Skip to content

Commit

Permalink
Check signature nonces for validity
Browse files Browse the repository at this point in the history 
The documentation implies that this check is happening, so make it so.
Without this check, passing an invalid nonce will trigger an internal assertion.
  • Loading branch information
@swansontec
swansontec committed Apr 24, 2014
1 parent 920c243 commit ba8fc0e
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions src/secp256k1.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,9 +56,13 @@ int secp256k1_ecdsa_sign(const unsigned char *message, int messagelen, unsigned
secp256k1_num_set_bin(&sec, seckey, 32);
secp256k1_num_set_bin(&non, nonce, 32);
secp256k1_num_set_bin(&msg, message, messagelen);
int ret = !secp256k1_num_is_zero(&non) &&
(secp256k1_num_cmp(&non, &secp256k1_ge_consts->order) < 0);
secp256k1_ecdsa_sig_t sig;
secp256k1_ecdsa_sig_init(&sig);
int ret = secp256k1_ecdsa_sig_sign(&sig, &sec, &msg, &non, NULL);
if (ret) {
ret = secp256k1_ecdsa_sig_sign(&sig, &sec, &msg, &non, NULL);
}
if (ret) {
secp256k1_ecdsa_sig_serialize(signature, signaturelen, &sig);
}
Expand All @@ -77,9 +81,13 @@ int secp256k1_ecdsa_sign_compact(const unsigned char *message, int messagelen, u
secp256k1_num_set_bin(&sec, seckey, 32);
secp256k1_num_set_bin(&non, nonce, 32);
secp256k1_num_set_bin(&msg, message, messagelen);
int ret = !secp256k1_num_is_zero(&non) &&
(secp256k1_num_cmp(&non, &secp256k1_ge_consts->order) < 0);
secp256k1_ecdsa_sig_t sig;
secp256k1_ecdsa_sig_init(&sig);
int ret = secp256k1_ecdsa_sig_sign(&sig, &sec, &msg, &non, recid);
if (ret) {
ret = secp256k1_ecdsa_sig_sign(&sig, &sec, &msg, &non, recid);
}
if (ret) {
secp256k1_num_get_bin(sig64, 32, &sig.r);
secp256k1_num_get_bin(sig64 + 32, 32, &sig.s);
Expand Down

0 comments on commit ba8fc0e

Please sign in to comment.