addional checking for ecvrf_decode_proof

Author: prin-r

packages/crypto/src/ecvrf.rs

@@ -139,6 +139,10 @@ fn ecvrf_decode_proof(pi: &[u8]) -> CryptoResult<((Mpz, Mpz), Mpz, Mpz)> {
     let c = parse_rev_bytes(&pi[32..48]);
     let s = parse_rev_bytes(&pi[48..]);
 
+    if s >= *ORDER {
+        return Err(CryptoError::generic_err("s is out of range"));
+    }
+
     Ok((gamma, c, s))
 }
 
@@ -790,5 +794,15 @@ mod tests {
             ).unwrap(),
             true
         );
+        assert_eq!(
+            ecvrf_verify(
+                &decode("0b6ebe53e0e8665f43a6836fedacf22fb0b19f1136e90bf0e1705c5a1cf06460")
+                    .unwrap(),
+                &decode("1948c53146fe557db8e0f599a6be574e5b5fb5e8311c9cc26b8bd4added68cc8857cd34925f0b26f9f69e4a03519552898c2998bc0dadff45c5965fb7cb67b9d498bce3ad3c29c60165703d4ce3efa01").unwrap(),
+                &decode("656366666538303130663636636165393131383865383661646235393532656530626334623538316261663235636535303566646231353363383139643437373a31363634383632393030")
+                    .unwrap(),
+            ).unwrap(),
+            true
+        );
     }
 }