1 files changed, 160 insertions, 0 deletions
diff --git a/pkg/openbsd/patch/0034-acme-client-Fix-signed-ness-of-base64buf_url-input.patch b/pkg/openbsd/patch/0034-acme-client-Fix-signed-ness-of-base64buf_url-input.patch
new file mode 100644
index 00000000..dfc1364e
--- /dev/null
+++ b/pkg/openbsd/patch/0034-acme-client-Fix-signed-ness-of-base64buf_url-input.patch
@@ -0,0 +1,160 @@
+From 67ffb8812ee7ac5fe23a5149ff643d1f392fb1f5 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Fri, 23 Apr 2021 20:10:05 -0700
+Subject: [PATCH] acme-client: Fix signed-ness of base64buf_url input
+
+This make most of the pointer casts unnecessary.
+---
+ usr.sbin/acme-client/acctproc.c   | 17 +++++++++--------
+ usr.sbin/acme-client/base64.c     |  2 +-
+ usr.sbin/acme-client/extern.h     |  2 +-
+ usr.sbin/acme-client/keyproc.c    |  5 +++--
+ usr.sbin/acme-client/revokeproc.c |  6 ++++--
+ 5 files changed, 18 insertions(+), 14 deletions(-)
+
+diff --git a/usr.sbin/acme-client/acctproc.c b/usr.sbin/acme-client/acctproc.c
+index da3d49107ae..9e97a8bb760 100644
+--- a/usr.sbin/acme-client/acctproc.c
++++ b/usr.sbin/acme-client/acctproc.c
+@@ -42,8 +42,9 @@
+ static char *
+ bn2string(const BIGNUM *bn)
+ {
+-	int	 len;
+-	char	*buf, *bbuf;
++	int		 len;
++	unsigned char	*buf;
++	char		*bbuf;
+ 
+ 	/* Extract big-endian representation of BIGNUM. */
+ 
+@@ -51,7 +52,7 @@ bn2string(const BIGNUM *bn)
+ 	if ((buf = malloc(len)) == NULL) {
+ 		warn("malloc");
+ 		return NULL;
+-	} else if (len != BN_bn2bin(bn, (unsigned char *)buf)) {
++	} else if (len != BN_bn2bin(bn, buf)) {
+ 		warnx("BN_bn2bin");
+ 		free(buf);
+ 		return NULL;
+@@ -167,7 +168,7 @@ op_thumbprint(int fd, EVP_PKEY *pkey)
+ 		warnx("EVP_Digest");
+ 		goto out;
+ 	}
+-	if ((dig64 = base64buf_url((char *)dig, digsz)) == NULL) {
++	if ((dig64 = base64buf_url(dig, digsz)) == NULL) {
+ 		warnx("base64buf_url");
+ 		goto out;
+ 	}
+@@ -281,7 +282,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
+ 
+ 	/* Base64-encode the payload. */
+ 
+-	if ((pay64 = base64buf_url(pay, strlen(pay))) == NULL) {
++	if ((pay64 = base64buf_url((unsigned char *)pay, strlen(pay))) == NULL) {
+ 		warnx("base64buf_url");
+ 		goto out;
+ 	}
+@@ -324,7 +325,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
+ 
+ 	/* The header combined with the nonce, base64. */
+ 
+-	if ((prot64 = base64buf_url(prot, strlen(prot))) == NULL) {
++	if ((prot64 = base64buf_url((unsigned char *)prot, strlen(prot))) == NULL) {
+ 		warnx("base64buf_url");
+ 		goto out;
+ 	}
+@@ -363,7 +364,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
+ 
+ 	switch (EVP_PKEY_base_id(pkey)) {
+ 	case EVP_PKEY_RSA:
+-		if ((dig64 = base64buf_url((char *)dig, digsz)) == NULL) {
++		if ((dig64 = base64buf_url(dig, digsz)) == NULL) {
+ 			warnx("base64buf_url");
+ 			goto out;
+ 		}
+@@ -402,7 +403,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
+ 			goto out;
+ 		}
+ 
+-		if ((dig64 = base64buf_url((char *)buf, 2 * bn_len)) == NULL) {
++		if ((dig64 = base64buf_url(buf, 2 * bn_len)) == NULL) {
+ 			warnx("base64buf_url");
+ 			goto out;
+ 		}
+diff --git a/usr.sbin/acme-client/base64.c b/usr.sbin/acme-client/base64.c
+index 2b6377f0d81..0d84ad4b458 100644
+--- a/usr.sbin/acme-client/base64.c
++++ b/usr.sbin/acme-client/base64.c
+@@ -39,7 +39,7 @@ base64len(size_t len)
+  * Returns NULL on allocation failure (not logged).
