ringct: do not include bulletproof commitments in signed message

Those are not serialized, but are restored from the outPk masks, so depending on what tries to validate the tx, those commitments may or may not be filled with valid data at the time. The outPk masks are already hashed as part of the rctSigBase field.
author: moneromooo-monero <moneromooo-monero@users.noreply.github.com> 2017-12-09 15:22:24 +0000
committer: moneromooo-monero <moneromooo-monero@users.noreply.github.com> 2017-12-09 15:30:15 +0000
commit: 8d4469a0acc21781f78a92397e6d77928755a367 (patch)
tree: f6f53801cccc1c0c5d2b81ddb6c008f32fae11cc
parent: Merge pull request #2883 (diff)
download: monero-8d4469a0acc21781f78a92397e6d77928755a367.tar.xz
1 files changed, 3 insertions, 3 deletions
diff --git a/src/ringct/rctSigs.cpp b/src/ringct/rctSigs.cpp
index cfb4aaf97..65b8d7166 100644
--- a/src/ringct/rctSigs.cpp
+++ b/src/ringct/rctSigs.cpp
@@ -347,11 +347,11 @@ namespace rct {
       keyV kv;
       if (rv.type == RCTTypeSimpleBulletproof || rv.type == RCTTypeFullBulletproof)
       {
-        kv.reserve((6*2+10) * rv.p.bulletproofs.size());
+        kv.reserve((6*2+9) * rv.p.bulletproofs.size());
         for (const auto &p: rv.p.bulletproofs)
         {
-          for (size_t n = 0; n < p.V.size(); ++n)
-            kv.push_back(p.V[n]);
+          // V are not hashed as they're expanded from outPk.mask
+          // (and thus hashed as part of rctSigBase above)
           kv.push_back(p.A);
           kv.push_back(p.S);
           kv.push_back(p.T1);
author	moneromooo-monero <moneromooo-monero@users.noreply.github.com>	2017-12-09 15:22:24 +0000
committer	moneromooo-monero <moneromooo-monero@users.noreply.github.com>	2017-12-09 15:30:15 +0000
commit	8d4469a0acc21781f78a92397e6d77928755a367 (patch)
tree	f6f53801cccc1c0c5d2b81ddb6c008f32fae11cc
parent	Merge pull request #2883 (diff)
download	monero-8d4469a0acc21781f78a92397e6d77928755a367.tar.xz