Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YE8CG-00012b-3b for bitcoin-development@lists.sourceforge.net; Thu, 22 Jan 2015 03:12:40 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.212.169 as permitted sender) client-ip=209.85.212.169; envelope-from=david.vorick@gmail.com; helo=mail-wi0-f169.google.com; Received: from mail-wi0-f169.google.com ([209.85.212.169]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YE8CD-0003Ua-5L for bitcoin-development@lists.sourceforge.net; Thu, 22 Jan 2015 03:12:40 +0000 Received: by mail-wi0-f169.google.com with SMTP id bs8so37581119wib.0 for ; Wed, 21 Jan 2015 19:12:31 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.180.8.169 with SMTP id s9mr694361wia.72.1421896351174; Wed, 21 Jan 2015 19:12:31 -0800 (PST) Received: by 10.27.10.12 with HTTP; Wed, 21 Jan 2015 19:12:31 -0800 (PST) In-Reply-To: <87egqnwt7g.fsf@rustcorp.com.au> References: <87egqnwt7g.fsf@rustcorp.com.au> Date: Wed, 21 Jan 2015 22:12:31 -0500 Message-ID: From: David Vorick Cc: Bitcoin Dev Content-Type: multipart/alternative; boundary=f46d04430682eb53f0050d350a13 X-Spam-Score: 2.9 (++) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (david.vorick[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.2 MISSING_HEADERS Missing To: header 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 2.2 MALFORMED_FREEMAIL Bad headers on message from free email service X-Headers-End: 1YE8CD-0003Ua-5L Subject: Re: [Bitcoin-development] [softfork proposal] Strict DER signatures X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jan 2015 03:12:40 -0000 --f46d04430682eb53f0050d350a13 Content-Type: text/plain; charset=UTF-8 Seems like a good change to me. On Wed, Jan 21, 2015 at 7:32 PM, Rusty Russell wrote: > Pieter Wuille writes: > > Hello everyone, > > > > We've been aware of the risk of depending on OpenSSL for consensus > > rules for a while, and were trying to get rid of this as part of BIP > > 62 (malleability protection), which was however postponed due to > > unforeseen complexities. The recent evens (see the thread titled > > "OpenSSL 1.0.0p / 1.0.1k incompatible, causes blockchain rejection." > > on this mailing list) have made it clear that the problem is very > > real, however, and I would prefer to have a fundamental solution for > > it sooner rather than later. > > OK, I worked up a clearer (but more verbose) version with fewer > magic numbers. More importantly, feel free to steal the test cases. > > One weirdness is the restriction on maximum total length, rather than a > 32 byte (33 with 0-prepad) limit on signatures themselves. > > Apologies for my babytalk C++. Am sure there's a neater way. > > /* Licensed under Creative Commons zero (public domain). */ > #include > #include > #include > > #ifdef CLARIFY > bool ConsumeByte(const std::vector &sig, size_t &off, > unsigned int &val) > { > if (off >= sig.size()) return false; > > val = sig[off++]; > return true; > } > > bool ConsumeTypeByte(const std::vector &sig, size_t &off, > unsigned int t) > { > unsigned int type; > if (!ConsumeByte(sig, off, type)) return false; > > return (type == t); > } > > bool ConsumeNonZeroLength(const std::vector &sig, size_t > &off, > unsigned int &len) > { > if (!ConsumeByte(sig, off, len)) return false; > > // Zero-length integers are not allowed. > return (len != 0); > } > > bool ConsumeNumber(const std::vector &sig, size_t &off, > unsigned int len) > { > // Length of number should be within signature. > if (off + len > sig.size()) return false; > > // Negative numbers are not allowed. > if (sig[off] & 0x80) return false; > > // Zero bytes at the start are not allowed, unless it would > // otherwise be interpreted as a negative number. > if (len > 1 && (sig[off] == 0x00) && !(sig[off+1] & 0x80)) return > false; > > // Consume number itself. > off += len; > return true; > } > > // Consume a DER encoded integer, update off if successful. > bool ConsumeDERInteger(const std::vector &sig, size_t &off) > { > unsigned int len; > > // Type byte must be "integer" > if (!ConsumeTypeByte(sig, off, 0x02)) return false; > if (!ConsumeNonZeroLength(sig, off, len)) return false; > // Now the BE encoded value itself. > if (!ConsumeNumber(sig, off, len)) return false; > > return true; > } > > bool IsValidSignatureEncoding(const std::vector &sig) { > // Format: 0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-length] [S] > [sighash] > // * total-length: 1-byte length descriptor of everything that follows, > // excluding the sighash byte. > // * R-length: 1-byte length descriptor of the R value that follows. > // * R: arbitrary-length big-endian encoded R value. It cannot start > with any > // null bytes, unless the first byte that follows is 0x80 or > higher, in which > // case a single null byte is required. > // * S-length: 1-byte length descriptor of the S value that follows. > // * S: arbitrary-length big-endian encoded S value. The same rules > apply. > // * sighash: 1-byte value indicating what data is hashed. > > // Accept empty signature as correctly encoded (but invalid) signature, > // even though it is not strictly DER. > if (sig.size() == 0) return true; > > // Maximum size constraint. > if (sig.size() > 73) return false; > > size_t off = 0; > > // A signature is of type "compound". > if (!ConsumeTypeByte(sig, off, 0x30)) return false; > > unsigned int len; > if (!ConsumeNonZeroLength(sig, off, len)) return false; > > // Make sure the length covers the rest (except sighash). > if (len + 1 != sig.size() - off) return false; > > // Check R value. > if (!ConsumeDERInteger(sig, off)) return false; > > // Check S value. > if (!ConsumeDERInteger(sig, off)) return false; > > // There should exactly one byte left (the sighash). > return off + 1 == sig.size() ? true : false; > } > #else > bool IsValidSignatureEncoding(const std::vector &sig) { > // Format: 0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-length] [S] > [sighash] > // * total-length: 1-byte length descriptor of everything that follows, > // excluding the sighash byte. > // * R-length: 1-byte length descriptor of the R value that follows. > // * R: arbitrary-length big-endian encoded R value. It must use the > shortest > // possible encoding for a positive integers (which means no null > bytes at > // the start, except a single one when the next byte has its > highest bit set). > // * S-length: 1-byte length descriptor of the S value that follows. > // * S: arbitrary-length big-endian encoded S value. The same rules > apply. > // * sighash: 1-byte value indicating what data is hashed (not part of > the DER > // signature) > > // Accept empty signature as correctly encoded (but invalid) signature, > // even though it is not strictly DER. This avoids needing full DER > signatures > // in places where any invalid signature would do. Given that the > empty string is > // always invalid as signature, this is safe. > if (sig.size() == 0) return true; > > // Minimum and maximum size constraints. > if (sig.size() < 9) return false; > if (sig.size() > 73) return false; > > // A signature is of type 0x30 (compound). > if (sig[0] != 0x30) return false; > > // Make sure the length covers the entire signature. > if (sig[1] != sig.size() - 3) return false; > > // Extract the length of the R element. > unsigned int lenR = sig[3]; > > // Make sure the length of the S element is still inside the signature. > if (5 + lenR >= sig.size()) return false; > > // Extract the length of the S element. > unsigned int lenS = sig[5 + lenR]; > > // Verify that the length of the signature matches the sum of the > length > // of the elements. > if ((size_t)(lenR + lenS + 7) != sig.size()) return false; > > // Check whether the R element is an integer. > if (sig[2] != 0x02) return false; > > // Zero-length integers are not allowed for R. > if (lenR == 0) return false; > > // Negative numbers are not allowed for R. > if (sig[4] & 0x80) return false; > > // Null bytes at the start of R are not allowed, unless R would > // otherwise be interpreted as a negative number. > if (lenR > 1 && (sig[4] == 0x00) && !(sig[5] & 0x80)) return false; > > // Check whether the S element is an integer. > if (sig[lenR + 4] != 0x02) return false; > > // Zero-length integers are not allowed for S. > if (lenS == 0) return false; > > // Negative numbers are not allowed for S. > if (sig[lenR + 6] & 0x80) return false; > > // Null bytes at the start of S are not allowed, unless S would > otherwise be > // interpreted as a negative number. > if (lenS > 1 && (sig[lenR + 6] == 0x00) && !(sig[lenR + 7] & 0x80)) > return false; > > return true; > } > #endif > > #define COMPOUND 0x30 > #define NOT_COMPOUND 0x31 > > // Len gets adjusted by check() to be actual length with this offset. > #define LEN_OK 0 > #define LEN_TOO_BIG 1 > #define LEN_TOO_SMALL 0xff > > #define INT 0x02 > #define NOT_INT 0x03 > > #define MINIMAL_SIGLEN 1 > #define MINIMAL_SIGVAL 0x0 > > #define NORMAL_SIGLEN 32 > #define NORMAL_SIGVAL(S) S, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, \ > 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, \ > 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, \ > 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f > > // 33 bytes is possible, with 0 prepended. > #define MAXIMAL_SIGLEN 33 > #define MAXIMAL_SIGVAL(S) NORMAL_SIGVAL(S), 0x20 > > #define OVERSIZE_SIGLEN 34 > #define OVERSIZE_SIGVAL(S) MAXIMAL_SIGVAL(S), 0x21 > > #define ZEROPAD_SIGLEN (1 + NORMAL_SIGLEN) > #define ZEROPAD_SIGVAL(S) 00, NORMAL_SIGVAL(S) > > #define SIGHASH 0xf0 > > static bool check(const std::vector &sig) > { > std::vector fixed = sig; > > // Fixup length > if (fixed.size() > 1) > fixed[1] += fixed.size() - 3; > return IsValidSignatureEncoding(fixed); > } > > #define good(arr) assert(check(std::vector(arr, > arr+sizeof(arr)))) > #define bad(arr) assert(!check(std::vector(arr, > arr+sizeof(arr)))) > > // The OK cases. > static unsigned char zerolen[] = { }; > static unsigned char normal[] = { COMPOUND, LEN_OK, > INT, NORMAL_SIGLEN, NORMAL_SIGVAL(0x1), > INT, NORMAL_SIGLEN, NORMAL_SIGVAL(0x2), > SIGHASH }; > static unsigned char min_r[] = { COMPOUND, LEN_OK, > INT, MINIMAL_SIGLEN, MINIMAL_SIGVAL, > INT, NORMAL_SIGLEN, NORMAL_SIGVAL(0x2), > SIGHASH }; > static unsigned char min_s[] = { COMPOUND, LEN_OK, > INT, NORMAL_SIGLEN, NORMAL_SIGVAL(0x1), > INT, MINIMAL_SIGLEN, MINIMAL_SIGVAL, > SIGHASH }; > static unsigned char max_r[] = { COMPOUND, LEN_OK, > INT, MAXIMAL_SIGLEN, MAXIMAL_SIGVAL(0x1), > INT, NORMAL_SIGLEN, NORMAL_SIGVAL(0x2), > SIGHASH }; > static unsigned char max_s[] = { COMPOUND, LEN_OK, > INT, NORMAL_SIGLEN, NORMAL_SIGVAL(0x1), > INT, MAXIMAL_SIGLEN, MAXIMAL_SIGVAL(0x2), > SIGHASH }; > // As long as total size doesn't go over, a single sig is allowed > 33 > bytes > static unsigned char wierd_s_len[] = { COMPOUND, LEN_OK, > INT, OVERSIZE_SIGLEN, > OVERSIZE_SIGVAL(0x1), > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x2), > SIGHASH }; > static unsigned char wierd_r_len[] = { COMPOUND, LEN_OK, > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x1), > INT, OVERSIZE_SIGLEN, > OVERSIZE_SIGVAL(0x2), > SIGHASH }; > static unsigned char zeropad_s[] = { COMPOUND, LEN_OK, > INT, ZEROPAD_SIGLEN, > ZEROPAD_SIGVAL(0x81), > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x2), > SIGHASH }; > static unsigned char zeropad_r[] = { COMPOUND, LEN_OK, > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x1), > INT, ZEROPAD_SIGLEN, > ZEROPAD_SIGVAL(0x82), > SIGHASH }; > > > // The fail cases. > static unsigned char not_compound[] = { NOT_COMPOUND, LEN_OK, > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x1), > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x2), > SIGHASH }; > static unsigned char short_len[] = { COMPOUND, LEN_TOO_SMALL, > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x1), > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x2), > SIGHASH }; > static unsigned char long_len[] = { COMPOUND, LEN_TOO_BIG, > INT, NORMAL_SIGLEN, NORMAL_SIGVAL(0x1), > INT, NORMAL_SIGLEN, NORMAL_SIGVAL(0x2), > SIGHASH }; > static unsigned char r_notint[] = { COMPOUND, LEN_OK, > NOT_INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x1), > INT, NORMAL_SIGLEN, NORMAL_SIGVAL(0x2), > SIGHASH }; > static unsigned char s_notint[] = { COMPOUND, LEN_OK, > INT, NORMAL_SIGLEN, NORMAL_SIGVAL(0x1), > NOT_INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x2), > SIGHASH }; > static unsigned char s_oversig[] = { COMPOUND, LEN_OK, > INT, OVERSIZE_SIGLEN, > OVERSIZE_SIGVAL(0x1), > INT, MAXIMAL_SIGLEN, > MAXIMAL_SIGVAL(0x2), > SIGHASH }; > static unsigned char r_oversig[] = { COMPOUND, LEN_OK, > INT, MAXIMAL_SIGLEN, > MAXIMAL_SIGVAL(0x1), > INT, OVERSIZE_SIGLEN, > OVERSIZE_SIGVAL(0x2), > SIGHASH }; > static unsigned char s_negative[] = { COMPOUND, LEN_OK, > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x81), > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x2), > SIGHASH }; > static unsigned char r_negative[] = { COMPOUND, LEN_OK, > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x1), > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x82), > SIGHASH }; > static unsigned char zeropad_bad_s[] = { COMPOUND, LEN_OK, > INT, ZEROPAD_SIGLEN, > ZEROPAD_SIGVAL(0x1), > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x2), > SIGHASH }; > static unsigned char zeropad_bad_r[] = { COMPOUND, LEN_OK, > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x1), > INT, ZEROPAD_SIGLEN, > ZEROPAD_SIGVAL(0x2), > SIGHASH }; > static unsigned char missing_sighash[] = { COMPOUND, LEN_OK, > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x1), > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x2) }; > static unsigned char extra_byte[] = { COMPOUND, LEN_OK, > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x1), > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x2), > SIGHASH, 0 }; > > // Bad signature lengths > static unsigned char zerolen_r[] = { COMPOUND, LEN_OK, > INT, 0, > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x2), > SIGHASH }; > static unsigned char zerolen_s[] = { COMPOUND, LEN_OK, > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x1), > INT, 0, > SIGHASH }; > static unsigned char overlen_r_by_1[] = { COMPOUND, LEN_OK, > INT, NORMAL_SIGLEN + 1 + 1 + > NORMAL_SIGLEN + 1 + 1, NORMAL_SIGVAL(0x1), > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x2), > SIGHASH }; > static unsigned char overlen_s_by_1[] = { COMPOUND, LEN_OK, > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x1), > INT, NORMAL_SIGLEN+1+1, > NORMAL_SIGVAL(0x2), > SIGHASH }; > static unsigned char underlen_r_by_1[] = { COMPOUND, LEN_OK, > INT, NORMAL_SIGLEN-1, > NORMAL_SIGVAL(0x1), > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x2), > SIGHASH }; > static unsigned char underlen_s_by_1[] = { COMPOUND, LEN_OK, > INT, NORMAL_SIGLEN, > NORMAL_SIGVAL(0x1), > INT, NORMAL_SIGLEN-1, > NORMAL_SIGVAL(0x2), > SIGHASH }; > > int main() > { > good(zerolen); > good(normal); > good(min_r); > good(min_s); > good(max_r); > good(max_s); > good(wierd_s_len); > good(wierd_r_len); > good(zeropad_s); > good(zeropad_r); > > // Try different amounts of truncation. > for (size_t i = 1; i < sizeof(normal)-1; i++) > assert(!check(std::vector(normal, normal+i))); > > bad(not_compound); > bad(short_len); > bad(long_len); > bad(r_notint); > bad(s_notint); > bad(s_oversig); > bad(r_oversig); > bad(s_negative); > bad(r_negative); > bad(s_negative); > bad(r_negative); > bad(zeropad_bad_s); > bad(zeropad_bad_r); > bad(zerolen_r); > bad(zerolen_s); > bad(overlen_r_by_1); > bad(overlen_s_by_1); > bad(underlen_r_by_1); > bad(underlen_s_by_1); > bad(missing_sighash); > bad(extra_byte); > > return 0; > } > > > > > ------------------------------------------------------------------------------ > New Year. New Location. New Benefits. New Data Center in Ashburn, VA. > GigeNET is offering a free month of service with a new server in Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely compliant. > http://p.sf.net/sfu/gigenet > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > --f46d04430682eb53f0050d350a13 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Seems like a good change to me.

