Get rid of untested sizeof(secp256k1_ge_storage) == 64 code path #1480

pull real-or-random wants to merge 3 commits into bitcoin-core:master from real-or-random:202401-static-assert changing 3 files +81 −74
  1. real-or-random commented at 3:25 pm on January 8, 2024: contributor

    This gets rid of an untested code path. Resolves #1352.

    This is a bit opinionated in the sense that it adds a static assertion where it’s needed in secp256k1_pubkey_save and secp256k1_pubkey_load. I think this is justified in this case. It helps the reviewer verify that these functions are correct.

    See individual commit messages.

  2. util: Add STATIC_ASSERT macro d0ba2abbff
  3. Require that sizeof(secp256k1_ge_storage) == 64 
    This gets rid of an untested code path. Resolves #1352.

secp256k1_ge_storage is a struct with two secp256k1_fe_storage fields.
The C standard allows the compiler to add padding between the fields and
at the end of the struct, but no sane compiler in the end would do this:
The only reason to add padding is to ensure alignment, but such padding
is never necessary between two fields of the same type.

Similarly, secp256k1_fe_storage is a struct with a single array of
uintXX_t. No padding is allowed between array elements. Again, C allows
the compiler to insert padding at the end of the struct, but there's no
absolute reason to do so in this case.

For the uintXX_t itself, this guaranteed to have no padding bits, i.e.,
it's guaranteed to have exactly XX bits.

So I claim that for any existing compiler in the real world,
sizeof(secp256k1_ge_storage) == 64.
    e53c2d9ffc
  4. assumptions: Use new STATIC_ASSERT macro 
    This also splits the big "&&" expression into separate expressions. If
we ever see an assertion fail, the error message will tell it precisely
which one failed.
    ba5d72d626
  5. real-or-random cross-referenced this on Jan 8, 2024 from issue Add module "musig" that implements MuSig2 multi-signatures (BIP 327) by jonasnick
  6. real-or-random added the label assurance on Jan 9, 2024
  7. sipa commented at 3:50 pm on January 9, 2024: contributor
    utACK ba5d72d62659f9305d2be30b2ac89ce9480a0e78
  8. jonasnick approved
  9. jonasnick commented at 4:46 pm on January 9, 2024: contributor
    ACK ba5d72d62659f9305d2be30b2ac89ce9480a0e78
  10. real-or-random merged this on Jan 9, 2024
  11. real-or-random closed this on Jan 9, 2024


real-or-random sipa jonasnick

Labels
assurance

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-23 14:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me