Merge bitcoin-core/secp256k1#783: Make the public API docs more consistent and explicit
adec5a1638Add missing null check for ctx and input keys in the public API (Elichai Turkel)f4edfc7581Improve consistency for NULL arguments in the public interface (Elichai Turkel) Pull request description: I went over the public API and added missing explanations on when a pointer can be null and when it cannot, and added some missing checks for null ctx and null pubkey pointers. Open questions IMHO: 1. Can `secp256k1_context_create` return NULL? right now it could return null if you replaced the callbacks at compile time to ones that do return(unlike the default ones which never return). 2. Related to the first, should we document that the callbacks should never return? (in the tests we use returning callbacks but we can violate our own API) right now we say the following: > After this callback returns, anything may happen, including crashing. Is this enough to document answer `no` for the first question and just saying that if the callback returned then you violated the API so `secp256k1_context_create` can return NULL even though it is promised not to? Right now we AFAICT we never check if it returns null Another nit I'm not sure about is wording `(does nothing if NULL)`/`(ignored if NULL)`/`(can be NULL)` More missing docs: 1. Documenting the `data` argument to the default nonce functions ACKs for top commit: ariard: ACKadec5a16jonasnick: ACKadec5a1638Tree-SHA512: 6fe785776b7e451e9e8cae944987f927b1eb2e2d404dfcb1b0ceb0a30bda4ce16469708920269417e5ada09739723a430e270dea1868fe7d12ccd5699dde5976
This commit is contained in:
Tim Ruffing
@@ -40,7 +40,7 @@ int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context*
|
||||
int ret = 1;
|
||||
int overflow = 0;
|
||||
|
||||
(void)ctx;
|
||||
VERIFY_CHECK(ctx != NULL);
|
||||
ARG_CHECK(sig != NULL);
|
||||
ARG_CHECK(input64 != NULL);
|
||||
ARG_CHECK(recid >= 0 && recid <= 3);
|
||||
@@ -60,7 +60,7 @@ int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context*
|
||||
int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context* ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature* sig) {
|
||||
secp256k1_scalar r, s;
|
||||
|
||||
(void)ctx;
|
||||
VERIFY_CHECK(ctx != NULL);
|
||||
ARG_CHECK(output64 != NULL);
|
||||
ARG_CHECK(sig != NULL);
|
||||
ARG_CHECK(recid != NULL);
|
||||
@@ -75,7 +75,7 @@ int secp256k1_ecdsa_recoverable_signature_convert(const secp256k1_context* ctx,
|
||||
secp256k1_scalar r, s;
|
||||
int recid;
|
||||
|
||||
(void)ctx;
|
||||
VERIFY_CHECK(ctx != NULL);
|
||||
ARG_CHECK(sig != NULL);
|
||||
ARG_CHECK(sigin != NULL);
|
||||
|
||||
|
||||
@@ -754,6 +754,7 @@ int secp256k1_ec_pubkey_combine(const secp256k1_context* ctx, secp256k1_pubkey *
|
||||
secp256k1_gej Qj;
|
||||
secp256k1_ge Q;
|
||||
|
||||
VERIFY_CHECK(ctx != NULL);
|
||||
ARG_CHECK(pubnonce != NULL);
|
||||
memset(pubnonce, 0, sizeof(*pubnonce));
|
||||
ARG_CHECK(n >= 1);
|
||||
@@ -762,6 +763,7 @@ int secp256k1_ec_pubkey_combine(const secp256k1_context* ctx, secp256k1_pubkey *
|
||||
secp256k1_gej_set_infinity(&Qj);
|
||||
|
||||
for (i = 0; i < n; i++) {
|
||||
ARG_CHECK(pubnonces[i] != NULL);
|
||||
secp256k1_pubkey_load(ctx, &Q, pubnonces[i]);
|
||||
secp256k1_gej_add_ge(&Qj, &Qj, &Q);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user