Fixes brainpool sign/verify bug. Closing issue #854#948
Merged
twiss merged 2 commits intoopenpgpjs:masterfrom Aug 23, 2019
Merged
Fixes brainpool sign/verify bug. Closing issue #854#948twiss merged 2 commits intoopenpgpjs:masterfrom
twiss merged 2 commits intoopenpgpjs:masterfrom
Conversation
chesnokovilya
force-pushed
the
brainpool-bug
branch
from
2301c42 to
9a07bc9
Compare
chesnokovilya
force-pushed
the
brainpool-bug
branch
from
9a07bc9 to
45dea75
Compare
Collaborator
|
For future ref, the fixes are in openpgpjs/elliptic#2 and openpgpjs/elliptic#3 . |
larabr
added a commit
to larabr/openpgpjs
that referenced
this pull request
Oct 6, 2023
… by old lib bug At some point we used to generate invalid ECDSA sigs with the js (non-native) elliptic lib, if the signature digest had leading zeros: openpgpjs#948 . Brainpool curves are the most likely to have been affected by the bug, since they do not have WebCrypto support (unlike NIST curves). This commit reintroduces support on web to verify such invalid signatures (support for this was previously built-in in the indutny-elliptic library). It also expands the fix to work in Node.
larabr
added a commit
to larabr/openpgpjs
that referenced
this pull request
Oct 23, 2023
… by old lib bug At some point we used to generate invalid ECDSA sigs with the js (non-native) elliptic lib, if the signature digest had leading zeros: openpgpjs#948 . Brainpool curves are the most likely to have been affected by the bug, since they do not have WebCrypto support (unlike NIST curves). This commit reintroduces support on web to verify such invalid signatures (support for this was previously built-in in the indutny-elliptic library). It also expands the fix to work in Node.
larabr
added a commit
that referenced
this pull request
Oct 23, 2023
… by old lib bug At some point we used to generate invalid ECDSA sigs with the js (non-native) elliptic lib, if the signature digest had leading zeros: #948 . Brainpool curves are the most likely to have been affected by the bug, since they do not have WebCrypto support (unlike NIST curves). This commit reintroduces support on web to verify such invalid signatures (support for this was previously built-in in the indutny-elliptic library). It also expands the fix to work in Node.
larabr
added a commit
that referenced
this pull request
Oct 24, 2023
… by old lib bug At some point we used to generate invalid ECDSA sigs with the js (non-native) elliptic lib, if the signature digest had leading zeros: #948 . Brainpool curves are the most likely to have been affected by the bug, since they do not have WebCrypto support (unlike NIST curves). This commit reintroduces support on web to verify such invalid signatures (support for this was previously built-in in the indutny-elliptic library). It also expands the fix to work in Node.
larabr
added a commit
that referenced
this pull request
Oct 25, 2023
… by old lib bug At some point we used to generate invalid ECDSA sigs with the js (non-native) elliptic lib, if the signature digest had leading zeros: #948 . Brainpool curves are the most likely to have been affected by the bug, since they do not have WebCrypto support (unlike NIST curves). This commit reintroduces support on web to verify such invalid signatures (support for this was previously built-in in the indutny-elliptic library). It also expands the fix to work in Node.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Update elliptic to the version with correct signature creation and verification in the case of leading zero in hash.
Closing issue #854