diff options
-rw-r--r-- | src/key.cpp | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/src/key.cpp b/src/key.cpp index 85dc9cda2b..8ef1c414c4 100644 --- a/src/key.cpp +++ b/src/key.cpp @@ -199,17 +199,19 @@ public: ECDSA_SIG *sig = ECDSA_do_sign((unsigned char*)&hash, sizeof(hash), pkey); if (sig == NULL) return false; - if (BN_is_odd(sig->s)) { - // enforce even S values, by negating the value (modulo the order) if odd - BN_CTX *ctx = BN_CTX_new(); - BN_CTX_start(ctx); - const EC_GROUP *group = EC_KEY_get0_group(pkey); - BIGNUM *order = BN_CTX_get(ctx); - EC_GROUP_get_order(group, order, ctx); + BN_CTX *ctx = BN_CTX_new(); + BN_CTX_start(ctx); + const EC_GROUP *group = EC_KEY_get0_group(pkey); + BIGNUM *order = BN_CTX_get(ctx); + BIGNUM *halforder = BN_CTX_get(ctx); + EC_GROUP_get_order(group, order, ctx); + BN_rshift1(halforder, order); + if (BN_cmp(sig->s, halforder) > 0) { + // enforce low S values, by negating the value (modulo the order) if above order/2. BN_sub(sig->s, order, sig->s); - BN_CTX_end(ctx); - BN_CTX_free(ctx); } + BN_CTX_end(ctx); + BN_CTX_free(ctx); unsigned int nSize = ECDSA_size(pkey); vchSig.resize(nSize); // Make sure it is big enough unsigned char *pos = &vchSig[0]; |