On Wed, Jan 21, 2015 at 7:32 PM, R= usty Russell <rusty@rustcorp.com.au> wrote:
Pieter Wuille <pieter.wuille@gmail.com> writes:
> Hello everyone,
>
> We've been aware of the risk of depending on OpenSSL for consensus=
> rules for a while, and were trying to get rid of this as part of BIP > 62 (malleability protection), which was however postponed due to
> unforeseen complexities. The recent evens (see the thread titled
> "OpenSSL 1.0.0p / 1.0.1k incompatible, causes blockchain rejectio= n."
> on this mailing list) have made it clear that the problem is very
> real, however, and I would prefer to have a fundamental solution for > it sooner rather than later.

OK, I worked up a clearer (but more verbose) version with fewer
magic numbers.=C2=A0 More importantly, feel free to steal the test cases.
One weirdness is the restriction on maximum total length, rather than a
32 byte (33 with 0-prepad) limit on signatures themselves.

Apologies for my babytalk C++.=C2=A0 Am sure there's a neater way.

/* Licensed under Creative Commons zero (public domain). */
#include <vector>
#include <cstdlib>
#include <cassert>

#ifdef CLARIFY
bool ConsumeByte(const std::vector<unsigned char> &sig, size_t &a= mp;off,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0unsigned int = &val)
{
=C2=A0 =C2=A0 if (off >=3D sig.size()) return false;

=C2=A0 =C2=A0 val =3D sig[off++];
=C2=A0 =C2=A0 return true;
}

bool ConsumeTypeByte(const std::vector<unsigned char> &sig, size_= t &off,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0unsigned int t)
{
=C2=A0 =C2=A0 unsigned int type;
=C2=A0 =C2=A0 if (!ConsumeByte(sig, off, type)) return false;

=C2=A0 =C2=A0 return (type =3D=3D t);
}

bool ConsumeNonZeroLength(const std::vector<unsigned char> &sig, = size_t &off,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 unsigned int &len)
{
=C2=A0 =C2=A0 if (!ConsumeByte(sig, off, len)) return false;

