summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2023-07-03 10:16:15 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2023-07-03 10:16:15 +0000
commitde8ac428c05121ca1353b5b0e7e685a7fd0fe25f (patch)
tree6704a622b7e0ec5e251407d4b9b4adecdc154cac /lib
parent32c5d3c549713572ead20258ca0e497ca8ecf646 (diff)
ossl_ecdsa_verify_sig(): simplify range checks
The checks whether r and s lie in the interval [1, order) were a bit uglier than necessary. Clean this up. ok beck jsing
Diffstat (limited to 'lib')
-rw-r--r--lib/libcrypto/ecdsa/ecs_ossl.c10
1 files changed, 4 insertions, 6 deletions
diff --git a/lib/libcrypto/ecdsa/ecs_ossl.c b/lib/libcrypto/ecdsa/ecs_ossl.c
index 0df5b2af56a..509bcc7625a 100644
--- a/lib/libcrypto/ecdsa/ecs_ossl.c
+++ b/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_ossl.c,v 1.54 2023/07/03 10:10:58 tb Exp $ */
+/* $OpenBSD: ecs_ossl.c,v 1.55 2023/07/03 10:16:14 tb Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project
*/
@@ -498,11 +498,9 @@ ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *
goto err;
}
- /* Verify that r and s are in the range [1, order-1]. */
- if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
- BN_ucmp(sig->r, order) >= 0 ||
- BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
- BN_ucmp(sig->s, order) >= 0) {
+ /* Verify that r and s are in the range [1, order). */
+ if (BN_cmp(sig->r, BN_value_one()) < 0 || BN_ucmp(sig->r, order) >= 0 ||
+ BN_cmp(sig->s, BN_value_one()) < 0 || BN_ucmp(sig->s, order) >= 0) {
ECDSAerror(ECDSA_R_BAD_SIGNATURE);
ret = 0;
goto err;