secp256k1-compat: additional check for zero point

paulmillr · paulmillr · commit d29425a462df · 2023-02-01T03:31:48.000+01:00
diff --git a/src/secp256k1-compat.ts b/src/secp256k1-compat.ts
@@ -112,7 +112,7 @@ export function ecdsaSign(
   }
   const [signature, recid] = secp.signSync(msgHash, privateKey, {
     recovered: true,
-    der: false
+    der: false,
   });
   return { signature: output(out, 64, signature), recid };
 }
@@ -214,8 +214,12 @@ export function publicKeyCombine(
   }
   assertBool(compressed);
   const combined = publicKeys
-    .map(pub => secp.Point.fromHex(pub))
+    .map((pub) => secp.Point.fromHex(pub))
     .reduce((res, curr) => res.add(curr), secp.Point.ZERO);
+  // Prohibit returning ZERO point
+  if (combined.equals(secp.Point.ZERO)) {
+    throw new Error("Combined result must not be zero");
+  }
   return output(out, compressed ? 33 : 65, combined.toRawBytes(compressed));
 }
 

Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,7 @@ export function ecdsaSign(`
`112`	`112`	`}`
`113`	`113`	`const [signature, recid] = secp.signSync(msgHash, privateKey, {`
`114`	`114`	`recovered: true,`
`115`		`- der: false`
	`115`	`+ der: false,`
`116`	`116`	`});`
`117`	`117`	`return { signature: output(out, 64, signature), recid };`
`118`	`118`	`}`
`@@ -214,8 +214,12 @@ export function publicKeyCombine(`
`214`	`214`	`}`
`215`	`215`	`assertBool(compressed);`
`216`	`216`	`const combined = publicKeys`
`217`		`- .map(pub => secp.Point.fromHex(pub))`
	`217`	`+ .map((pub) => secp.Point.fromHex(pub))`
`218`	`218`	`.reduce((res, curr) => res.add(curr), secp.Point.ZERO);`
	`219`	`+ // Prohibit returning ZERO point`
	`220`	`+ if (combined.equals(secp.Point.ZERO)) {`
	`221`	`+ throw new Error("Combined result must not be zero");`
	`222`	`+ }`
`219`	`223`	`return output(out, compressed ? 33 : 65, combined.toRawBytes(compressed));`
`220`	`224`	`}`
`221`	`225`