Update API to use (char *) for email addresses and hostnames
authorViktor Dukhovni <ietf-dane@dukhovni.org>
Mon, 7 Jul 2014 09:11:38 +0000 (19:11 +1000)
committerViktor Dukhovni <ietf-dane@dukhovni.org>
Mon, 7 Jul 2014 09:20:34 +0000 (19:20 +1000)
Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().

(cherry picked from commit 297c67fcd817ea643de2fdeff4e434b050d571e2)

12 files changed:
apps/apps.c
apps/apps.h
apps/x509.c
crypto/x509/vpm_int.h
crypto/x509/x509_vfy.c
crypto/x509/x509_vfy.h
crypto/x509/x509_vpm.c
crypto/x509v3/v3_utl.c
crypto/x509v3/v3nametest.c
crypto/x509v3/x509v3.h
doc/crypto/X509_VERIFY_PARAM_set_flags.pod
doc/crypto/X509_check_host.pod

index cf2175ab0b706a05fe4511b73fe49e321506c50d..235ede450d98c7d6c84d37425fc3b1be98e51623 100644 (file)
@@ -2385,7 +2385,8 @@ int args_verify(char ***pargs, int *pargc,
        char **oldargs = *pargs;
        char *arg = **pargs, *argn = (*pargs)[1];
        time_t at_time = 0;
-       const unsigned char *hostname = NULL, *email = NULL;
+       char *hostname = NULL;
+       char *email = NULL;
        char *ipasc = NULL;
        if (!strcmp(arg, "-policy"))
                {
@@ -2464,14 +2465,14 @@ int args_verify(char ***pargs, int *pargc,
                {
                if (!argn)
                        *badarg = 1;
-               hostname = (unsigned char *)argn;
+               hostname = argn;
                (*pargs)++;
                }
        else if (strcmp(arg,"-verify_email") == 0)
                {
                if (!argn)
                        *badarg = 1;
-               email = (unsigned char *)argn;
+               email = argn;
                (*pargs)++;
                }
        else if (strcmp(arg,"-verify_ip") == 0)
@@ -2939,8 +2940,8 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
 #endif  /* ndef OPENSSL_NO_TLSEXT */
 
 void print_cert_checks(BIO *bio, X509 *x,
-                               const unsigned char *checkhost,
-                               const unsigned char *checkemail,
+                               const char *checkhost,
+                               const char *checkemail,
                                const char *checkip)
        {
        if (x == NULL)
index 5f083d409785e8001b138f82a07ca8cc7a59e344..cf2ad5d6f43e8da82d1c2f01f3b4eef2e43b30de 100644 (file)
@@ -342,8 +342,8 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
 #endif  /* ndef OPENSSL_NO_TLSEXT */
 
 void print_cert_checks(BIO *bio, X509 *x,
-                               const unsigned char *checkhost,
-                               const unsigned char *checkemail,
+                               const char *checkhost,
+                               const char *checkemail,
                                const char *checkip);
 
