From 631e22b44ec9d3cf7880182c965843022f75bd0a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 5 Apr 2021 10:45:13 -0400 Subject: [PATCH] ECDSA public key recovery: improve validation of r/s/v GH #2698 --- src/lib/pubkey/ecdsa/ecdsa.cpp | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index 36a67413024..490364f8bc5 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -36,13 +36,18 @@ PointGFp recover_ecdsa_public_key(const EC_Group& group, if(group.get_cofactor() != 1) throw Invalid_Argument("ECDSA public key recovery only supported for prime order groups"); - if(v > 4) + if(v >= 4) throw Invalid_Argument("Unexpected v param for ECDSA public key recovery"); + const BigInt& group_order = group.get_order(); + + if(r <= 0 || r >= group_order || s <= 0 || s >= group_order) + { + throw Invalid_Argument("Out of range r/s cannot recover ECDSA public key"); + } + const uint8_t y_odd = v % 2; const uint8_t add_order = v >> 1; - - const BigInt& group_order = group.get_order(); const size_t p_bytes = group.get_p_bytes(); try