From 6802616f21f493a4c53c756815b081d3120a5aeb Mon Sep 17 00:00:00 2001 From: tobhe Date: Thu, 18 Nov 2021 22:42:02 +0000 Subject: [PATCH] Check if encoding works in dsa_init(). This avoids calling fatal() in dsa_length() or dsa_prefix() when the selected encoding is invalid. ok markus@ --- sbin/iked/crypto.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sbin/iked/crypto.c b/sbin/iked/crypto.c index 8e7f90ee893..9b5f38b2113 100644 --- a/sbin/iked/crypto.c +++ b/sbin/iked/crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.c,v 1.34 2021/02/25 20:13:24 tobhe Exp $ */ +/* $OpenBSD: crypto.c,v 1.35 2021/11/18 22:42:02 tobhe Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -958,6 +958,8 @@ dsa_init(struct iked_dsa *dsa, const void *buf, size_t len) EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1) <= 0) return (-1); } + if (_dsa_sign_encode(dsa, NULL, 0, NULL) < 0) + return (-1); return (ret == 1 ? 0 : -1); } -- 2.20.1