Merge #10657: Utils: Improvements to ECDSA key-handling code

63179d0 Scope the ECDSA constant sizes to CPubKey / CKey classes (Jack Grigg) 1ce9f0a Ensure that ECDSA constant sizes are correctly-sized (Jack Grigg) 48abe78 Remove redundant `= 0` initialisations (Jack Grigg) 17fa391 Specify ECDSA constant sizes as constants (Jack Grigg) e4a1086 Update Debian copyright list (Jack Grigg) e181dbe Add comments (Jack Grigg) a3603ac Fix potential overflows in ECDSA DER parsers (Jack Grigg) Pull request description: Mostly trivial, but includes fixes to potential overflows in the ECDSA DER parsers. Cherry-picked from Zcash PR https://github.com/zcash/zcash/pull/2335 Tree-SHA512: 8fcbd51b0bd6723e5d33fa5d592f7cb68ed182796a9b837ecc8217991ad69d6c970258617dc00eb378c8caa4cec5d6b304d9d2c066acd40cda98e4da68e0caa4
2025-11-12 06:58:57 +01:00 · 2017-12-20 17:22:56 +01:00
parent bc66765144 63179d0283
commit 79399c8cd0
6 changed files with 131 additions and 62 deletions
--- a/src/pubkey.h
+++ b/src/pubkey.h
@@ -1,5 +1,6 @@
 // Copyright (c) 2009-2010 Satoshi Nakamoto
 // Copyright (c) 2009-2016 The Bitcoin Core developers
+// Copyright (c) 2017 The Zcash developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.

@@ -13,16 +14,6 @@
 #include <stdexcept>
 #include <vector>

-/**
- * secp256k1:
- * const unsigned int PRIVATE_KEY_SIZE = 279;
- * const unsigned int PUBLIC_KEY_SIZE  = 65;
- * const unsigned int SIGNATURE_SIZE   = 72;
- *
- * see www.keylength.com
- * script supports up to 75 for single byte push
- */
-
 const unsigned int BIP32_EXTKEY_SIZE = 74;

 /** A reference to a CKey: the Hash160 of its serialized public key */
@@ -38,21 +29,37 @@ typedef uint256 ChainCode;
 /** An encapsulated public key. */
 class CPubKey
 {
+public:
+    /**
+     * secp256k1:
+     */
+    static const unsigned int PUBLIC_KEY_SIZE             = 65;
+    static const unsigned int COMPRESSED_PUBLIC_KEY_SIZE  = 33;
+    static const unsigned int SIGNATURE_SIZE              = 72;
+    static const unsigned int COMPACT_SIGNATURE_SIZE      = 65;
+    /**
+     * see www.keylength.com
+     * script supports up to 75 for single byte push
+     */
+    static_assert(
+        PUBLIC_KEY_SIZE >= COMPRESSED_PUBLIC_KEY_SIZE,
+        "COMPRESSED_PUBLIC_KEY_SIZE is larger than PUBLIC_KEY_SIZE");
+
 private:

    /**
     * Just store the serialized data.
     * Its length can very cheaply be computed from the first byte.
     */
-    unsigned char vch[65];
+    unsigned char vch[PUBLIC_KEY_SIZE];

    //! Compute the length of a pubkey with a given first byte.
    unsigned int static GetLen(unsigned char chHeader)
    {
        if (chHeader == 2 || chHeader == 3)
-            return 33;
+            return COMPRESSED_PUBLIC_KEY_SIZE;
        if (chHeader == 4 || chHeader == 6 || chHeader == 7)
-            return 65;
+            return PUBLIC_KEY_SIZE;
        return 0;
    }

@@ -127,7 +134,7 @@ public:
    void Unserialize(Stream& s)
    {
        unsigned int len = ::ReadCompactSize(s);
-        if (len <= 65) {
+        if (len <= PUBLIC_KEY_SIZE) {
            s.read((char*)vch, len);
        } else {
            // invalid pubkey, skip available data
@@ -166,7 +173,7 @@ public:
    //! Check whether this is a compressed public key.
    bool IsCompressed() const
    {
-        return size() == 33;
+        return size() == COMPRESSED_PUBLIC_KEY_SIZE;
    }

    /**