=C2=A0 =C2=A0 // Zero-length integers are not allowed.
=C2=A0 =C2=A0 return (len !=3D 0);
}

bool ConsumeNumber(const std::vector<unsigned char> &sig, size_t = &off,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0unsign= ed int len)
{
=C2=A0 =C2=A0 // Length of number should be within signature.
=C2=A0 =C2=A0 if (off + len > sig.size()) return false;

=C2=A0 =C2=A0 // Negative numbers are not allowed.
=C2=A0 =C2=A0 if (sig[off] & 0x80) return false;

=C2=A0 =C2=A0 // Zero bytes at the start are not allowed, unless it would =C2=A0 =C2=A0 // otherwise be interpreted as a negative number.
=C2=A0 =C2=A0 if (len > 1 && (sig[off] =3D=3D 0x00) && != (sig[off+1] & 0x80)) return false;

=C2=A0 =C2=A0 // Consume number itself.
=C2=A0 =C2=A0 off +=3D len;
=C2=A0 =C2=A0 return true;
}

// Consume a DER encoded integer, update off if successful.
bool ConsumeDERInteger(const std::vector<unsigned char> &sig, siz= e_t &off) {
=C2=A0 =C2=A0 unsigned int len;

=C2=A0 =C2=A0 // Type byte must be "integer"
=C2=A0 =C2=A0 if (!ConsumeTypeByte(sig, off, 0x02)) return false;
=C2=A0 =C2=A0 if (!ConsumeNonZeroLength(sig, off, len)) return false;
=C2=A0 =C2=A0 // Now the BE encoded value itself.
=C2=A0 =C2=A0 if (!ConsumeNumber(sig, off, len)) return false;

=C2=A0 =C2=A0 return true;
}

bool IsValidSignatureEncoding(const std::vector<unsigned char> &s= ig) {
=C2=A0 =C2=A0 // Format: 0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-le= ngth] [S] [sighash]
=C2=A0 =C2=A0 // * total-length: 1-byte length descriptor of everything tha= t follows,
=C2=A0 =C2=A0 //=C2=A0 =C2=A0 =C2=A0excluding the sighash byte.
=C2=A0 =C2=A0 // * R-length: 1-byte length descriptor of the R value that f= ollows.
=C2=A0 =C2=A0 // * R: arbitrary-length big-endian encoded R value. It canno= t start with any
=C2=A0 =C2=A0 //=C2=A0 =C2=A0 =C2=A0null bytes, unless the first byte that = follows is 0x80 or higher, in which
=C2=A0 =C2=A0 //=C2=A0 =C2=A0 =C2=A0case a single null byte is required. =C2=A0 =C2=A0 // * S-length: 1-byte length descriptor of the S value that f= ollows.
=C2=A0 =C2=A0 // * S: arbitrary-length big-endian encoded S value. The same= rules apply.
=C2=A0 =C2=A0 // * sighash: 1-byte value indicating what data is hashed.
=C2=A0 =C2=A0 // Accept empty signature as correctly encoded (but invalid) = signature,
=C2=A0 =C2=A0 // even though it is not strictly DER.
=C2=A0 =C2=A0 if (sig.size() =3D=3D 0) return true;

=C2=A0 =C2=A0 // Maximum size constraint.
=C2=A0 =C2=A0 if (sig.size() > 73) return false;

=C2=A0 =C2=A0 size_t off =3D 0;

=C2=A0 =C2=A0 // A signature is of type "compound".
=C2=A0 =C2=A0 if (!ConsumeTypeByte(sig, off, 0x30)) return false;

=C2=A0 =C2=A0 unsigned int len;
=C2=A0 =C2=A0 if (!ConsumeNonZeroLength(sig, off, len)) return false;

=C2=A0 =C2=A0 // Make sure the length covers the rest (except sighash).
=C2=A0 =C2=A0 if (len + 1 !=3D sig.size() - off) return false;

=C2=A0 =C2=A0 // Check R value.
=C2=A0 =C2=A0 if (!ConsumeDERInteger(sig, off)) return false;

=C2=A0 =C2=A0 // Check S value.
=C2=A0 =C2=A0 if (!ConsumeDERInteger(sig, off)) return false;

