Avoid unnecessary access of BoringSSL structs.
Checking cert_info->key->algor->algorithm is redundant with the checks
following it. If the public key is an EC key, that was the OID. Remove
the check so this code does not break when BoringSSL makes the X509
structures opaque in the future.
While we're not particularly aiming to make ECDSA_SIG opaque, getters
exist, so go ahead and use them.
Test: mm, treehugger
Change-Id: I1b37fef2290b7697a6e821f20ba702b3da5ef18d
diff --git a/identity/support/src/IdentityCredentialSupport.cpp b/identity/support/src/IdentityCredentialSupport.cpp
index e9d5d6c..412f84d 100644
--- a/identity/support/src/IdentityCredentialSupport.cpp
+++ b/identity/support/src/IdentityCredentialSupport.cpp
@@ -1444,12 +1444,6 @@
return {};
}
- int algoId = OBJ_obj2nid(certs[0]->cert_info->key->algor->algorithm);
- if (algoId != NID_X9_62_id_ecPublicKey) {
- LOG(ERROR) << "Expected NID_X9_62_id_ecPublicKey, got " << OBJ_nid2ln(algoId);
- return {};
- }
-
auto pkey = EVP_PKEY_Ptr(X509_get_pubkey(certs[0].get()));
if (pkey.get() == nullptr) {
LOG(ERROR) << "No public key";
@@ -1563,11 +1557,11 @@
ecdsaCoseSignature.clear();
ecdsaCoseSignature.resize(64);
- if (BN_bn2binpad(sig->r, ecdsaCoseSignature.data(), 32) != 32) {
+ if (BN_bn2binpad(ECDSA_SIG_get0_r(sig), ecdsaCoseSignature.data(), 32) != 32) {
LOG(ERROR) << "Error encoding r";
return false;
}
- if (BN_bn2binpad(sig->s, ecdsaCoseSignature.data() + 32, 32) != 32) {
+ if (BN_bn2binpad(ECDSA_SIG_get0_s(sig), ecdsaCoseSignature.data() + 32, 32) != 32) {
LOG(ERROR) << "Error encoding s";
return false;
}