Merge pull request #5634

8dccba6 fail immediately on an empty signature (Cory Fields)
dad7764 depends: bump openssl to 1.0.1k (Cory Fields)
488ed32 consensus: guard against openssl's new strict DER checks (Cory Fields)
This commit is contained in:
Gregory Maxwell 2015-01-09 19:56:28 -08:00
commit 4f73a8f64d
No known key found for this signature in database
GPG key ID: EAB5AF94D9E9ABE7
2 changed files with 18 additions and 5 deletions

View file

@ -1,8 +1,8 @@
package=openssl
$(package)_version=1.0.1j
$(package)_version=1.0.1k
$(package)_download_path=https://www.openssl.org/source
$(package)_file_name=$(package)-$($(package)_version).tar.gz
$(package)_sha256_hash=1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3
$(package)_sha256_hash=8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c
define $(package)_set_vars
$(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)"

View file

@ -117,10 +117,23 @@ bool CECKey::SetPubKey(const unsigned char* pubkey, size_t size) {
}
bool CECKey::Verify(const uint256 &hash, const std::vector<unsigned char>& vchSig) {
// -1 = error, 0 = bad sig, 1 = good
if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1)
if (vchSig.empty())
return false;
return true;
// New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first.
unsigned char *norm_der = NULL;
ECDSA_SIG *norm_sig = ECDSA_SIG_new();
const unsigned char* sigptr = &vchSig[0];
d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size());
int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der);
ECDSA_SIG_free(norm_sig);
if (derlen <= 0)
return false;
// -1 = error, 0 = bad sig, 1 = good
bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1;
OPENSSL_free(norm_der);
return ret;
}
bool CECKey::Recover(const uint256 &hash, const unsigned char *p64, int rec)