group: Avoid using infinity field directly in other modules

real-or-random · real-or-random · commit 46c7c8f6a202 · 2025-10-28T20:53:06.000+01:00
diff --git a/src/ecmult_const_impl.h b/src/ecmult_const_impl.h
@@ -87,17 +87,15 @@ static void secp256k1_ecmult_const_odd_multiples_table_globalz(secp256k1_ge *pre
     secp256k1_fe neg_y; \
     VERIFY_CHECK((n) < (1U << ECMULT_CONST_GROUP_SIZE)); \
     VERIFY_CHECK(index < (1U << (ECMULT_CONST_GROUP_SIZE - 1))); \
-    /* Unconditionally set r->x = (pre)[m].x. r->y = (pre)[m].y. because it's either the correct one
+    /* Unconditionally set r->x = (pre)[m].x and r->y = (pre)[m].y because it's either the correct one
      * or will get replaced in the later iterations, this is needed to make sure `r` is initialized. */ \
-    (r)->x = (pre)[m].x; \
-    (r)->y = (pre)[m].y; \
+    secp256k1_ge_set_xy((r), &(pre)[m].x, &(pre)[m].y); \
     for (m = 1; m < ECMULT_CONST_TABLE_SIZE; m++) { \
         /* This loop is used to avoid secret data in array indices. See
          * the comment in ecmult_gen_impl.h for rationale. */ \
         secp256k1_fe_cmov(&(r)->x, &(pre)[m].x, m == index); \
         secp256k1_fe_cmov(&(r)->y, &(pre)[m].y, m == index); \
     } \
-    (r)->infinity = 0; \
     secp256k1_fe_negate(&neg_y, &(r)->y, 1); \
     secp256k1_fe_cmov(&(r)->y, &neg_y, negative); \
 } while(0)
diff --git a/src/ecmult_impl.h b/src/ecmult_impl.h
@@ -75,7 +75,7 @@ static void secp256k1_ecmult_odd_multiples_table(int n, secp256k1_ge *pre_a, sec
     secp256k1_ge d_ge;
     int i;
 
-    VERIFY_CHECK(!a->infinity);
+    VERIFY_CHECK(!secp256k1_gej_is_infinity(a));
 
     secp256k1_gej_double_var(&d, a, NULL);
 
@@ -341,7 +341,7 @@ static void secp256k1_ecmult_strauss_wnaf(const struct secp256k1_strauss_state *
         }
     }
 
-    if (!r->infinity) {
+    if (!secp256k1_gej_is_infinity(r)) {
         secp256k1_fe_mul(&r->z, &r->z, &Z);
     }
 }
diff --git a/src/tests.c b/src/tests.c
@@ -4152,8 +4152,8 @@ static void test_group_decompress(const secp256k1_fe* x) {
         secp256k1_fe_normalize_var(&ge_even.y);
 
         /* No infinity allowed. */
-        CHECK(!ge_even.infinity);
-        CHECK(!ge_odd.infinity);
+        CHECK(!secp256k1_ge_is_infinity(&ge_even));
+        CHECK(!secp256k1_ge_is_infinity(&ge_odd));
 
         /* Check that the x coordinates check out. */
         CHECK(secp256k1_fe_equal(&ge_even.x, x));
diff --git a/src/testutil.h b/src/testutil.h
@@ -96,17 +96,13 @@ static void testutil_random_ge_test(secp256k1_ge *ge) {
             break;
         }
     } while(1);
-    ge->infinity = 0;
 }
 
 static void testutil_random_ge_jacobian_test(secp256k1_gej *gej, const secp256k1_ge *ge) {
-    secp256k1_fe z2, z3;
-    testutil_random_fe_non_zero_test(&gej->z);
-    secp256k1_fe_sqr(&z2, &gej->z);
-    secp256k1_fe_mul(&z3, &z2, &gej->z);
-    secp256k1_fe_mul(&gej->x, &ge->x, &z2);
-    secp256k1_fe_mul(&gej->y, &ge->y, &z3);
-    gej->infinity = ge->infinity;
+    secp256k1_fe z;
+    testutil_random_fe_non_zero_test(&z);
+    secp256k1_gej_set_ge(gej, ge);
+    secp256k1_gej_rescale(gej, &z);
 }
 
 static void testutil_random_gej_test(secp256k1_gej *gej) {

Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ static void secp256k1_ecmult_odd_multiples_table(int n, secp256k1_ge *pre_a, sec`
`75`	`75`	`secp256k1_ge d_ge;`
`76`	`76`	`int i;`
`77`	`77`
`78`		`- VERIFY_CHECK(!a->infinity);`
	`78`	`+ VERIFY_CHECK(!secp256k1_gej_is_infinity(a));`
`79`	`79`
`80`	`80`	`secp256k1_gej_double_var(&d, a, NULL);`
`81`	`81`
`@@ -341,7 +341,7 @@ static void secp256k1_ecmult_strauss_wnaf(const struct secp256k1_strauss_state *`
`341`	`341`	`}`
`342`	`342`	`}`
`343`	`343`
`344`		`- if (!r->infinity) {`
	`344`	`+ if (!secp256k1_gej_is_infinity(r)) {`
`345`	`345`	`secp256k1_fe_mul(&r->z, &r->z, &Z);`
`346`	`346`	`}`
`347`	`347`	`}`