From 8baf1ca79f107da2c25348df7f429e2f147dd939 Mon Sep 17 00:00:00 2001
From: Andrew Kozlik <andrew.kozlik@gmail.com>
Date: Tue, 11 Jan 2022 09:53:46 +0100
Subject: [PATCH] fix(crypto): Fix out of bounds read in ecdsa_sig_to_der().

[no changelog]
---
 crypto/ecdsa.c            | 4 ++--
 crypto/tests/test_check.c | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
index 6b643d398..1f6f378ee 100644
--- a/crypto/ecdsa.c
+++ b/crypto/ecdsa.c
@@ -1159,7 +1159,7 @@ int ecdsa_sig_to_der(const uint8_t *sig, uint8_t *der) {
 
   // process R
   i = 0;
-  while (sig[i] == 0 && i < 32) {
+  while (i < 31 && sig[i] == 0) {
     i++;
   }                      // skip leading zeroes
   if (sig[i] >= 0x80) {  // put zero in output if MSB set
@@ -1182,7 +1182,7 @@ int ecdsa_sig_to_der(const uint8_t *sig, uint8_t *der) {
 
   // process S
   i = 32;
-  while (sig[i] == 0 && i < 64) {
+  while (i < 63 && sig[i] == 0) {
     i++;
   }                      // skip leading zeroes
   if (sig[i] >= 0x80) {  // put zero in output if MSB set
diff --git a/crypto/tests/test_check.c b/crypto/tests/test_check.c
index 3963f961c..0e85d2e0e 100644
--- a/crypto/tests/test_check.c
+++ b/crypto/tests/test_check.c
@@ -6255,6 +6255,11 @@ START_TEST(test_ecdsa_der) {
           "00000000000000000000000000000000000000000000000000000000000000ff",
           "3008020200ee020200ff",
       },
+      {
+          "0000000000000000000000000000000000000000000000000000000000000000",
+          "0000000000000000000000000000000000000000000000000000000000000000",
+          "3006020100020100",
+      },
   };
 
   uint8_t sig[64];