spkac: Check return values of NETSCAPE_SPKI functions

Fixes silently producing an invalid SPKAC with non-RSA keys. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11224)
author: Vladimir Panteleev <git@vladimir.panteleev.md> 2020-03-03 18:04:00 +0000
committer: Dmitry Belyavskiy <beldmit@gmail.com> 2020-03-09 11:51:51 +0300
commit: 8293fb6840840a5252bb6671c48486bc86857b5f (patch)
tree: f8f280f944c4bb7e55d4fc8ae101e4d67da155dd /apps/spkac.c
parent: d62be1580bf402f7088cdec5f21a87f27f40f18e (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/apps/spkac.c b/apps/spkac.c
index dbd3d45216..17c4e5b8d0 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -145,8 +145,15 @@ int spkac_main(int argc, char **argv)
         if (challenge != NULL)
             ASN1_STRING_set(spki->spkac->challenge,
                             challenge, (int)strlen(challenge));
-        NETSCAPE_SPKI_set_pubkey(spki, pkey);
-        NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
+        if (!NETSCAPE_SPKI_set_pubkey(spki, pkey)) {
+            BIO_printf(bio_err, "Error setting public key\n");
+            goto end;
+        }
+        i = NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
+        if (i <= 0) {
+            BIO_printf(bio_err, "Error signing SPKAC\n");
+            goto end;
+        }
         spkstr = NETSCAPE_SPKI_b64_encode(spki);
         if (spkstr == NULL)
             goto end;
author	Vladimir Panteleev <git@vladimir.panteleev.md>	2020-03-03 18:04:00 +0000
committer	Dmitry Belyavskiy <beldmit@gmail.com>	2020-03-09 11:51:51 +0300
commit	8293fb6840840a5252bb6671c48486bc86857b5f (patch)
tree	f8f280f944c4bb7e55d4fc8ae101e4d67da155dd /apps/spkac.c
parent	d62be1580bf402f7088cdec5f21a87f27f40f18e (diff)