0035-acme-client-Fix-signed-ness-of-base64buf_url-input.patch (5352B)
1 From cc94758cade79724cc820e654ae12bee639c2692 Mon Sep 17 00:00:00 2001 2 From: Michael Forney <mforney@mforney.org> 3 Date: Fri, 23 Apr 2021 20:10:05 -0700 4 Subject: [PATCH] acme-client: Fix signed-ness of base64buf_url input 5 6 This make most of the pointer casts unnecessary. 7 --- 8 usr.sbin/acme-client/acctproc.c | 17 +++++++++-------- 9 usr.sbin/acme-client/base64.c | 2 +- 10 usr.sbin/acme-client/extern.h | 2 +- 11 usr.sbin/acme-client/keyproc.c | 5 +++-- 12 usr.sbin/acme-client/revokeproc.c | 6 ++++-- 13 5 files changed, 18 insertions(+), 14 deletions(-) 14 15 diff --git a/usr.sbin/acme-client/acctproc.c b/usr.sbin/acme-client/acctproc.c 16 index e3a0eb64dec..23d8a1c3a33 100644 17 --- a/usr.sbin/acme-client/acctproc.c 18 +++ b/usr.sbin/acme-client/acctproc.c 19 @@ -43,8 +43,9 @@ 20 static char * 21 bn2string(const BIGNUM *bn) 22 { 23 - int len; 24 - char *buf, *bbuf; 25 + int len; 26 + unsigned char *buf; 27 + char *bbuf; 28 29 /* Extract big-endian representation of BIGNUM. */ 30 31 @@ -52,7 +53,7 @@ bn2string(const BIGNUM *bn) 32 if ((buf = malloc(len)) == NULL) { 33 warn("malloc"); 34 return NULL; 35 - } else if (len != BN_bn2bin(bn, (unsigned char *)buf)) { 36 + } else if (len != BN_bn2bin(bn, buf)) { 37 warnx("BN_bn2bin"); 38 free(buf); 39 return NULL; 40 @@ -168,7 +169,7 @@ op_thumbprint(int fd, EVP_PKEY *pkey) 41 warnx("EVP_Digest"); 42 goto out; 43 } 44 - if ((dig64 = base64buf_url((char *)dig, digsz)) == NULL) { 45 + if ((dig64 = base64buf_url(dig, digsz)) == NULL) { 46 warnx("base64buf_url"); 47 goto out; 48 } 49 @@ -282,7 +283,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op) 50 51 /* Base64-encode the payload. */ 52 53 - if ((pay64 = base64buf_url(pay, strlen(pay))) == NULL) { 54 + if ((pay64 = base64buf_url((unsigned char *)pay, strlen(pay))) == NULL) { 55 warnx("base64buf_url"); 56 goto out; 57 } 58 @@ -325,7 +326,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op) 59 60 /* The header combined with the nonce, base64. */ 61 62 - if ((prot64 = base64buf_url(prot, strlen(prot))) == NULL) { 63 + if ((prot64 = base64buf_url((unsigned char *)prot, strlen(prot))) == NULL) { 64 warnx("base64buf_url"); 65 goto out; 66 } 67 @@ -364,7 +365,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op) 68 69 switch (EVP_PKEY_base_id(pkey)) { 70 case EVP_PKEY_RSA: 71 - if ((dig64 = base64buf_url((char *)dig, digsz)) == NULL) { 72 + if ((dig64 = base64buf_url(dig, digsz)) == NULL) { 73 warnx("base64buf_url"); 74 goto out; 75 } 76 @@ -403,7 +404,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op) 77 goto out; 78 } 79 80 - if ((dig64 = base64buf_url((char *)buf, 2 * bn_len)) == NULL) { 81 + if ((dig64 = base64buf_url(buf, 2 * bn_len)) == NULL) { 82 warnx("base64buf_url"); 83 goto out; 84 } 85 diff --git a/usr.sbin/acme-client/base64.c b/usr.sbin/acme-client/base64.c 86 index 2b6377f0d81..0d84ad4b458 100644 87 --- a/usr.sbin/acme-client/base64.c 88 +++ b/usr.sbin/acme-client/base64.c 89 @@ -39,7 +39,7 @@ base64len(size_t len) 90 * Returns NULL on allocation failure (not logged). 91 */ 92 char * 93 -base64buf_url(const char *data, size_t len) 94 +base64buf_url(const unsigned char *data, size_t len) 95 { 96 size_t i, sz; 97 char *buf; 98 diff --git a/usr.sbin/acme-client/extern.h b/usr.sbin/acme-client/extern.h 99 index 32d4b4b3d85..701733df786 100644 100 --- a/usr.sbin/acme-client/extern.h 101 +++ b/usr.sbin/acme-client/extern.h 102 @@ -245,7 +245,7 @@ int checkexit_ext(int *, pid_t, enum comp); 103 */ 104 size_t base64buf(char *, const char *, size_t); 105 size_t base64len(size_t); 106 -char *base64buf_url(const char *, size_t); 107 +char *base64buf_url(const unsigned char *, size_t); 108 109 /* 110 * JSON parsing routines. 111 diff --git a/usr.sbin/acme-client/keyproc.c b/usr.sbin/acme-client/keyproc.c 112 index a3b6666c279..f0df9f292d4 100644 113 --- a/usr.sbin/acme-client/keyproc.c 114 +++ b/usr.sbin/acme-client/keyproc.c 115 @@ -77,7 +77,8 @@ int 116 keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz, 117 enum keytype keytype) 118 { 119 - char *der64 = NULL, *der = NULL, *dercp; 120 + char *der64 = NULL; 121 + unsigned char *der = NULL, *dercp; 122 char *sans = NULL, *san = NULL; 123 FILE *f; 124 size_t i, sansz; 125 @@ -238,7 +239,7 @@ keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz, 126 } else if ((der = dercp = malloc(len)) == NULL) { 127 warn("malloc"); 128 goto out; 129 - } else if (len != i2d_X509_REQ(x, (u_char **)&dercp)) { 130 + } else if (len != i2d_X509_REQ(x, &dercp)) { 131 warnx("i2d_X509_REQ"); 132 goto out; 133 } else if ((der64 = base64buf_url(der, len)) == NULL) { 134 diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c 135 index 0f1bf32678b..58e81233f1a 100644 136 --- a/usr.sbin/acme-client/revokeproc.c 137 +++ b/usr.sbin/acme-client/revokeproc.c 138 @@ -63,7 +63,9 @@ revokeproc(int fd, const char *certfile, int force, 139 int revocate, const char *const *alts, size_t altsz) 140 { 141 GENERAL_NAMES *sans = NULL; 142 - char *der = NULL, *dercp, *der64 = NULL; 143 + unsigned char *der = NULL, *dercp; 144 + char *der64 = NULL; 145 + char *san = NULL, *str, *tok; 146 int rc = 0, cc, i, len; 147 size_t *found = NULL; 148 FILE *f = NULL; 149 @@ -240,7 +242,7 @@ revokeproc(int fd, const char *certfile, int force, 150 } else if ((der = dercp = malloc(len)) == NULL) { 151 warn("malloc"); 152 goto out; 153 - } else if (len != i2d_X509(x, (u_char **)&dercp)) { 154 + } else if (len != i2d_X509(x, &dercp)) { 155 warnx("i2d_X509"); 156 goto out; 157 } else if ((der64 = base64buf_url(der, len)) == NULL) { 158 -- 159 2.37.3 160