From 45ff9aa8ffc450f3f57dc25c6ff2c5c3d0657b7f Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 26 Aug 2020 15:36:41 -0400 Subject: [PATCH] Avoid unnecessary access of BoringSSL structs. Checking cert_info->key->algor->algorithm is redundant with the checks following it. If the public key is an EC key, that was the OID. Remove the check so this code does not break when BoringSSL makes the X509 structures opaque in the future. While we're not particularly aiming to make ECDSA_SIG opaque, getters exist, so go ahead and use them. Test: mm, treehugger Change-Id: I1b37fef2290b7697a6e821f20ba702b3da5ef18d --- identity/support/src/IdentityCredentialSupport.cpp | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/identity/support/src/IdentityCredentialSupport.cpp b/identity/support/src/IdentityCredentialSupport.cpp index e9d5d6c7cc..412f84dd32 100644 --- a/identity/support/src/IdentityCredentialSupport.cpp +++ b/identity/support/src/IdentityCredentialSupport.cpp @@ -1444,12 +1444,6 @@ optional> certificateChainGetTopMostKey(const vector& c return {}; } - int algoId = OBJ_obj2nid(certs[0]->cert_info->key->algor->algorithm); - if (algoId != NID_X9_62_id_ecPublicKey) { - LOG(ERROR) << "Expected NID_X9_62_id_ecPublicKey, got " << OBJ_nid2ln(algoId); - return {}; - } - auto pkey = EVP_PKEY_Ptr(X509_get_pubkey(certs[0].get())); if (pkey.get() == nullptr) { LOG(ERROR) << "No public key"; @@ -1563,11 +1557,11 @@ bool ecdsaSignatureDerToCose(const vector& ecdsaDerSignature, ecdsaCoseSignature.clear(); ecdsaCoseSignature.resize(64); - if (BN_bn2binpad(sig->r, ecdsaCoseSignature.data(), 32) != 32) { + if (BN_bn2binpad(ECDSA_SIG_get0_r(sig), ecdsaCoseSignature.data(), 32) != 32) { LOG(ERROR) << "Error encoding r"; return false; } - if (BN_bn2binpad(sig->s, ecdsaCoseSignature.data() + 32, 32) != 32) { + if (BN_bn2binpad(ECDSA_SIG_get0_s(sig), ecdsaCoseSignature.data() + 32, 32) != 32) { LOG(ERROR) << "Error encoding s"; return false; }