aboutsummaryrefslogtreecommitdiff
path: root/src/script
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@gmail.com>2017-12-20 17:22:56 +0100
committerWladimir J. van der Laan <laanwj@gmail.com>2017-12-20 18:00:32 +0100
commit79399c8cd0b6030034eea5feed3a7523e369b256 (patch)
tree4a362d4c2b81badfe94c9f38d730e8e098882ef4 /src/script
parentbc66765144296f10ec8f9c9a437e74f22c70d235 (diff)
parent63179d028347bf3e32c7ea61386df4c44307b4a7 (diff)
Merge #10657: Utils: Improvements to ECDSA key-handling code
63179d0 Scope the ECDSA constant sizes to CPubKey / CKey classes (Jack Grigg) 1ce9f0a Ensure that ECDSA constant sizes are correctly-sized (Jack Grigg) 48abe78 Remove redundant `= 0` initialisations (Jack Grigg) 17fa391 Specify ECDSA constant sizes as constants (Jack Grigg) e4a1086 Update Debian copyright list (Jack Grigg) e181dbe Add comments (Jack Grigg) a3603ac Fix potential overflows in ECDSA DER parsers (Jack Grigg) Pull request description: Mostly trivial, but includes fixes to potential overflows in the ECDSA DER parsers. Cherry-picked from Zcash PR https://github.com/zcash/zcash/pull/2335 Tree-SHA512: 8fcbd51b0bd6723e5d33fa5d592f7cb68ed182796a9b837ecc8217991ad69d6c970258617dc00eb378c8caa4cec5d6b304d9d2c066acd40cda98e4da68e0caa4
Diffstat (limited to 'src/script')
-rw-r--r--src/script/interpreter.cpp6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp
index 3c3f92fe46..62042e8e70 100644
--- a/src/script/interpreter.cpp
+++ b/src/script/interpreter.cpp
@@ -173,7 +173,13 @@ bool static IsLowDERSignature(const valtype &vchSig, ScriptError* serror) {
if (!IsValidSignatureEncoding(vchSig)) {
return set_error(serror, SCRIPT_ERR_SIG_DER);
}
+ // https://bitcoin.stackexchange.com/a/12556:
+ // Also note that inside transaction signatures, an extra hashtype byte
+ // follows the actual signature data.
std::vector<unsigned char> vchSigCopy(vchSig.begin(), vchSig.begin() + vchSig.size() - 1);
+ // If the S value is above the order of the curve divided by two, its
+ // complement modulo the order could have been used instead, which is
+ // one byte shorter when encoded correctly.
if (!CPubKey::CheckLowS(vchSigCopy)) {
return set_error(serror, SCRIPT_ERR_SIG_HIGH_S);
}