On Sat, May 02, 2026 at 07:09:37PM +0200, Florian Obser wrote:
> On 2026-05-01 14:09 +10, Jonathan Matthew <jonathan@d14n.org> wrote:
> > The ACME protocol includes a scheme allowing a client to bind an ACME
> > account key with a account in some non-ACME ("external") system run by
> > the CA.  This is described in section 7.3.4 of RFC 8555.  In short, the
> > CA gives you a key out-of-band and your ACME client HMACs your account
> > details with that key and sends that to the ACME server.
> 
> I know some of these words! My Joo Janta 200 conveniently turned black
> when looking at the acctproc changes. That stuff is certainly over my
> head. In the past tb@ pointed out the errors of my ways, maybe we can
> trick him into reviewing those bits.

I haven't checked against the spec, but it looks fine to me, just two
things:

> > +	/* sign with the EAB key */
> > +	dig = malloc(eab_key_len);
> > +	HMAC(EVP_sha256(), eab_key, eab_key_len, sign, sign_len, dig, &digsz);

Both malloc and HMAC should be error checked (against NULL).

> > @@ -630,6 +630,14 @@ json_fmt_newacc(const char *contact)
> >  			return NULL;
> >  		}
> >  	}
> > +	if (eab != NULL) {
> > +		char *ecnt = NULL;
> > +		c = asprintf(&ecnt, "%s\"externalAccountBinding\": %s, ",
> > +		    cnt == NULL ? "" : cnt, eab);

Pretty sure this should return NULL if c == -1.