x509: Check return value when signing attribute certificates

In addition that this lets AC generation fail properly if private key signing
fails, it also fixes an issue when compiling on Windows with MinGW 4.8.1, where
for some reason the attributeCertificateInfo got encoded incorrectly.

diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c
index 30b871d4283d9e9391a69e2ca400cf5bba1eaaa1..ed58377a65e442d326fd35ebe59aba457febda47 100644 (file)
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@@ -754,17 +754,22 @@ static chunk_t build_attr_cert_info(private_x509_ac_t *this)
 /**
  * build an X.509 attribute certificate
  */
-static chunk_t build_ac(private_x509_ac_t *this)
+static bool build_ac(private_x509_ac_t *this)
 {
        chunk_t signatureValue, attributeCertificateInfo;
 
        attributeCertificateInfo = build_attr_cert_info(this);
-       this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1,
-                                                 attributeCertificateInfo, &signatureValue);
-       return asn1_wrap(ASN1_SEQUENCE, "mmm",
-                               attributeCertificateInfo,
-                               asn1_algorithmIdentifier(OID_SHA1_WITH_RSA),
-                               asn1_bitstring("m", signatureValue));
+       if (!this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1,
+                                                          attributeCertificateInfo, &signatureValue))
+       {
+               free(attributeCertificateInfo.ptr);
+               return FALSE;
+       }
+       this->encoding = asn1_wrap(ASN1_SEQUENCE, "mmm",
+                                               attributeCertificateInfo,
+                                               asn1_algorithmIdentifier(OID_SHA1_WITH_RSA),
+                                               asn1_bitstring("m", signatureValue));
+       return TRUE;
 }
 
 METHOD(ac_t, get_serial, chunk_t,
@@ -1154,8 +1159,10 @@ x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args)
                ac->holderCert->get_type(ac->holderCert) == CERT_X509 &&
                ac->signerCert->get_type(ac->signerCert) == CERT_X509)
        {
-               ac->encoding = build_ac(ac);
-               return &ac->public;
+               if (build_ac(ac))
+               {
+                       return &ac->public;
+               }
        }
        destroy(ac);
        return NULL;