a mistake 'or' on variable retry
garyyu opened this issue · comments
https://github.com/mimblewimble/secp256k1-zkp/blob/master/src/modules/aggsig/main_impl.h#L137-L138
int secp256k1_aggsig_generate_nonce_single(const secp256k1_context* ctx, secp256k1_scalar *secnonce, secp256k1_gej* pubnonce, secp256k1_rfc6979_hmac_sha256* rng) {
int retry;
...
/* generate nonce from the RNG */
do {
secp256k1_rfc6979_hmac_sha256_generate(rng, data, 32);
secp256k1_scalar_set_b32(secnonce, data, &retry);
retry |= secp256k1_scalar_is_zero(secnonce);
} while (retry); /* This branch true is cryptographically unreachable. Requires sha256_hmac output > Fp. */
...
2 problems here:
- Variable
retry
should give zero initialization - The while loop looks like a trap to infinite loop. If
retry
becomes not zero, then loop forever.
I guess retry |=
should be retry =
. Please confirm if it's.