Segmentation fault when using secp256k1_ecdsa_verify with NULL context #455

issue possientis opened this issue on May 3, 2017
  1. possientis commented at 4:58 PM on May 3, 2017: none

    I am running on debian stretch:

    $ uname -a
Linux <hostname> 4.8.0-1-amd64 [#1](/bitcoin-core-secp256k1/1/) SMP Debian 4.8.5-1 (2016-10-28) x86_64 GNU/Linux
$ gcc --version
gcc (Debian 6.3.0-14) 6.3.0 20170415

    I attach a C code snippet which explains and replicates the behavior:

    #include "secp256k1.h"
#include <assert.h>

int main(){

  // valid key
  const unsigned char *pubkey_bytes = "\x03"
    "\xf0\x28\x89\x2b\xad\x7e\xd5\x7d\x2f\xb5\x7b\xf3\x30\x81\xd5\xcf"
    "\xcf\x6f\x9e\xd3\xd3\xd7\xf1\x59\xc2\xe2\xff\xf5\x79\xdc\x34\x1a";

  // valid signature
  const unsigned char *sig_bytes = 
    "\x98\x62\x10\xb9\xdc\x0a\x2f\x21\xbc\xae\xc0\x96\xf4\xf5\x5f\xf4"
    "\x48\x6f\xcc\x4e\x3a\xaf\xe7\xe0\xcb\xf6\x46\x92\x59\x6e\x99\x4a"
    "\x0e\x5c\x6e\xc6\x54\x08\xd6\x5a\xae\x9e\x1c\xe8\xe9\x53\xc3\x1e"
    "\xd0\x3f\x41\x79\x09\x1d\x20\xd1\x59\xda\xe4\x19\xe9\x0c\xa3\x63";

  const unsigned char *hash_bytes = 
    "\x7f\x83\xb1\x65\x7f\xf1\xfc\x53\xb9\x2d\xc1\x81\x48\xa1\xd6\x5d"
    "\xfc\x2d\x4b\x1f\xa3\xd6\x77\x28\x4a\xdd\xd2\x00\x12\x6d\x90\x69";

  int value;
  secp256k1_context *ctx;
  secp256k1_pubkey pub;
  secp256k1_ecdsa_signature sig;


  ctx = secp256k1_context_create
      ( SECP256K1_CONTEXT_VERIFY 
      | SECP256K1_CONTEXT_SIGN
      );

  // parsing public key
  value = secp256k1_ec_pubkey_parse(ctx, &pub, pubkey_bytes, 33);
  assert(value == 1);

  // parsing signature
  value = secp256k1_ecdsa_signature_parse_compact(ctx, &sig, sig_bytes);
  assert(value == 1);

  // verifying signature 
  value = secp256k1_ecdsa_verify(ctx, &sig, hash_bytes, &pub);
  assert(value == 1);

  // passing NULL context (SEGMENTATION FAULT)
  value = secp256k1_ecdsa_verify(NULL, &sig, hash_bytes, &pub);


  secp256k1_context_destroy(ctx);  // code does not reach this point

  return 0;

}
  2. laanwj commented at 3:23 PM on May 7, 2017: member

    All of the secp256k1 functions do argument check on their other arguments, but only a VERIFY_CHECK on ctx, which does nothing except when compiled with VERIFY.

        VERIFY_CHECK(ctx != NULL);
    ARG_CHECK(sig != NULL);
    ARG_CHECK(input != NULL);

    Not what is the reason, but it is not a bug specific to a function.

  3. apoelstra commented at 12:54 PM on May 8, 2017: contributor

    The reason we can't use ARG_CHECK is because the argument check uses the context object itself (to call into the callback functions).

  4. possientis commented at 10:15 AM on May 9, 2017: none

    I wasn't sure whether this should be deemed a bug. Should I close the issue then?

  5. apoelstra commented at 10:18 AM on May 9, 2017: contributor

    I think it should be closed.. the only thing we can do in general is to assert on this, and VERIFY_CHECK is our assert macro.

  6. possientis closed this on May 10, 2017
Contributors
possientislaanwjapoelstra
Linked (view graph)
#1 Slice bytes of G multiples to avoid cache timings.
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-14 21:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me