secp256k1_ecdsa_sign: Added a warning about an infinite loop. #209

pull DavidEGrayson wants to merge 1 commits into bitcoin-core:master from DavidEGrayson:sign_nontermination_warning changing 1 files +8 −1
  1. DavidEGrayson commented at 0:04 am on February 8, 2015: none

    Hello. I was playing around with my Ruby binding for libsecp256k1 today, and I was surprised when I accidentally caused an infinite loop by calling secp256k1_ecdsa_sign. I thought there should at least be a warning in the header file for this, so this pull request is my attempt to write such a warning.

    Secret keys that are all zero are considered to be invalid by secp256k1_ec_seckey_verify. The documentation for the seckey argument to secp256k1_ecdsa_sign does say that the secret key is “assumed to be valid”, so the caller would have to be in violation of that rule for the infinite loop to happen. Still, I think there should at least be a warning.

    Maybe we should go further though: In an application that allows untrusted user input to be used for the secret key and message hash, this infinite loop could be used in a denial of service attack. One of the goals of the library is to be difficult to use insecurely. Should we take steps to prevent this infinite loop from happening, like implementing a special check to see if both msg32 and seckey are 0, or a having a parameter for the maximum number of nonce-generation attempts before terminating?

  2. secp256k1_ecdsa_sign: Added a warning about an infinite loop. 8eba2728d0
  3. gmaxwell commented at 0:07 am on February 8, 2015: contributor
    Failing a function which can normally never fail can directly lead to remote code execution in some environments, or other more serious issues than a denial of service. The way the library mostly handles violation of the API is assertion. It shouldn’t run forever in this case.
  4. sipa cross-referenced this on Feb 13, 2015 from issue Improve signing API documentation & specification by sipa
  5. sipa commented at 11:40 pm on February 14, 2015: contributor
    This should be resolved by #214.
  6. DavidEGrayson commented at 0:25 am on February 15, 2015: none
    Yeah, looks good.
  7. DavidEGrayson closed this on Feb 15, 2015


DavidEGrayson gmaxwell sipa

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-21 23:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me