From 6cd6b921ac57480d95af8b9bec2424e1f89fa196 Mon Sep 17 00:00:00 2001
From: Alex Wu <wuyiding@gmail.com>
Date: Tue, 2 Jan 2018 17:55:03 +0800
Subject: [PATCH] crypto: ensure private keys are < N (#15745)

Fixes #15744
---
 crypto/crypto.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/crypto/crypto.go b/crypto/crypto.go
index e51726e62..1c4d5a2e0 100644
--- a/crypto/crypto.go
+++ b/crypto/crypto.go
@@ -97,6 +97,16 @@ func toECDSA(d []byte, strict bool) (*ecdsa.PrivateKey, error) {
 		return nil, fmt.Errorf("invalid length, need %d bits", priv.Params().BitSize)
 	}
 	priv.D = new(big.Int).SetBytes(d)
+
+	// The priv.D must < N
+	if priv.D.Cmp(secp256k1_N) >= 0 {
+		return nil, fmt.Errorf("invalid private key, >=N")
+	}
+	// The priv.D must not be zero or negative.
+	if priv.D.Sign() <= 0 {
+		return nil, fmt.Errorf("invalid private key, zero or negative")
+	}
+
 	priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(d)
 	if priv.PublicKey.X == nil {
 		return nil, errors.New("invalid private key")
-- 
GitLab