Skip to content

Comments

validate pubkey from extended public key when parsed; validate extended key version#38

Open
scgbckbone wants to merge 2 commits intoswitck:masterfrom
scgbckbone:more_validation_on_deserialize
Open

validate pubkey from extended public key when parsed; validate extended key version#38
scgbckbone wants to merge 2 commits intoswitck:masterfrom
scgbckbone:more_validation_on_deserialize

Conversation

@scgbckbone
Copy link
Contributor

@scgbckbone scgbckbone commented Jul 17, 2025

No description provided.

scgbckbone
scgbckbone commented Jul 18, 2025
View reviewed changes
Copy link
Contributor Author

@scgbckbone scgbckbone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed here:

  • we allow to de-serialize extended public key that contains private key and vice-versa (we haven't checked the version vs data inside)
  • we allow to de-serialize extended public that contains invalid secp256k1 pubkey, for example 020000000000000000000000000000000000000000000000000000000000000007 (not a security issue here as invalid pubkey would raise exception when we start working with it, but this imo should be part of validation logic)

@scgbckbone
validate pubkey from extended public key when parsed; validate extend…
52c8e7a 
…ed key has proper version wrt data it carries
@scgbckbone scgbckbone force-pushed the more_validation_on_deserialize branch from 05cf33d to 52c8e7a Compare July 23, 2025 09:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@scgbckbone