@exodus/bip322-js 3.2.0 → 3.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,12 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
|
5
5
|
|
|
6
|
+
## [3.2.1](https://github.com/ExodusMovement/exodus-hydra/compare/@exodus/bip322-js@3.2.0...@exodus/bip322-js@3.2.1) (2026-04-22)
|
|
7
|
+
|
|
8
|
+
### Bug Fixes
|
|
9
|
+
|
|
10
|
+
- fix(bip322-js): reject oversized DER R/S lengths (ECDSA malleability) (#16083)
|
|
11
|
+
|
|
6
12
|
## [3.2.0](https://github.com/ExodusMovement/exodus-hydra/compare/@exodus/bip322-js@3.1.0...@exodus/bip322-js@3.2.0) (2025-12-26)
|
|
7
13
|
|
|
8
14
|
### Features
|
|
@@ -12,8 +12,10 @@ export function decodeScriptSignature(buffer) {
|
|
|
12
12
|
function fromDER(x) {
|
|
13
13
|
if (x[0] === 0x00)
|
|
14
14
|
x = x.slice(1);
|
|
15
|
+
if (x.length > 32)
|
|
16
|
+
throw new Error('Value length is too long');
|
|
15
17
|
const buffer = Buffer.alloc(32, 0);
|
|
16
|
-
const bstart =
|
|
18
|
+
const bstart = 32 - x.length;
|
|
17
19
|
x.copy(buffer, bstart);
|
|
18
20
|
return buffer;
|
|
19
21
|
}
|
|
@@ -33,6 +35,8 @@ function decode2(buffer) {
|
|
|
33
35
|
throw new Error('R length is zero');
|
|
34
36
|
if (5 + lenR >= buffer.length)
|
|
35
37
|
throw new Error('R length is too long');
|
|
38
|
+
if (lenR > 33)
|
|
39
|
+
throw new Error('R length is too long');
|
|
36
40
|
if (buffer[4 + lenR] !== 0x02)
|
|
37
41
|
throw new Error('Expected DER integer (2)');
|
|
38
42
|
const lenS = buffer[5 + lenR];
|
|
@@ -40,6 +44,8 @@ function decode2(buffer) {
|
|
|
40
44
|
throw new Error('S length is zero');
|
|
41
45
|
if (6 + lenR + lenS !== buffer.length)
|
|
42
46
|
throw new Error('S length is invalid');
|
|
47
|
+
if (lenS > 33)
|
|
48
|
+
throw new Error('S length is too long');
|
|
43
49
|
if (buffer[4] & 0x80)
|
|
44
50
|
throw new Error('R value is negative');
|
|
45
51
|
if (lenR > 1 && buffer[4] === 0x00 && !(buffer[5] & 0x80)) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@exodus/bip322-js",
|
|
3
|
-
"version": "3.2.
|
|
3
|
+
"version": "3.2.1",
|
|
4
4
|
"description": "A Javascript library that provides utility functions related to the BIP-322 signature scheme",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -43,7 +43,7 @@
|
|
|
43
43
|
"typescript": "^5.1.3"
|
|
44
44
|
},
|
|
45
45
|
"dependencies": {
|
|
46
|
-
"@exodus/asset-types": "^0.
|
|
46
|
+
"@exodus/asset-types": "^0.5.0",
|
|
47
47
|
"@exodus/bitcoinjs": "^2.0.0",
|
|
48
48
|
"@exodus/bytes": "^1.0.0-rc.8",
|
|
49
49
|
"@exodus/crypto": "^1.0.0-rc.26",
|
|
@@ -57,5 +57,5 @@
|
|
|
57
57
|
"bugs": {
|
|
58
58
|
"url": "https://github.com/ExodusMovement/exodus-hydra/issues?q=is%3Aissue+is%3Aopen+label%3Abip322-js"
|
|
59
59
|
},
|
|
60
|
-
"gitHead": "
|
|
60
|
+
"gitHead": "9eb3d238b1c333391f6963c53d8816ed58d926de"
|
|
61
61
|
}
|