From: Vladimir Panteleev Date: Tue, 3 Mar 2020 18:04:00 +0000 (+0000) Subject: spkac: Check return values of NETSCAPE_SPKI functions X-Git-Tag: openssl-3.0.0-alpha1~307 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=8293fb6840840a5252bb6671c48486bc86857b5f;p=oweals%2Fopenssl.git spkac: Check return values of NETSCAPE_SPKI functions Fixes silently producing an invalid SPKAC with non-RSA keys. Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/11224) --- diff --git a/apps/spkac.c b/apps/spkac.c index dbd3d45216..17c4e5b8d0 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -145,8 +145,15 @@ int spkac_main(int argc, char **argv) if (challenge != NULL) ASN1_STRING_set(spki->spkac->challenge, challenge, (int)strlen(challenge)); - NETSCAPE_SPKI_set_pubkey(spki, pkey); - NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); + if (!NETSCAPE_SPKI_set_pubkey(spki, pkey)) { + BIO_printf(bio_err, "Error setting public key\n"); + goto end; + } + i = NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); + if (i <= 0) { + BIO_printf(bio_err, "Error signing SPKAC\n"); + goto end; + } spkstr = NETSCAPE_SPKI_b64_encode(spki); if (spkstr == NULL) goto end;