Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

As of 0.12 k256 no longer requires ECDSA signatures have minimum s #908

Closed
randombit opened this issue Jul 10, 2023 · 1 comment · Fixed by #914
Closed

As of 0.12 k256 no longer requires ECDSA signatures have minimum s #908

randombit opened this issue Jul 10, 2023 · 1 comment · Fixed by #914

Comments

@randombit
Copy link
Contributor

In 0.11 and earlier versions, k256 required that ECDSA signatures have minimal s, but in 0.12 it appears verification will accept either s. I don't see anything mentioned about this in the k256 changelog; was this change intentional?
@tarcieri
Copy link
Member

It seems like it was a regression introduced in #675. It was not a deliberate change.

This was referenced Jul 13, 2023
Closed
Merged
@tarcieri tarcieri mentioned this issue Jul 21, 2023
Merged
tarcieri added a commit that referenced this issue Jul 22, 2023
@tarcieri
k256: reject signatures which aren't low-S normalized
e55db5a 
Closes #908
@tarcieri tarcieri mentioned this issue Jul 22, 2023
Merged
tarcieri added a commit that referenced this issue Jul 22, 2023
@tarcieri
k256: reject signatures which aren't low-S normalized (#914)
5c829a4 
Closes #908
This was referenced Nov 16, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

k256: reject signatures which aren't low-S normalized RustCrypto/elliptic-curves
2 participants
@tarcieri @randombit