diff options
author | Wladimir J. van der Laan <laanwj@gmail.com> | 2018-08-14 16:57:32 +0200 |
---|---|---|
committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2018-08-14 18:01:02 +0200 |
commit | 63f8b0128b2aac3b25c6ec4d2f5bda213033162a (patch) | |
tree | 4b560c6d33222cb88e3d238641322d1930099f26 /src/script/sign.h | |
parent | 3e5424faf6ff4f0990f7b3b9ca879d434f2abbb2 (diff) | |
parent | 5df6f089b53c5b5859e5a3454c026447e4752f82 (diff) |
Merge #13917: Additional safety checks in PSBT signer
5df6f089b53c5b5859e5a3454c026447e4752f82 More tests of signer checks (Andrew Chow)
7c8bffdc24e005c3044a9a80bbc227b2a39b8605 Test that a non-witness script as witness utxo is not signed (Andrew Chow)
8254e9950f67d750c7f5905bfdef526d825965ed Additional sanity checks in SignPSBTInput (Pieter Wuille)
c05712cb590c8c76729a71d75a290c67ae9e3c06 Only wipe wrong UTXO type data if overwritten by wallet (Pieter Wuille)
Pull request description:
The current PSBT signing code can end up producing a non-segwit signature, while only the UTXO being spent is provided in the PSBT (as opposed to the entire transaction being spent). This may be used to trick a user to incorrectly decide a transaction has the semantics he intends to sign.
Fix this by refusing to sign if there is any mismatch between the provided data and what is being signed.
Tree-SHA512: b55790d79d8166e05513fc4c603a982a33710e79dc3c045060cddac6b48a1be3a28ebf8db63f988b6567b15dd27fd09bbaf48846e323c8635376ac20178956f4
Diffstat (limited to 'src/script/sign.h')
-rw-r--r-- | src/script/sign.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/script/sign.h b/src/script/sign.h index 80fda617e9..7ade715ee2 100644 --- a/src/script/sign.h +++ b/src/script/sign.h @@ -686,7 +686,7 @@ bool ProduceSignature(const SigningProvider& provider, const BaseSignatureCreato bool SignSignature(const SigningProvider &provider, const CScript& fromPubKey, CMutableTransaction& txTo, unsigned int nIn, const CAmount& amount, int nHashType); bool SignSignature(const SigningProvider &provider, const CTransaction& txFrom, CMutableTransaction& txTo, unsigned int nIn, int nHashType); -/** Signs a PSBTInput */ +/** Signs a PSBTInput, verifying that all provided data matches what is being signed. */ bool SignPSBTInput(const SigningProvider& provider, const CMutableTransaction& tx, PSBTInput& input, SignatureData& sigdata, int index, int sighash = 1); /** Extract signature data from a transaction input, and insert it. */ |