secp256k1 - npm Package Compare versions

Comparing version 2.0.9 to 2.0.10

lib/elliptic/recover.js

@@ -1,3 +0,1 @@
-var BN = require('bn.js')
-
 var asserts = require('../asserts')
@@ -7,2 +5,3 @@ var messages = require('../messages')
 var util = require('./util')
+var verify = require('./verify.js')
 
@@ -31,13 +30,9 @@ /**
 
-  try {
-    var sigObj = {r: signature.slice(0, 32), s: signature.slice(32, 64)}
-    if (new BN(sigObj.r).isZero() || new BN(sigObj.s).isZero()) {
-      throw new Error()
-    }
-
-    var pubKey = ec.recoverPubKey(msg, sigObj, recovery)
-    return new Buffer(pubKey.encodeCompressed())
-  } catch (err) {
+  var sigObj = {r: signature.slice(0, 32), s: signature.slice(32, 64)}
+  var pubKey = ec.recoverPubKey(msg, sigObj, recovery)
+  var pubKeyBuf = new Buffer(pubKey.encodeCompressed())
+  if (!verify.verifySync(msg, signature, pubKeyBuf)) {
     throw new Error(messages.ECDSA_RECOVER_FAIL)
   }
+  return pubKeyBuf
 }

lib/elliptic/verify.js

@@ -1,3 +0,1 @@
-var BN = require('bn.js')
-
 var asserts = require('../asserts')
@@ -35,7 +33,3 @@ var messages = require('../messages')
   var sigObj = {r: signature.slice(0, 32), s: signature.slice(32, 64)}
-  if (new BN(sigObj.s).cmp(ec.nh) === 1) {
-    return false
-  }
-
   return ec.verify(msg, sigObj, publicKey)
 }

package.json

 {
   "name": "secp256k1",
-  "version": "2.0.9",
+  "version": "2.0.10",
   "description": "This module provides native bindings to ecdsa secp256k1 functions",
@@ -5,0 +5,0 @@ "keywords": [

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

741439

decreased by-0.02%

Lines of code

924

decreased by-0.75%

No dependency changes