diff options
| author | Adam Langley <agl@chromium.org> | 2015-02-11 15:34:11 -0800 |
|---|---|---|
| committer | Adam Langley <agl@chromium.org> | 2015-02-13 11:00:48 -0800 |
| commit | 6899b19464b6eff7ec638fa1f325df51a56bbe89 (patch) | |
| tree | e64470c6f4ce372295239146feeb506f4a7ba132 | |
| parent | 6f8c3669894a1d8498d545efb33bd84440b4e9fc (diff) | |
| download | boringssl-6899b19464b6eff7ec638fa1f325df51a56bbe89.zip boringssl-6899b19464b6eff7ec638fa1f325df51a56bbe89.tar.gz boringssl-6899b19464b6eff7ec638fa1f325df51a56bbe89.tar.bz2 | |
Update API to use (char *) for email addresses and hostnames.
Reduces number of silly casts in OpenSSL code and likely most
applications. Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().
(Imported from upstream's e83c913723fac7432a7706812f12394aaa00e8ce.)
Change-Id: Id0fc11773a0cee8933978cd4bdbd8251fd7cfb5f
| -rw-r--r-- | crypto/x509/vpm_int.h | 2 | ||||
| -rw-r--r-- | crypto/x509/x509_vfy.c | 6 | ||||
| -rw-r--r-- | crypto/x509/x509_vpm.c | 28 | ||||
| -rw-r--r-- | crypto/x509v3/v3_utl.c | 29 | ||||
| -rw-r--r-- | crypto/x509v3/v3nametest.c | 11 | ||||
| -rw-r--r-- | include/openssl/x509_vfy.h | 6 | ||||
| -rw-r--r-- | include/openssl/x509v3.h | 4 |
7 files changed, 43 insertions, 43 deletions
diff --git a/crypto/x509/vpm_int.h b/crypto/x509/vpm_int.h index 4ec629f..9edbd5a 100644 --- a/crypto/x509/vpm_int.h +++ b/crypto/x509/vpm_int.h @@ -63,7 +63,7 @@ struct X509_VERIFY_PARAM_ID_st STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ unsigned int hostflags; /* Flags to control matching features */ char *peername; /* Matching hostname in peer certificate */ - unsigned char *email; /* If not NULL email address to match */ + char *email; /* If not NULL email address to match */ size_t emaillen; unsigned char *ip; /* If not NULL IP address to match */ size_t iplen; /* Length of IP address */ diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 5195019..28d2182 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -708,12 +708,12 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) { size_t i; size_t n = sk_OPENSSL_STRING_num(id->hosts); - unsigned char *name; + char *name; for (i = 0; i < n; ++i) { - name = (unsigned char *)sk_OPENSSL_STRING_value(id->hosts, i); - if (X509_check_host(x, name, strlen((const char*) name), id->hostflags, + name = sk_OPENSSL_STRING_value(id->hosts, i); + if (X509_check_host(x, name, strlen(name), id->hostflags, &id->peername) > 0) return 1; } diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 37fd5b0..cf4283d 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -76,7 +76,7 @@ static void str_free(char *s) { OPENSSL_free(s); } #define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free) static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode, - const unsigned char *name, size_t namelen) + const char *name, size_t namelen) { char *copy; @@ -95,7 +95,7 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode, if (name == NULL || namelen == 0) return 1; - copy = BUF_strndup((char *)name, namelen); + copy = BUF_strndup(name, namelen); if (copy == NULL) return 0; @@ -335,16 +335,16 @@ int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, return ret; } -static int int_x509_param_set1(unsigned char **pdest, size_t *pdestlen, - const unsigned char *src, size_t srclen) +static int int_x509_param_set1(char **pdest, size_t *pdestlen, + const char *src, size_t srclen) { void *tmp; if (src) { if (srclen == 0) { - tmp = BUF_strdup((char *)src); - srclen = strlen((char *)src); + tmp = BUF_strdup(src); + srclen = strlen(src); } else tmp = BUF_memdup(src, srclen); @@ -464,13 +464,13 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, } int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const unsigned char *name, size_t namelen) + const char *name, size_t namelen) { return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen); } int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, - const unsigned char *name, size_t namelen) + const char *name, size_t namelen) { return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen); } @@ -487,7 +487,7 @@ char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) } int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, - const unsigned char *email, size_t emaillen) + const char *email, size_t emaillen) { return int_x509_param_set1(¶m->id->email, ¶m->id->emaillen, email, emaillen); @@ -498,17 +498,19 @@ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, { if (iplen != 0 && iplen != 4 && iplen != 16) return 0; - return int_x509_param_set1(¶m->id->ip, ¶m->id->iplen, ip, iplen); + return int_x509_param_set1((char **)¶m->id->ip, ¶m->id->iplen, + (char *)ip, iplen); } int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc) { unsigned char ipout[16]; - int iplen; - iplen = a2i_ipadd(ipout, ipasc); + size_t iplen; + + iplen = (size_t) a2i_ipadd(ipout, ipasc); if (iplen == 0) return 0; - return X509_VERIFY_PARAM_set1_ip(param, ipout, (size_t)iplen); + return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen); } int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 76ee8ae..1b24b42 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -850,8 +850,7 @@ static int equal_wildcard(const unsigned char *pattern, size_t