kjj
Legendary
Offline
Activity: 1302
Merit: 1026
|
|
July 17, 2013, 04:07:39 PM |
|
@kokjo: mind sharing the code how to embed the OpenSSL-created signature into a sigScript? I expect the problem is caused by how you wrap/pad it, rather than with the signature itself.
sc = [script.OP_PUSH(sig+"\x01"), script.OP_PUSH(key.publickey)] tx.inputs[0].script = script.encode_script(sc)
as said before its the statoshi clients problem, not me generating bad(wrongly padded) signatures. i already have tracked down the problem in the satoshi client. I decoded the transaction you provided by hand. It is wrong, and I told you where it was wrong. The satoshi client is only broken if you got that hex as the output of signrawtransaction.
|
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8 I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
July 17, 2013, 04:08:32 PM |
|
Why should Bitcoin protocol accept all openssl formats?
What we need is a protocol, not mad people whining in a forum. That sure won't make them change.
the fix in the satoshi client includes this: // See https://bitcointalk.org/index.php?topic=8392.msg127623#msg127623 // A canonical signature exists of: <30> <total len> <02> <len R> <R> <02> <len S> <S> <hashtype> // Where R and S are not negative (their first byte has its highest bit not set), and not // excessively padded (do not start with a 0 byte, unless an otherwise negative number follows, // in which case a single 0 byte is necessary and even required).
a link to this thread, is not the way of creating a good protocol standard. Again: bitcoin is a big hack job, create a standard and stick too it. btw. would you please include my transaction in a block?
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
July 17, 2013, 04:11:25 PM |
|
The satoshi client is only broken if you got that hex as the output of signrawtransaction.
So the satoshi client can just troll around and smash things up, so no other client gets a fair chance to be able to create transactions. https://github.com/bitcoin/bitcoin/blob/master/src/script.cpp#L261 <-- this is where the satoshi client fail. the client is bad, and sipa(the dev who commited this) should feel bad.
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
piotr_n
Legendary
Offline
Activity: 2055
Merit: 1359
aka tonikt
|
|
July 17, 2013, 04:14:20 PM |
|
The satoshi client is only broken if you got that hex as the output of signrawtransaction.
So the satoshi client can just troll around and smash things up, so no other client gets a fair chance to be able to create transactions. https://github.com/bitcoin/bitcoin/blob/master/src/script.cpp#L261 <-- this is where the satoshi client fail. the client is bad, and sipa(the dev who commited this) should feel bad. I disagree that he should feel bad. Your signature is inconsistent - one length clearly does not match the other. IMHO, he's right treating it like he does; a probably broken signature.
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
Pieter Wuille
|
|
July 17, 2013, 04:23:40 PM |
|
The standard was using DER-encoded signatures, we're not making anything up - we're just enforcing a correct encoding rule that should have been there all along. The code comment is just a nice summary of the rules. This was announced several times on the development list and on this forum, and in release notes. We did wait until only a minority of transactions with non-canonical encodings remained, but it's impossible to find every possible (future) misbehaving client code.
If you disagree that standard-conforming signatures should be enforced on the network, we have little to talk about.
In any case, kjj is right - there are 2 weird padding bytes there, and I don't understand why your code is adding them. In any case, it's clearly wrong - go find why and fix it.
|
I do Bitcoin stuff.
|
|
|
gmaxwell
Moderator
Legendary
Offline
Activity: 4270
Merit: 8805
|
|
July 17, 2013, 04:23:48 PM |
|
assert 1 == ssl.ECDSA_sign(0, hash, len(hash), mb_sig, ctypes.byref(sig_size0), self.k) return mb_sig.raw
I believe this code is wrong. ECDSA_sign takes a pointer siglen for the length of the buffer. The reason it passes a reference there and not a value is because it writes the resulting length back to it. Otherwise there would be no way to know the length other than the maximum since, obviously, char * doesn't encode a size. Your code appears to do nothing with the returned size. This is wrong, and it means you're reading past the end of the destination array. Be glad the additional space contains only zeros and not your private key.
|
|
|
|
piotr_n
Legendary
Offline
Activity: 2055
Merit: 1359
aka tonikt
|
|
July 17, 2013, 04:29:29 PM |
|
Be glad the additional space contains only zeros and not your private key.
It could have, indeed.
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1026
|
|
July 17, 2013, 04:30:32 PM |
|
assert 1 == ssl.ECDSA_sign(0, hash, len(hash), mb_sig, ctypes.byref(sig_size0), self.k) return mb_sig.raw
I believe this code is wrong. ECDSA_sign takes a pointer siglen for the length of the buffer. The reason it passes a reference there and not a value is because it writes the resulting length back to it. Otherwise there would be no way to know the length other than the maximum since, obviously, char * doesn't encode a size. Your code appears to do nothing with the returned size. This is wrong, and it means you're reading past the end of the destination array. Be glad the additional space contains only zeros and not your private key. pwn3d
|
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8 I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
July 17, 2013, 04:35:42 PM |
|
assert 1 == ssl.ECDSA_sign(0, hash, len(hash), mb_sig, ctypes.byref(sig_size0), self.k) return mb_sig.raw
I believe this code is wrong. ECDSA_sign takes a pointer siglen for the length of the buffer. The reason it passes a reference there and not a value is because it writes the resulting length back to it. Otherwise there would be no way to know the length other than the maximum since, obviously, char * doesn't encode a size. Your code appears to do nothing with the returned size. This is wrong, and it means you're reading past the end of the destination array. Be glad the additional space contains only zeros and not your private key. +1 you are right, and i have broadcasted a double spend. Thank you. pwn3d
I accept defeat, but still thinks that we need a standard, and that the satoshi client a bunch of hacks.
