highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2026-01-20 23:29:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Also switch the (unused) verification code to low-s instead of even-s.

Browse Source 
a81cd968 introduced a malleability breaker for signatures
(using an even value for S). In e0e14e43 this was changed to
the lower of two potential values, rather than the even one.
Only the signing code was changed though, the (for now unused)
verification code wasn't adapted.
This commit is contained in:
Pieter Wuille
2014-02-07 02:19:48 +01:00
committed by Pieter Wuille
parent a63f8b7b36
commit 6fd7ef2bbf
5 changed files with 78 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/script.cpp
View File

@@ -296,9 +296,12 @@ bool IsCanonicalSignature(const valtype &vchSig, unsigned int flags) {
if (nLenS > 1 && (S[0] == 0x00) && !(S[1] & 0x80))
return error("Non-canonical signature: S value excessively padded");
if (flags & SCRIPT_VERIFY_EVEN_S) {
if (S[nLenS-1] & 1)
return error("Non-canonical signature: S value odd");
if (flags & SCRIPT_VERIFY_LOW_S) {
// If the S value is above the order of the curve divided by two, its
// complement modulo the order could have been used instead, which is
// one byte shorter when encoded correctly.
if (!CKey::CheckSignatureElement(S, nLenS, true))
return error("Non-canonical signature: S value is unnecessarily high");
}
return true;