aggverify: allow NULL for msg and pk if n = 0

Author: b-wagn

include/secp256k1_schnorrsig_halfagg.h

@@ -77,8 +77,8 @@ SECP256K1_API int secp256k1_schnorrsig_aggregate(
  *  Returns:          1: correct signature.
  *                    0: incorrect signature.
  *  Args:           ctx: a secp256k1 context object.
- *  In:         pubkeys: Array of n many x-only public keys.
- *               msgs32: Array of n many 32-byte messages.
+ *  In:         pubkeys: Array of n many x-only public keys. Can only be NULL if n is 0.
+ *               msgs32: Array of n many 32-byte messages. Can only be NULL if n is 0.
  *                    n: number of signatures to that have been aggregated.
  *               aggsig: Pointer to an array of aggsig_size many bytes
  *                       containing the serialized aggregate
@@ -93,7 +93,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorrsig_aggverify(
     size_t n,
     const unsigned char *aggsig,
     size_t aggsig_len
-) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(5);
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(5);
 
 #ifdef __cplusplus
 }

src/modules/schnorrsig_halfagg/main_impl.h

@@ -117,8 +117,8 @@ int secp256k1_schnorrsig_aggverify(const secp256k1_context *ctx, const secp256k1
     int overflow;
 
     VERIFY_CHECK(ctx != NULL);
-    ARG_CHECK(pubkeys != NULL);
-    ARG_CHECK(msgs32 != NULL);
+    ARG_CHECK(pubkeys != NULL || n == 0);
+    ARG_CHECK(msgs32 != NULL || n == 0);
     ARG_CHECK(aggsig != NULL);
     ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
 

src/modules/schnorrsig_halfagg/tests_impl.h

@@ -76,23 +76,14 @@ void test_schnorrsig_aggverify_spec_vectors(void) {
     /* Test vector 0 */
     {
         size_t n = 0;
-        const unsigned char pubkeys_ser[32] = {
-            0x1b, 0x84, 0xc5, 0x56, 0x7b, 0x12, 0x64, 0x40,
-            0x99, 0x5d, 0x3e, 0xd5, 0xaa, 0xba, 0x05, 0x65,
-            0xd7, 0x1e, 0x18, 0x34, 0x60, 0x48, 0x19, 0xff,
-            0x9c, 0x17, 0xf5, 0xe9, 0xd5, 0xdd, 0x07, 0x8f
-        };
-        secp256k1_xonly_pubkey pubkeys[1]; /* C doesn't allow zero-size arrays. */
-        const unsigned char msgs32[1] = { 0x00 };
         const unsigned char aggsig[32] = {
             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
         };
         size_t aggsig_len = sizeof(aggsig);
-        CHECK(secp256k1_xonly_pubkey_parse(CTX, &pubkeys[0], &pubkeys_ser[0]));
-        CHECK(secp256k1_schnorrsig_aggverify(CTX, pubkeys, msgs32, n, aggsig, aggsig_len));
+        CHECK(secp256k1_schnorrsig_aggverify(CTX, NULL, NULL, n, aggsig, aggsig_len));
     }
     /* Test vector 1 */
     {
@@ -226,10 +217,12 @@ static void test_schnorrsig_aggregate_api(void) {
     {
         size_t aggsig_len = sizeof(aggsig);
         CHECK(secp256k1_schnorrsig_inc_aggregate(CTX, aggsig, &aggsig_len, pubkeys, msgs32, &sigs64[n_initial*64], n_initial, n_new));
-        /*  */
-        /* Should not accept NULL for any pointer input. */
-        CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_aggverify(CTX, NULL, msgs32, n, aggsig, aggsig_len));
-        CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_aggverify(CTX, pubkeys, NULL, n, aggsig, aggsig_len));
+        /* Should not accept NULL for keys or messages if n is not 0 */
+        if (n != 0) {
+            CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_aggverify(CTX, NULL, msgs32, n, aggsig, aggsig_len));
+            CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_aggverify(CTX, pubkeys, NULL, n, aggsig, aggsig_len));
+        }
+        /* Should never accept NULL the aggsig */
         CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_aggverify(CTX, pubkeys, msgs32, n, NULL, aggsig_len));
         /* Should reject for invalid aggsig_len. */
         CHECK(secp256k1_schnorrsig_aggverify(CTX, pubkeys, msgs32, n, aggsig, aggsig_len + 1) == 0);