if (vchSig.empty() || !IsValid())
return false;
- const unsigned char* pbegin = &vbytes[0];
EC_KEY *pkey = EC_KEY_new_by_curve_name(NID_secp256k1);
- if (!o2i_ECPublicKey(&pkey, &pbegin, size()))
- return false; // Unable to parse public key
-
- // New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first.
- unsigned char *norm_der = NULL;
ECDSA_SIG *norm_sig = ECDSA_SIG_new();
- const unsigned char* sigptr = &vchSig[0];
+
assert(norm_sig);
- if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL)
+ assert(pkey);
+
+ bool ret = false;
+ do
{
- /* As of OpenSSL 1.0.0p d2i_ECDSA_SIG frees and nulls the pointer on
- * error. But OpenSSL's own use of this function redundantly frees the
- * result. As ECDSA_SIG_free(NULL) is a no-op, and in the absence of a
- * clear contract for the function behaving the same way is more
- * conservative.
- */
- ECDSA_SIG_free(norm_sig);
- return false;
- }
- int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der);
+ int derlen;
+ uint8_t *norm_der = NULL;
+ const uint8_t* pbegin = &vbytes[0];
+ const uint8_t* sigptr = &vchSig[0];
+
+ // Trying to parse public key
+ if (!o2i_ECPublicKey(&pkey, &pbegin, size()))
+ break;
+ // New versions of OpenSSL are rejecting a non-canonical DER signatures, de/re-serialize first.
+ if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL)
+ break;
+ if ((derlen = i2d_ECDSA_SIG(norm_sig, &norm_der)) <= 0)
+ break;
+
+ // -1 = error, 0 = bad sig, 1 = good
+ ret = ECDSA_verify(0, (const unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1;
+ OPENSSL_free(norm_der);
+ } while(false);
+
ECDSA_SIG_free(norm_sig);
- if (derlen <= 0)
- return false;
+ EC_KEY_free(pkey);
- // -1 = error, 0 = bad sig, 1 = good
- bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1;
- OPENSSL_free(norm_der);
return ret;
}