From 74f136048abc5f7edd2a52ec2fb99efd47af8712 Mon Sep 17 00:00:00 2001
From: Marius van der Wijden <m.vanderwijden@live.de>
Date: Mon, 13 Sep 2021 21:11:26 +0200
Subject: [PATCH 1/2] btcec: check if recovered pk is at point of infinity

---
 btcec/signature.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/btcec/signature.go b/btcec/signature.go
index cdd7cedfb8..8a8f8301b7 100644
--- a/btcec/signature.go
+++ b/btcec/signature.go
@@ -353,6 +353,10 @@ func recoverKeyFromSignature(curve *KoblitzCurve, sig *Signature, msg []byte,
 	// step to prevent the jacobian conversion back and forth.
 	Qx, Qy := curve.Add(sRx, sRy, minuseGx, minuseGy)
 
+	if Qx.Sign() == 0 && Qy.Sign() == 0 {
+		return nil, errors.New("point (Qx, Qy) equals the point at infinity")
+	}
+
 	return &PublicKey{
 		Curve: curve,
 		X:     Qx,

From 1ff14ef01f4877a12ffbca6ea23947a350d6b3f0 Mon Sep 17 00:00:00 2001
From: Marius van der Wijden <m.vanderwijden@live.de>
Date: Mon, 13 Sep 2021 21:38:27 +0200
Subject: [PATCH 2/2] btcec: added testcase for point at infinity

---
 btcec/signature_test.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/btcec/signature_test.go b/btcec/signature_test.go
index ba02a03f76..b58d186775 100644
--- a/btcec/signature_test.go
+++ b/btcec/signature_test.go
@@ -549,6 +549,12 @@ var recoveryTests = []struct {
 		sig: "0100b1693892219d736caba55bdb67216e485557ea6b6af75f37096c9aa6a5a75f00b940b1d03b21e36b0e47e79769f095fe2ab855bd91e3a38756b7d75a9c4549",
 		err: fmt.Errorf("invalid square root"),
 	},
+	{
+		// Point at infinity recovered
+		msg: "6b8d2c81b11b2d699528dde488dbdf2f94293d0d33c32e347f255fa4a6c1f0a9",
+		sig: "0079be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f817986b8d2c81b11b2d699528dde488dbdf2f94293d0d33c32e347f255fa4a6c1f0a9",
+		err: fmt.Errorf("point (Qx, Qy) equals the point at infinity"),
+	},
 	{
 		// Low R and S values.
 		msg: "ba09edc1275a285fb27bfe82c4eea240a907a0dbaf9e55764b8f318c37d5974f",