 void store_setup_crl_download(X509_STORE *st);
index 1b612d17d41d01ebbfd921654b12dac664225563..3bb261010f9a6f10d0401603211ab74ac89be474 100644 (file)
@@ -214,7 +214,8 @@ int MAIN(int argc, char **argv)
        int need_rand = 0;
        int checkend=0,checkoffset=0;
        unsigned long nmflag = 0, certflag = 0;
-       unsigned char *checkhost = NULL, *checkemail = NULL;
+       char *checkhost = NULL;
+       char *checkemail = NULL;
        char *checkip = NULL;
 #ifndef OPENSSL_NO_ENGINE
        char *engine=NULL;
@@ -474,12 +475,12 @@ int MAIN(int argc, char **argv)
                else if (strcmp(*argv,"-checkhost") == 0)
                        {
                        if (--argc < 1) goto bad;
-                       checkhost=(unsigned char *)*(++argv);
+                       checkhost=*(++argv);
                        }
                else if (strcmp(*argv,"-checkemail") == 0)
                        {
                        if (--argc < 1) goto bad;
-                       checkemail=(unsigned char *)*(++argv);
+                       checkemail=*(++argv);
                        }
                else if (strcmp(*argv,"-checkip") == 0)
                        {
index 4ec629f710b9704dd3c3d4243a38727e69821b20..9edbd5ad4f5f4d2ff7498732f1eee373c4b02efb 100644 (file)
@@ -63,7 +63,7 @@ struct X509_VERIFY_PARAM_ID_st
        STACK_OF(OPENSSL_STRING) *hosts;        /* Set of acceptable names */
        unsigned int hostflags; /* Flags to control matching features */
        char *peername;         /* Matching hostname in peer certificate */
-       unsigned char *email;   /* If not NULL email address to match */
+       char *email;            /* If not NULL email address to match */
        size_t emaillen;
        unsigned char *ip;      /* If not NULL IP address to match */
        size_t iplen;           /* Length of IP address */
index ebf1b025e797b9612cb5f5bb7868c2fd8069606c..5aafa90b1d52a06c676677ae65bced15c991475a 100644 (file)
@@ -723,11 +723,11 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
        {
        int i;
        int n = sk_OPENSSL_STRING_num(id->hosts);
-       unsigned char *name;
+       char *name;
 
        for (i = 0; i < n; ++i)
                {
-               name = (unsigned char *)sk_OPENSSL_STRING_value(id->hosts, i);
+               name = sk_OPENSSL_STRING_value(id->hosts, i);
                if (X509_check_host(x, name, 0, id->hostflags,
                                    &id->peername) > 0)
                        return 1;
index 524d830df02e1852054a280902f50eb08b7b9539..06a75bfc9bf285328b34f8d4faca11fe2e446806 100644 (file)
@@ -559,14 +559,14 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
                                        STACK_OF(ASN1_OBJECT) *policies);
 
 int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
-                               const unsigned char *name, size_t namelen);
+                               const char *name, size_t namelen);
 int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
-                               const unsigned char *name, size_t namelen);
+                               const char *name, size_t namelen);
 void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
                                        unsigned int flags);
 char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
 int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
-                               const unsigned char *email, size_t emaillen);
+                               const char *email, size_t emaillen);
 int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
                                        const unsigned char *ip, size_t iplen);
 int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);
index 1d5434aa7582545b53ef75bbd524d134bc2d75c6..6a6f5051b38e67c858e31f0ee9486cd18206b67f 100644 (file)
@@ -78,7 +78,7 @@ static void str_free(char *s) { OPENSSL_free(s); }
 #define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free)
 
 static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
-                                   const unsigned char *name, size_t namelen)
+                                   const char *name, size_t namelen)
        {
        char *copy;
 
@@ -87,7 +87,7 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
         * XXX: Do we need to push an error onto the error stack?
         */
        if (namelen == 0)
-               namelen = name ? strlen((char *)name) : 0;
+               namelen = name ? strlen(name) : 0;
        else if (name && memchr(name, '\0', namelen > 1 ? namelen-1 : namelen))
                 return 0;
        if (name && name[namelen-1] == '\0')
@@ -101,7 +101,7 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
        if (name == NULL || namelen == 0)
                return 1;
 
-       copy = BUF_strndup((char *)name, namelen);
+       copy = BUF_strndup(name, namelen);
        if (copy == NULL)
                return 0;
 
@@ -338,16 +338,16 @@ int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
        return ret;
        }
 
-static int int_x509_param_set1(unsigned char **pdest, size_t *pdestlen,
-                               const unsigned char *src, size_t srclen)
+static int int_x509_param_set1(char **pdest, size_t *pdestlen,
+                               const char *src, size_t srclen)
        {
        void *tmp;
        if (src)
                {
                if (srclen == 0)
                        {
-                       tmp = BUF_strdup((char *)src);
-                       srclen = strlen((char *)src);
+                       tmp = BUF_strdup(src);
+                       srclen = strlen(src);
                        }
                else
                        tmp = BUF_memdup(src, srclen);
@@ -467,13 +467,13 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
        }
 
 int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
-                               const unsigned char *name, size_t namelen)
+                               const char *name, size_t namelen)
        {
        return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen);
        }
 
