examples: do not retry generating seckey randomness in musig

bitcoin-core · Oct 13, 2024 · 2f8fb0c · 2f8fb0c
1 parent 01b5893
commit 2f8fb0c
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 10 deletions.
diff --git a/examples/musig.c b/examples/musig.c
@@ -38,14 +38,16 @@ struct signer {
 /* Create a key pair, store it in signer_secrets->keypair and signer->pubkey */
 static int create_keypair(const secp256k1_context* ctx, struct signer_secrets *signer_secrets, struct signer *signer) {
     unsigned char seckey[32];
-    while (1) {
-        if (!fill_random(seckey, sizeof(seckey))) {
-            printf("Failed to generate randomness\n");
-            return 0;
-        }
-        if (secp256k1_keypair_create(ctx, &signer_secrets->keypair, seckey)) {
-            break;
-        }
+
+    if (!fill_random(seckey, sizeof(seckey))) {
+        printf("Failed to generate randomness\n");
+        return 0;
+    }
+    /* If the secret key is zero or out of range (greater than secp256k1's
+    * order), we fail. Note that the probability of this occurring
+    * is negligible with a properly functioning random number generator. */
+    if (!secp256k1_keypair_create(ctx, &signer_secrets->keypair, seckey)) {
+        return 0;
     }
     if (!secp256k1_keypair_pub(ctx, &signer->pubkey, &signer_secrets->keypair)) {
         return 0;

diff --git a/examples/schnorr.c b/examples/schnorr.c
@@ -54,7 +54,7 @@ int main(void) {
      * the secret key is zero or out of range. */
     if (!secp256k1_keypair_create(ctx, &keypair, seckey)) {
         printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n");
-	return 1;
+        return 1;
     }
 
     /* Extract the X-only public key from the keypair. We pass NULL for

diff --git a/include/secp256k1.h b/include/secp256k1.h
@@ -684,7 +684,7 @@ SECP256K1_API int secp256k1_ecdsa_sign(
  *  A secret key is valid if it is not 0 and less than the secp256k1 curve order
  *  when interpreted as an integer (most significant byte first). The
  *  probability of choosing a 32-byte string uniformly at random which is an
- *  invalid secret key is negligible. However, if it does happen it should 
+ *  invalid secret key is negligible. However, if it does happen it should
  *  be assumed that the randomness source is severely broken and there should
  *  be no retry.
  *