Merge #587: Make randomization of a non-signing context a noop
6198375 Make randomization of a non-signing context a noop (Tim Ruffing) Pull request description: Before this commit secp256k1_context_randomize called illegal_callback when called on a context not initialized for signing. This is not documented. Moreover, it is not desirable because non-signing contexts may use randomization in the future. This commit makes secp256k1_context_randomize a noop in this case. This is safe because the context cannot be used for signing anyway. This fixes #573 and it fixes rust-bitcoin/rust-secp256k1#82. Tree-SHA512: 34ddfeb004d9da8f4a77c739fa2110544c28939378e779226da52f410a0e36b3aacb3ebd2e3f3918832a9027684c161789cfdc27a133f2f0e0f1c47e8363029c
This commit is contained in:
		
						commit
						e96901a4b9
					
				| @ -615,7 +615,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul( | |||||||
| ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); | ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); | ||||||
| 
 | 
 | ||||||
| /** Updates the context randomization to protect against side-channel leakage.
 | /** Updates the context randomization to protect against side-channel leakage.
 | ||||||
|  *  Returns: 1: randomization successfully updated |  *  Returns: 1: randomization successfully updated or nothing to randomize | ||||||
|  *           0: error |  *           0: error | ||||||
|  *  Args:    ctx:       pointer to a context object (cannot be NULL) |  *  Args:    ctx:       pointer to a context object (cannot be NULL) | ||||||
|  *  In:      seed32:    pointer to a 32-byte random seed (NULL resets to initial state) |  *  In:      seed32:    pointer to a 32-byte random seed (NULL resets to initial state) | ||||||
| @ -630,6 +630,11 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul( | |||||||
|  * that it does not affect function results, but shields against attacks which |  * that it does not affect function results, but shields against attacks which | ||||||
|  * rely on any input-dependent behaviour. |  * rely on any input-dependent behaviour. | ||||||
|  * |  * | ||||||
|  |  * This function has currently an effect only on contexts initialized for signing | ||||||
|  |  * because randomization is currently used only for signing. However, this is not | ||||||
|  |  * guaranteed and may change in the future. It is safe to call this function on | ||||||
|  |  * contexts not initialized for signing; then it will have no effect and return 1. | ||||||
|  |  * | ||||||
|  * You should call this after secp256k1_context_create or |  * You should call this after secp256k1_context_create or | ||||||
|  * secp256k1_context_clone, and may call this repeatedly afterwards. |  * secp256k1_context_clone, and may call this repeatedly afterwards. | ||||||
|  */ |  */ | ||||||
|  | |||||||
| @ -570,9 +570,9 @@ int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context* ctx, secp256k1_pubkey | |||||||
| 
 | 
 | ||||||
| int secp256k1_context_randomize(secp256k1_context* ctx, const unsigned char *seed32) { | int secp256k1_context_randomize(secp256k1_context* ctx, const unsigned char *seed32) { | ||||||
|     VERIFY_CHECK(ctx != NULL); |     VERIFY_CHECK(ctx != NULL); | ||||||
|     CHECK(ctx != secp256k1_context_no_precomp); |     if (secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)) { | ||||||
|     ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); |  | ||||||
|         secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); |         secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); | ||||||
|  |     } | ||||||
|     return 1; |     return 1; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -218,8 +218,12 @@ void run_context_tests(void) { | |||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_ec_pubkey_tweak_mul(vrfy, &pubkey, ctmp) == 1); |     CHECK(secp256k1_ec_pubkey_tweak_mul(vrfy, &pubkey, ctmp) == 1); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_context_randomize(vrfy, ctmp) == 0); |     CHECK(secp256k1_context_randomize(vrfy, ctmp) == 1); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 3); | ||||||
|  |     CHECK(secp256k1_context_randomize(vrfy, NULL) == 1); | ||||||
|  |     CHECK(ecount == 3); | ||||||
|  |     CHECK(secp256k1_context_randomize(sign, ctmp) == 1); | ||||||
|  |     CHECK(ecount2 == 14); | ||||||
|     CHECK(secp256k1_context_randomize(sign, NULL) == 1); |     CHECK(secp256k1_context_randomize(sign, NULL) == 1); | ||||||
|     CHECK(ecount2 == 14); |     CHECK(ecount2 == 14); | ||||||
|     secp256k1_context_set_illegal_callback(vrfy, NULL, NULL); |     secp256k1_context_set_illegal_callback(vrfy, NULL, NULL); | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user