From 615e64f8102c1782669adbe867f13573bc9bad33 Mon Sep 17 00:00:00 2001
From: Aveen Ismail <aveen.ismail@yubico.com>
Date: Wed, 8 Jan 2025 14:13:21 +0100
Subject: [PATCH] SSH cert sign: check OpenSSL return code

---
 src/commands.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/commands.c b/src/commands.c
index 91ba90cb..57108c07 100644
--- a/src/commands.c
+++ b/src/commands.c
@@ -3131,10 +3131,11 @@ int yh_com_sign_ssh_certificate(yubihsm_context *ctx, Argument *argv,
 
   BUF_MEM *bufferPtr = 0;
 
-  (void) BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
-  (void) BIO_write(bio, data + 4 + 256,
-                   argv[4].len + response_len - 4 -
-                     256); // TODO(adma): FIXME, unmagify
+  BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
+  if (BIO_write(bio, data + 4 + 256, response_len) != (int) response_len) {
+    fprintf(stderr, "Failed to sign SSH certificate.\n");
+    return -1;
+  }
   (void) BIO_flush(bio);
   (void) BIO_get_mem_ptr(bio, &bufferPtr);