aboutsummaryrefslogtreecommitdiff
path: root/src/script.cpp
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@gmail.com>2014-05-09 16:24:46 +0200
committerWladimir J. van der Laan <laanwj@gmail.com>2014-05-09 16:24:57 +0200
commit72f754cf51d09ea9c3daec398da7a8ca7fce8d6e (patch)
tree39835783d027e3d879d9ac3fd9e94fbf049fcd5a /src/script.cpp
parent54f102248b183618ed7bd198c995232c89dc3152 (diff)
parent6fd7ef2bbf1f941c8dee302ffdeb44e603148723 (diff)
Merge pull request #3637
6fd7ef2 Also switch the (unused) verification code to low-s instead of even-s. (Pieter Wuille)
Diffstat (limited to 'src/script.cpp')
-rw-r--r--src/script.cpp9
1 files changed, 6 insertions, 3 deletions
diff --git a/src/script.cpp b/src/script.cpp
index 4e2eeaf075..ac6d4b316f 100644
--- a/src/script.cpp
+++ b/src/script.cpp
@@ -286,9 +286,12 @@ bool IsCanonicalSignature(const valtype &vchSig, unsigned int flags) {
if (nLenS > 1 && (S[0] == 0x00) && !(S[1] & 0x80))
return error("Non-canonical signature: S value excessively padded");
- if (flags & SCRIPT_VERIFY_EVEN_S) {
- if (S[nLenS-1] & 1)
- return error("Non-canonical signature: S value odd");
+ if (flags & SCRIPT_VERIFY_LOW_S) {
+ // If the S value is above the order of the curve divided by two, its
+ // complement modulo the order could have been used instead, which is
+ // one byte shorter when encoded correctly.
+ if (!CKey::CheckSignatureElement(S, nLenS, true))
+ return error("Non-canonical signature: S value is unnecessarily high");
}
return true;