f return 0 if sekey is 0 because otherwise result is not a valid seckey

jonasnick · jonasnick · commit 16f924ad5a63 · 2019-10-28T13:11:58.000Z
diff --git a/src/secp256k1.c b/src/secp256k1.c
@@ -535,7 +535,7 @@ int secp256k1_ec_privkey_negate(const secp256k1_context* ctx, unsigned char *sec
     ARG_CHECK(seckey != NULL);
 
     secp256k1_scalar_set_b32(&sec, seckey, &overflow);
-    if (overflow) {
+    if (overflow || secp256k1_scalar_is_zero(&sec)) {
         return 0;
     }
     secp256k1_scalar_negate(&sec, &sec);
diff --git a/src/tests.c b/src/tests.c
@@ -4144,6 +4144,13 @@ void run_eckey_arithmetic_test(void) {
     CHECK(secp256k1_ec_privkey_negate(ctx, seckey) == 1);
     CHECK(memcmp(seckey, seckey_tmp, 32) == 0);
 
+    /* Negating all 0s fails */
+    memset(seckey, 0, 32);
+    memset(seckey_tmp, 0, 32);
+    CHECK(secp256k1_ec_privkey_negate(ctx, seckey) == 0);
+    /* Check that seckey is not modified */
+    CHECK(memcmp(seckey, seckey_tmp, 32) == 0);
+
     /* Negating an overflowing seckey fails and the seckey is not modified. In
      * this test, the seckey has 16 random bytes to ensure that
      * ec_privkey_negate doesn't just set seckey to a constant value in case of

Original file line number	Diff line number	Diff line change
`@@ -535,7 +535,7 @@ int secp256k1_ec_privkey_negate(const secp256k1_context* ctx, unsigned char *sec`
`535`	`535`	`ARG_CHECK(seckey != NULL);`
`536`	`536`
`537`	`537`	`secp256k1_scalar_set_b32(&sec, seckey, &overflow);`
`538`		`- if (overflow) {`
	`538`	`+ if (overflow \|\| secp256k1_scalar_is_zero(&sec)) {`
`539`	`539`	`return 0;`
`540`	`540`	`}`
`541`	`541`	`secp256k1_scalar_negate(&sec, &sec);`