-byte big endian for X and Y. */
         secp256k1_fe x, y;
-        secp256k1_fe_set_b32_mod(&x, pubkey->data);
-        secp256k1_fe_set_b32_mod(&y, pubkey->data + 32);
+        ARG_CHECK(secp256k1_fe_set_b32_limit(&x, pubkey->data));
+        ARG_CHECK(secp256k1_fe_set_b32_limit(&y, pubkey->data + 32));
         secp256k1_ge_set_xy(ge, &x, &y);
     }
     ARG_CHECK(!secp256k1_fe_is_zero(&ge->x));
