[softfork proposal] Strict DER signatures

Summary:

Pieter Wuille, a Bitcoin Core developer, has proposed an improvement to the Bitcoin protocol that would replace OpenSSL with libsecp256k1. The proposal was made in light of recent events that revealed the risks of depending on OpenSSL for consensus rules. Currently, OpenSSL is used to enforce the malleability protections specified by BIP 62. However, this has been postponed due to unforeseen complexities.The new proposal aims to provide a more fundamental solution to the problem sooner rather than later. The proposal involves removing the dependency on OpenSSL and replacing it with the libsecp256k1 library. This library will provide signature verification and public key recovery functionality, which are currently handled by OpenSSL. The proposed changes were shared on the Bitcoin Development mailing list along with sample codes and test cases to ensure compatibility.In addition to the proposal, the given context also contains multiple arrays of hexadecimal values representing different types of signatures. These arrays are used to test the validity of signatures in a Bitcoin transaction. The valid signature arrays include `good(zerolen)`, `good(normal)`, `good(min_r)`, `good(min_s)`, `good(max_r)`, `good(max_s)`, `good(wierd_s_len)`, `good(wierd_r_len)`, `good(zeropad_s)`, and `good(zeropad_r)`.On the other hand, the invalid signature arrays include `not_compound`, `short_len`, `long_len`, `r_notint`, `s_notint`, `s_oversig`, `r_oversig`, `s_negative`, `r_negative`, `zeropad_bad_s`, `zeropad_bad_r`, `zerolen_r`, `zerolen_s`, `overlen_r_by_1`, `overlen_s_by_1`, `underlen_r_by_1`, `underlen_s_by_1`, `missing_sighash`, and `extra_byte`. These arrays are used to test various fail cases of signatures with issues such as not being compound, having incorrect length, being negative, or missing a sighash value.Lastly, the codes also include a loop that tests different amounts of truncation for the `normal` signature array.

Updated on: 2023-06-09T15:46:21.975078+00:00