diff --git a/src/main.cpp b/src/main.cpp index 0cfe90beda..008a059103 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -633,10 +633,6 @@ bool IsStandardTx(const CTransaction& tx, string& reason) reason = "scriptsig-not-pushonly"; return false; } - if (!txin.scriptSig.HasCanonicalPushes()) { - reason = "scriptsig-non-canonical-push"; - return false; - } } unsigned int nDataOut = 0; diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp index e463de8cc2..11c909472a 100644 --- a/src/script/interpreter.cpp +++ b/src/script/interpreter.cpp @@ -157,6 +157,29 @@ bool static CheckPubKeyEncoding(const valtype &vchSig, unsigned int flags) { return true; } +bool static CheckMinimalPush(const valtype& data, opcodetype opcode) { + if (data.size() == 0) { + // Could have used OP_0. + return opcode == OP_0; + } else if (data.size() == 1 && data[0] >= 1 && data[0] <= 16) { + // Could have used OP_1 .. OP_16. + return opcode == OP_1 + (data[0] - 1); + } else if (data.size() == 1 && data[0] == 0x81) { + // Could have used OP_1NEGATE. + return opcode == OP_1NEGATE; + } else if (data.size() <= 75) { + // Could have used a direct push (opcode indicating number of bytes pushed + those bytes). + return opcode == data.size(); + } else if (data.size() <= 255) { + // Could have used OP_PUSHDATA. + return opcode == OP_PUSHDATA1; + } else if (data.size() <= 65535) { + // Could have used OP_PUSHDATA2. + return opcode == OP_PUSHDATA2; + } + return true; +} + bool EvalScript(vector >& stack, const CScript& script, unsigned int flags, const BaseSignatureChecker& checker) { CScript::const_iterator pc = script.begin(); @@ -169,6 +192,7 @@ bool EvalScript(vector >& stack, const CScript& script, un if (script.size() > 10000) return false; int nOpCount = 0; + bool fRequireMinimal = (flags & SCRIPT_VERIFY_MINIMALDATA) != 0; try { @@ -205,9 +229,12 @@ bool EvalScript(vector >& stack, const CScript& script, un opcode == OP_RSHIFT) return false; // Disabled opcodes. - if (fExec && 0 <= opcode && opcode <= OP_PUSHDATA4) + if (fExec && 0 <= opcode && opcode <= OP_PUSHDATA4) { + if (fRequireMinimal && !CheckMinimalPush(vchPushValue, opcode)) { + return false; + } stack.push_back(vchPushValue); - else if (fExec || (OP_IF <= opcode && opcode <= OP_ENDIF)) + } else if (fExec || (OP_IF <= opcode && opcode <= OP_ENDIF)) switch (opcode) { // @@ -234,6 +261,8 @@ bool EvalScript(vector >& stack, const CScript& script, un // ( -- value) CScriptNum bn((int)opcode - (int)(OP_1 - 1)); stack.push_back(bn.getvch()); + // The result of these opcodes should always be the minimal way to push the data + // they push, so no need for a CheckMinimalPush here. } break; @@ -458,7 +487,7 @@ bool EvalScript(vector >& stack, const CScript& script, un // (xn ... x2 x1 x0 n - ... x2 x1 x0 xn) if (stack.size() < 2) return false; - int n = CScriptNum(stacktop(-1)).getint(); + int n = CScriptNum(stacktop(-1), fRequireMinimal).getint(); popstack(stack); if (n < 0 || n >= (int)stack.size()) return false; @@ -557,7 +586,7 @@ bool EvalScript(vector >& stack, const CScript& script, un // (in -- out) if (stack.size() < 1) return false; - CScriptNum bn(stacktop(-1)); + CScriptNum bn(stacktop(-1), fRequireMinimal); switch (opcode) { case OP_1ADD: bn += bnOne; break; @@ -590,8 +619,8 @@ bool EvalScript(vector >& stack, const CScript& script, un // (x1 x2 -- out) if (stack.size() < 2) return false; - CScriptNum bn1(stacktop(-2)); - CScriptNum bn2(stacktop(-1)); + CScriptNum