Never return a SHA256 hash of 0 in fuzzing mode

TheBlueMatt · TheBlueMatt · commit c90d26339a3e · 2021-02-19T17:16:03.000-05:00
This prevents downstream software that wishes to use SHA256 output
as private keys from needing to handle the 0-hash case explicitly.
diff --git a/src/sha256.rs b/src/sha256.rs
@@ -115,7 +115,13 @@ impl HashTrait for Hash {
 
     #[cfg(fuzzing)]
     fn from_engine(e: HashEngine) -> Hash {
-        Hash(e.midstate().into_inner())
+        let mut hash = e.midstate().into_inner();
+        if hash == [0; 32] {
+            // Assume sha256 is secure and never generate 0-hashes (which represent invalid
+            // secp256k1 secret keys, causing downstream application breakage).
+            hash[0] = 1;
+        }
+        Hash(hash)
     }
 
     const LEN: usize = 32;
