0034-acme-client-Fix-signed-ness-of-base64buf_url-input.patch - oasis - Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>)

0034-acme-client-Fix-signed-ness-of-base64buf_url-input.patch (5351B)

From 67ffb8812ee7ac5fe23a5149ff643d1f392fb1f5 Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Fri, 23 Apr 2021 20:10:05 -0700
Subject: [PATCH] acme-client: Fix signed-ness of base64buf_url input
This make most of the pointer casts unnecessary.
---
 usr.sbin/acme-client/acctproc.c   | 17 +++++++++--------
 usr.sbin/acme-client/base64.c     |  2 +-
 usr.sbin/acme-client/extern.h     |  2 +-
 usr.sbin/acme-client/keyproc.c    |  5 +++--
 usr.sbin/acme-client/revokeproc.c |  6 ++++--
 5 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/usr.sbin/acme-client/acctproc.c b/usr.sbin/acme-client/acctproc.c
index da3d49107ae..9e97a8bb760 100644
--- a/usr.sbin/acme-client/acctproc.c
+++ b/usr.sbin/acme-client/acctproc.c
@@ -42,8 +42,9 @@
 static char *
 bn2string(const BIGNUM *bn)
 {
-	int	 len;
-	char	*buf, *bbuf;
+	int		 len;
+	unsigned char	*buf;
+	char		*bbuf;
 
 	/* Extract big-endian representation of BIGNUM. */
 
@@ -51,7 +52,7 @@ bn2string(const BIGNUM *bn)
 	if ((buf = malloc(len)) == NULL) {
 		warn("malloc");
 		return NULL;
-	} else if (len != BN_bn2bin(bn, (unsigned char *)buf)) {
+	} else if (len != BN_bn2bin(bn, buf)) {
 		warnx("BN_bn2bin");
 		free(buf);
 		return NULL;
@@ -167,7 +168,7 @@ op_thumbprint(int fd, EVP_PKEY *pkey)
 		warnx("EVP_Digest");
 		goto out;
 	}
-	if ((dig64 = base64buf_url((char *)dig, digsz)) == NULL) {
+	if ((dig64 = base64buf_url(dig, digsz)) == NULL) {
 		warnx("base64buf_url");
 		goto out;
 	}
@@ -281,7 +282,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
 
 	/* Base64-encode the payload. */
 
-	if ((pay64 = base64buf_url(pay, strlen(pay))) == NULL) {
+	if ((pay64 = base64buf_url((unsigned char *)pay, strlen(pay))) == NULL) {
 		warnx("base64buf_url");
 		goto out;
 	}
@@ -324,7 +325,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
 
 	/* The header combined with the nonce, base64. */
 
-	if ((prot64 = base64buf_url(prot, strlen(prot))) == NULL) {
+	if ((prot64 = base64buf_url((unsigned char *)prot, strlen(prot))) == NULL) {
 		warnx("base64buf_url");
 		goto out;
 	}
@@ -363,7 +364,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
 
 	switch (EVP_PKEY_base_id(pkey)) {
 	case EVP_PKEY_RSA:
-		if ((dig64 = base64buf_url((char *)dig, digsz)) == NULL) {
+		if ((dig64 = base64buf_url(dig, digsz)) == NULL) {
 			warnx("base64buf_url");
 			goto out;
 		}
@@ -402,7 +403,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
 			goto out;
 		}
 
-		if ((dig64 = base64buf_url((char *)buf, 2 * bn_len)) == NULL) {
+		if ((dig64 = base64buf_url(buf, 2 * bn_len)) == NULL) {
 			warnx("base64buf_url");
 			goto out;
 		}
diff --git a/usr.sbin/acme-client/base64.c b/usr.sbin/acme-client/base64.c
index 2b6377f0d81..0d84ad4b458 100644
--- a/usr.sbin/acme-client/base64.c
+++ b/usr.sbin/acme-client/base64.c
@@ -39,7 +39,7 @@ base64len(size_t len)
  * Returns NULL on allocation failure (not logged).
  */
 char *
-base64buf_url(const char *data, size_t len)
+base64buf_url(const unsigned char *data, size_t len)
 {
 	size_t	 i, sz;
 	char	*buf;
diff --git a/usr.sbin/acme-client/extern.h b/usr.sbin/acme-client/extern.h
index 915f80e3992..5b0950b0693 100644
--- a/usr.sbin/acme-client/extern.h
+++ b/usr.sbin/acme-client/extern.h
@@ -244,7 +244,7 @@ int		 checkexit_ext(int *, pid_t, enum comp);
  * Returns a buffer or NULL on allocation error.
  */
 size_t		 base64len(size_t);
-char		*base64buf_url(const char *, size_t);
+char		*base64buf_url(const unsigned char *, size_t);
 
 /*
  * JSON parsing routines.
diff --git a/usr.sbin/acme-client/keyproc.c b/usr.sbin/acme-client/keyproc.c
index a3b6666c279..f0df9f292d4 100644
--- a/usr.sbin/acme-client/keyproc.c
+++ b/usr.sbin/acme-client/keyproc.c
@@ -77,7 +77,8 @@ int
 keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
     enum keytype keytype)
 {
-	char		*der64 = NULL, *der = NULL, *dercp;
+	char		*der64 = NULL;
+	unsigned char	*der = NULL, *dercp;
 	char		*sans = NULL, *san = NULL;
 	FILE		*f;
 	size_t		 i, sansz;
@@ -238,7 +239,7 @@ keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
 	} else if ((der = dercp = malloc(len)) == NULL) {
 		warn("malloc");
 		goto out;
-	} else if (len != i2d_X509_REQ(x, (u_char **)&dercp)) {
+	} else if (len != i2d_X509_REQ(x, &dercp)) {
 		warnx("i2d_X509_REQ");
 		goto out;
 	} else if ((der64 = base64buf_url(der, len)) == NULL) {
diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c
index 0f1bf32678b..58e81233f1a 100644
--- a/usr.sbin/acme-client/revokeproc.c
+++ b/usr.sbin/acme-client/revokeproc.c
@@ -63,7 +63,9 @@ revokeproc(int fd, const char *certfile, int force,
     int revocate, const char *const *alts, size_t altsz)
 {
 	GENERAL_NAMES			*sans = NULL;
-	char				*der = NULL, *dercp, *der64 = NULL;
+	unsigned char			*der = NULL, *dercp;
+	char				*der64 = NULL;
+	char				*san = NULL, *str, *tok;
 	int				 rc = 0, cc, i, len;
 	size_t				*found = NULL;
 	FILE				*f = NULL;
@@ -240,7 +242,7 @@ revokeproc(int fd, const char *certfile, int force,
 		} else if ((der = dercp = malloc(len)) == NULL) {
 			warn("malloc");
 			goto out;
-		} else if (len != i2d_X509(x, (u_char **)&dercp)) {
+		} else if (len != i2d_X509(x, &dercp)) {
 			warnx("i2d_X509");
 			goto out;
 		} else if ((der64 = base64buf_url(der, len)) == NULL) {
-- 
2.49.0