# RFC Errata

Found 2 records.

## Status: Verified (1)

### RFC 6979, "Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)", August 2013

Source of RFC: INDEPENDENT
Errata ID: 3812

**Status: Verified
Type: Technical
Publication Format(s) : TEXT**

Reported By: Edward M Drayton

Date Reported: 2013-11-27

Verifier Name: Nevil Brownlee

Date Verified: 2014-02-03

Section 2.4 (page 8) says:

If r turns out to be zero, a new k should be selected and r computed again (this is an utterly improbable occurrence). 4. The value s (modulo q) is computed: s = (h+x*r)/k mod q

It should say:

If r turns out to be zero, a new k should be selected and r computed again (this is an utterly improbable occurrence). 4. The value s (modulo q) is computed: s = (h+x*r)/k mod q If s turns out to be zero, a new k should be selected and r and s computed again (a similarly improbable occurrence).

Notes:

My understanding is that if s is zero it has no multiplicative inverse so the signature cannot be verified. Worse, for DSA the private key can be computed directly from r and the public key components. (I'm not sure about ECDSA..)

If I'm right about this, section 3.4 and others are affected. If not, sorry for wasting your time :-(

## Status: Held for Document Update (1)

### RFC 6979, "Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)", August 2013

Source of RFC: INDEPENDENT
Errata ID: 5963

**Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT**

Reported By: Annie Yousar

Date Reported: 2020-01-23

Held for Document Update by: Adrian Farrel

Date Held: 2020-01-26

Section 3.2 says:

b. Set: V = 0x01 0x01 0x01 ... 0x01 such that the length of V, in bits, is equal to 8*ceil(hlen/8). : : c. Set: K = 0x00 0x00 0x00 ... 0x00 such that the length of K, in bits, is equal to 8*ceil(hlen/8).

It should say:

b. Set: V = 0x010101...01 such that the length of V, in bits, is equal to 8*ceil(hlen/8). : : c. Set: K = 0x000000...00 such that the length of K, in bits, is equal to 8*ceil(hlen/8).

Notes:

Hrmonize the notations in 3.2 and A.1.1, where the hex string q is denoted as

0x4000000000000000000020108A2E0CC0D99F8A5EF

and not as

0x40 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x20 0x10 0x8A 0x2E 0x0C 0xC0 0x0D 0x99 0xF8 0xA5 0xEF.