From: Gerardo Ravago <gcr@amazon.com>
Date: Tue, 13 Feb 2024 15:24:33 +0000 (-0500)
Subject: openssl: Add missing error checking when encoding ED private key
X-Git-Tag: android-2.5.0~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=31f55ba6e9b2ef469e7ee367fda832c779bec9d7;p=thirdparty%2Fstrongswan.git

openssl: Add missing error checking when encoding ED private key

This applies the same logic found in other private key implementations
like that for ECDSA.

Closes strongswan/strongswan#2097
---

diff --git a/src/libstrongswan/plugins/openssl/openssl_ed_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ed_private_key.c
index 609e640800..e8d900d94a 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ed_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ed_private_key.c
@@ -19,6 +19,7 @@
 #if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC)
 
 #include "openssl_ed_private_key.h"
+#include "openssl_util.h"
 
 #include <utils/debug.h>
 
@@ -157,8 +158,6 @@ METHOD(private_key_t, get_fingerprint, bool,
 METHOD(private_key_t, get_encoding, bool,
 	private_private_key_t *this, cred_encoding_type_t type, chunk_t *encoding)
 {
-	u_char *p;
-
 	if (this->engine)
 	{
 		return FALSE;
@@ -171,9 +170,7 @@ METHOD(private_key_t, get_encoding, bool,
 		{
 			bool success = TRUE;
 
-			*encoding = chunk_alloc(i2d_PrivateKey(this->key, NULL));
-			p = encoding->ptr;
-			i2d_PrivateKey(this->key, &p);
+			*encoding = openssl_i2chunk(PrivateKey, this->key);
 
 			if (type == PRIVKEY_PEM)
 			{