crypto: ensure private keys are < N (#15745)

Fixes #15744

crypto: ensure private keys are < N (#15745)
Fixes #15744
6cd6b921 · Alex Wu · Felix Lange · 908faf8c · 6cd6b921
隐藏空白更改
内联并排

Showing with 10 addition and 0 deletion

crypto/crypto.go crypto/crypto.go +10 -0

未找到文件。
--- a/crypto/crypto.go
+++ b/crypto/crypto.go
@@ -97,6 +97,16 @@ func toECDSA(d []byte, strict bool) (*ecdsa.PrivateKey, error) {
 		return nil, fmt.Errorf("invalid length, need %d bits", priv.Params().BitSize)
 	}
 	priv.D = new(big.Int).SetBytes(d)
+
+	// The priv.D must < N
+	if priv.D.Cmp(secp256k1_N) >= 0 {
+		return nil, fmt.Errorf("invalid private key, >=N")
+	}
+	// The priv.D must not be zero or negative.
+	if priv.D.Sign() <= 0 {
+		return nil, fmt.Errorf("invalid private key, zero or negative")
+	}
+
 	priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(d)
 	if priv.PublicKey.X == nil {
 		return nil, errors.New("invalid private key")