1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
From 67ffb8812ee7ac5fe23a5149ff643d1f392fb1f5 Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Fri, 23 Apr 2021 20:10:05 -0700
Subject: [PATCH] acme-client: Fix signed-ness of base64buf_url input
This make most of the pointer casts unnecessary.
---
usr.sbin/acme-client/acctproc.c | 17 +++++++++--------
usr.sbin/acme-client/base64.c | 2 +-
usr.sbin/acme-client/extern.h | 2 +-
usr.sbin/acme-client/keyproc.c | 5 +++--
usr.sbin/acme-client/revokeproc.c | 6 ++++--
5 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/usr.sbin/acme-client/acctproc.c b/usr.sbin/acme-client/acctproc.c
index da3d49107ae..9e97a8bb760 100644
--- a/usr.sbin/acme-client/acctproc.c
+++ b/usr.sbin/acme-client/acctproc.c
@@ -42,8 +42,9 @@
static char *
bn2string(const BIGNUM *bn)
{
- int len;
- char *buf, *bbuf;
+ int len;
+ unsigned char *buf;
+ char *bbuf;
/* Extract big-endian representation of BIGNUM. */
@@ -51,7 +52,7 @@ bn2string(const BIGNUM *bn)
if ((buf = malloc(len)) == NULL) {
warn("malloc");
return NULL;
- } else if (len != BN_bn2bin(bn, (unsigned char *)buf)) {
+ } else if (len != BN_bn2bin(bn, buf)) {
warnx("BN_bn2bin");
free(buf);
return NULL;
@@ -167,7 +168,7 @@ op_thumbprint(int fd, EVP_PKEY *pkey)
warnx("EVP_Digest");
goto out;
}
- if ((dig64 = base64buf_url((char *)dig, digsz)) == NULL) {
+ if ((dig64 = base64buf_url(dig, digsz)) == NULL) {
warnx("base64buf_url");
goto out;
}
@@ -281,7 +282,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
/* Base64-encode the payload. */
- if ((pay64 = base64buf_url(pay, strlen(pay))) == NULL) {
+ if ((pay64 = base64buf_url((unsigned char *)pay, strlen(pay))) == NULL) {
warnx("base64buf_url");
goto out;
}
@@ -324,7 +325,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
/* The header combined with the nonce, base64. */
- if ((prot64 = base64buf_url(prot, strlen(prot))) == NULL) {
+ if ((prot64 = base64buf_url((unsigned char *)prot, strlen(prot))) == NULL) {
warnx("base64buf_url");
goto out;
}
@@ -363,7 +364,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
switch (EVP_PKEY_base_id(pkey)) {
case EVP_PKEY_RSA:
- if ((dig64 = base64buf_url((char *)dig, digsz)) == NULL) {
+ if ((dig64 = base64buf_url(dig, digsz)) == NULL) {
warnx("base64buf_url");
goto out;
}
@@ -402,7 +403,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
goto out;
}
- if ((dig64 = base64buf_url((char *)buf, 2 * bn_len)) == NULL) {
+ if ((dig64 = base64buf_url(buf, 2 * bn_len)) == NULL) {
warnx("base64buf_url");
goto out;
}
diff --git a/usr.sbin/acme-client/base64.c b/usr.sbin/acme-client/base64.c
index 2b6377f0d81..0d84ad4b458 100644
--- a/usr.sbin/acme-client/base64.c
+++ b/usr.sbin/acme-client/base64.c
@@ -39,7 +39,7 @@ base64len(size_t len)
* Returns NULL on allocation failure (not logged).
*/
char *
-base64buf_url(const char *data, size_t len)
+base64buf_url(const unsigned char *data, size_t len)
{
size_t i, sz;
char *buf;
diff --git a/usr.sbin/acme-client/extern.h b/usr.sbin/acme-client/extern.h
index 915f80e3992..5b0950b0693 100644
--- a/usr.sbin/acme-client/extern.h
+++ b/usr.sbin/acme-client/extern.h
@@ -244,7 +244,7 @@ int checkexit_ext(int *, pid_t, enum comp);
* Returns a buffer or NULL on allocation error.
*/
size_t base64len(size_t);
-char *base64buf_url(const char *, size_t);
+char *base64buf_url(const unsigned char *, size_t);
/*
* JSON parsing routines.
diff --git a/usr.sbin/acme-client/keyproc.c b/usr.sbin/acme-client/keyproc.c
index a3b6666c279..f0df9f292d4 100644
--- a/usr.sbin/acme-client/keyproc.c
+++ b/usr.sbin/acme-client/keyproc.c
@@ -77,7 +77,8 @@ int
keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
enum keytype keytype)
{
- char *der64 = NULL, *der = NULL, *dercp;
+ char *der64 = NULL;
+ unsigned char *der = NULL, *dercp;
char *sans = NULL, *san = NULL;
FILE *f;
size_t i, sansz;
@@ -238,7 +239,7 @@ keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
} else if ((der = dercp = malloc(len)) == NULL) {
warn("malloc");
goto out;
- } else if (len != i2d_X509_REQ(x, (u_char **)&dercp)) {
+ } else if (len != i2d_X509_REQ(x, &dercp)) {
warnx("i2d_X509_REQ");
goto out;
} else if ((der64 = base64buf_url(der, len)) == NULL) {
diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c
index 0f1bf32678b..58e81233f1a 100644
--- a/usr.sbin/acme-client/revokeproc.c
+++ b/usr.sbin/acme-client/revokeproc.c
@@ -63,7 +63,9 @@ revokeproc(int fd, const char *certfile, int force,
int revocate, const char *const *alts, size_t altsz)
{
GENERAL_NAMES *sans = NULL;
- char *der = NULL, *dercp, *der64 = NULL;
+ unsigned char *der = NULL, *dercp;
+ char *der64 = NULL;
+ char *san = NULL, *str, *tok;
int rc = 0, cc, i, len;
size_t *found = NULL;
FILE *f = NULL;
@@ -240,7 +242,7 @@ revokeproc(int fd, const char *certfile, int force,
} else if ((der = dercp = malloc(len)) == NULL) {
warn("malloc");
goto out;
- } else if (len != i2d_X509(x, (u_char **)&dercp)) {
+ } else if (len != i2d_X509(x, &dercp)) {
warnx("i2d_X509");
goto out;
} else if ((der64 = base64buf_url(der, len)) == NULL) {
--
2.49.0
|
