Update API to use (char *) for email addresses and hostnames.
Reduces number of silly casts in OpenSSL code and likely most
applications. Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().
(Imported from upstream's e83c913723fac7432a7706812f12394aaa00e8ce.)
Change-Id: Id0fc11773a0cee8933978cd4bdbd8251fd7cfb5f
diff --git a/crypto/x509/vpm_int.h b/crypto/x509/vpm_int.h
index 4ec629f..9edbd5a 100644
--- a/crypto/x509/vpm_int.h
+++ b/crypto/x509/vpm_int.h
@@ -63,7 +63,7 @@
STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */
unsigned int hostflags; /* Flags to control matching features */
char *peername; /* Matching hostname in peer certificate */
- unsigned char *email; /* If not NULL email address to match */
+ char *email; /* If not NULL email address to match */
size_t emaillen;
unsigned char *ip; /* If not NULL IP address to match */
size_t iplen; /* Length of IP address */
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 5195019..28d2182 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -708,12 +708,12 @@
{
size_t i;
size_t n = sk_OPENSSL_STRING_num(id->hosts);
- unsigned char *name;
+ char *name;
for (i = 0; i < n; ++i)
{
- name = (unsigned char *)sk_OPENSSL_STRING_value(id->hosts, i);
- if (X509_check_host(x, name, strlen((const char*) name), id->hostflags,
+ name = sk_OPENSSL_STRING_value(id->hosts, i);
+ if (X509_check_host(x, name, strlen(name), id->hostflags,
&id->peername) > 0)
return 1;
}
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 37fd5b0..cf4283d 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -76,7 +76,7 @@
#define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free)
static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
- const unsigned char *name, size_t namelen)
+ const char *name, size_t namelen)
{
char *copy;
@@ -95,7 +95,7 @@
if (name == NULL || namelen == 0)
return 1;
- copy = BUF_strndup((char *)name, namelen);
+ copy = BUF_strndup(name, namelen);
if (copy == NULL)
return 0;
@@ -335,16 +335,16 @@
return ret;
}
-static int int_x509_param_set1(unsigned char **pdest, size_t *pdestlen,
- const unsigned char *src, size_t srclen)
+static int int_x509_param_set1(char **pdest, size_t *pdestlen,
+ const char *src, size_t srclen)
{
void *tmp;
if (src)
{
if (srclen == 0)
{
- tmp = BUF_strdup((char *)src);
- srclen = strlen((char *)src);
+ tmp = BUF_strdup(src);
+ srclen = strlen(src);
}
else
tmp = BUF_memdup(src, srclen);
@@ -464,13 +464,13 @@
}
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
- const unsigned char *name, size_t namelen)
+ const char *name, size_t namelen)
{
return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen);
}
int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
- const unsigned char *name, size_t namelen)
+ const char *name, size_t namelen)
{
return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen);
}
@@ -487,7 +487,7 @@
}
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
- const unsigned char *email, size_t emaillen)
+ const char *email, size_t emaillen)
{
return int_x509_param_set1(¶m->id->email, ¶m->id->emaillen,
email, emaillen);
@@ -498,17 +498,19 @@
{
if (iplen != 0 && iplen != 4 && iplen != 16)
return 0;
- return int_x509_param_set1(¶m->id->ip, ¶m->id->iplen, ip, iplen);
+ return int_x509_param_set1((char **)¶m->id->ip, ¶m->id->iplen,
+ (char *)ip, iplen);
}
int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
{
unsigned char ipout[16];
- int iplen;
- iplen = a2i_ipadd(ipout, ipasc);
+ size_t iplen;
+
+ iplen = (size_t) a2i_ipadd(ipout, ipasc);
if (iplen == 0)
return 0;
- return X509_VERIFY_PARAM_set1_ip(param, ipout, (size_t)iplen);
+ return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
}
int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 76ee8ae..1b24b42 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -850,8 +850,7 @@
*/
static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
- unsigned int flags,
- const unsigned char *b, size_t blen,
+ unsigned int flags, const char *b, size_t blen,
char **peername)
{
int rv = 0;
@@ -863,7 +862,8 @@
if (cmp_type != a->type)
return 0;
if (cmp_type == V_ASN1_IA5STRING)
- rv = equal(a->data, a->length, b, blen, flags);
+ rv = equal(a->data, a->length,
+ (unsigned char *)b, blen, flags);
else if (a->length == (int)blen && !memcmp(a->data, b, blen))
