Merge commit from fork

indutny · Nov 13, 2024 · 04cb6f5 · 04cb6f5
1 parent b8a7edd
commit 04cb6f5
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/lib/elliptic/ec/index.js b/lib/elliptic/ec/index.js
@@ -115,16 +115,29 @@ EC.prototype.sign = function sign(msg, key, enc, options) {
   if (!options)
     options = {};
 
+  if (typeof msg !== 'string' && typeof msg !== 'number' && !BN.isBN(msg)) {
+    assert(typeof msg === 'object' && msg && typeof msg.length === 'number',
+      'Expected message to be an array-like, a hex string, or a BN instance');
+    assert((msg.length >>> 0) === msg.length); // non-negative 32-bit integer
+    for (var i = 0; i < msg.length; i++) assert((msg[i] & 255) === msg[i]);
+  }
+
   key = this.keyFromPrivate(key, enc);
   msg = this._truncateToN(msg, false, options.msgBitLength);
 
+  // Would fail further checks, but let's make the error message clear
+  assert(!msg.isNeg(), 'Can not sign a negative message');
+
   // Zero-extend key to provide enough entropy
   var bytes = this.n.byteLength();
   var bkey = key.getPrivate().toArray('be', bytes);
 
   // Zero-extend nonce to have the same byte size as N
   var nonce = msg.toArray('be', bytes);
 
+  // Recheck nonce to be bijective to msg
+  assert((new BN(nonce)).eq(msg), 'Can not sign message');
+
   // Instantiate Hmac_DRBG
   var drbg = new HmacDRBG({
     hash: this.hash,