Merge #1619: musig: ctimetests: fix _declassify range for generated nonce points

real-or-random · real-or-random · commit 68b55209f1ba · 2024-10-22T12:00:49.000+02:00
57eda3b musig: ctimetests: fix _declassify range for generated nonce points (Sebastian Falbesoner) Pull request description: As noticed in #1614 (comment), the area marked as non-secret exceeds the nonce_pts array in the second iteration of the for loop. Fix that by passing the correct size to the _declassify call. ACKs for top commit: sipa: utACK 57eda3b real-or-random: utACK 57eda3b Tree-SHA512: ff8074e3d1078d66a52d08c661997856ff586b3b4564a865a75212b32fafd7906d58885371bd63005007fde554ebcad121ab66125abe4331cf0aac63fc018ed0
diff --git a/src/modules/musig/session_impl.h b/src/modules/musig/session_impl.h
@@ -448,7 +448,7 @@ int secp256k1_musig_nonce_gen_internal(const secp256k1_context* ctx, secp256k1_m
         secp256k1_gej nonce_ptj;
         secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &nonce_ptj, &k[i]);
         secp256k1_ge_set_gej(&nonce_pts[i], &nonce_ptj);
-        secp256k1_declassify(ctx, &nonce_pts[i], sizeof(nonce_pts));
+        secp256k1_declassify(ctx, &nonce_pts[i], sizeof(nonce_pts[i]));
         secp256k1_scalar_clear(&k[i]);
     }
     /* None of the nonce_pts will be infinity because k != 0 with overwhelming

Original file line number	Diff line number	Diff line change
`@@ -448,7 +448,7 @@ int secp256k1_musig_nonce_gen_internal(const secp256k1_context* ctx, secp256k1_m`
`448`	`448`	`secp256k1_gej nonce_ptj;`
`449`	`449`	`secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &nonce_ptj, &k[i]);`
`450`	`450`	`secp256k1_ge_set_gej(&nonce_pts[i], &nonce_ptj);`
`451`		`- secp256k1_declassify(ctx, &nonce_pts[i], sizeof(nonce_pts));`
	`451`	`+ secp256k1_declassify(ctx, &nonce_pts[i], sizeof(nonce_pts[i]));`
`452`	`452`	`secp256k1_scalar_clear(&k[i]);`
`453`	`453`	`}`
`454`	`454`	`/* None of the nonce_pts will be infinity because k != 0 with overwhelming`