From 0aaa2c6347fd3d87f547d8b1d0d7844860d4b38a Mon Sep 17 00:00:00 2001
From: Stefan Thomas <justmoon@members.fsf.org>
Date: Fri, 17 Aug 2012 01:50:29 +0200
Subject: [PATCH] Fix calcPubkeyRecoveryParam - must verify pubkey correctness.

---
 src/ecdsa.js   | 5 +++--
 src/message.js | 3 ++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/ecdsa.js b/src/ecdsa.js
index 2ce2b83..a41d0b2 100644
--- a/src/ecdsa.js
+++ b/src/ecdsa.js
@@ -457,11 +457,12 @@ Bitcoin.ECDSA = (function () {
      * This function simply tries all four cases and returns the value
      * that resulted in a successful pubkey recovery.
      */
-    calcPubkeyRecoveryParam: function (r, s, hash)
+    calcPubkeyRecoveryParam: function (address, r, s, hash)
     {
       for (var i = 0; i < 4; i++) {
         try {
-          if (Bitcoin.ECDSA.recoverPubKey(r, s, hash, i)) {
+          var pubkey = Bitcoin.ECDSA.recoverPubKey(r, s, hash, i);
+          if (pubkey.getBitcoinAddress().toString() == address) {
             return i;
           }
         } catch (e) {}
diff --git a/src/message.js b/src/message.js
index 57ef6e0..8aa6e9c 100644
--- a/src/message.js
+++ b/src/message.js
@@ -31,7 +31,8 @@ Bitcoin.Message = (function () {
 
     var obj = Bitcoin.ECDSA.parseSig(sig);
 
-    var i = Bitcoin.ECDSA.calcPubkeyRecoveryParam(obj.r, obj.s, hash);
+    var address = key.getBitcoinAddress().toString();
+    var i = Bitcoin.ECDSA.calcPubkeyRecoveryParam(address, obj.r, obj.s, hash);
 
     i += 27;
     if (compressed) i += 4;