OpenSSL 3.x signature verification fails at block 605,359 #145
Description
Problem
When compiled with OpenSSL 3.x, the node fails to sync past block 605,359 with a signature verification error:
ERROR: CScriptCheck() : 3d7458b83ae2806d621f438da40e5f8592c5445d62cb0f6bdb0b75f94b72fb5d VerifySignature failed
InvalidChainFound: invalid block=d67b8e990ac2438dd2f144033f5337f8bdfaf8a8f3bdaf5c771739e02c36748d height=605359
Cause
OpenSSL 3.x has stricter DER signature parsing than OpenSSL 1.x. The d2i_ECDSA_SIG() function rejects some valid ECDSA signatures that have non-canonical DER encoding (e.g., extra leading zeros, certain padding variations).
These signatures were valid and accepted by OpenSSL 1.x, and are permanently recorded in the blockchain. OpenSSL 3.x's stricter parsing causes them to fail validation.
Environment
- OpenSSL 3.0.13
- GCC 13
- Ubuntu 24.04
Solution
Implement a fallback DER signature parser (ecdsa_sig_parse_der_lax) that handles signatures which OpenSSL 3.x's strict parser rejects. The fallback:
- Manually parses the DER structure (SEQUENCE, INTEGER tags)
- Extracts R and S values using
BN_bin2bn() - Creates an
ECDSA_SIGobject usingECDSA_SIG_set0()
This maintains security while allowing validation of historical blockchain data.
Affected File
src/key.cpp-CECKey::Verify()function
Related Issues
- Part of OpenSSL 3.x compatibility work
- Similar to Bitcoin Core's signature parsing changes