=C2=A0 =C2=A0 // There should exactly one byte left (the sighash).
=C2=A0 =C2=A0 return off + 1 =3D=3D sig.size() ? true : false;
}
#else
bool IsValidSignatureEncoding(const std::vector<unsigned char> &s= ig) {
=C2=A0 =C2=A0 // Format: 0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-le= ngth] [S] [sighash]
=C2=A0 =C2=A0 // * total-length: 1-byte length descriptor of everything tha= t follows,
=C2=A0 =C2=A0 //=C2=A0 =C2=A0 =C2=A0excluding the sighash byte.
=C2=A0 =C2=A0 // * R-length: 1-byte length descriptor of the R value that f= ollows.
=C2=A0 =C2=A0 // * R: arbitrary-length big-endian encoded R value. It must = use the shortest
=C2=A0 =C2=A0 //=C2=A0 =C2=A0 =C2=A0possible encoding for a positive intege= rs (which means no null bytes at
=C2=A0 =C2=A0 //=C2=A0 =C2=A0 =C2=A0the start, except a single one when the= next byte has its highest bit set).
=C2=A0 =C2=A0 // * S-length: 1-byte length descriptor of the S value that f= ollows.
=C2=A0 =C2=A0 // * S: arbitrary-length big-endian encoded S value. The same= rules apply.
=C2=A0 =C2=A0 // * sighash: 1-byte value indicating what data is hashed (no= t part of the DER
=C2=A0 =C2=A0 //=C2=A0 =C2=A0 =C2=A0signature)

=C2=A0 =C2=A0 // Accept empty signature as correctly encoded (but invalid) = signature,
=C2=A0 =C2=A0 // even though it is not strictly DER. This avoids needing fu= ll DER signatures
=C2=A0 =C2=A0 // in places where any invalid signature would do. Given that= the empty string is
=C2=A0 =C2=A0 // always invalid as signature, this is safe.
=C2=A0 =C2=A0 if (sig.size() =3D=3D 0) return true;

=C2=A0 =C2=A0 // Minimum and maximum size constraints.
=C2=A0 =C2=A0 if (sig.size() < 9) return false;
=C2=A0 =C2=A0 if (sig.size() > 73) return false;

=C2=A0 =C2=A0 // A signature is of type 0x30 (compound).
=C2=A0 =C2=A0 if (sig[0] !=3D 0x30) return false;

=C2=A0 =C2=A0 // Make sure the length covers the entire signature.
=C2=A0 =C2=A0 if (sig[1] !=3D sig.size() - 3) return false;

=C2=A0 =C2=A0 // Extract the length of the R element.
=C2=A0 =C2=A0 unsigned int lenR =3D sig[3];

=C2=A0 =C2=A0 // Make sure the length of the S element is still inside the = signature.
=C2=A0 =C2=A0 if (5 + lenR >=3D sig.size()) return false;

=C2=A0 =C2=A0 // Extract the length of the S element.
=C2=A0 =C2=A0 unsigned int lenS =3D sig[5 + lenR];

=C2=A0 =C2=A0 // Verify that the length of the signature matches the sum of= the length
=C2=A0 =C2=A0 // of the elements.
=C2=A0 =C2=A0 if ((size_t)(lenR + lenS + 7) !=3D sig.size()) return false;<= br>
=C2=A0 =C2=A0 // Check whether the R element is an integer.
=C2=A0 =C2=A0 if (sig[2] !=3D 0x02) return false;

=C2=A0 =C2=A0 // Zero-length integers are not allowed for R.
=C2=A0 =C2=A0 if (lenR =3D=3D 0) return false;

=C2=A0 =C2=A0 // Negative numbers are not allowed for R.
=C2=A0 =C2=A0 if (sig[4] & 0x80) return false;

=C2=A0 =C2=A0 // Null bytes at the start of R are not allowed, unless R wou= ld
=C2=A0 =C2=A0 // otherwise be interpreted as a negative number.
=C2=A0 =C2=A0 if (lenR > 1 && (sig[4] =3D=3D 0x00) && !(= sig[5] & 0x80)) return false;

=C2=A0 =C2=A0 // Check whether the S element is an integer.
=C2=A0 =C2=A0 if (sig[lenR + 4] !=3D 0x02) return false;

=C2=A0 =C2=A0 // Zero-length integers are not allowed for S.
=C2=A0 =C2=A0 if (lenS =3D=3D 0) return false;

=C2=A0 =C2=A0 // Negative numbers are not allowed for S.
=C2=A0 =C2=A0 if (sig[lenR + 6] & 0x80) return false;

=C2=A0 =C2=A0 // Null bytes at the start of S are not allowed, unless S wou= ld otherwise be
=C2=A0 =C2=A0 // interpreted as a negative number.
=C2=A0 =C2=A0 if (lenS > 1 && (sig[lenR + 6] =3D=3D 0x00) &&= amp; !(sig[lenR + 7] & 0x80)) return false;

=C2=A0 =C2=A0 return true;
}
#endif

#define COMPOUND 0x30
#define NOT_COMPOUND 0x31

// Len gets adjusted by check() to be actual length with this offset.
#define LEN_OK 0
#define LEN_TOO_BIG 1
#define LEN_TOO_SMALL 0xff

