From e83c913723fac7432a7706812f12394aaa00e8ce Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Mon, 7 Jul 2014 19:11:38 +1000 Subject: [PATCH] Update API to use (char *) for email addresses and hostnames Reduces number of silly casts in OpenSSL code and likely most applications. Consistent with (char *) for "peername" value from X509_check_host() and X509_VERIFY_PARAM_get0_peername(). (cherry picked from commit 297c67fcd817ea643de2fdeff4e434b050d571e2) --- apps/apps.c | 11 ++++---- apps/apps.h | 4 +-- apps/x509.c | 7 ++--- crypto/x509/vpm_int.h | 2 +- crypto/x509/x509_vfy.c | 4 +-- crypto/x509/x509_vfy.h | 6 ++--- crypto/x509/x509_vpm.c | 30 +++++++++++---------- crypto/x509v3/v3_utl.c | 31 +++++++++++----------- crypto/x509v3/v3nametest.c | 11 +++----- crypto/x509v3/x509v3.h | 4 +-- doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 9 +++---- doc/crypto/X509_check_host.pod | 12 ++++----- 12 files changed, 66 insertions(+), 65 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index cf2175ab0b..235ede450d 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2385,7 +2385,8 @@ int args_verify(char ***pargs, int *pargc, char **oldargs = *pargs; char *arg = **pargs, *argn = (*pargs)[1]; time_t at_time = 0; - const unsigned char *hostname = NULL, *email = NULL; + char *hostname = NULL; + char *email = NULL; char *ipasc = NULL; if (!strcmp(arg, "-policy")) { @@ -2464,14 +2465,14 @@ int args_verify(char ***pargs, int *pargc, { if (!argn) *badarg = 1; - hostname = (unsigned char *)argn; + hostname = argn; (*pargs)++; } else if (strcmp(arg,"-verify_email") == 0) { if (!argn) *badarg = 1; - email = (unsigned char *)argn; + email = argn; (*pargs)++; } else if (strcmp(arg,"-verify_ip") == 0) @@ -2939,8 +2940,8 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in) #endif /* ndef OPENSSL_NO_TLSEXT */ void print_cert_checks(BIO *bio, X509 *x, - const unsigned char *checkhost, - const unsigned char *checkemail, + const char *checkhost, + const char *checkemail, const char *checkip) { if (x == NULL) diff --git a/apps/apps.h b/apps/apps.h index 5f083d4097..cf2ad5d6f4 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -342,8 +342,8 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in); #endif /* ndef OPENSSL_NO_TLSEXT */ void print_cert_checks(BIO *bio, X509 *x, - const unsigned char *checkhost, - const unsigned char *checkemail, + const char *checkhost, + const char *checkemail, const char *checkip); void store_setup_crl_download(X509_STORE *st); diff --git a/apps/x509.c b/apps/x509.c index 1b612d17d4..3bb261010f 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -214,7 +214,8 @@ int MAIN(int argc, char **argv) int need_rand = 0; int checkend=0,checkoffset=0; unsigned long nmflag = 0, certflag = 0; - unsigned char *checkhost = NULL, *checkemail = NULL; + char *checkhost = NULL; + char *checkemail = NULL; char *checkip = NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; @@ -474,12 +475,12 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-checkhost") == 0) { if (--argc < 1) goto bad; - checkhost=(unsigned char *)*(++argv); + checkhost=*(++argv); } else if (strcmp(*argv,"-checkemail") == 0) { if (--argc < 1) goto bad; - checkemail=(unsigned char *)*(++argv); + checkemail=*(++argv); } else if (strcmp(*argv,"-checkip") == 0) { diff --git a/crypto/x509/vpm_int.h b/crypto/x509/vpm_int.h index 4ec629f710..9edbd5ad4f 100644 --- a/crypto/x509/vpm_int.h +++ b/crypto/x509/vpm_int.h @@ -63,7 +63,7 @@ struct X509_VERIFY_PARAM_ID_st STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ unsigned int hostflags; /* Flags to control matching features */ char *peername; /* Matching hostname in peer certificate */ - unsigned char *email; /* If not NULL email address to match */ + char *email; /* If not NULL email address to match */ size_t emaillen; unsigned char *ip; /* If not NULL IP address to match */ size_t iplen; /* Length of IP address */ diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index ebf1b025e7..5aafa90b1d 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -723,11 +723,11 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) { int i; int n = sk_OPENSSL_STRING_num(id->hosts); - unsigned char *name; + char *name; for (i = 0; i < n; ++i) { - name = (unsigned char *)sk_OPENSSL_STRING_value(id->hosts, i); + name = sk_OPENSSL_STRING_value(id->hosts, i); if (X509_check_host(x, name, 0, id->hostflags, &id->peername) > 0) return 1; diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index 524d830df0..06a75bfc9b 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -559,14 +559,14 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, STACK_OF(ASN1_OBJECT) *policies); int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const unsigned char *name, size_t namelen); + const char *name, size_t namelen); int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, - const unsigned char *name, size_t namelen); + const char *name, size_t namelen); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, - const unsigned char *email, size_t emaillen); + const char *email, size_t emaillen); int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, size_t iplen); int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 1d5434aa75..6a6f5051b3 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -78,7 +78,7 @@ static void str_free(char *s) { OPENSSL_free(s); } #define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free) static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode, - const unsigned char *name, size_t namelen) + const char *name, size_t namelen) { char *copy; @@ -87,7 +87,7 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode, * XXX: Do we need to push an error onto the error stack? */ if (namelen == 0) - namelen = name ? strlen((char *)name) : 0; + namelen = name ? strlen(name) : 0; else if (name && memchr(name, '\0', namelen > 1 ? namelen-1 : namelen)) return 0; if (name && name[namelen-1] == '\0') @@ -101,7 +101,7 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode, if (name == NULL || namelen == 0) return 1; - copy = BUF_strndup((char *)name, namelen); + copy = BUF_strndup(name, namelen); if (copy == NULL) return 0; @@ -338,16 +338,16 @@ int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, return ret; } -static int int_x509_param_set1(unsigned char **pdest, size_t *pdestlen, - const unsigned char *src, size_t srclen) +static int int_x509_param_set1(char **pdest, size_t *pdestlen, + const char *src, size_t srclen) { void *tmp; if (src) { if (srclen == 0) { - tmp = BUF_strdup((char *)src); - srclen = strlen((char *)src); + tmp = BUF_strdup(src); + srclen = strlen(src); } else tmp = BUF_memdup(src, srclen); @@ -467,13 +467,13 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, } int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const unsigned char *name, size_t namelen) + const char *name, size_t namelen) { return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen); } int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, - const unsigned char *name, size_t namelen) + const char *name, size_t namelen) { return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen); } @@ -490,7 +490,7 @@ char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) } int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, - const unsigned char *email, size_t emaillen) + const char *email, size_t emaillen) { return int_x509_param_set1(¶m->id->email, ¶m->id->emaillen, email, emaillen); @@ -501,17 +501,19 @@ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, { if (iplen != 0 && iplen != 4 && iplen != 16) return 0; - return int_x509_param_set1(¶m->id->ip, ¶m->id->iplen, ip, iplen); + return int_x509_param_set1((char **)¶m->id->ip, ¶m->id->iplen, + (char *)ip, iplen); } int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc) { unsigned char ipout[16]; - int iplen; - iplen = a2i_ipadd(ipout, ipasc); + size_t iplen; + + iplen = (size_t) a2i_ipadd(ipout, ipasc); if (iplen == 0) return 0; - return X509_VERIFY_PARAM_set1_ip(param, ipout, (size_t)iplen); + return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen); } int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 981e602037..75efd9912a 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -852,8 +852,7 @@ static int equal_wildcard(const unsigned char *pattern, size_t pattern_len, */ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, - unsigned int flags, - const unsigned char *b, size_t blen, + unsigned int flags, const char *b, size_t blen, char **peername) { int rv = 0; @@ -865,7 +864,8 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, if (cmp_type != a->type) return 0; if (cmp_type == V_ASN1_IA5STRING) - rv = equal(a->data, a->length, b, blen, flags); + rv = equal(a->data, a->length, + (unsigned char *)b, blen, flags); else if (a->length == (int)blen && !memcmp(a->data, b, blen)) rv = 1; if (rv > 0 && peername) @@ -878,7 +878,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, astrlen = ASN1_STRING_to_UTF8(&astr, a); if (astrlen < 0) return -1; - rv = equal(astr, astrlen, b, blen, flags); + rv = equal(astr, astrlen, (unsigned char *)b, blen, flags); OPENSSL_free(astr); if (rv > 0 && peername) *peername = BUF_strndup((char *)astr, astrlen); @@ -886,7 +886,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, return rv; } -static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen, +static int do_x509_check(X509 *x, const char *chk, size_t chklen, unsigned int flags, int check_type, char **peername) { @@ -927,7 +927,7 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen, } if (chklen == 0) - chklen = strlen((const char *)chk); + chklen = strlen(chk); gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); if (gens) @@ -975,8 +975,8 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen, return 0; } -int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, - unsigned