From a0b51afc01dfc8dbdc43e4c36825fadf760daa3c Mon Sep 17 00:00:00 2001
From: Tim Ruffing <crypto@timruffing.de>
Date: Fri, 21 Apr 2023 16:18:19 +0200
Subject: [PATCH] musig: VERIFY_CHECK preconditions of
 _musig_keyaggcoef_internal()

---
 src/modules/musig/keyagg_impl.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/modules/musig/keyagg_impl.h b/src/modules/musig/keyagg_impl.h
index 85bbacfa0..114c831ab 100644
--- a/src/modules/musig/keyagg_impl.h
+++ b/src/modules/musig/keyagg_impl.h
@@ -166,6 +166,12 @@ static void secp256k1_musig_keyaggcoef_sha256(secp256k1_sha256 *sha) {
 static void secp256k1_musig_keyaggcoef_internal(secp256k1_scalar *r, const unsigned char *pk_hash, secp256k1_ge *pk, const secp256k1_ge *second_pk) {
     secp256k1_sha256 sha;
 
+    VERIFY_CHECK(!secp256k1_ge_is_infinity(pk));
+#ifdef VERIFY
+    VERIFY_CHECK(pk->x.normalized && pk->y.normalized);
+    VERIFY_CHECK(secp256k1_ge_is_infinity(second_pk) || (second_pk->x.normalized && second_pk->y.normalized));
+#endif
+
     if (!secp256k1_ge_is_infinity(second_pk)
           && secp256k1_fe_equal(&pk->x, &second_pk->x)
           && secp256k1_fe_is_odd(&pk->y) == secp256k1_fe_is_odd(&second_pk->y)) {