bn1(stacktop(-2), fRequireMinimal); + CScriptNum bn2(stacktop(-1), fRequireMinimal); CScriptNum bn(0); switch (opcode) { @@ -635,9 +664,9 @@ bool EvalScript(vector >& stack, const CScript& script, un // (x min max -- out) if (stack.size() < 3) return false; - CScriptNum bn1(stacktop(-3)); - CScriptNum bn2(stacktop(-2)); - CScriptNum bn3(stacktop(-1)); + CScriptNum bn1(stacktop(-3), fRequireMinimal); + CScriptNum bn2(stacktop(-2), fRequireMinimal); + CScriptNum bn3(stacktop(-1), fRequireMinimal); bool fValue = (bn2 <= bn1 && bn1 < bn3); popstack(stack); popstack(stack); @@ -727,7 +756,7 @@ bool EvalScript(vector >& stack, const CScript& script, un if ((int)stack.size() < i) return false; - int nKeysCount = CScriptNum(stacktop(-i)).getint(); + int nKeysCount = CScriptNum(stacktop(-i), fRequireMinimal).getint(); if (nKeysCount < 0 || nKeysCount > 20) return false; nOpCount += nKeysCount; @@ -738,7 +767,7 @@ bool EvalScript(vector >& stack, const CScript& script, un if ((int)stack.size() < i) return false; - int nSigsCount = CScriptNum(stacktop(-i)).getint(); + int nSigsCount = CScriptNum(stacktop(-i), fRequireMinimal).getint(); if (nSigsCount < 0 || nSigsCount > nKeysCount) return false; int isig = ++i; diff --git a/src/script/interpreter.h b/src/script/interpreter.h index 085cd867da..5133c80aab 100644 --- a/src/script/interpreter.h +++ b/src/script/interpreter.h @@ -49,6 +49,13 @@ enum // Using a non-push operator in the scriptSig causes script failure (softfork safe, BIP62 rule 2). SCRIPT_VERIFY_SIGPUSHONLY = (1U << 5), + + // Require minimal encodings for all push operations (OP_0... OP_16, OP_1NEGATE where possible, direct + // pushes up to 75 bytes, OP_PUSHDATA up to 255 bytes, OP_PUSHDATA2 for anything larger). Evaluating + // any other push causes the script to fail (BIP62 rule 3). + // In addition, whenever a stack element is interpreted as a number, it must be of minimal length (BIP62 rule 4). + // (softfork safe) + SCRIPT_VERIFY_MINIMALDATA = (1U << 6) }; uint256 SignatureHash(const CScript &scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType); diff --git a/src/script/script.cpp b/src/script/script.cpp index bbcfe9dfdd..b879d72d6b 100644 --- a/src/script/script.cpp +++ b/src/script/script.cpp @@ -12,7 +12,7 @@ namespace { inline std::string ValueString(const std::vector& vch) { if (vch.size() <= 4) - return strprintf("%d", CScriptNum(vch).getint()); + return strprintf("%d", CScriptNum(vch, false).getint()); else return HexStr(vch); } @@ -238,33 +238,6 @@ bool CScript::IsPushOnly() const return true; } -bool CScript::HasCanonicalPushes() const -{ - const_iterator pc = begin(); - while (pc < end()) - { - opcodetype opcode; - std::vector data; - if (!GetOp(pc, opcode, data)) - return false; - if (opcode > OP_16) - continue; - if (opcode < OP_PUSHDATA1 && opcode > OP_0 && (data.size() == 1 && data[0] <= 16)) - // Could have used an OP_n code, rather than a 1-byte push. - return false; - if (opcode == OP_PUSHDATA1 && data.size() < OP_PUSHDATA1) - // Could have used a normal n-byte push, rather than OP_PUSHDATA1. - return false; - if (opcode == OP_PUSHDATA2 && data.size() <= 0xFF) - // Could have used an OP_PUSHDATA1. - return false; - if (opcode == OP_PUSHDATA4 && data.size() <= 0xFFFF) - // Could have used an OP_PUSHDATA2. - return false; - } - return true; -} - std::string CScript::ToString() const { std::string str; diff --git a/src/script/script.h