ecdsa: make Signature::normalize_s infallible

Unconditionally returns a normalized signature, regardless of whether the signature was normalized to begin with. Closes #736
RustCrypto · Jan 17, 2024 · e2e70e8 · e2e70e8
1 parent 83359e1
commit e2e70e8
Showing 1 changed file with 6 additions and 10 deletions.
diff --git a/ecdsa/src/lib.rs b/ecdsa/src/lib.rs
@@ -87,6 +87,7 @@ pub use crate::verifying::VerifyingKey;
 use core::{fmt, ops::Add};
 use elliptic_curve::{
     array::{typenum::Unsigned, Array, ArraySize},
+    subtle::ConditionallySelectable,
     FieldBytes, FieldBytesSize, ScalarPrimitive,
 };
 
@@ -313,16 +314,11 @@ where
     /// [BIP 0062: Dealing with Malleability][1].
     ///
     /// [1]: https://github.com/bitcoin/bips/blob/master/bip-0062.mediawiki
-    pub fn normalize_s(&self) -> Option<Self> {
-        let s = self.s();
-
-        if s.is_high().into() {
-            let mut result = self.clone();
-            result.s = ScalarPrimitive::from(-s);
-            Some(result)
-        } else {
-            None
-        }
+    pub fn normalize_s(&self) -> Self {
+        let mut result = self.clone();
+        let s_inv = ScalarPrimitive::from(-self.s());
+        result.s.conditional_assign(&s_inv, self.s.is_high());
+        result
     }
 }