1 files changed, 27 insertions, 21 deletions

diff --git a/src/secp256k1/src/group_impl.h b/src/secp256k1/src/group_impl.h
index 47aea32be1..bce9fbdad5 100644
--- a/src/secp256k1/src/group_impl.h
+++ b/src/secp256k1/src/group_impl.h
@@ -10,6 +10,27 @@
 #include "field.h"
 #include "group.h"
 
+#define SECP256K1_G_ORDER_13 SECP256K1_GE_CONST(\
+    0xc3459c3d, 0x35326167, 0xcd86cce8, 0x07a2417f,\
+    0x5b8bd567, 0xde8538ee, 0x0d507b0c, 0xd128f5bb,\
+    0x8e467fec, 0xcd30000a, 0x6cc1184e, 0x25d382c2,\
+    0xa2f4494e, 0x2fbe9abc, 0x8b64abac, 0xd005fb24\
+)
+#define SECP256K1_G_ORDER_199 SECP256K1_GE_CONST(\
+    0x226e653f, 0xc8df7744, 0x9bacbf12, 0x7d1dcbf9,\
+    0x87f05b2a, 0xe7edbd28, 0x1f564575, 0xc48dcf18,\
+    0xa13872c2, 0xe933bb17, 0x5d9ffd5b, 0xb5b6e10c,\
+    0x57fe3c00, 0xbaaaa15a, 0xe003ec3e, 0x9c269bae\
+)
+/** Generator for secp256k1, value 'g' defined in
+ *  "Standards for Efficient Cryptography" (SEC2) 2.7.1.
+ */
+#define SECP256K1_G SECP256K1_GE_CONST(\
+    0x79BE667EUL, 0xF9DCBBACUL, 0x55A06295UL, 0xCE870B07UL,\
+    0x029BFCDBUL, 0x2DCE28D9UL, 0x59F2815BUL, 0x16F81798UL,\
+    0x483ADA77UL, 0x26A3C465UL, 0x5DA4FBFCUL, 0x0E1108A8UL,\
+    0xFD17B448UL, 0xA6855419UL, 0x9C47D08FUL, 0xFB10D4B8UL\
+)
 /* These exhaustive group test orders and generators are chosen such that:
  * - The field size is equal to that of secp256k1, so field code is the same.
  * - The curve equation is of the form y^2=x^3+B for some constant B.
@@ -21,23 +42,15 @@
  */
 #if defined(EXHAUSTIVE_TEST_ORDER)
 #  if EXHAUSTIVE_TEST_ORDER == 13
-static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST(
-    0xc3459c3d, 0x35326167, 0xcd86cce8, 0x07a2417f,
-    0x5b8bd567, 0xde8538ee, 0x0d507b0c, 0xd128f5bb,
-    0x8e467fec, 0xcd30000a, 0x6cc1184e, 0x25d382c2,
-    0xa2f4494e, 0x2fbe9abc, 0x8b64abac, 0xd005fb24
-);
+static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_G_ORDER_13;
+
 static const secp256k1_fe secp256k1_fe_const_b = SECP256K1_FE_CONST(
     0x3d3486b2, 0x159a9ca5, 0xc75638be, 0xb23a69bc,
     0x946a45ab, 0x24801247, 0xb4ed2b8e, 0x26b6a417
 );
 #  elif EXHAUSTIVE_TEST_ORDER == 199
-static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST(
-    0x226e653f, 0xc8df7744, 0x9bacbf12, 0x7d1dcbf9,
-    0x87f05b2a, 0xe7edbd28, 0x1f564575, 0xc48dcf18,
-    0xa13872c2, 0xe933bb17, 0x5d9ffd5b, 0xb5b6e10c,
-    0x57fe3c00, 0xbaaaa15a, 0xe003ec3e, 0x9c269bae
-);
+static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_G_ORDER_199;
+
 static const secp256k1_fe secp256k1_fe_const_b = SECP256K1_FE_CONST(
     0x2cca28fa, 0xfc614b80, 0x2a3db42b, 0x00ba00b1,
     0xbea8d943, 0xdace9ab2, 0x9536daea, 0x0074defb
@@ -46,15 +59,7 @@ static const secp256k1_fe secp256k1_fe_const_b = SECP256K1_FE_CONST(
 #    error No known generator for the specified exhaustive test group order.
 #  endif
 #else
-/** Generator for secp256k1, value 'g' defined in
- *  "Standards for Efficient Cryptography" (SEC2) 2.7.1.
- */
-static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST(
-    0x79BE667EUL, 0xF9DCBBACUL, 0x55A06295UL, 0xCE870B07UL,
-    0x029BFCDBUL, 0x2DCE28D9UL, 0x59F2815BUL, 0x16F81798UL,
-    0x483ADA77UL, 0x26A3C465UL, 0x5DA4FBFCUL, 0x0E1108A8UL,
-    0xFD17B448UL, 0xA6855419UL, 0x9C47D08FUL, 0xFB10D4B8UL
-);
+static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_G;
 
 static const secp256k1_fe secp256k1_fe_const_b = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 7);
 #endif
@@ -62,6 +67,7 @@ static const secp256k1_fe secp256k1_fe_const_b = SECP256K1_FE_CONST(0, 0, 0, 0,
 static void secp256k1_ge_set_gej_zinv(secp256k1_ge *r, const secp256k1_gej *a, const secp256k1_fe *zi) {
     secp256k1_fe zi2;
     secp256k1_fe zi3;
+    VERIFY_CHECK(!a->infinity);
     secp256k1_fe_sqr(&zi2, zi);
     secp256k1_fe_mul(&zi3, &zi2, zi);
     secp256k1_fe_mul(&r->x, &a->x, &zi2);