From: Vladimir Panteleev <git@vladimir.panteleev.md>
Date: Tue, 3 Mar 2020 18:04:00 +0000 (+0000)
Subject: spkac: Check return values of NETSCAPE_SPKI functions
X-Git-Tag: openssl-3.0.0-alpha1~307
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=8293fb6840840a5252bb6671c48486bc86857b5f;p=oweals%2Fopenssl.git

spkac: Check return values of NETSCAPE_SPKI functions

Fixes silently producing an invalid SPKAC with non-RSA keys.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11224)
---

diff --git a/apps/spkac.c b/apps/spkac.c
index dbd3d45216..17c4e5b8d0 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -145,8 +145,15 @@ int spkac_main(int argc, char **argv)
         if (challenge != NULL)
             ASN1_STRING_set(spki->spkac->challenge,
                             challenge, (int)strlen(challenge));
-        NETSCAPE_SPKI_set_pubkey(spki, pkey);
-        NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
+        if (!NETSCAPE_SPKI_set_pubkey(spki, pkey)) {
+            BIO_printf(bio_err, "Error setting public key\n");
+            goto end;
+        }
+        i = NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
+        if (i <= 0) {
+            BIO_printf(bio_err, "Error signing SPKAC\n");
+            goto end;
+        }
         spkstr = NETSCAPE_SPKI_b64_encode(spki);
         if (spkstr == NULL)
             goto end;