ecdsa_recover returns 1 even if provided msghash32 is not what was signed #1024

From doc comment above secp256k1_ecdsa_recover: Returns: 1: public key successfully recovered (which guarantees a correct signature). 0: otherwise.

target_pubkey = ec_pubkey_create(seckey)
msghash32 = hashlib.sha256(b"secret msg").digest()
rec_sig = ecdsa_sign_recoverable(seckey, msghash32)
# instead of correct message - random bytes are provided
recovered_pubkey = ecdsa_recover(rec_sig, os.urandom(32))  # this returns 1 even if message is not the thing that was signed
# recovered pubkey is incorrect
self.assertEqual(recovered_pubkey.raw, target_pubkey.raw)  # raises do NOT equal

I would expect ecdsa_recover to fail if message is incorrect. Recovered pubkey is also incorrect. Instead ecdsa_recover returns 1 which seems to contradict with documentation. But maybe I'm missing something ?

It means it found a public key for which the provided (message, signature) pair was valid.

Whether that public key is the one you expect is something for you to decide. If you don't recognize the key, you should treat the signature as invalid.

reading your response and doc comment for 100th time cleared it up - thanks. I wonder whether this is correct venue for questions like this or should I rather post to bitcoin.stackexchange?

I wonder whether this is correct venue for questions like this or should I rather post to bitcoin.stackexchange?

If it's about concepts and how things work in general (like this questions), then stackexchange is probably a better place. If it's specific issues with the library (like #1013) then here is better.

Anyway I think the distinction is somewhat fuzzy, and also it may be hard to tell where the questions belongs for the person asking it (because they don't know the answer yet). Note that there's also #secp256k1 on libera chat IRC.

Closing here because the question has been answered.