#define INT 0x02
#define NOT_INT 0x03

#define MINIMAL_SIGLEN 1
#define MINIMAL_SIGVAL 0x0

#define NORMAL_SIGLEN 32
#define NORMAL_SIGVAL(S) S, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, \
=C2=A0 =C2=A0 =C2=A0 =C2=A0 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 \
=C2=A0 =C2=A0 =C2=A0 =C2=A0 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 \
=C2=A0 =C2=A0 =C2=A0 =C2=A0 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f<= br>
// 33 bytes is possible, with 0 prepended.
#define MAXIMAL_SIGLEN 33
#define MAXIMAL_SIGVAL(S) NORMAL_SIGVAL(S), 0x20

#define OVERSIZE_SIGLEN 34
#define OVERSIZE_SIGVAL(S) MAXIMAL_SIGVAL(S), 0x21

#define ZEROPAD_SIGLEN (1 + NORMAL_SIGLEN)
#define ZEROPAD_SIGVAL(S) 00, NORMAL_SIGVAL(S)

#define SIGHASH 0xf0

static bool check(const std::vector<unsigned char> &sig)
{
=C2=A0 =C2=A0 std::vector<unsigned char> fixed =3D sig;

=C2=A0 =C2=A0 // Fixup length
=C2=A0 =C2=A0 if (fixed.size() > 1)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 fixed[1] +=3D fixed.size() - 3;
=C2=A0 =C2=A0 return IsValidSignatureEncoding(fixed);
}

#define good(arr) assert(check(std::vector<unsigned char>(arr, arr+si= zeof(arr))))
#define bad(arr) assert(!check(std::vector<unsigned char>(arr, arr+si= zeof(arr))))

// The OK cases.
static unsigned char zerolen[] =3D { };
static unsigned char normal[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 INT, NORMAL_SIGLEN, NORMAL_SI= GVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 INT, NORMAL_SIGLEN, NORMAL_SI= GVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 SIGHASH };
static unsigned char min_r[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, MINIMAL_SIGLEN, MINIMAL_S= IGVAL,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, NORMAL_SIGLEN, NORMAL_SIG= VAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SIGHASH };
static unsigned char min_s[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, NORMAL_SIGLEN, NORMAL_SIG= VAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, MINIMAL_SIGLEN, MINIMAL_S= IGVAL,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SIGHASH };
static unsigned char max_r[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, MAXIMAL_SIGLEN, MAXIMAL_S= IGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, NORMAL_SIGLEN, NORMAL_SIG= VAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SIGHASH };
static unsigned char max_s[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, NORMAL_SIGLEN, NORMAL_SIG= VAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, MAXIMAL_SIGLEN, MAXIMAL_S= IGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SIGHASH };
// As long as total size doesn't go over, a single sig is allowed > = 33 bytes
static unsigned char wierd_s_len[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, OVER= SIZE_SIGLEN, OVERSIZE_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, NORM= AL_SIGLEN, NORMAL_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SIGHASH }= ;
static unsigned char wierd_r_len[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, NORM= AL_SIGLEN, NORMAL_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, OVER= SIZE_SIGLEN, OVERSIZE_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SIGHASH }= ;
static unsigned char zeropad_s[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, ZEROPAD_SIG= LEN, ZEROPAD_SIGVAL(0x81),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, NORMAL_SIGL= EN, NORMAL_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SIGHASH };
static unsigned char zeropad_r[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, NORMAL_SIGL= EN, NORMAL_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, ZEROPAD_SIG= LEN, ZEROPAD_SIGVAL(0x82),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SIGHASH };


