@smartledger/elliptic-fix
Version:
Security fix for signature malleability vulnerability in Elliptic package v6.5.5 used by bsv@1.5.6
17 lines (12 loc) • 521 B
JavaScript
const elliptic = require('elliptic');
// Apply the fix to prevent signature malleability
const originalVerify = elliptic.eddsa.prototype.verify;
elliptic.eddsa.prototype.verify = function patchedVerify(message, sig, pub) {
const signature = this.makeSignature(sig);
// Reject signatures with S >= curve order or S < 0
if (signature.S().gte(this.curve.n) || signature.S().isNeg()) {
return false;
}
return originalVerify.call(this, message, sig, pub);
};
module.exports = elliptic;