crypto: add IsOnCurve check (#261)

owen-reorg · web-flow · commit c7a29ca1b01a · 2025-01-31T00:24:31.000+08:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## v0.5.5
+
+This is a hot fix release, the detail about this fix will be revealed later.
+Please upgrade your node to this version if your node is exposed to the public network via p2p.
+
 ## v0.5.4
 
 This is a minor release for opBNB Mainnet and Testnet.
diff --git a/crypto/crypto.go b/crypto/crypto.go
@@ -197,6 +197,9 @@ func UnmarshalPubkey(pub []byte) (*ecdsa.PublicKey, error) {
 	if x == nil {
 		return nil, errInvalidPubkey
 	}
+	if !S256().IsOnCurve(x, y) {
+		return nil, errInvalidPubkey
+	}
 	return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}, nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -197,6 +197,9 @@ func UnmarshalPubkey(pub []byte) (*ecdsa.PublicKey, error) {`
`197`	`197`	`if x == nil {`
`198`	`198`	`return nil, errInvalidPubkey`
`199`	`199`	`}`
	`200`	`+ if !S256().IsOnCurve(x, y) {`
	`201`	`+ return nil, errInvalidPubkey`
	`202`	`+ }`
`200`	`203`	`return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}, nil`
`201`	`204`	`}`
`202`	`205`