void CKey::SetCompressedPubKey(bool fCompressed)
{
EC_KEY_set_conv_form(pkey, fCompressed ? POINT_CONVERSION_COMPRESSED : POINT_CONVERSION_UNCOMPRESSED);
- fCompressedPubKey = fCompressed;
}
void CKey::Reset()
{
- fCompressedPubKey = fSet = false;
+ fSet = false;
if (pkey != NULL)
EC_KEY_free(pkey);
pkey = EC_KEY_new_by_curve_name(NID_secp256k1);
if (pkey == NULL)
throw key_error("CKey::CKey(const CKey&) : EC_KEY_dup failed");
fSet = b.fSet;
- fCompressedPubKey = b.fCompressedPubKey;
}
CKey::CKey(const CSecret& b, bool fCompressed)
if (!EC_KEY_copy(pkey, b.pkey))
throw key_error("CKey::operator=(const CKey&) : EC_KEY_copy failed");
fSet = b.fSet;
- fCompressedPubKey = b.fCompressedPubKey;
return (*this);
}
bool CKey::IsCompressed() const
{
- return fCompressedPubKey;
+ return (EC_KEY_get_conv_form(pkey) == POINT_CONVERSION_COMPRESSED);
}
bool CKey::CheckSignatureElement(const unsigned char *vch, int len, bool half) {
int n=BN_bn2bin(bn,&vchRet[32 - nBytes]);
if (n != nBytes)
throw key_error("CKey::GetSecret(): BN_bn2bin failed");
- fCompressed = fCompressedPubKey;
+ fCompressed = IsCompressed();
return vchRet;
}
vchSig.resize(65,0);
int nBitsR = BN_num_bits(sig->r);
int nBitsS = BN_num_bits(sig->s);
+ bool fCompressedPubKey = IsCompressed();
if (nBitsR <= 256 && nBitsS <= 256)
{
int8_t nRecId = -1;
ECDSA_SIG *sig = ECDSA_SIG_new();
BN_bin2bn(&vchSig[1],32,sig->r);
BN_bin2bn(&vchSig[33],32,sig->s);
-
+ bool fSuccessful = false;
EC_KEY* pkey = EC_KEY_new_by_curve_name(NID_secp256k1);
if (nV >= 31)
{
nV -= 4;
EC_KEY_set_conv_form(pkey, POINT_CONVERSION_COMPRESSED);
}
-
do
{
if (ECDSA_SIG_recover_key_GFp(pkey, sig, (unsigned char*)&hash, sizeof(hash), nV - 27, 0) != 1)
break;
- ECDSA_SIG_free(sig);
-
int nSize = i2o_ECPublicKey(pkey, NULL);
if (!nSize)
break;
if (i2o_ECPublicKey(pkey, &pbegin) != nSize)
break;
Set(vchPubKey.begin(), vchPubKey.end());
- return IsValid();
+ fSuccessful = IsValid();
} while (false);
-
ECDSA_SIG_free(sig);
- Invalidate();
- return false;
+ EC_KEY_free(pkey);
+ if (!fSuccessful)
+ Invalidate();
+ return fSuccessful;
}
bool CPubKey::Verify(const uint256 &hash, const std::vector<unsigned char>& vchSig) const
if (vchSig.empty() || !IsValid())
return false;
- const unsigned char* pbegin = &vbytes[0];
EC_KEY *pkey = EC_KEY_new_by_curve_name(NID_secp256k1);
- if (!o2i_ECPublicKey(&pkey, &pbegin, size()))
- return false; // Unable to parse public key
-
- // New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first.
- unsigned char *norm_der = NULL;
ECDSA_SIG *norm_sig = ECDSA_SIG_new();
- const unsigned char* sigptr = &vchSig[0];
+
assert(norm_sig);
- if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL)
+ assert(pkey);
+
+ bool ret = false;
+ do
{
- /* As of OpenSSL 1.0.0p d2i_ECDSA_SIG frees and nulls the pointer on
- * error. But OpenSSL's own use of this function redundantly frees the
- * result. As ECDSA_SIG_free(NULL) is a no-op, and in the absence of a
- * clear contract for the function behaving the same way is more
- * conservative.
- */
- ECDSA_SIG_free(norm_sig);
- return false;
- }
- int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der);
+ int derlen;
+ uint8_t *norm_der = NULL;
+ const uint8_t* pbegin = &vbytes[0];
+ const uint8_t* sigptr = &vchSig[0];
+
+ // Trying to parse public key
+ if (!o2i_ECPublicKey(&pkey, &pbegin, size()))
+ break;
+ // New versions of OpenSSL are rejecting a non-canonical DER signatures, de/re-serialize first.
+ if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL)
+ break;
+ if ((derlen = i2d_ECDSA_SIG(norm_sig, &norm_der)) <= 0)
+ break;
+
+ // -1 = error, 0 = bad sig, 1 = good
+ ret = ECDSA_verify(0, (const unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1;
+ OPENSSL_free(norm_der);
+ } while(false);
+
ECDSA_SIG_free(norm_sig);
- if (derlen <= 0)
- return false;
+ EC_KEY_free(pkey);
- // -1 = error, 0 = bad sig, 1 = good
- bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1;
- OPENSSL_free(norm_der);
return ret;
}