milksad
/
rust-secp256k1-unsafe-fast
14
0
Fork 0
Code Issues Pull Requests Activity

Merge rust-bitcoin/rust-secp256k1#483: move some unsafe code inside an unsafe{} boundary 

0f29348b6c move some unsafe code inside an unsafe{} boundary (Andrew Poelstra)

Pull request description:

  An internal function had a non-unsafe signature but could be called
  with data that would cause it to exhibit UB. Move the unsafety inside
  of the function so that the function signature now enforces soundness.

  Fixes #481

Top commit has no ACKs.

Tree-SHA512: b1ffc643aa11e9c8d0b7a32965a1504da14f6ac3f9e0aa175d2c09d7d7b6bf84e228f64e1f57800d75500e2c65066a4991f0070a3a1d0a19c1bd84ca0dd44363
This commit is contained in:
Andrew Poelstra 2022-08-13 14:28:04 +00:00
parent 89670c7a31 0f29348b6c
commit b00b1943e5
No known key found for this signature in database
GPG Key ID: C588D63CE41B97C1
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/ecdsa/mod.rs
View File

@ -257,10 +257,14 @@ impl<C: Signing> Secp256k1<C> {
&self,
msg: &Message,
sk: &SecretKey,
noncedata_ptr: *const ffi::types::c_void,
noncedata: Option<&[u8; 32]>,
) -> Signature {
unsafe {
let mut ret = ffi::Signature::new();
let noncedata_ptr = match noncedata {
Some(arr) => arr.as_c_ptr() as *const _,
None => ptr::null(),
};
// We can assume the return value because it's not possible to construct
// an invalid signature from a valid `Message` and `SecretKey`
assert_eq!(ffi::secp256k1_ecdsa_sign(self.ctx, &mut ret, msg.as_c_ptr(),
@ -273,7 +277,7 @@ impl<C: Signing> Secp256k1<C> {
/// Constructs a signature for `msg` using the secret key `sk` and RFC6979 nonce
/// Requires a signing-capable context.
pub fn sign_ecdsa(&self, msg: &Message, sk: &SecretKey) -> Signature {
self.sign_ecdsa_with_noncedata_pointer(msg, sk, ptr::null())
self.sign_ecdsa_with_noncedata_pointer(msg, sk, None)
}
/// Constructs a signature for `msg` using the secret key `sk` and RFC6979 nonce
@ -287,8 +291,7 @@ impl<C: Signing> Secp256k1<C> {
sk: &SecretKey,
noncedata: &[u8; 32],
) -> Signature {
let noncedata_ptr = noncedata.as_ptr() as *const ffi::types::c_void;
self.sign_ecdsa_with_noncedata_pointer(msg, sk, noncedata_ptr)
self.sign_ecdsa_with_noncedata_pointer(msg, sk, Some(noncedata))
}
fn sign_grind_with_check(