b/src/script/script.h index 706a85a29b..e97967dcea 100644 --- a/src/script/script.h +++ b/src/script/script.h @@ -192,10 +192,14 @@ public: m_value = n; } - explicit CScriptNum(const std::vector& vch) + explicit CScriptNum(const std::vector& vch, bool fRequireMinimal) { - if (vch.size() > nMaxNumSize) - throw scriptnum_error("CScriptNum(const std::vector&) : overflow"); + if (vch.size() > nMaxNumSize) { + throw scriptnum_error("script number overflow"); + } + if (fRequireMinimal && vch.size() > 0 && (vch.back() & 0x7f) == 0 && (vch.size() <= 1 || (vch[vch.size() - 2] & 0x80) == 0)) { + throw scriptnum_error("non-minimally encoded script number"); + } m_value = set_vch(vch); } @@ -319,7 +323,6 @@ private: int64_t m_value; }; - /** Serialized script, used inside transaction inputs and outputs */ class CScript : public std::vector { @@ -330,6 +333,10 @@ protected: { push_back(n + (OP_1 - 1)); } + else if (n == 0) + { + push_back(OP_0); + } else { *this << CScriptNum::serialize(n); @@ -554,9 +561,6 @@ public: // Called by IsStandardTx and P2SH/BIP62 VerifyScript (which makes it consensus-critical). bool IsPushOnly() const; - // Called by IsStandardTx. - bool HasCanonicalPushes() const; - // Returns whether the script is guaranteed to fail at execution, // regardless of the initial stack. This allows outputs to be pruned // instantly when entering the UTXO set. diff --git a/src/script/standard.h b/src/script/standard.h index 961b214c89..248b941a64 100644 --- a/src/script/standard.h +++ b/src/script/standard.h @@ -41,6 +41,7 @@ static const unsigned int MANDATORY_SCRIPT_VERIFY_FLAGS = SCRIPT_VERIFY_P2SH; // blocks and we must accept those blocks. static const unsigned int STANDARD_SCRIPT_VERIFY_FLAGS = MANDATORY_SCRIPT_VERIFY_FLAGS | SCRIPT_VERIFY_STRICTENC | + SCRIPT_VERIFY_MINIMALDATA | SCRIPT_VERIFY_NULLDUMMY; // For convenience, standard but not mandatory verify flags. diff --git a/src/test/data/script_invalid.json b/src/test/data/script_invalid.json index e4dd8fe9aa..5ead65f17f 100644 --- a/src/test/data/script_invalid.json +++ b/src/test/data/script_invalid.json @@ -384,6 +384,10 @@ nSequences are max. ["0x00", "'00' EQUAL", "P2SH,STRICTENC", "Basic OP_0 execution"], +["1 IF 0x01 0x81 ENDIF 1", "", "MINIMALDATA", "evaluated non-minimal data"], +["1 IF 0x01 0x05 ENDIF 1", "", "MINIMALDATA", "evaluated non-minimal data"], +["1 IF 0x4c 0x03 0x222222 ENDIF 1", "", "MINIMALDATA", "evaluated non-minimal data"], + [ "0x47 0x30440220304eff7556bba9560df47873275e64db45f3cd735998ce3f00d2e57b1bb5f31302205c0c9d14b8b80d43e2ac9b87532f1af6d8a3271262bc694ec4e14068392bb0a001", "0x41 0x0479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8 CHECKSIG", diff --git a/src/test/data/script_valid.json b/src/test/data/script_valid.json index f7d1531698..89619a9ddc 100644 --- a/src/test/data/script_valid.json +++ b/src/test/data/script_valid.json @@ -529,6 +529,33 @@ nSequences are max. ["0x00", "SIZE 0 EQUAL", "P2SH,STRICTENC", "Basic OP_0 execution"], +["0x01 0x81", "0x4f EQUAL", "", "direct push of 0x81 equals 1NEGATE"], +["0x01 0x05", "5 EQUAL", "", "direct push of 0x05 equals 5"], +["0x4c 0x4b 0x111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", "0x4b 0x111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111 EQUAL", "", "PUSHDATA1 of 75 bytes equals direct push of it"], +["0x4d 0xFF00 0x111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", "0x4c 0xFF 0x111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111 