Make empty byte arrays pass CheckSignatureEncoding() #5627
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Makes it possible to compactly provide a delibrately invalid signature for use with CHECK(MULTI)SIG. For instance with BIP19 if m != n invalid signatures need to be provided in the scriptSig; prior to this change those invalid signatures would need to be large DER-encoded signatures. Note that we may want to further expand on this change in the future by saying that only OP_0 is a "valid" invalid signature; BIP19 even with this change is inherently malleable as the invalid signatures can be any validly encoded DER signature.
petertodd
force-pushed
the
bip62-compact-validly-encoded-invalid-sigs
branch
from
96e7c1e to
2fa9a8e
Compare
Contributor
Author
There was a problem hiding this comment.
I'm not 100% clear on why this code was duplicated; the next lines are identical but with "OP_0 << OP_1" rather than "OP_0 << OP_0". I believe this was just exercising different ways of failing the DER encoding, so I removed the way that is now valid.
Contributor
Author
|
See also the corresponding pull-req to BIP62: bitcoin/bips#132 |
Member
|
ACK |
1 similar comment
Contributor
|
ACK |
laanwj
added a commit
that referenced
this pull request
Jan 26, 2015
2fa9a8e Make empty byte arrays pass CheckSignatureEncoding() (Peter Todd)
laanwj
pushed a commit
that referenced
this pull request
Jan 26, 2015
Makes it possible to compactly provide a delibrately invalid signature for use with CHECK(MULTI)SIG. For instance with BIP19 if m != n invalid signatures need to be provided in the scriptSig; prior to this change those invalid signatures would need to be large DER-encoded signatures. Note that we may want to further expand on this change in the future by saying that only OP_0 is a "valid" invalid signature; BIP19 even with this change is inherently malleable as the invalid signatures can be any validly encoded DER signature. Rebased-From: 2fa9a8e Github-Pull: #5627
Member
|
backported into 0.10 as b24ff47 |
reddink
pushed a commit
to reddcoin-project/reddcoin-3.10
that referenced
this pull request
May 27, 2020
Makes it possible to compactly provide a delibrately invalid signature for use with CHECK(MULTI)SIG. For instance with BIP19 if m != n invalid signatures need to be provided in the scriptSig; prior to this change those invalid signatures would need to be large DER-encoded signatures. Note that we may want to further expand on this change in the future by saying that only OP_0 is a "valid" invalid signature; BIP19 even with this change is inherently malleable as the invalid signatures can be any validly encoded DER signature. Rebased-From: 2fa9a8e Github-Pull: bitcoin#5627 (cherry picked from commit b24ff47)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Makes it possible to compactly provide a delibrately invalid signature for use with CHECK(MULTI)SIG. For instance with BIP19 if m != n invalid signatures need to be provided in the scriptSig; prior to this change those invalid signatures would need to be large DER-encoded signatures.
Note that we may want to further expand on this change in the future by saying that only OP_0 is a "valid" invalid signature; BIP19 even with this change is inherently malleable as the invalid signatures can be any validly encoded DER signature.
CC: @sipa