blueness 15/01/10 17:19:55 Added: 0.9-openssl-101k.patch 0.8-openssl-101k.patch Log: Version bump for bug #536228 (Portage version: 2.2.14/cvs/Linux x86_64, signed Manifest commit with key 0xF52D4BBA)
Revision Changes Path 1.1 net-p2p/bitcoin-qt/files/0.9-openssl-101k.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-p2p/bitcoin-qt/files/0.9-openssl-101k.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-p2p/bitcoin-qt/files/0.9-openssl-101k.patch?rev=1.1&content-type=text/plain Index: 0.9-openssl-101k.patch =================================================================== diff --git a/src/key.cpp b/src/key.cpp index 5b261bb..a845ba1 100644 --- a/src/key.cpp +++ b/src/key.cpp @@ -227,10 +227,23 @@ public: } bool Verify(const uint256 &hash, const std::vector<unsigned char>& vchSig) { - // -1 = error, 0 = bad sig, 1 = good - if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1) + if (vchSig.empty()) return false; - return true; + + // New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first. + unsigned char *norm_der = NULL; + ECDSA_SIG *norm_sig = ECDSA_SIG_new(); + const unsigned char* sigptr = &vchSig[0]; + d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()); + int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der); + ECDSA_SIG_free(norm_sig); + if (derlen <= 0) + return false; + + // -1 = error, 0 = bad sig, 1 = good + bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1; + OPENSSL_free(norm_der); + return ret; } bool SignCompact(const uint256 &hash, unsigned char *p64, int &rec) { 1.1 net-p2p/bitcoin-qt/files/0.8-openssl-101k.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-p2p/bitcoin-qt/files/0.8-openssl-101k.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-p2p/bitcoin-qt/files/0.8-openssl-101k.patch?rev=1.1&content-type=text/plain Index: 0.8-openssl-101k.patch =================================================================== diff --git a/src/key.cpp b/src/key.cpp index 75114c6..7fcb17d 100644 --- a/src/key.cpp +++ b/src/key.cpp @@ -376,11 +376,23 @@ bool CKey::SetCompactSignature(uint256 hash, const std::vector<unsigned char>& v bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSig) { - // -1 = error, 0 = bad sig, 1 = good - if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1) + if (vchSig.empty()) return false; - return true; + // New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first. + unsigned char *norm_der = NULL; + ECDSA_SIG *norm_sig = ECDSA_SIG_new(); + const unsigned char* sigptr = &vchSig[0]; + d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()); + int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der); + ECDSA_SIG_free(norm_sig); + if (derlen <= 0) + return false; + + // -1 = error, 0 = bad sig, 1 = good + bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1; + OPENSSL_free(norm_der); + return ret; } bool CKey::VerifyCompact(uint256 hash, const std::vector<unsigned char>& vchSig)