 int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
-                               const unsigned char *name, size_t namelen)
+                               const char *name, size_t namelen)
        {
        return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen);
        }
@@ -490,7 +490,7 @@ char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
        }
 
 int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
-                               const unsigned char *email, size_t emaillen)
+                               const char *email, size_t emaillen)
        {
        return int_x509_param_set1(&param->id->email, &param->id->emaillen,
                                        email, emaillen);
@@ -501,17 +501,19 @@ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
        {
        if (iplen != 0 && iplen != 4 && iplen != 16)
                return 0;
-       return int_x509_param_set1(&param->id->ip, &param->id->iplen, ip, iplen);
+       return int_x509_param_set1((char **)&param->id->ip, &param->id->iplen,
+                                  (char *)ip, iplen);
        }
 
 int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
        {
        unsigned char ipout[16];
-       int iplen;
-       iplen = a2i_ipadd(ipout, ipasc);
+       size_t iplen;
+
+       iplen = (size_t) a2i_ipadd(ipout, ipasc);
        if (iplen == 0)
                return 0;
-       return X509_VERIFY_PARAM_set1_ip(param, ipout, (size_t)iplen);
+       return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
        }
 
 int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
index 981e6020371547d09f6833331bc8b219d6910785..75efd9912aef29f5bd23402507b8441526210231 100644 (file)
@@ -852,8 +852,7 @@ static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
  */
 
 static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
-                               unsigned int flags,
-                               const unsigned char *b, size_t blen,
+                               unsigned int flags, const char *b, size_t blen,
                                char **peername)
        {
        int rv = 0;
@@ -865,7 +864,8 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
                if (cmp_type != a->type)
                        return 0;
                if (cmp_type == V_ASN1_IA5STRING)
-                       rv = equal(a->data, a->length, b, blen, flags);
+                       rv = equal(a->data, a->length,
+                                  (unsigned char *)b, blen, flags);
                else if (a->length == (int)blen && !memcmp(a->data, b, blen))
                        rv = 1;
                if (rv > 0 && peername)
@@ -878,7 +878,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
                astrlen = ASN1_STRING_to_UTF8(&astr, a);
                if (astrlen < 0)
                        return -1;
-               rv = equal(astr, astrlen, b, blen, flags);
+               rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
                OPENSSL_free(astr);
                if (rv > 0 && peername)
                        *peername = BUF_strndup((char *)astr, astrlen);
@@ -886,7 +886,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
        return rv;
        }
 
-static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
+static int do_x509_check(X509 *x, const char *chk, size_t chklen,
                                        unsigned int flags, int check_type,
                                        char **peername)
        {
@@ -927,7 +927,7 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
                }
 
        if (chklen == 0)
-               chklen = strlen((const char *)chk);
+               chklen = strlen(chk);
 
        gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
        if (gens)
@@ -975,8 +975,8 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
        return 0;
        }
 
-int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
-                                       unsigned int flags, char **peername)
+int X509_check_host(X509 *x, const char *chk, size_t chklen,
+                       unsigned int flags, char **peername)
        {
        if (chk == NULL)
                return -2;
@@ -986,7 +986,7 @@ int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
         * NUL in string length).
         */
        if (chklen == 0)
-               chklen = strlen((char *)chk);
+               chklen = strlen(chk);
        else if (memchr(chk, '\0', chklen > 1 ? chklen-1 : chklen))
                return -2;
        if (chklen > 1 && chk[chklen-1] == '\0')
@@ -994,8 +994,8 @@ int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
        return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
        }
 
-int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
-                                       unsigned int flags)
+int X509_check_email(X509 *x, const char *chk, size_t chklen,
+                       unsigned int flags)
        {
        if (chk == NULL)
                return -2;
@@ -1018,19 +1018,20 @@ int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
        {
        if (chk == NULL)
                return -2;
-       return do_x509_check(x, chk, chklen, flags, GEN_IPADD, NULL);
+       return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL);
        }
 
 int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags)
        {
        unsigned char ipout[16];
-       int iplen;
+       size_t iplen;
+
        if (ipasc == NULL)
                return -2;
-       iplen = a2i_ipadd(ipout, ipasc);
+       iplen = (size_t) a2i_ipadd(ipout, ipasc);
        if (iplen == 0)
                return -2;
-       return do_x509_check(x, ipout, (size_t)iplen, flags, GEN_IPADD, NULL);
+       return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL);
        }
 
