diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c
index 773c4660eb8..533978871a4 100644
--- a/modules/ssl/ssl_engine_pphrase.c
+++ b/modules/ssl/ssl_engine_pphrase.c
@@ -181,9 +181,9 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx,
     if (pkey_mtime) {
         ssl_asn1_t *asn1 = ssl_asn1_table_get(mc->retained->privkeys, key_id);
         if (asn1 && (asn1->source_mtime == pkey_mtime)) {
-            ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(02575)
-                         "Reusing existing private key from %s on restart",
-                         ppcb_arg.pkey_file);
+            ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
+                        "Reusing existing private key from %s on restart",
+                        ppcb_arg.pkey_file);
             return APR_SUCCESS;
         }
     }
@@ -338,6 +338,11 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx,
     /* Cache the private key in the global module configuration so it
      * can be used after subsequent reloads. */
     asn1 = ssl_asn1_table_set(mc->retained->privkeys, key_id, pPrivateKey);
+    if (!asn1) {
+        ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+                    "mod_ssl: Failed to cache private key");
+        return ssl_die(s);
+    }
 
     if (ppcb_arg.nPassPhraseDialogCur != 0) {
         /* remember mtime of encrypted keys */
@@ -1024,4 +1029,4 @@ apr_status_t modssl_load_engine_keypair(server_rec *s,
                  vhostid, certid ? certid : "no cert", keyid);
     return APR_ENOTIMPL;
 #endif
-}
+}
\ No newline at end of file
diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c
index 12ffff511e2..5ee7346b41d 100644
--- a/modules/ssl/ssl_util.c
+++ b/modules/ssl/ssl_util.c
@@ -201,7 +201,14 @@ ssl_asn1_t *ssl_asn1_table_set(apr_hash_t *table, const char *key,
 {
     apr_ssize_t klen = strlen(key);
     ssl_asn1_t *asn1 = apr_hash_get(table, key, klen);
-    apr_size_t length = i2d_PrivateKey(pkey, NULL);
+    int derlen = i2d_PrivateKey(pkey, NULL);
+    if (derlen <= 0) {
+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf,
+                     "mod_ssl: Failed to encode private key");
+        return NULL;
+    }
+
+    apr_size_t length = (apr_size_t)derlen;
     unsigned char *p;
 
     /* Re-use structure if cached previously. */
@@ -220,7 +227,11 @@ ssl_asn1_t *ssl_asn1_table_set(apr_hash_t *table, const char *key,
 
     asn1->nData = length;
     p = asn1->cpData;
-    i2d_PrivateKey(pkey, &p); /* increases p by length */
+    if (i2d_PrivateKey(pkey, &p) != derlen) {
+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf,
+                     "mod_ssl: Failed to serialize private key");
+        return NULL;
+    }
 
     return asn1;
 }
@@ -506,4 +517,4 @@ int modssl_is_engine_id(const char *name)
 #else
     return 0;
 #endif
-}
+}
\ No newline at end of file