hash: Use size_t instead of int for RFC6979 outlen copy #1729

pull john-moffett wants to merge 1 commits into bitcoin-core:master from john-moffett:fix-rfc6979-size_t changing 1 files +1 −1
  1. john-moffett commented at 2:40 PM on September 1, 2025: contributor

    If outlen > INT_MAX it results in segfault or hang (when outlen is a multiple of 2^32) on most implementations due to conversion in: int now = outlen producing negative values or zero. Unreachable in current code and highly improbable in future practice, but fits contract better and fixes a couple of compiler warnings.

  2. Use size_t instead of int for RFC6979 outlen copy
    If outlen is > INT_MAX, could trigger segfault or hang after copy
int now = outlen.
    960ba5f9c6
  3. fanquake commented at 2:42 PM on September 1, 2025: member

    fixes a couple of compiler warnings

    Which compiler / warnings?

  4. john-moffett commented at 2:53 PM on September 1, 2025: contributor

    Not with default flags. I used clang -Wimplicit-int-conversion -Wshorten-64-to-32. It'd probably show up with gcc -Wconversion. There are a lot of benign warnings, but this one stood out to me.

  5. in src/hash_impl.h:1 in 960ba5f9c6
    real-or-random commented at 3:28 PM on September 1, 2025:

    If you want to improve this further, I'd suggest

    john-moffett commented at 1:53 PM on September 2, 2025:

    Thanks! I'll hold off for the moment. Hopefully it'll inspire someone to replace this nonce generation process with something more lightweight and straightforward like BIP340's approach. :)

  6. real-or-random approved
  7. real-or-random commented at 3:30 PM on September 1, 2025: contributor

    utACK 960ba5f9c60c3fd454ad4160ce9131eb77d61d7e

    Thanks a lot! Consistency of integer types is indeed a bit of a weak spot, at least in the old parts of the library code.

  8. real-or-random added the label assurance on Sep 1, 2025
  9. real-or-random added the label tweak/refactor on Sep 1, 2025
  10. theStack approved
  11. theStack commented at 6:05 PM on September 2, 2025: contributor

    Code-review ACK 960ba5f9c60c3fd454ad4160ce9131eb77d61d7e

  12. real-or-random merged this on Sep 2, 2025
  13. real-or-random closed this on Sep 2, 2025
  14. vmta referenced this in commit 2b25f561a0 on Sep 21, 2025
  15. fanquake referenced this in commit 42c7d35d3a on Oct 14, 2025
  16. fanquake referenced this in commit 3cbf7cb3e6 on Oct 15, 2025
  17. Sjors referenced this in commit d5660d3a13 on Feb 16, 2026
  18. real-or-random referenced this in commit 42ae776d3b on Feb 25, 2026
  19. github-actions[bot] referenced this in commit c3f80fff5f on Mar 1, 2026
  20. github-actions[bot] referenced this in commit 758d4e90b4 on Mar 1, 2026
  21. github-actions[bot] referenced this in commit 4aeff8400e on Mar 1, 2026
  22. github-actions[bot] referenced this in commit 68a2178f22 on Mar 1, 2026
  23. github-actions[bot] referenced this in commit a8bc1a0b2b on Mar 1, 2026
  24. github-actions[bot] referenced this in commit 5f15eb0c55 on Mar 1, 2026
  25. 0x000000000019d6689c085ae165831e934ff76 referenced this in commit d54574beca on Mar 2, 2026
  26. 0x000000000019d6689c085ae165831e934ff76 referenced this in commit 3b9450150d on Mar 2, 2026
  27. csjones referenced this in commit fb3e16af04 on Mar 2, 2026
  28. csjones referenced this in commit a4d92824ae on Mar 2, 2026
Contributors
john-moffettfanquakereal-or-randomtheStack
Labels
assurancetweak/refactor
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-19 06:52 UTC