On 6/11/19 2:36 PM, Sebastian Benoit wrote:
Hi, some feedback below. Renaud: maybe wait for feedback from florian or gilles until acting on my comments, sometimes sending diffs to fast creates more work ;) /Benno
As suggested by benno@ removal of the global variable removal of KEYTYPE which was not used and was a leftover of a former patch define ECDSA_KEY to be more readable
Index: extern.h
===================================================================
RCS file: /cvs/src/usr.sbin/acme-client/extern.h,v
retrieving revision 1.13
diff -u -p -r1.13 extern.h
--- extern.h 12 Jun 2019 11:09:25 -0000 1.13
+++ extern.h 12 Jun 2019 12:27:03 -0000
@@ -207,7 +207,7 @@ int revokeproc(int, const char *, cons
int, int, const char *const *, size_t);
int fileproc(int, const char *, const char *, const char *,
const char *);
-int keyproc(int, const char *, const char **, size_t);
+int keyproc(int, const char *, const char **, size_t, int);
int netproc(int, int, int, int, int, int, int,
struct authority_c *, const char *const *,
size_t);
@@ -274,11 +274,6 @@ char *json_fmt_signed(const char *, con
* Should we print debugging messages?
*/
int verbose;
-
-/*
- * Should we switch to ecdsa?
- */
-int ecdsa;
/*
* What component is the process within (COMP__MAX for none)?
Index: keyproc.c
===================================================================
RCS file: /cvs/src/usr.sbin/acme-client/keyproc.c,v
retrieving revision 1.13
diff -u -p -r1.13 keyproc.c
--- keyproc.c 12 Jun 2019 11:09:25 -0000 1.13
+++ keyproc.c 12 Jun 2019 12:27:03 -0000
@@ -75,7 +75,8 @@ add_ext(STACK_OF(X509_EXTENSION) *sk, in
*/
int
keyproc(int netsock, const char *keyfile,
- const char **alts, size_t altsz)
+ const char **alts, size_t altsz,
+ const int keytype)
{
char *der64 = NULL, *der = NULL, *dercp;
char *sans = NULL, *san = NULL;
@@ -117,7 +118,7 @@ keyproc(int netsock, const char *keyfile
}
if (newkey) {
- if (ecdsa) {
+ if (keytype == ECDSA_KEY) {
if ((pkey = ec_key_create(f, keyfile)) == NULL)
goto out;
dodbg("%s: generated ECDSA domain key", keyfile);
Index: main.c
===================================================================
RCS file: /cvs/src/usr.sbin/acme-client/main.c,v
retrieving revision 1.48
diff -u -p -r1.48 main.c
--- main.c 12 Jun 2019 11:09:25 -0000 1.48
+++ main.c 12 Jun 2019 12:27:04 -0000
@@ -49,7 +49,6 @@ main(int argc, char *argv[])
int popts = 0;
pid_t pids[COMP__MAX];
extern int verbose;
- extern int ecdsa;
extern enum comp proccomp;
size_t i, altsz, ne;
@@ -148,10 +147,6 @@ main(int argc, char *argv[])
errx(EXIT_FAILURE, "authority %s not found", auth);
}
- if (domain->keytype == 1) {
- ecdsa = 1;
- }
-
acctkey = authority->account;
if ((chngdir = domain->challengedir) == NULL)
@@ -258,7 +253,8 @@ main(int argc, char *argv[])
close(file_fds[0]);
close(file_fds[1]);
c = keyproc(key_fds[0], domain->key,
- (const char **)alts, altsz);
+ (const char **)alts, altsz,
+ domain->keytype);
exit(c ? EXIT_SUCCESS : EXIT_FAILURE);
}
Index: parse.h
===================================================================
RCS file: /cvs/src/usr.sbin/acme-client/parse.h,v
retrieving revision 1.11
diff -u -p -r1.11 parse.h
--- parse.h 12 Jun 2019 11:09:25 -0000 1.11
+++ parse.h 12 Jun 2019 12:27:04 -0000
@@ -21,6 +21,7 @@
#define AUTH_MAXLEN 120 /* max length of an authority_c name */
#define DOMAIN_MAXLEN 255 /* max len of a domain name (rfc2181) */
+#define ECDSA_KEY 1
/*
* XXX other size limits needed?
Index: parse.y
===================================================================
RCS file: /cvs/src/usr.sbin/acme-client/parse.y,v
retrieving revision 1.35
diff -u -p -r1.35 parse.y
--- parse.y 12 Jun 2019 11:09:25 -0000 1.35
+++ parse.y 12 Jun 2019 12:27:04 -0000
@@ -100,7 +100,7 @@ typedef struct {
%}
%token AUTHORITY URL API ACCOUNT
-%token DOMAIN ALTERNATIVE NAMES CERT FULL CHAIN KEY SIGN WITH CHALLENGEDIR KEYTYPE
+%token DOMAIN ALTERNATIVE NAMES CERT FULL CHAIN KEY SIGN WITH CHALLENGEDIR
%token YES NO
%token INCLUDE
%token ERROR
@@ -261,10 +261,9 @@ domain : DOMAIN STRING {
;
keytype : RSA {
- domain->keytype = 0;
}
| ECDSA {
- domain->keytype = 1;
+ domain->keytype = ECDSA_KEY;
}
| /* nothing */
;
smime.p7s
Description: S/MIME Cryptographic Signature