rv = 1;
if (rv > 0 && peername)
@@ -876,7 +876,7 @@
astrlen = ASN1_STRING_to_UTF8(&astr, a);
if (astrlen < 0)
return -1;
- rv = equal(astr, astrlen, b, blen, flags);
+ rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
OPENSSL_free(astr);
if (rv > 0 && peername)
*peername = BUF_strndup((char *)astr, astrlen);
@@ -884,7 +884,7 @@
return rv;
}
-static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
+static int do_x509_check(X509 *x, const char *chk, size_t chklen,
unsigned int flags, int check_type,
char **peername)
{
@@ -926,7 +926,7 @@
}
if (chklen == 0)
- chklen = strlen((const char *)chk);
+ chklen = strlen(chk);
gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
if (gens)
@@ -974,8 +974,8 @@
return 0;
}
-int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
- unsigned int flags, char **peername)
+int X509_check_host(X509 *x, const char *chk, size_t chklen,
+ unsigned int flags, char **peername)
{
if (chk == NULL)
return -2;
@@ -984,8 +984,8 @@
return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
}
-int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
- unsigned int flags)
+int X509_check_email(X509 *x, const char *chk, size_t chklen,
+ unsigned int flags)
{
if (chk == NULL)
return -2;
@@ -999,19 +999,20 @@
{
if (chk == NULL)
return -2;
- return do_x509_check(x, chk, chklen, flags, GEN_IPADD, NULL);
+ return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL);
}
int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags)
{
unsigned char ipout[16];
- int iplen;
+ size_t iplen;
+
if (ipasc == NULL)
return -2;
- iplen = a2i_ipadd(ipout, ipasc);
+ iplen = (size_t) a2i_ipadd(ipout, ipasc);
if (iplen == 0)
return -2;
- return do_x509_check(x, ipout, (size_t)iplen, flags, GEN_IPADD, NULL);
+ return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL);
}
/* Convert IP addresses both IPv4 and IPv6 into an
diff --git a/crypto/x509v3/v3nametest.c b/crypto/x509v3/v3nametest.c
index b38df97..b6d3632 100644
--- a/crypto/x509v3/v3nametest.c
+++ b/crypto/x509v3/v3nametest.c
@@ -332,8 +332,7 @@
int match, ret;
memcpy(name, *pname, namelen);
- ret = X509_check_host(crt, (const unsigned char *)name,
- namelen, 0, NULL);
+ ret = X509_check_host(crt, name, namelen, 0, NULL);
match = -1;
if (ret < 0)
{
@@ -351,9 +350,8 @@
match = 1;
check_message(fn, "host", nameincert, match, *pname);
- ret = X509_check_host(crt, (const unsigned char *)name,
- namelen, X509_CHECK_FLAG_NO_WILDCARDS,
- NULL);
+ ret = X509_check_host(crt, name, namelen,
+ X509_CHECK_FLAG_NO_WILDCARDS, NULL);
match = -1;
if (ret < 0)
{
@@ -372,8 +370,7 @@
check_message(fn, "host-no-wildcards",
nameincert, match, *pname);
- ret = X509_check_email(crt, (const unsigned char *)name,
- namelen, 0);
+ ret = X509_check_email(crt, name, namelen, 0);
match = -1;
if (fn->email)
{
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index fe319dc..af114eb 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -554,15 +554,15 @@
STACK_OF(ASN1_OBJECT) *policies);
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
- const unsigned char *name, size_t namelen);
+ const char *name, size_t namelen);
OPENSSL_EXPORT int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
- const unsigned char *name,
+ const char *name,
size_t namelen);
OPENSSL_EXPORT void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
unsigned int flags);
OPENSSL_EXPORT char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
- const unsigned char *email, size_t emaillen);
+ const char *email, size_t emaillen);
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
const unsigned char *ip, size_t iplen);
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index dcf105a..f44b804 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -713,9 +713,9 @@
*/
#define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
-OPENSSL_EXPORT int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
+OPENSSL_EXPORT int X509_check_host(X509 *x, const char *chk, size_t chklen,
unsigned int flags, char **peername);
-OPENSSL_EXPORT int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
+OPENSSL_EXPORT int X509_check_email(X509 *x, const char *chk, size_t chklen,
unsigned int flags);
OPENSSL_EXPORT int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
unsigned int flags);
