generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update API to use (char *) for email addresses and hostnames

Browse Source 
Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().
This commit is contained in:
Viktor Dukhovni 2014-07-07 19:11:38 +10:00
parent ee724df75d
commit 297c67fcd8
12 changed files with 66 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
apps/apps.c
View File

@ -2388,7 +2388,8 @@ int args_verify(char ***pargs, int *pargc,
char *arg = **pargs, *argn = (*pargs)[1];
const X509_VERIFY_PARAM *vpm = NULL;
time_t at_time = 0;
const unsigned char *hostname = NULL, *email = NULL;
char *hostname = NULL;
char *email = NULL;
char *ipasc = NULL;
if (!strcmp(arg, "-policy"))
{
@ -2482,14 +2483,14 @@ int args_verify(char ***pargs, int *pargc,
{
if (!argn)
*badarg = 1;
hostname = (unsigned char *)argn;
hostname = argn;
(*pargs)++;
}
else if (strcmp(arg,"-verify_email") == 0)
{
if (!argn)
*badarg = 1;
email = (unsigned char *)argn;
email = argn;
(*pargs)++;
}
else if (strcmp(arg,"-verify_ip") == 0)
@ -2960,8 +2961,8 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
#endif /* ndef OPENSSL_NO_TLSEXT */
void print_cert_checks(BIO *bio, X509 *x,
const unsigned char *checkhost,
const unsigned char *checkemail,
const char *checkhost,
const char *checkemail,
const char *checkip)
{
if (x == NULL)

4
apps/apps.h
View File

@ -342,8 +342,8 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
#endif /* ndef OPENSSL_NO_TLSEXT */
void print_cert_checks(BIO *bio, X509 *x,
const unsigned char *checkhost,
const unsigned char *checkemail,
const char *checkhost,
const char *checkemail,
const char *checkip);
void store_setup_crl_download(X509_STORE *st);

7
apps/x509.c
View File

@ -214,7 +214,8 @@ int MAIN(int argc, char **argv)
int need_rand = 0;
int checkend=0,checkoffset=0;
unsigned long nmflag = 0, certflag = 0;
unsigned char *checkhost = NULL, *checkemail = NULL;
char *checkhost = NULL;
char *checkemail = NULL;
char *checkip = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
@ -474,12 +475,12 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-checkhost") == 0)
{
if (--argc < 1) goto bad;
checkhost=(unsigned char *)*(++argv);
checkhost=*(++argv);
}
else if (strcmp(*argv,"-checkemail") == 0)
{
if (--argc < 1) goto bad;
checkemail=(unsigned char *)*(++argv);
checkemail=*(++argv);
}
else if (strcmp(*argv,"-checkip") == 0)
{

2
crypto/x509/x509_lcl.h
View File

@ -63,7 +63,7 @@ struct X509_VERIFY_PARAM_ID_st
STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */
unsigned int hostflags; /* Flags to control matching features */
char *peername; /* Matching hostname in peer certificate */
unsigned char *email; /* If not NULL email address to match */
char *email; /* If not NULL email address to match */
size_t emaillen;
unsigned char *ip; /* If not NULL IP address to match */
size_t iplen; /* Length of IP address */

4
crypto/x509/x509_vfy.c
View File

@ -747,11 +747,11 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
{
int i;
int n = sk_OPENSSL_STRING_num(id->hosts);
unsigned char *name;
char *name;
for (i = 0; i < n; ++i)
{
name = (unsigned char *)sk_OPENSSL_STRING_value(id->hosts, i);
name = sk_OPENSSL_STRING_value(id->hosts, i);
if (X509_check_host(x, name, 0, id->hostflags,
&id->peername) > 0)
return 1;

