crypto: ensure that VerifySignature rejects malleable signatures (#15708)

* crypto: ensure that VerifySignature rejects malleable signatures It already rejected them when using libsecp256k1, make sure the nocgo version does the same thing. * crypto: simplify check * crypto: fix build
2017-12-20 13:30:00 +01:00
parent 5e1581c2c3
commit ce823c9f84
2 changed files with 14 additions and 0 deletions
--- a/crypto/signature_nocgo.go
+++ b/crypto/signature_nocgo.go
@ -87,6 +87,10 @@ func VerifySignature(pubkey, hash, signature []byte) bool {
 	if err != nil {
 		return false
 	}
+	// Reject malleable signatures. libsecp256k1 does this check but btcec doesn't.
+	if sig.S.Cmp(secp256k1_halfN) > 0 {
+		return false
+	}
 	return sig.Verify(hash, key)
 }