diff options
author | Vladimir Panteleev <git@vladimir.panteleev.md> | 2020-03-03 18:04:00 +0000 |
---|---|---|
committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2020-03-09 11:51:51 +0300 |
commit | 8293fb6840840a5252bb6671c48486bc86857b5f (patch) | |
tree | f8f280f944c4bb7e55d4fc8ae101e4d67da155dd /apps/spkac.c | |
parent | d62be1580bf402f7088cdec5f21a87f27f40f18e (diff) |
spkac: Check return values of NETSCAPE_SPKI functions
Fixes silently producing an invalid SPKAC with non-RSA keys.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11224)
Diffstat (limited to 'apps/spkac.c')
-rw-r--r-- | apps/spkac.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/apps/spkac.c b/apps/spkac.c index dbd3d45216..17c4e5b8d0 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -145,8 +145,15 @@ int spkac_main(int argc, char **argv) if (challenge != NULL) ASN1_STRING_set(spki->spkac->challenge, challenge, (int)strlen(challenge)); - NETSCAPE_SPKI_set_pubkey(spki, pkey); - NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); + if (!NETSCAPE_SPKI_set_pubkey(spki, pkey)) { + BIO_printf(bio_err, "Error setting public key\n"); + goto end; + } + i = NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); + if (i <= 0) { + BIO_printf(bio_err, "Error signing SPKAC\n"); + goto end; + } spkstr = NETSCAPE_SPKI_b64_encode(spki); if (spkstr == NULL) goto end; |