📅 Original date posted:2015-01-21
📝 Original message:Pieter Wuille <pieter.wuille at gmail.com> writes:
> Hello everyone,
>
> We've been aware of the risk of depending on OpenSSL for consensus
> rules for a while, and were trying to get rid of this as part of BIP
> 62 (malleability protection), which was however postponed due to
> unforeseen complexities. The recent evens (see the thread titled
> "OpenSSL 1.0.0p / 1.0.1k incompatible, causes blockchain rejection."
> on this mailing list) have made it clear that the problem is very
> real, however, and I would prefer to have a fundamental solution for
> it sooner rather than later.
>
> I therefore propose a softfork to make non-DER signatures illegal
> (they've been non-standard since v0.8.0). A draft BIP text can be
> found on:
>
> https://gist.github.com/sipa/5d12c343746dad376c80
Cut and paste bug in the last check:
// Null bytes at the start of R are not allowed, unless it would otherwise be
// interpreted as a negative number.
if (lenS > 1 && (sig[lenR + 6] == 0x00) && !(sig[lenR + 7] & 0x80))
return false;
You mean "null bytes at the start of S".
Cheers,
Rusty.
Rusty Russell [ARCHIVE] /
npub1zw…hkhpx
2023-06-07 15:28:51
in reply to nevent1q…rmau
Author Public Key
npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpxPublished at
2023-06-07 15:28:51Event JSON
{
"id": "381c94393ca074f5454f688d978baf2b719d03f07376325b6b9dfd6e40f4dd92",
"pubkey": "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425",
"created_at": 1686151731,
"kind": 1,
"tags": [
[
"e",
"43498997aaf69cc28c108f60f2a0a9a1eeab544cf4e7f9ece35a133ac15cb4c1",
"",
"root"
],
[
"e",
"71b9280ccc108db0667d0e8fc1b0fd435704931c2b1240dd28e2af0754d4d9dc",
"",
"reply"
],
[
"p",
"5cb21bf5d7f25a9d46879713cbd32433bbc10e40ef813a3c28fe7355f49854d6"
]
],
"content": "📅 Original date posted:2015-01-21\n📝 Original message:Pieter Wuille \u003cpieter.wuille at gmail.com\u003e writes:\n\u003e Hello everyone,\n\u003e\n\u003e We've been aware of the risk of depending on OpenSSL for consensus\n\u003e rules for a while, and were trying to get rid of this as part of BIP\n\u003e 62 (malleability protection), which was however postponed due to\n\u003e unforeseen complexities. The recent evens (see the thread titled\n\u003e \"OpenSSL 1.0.0p / 1.0.1k incompatible, causes blockchain rejection.\"\n\u003e on this mailing list) have made it clear that the problem is very\n\u003e real, however, and I would prefer to have a fundamental solution for\n\u003e it sooner rather than later.\n\u003e\n\u003e I therefore propose a softfork to make non-DER signatures illegal\n\u003e (they've been non-standard since v0.8.0). A draft BIP text can be\n\u003e found on:\n\u003e\n\u003e https://gist.github.com/sipa/5d12c343746dad376c80\n\nCut and paste bug in the last check:\n\n// Null bytes at the start of R are not allowed, unless it would otherwise be\n// interpreted as a negative number.\n if (lenS \u003e 1 \u0026\u0026 (sig[lenR + 6] == 0x00) \u0026\u0026 !(sig[lenR + 7] \u0026 0x80))\n return false;\n\nYou mean \"null bytes at the start of S\".\n\nCheers,\nRusty.",
"sig": "076f5ebd05ab214715fd7e43c8d587d97e0be5e78786239029d633f43e28493c79596d9e65282a8c46b70c9d9437ea593a60ee99bd06ed860e200a79a4985dde"
}