+  */
+ char *
+-base64buf_url(const char *data, size_t len)
++base64buf_url(const unsigned char *data, size_t len)
+ {
+ 	size_t	 i, sz;
+ 	char	*buf;
+diff --git a/usr.sbin/acme-client/extern.h b/usr.sbin/acme-client/extern.h
+index 915f80e3992..5b0950b0693 100644
+--- a/usr.sbin/acme-client/extern.h
++++ b/usr.sbin/acme-client/extern.h
+@@ -244,7 +244,7 @@ int		 checkexit_ext(int *, pid_t, enum comp);
+  * Returns a buffer or NULL on allocation error.
+  */
+ size_t		 base64len(size_t);
+-char		*base64buf_url(const char *, size_t);
++char		*base64buf_url(const unsigned char *, size_t);
+ 
+ /*
+  * JSON parsing routines.
+diff --git a/usr.sbin/acme-client/keyproc.c b/usr.sbin/acme-client/keyproc.c
+index a3b6666c279..f0df9f292d4 100644
+--- a/usr.sbin/acme-client/keyproc.c
++++ b/usr.sbin/acme-client/keyproc.c
+@@ -77,7 +77,8 @@ int
+ keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
+     enum keytype keytype)
+ {
+-	char		*der64 = NULL, *der = NULL, *dercp;
++	char		*der64 = NULL;
++	unsigned char	*der = NULL, *dercp;
+ 	char		*sans = NULL, *san = NULL;
+ 	FILE		*f;
+ 	size_t		 i, sansz;
+@@ -238,7 +239,7 @@ keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
+ 	} else if ((der = dercp = malloc(len)) == NULL) {
+ 		warn("malloc");
+ 		goto out;
+-	} else if (len != i2d_X509_REQ(x, (u_char **)&dercp)) {
++	} else if (len != i2d_X509_REQ(x, &dercp)) {
+ 		warnx("i2d_X509_REQ");
+ 		goto out;
+ 	} else if ((der64 = base64buf_url(der, len)) == NULL) {
+diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c
+index 0f1bf32678b..58e81233f1a 100644
+--- a/usr.sbin/acme-client/revokeproc.c
++++ b/usr.sbin/acme-client/revokeproc.c
+@@ -63,7 +63,9 @@ revokeproc(int fd, const char *certfile, int force,
+     int revocate, const char *const *alts, size_t altsz)
+ {
+ 	GENERAL_NAMES			*sans = NULL;
+-	char				*der = NULL, *dercp, *der64 = NULL;
++	unsigned char			*der = NULL, *dercp;
++	char				*der64 = NULL;
++	char				*san = NULL, *str, *tok;
+ 	int				 rc = 0, cc, i, len;
+ 	size_t				*found = NULL;
+ 	FILE				*f = NULL;
+@@ -240,7 +242,7 @@ revokeproc(int fd, const char *certfile, int force,
+ 		} else if ((der = dercp = malloc(len)) == NULL) {
+ 			warn("malloc");
+ 			goto out;
+-		} else if (len != i2d_X509(x, (u_char **)&dercp)) {
++		} else if (len != i2d_X509(x, &dercp)) {
+ 			warnx("i2d_X509");
+ 			goto out;
+ 		} else if ((der64 = base64buf_url(der, len)) == NULL) {
+-- 
+2.49.0
+