summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/ecdsa/ecs_ossl.c10
1 files changed, 4 insertions, 6 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c
index 0df5b2af56..509bcc7625 100644
--- a/src/lib/libcrypto/ecdsa/ecs_ossl.c
+++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecs_ossl.c,v 1.54 2023/07/03 10:10:58 tb Exp $ */ 1/* $OpenBSD: ecs_ossl.c,v 1.55 2023/07/03 10:16:14 tb Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project 3 * Written by Nils Larsch for the OpenSSL project
4 */ 4 */
@@ -498,11 +498,9 @@ ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *
498 goto err; 498 goto err;
499 } 499 }
500 500
501 /* Verify that r and s are in the range [1, order-1]. */ 501 /* Verify that r and s are in the range [1, order). */
502 if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || 502 if (BN_cmp(sig->r, BN_value_one()) < 0 || BN_ucmp(sig->r, order) >= 0 ||
503 BN_ucmp(sig->r, order) >= 0 || 503 BN_cmp(sig->s, BN_value_one()) < 0 || BN_ucmp(sig->s, order) >= 0) {
504 BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
505 BN_ucmp(sig->s, order) >= 0) {
506 ECDSAerror(ECDSA_R_BAD_SIGNATURE); 504 ECDSAerror(ECDSA_R_BAD_SIGNATURE);
507 ret = 0; 505 ret = 0;
508 goto err; 506 goto err;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-15 04:17:11 +0000