forks/go-ethereum
1
0
Fork 1
mirror of https://github.com/ethereum/go-ethereum.git synced 2026-05-13 19:46:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

crypto: validate hash length in no cgo Sign (#33104)
Some checks failed
/ Linux Build (push) Has been cancelled
Details
/ Linux Build (arm) (push) Has been cancelled
Details
/ Keeper Build (push) Has been cancelled
Details
/ Windows Build (push) Has been cancelled
Details
/ Docker Image (push) Has been cancelled
Details

Browse source 
- Replace hardcoded DigestLength 
- Add hash length validation
This commit is contained in:
Lucia 2025-11-08 23:25:53 +13:00 committed by GitHub
parent d2a5dba48f
commit ebc7dc9e37
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
crypto/signature_nocgo.go
View file

@ -43,6 +43,9 @@ func sigToPub(hash, sig []byte) (*secp256k1.PublicKey, error) {
if len(sig) != SignatureLength { if len(sig) != SignatureLength {
return nil, errors.New("invalid signature") return nil, errors.New("invalid signature")
} }
if len(hash) != DigestLength {
return nil, fmt.Errorf("hash is required to be exactly %d bytes (%d)", DigestLength, len(hash))
}
// Convert to secp256k1 input format with 'recovery id' v at the beginning. // Convert to secp256k1 input format with 'recovery id' v at the beginning.
btcsig := make([]byte, SignatureLength) btcsig := make([]byte, SignatureLength)
btcsig[0] = sig[RecoveryIDOffset] + 27 btcsig[0] = sig[RecoveryIDOffset] + 27
@ -76,8 +79,8 @@ func SigToPub(hash, sig []byte) (*ecdsa.PublicKey, error) {
// //
// The produced signature is in the [R || S || V] format where V is 0 or 1. // The produced signature is in the [R || S || V] format where V is 0 or 1.
func Sign(hash []byte, prv *ecdsa.PrivateKey) ([]byte, error) { func Sign(hash []byte, prv *ecdsa.PrivateKey) ([]byte, error) {
if len(hash) != 32 { if len(hash) != DigestLength {
return nil, fmt.Errorf("hash is required to be exactly 32 bytes (%d)", len(hash)) return nil, fmt.Errorf("hash is required to be exactly %d bytes (%d)", DigestLength, len(hash))
} }
if prv.Curve != S256() { if prv.Curve != S256() {
return nil, errors.New("private key curve is not secp256k1") return nil, errors.New("private key curve is not secp256k1")