crypto: add IsOnCurve check (#31100)

fjl · fjl · commit 159fb1a1db55 · 2025-01-30T14:12:13.000+01:00
diff --git a/crypto/crypto.go b/crypto/crypto.go
@@ -178,6 +178,9 @@ func UnmarshalPubkey(pub []byte) (*ecdsa.PublicKey, error) {
 	if x == nil {
 		return nil, errInvalidPubkey
 	}
+	if !S256().IsOnCurve(x, y) {
+		return nil, errInvalidPubkey
+	}
 	return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}, nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -178,6 +178,9 @@ func UnmarshalPubkey(pub []byte) (*ecdsa.PublicKey, error) {`
`178`	`178`	`if x == nil {`
`179`	`179`	`return nil, errInvalidPubkey`
`180`	`180`	`}`
	`181`	`+ if !S256().IsOnCurve(x, y) {`
	`182`	`+ return nil, errInvalidPubkey`
	`183`	`+ }`
`181`	`184`	`return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}, nil`
`182`	`185`	`}`
`183`	`186`