1 files changed, 30 insertions, 24 deletions

diff --git a/lib/libcrypto/ecdsa/ecs_ossl.c b/lib/libcrypto/ecdsa/ecs_ossl.c
index 1dce05c35f9..d935d237bab 100644
--- a/lib/libcrypto/ecdsa/ecs_ossl.c
+++ b/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_ossl.c,v 1.59 2023/07/03 11:10:28 tb Exp $ */
+/* $OpenBSD: ecs_ossl.c,v 1.60 2023/07/03 13:53:54 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project
  */
@@ -275,6 +275,7 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
 	BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
 	BIGNUM *b, *binv, *bm, *bxr, *m;
 	const BIGNUM *ckinv, *order, *priv_key;
+	int caller_supplied_values = 0;
 	int attempts = 0;
 	ECDSA_SIG *sig = NULL;
 
@@ -322,19 +323,28 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
 	if (!ecdsa_prepare_digest(dgst, dgst_len, order, m))
 		goto err;
 
+	if (in_kinv != NULL && in_r != NULL) {
+		/*
+		 * Use the caller's kinv and r. Don't call ECDSA_sign_setup().
+		 * If we're unable to compute a valid signature, the caller
+		 * must provide new values.
+		 */
+		caller_supplied_values = 1;
+
+		ckinv = in_kinv;
+		if (!bn_copy(r, in_r)) {
+			ECDSAerror(ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+	}
+
 	do {
-		if (in_kinv == NULL || in_r == NULL) {
+		if (!caller_supplied_values) {
 			if (!ECDSA_sign_setup(eckey, ctx, &kinv, &r)) {
 				ECDSAerror(ERR_R_ECDSA_LIB);
 				goto err;
 			}
 			ckinv = kinv;
-		} else {
-			ckinv = in_kinv;
-			if (!bn_copy(r, in_r)) {
-				ECDSAerror(ERR_R_MALLOC_FAILURE);
-				goto err;
-			}
 		}
 
 		/*
@@ -385,23 +395,19 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
 			goto err;
 		}
 
-		if (BN_is_zero(s)) {
-			/*
-			 * If kinv and r have been supplied by the caller,
-			 * don't generate new kinv and r values
-			 */
-			if (in_kinv != NULL && in_r != NULL) {
-				ECDSAerror(ECDSA_R_NEED_NEW_SETUP_VALUES);
-				goto err;
-			}
-
-			if (++attempts > ECDSA_MAX_SIGN_ITERATIONS) {
-				ECDSAerror(EC_R_WRONG_CURVE_PARAMETERS);
-				goto err;
-			}
-		} else
-			/* s != 0 => we have a valid signature */
+		/* If s is non-zero, we have a valid signature. */
+		if (!BN_is_zero(s))
 			break;
+
+		if (caller_supplied_values) {
+			ECDSAerror(ECDSA_R_NEED_NEW_SETUP_VALUES);
+			goto err;
+		}
+
+		if (++attempts > ECDSA_MAX_SIGN_ITERATIONS) {
+			ECDSAerror(EC_R_WRONG_CURVE_PARAMETERS);
+			goto err;
+		}
 	} while (1);
 
 	if ((sig = ECDSA_SIG_new()) == NULL) {