6
crypto/x509/x509_vfy.h
View File

@ -559,14 +559,14 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
STACK_OF(ASN1_OBJECT) *policies);
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
const unsigned char *name, size_t namelen);
const char *name, size_t namelen);
int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
const unsigned char *name, size_t namelen);
const char *name, size_t namelen);
void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
unsigned int flags);
char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
const unsigned char *email, size_t emaillen);
const char *email, size_t emaillen);
int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
const unsigned char *ip, size_t iplen);
int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);

30
crypto/x509/x509_vpm.c
View File

@ -78,7 +78,7 @@ static void str_free(char *s) { OPENSSL_free(s); }
#define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free)
static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
const unsigned char *name, size_t namelen)
const char *name, size_t namelen)
{
char *copy;
@ -87,7 +87,7 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
* XXX: Do we need to push an error onto the error stack?
*/
if (namelen == 0)
namelen = name ? strlen((char *)name) : 0;
namelen = name ? strlen(name) : 0;
else if (name && memchr(name, '\0', namelen > 1 ? namelen-1 : namelen))
return 0;
if (name && name[namelen-1] == '\0')
@ -101,7 +101,7 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
if (name == NULL || namelen == 0)
return 1;
copy = BUF_strndup((char *)name, namelen);
copy = BUF_strndup(name, namelen);
if (copy == NULL)
return 0;
@ -338,16 +338,16 @@ int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
return ret;
}
static int int_x509_param_set1(unsigned char **pdest, size_t *pdestlen,
const unsigned char *src, size_t srclen)
static int int_x509_param_set1(char **pdest, size_t *pdestlen,
const char *src, size_t srclen)
{
void *tmp;
if (src)
{
if (srclen == 0)
{
tmp = BUF_strdup((char *)src);
srclen = strlen((char *)src);
tmp = BUF_strdup(src);
srclen = strlen(src);
}
else
tmp = BUF_memdup(src, srclen);
@ -467,13 +467,13 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
}
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
const unsigned char *name, size_t namelen)
const char *name, size_t namelen)
{
return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen);
}
int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
const unsigned char *name, size_t namelen)
const char *name, size_t namelen)
{
return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen);
}
@ -490,7 +490,7 @@ char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
}
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
const unsigned char *email, size_t emaillen)
const char *email, size_t emaillen)
{
return int_x509_param_set1(&param->id->email, &param->id->emaillen,
email, emaillen);
@ -501,17 +501,19 @@ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
{
if (iplen != 0 && iplen != 4 && iplen != 16)
return 0;
return int_x509_param_set1(&param->id->ip, &param->id->iplen, ip, iplen);
return int_x509_param_set1((char **)&param->id->ip, &param->id->iplen,
(char *)ip, iplen);
}
int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
{
unsigned char ipout[16];
int iplen;
iplen = a2i_ipadd(ipout, ipasc);
size_t iplen;
iplen = (size_t) a2i_ipadd(ipout, ipasc);
if (iplen == 0)
return 0;
return X509_VERIFY_PARAM_set1_ip(param, ipout, (size_t)iplen);
return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
}
int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)