int flags, char **peername) +int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername) { if (chk == NULL) return -2; @@ -986,7 +986,7 @@ int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, * NUL in string length). */ if (chklen == 0) - chklen = strlen((char *)chk); + chklen = strlen(chk); else if (memchr(chk, '\0', chklen > 1 ? chklen-1 : chklen)) return -2; if (chklen > 1 && chk[chklen-1] == '\0') @@ -994,8 +994,8 @@ int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername); } -int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen, - unsigned int flags) +int X509_check_email(X509 *x, const char *chk, size_t chklen, + unsigned int flags) { if (chk == NULL) return -2; @@ -1018,19 +1018,20 @@ int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, { if (chk == NULL) return -2; - return do_x509_check(x, chk, chklen, flags, GEN_IPADD, NULL); + return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL); } int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags) { unsigned char ipout[16]; - int iplen; + size_t iplen; + if (ipasc == NULL) return -2; - iplen = a2i_ipadd(ipout, ipasc); + iplen = (size_t) a2i_ipadd(ipout, ipasc); if (iplen == 0) return -2; - return do_x509_check(x, ipout, (size_t)iplen, flags, GEN_IPADD, NULL); + return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL); } /* Convert IP addresses both IPv4 and IPv6 into an diff --git a/crypto/x509v3/v3nametest.c b/crypto/x509v3/v3nametest.c index fc84b27c41..dd5f9f8c42 100644 --- a/crypto/x509v3/v3nametest.c +++ b/crypto/x509v3/v3nametest.c @@ -275,8 +275,7 @@ static void run_cert(X509 *crt, const char *nameincert, int match, ret; memcpy(name, *pname, namelen); - ret = X509_check_host(crt, (const unsigned char *)name, - namelen, 0, NULL); + ret = X509_check_host(crt, name, namelen, 0, NULL); match = -1; if (ret < 0) { @@ -294,9 +293,8 @@ static void run_cert(X509 *crt, const char *nameincert, match = 1; check_message(fn, "host", nameincert, match, *pname); - ret = X509_check_host(crt, (const unsigned char *)name, - namelen, X509_CHECK_FLAG_NO_WILDCARDS, - NULL); + ret = X509_check_host(crt, name, namelen, + X509_CHECK_FLAG_NO_WILDCARDS, NULL); match = -1; if (ret < 0) { @@ -315,8 +313,7 @@ static void run_cert(X509 *crt, const char *nameincert, check_message(fn, "host-no-wildcards", nameincert, match, *pname); - ret = X509_check_email(crt, (const unsigned char *)name, - namelen, 0); + ret = X509_check_email(crt, name, namelen, 0); match = -1; if (fn->email) { diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index c4fca80020..051b250abf 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -719,9 +719,9 @@ STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); */ #define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 -int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, +int X509_check_host(X509 *x, const char *chk, size_t chklen, unsigned int flags, char **peername); -int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen, +int X509_check_email(X509 *x, const char *chk, size_t chklen, unsigned int flags); int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags); diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index f22dd80a9c..347d48dfec 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -27,18 +27,17 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const unsigned char *name, size_t namelen); + const char *name, size_t namelen); int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, - const unsigned char *name, size_t namelen); + const char *name, size_t namelen); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, - const unsigned char *email, size_t emaillen); + const char *email, size_t emaillen); int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, size_t iplen); - int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, - const char *ipasc); + int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); =head1 DESCRIPTION diff --git a/doc/crypto/X509_check_host.pod b/doc/crypto/X509_check_host.pod index 87ea54303a..56ea38de2f 100644 --- a/doc/crypto/X509_check_host.pod +++ b/doc/crypto/X509_check_host.pod @@ -8,12 +8,12 @@ X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 cert #include - int X509_check_host(X509 *, const unsigned char *name, - size_t namelen, unsigned int flags, char **peername); - int X509_check_email(X509 *, const unsigned char *address, - size_t addresslen, unsigned int flags); - int X509_check_ip(X509 *, const unsigned char *address, - size_t addresslen, unsigned int flags); + int X509_check_host(X509 *, const char *name, size_t namelen, + unsigned int flags, char **peername); + int X509_check_email(X509 *, const char *address, size_t addresslen, + unsigned int flags); + int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen, + unsigned int flags); int X509_check_ip_asc(X509 *, const char *address, unsigned int flags); =head1 DESCRIPTION -- 2.25.1