pattern_len, */ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, - unsigned int flags, - const unsigned char *b, size_t blen, + unsigned int flags, const char *b, size_t blen, char **peername) { int rv = 0; @@ -863,7 +862,8 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, if (cmp_type != a->type) return 0; if (cmp_type == V_ASN1_IA5STRING) - rv = equal(a->data, a->length, b, blen, flags); + rv = equal(a->data, a->length, + (unsigned char *)b, blen, flags); else if (a->length == (int)blen && !memcmp(a->data, b, blen)) rv = 1; if (rv > 0 && peername) @@ -876,7 +876,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, astrlen = ASN1_STRING_to_UTF8(&astr, a); if (astrlen < 0) return -1; - rv = equal(astr, astrlen, b, blen, flags); + rv = equal(astr, astrlen, (unsigned char *)b, blen, flags); OPENSSL_free(astr); if (rv > 0 && peername) *peername = BUF_strndup((char *)astr, astrlen); @@ -884,7 +884,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, return rv; } -static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen, +static int do_x509_check(X509 *x, const char *chk, size_t chklen, unsigned int flags, int check_type, char **peername) { @@ -926,7 +926,7 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen, } if (chklen == 0) - chklen = strlen((const char *)chk); + chklen = strlen(chk); gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); if (gens) @@ -974,8 +974,8 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen, return 0; } -int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, - unsigned int flags, char **peername) +int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername) { if (chk == NULL) return -2; @@ -984,8 +984,8 @@ int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername); } -int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen, - unsigned int flags) +int X509_check_email(X509 *x, const char *chk, size_t chklen, + unsigned int flags) { if (chk == NULL) return -2; @@ -999,19 +999,20 @@ int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, { if (chk == NULL) return -2; - return do_x509_check(x, chk, chklen, flags, GEN_IPADD, NULL); + return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL); } int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags) { unsigned char ipout[16]; - int iplen; + size_t iplen; + if (ipasc == NULL) return -2; - iplen = a2i_ipadd(ipout, ipasc); + iplen = (size_t) a2i_ipadd(ipout, ipasc); if (iplen == 0) return -2; - return do_x509_check(x, ipout, (size_t)iplen, flags, GEN_IPADD, NULL); + return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL); } /* Convert IP addresses both IPv4 and IPv6 into an diff --git a/crypto/x509v3/v3nametest.c b/crypto/x509v3/v3nametest.c index b38df97..b6d3632 100644 --- a/crypto/x509v3/v3nametest.c +++ b/crypto/x509v3/v3nametest.c @@ -332,8 +332,7 @@ static void run_cert(X509 *crt, const char *nameincert, int match, ret; memcpy(name, *pname, namelen); - ret = X509_check_host(crt, (const unsigned char *)name, - namelen, 0, NULL); + ret = X509_check_host(crt, name, namelen, 0, NULL); match = -1; if (ret < 0) { @@ -351,9 +350,8 @@ static void run_cert(X509 *crt, const char *nameincert, match = 1; check_message(fn, "host", nameincert, match, *pname); - ret = X509_check_host(crt, (const unsigned char *)name, - namelen, X509_CHECK_FLAG_NO_WILDCARDS, - NULL); + ret = X509_check_host(crt, name, namelen, + X509_CHECK_FLAG_NO_WILDCARDS, NULL); match = -1; if (ret < 0) { @@ -372,8 +370,7 @@ static void run_cert(X509 *crt, const char *nameincert, check_message(fn, "host-no-wildcards", nameincert, match, *pname); - ret = X509_check_email(crt, (const unsigned char *)name, - namelen, 0); + ret = X509_check_email(crt, name, namelen, 0); match = -1; if (fn->email) { diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index fe319dc..af114eb 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -554,15 +554,15 @@ OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, STACK_OF(ASN1_OBJECT) *policies); OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const unsigned char *name, size_t namelen); + const char *name, size_t namelen); OPENSSL_EXPORT int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, - const unsigned char *name, + const char *name, size_t namelen); OPENSSL_EXPORT void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); OPENSSL_EXPORT char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, - const unsigned char *email, size_t emaillen); + const char *email, size_t emaillen); OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, size_t iplen); OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index dcf105a..f44b804 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -713,9 +713,9 @@ OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); */ #define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 -OPENSSL_EXPORT int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, +OPENSSL_EXPORT int X509_check_host(X509 *x, const char *chk, size_t chklen, unsigned int flags, char **peername); -OPENSSL_EXPORT int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen, +OPENSSL_EXPORT int X509_check_email(X509 *x, const char *chk, size_t chklen, unsigned int flags); OPENSSL_EXPORT int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags); |