EQUAL", "", "PUSHDATA2 of 255 bytes equals PUSHDATA1 of it"], +["0x02 0x8000", "128 NUMEQUAL", "", "0x8000 equals 128"], +["0x01 0x00", "0 NUMEQUAL", "", "0x00 numequals 0"], +["0x01 0x80", "0 NUMEQUAL", "", "0x80 (negative zero) numequals 0"], +["0x02 0x0080", "0 NUMEQUAL", "", "0x0080 numequals 0"], +["0x02 0x0500", "5 NUMEQUAL", "", "0x0500 numequals 5"], +["0x03 0xff7f80", "0x02 0xffff NUMEQUAL", "", ""], +["0x03 0xff7f00", "0x02 0xff7f NUMEQUAL", "", ""], +["0x04 0xffff7f80", "0x03 0xffffff NUMEQUAL", "", ""], +["0x04 0xffff7f00", "0x03 0xffff7f NUMEQUAL", "", ""], +["0 IF 0x01 0x81 ENDIF 1", "", "MINIMALDATA", "unevaluated non-minimal data"], +["0 IF 0x01 0x05 ENDIF 1", "", "MINIMALDATA", "unevaluated non-minimal data"], +["0 IF 0x02 0x8000 ENDIF 1", "", "MINIMALDATA", "unevaluated non-minimal data"], +["0 IF 0x01 0x00 ENDIF 1", "", "MINIMALDATA", "unevaluated non-minimal data"], +["0 IF 0x01 0x80 ENDIF 1", "", "MINIMALDATA", "unevaluated non-minimal data"], +["0 IF 0x02 0x0080 ENDIF 1", "", "MINIMALDATA", "unevaluated non-minimal data"], +["0 IF 0x02 0x0400 ENDIF 1", "", "MINIMALDATA", "unevaluated non-minimal data"], +["0 IF 0x03 0xff7f80 ENDIF 1", "", "MINIMALDATA", "unevaluated non-minimal data"], +["0 IF 0x03 0xff7f00 ENDIF 1", "", "MINIMALDATA", "unevaluated non-minimal data"], +["0 IF 0x04 0xffff7f80 ENDIF 1", "", "MINIMALDATA", "unevaluated non-minimal data"], +["0 IF 0x04 0xffff7f00 ENDIF 1", "", "MINIMALDATA", "unevaluated non-minimal data"], +["0 IF 0x4c 0x03 0x222222 ENDIF 1", "", "MINIMALDATA", "unevaluated non-minimal data"], + + [ "0x47 0x3044022007415aa37ce7eaa6146001ac8bdefca0ddcba0e37c5dc08c4ac99392124ebac802207d382307fd53f65778b07b9c63b6e196edeadf0be719130c5db21ff1e700d67501", "0x41 0x0479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8 CHECKSIG", @@ -638,13 +665,13 @@ nSequences are max. "P2PK NOT with invalid sig and undefined hashtype but no STRICTENC" ], [ - "0x01 0x01 0x47 0x3044022046ce33d1771b0127dd4c4cef8fdc3218ebdfa60e3793ed700292d8ebd93fb1f402201029d47a414db83e96e31443c2d8b552f971469c4800f5eff7df2f0648521aed01 0x47 0x304402205c53911ad55b054920043962bbda98cf6e57e2db1cd5611138251490baabaa8702201dc80dfceae6007e7772dc13ff6e7ca66a983cb017fe5d46d30118462d83bcf801 0x47 0x304402201937e44a4ec12364f9d32f9d25e7ecbc68aee9ef90069af80efef4c05f6ace9602206c515101c00c75710b32ff7ff8dbaf7c9a0be6e86ed14a0755b47626604f31fd01", + "1 0x47 0x3044022046ce33d1771b0127dd4c4cef8fdc3218ebdfa60e3793ed700292d8ebd93fb1f402201029d47a414db83e96e31443c2d8b552f971469c4800f5eff7df2f0648521aed01 0x47 0x304402205c53911ad55b054920043962bbda98cf6e57e2db1cd5611138251490baabaa8702201dc80dfceae6007e7772dc13ff6e7ca66a983cb017fe5d46d30118462d83bcf801 0x47 0x304402201937e44a4ec12364f9d32f9d25e7ecbc68aee9ef90069af80efef4c05f6ace9602206c515101c00c75710b32ff7ff8dbaf7c9a0be6e86ed14a0755b47626604f31fd01", "3 0x21 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 0x21 0x038282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508 0x21 0x03363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640 3 CHECKMULTISIG", "", "3-of-3 with nonzero dummy but no NULLDUMMY" ], [ - "0x01 0x01 0x47 0x30440220195038dbc6b2ae1199f86a6777824f7c5149789d85f655a3534a4422b8fba38c02204df9db87d2eb9fe06edc66870d9ac4c9ce673459f9d43cee0347ce4ffb02ee5a01 0x47 0x3044022010a45f30c6fa97a186eba9e6b595ab87d3dfcbf05dcaf1f1b8e3e7bf39515bb802203474e78d3d372e5f5c0f8c257ce8300c4bb8f37c51d4a894e11a91b5817da6ed01 