i2d_ECDSA_SIG() may return a negative value in case of error. Handle

this in ossl_ecdsa_sign() and propagate the return code.
OK jsing@ tb@

1 files changed, 14 insertions, 5 deletions

diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c
index e6d6b0cd71..78e2b4a997 100644
--- a/src/lib/libcrypto/ecdsa/ecs_ossl.c
+++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_ossl.c,v 1.31 2023/03/27 10:25:02 tb Exp $ */
+/* $OpenBSD: ecs_ossl.c,v 1.32 2023/03/30 15:51:09 bluhm Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project
  */
@@ -118,14 +118,23 @@ ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, unsigned char *si
     unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
 {
         ECDSA_SIG *s;
+        int outlen = 0;
+        int ret = 0;
 
         if ((s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey)) == NULL) {
-                *siglen = 0;
-                return 0;
+                goto err;
         }
-        *siglen = i2d_ECDSA_SIG(s, &sig);
+        if ((outlen = i2d_ECDSA_SIG(s, &sig)) < 0) {
+                outlen = 0;
+                goto err;
+        }
+
+        ret = 1;
+
+ err:
+        *siglen = outlen;
         ECDSA_SIG_free(s);
-        return 1;
+        return ret;
 }
 
 static int