// The fail cases.
static unsigned char not_compound[] =3D { NOT_COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 INT, NOR= MAL_SIGLEN, NORMAL_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 INT, NOR= MAL_SIGLEN, NORMAL_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 SIGHASH = };
static unsigned char short_len[] =3D { COMPOUND, LEN_TOO_SMALL,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, NORMAL_SIGL= EN, NORMAL_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, NORMAL_SIGL= EN, NORMAL_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SIGHASH };
static unsigned char long_len[] =3D { COMPOUND, LEN_TOO_BIG,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 INT, NORMAL_SIGLEN, NO= RMAL_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 INT, NORMAL_SIGLEN, NO= RMAL_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 SIGHASH };
static unsigned char r_notint[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 NOT_INT, NORMAL_SIGLEN= , NORMAL_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 INT, NORMAL_SIGLEN, NO= RMAL_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 SIGHASH };
static unsigned char s_notint[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 INT, NORMAL_SIGLEN, NO= RMAL_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 NOT_INT, NORMAL_SIGLEN= , NORMAL_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 SIGHASH };
static unsigned char s_oversig[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, OVERSIZE_SI= GLEN, OVERSIZE_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, MAXIMAL_SIG= LEN, MAXIMAL_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SIGHASH };
static unsigned char r_oversig[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, MAXIMAL_SIG= LEN, MAXIMAL_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, OVERSIZE_SI= GLEN, OVERSIZE_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SIGHASH };
static unsigned char s_negative[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 INT, NORMAL_SIG= LEN, NORMAL_SIGVAL(0x81),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 INT, NORMAL_SIG= LEN, NORMAL_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 SIGHASH };
static unsigned char r_negative[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 INT, NORMAL_SIG= LEN, NORMAL_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 INT, NORMAL_SIG= LEN, NORMAL_SIGVAL(0x82),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 SIGHASH };
static unsigned char zeropad_bad_s[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0IN= T, ZEROPAD_SIGLEN, ZEROPAD_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0IN= T, NORMAL_SIGLEN, NORMAL_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SI= GHASH };
static unsigned char zeropad_bad_r[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0IN= T, NORMAL_SIGLEN, NORMAL_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0IN= T, ZEROPAD_SIGLEN, ZEROPAD_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SI= GHASH };
static unsigned char missing_sighash[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0INT, NORMAL_SIGLEN, NORMAL_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0INT, NORMAL_SIGLEN, NORMAL_SIGVAL(0x2) };
static unsigned char extra_byte[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 INT, NORMAL_SIG= LEN, NORMAL_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 INT, NORMAL_SIG= LEN, NORMAL_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 SIGHASH, 0 };
// Bad signature lengths
static unsigned char zerolen_r[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, 0,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, NORMAL_SIGL= EN, NORMAL_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SIGHASH };
static unsigned char zerolen_s[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, NORMAL_SIGL= EN, NORMAL_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0INT, 0,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SIGHASH };
static unsigned char overlen_r_by_1[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 I= NT, NORMAL_SIGLEN + 1 + 1 + NORMAL_SIGLEN + 1 + 1, NORMAL_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 I= NT, NORMAL_SIGLEN, NORMAL_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 S= IGHASH };
static unsigned char overlen_s_by_1[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 I= NT, NORMAL_SIGLEN, NORMAL_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 I= NT, NORMAL_SIGLEN+1+1, NORMAL_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 S= IGHASH };
static unsigned char underlen_r_by_1[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0INT, NORMAL_SIGLEN-1, NORMAL_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0INT, NORMAL_SIGLEN, NORMAL_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0SIGHASH };
static unsigned char underlen_s_by_1[] =3D { COMPOUND, LEN_OK,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0INT, NORMAL_SIGLEN, NORMAL_SIGVAL(0x1),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0INT, NORMAL_SIGLEN-1, NORMAL_SIGVAL(0x2),
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0SIGHASH };

int main()
{
=C2=A0 =C2=A0 good(zerolen);
=C2=A0 =C2=A0 good(normal);
=C2=A0 =C2=A0 good(min_r);
=C2=A0 =C2=A0 good(min_s);
=C2=A0 =C2=A0 good(max_r);
=C2=A0 =C2=A0 good(max_s);
=C2=A0 =C2=A0 good(wierd_s_len);
=C2=A0 =C2=A0 good(wierd_r_len);
=C2=A0 =C2=A0 good(zeropad_s);
=C2=A0 =C2=A0 good(zeropad_r);

=C2=A0 =C2=A0 // Try different amounts of truncation.
=C2=A0 =C2=A0 for (size_t i =3D 1; i < sizeof(normal)-1; i++)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 assert(!check(std::vector<unsigned char>(= normal, normal+i)));

=C2=A0 =C2=A0 bad(not_compound);
=C2=A0 =C2=A0 bad(short_len);
=C2=A0 =C2=A0 bad(long_len);
=C2=A0 =C2=A0 bad(r_notint);
=C2=A0 =C2=A0 bad(s_notint);
=C2=A0 =C2=A0 bad(s_oversig);
=C2=A0 =C2=A0 bad(r_oversig);
=C2=A0 =C2=A0 bad(s_negative);
=C2=A0 =C2=A0 bad(r_negative);
=C2=A0 =C2=A0 bad(s_negative);
=C2=A0 =C2=A0 bad(r_negative);
=C2=A0 =C2=A0 bad(zeropad_bad_s);
=C2=A0 =C2=A0 bad(zeropad_bad_r);
=C2=A0 =C2=A0 bad(zerolen_r);
=C2=A0 =C2=A0 bad(zerolen_s);
=C2=A0 =C2=A0 bad(overlen_r_by_1);
=C2=A0 =C2=A0 bad(overlen_s_by_1);
=C2=A0 =C2=A0 bad(underlen_r_by_1);
=C2=A0 =C2=A0 bad(underlen_s_by_1);
=C2=A0 =C2=A0 bad(missing_sighash);
=C2=A0 =C2=A0 bad(extra_byte);

=C2=A0 =C2=A0 return 0;
}



---------------------------------------------------------------------------= ---
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/s= fu/gigenet
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment

--f46d04430682eb53f0050d350a13--