The branch master has been updated
via 8293fb6840840a5252bb6671c48486bc86857b5f (commit)
from d62be1580bf402f7088cdec5f21a87f27f40f18e (commit)
- Log -----------------------------------------------------------------
commit 8293fb6840840a5252bb6671c48486bc86857b5f
Author: Vladimir Panteleev <g...@vladimir.panteleev.md>
Date: Tue Mar 3 18:04:00 2020 +0000
spkac: Check return values of NETSCAPE_SPKI functions
Fixes silently producing an invalid SPKAC with non-RSA keys.
Reviewed-by: Matt Caswell <m...@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11224)
-----------------------------------------------------------------------
Summary of changes:
apps/spkac.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/apps/spkac.c b/apps/spkac.c
index dbd3d45216..17c4e5b8d0 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -145,8 +145,15 @@ int spkac_main(int argc, char **argv)
if (challenge != NULL)
ASN1_STRING_set(spki->spkac->challenge,
challenge, (int)strlen(challenge));
- NETSCAPE_SPKI_set_pubkey(spki, pkey);
- NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
+ if (!NETSCAPE_SPKI_set_pubkey(spki, pkey)) {
+ BIO_printf(bio_err, "Error setting public key\n");
+ goto end;
+ }
+ i = NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
+ if (i <= 0) {
+ BIO_printf(bio_err, "Error signing SPKAC\n");
+ goto end;
+ }
spkstr = NETSCAPE_SPKI_b64_encode(spki);
if (spkstr == NULL)
goto end;
