SSH cert sign: check OpenSSL return code

Yubico · Jan 8, 2025 · 615e64f · 615e64f
1 parent 3dd15f3
commit 615e64f
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/src/commands.c b/src/commands.c
@@ -3131,10 +3131,11 @@ int yh_com_sign_ssh_certificate(yubihsm_context *ctx, Argument *argv,
 
   BUF_MEM *bufferPtr = 0;
 
-  (void) BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
-  (void) BIO_write(bio, data + 4 + 256,
-                   argv[4].len + response_len - 4 -
-                     256); // TODO(adma): FIXME, unmagify
+  BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
+  if (BIO_write(bio, data + 4 + 256, response_len) != (int) response_len) {
+    fprintf(stderr, "Failed to sign SSH certificate.\n");
+    return -1;
+  }
   (void) BIO_flush(bio);
   (void) BIO_get_mem_ptr(bio, &bufferPtr);