 /* Convert IP addresses both IPv4 and IPv6 into an 
index fc84b27c4117825147d9e3a9fc676fa2551cb1e1..dd5f9f8c42b2824631745a0146f5aaf2cad41fe1 100644 (file)
@@ -275,8 +275,7 @@ static void run_cert(X509 *crt, const char *nameincert,
                int match, ret;
                memcpy(name, *pname, namelen);
 
-               ret = X509_check_host(crt, (const unsigned char *)name,
-                                     namelen, 0, NULL);
+               ret = X509_check_host(crt, name, namelen, 0, NULL);
                match = -1;
                if (ret < 0)
                        {
@@ -294,9 +293,8 @@ static void run_cert(X509 *crt, const char *nameincert,
                        match = 1;
                check_message(fn, "host", nameincert, match, *pname);
 
-               ret = X509_check_host(crt, (const unsigned char *)name,
-                                     namelen, X509_CHECK_FLAG_NO_WILDCARDS,
-                                     NULL);
+               ret = X509_check_host(crt, name, namelen,
+                                     X509_CHECK_FLAG_NO_WILDCARDS, NULL);
                match = -1;
                if (ret < 0)
                        {
@@ -315,8 +313,7 @@ static void run_cert(X509 *crt, const char *nameincert,
                check_message(fn, "host-no-wildcards",
                              nameincert, match, *pname);
 
-               ret = X509_check_email(crt, (const unsigned char *)name,
-                                      namelen, 0);
+               ret = X509_check_email(crt, name, namelen, 0);
                match = -1;
                if (fn->email)
                        {
index c4fca800203961b0230d093c30d5d0b79cd0e015..051b250abf6030899906e8e42740907b9df633ba 100644 (file)
@@ -719,9 +719,9 @@ STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
  */
 #define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
 
-int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
+int X509_check_host(X509 *x, const char *chk, size_t chklen,
                                        unsigned int flags, char **peername);
-int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
+int X509_check_email(X509 *x, const char *chk, size_t chklen,
                                        unsigned int flags);
 int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
                                        unsigned int flags);
index f22dd80a9c7882195ef96102226ed8a5ea09d236..347d48dfec0ab75af04789f6f31c2508a81995db 100644 (file)
@@ -27,18 +27,17 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge
  int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
 
  int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
-                                const unsigned char *name, size_t namelen);
+                                const char *name, size_t namelen);
  int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
-                                 const unsigned char *name, size_t namelen);
+                                 const char *name, size_t namelen);
  void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
                                      unsigned int flags);
  char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param);
  int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
-                                const unsigned char *email, size_t emaillen);
+                                const char *email, size_t emaillen);
  int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
                               const unsigned char *ip, size_t iplen);
- int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
-                                  const char *ipasc);
+ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);
 
 =head1 DESCRIPTION
 
index 87ea54303af521a41f87a00fb2bb497cd2581714..56ea38de2f4edc499b901cbac36b51243cda0e8e 100644 (file)
@@ -8,12 +8,12 @@ X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 cert
 
  #include <openssl/x509.h>
 
- int X509_check_host(X509 *, const unsigned char *name,
-                     size_t namelen, unsigned int flags, char **peername);
- int X509_check_email(X509 *, const unsigned char *address,
-                     size_t addresslen, unsigned int flags);
- int X509_check_ip(X509 *, const unsigned char *address,
-                   size_t addresslen, unsigned int flags);
+ int X509_check_host(X509 *, const char *name, size_t namelen,
+                    unsigned int flags, char **peername);
+ int X509_check_email(X509 *, const char *address, size_t addresslen,
+                     unsigned int flags);
+ int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen,
+                  unsigned int flags);
  int X509_check_ip_asc(X509 *, const char *address, unsigned int flags);
 
 =head1 DESCRIPTION