0x47 0x30440220039cffd8e39850f95112662b1220b14b3c0d3d8a2772e13c947bfbf96345a64e02204154bfa77e2c0134d5434353bed82141e5da1cc479954aa288d5f0671480a04b01", + "1 0x47 0x30440220195038dbc6b2ae1199f86a6777824f7c5149789d85f655a3534a4422b8fba38c02204df9db87d2eb9fe06edc66870d9ac4c9ce673459f9d43cee0347ce4ffb02ee5a01 0x47 0x3044022010a45f30c6fa97a186eba9e6b595ab87d3dfcbf05dcaf1f1b8e3e7bf39515bb802203474e78d3d372e5f5c0f8c257ce8300c4bb8f37c51d4a894e11a91b5817da6ed01 0x47 0x30440220039cffd8e39850f95112662b1220b14b3c0d3d8a2772e13c947bfbf96345a64e02204154bfa77e2c0134d5434353bed82141e5da1cc479954aa288d5f0671480a04b01", "3 0x21 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 0x21 0x038282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508 0x21 0x03363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640 3 CHECKMULTISIG NOT", "", "3-of-3 NOT with invalid sig and nonzero dummy but no NULLDUMMY" diff --git a/src/test/script_tests.cpp b/src/test/script_tests.cpp index 0729119017..a41552fea1 100644 --- a/src/test/script_tests.cpp +++ b/src/test/script_tests.cpp @@ -179,7 +179,7 @@ public: TestBuilder& Num(int num) { DoPush(); - spendTx.vin[0].scriptSig << CScriptNum(num); + spendTx.vin[0].scriptSig << num; return *this; } @@ -788,19 +788,19 @@ BOOST_AUTO_TEST_CASE(script_combineSigs) BOOST_AUTO_TEST_CASE(script_standard_push) { - for (int i=0; i<1000; i++) { + for (int i=0; i<67000; i++) { CScript script; script << i; BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Number " << i << " is not pure push."); - BOOST_CHECK_MESSAGE(script.HasCanonicalPushes(), "Number " << i << " push is not canonical."); + BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker()), "Number " << i << " push is not minimal data."); } - for (int i=0; i<1000; i++) { + for (unsigned int i=0; i<=MAX_SCRIPT_ELEMENT_SIZE; i++) { std::vector data(i, '\111'); CScript script; script << data; BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Length " << i << " is not pure push."); - BOOST_CHECK_MESSAGE(script.HasCanonicalPushes(), "Length " << i << " push is not canonical."); + BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker()), "Length " << i << " push is not minimal data."); } } diff --git a/src/test/scriptnum_tests.cpp b/src/test/scriptnum_tests.cpp index ac60fa426f..5621e12729 100644 --- a/src/test/scriptnum_tests.cpp +++ b/src/test/scriptnum_tests.cpp @@ -25,11 +25,11 @@ static void CheckCreateVch(const int64_t& num) BOOST_CHECK(verify(bignum, scriptnum)); CBigNum bignum2(bignum.getvch()); - CScriptNum scriptnum2(scriptnum.getvch()); + CScriptNum scriptnum2(scriptnum.getvch(), false); BOOST_CHECK(verify(bignum2, scriptnum2)); CBigNum bignum3(scriptnum2.getvch()); - CScriptNum scriptnum3(bignum2.getvch()); + CScriptNum scriptnum3(bignum2.getvch(), false); BOOST_CHECK(verify(bignum3, scriptnum3)); } diff --git a/src/test/transaction_tests.cpp b/src/test/transaction_tests.cpp index 9209c6697f..c46c31e99f 100644 --- a/src/test/transaction_tests.cpp +++ b/src/test/transaction_tests.cpp @@ -34,6 +34,7 @@ static std::map mapFlagNames = boost::assign::map_list_of (string("DERSIG"), (unsigned int)SCRIPT_VERIFY_DERSIG) (string("LOW_S"), (unsigned int)SCRIPT_VERIFY_LOW_S) (string("SIGPUSHONLY"), (unsigned int)SCRIPT_VERIFY_SIGPUSHONLY) + (string("MINIMALDATA"), (unsigned int)SCRIPT_VERIFY_MINIMALDATA) (string("NULLDUMMY"), (unsigned int)SCRIPT_VERIFY_NULLDUMMY); unsigned int ParseScriptFlags(string strFlags)