Fix publicKeyVerify length check (#167)

Author: fanatid

lib/elliptic.js

@@ -47,12 +47,12 @@ function loadPublicKey (pubkey) {
   switch (first) {
     case 0x02:
     case 0x03:
-      // if (pubkey.length !== 33) return null
+      if (pubkey.length !== 33) return null
       return loadCompressedPublicKey(first, pubkey.subarray(1, 33))
     case 0x04:
     case 0x06:
     case 0x07:
-      // if (pubkey.length !== 65) return null
+      if (pubkey.length !== 65) return null
       return loadUncompressedPublicKey(first, pubkey.subarray(1, 33), pubkey.subarray(33, 65))
     default:
       return null

test/publickey.js

@@ -28,6 +28,10 @@ module.exports = (t, secp256k1) => {
       invalidY[64] ^= 0x01
       t.false(secp256k1.publicKeyVerify(invalidY), 'invalid Y')
 
+      const invalidLength = Buffer.from(publicKey.uncompressed)
+      invalidLength[0] = publicKey.compressed[0]
+      t.false(secp256k1.publicKeyVerify(invalidLength), 'invalid length')
+
       t.end()
     })