forks/go-ethereum
1
0
Fork 1
mirror of https://github.com/ethereum/go-ethereum.git synced 2026-03-06 03:15:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
go-ethereum/p2p/rlpx
History
fengjian 46bee92f9e crypto/ecies: fix ECIES invalid-curve handling (#33669) 
Fix ECIES invalid-curve handling in RLPx handshake (reject invalid
ephemeral pubkeys early)
- Add curve validation in crypto/ecies.GenerateShared to reject invalid
public keys before ECDH.
- Update RLPx PoC test to assert invalid curve points fail with
ErrInvalidPublicKey.
 
Motivation / Context
RLPx handshake uses ECIES decryption on unauthenticated network input.
Prior to this change, an invalid-curve ephemeral public key would
proceed into ECDH and only fail at MAC verification, returning
ErrInvalidMessage. This allows an oracle on decrypt success/failure and
leaves the code path vulnerable to invalid-curve/small-subgroup attacks.
The fix enforces IsOnCurve validation up front.
2026-02-17 17:03:47 +01:00
..
buffer.go p2p/rlpx: reduce allocation and syscalls (#22899) 2021-05-27 10:19:13 +02:00
buffer_test.go p2p/rlpx: reduce allocation and syscalls (#22899) 2021-05-27 10:19:13 +02:00
rlpx.go p2p/rlpx: optimize XOR operation using bitutil.XORBytes (#32217) 2025-07-22 23:06:48 +02:00
rlpx_oracle_poc_test.go crypto/ecies: fix ECIES invalid-curve handling (#33669) 2026-02-17 17:03:47 +01:00
rlpx_test.go p2p: using testing.B.Loop (#32664) 2025-09-19 16:38:36 -06:00