crypto/secp256k1: add checking z sign in affineFromJacobian (#18419)

The z == 0 check is hit whenever we Add two points with the same x1/x2 coordinate. crypto/elliptic uses the same check in their affineFromJacobian function. This change does not affect block processing or tx signature verification in any way, because it does not use the Add or Double methods.

crypto/secp256k1: add checking z sign in affineFromJacobian (#18419)
db872232 · Abd ar-Rahman Hamidi · GitHub · 844485ec · db872232
Unverified Commit db872232 authored Nov 17, 2020 by Abd ar-Rahman Hamidi Committed by GitHub Nov 17, 2020
--- a/crypto/secp256k1/curve.go
+++ b/crypto/secp256k1/curve.go
@@ -116,6 +116,10 @@ func (BitCurve *BitCurve) IsOnCurve(x, y *big.Int) bool {
 // affineFromJacobian reverses the Jacobian transform. See the comment at the
 // top of the file.
 func (BitCurve *BitCurve) affineFromJacobian(x, y, z *big.Int) (xOut, yOut *big.Int) {
+	if z.Sign() == 0 {
+		return new(big.Int), new(big.Int)
+	}
+
 	zinv := new(big.Int).ModInverse(z, BitCurve.P)
 	zinvsq := new(big.Int).Mul(zinv, zinv)