📅 Original date posted:2015-01-21 📝 Original message:Pieter Wuille ...

Rusty Russell [ARCHIVE] /

npub1zw7…khpx

2023-06-07 15:28:51

in reply to nevent1q…rmau

📅 Original date posted:2015-01-21
📝 Original message:Pieter Wuille <pieter.wuille at gmail.com> writes:
> Hello everyone,
>
> We've been aware of the risk of depending on OpenSSL for consensus
> rules for a while, and were trying to get rid of this as part of BIP
> 62 (malleability protection), which was however postponed due to
> unforeseen complexities. The recent evens (see the thread titled
> "OpenSSL 1.0.0p / 1.0.1k incompatible, causes blockchain rejection."
> on this mailing list) have made it clear that the problem is very
> real, however, and I would prefer to have a fundamental solution for
> it sooner rather than later.
>
> I therefore propose a softfork to make non-DER signatures illegal
> (they've been non-standard since v0.8.0). A draft BIP text can be
> found on:
>
> https://gist.github.com/sipa/5d12c343746dad376c80

Cut and paste bug in the last check:

// Null bytes at the start of R are not allowed, unless it would otherwise be
// interpreted as a negative number.
if (lenS > 1 && (sig[lenR + 6] == 0x00) && !(sig[lenR + 7] & 0x80))
return false;

You mean "null bytes at the start of S".

Cheers,
Rusty.

Author Public Key

npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpx

Show more details

Published at

2023-06-07 15:28:51

Kind type

1 Short Text Note

Event JSON

{ "id": "381c94393ca074f5454f688d978baf2b719d03f07376325b6b9dfd6e40f4dd92", "pubkey": "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425", "created_at": 1686151731, "kind": 1, "tags": [ [ "e", "43498997aaf69cc28c108f60f2a0a9a1eeab544cf4e7f9ece35a133ac15cb4c1", "", "root" ], [ "e", "71b9280ccc108db0667d0e8fc1b0fd435704931c2b1240dd28e2af0754d4d9dc", "", "reply" ], [ "p", "5cb21bf5d7f25a9d46879713cbd32433bbc10e40ef813a3c28fe7355f49854d6" ] ], "content": "📅 Original date posted:2015-01-21\n📝 Original message:Pieter Wuille \u003cpieter.wuille at gmail.com\u003e writes:\n\u003e Hello everyone,\n\u003e\n\u003e We've been aware of the risk of depending on OpenSSL for consensus\n\u003e rules for a while, and were trying to get rid of this as part of BIP\n\u003e 62 (malleability protection), which was however postponed due to\n\u003e unforeseen complexities. The recent evens (see the thread titled\n\u003e \"OpenSSL 1.0.0p / 1.0.1k incompatible, causes blockchain rejection.\"\n\u003e on this mailing list) have made it clear that the problem is very\n\u003e real, however, and I would prefer to have a fundamental solution for\n\u003e it sooner rather than later.\n\u003e\n\u003e I therefore propose a softfork to make non-DER signatures illegal\n\u003e (they've been non-standard since v0.8.0). A draft BIP text can be\n\u003e found on:\n\u003e\n\u003e https://gist.github.com/sipa/5d12c343746dad376c80\n\nCut and paste bug in the last check:\n\n// Null bytes at the start of R are not allowed, unless it would otherwise be\n// interpreted as a negative number.\n if (lenS \u003e 1 \u0026\u0026 (sig[lenR + 6] == 0x00) \u0026\u0026 !(sig[lenR + 7] \u0026 0x80))\n return false;\n\nYou mean \"null bytes at the start of S\".\n\nCheers,\nRusty.", "sig": "076f5ebd05ab214715fd7e43c8d587d97e0be5e78786239029d633f43e28493c79596d9e65282a8c46b70c9d9437ea593a60ee99bd06ed860e200a79a4985dde" }