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
piotr_n
Legendary
Offline
Activity: 2055
Merit: 1359
aka tonikt
|
|
July 17, 2013, 04:42:24 PM |
|
yeah, we need a standard. the only question is: who is going to develop a voting system that will decide about the standard? thank god, we have a primitive bitcoin mining concept, backed with a billion dollar stability fund. because if the future of this currency was based only on getting together the people developing its IT infrastructure, it would have been pretty fucking doomed.
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
July 17, 2013, 05:37:29 PM |
|
yeah, we need a standard. the only question is: who is going to develop a voting system that will decide about the standard? thank god, we have a primitive bitcoin mining concept, backed with a billion dollar stability fund. because if the future of this currency was based only on getting together the people developing its IT infrastructure, it would have been pretty fucking doomed.
voting is not needed. we just need a guy with some balls to act as a dictator for a short period of time, and an army of typing monkeys implementing the standard. what is done at https://en.bitcoin.it/wiki/Protocol_specification is usable, but most is yanked out of the satoshi client and lots of stuff have changed so the wiki is not up to date either. again: make a standard and implement it. looks good enough... i have already committed a similar change to my code.
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
piotr_n
Legendary
Offline
Activity: 2055
Merit: 1359
aka tonikt
|
|
July 17, 2013, 05:41:04 PM |
|
yeah, we need a standard. the only question is: who is going to develop a voting system that will decide about the standard? thank god, we have a primitive bitcoin mining concept, backed with a billion dollar stability fund. because if the future of this currency was based only on getting together the people developing its IT infrastructure, it would have been pretty fucking doomed.
voting is not needed. we just need a guy with some balls to act as a dictator for a short period of time, and an army of typing monkeys implementing the standard. what is done at https://en.bitcoin.it/wiki/Protocol_specification is usable, but most is yanked out of the satoshi client and lots of stuff have changed so the wiki is not up to date either. again: make a standard and implement it. from my experience, the only standard there is, is the satoshi source code. the wiki is very helpful though and it almost nowhere contradicts the actual protocol, but the standard is in the code. and maybe its not such a bad idea for a standard to be in a code. as long as this code is not stupid
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
July 17, 2013, 06:01:48 PM |
|
yeah, we need a standard. the only question is: who is going to develop a voting system that will decide about the standard? thank god, we have a primitive bitcoin mining concept, backed with a billion dollar stability fund. because if the future of this currency was based only on getting together the people developing its IT infrastructure, it would have been pretty fucking doomed.
voting is not needed. we just need a guy with some balls to act as a dictator for a short period of time, and an army of typing monkeys implementing the standard. what is done at https://en.bitcoin.it/wiki/Protocol_specification is usable, but most is yanked out of the satoshi client and lots of stuff have changed so the wiki is not up to date either. again: make a standard and implement it. from my experience, the only standard there is, is the satoshi source code. the wiki is very helpful though and it almost nowhere contradicts the actual protocol, but the standard is in the code. and maybe its not such a bad idea for a standard to be in a code. as long as this code is not stupid it makes it nearly impossible to create a alternative client, when the "standard" mutates all the time. bitcoin needs diversity in clients. Would you like to only be able to use internet explore? sure it would work good. but really?
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1100
|
|
July 17, 2013, 06:11:49 PM |
|
it makes it nearly impossible to create a alternative client, when the "standard" mutates all the time. bitcoin needs diversity in clients. Would you like to only be able to use internet explore? sure it would work good. but really?
The standard does not mutate all the time (though I do agree client diversity is a good thing).
|
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own. Visit bloq.com / metronome.io Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
July 17, 2013, 06:13:49 PM |
|
it makes it nearly impossible to create a alternative client, when the "standard" mutates all the time. bitcoin needs diversity in clients. Would you like to only be able to use internet explore? sure it would work good. but really?
The standard does not mutate all the time (though I do agree client diversity is a good thing). It mutates with every commit to the satoshi client repo. Code is not a standard.
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
piotr_n
Legendary
Offline
Activity: 2055
Merit: 1359
aka tonikt
|
|
July 17, 2013, 06:15:00 PM |
|
so what do you propose?
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
July 17, 2013, 06:23:29 PM |
|
so what do you propose?
stop writing code, and sit down and make a standard. Its not that hard, nobody just wants to do it because they are lazy bastard who like to code crap code, instead of doing things the right way. Just like the rfc's describe what the protocol look like down to the smallest detail, and then don't change it. Describe how clients interact with keyword defined in http://www.ietf.org/rfc/rfc2119.txt.
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1026
|
|
July 17, 2013, 06:28:52 PM |
|
it makes it nearly impossible to create a alternative client, when the "standard" mutates all the time. bitcoin needs diversity in clients. Would you like to only be able to use internet explore? sure it would work good. but really?
The standard does not mutate all the time (though I do agree client diversity is a good thing). It mutates with every commit to the satoshi client repo. Code is not a standard. No, it really doesn't. Sipa's patch last year changed how this particular implementation behaves, only. It was not a change in the protocol. The change was not binding on anyone else. P.S. The standardization thing is discussed in endless detail in many other threads. Please read some of those before posting again. You have contributed nothing new to the debate; even your pointless personal attacks are reruns.
|
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8 I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
piotr_n
Legendary
Offline
Activity: 2055
Merit: 1359
aka tonikt
|
|
July 17, 2013, 06:32:49 PM |
|
stop writing code, and sit down and make a standard. Its not that hard, nobody just wants to do it because they are lazy bastard who like to code crap code, instead of doing things the right way.
They don't strike me like people who like to write code And I guess you never tried to describe what a code does, in a human readable language. Otherwise you would know that it's impossible.
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
|