Browse Source

Merge pull request #5634

8dccba6 fail immediately on an empty signature (Cory Fields)
dad7764 depends: bump openssl to 1.0.1k (Cory Fields)
488ed32 consensus: guard against openssl's new strict DER checks (Cory Fields)
0.13
Gregory Maxwell 10 years ago
parent
commit
4f73a8f64d
No known key found for this signature in database
GPG Key ID: EAB5AF94D9E9ABE7
  1. 4
      depends/packages/openssl.mk
  2. 19
      src/ecwrapper.cpp

4
depends/packages/openssl.mk

@ -1,8 +1,8 @@
package=openssl package=openssl
$(package)_version=1.0.1j $(package)_version=1.0.1k
$(package)_download_path=https://www.openssl.org/source $(package)_download_path=https://www.openssl.org/source
$(package)_file_name=$(package)-$($(package)_version).tar.gz $(package)_file_name=$(package)-$($(package)_version).tar.gz
$(package)_sha256_hash=1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3 $(package)_sha256_hash=8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c
define $(package)_set_vars define $(package)_set_vars
$(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)" $(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)"

19
src/ecwrapper.cpp

@ -117,10 +117,23 @@ bool CECKey::SetPubKey(const unsigned char* pubkey, size_t size) {
} }
bool CECKey::Verify(const uint256 &hash, const std::vector<unsigned char>& vchSig) { bool CECKey::Verify(const uint256 &hash, const std::vector<unsigned char>& vchSig) {
// -1 = error, 0 = bad sig, 1 = good if (vchSig.empty())
if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1)
return false; return false;
return true;
// New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first.
unsigned char *norm_der = NULL;
ECDSA_SIG *norm_sig = ECDSA_SIG_new();
const unsigned char* sigptr = &vchSig[0];
d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size());
int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der);
ECDSA_SIG_free(norm_sig);
if (derlen <= 0)
return false;
// -1 = error, 0 = bad sig, 1 = good
bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1;
OPENSSL_free(norm_der);
return ret;
} }
bool CECKey::Recover(const uint256 &hash, const unsigned char *p64, int rec) bool CECKey::Recover(const uint256 &hash, const unsigned char *p64, int rec)

Loading…
Cancel
Save