@@ -452,7 +452,14 @@ SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(
452
452
* 0: incorrect or unparseable signature
453
453
* Args: ctx: a secp256k1 context object, initialized for verification.
454
454
* In: sig: the signature being verified (cannot be NULL)
455
- * msg32: the 32-byte message hash being verified (cannot be NULL)
455
+ * msghash32: the 32-byte message hash being verified (cannot be NULL).
456
+ * The verifier must make sure to apply a cryptographic
457
+ * hash function to the message by itself and not accept an
458
+ * msghash32 value directly. Otherwise, it would be easy to
459
+ * create a "valid" signature without knowledge of the
460
+ * secret key. See also
461
+ * https://bitcoin.stackexchange.com/a/81116/35586 for more
462
+ * background on this topic.
456
463
* pubkey: pointer to an initialized public key to verify with (cannot be NULL)
457
464
*
458
465
* To avoid accepting malleable signatures, only ECDSA signatures in lower-S
@@ -467,7 +474,7 @@ SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(
467
474
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify (
468
475
const secp256k1_context * ctx ,
469
476
const secp256k1_ecdsa_signature * sig ,
470
- const unsigned char * msg32 ,
477
+ const unsigned char * msghash32 ,
471
478
const secp256k1_pubkey * pubkey
472
479
) SECP256K1_ARG_NONNULL (1 ) SECP256K1_ARG_NONNULL (2 ) SECP256K1_ARG_NONNULL (3 ) SECP256K1_ARG_NONNULL (4 );
473
480
@@ -532,20 +539,20 @@ SECP256K1_API extern const secp256k1_nonce_function secp256k1_nonce_function_def
532
539
*
533
540
* Returns: 1: signature created
534
541
* 0: the nonce generation function failed, or the secret key was invalid.
535
- * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL)
536
- * Out: sig: pointer to an array where the signature will be placed (cannot be NULL)
537
- * In: msg32: the 32-byte message hash being signed (cannot be NULL)
538
- * seckey: pointer to a 32-byte secret key (cannot be NULL)
539
- * noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used
540
- * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL)
542
+ * Args: ctx: pointer to a context object, initialized for signing (cannot be NULL)
543
+ * Out: sig: pointer to an array where the signature will be placed (cannot be NULL)
544
+ * In: msghash32: the 32-byte message hash being signed (cannot be NULL)
545
+ * seckey: pointer to a 32-byte secret key (cannot be NULL)
546
+ * noncefp: pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used
547
+ * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL)
541
548
*
542
549
* The created signature is always in lower-S form. See
543
550
* secp256k1_ecdsa_signature_normalize for more details.
544
551
*/
545
552
SECP256K1_API int secp256k1_ecdsa_sign (
546
553
const secp256k1_context * ctx ,
547
554
secp256k1_ecdsa_signature * sig ,
548
- const unsigned char * msg32 ,
555
+ const unsigned char * msghash32 ,
549
556
const unsigned char * seckey ,
550
557
secp256k1_nonce_function noncefp ,
551
558
const void * ndata
0 commit comments