Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YDnVm-0006K3-3J for bitcoin-development@lists.sourceforge.net; Wed, 21 Jan 2015 05:07:26 +0000 X-ACL-Warn: Received: from ozlabs.org ([103.22.144.67]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1YDnVk-0001Rt-JY for bitcoin-development@lists.sourceforge.net; Wed, 21 Jan 2015 05:07:26 +0000 Received: by ozlabs.org (Postfix, from userid 1011) id AF23B140216; Wed, 21 Jan 2015 15:47:43 +1100 (AEDT) From: Rusty Russell To: Pieter Wuille , Bitcoin Dev In-Reply-To: References: User-Agent: Notmuch/0.17 (http://notmuchmail.org) Emacs/24.3.1 (x86_64-pc-linux-gnu) Date: Wed, 21 Jan 2015 15:15:26 +1030 Message-ID: <878ugwbv2x.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1YDnVk-0001Rt-JY Subject: Re: [Bitcoin-development] [softfork proposal] Strict DER signatures X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2015 05:07:26 -0000 Pieter Wuille writes: > Hello everyone, > > We've been aware of the risk of depending on OpenSSL for consensus > rules for a while, and were trying to get rid of this as part of BIP > 62 (malleability protection), which was however postponed due to > unforeseen complexities. The recent evens (see the thread titled > "OpenSSL 1.0.0p / 1.0.1k incompatible, causes blockchain rejection." > on this mailing list) have made it clear that the problem is very > real, however, and I would prefer to have a fundamental solution for > it sooner rather than later. > > I therefore propose a softfork to make non-DER signatures illegal > (they've been non-standard since v0.8.0). A draft BIP text can be > found on: > > https://gist.github.com/sipa/5d12c343746dad376c80 Cut and paste bug in the last check: // Null bytes at the start of R are not allowed, unless it would otherwise be // interpreted as a negative number. if (lenS > 1 && (sig[lenR + 6] == 0x00) && !(sig[lenR + 7] & 0x80)) return false; You mean "null bytes at the start of S". Cheers, Rusty.