diff options
author | Wladimir J. van der Laan <laanwj@gmail.com> | 2014-05-09 16:24:46 +0200 |
---|---|---|
committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2014-05-09 16:24:57 +0200 |
commit | 72f754cf51d09ea9c3daec398da7a8ca7fce8d6e (patch) | |
tree | 39835783d027e3d879d9ac3fd9e94fbf049fcd5a /src/script.cpp | |
parent | 54f102248b183618ed7bd198c995232c89dc3152 (diff) | |
parent | 6fd7ef2bbf1f941c8dee302ffdeb44e603148723 (diff) |
Merge pull request #3637
6fd7ef2 Also switch the (unused) verification code to low-s instead of even-s. (Pieter Wuille)
Diffstat (limited to 'src/script.cpp')
-rw-r--r-- | src/script.cpp | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/script.cpp b/src/script.cpp index 4e2eeaf075..ac6d4b316f 100644 --- a/src/script.cpp +++ b/src/script.cpp @@ -286,9 +286,12 @@ bool IsCanonicalSignature(const valtype &vchSig, unsigned int flags) { if (nLenS > 1 && (S[0] == 0x00) && !(S[1] & 0x80)) return error("Non-canonical signature: S value excessively padded"); - if (flags & SCRIPT_VERIFY_EVEN_S) { - if (S[nLenS-1] & 1) - return error("Non-canonical signature: S value odd"); + if (flags & SCRIPT_VERIFY_LOW_S) { + // If the S value is above the order of the curve divided by two, its + // complement modulo the order could have been used instead, which is + // one byte shorter when encoded correctly. + if (!CKey::CheckSignatureElement(S, nLenS, true)) + return error("Non-canonical signature: S value is unnecessarily high"); } return true; |