From 72e09c1a7c0b3234f502d585e851e1fa9eb0d22a Mon Sep 17 00:00:00 2001 From: Martin Habovstiak Date: Wed, 24 Jul 2024 15:28:16 +0200 Subject: [PATCH] Improve the comment on `Message::from_digest` The example claimed it'd be unsafe, which is a specific Rust term and thus confusing. It'd just be cryptographically broken. Also the example passes in a constant which looks ridiculously unrealistic. Fix these by * changing the comment to say cryptographically broken * making the example pass the input through invisible fake hash function --- src/lib.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 69f391e71..905d62cb7 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -66,12 +66,14 @@ //! ```rust //! # #[cfg(feature = "alloc")] { //! use secp256k1::{Secp256k1, Message, SecretKey, PublicKey}; +//! # fn compute_hash(_: &[u8]) -> [u8; 32] { [0xab; 32] } //! //! let secp = Secp256k1::new(); //! let secret_key = SecretKey::from_slice(&[0xcd; 32]).expect("32 bytes, within curve order"); //! let public_key = PublicKey::from_secret_key(&secp, &secret_key); -//! // This is unsafe unless the supplied byte slice is the output of a cryptographic hash function. -//! let message = Message::from_digest([0xab; 32]); +//! // If the supplied byte slice was *not* the output of a cryptographic hash function this would +//! // be cryptographically broken. It has been trivially used in the past to execute attacks. +//! let message = Message::from_digest(compute_hash(b"CSW is not Satoshi")); //! //! let sig = secp.sign_ecdsa(&message, &secret_key); //! assert!(secp.verify_ecdsa(&message, &sig, &public_key).is_ok());