diff --git a/Makefile b/Makefile index 41e93ceca..41fe136f2 100644 --- a/Makefile +++ b/Makefile @@ -24,7 +24,7 @@ CCANDIR := ccan # Where we keep the BOLT RFCs BOLTDIR := ../lightning-rfc/ -BOLTVERSION := 7e8c478aef0d23a445845b7d297b0e804583697c +BOLTVERSION := 01f29bf9feca66476423676365187e2175a3934b -include config.vars diff --git a/bitcoin/signature.c b/bitcoin/signature.c index afa7aeb7b..17b150fe4 100644 --- a/bitcoin/signature.c +++ b/bitcoin/signature.c @@ -173,6 +173,14 @@ bool check_signed_hash(const struct sha256_double *hash, { int ret; + /* BOLT #2: + * + * - if `signature` is incorrect OR non-compliant with + * LOW-S-standard rule + */ + /* From the secp256k1_ecdsa_verify documentation: "To avoid + * accepting malleable signatures, only ECDSA signatures in + * lower-S form are accepted." */ ret = secp256k1_ecdsa_verify(secp256k1_ctx, signature, hash->sha.u.u8, &key->pubkey); diff --git a/channeld/channeld.c b/channeld/channeld.c index c8a29c0ce..15c08aef6 100644 --- a/channeld/channeld.c +++ b/channeld/channeld.c @@ -1314,7 +1314,8 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg) * * A receiving node: * - once all pending updates are applied: - * - if `signature` is not valid for its local commitment transaction: + * - if `signature` is not valid for its local commitment transaction + * OR non-compliant with LOW-S-standard rule...: * - MUST fail the channel. */ if (!check_tx_sig(txs[0], 0, NULL, funding_wscript, @@ -1349,7 +1350,7 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg) /* BOLT #2: * * - if any `htlc_signature` is not valid for the corresponding HTLC - * transaction: + * transaction OR non-compliant with LOW-S-standard rule...: * - MUST fail the channel. */ for (i = 0; i < tal_count(htlc_sigs); i++) { diff --git a/closingd/closingd.c b/closingd/closingd.c index a090e574e..b0d367990 100644 --- a/closingd/closingd.c +++ b/closingd/closingd.c @@ -368,7 +368,8 @@ receive_offer(struct per_peer_state *pps, * * The receiving node: * - if the `signature` is not valid for either variant of closing transaction - * specified in [BOLT #3](03-transactions.md#closing-transaction): + * specified in [BOLT #3](03-transactions.md#closing-transaction) + * OR non-compliant with LOW-S-standard rule...: * - MUST fail the connection. */ tx = close_tx(tmpctx, chainparams, pps, channel_id, diff --git a/openingd/dualopend.c b/openingd/dualopend.c index 0a0d8d596..89cf634b6 100644 --- a/openingd/dualopend.c +++ b/openingd/dualopend.c @@ -1722,7 +1722,8 @@ static void accepter_start(struct state *state, const u8 *oc2_msg) /* BOLT #2: * * The recipient: - * - if `signature` is incorrect: + * - if `signature` is incorrect OR non-compliant with LOW-S-standard + * rule...: * - MUST fail the channel. */ if (!check_tx_sig(local_commit, 0, NULL, wscript, @@ -2203,7 +2204,8 @@ static void opener_start(struct state *state, u8 *msg) /* BOLT #2: * * The recipient: - * - if `signature` is incorrect: + * - if `signature` is incorrect OR non-compliant with LOW-S-standard + * rule...: * - MUST fail the channel. */ if (!check_tx_sig(local_commit, 0, NULL, wscript, &state->their_funding_pubkey, diff --git a/openingd/openingd.c b/openingd/openingd.c index 96ed73186..6ef88dd62 100644 --- a/openingd/openingd.c +++ b/openingd/openingd.c @@ -628,8 +628,8 @@ static bool funder_finalize_channel_setup(struct state *state, /* BOLT #2: * * The recipient: - * - if `signature` is incorrect: - * - MUST fail the channel. + * - if `signature` is incorrect OR non-compliant with LOW-S-standard rule...: + * - MUST fail the channel */ /* So we create *our* initial commitment transaction, and check the * signature they sent against that. */ @@ -1004,7 +1004,8 @@ static u8 *fundee_channel(struct state *state, const u8 *open_channel_msg) /* BOLT #2: * * The recipient: - * - if `signature` is incorrect: + * - if `signature` is incorrect OR non-compliant with LOW-S-standard + * rule...: * - MUST fail the channel. */ local_commit = initial_channel_tx(state, &wscript, state->channel,