Merge #1619: musig: ctimetests: fix _declassify range for generated n…

…once points 57eda3b musig: ctimetests: fix _declassify range for generated nonce points (Sebastian Falbesoner) Pull request description: As noticed in #1614 (comment), the area marked as non-secret exceeds the nonce_pts array in the second iteration of the for loop. Fix that by passing the correct size to the _declassify call. ACKs for top commit: sipa: utACK 57eda3b real-or-random: utACK 57eda3b Tree-SHA512: ff8074e3d1078d66a52d08c661997856ff586b3b4564a865a75212b32fafd7906d58885371bd63005007fde554ebcad121ab66125abe4331cf0aac63fc018ed0
bitcoin-core · Oct 22, 2024 · 68b5520 · 68b5520
2 parents f0868a9 + 57eda3b
commit 68b5520
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/modules/musig/session_impl.h b/src/modules/musig/session_impl.h
@@ -448,7 +448,7 @@ int secp256k1_musig_nonce_gen_internal(const secp256k1_context* ctx, secp256k1_m
         secp256k1_gej nonce_ptj;
         secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &nonce_ptj, &k[i]);
         secp256k1_ge_set_gej(&nonce_pts[i], &nonce_ptj);
-        secp256k1_declassify(ctx, &nonce_pts[i], sizeof(nonce_pts));
+        secp256k1_declassify(ctx, &nonce_pts[i], sizeof(nonce_pts[i]));
         secp256k1_scalar_clear(&k[i]);
     }
     /* None of the nonce_pts will be infinity because k != 0 with overwhelming