diff options
author | Andy Alness <andy@coinbase.com> | 2014-12-06 13:25:44 -0800 |
---|---|---|
committer | Andy Alness <andy@coinbase.com> | 2014-12-06 14:27:24 -0800 |
commit | 3bb62ecaf42a560a39147b85b582f9c6b65e5d16 (patch) | |
tree | 260d0533fbc95c1616b24ee15332dcbc7b4a7cb9 /bip-0062.mediawiki | |
parent | 1448e7f990c8e3cd8841cd2cc22d88f079f2c176 (diff) |
Add explicit note about OpenSSL wrt low S values
Diffstat (limited to 'bip-0062.mediawiki')
-rw-r--r-- | bip-0062.mediawiki | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/bip-0062.mediawiki b/bip-0062.mediawiki index 9d5bfe5..4e5653b 100644 --- a/bip-0062.mediawiki +++ b/bip-0062.mediawiki @@ -63,7 +63,9 @@ Below is a summary of the effects on signatures, their encoding and data pushes. The value S in signatures must be between 0x1 and 0x7FFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 5D576E73 57A4501D DFE92F46 681B20A0 (inclusive). If S is too high, simply replace it by S' = 0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141 - S. -The constraints on the value R is unchanged w.r.t. ECDSA, and can be between 0x1 and 0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364140 (inclusive). +Signatures produced by the OpenSSL library are not guaranteed to be consistent with this constraint. Version 0.9.3 of the reference client provides [https://github.com/bitcoin/bitcoin/blob/0.9.3/src/key.cpp#L202-L227 an example] for detection and correction. + +The constraints on the value R are unchanged w.r.t. ECDSA, and values can be between 0x1 and 0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364140 (inclusive). ====DER encoding==== For reference, here is how to encode signatures correctly in DER format. |