34a67c773b
There were several places where the code was non-constant time for invalid secret inputs. These are harmless under sane use but get in the way of automatic const-time validation. (Nonce overflow in signing is not addressed, nor is s==0 in signing)
18 lines
653 B
C
18 lines
653 B
C
/**********************************************************************
|
|
* Copyright (c) 2015 Andrew Poelstra *
|
|
* Distributed under the MIT software license, see the accompanying *
|
|
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
|
**********************************************************************/
|
|
|
|
#ifndef SECP256K1_SCALAR_REPR_H
|
|
#define SECP256K1_SCALAR_REPR_H
|
|
|
|
#include <stdint.h>
|
|
|
|
/** A scalar modulo the group order of the secp256k1 curve. */
|
|
typedef uint32_t secp256k1_scalar;
|
|
|
|
#define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0) (d0)
|
|
|
|
#endif /* SECP256K1_SCALAR_REPR_H */
|