From: tobhe <tobhe@openbsd.org>
Date: Thu, 18 Nov 2021 22:42:02 +0000 (+0000)
Subject: Check if encoding works in dsa_init(). This avoids calling fatal()
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=6802616f21f493a4c53c756815b081d3120a5aeb;p=openbsd

Check if encoding works in dsa_init(). This avoids calling fatal()
in dsa_length() or dsa_prefix() when the selected encoding is invalid.

ok markus@
---

diff --git a/sbin/iked/crypto.c b/sbin/iked/crypto.c
index 8e7f90ee893..9b5f38b2113 100644
--- a/sbin/iked/crypto.c
+++ b/sbin/iked/crypto.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto.c,v 1.34 2021/02/25 20:13:24 tobhe Exp $	*/
+/*	$OpenBSD: crypto.c,v 1.35 2021/11/18 22:42:02 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -958,6 +958,8 @@ dsa_init(struct iked_dsa *dsa, const void *buf, size_t len)
 		    EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1) <= 0)
 			return (-1);
 	}
+	if (_dsa_sign_encode(dsa, NULL, 0, NULL) < 0)
+		return (-1);
 
 	return (ret == 1 ? 0 : -1);
 }