forks/go-ethereum
1
0
Fork 1
mirror of https://github.com/ethereum/go-ethereum.git synced 2026-05-16 13:06:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

crypto: add hash length check in nocgo VerifySignature (#33839)
Some checks are pending
/ Linux Build (push) Waiting to run
Details
/ Linux Build (arm) (push) Waiting to run
Details
/ Keeper Build (push) Waiting to run
Details
/ Windows Build (push) Waiting to run
Details
/ Docker Image (push) Waiting to run
Details

Browse source 
I was tracing a signature verification issue in a nocgo build and found
that `VerifySignature` doesn't validate hash length. #33104 added the
check to `Sign` and `sigToPub` but missed this one. The cgo path in
`secp256k1/secp256.go` already rejects non-32-byte hashes, so the nocgo
path should do the same — otherwise a wrong-length hash gets passed to
decred's `Verify` and silently gives a bogus result.
This commit is contained in:
vickkkkkyy 2026-05-10 17:49:17 +08:00 committed by GitHub
parent 2ba9be9c0e
commit 8581125a21
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
crypto/signature_nocgo.go
View file

@ -103,7 +103,7 @@ func Sign(hash []byte, prv *ecdsa.PrivateKey) ([]byte, error) {
// The public key should be in compressed (33 bytes) or uncompressed (65 bytes) format. // The public key should be in compressed (33 bytes) or uncompressed (65 bytes) format.
// The signature should have the 64 byte [R || S] format. // The signature should have the 64 byte [R || S] format.
func VerifySignature(pubkey, hash, signature []byte) bool { func VerifySignature(pubkey, hash, signature []byte) bool {
if len(signature) != 64 { if len(signature) != 64 || len(hash) != DigestLength {
return false return false
} }
var r, s secp256k1.ModNScalar var r, s secp256k1.ModNScalar