Merge petertodd#246: Check that secrets are exactly 32 bytes

petertodd · petertodd · commit f36b5bc07123 · 2022-08-28T11:47:36.000-04:00
1c36e75 Check that secrets are exactly 32 bytes (Bob McElrath) Pull request description: Fixes petertodd#239. I agree with @dgpv, any padding should be performed by the user and we shouldn't be doing any unexpected transformations on the user's secret key material. So we just raise an exception if anything other than exactly 32 bytes are passed. Top commit has no ACKs. Tree-SHA512: 9daf6e662ae4218b22c4a11a487d1be959d688abe593326e9c0eccfb6346bffa8fb08c1e4111fd95dc30b1a5123c751f629f83075096e4b0eef9a54e1cce23c5
diff --git a/bitcoin/core/key.py b/bitcoin/core/key.py
@@ -257,6 +257,8 @@ def __del__(self):
         self.k = None
 
     def set_secretbytes(self, secret):
+        if(len(secret) != 32):
+            raise ValueError("Secret bytes must be exactly 32 bytes")
         priv_key = _ssl.BN_bin2bn(secret, 32, None)
         group = _ssl.EC_KEY_get0_group(self.k)
         pub_key = _ssl.EC_POINT_new(group)
