From f80fc69932486713b4150b313ac84df92faf6113 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 3 Jul 2023 10:21:25 +0000
Subject: Split range checks for ECDSA r and ECDSA s

requested by jsing
---
 src/lib/libcrypto/ecdsa/ecs_ossl.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c
index e52cacbf12..441033e5cd 100644
--- a/src/lib/libcrypto/ecdsa/ecs_ossl.c
+++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_ossl.c,v 1.56 2023/07/03 10:19:52 tb Exp $ */
+/* $OpenBSD: ecs_ossl.c,v 1.57 2023/07/03 10:21:25 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project
  */
@@ -499,8 +499,12 @@ ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *
 	}
 
 	/* Verify that r and s are in the range [1, order). */
-	if (BN_cmp(sig->r, BN_value_one()) < 0 || BN_cmp(sig->r, order) >= 0 ||
-	    BN_cmp(sig->s, BN_value_one()) < 0 || BN_cmp(sig->s, order) >= 0) {
+	if (BN_cmp(sig->r, BN_value_one()) < 0 || BN_cmp(sig->r, order) >= 0) {
+		ECDSAerror(ECDSA_R_BAD_SIGNATURE);
+		ret = 0;
+		goto err;
+	}
+	if (BN_cmp(sig->s, BN_value_one()) < 0 || BN_cmp(sig->s, order) >= 0) {
 		ECDSAerror(ECDSA_R_BAD_SIGNATURE);
 		ret = 0;
 		goto err;
@@ -547,6 +551,7 @@ ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *
 	BN_CTX_end(ctx);
 	BN_CTX_free(ctx);
 	EC_POINT_free(point);
+
 	return ret;
 }
 
-- 
cgit v1.2.3-55-g6feb