31
crypto/x509v3/v3_utl.c
View File

@ -852,8 +852,7 @@ static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
*/
static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
unsigned int flags,
const unsigned char *b, size_t blen,
unsigned int flags, const char *b, size_t blen,
char **peername)
{
int rv = 0;
@ -865,7 +864,8 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
if (cmp_type != a->type)
return 0;
if (cmp_type == V_ASN1_IA5STRING)
rv = equal(a->data, a->length, b, blen, flags);
rv = equal(a->data, a->length,
(unsigned char *)b, blen, flags);
else if (a->length == (int)blen && !memcmp(a->data, b, blen))
rv = 1;
if (rv > 0 && peername)
@ -878,7 +878,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
astrlen = ASN1_STRING_to_UTF8(&astr, a);
if (astrlen < 0)
return -1;
rv = equal(astr, astrlen, b, blen, flags);
rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
OPENSSL_free(astr);
if (rv > 0 && peername)
*peername = BUF_strndup((char *)astr, astrlen);
@ -886,7 +886,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
return rv;
}
static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
static int do_x509_check(X509 *x, const char *chk, size_t chklen,
unsigned int flags, int check_type,
char **peername)
{
@ -927,7 +927,7 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
}
if (chklen == 0)
chklen = strlen((const char *)chk);
chklen = strlen(chk);
gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
if (gens)
@ -975,8 +975,8 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
return 0;
}
int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
unsigned int flags, char **peername)
int X509_check_host(X509 *x, const char *chk, size_t chklen,
unsigned int flags, char **peername)
{
if (chk == NULL)
return -2;
@ -986,7 +986,7 @@ int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
* NUL in string length).
*/
if (chklen == 0)
chklen = strlen((char *)chk);
chklen = strlen(chk);
else if (memchr(chk, '\0', chklen > 1 ? chklen-1 : chklen))
return -2;
if (chklen > 1 && chk[chklen-1] == '\0')
@ -994,8 +994,8 @@ int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
}
int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
unsigned int flags)
int X509_check_email(X509 *x, const char *chk, size_t chklen,
unsigned int flags)
{
if (chk == NULL)
return -2;
@ -1018,19 +1018,20 @@ int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
{
if (chk == NULL)
return -2;
return do_x509_check(x, chk, chklen, flags, GEN_IPADD, NULL);
return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL);
}
int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags)
{
unsigned char ipout[16];
int iplen;
size_t iplen;
if (ipasc == NULL)
return -2;
iplen = a2i_ipadd(ipout, ipasc);
iplen = (size_t) a2i_ipadd(ipout, ipasc);
if (iplen == 0)
return -2;
return do_x509_check(x, ipout, (size_t)iplen, flags, GEN_IPADD, NULL);
return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL);
}
/* Convert IP addresses both IPv4 and IPv6 into an

11
crypto/x509v3/v3nametest.c
View File

@ -275,8 +275,7 @@ static void run_cert(X509 *crt, const char *nameincert,
int match, ret;
memcpy(name, *pname, namelen);
ret = X509_check_host(crt, (const unsigned char *)name,
namelen, 0, NULL);
ret = X509_check_host(crt, name, namelen, 0, NULL);
match = -1;
if (ret < 0)
{
@ -294,9 +293,8 @@ static void run_cert(X509 *crt, const char *nameincert,
match = 1;
check_message(fn, "host", nameincert, match, *pname);
ret = X509_check_host(crt, (const unsigned char *)name,
namelen, X509_CHECK_FLAG_NO_WILDCARDS,
NULL);
ret = X509_check_host(crt, name, namelen,
X509_CHECK_FLAG_NO_WILDCARDS, NULL);
match = -1;
if (ret < 0)
{
@ -315,8 +313,7 @@ static void run_cert(X509 *crt, const char *nameincert,
check_message(fn, "host-no-wildcards",
nameincert, match, *pname);
ret = X509_check_email(crt, (const unsigned char *)name,
namelen, 0);
ret = X509_check_email(crt, name, namelen, 0);
match = -1;
if (fn->email)
{

4
crypto/x509v3/x509v3.h
View File

@ -719,9 +719,9 @@ STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
*/
#define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
int X509_check_host(X509 *x, const char *chk, size_t chklen,
unsigned int flags, char **peername);
int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
int X509_check_email(X509 *x, const char *chk, size_t chklen,
unsigned int flags);
int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
unsigned int flags);

9
doc/crypto/X509_VERIFY_PARAM_set_flags.pod
View File

@ -27,18 +27,17 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge
int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
const unsigned char *name, size_t namelen);
const char *name, size_t namelen);
int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
const unsigned char *name, size_t namelen);
const char *name, size_t namelen);
void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
unsigned int flags);
char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
const unsigned char *email, size_t emaillen);
const char *email, size_t emaillen);
int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
const unsigned char *ip, size_t iplen);
int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
const char *ipasc);
int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);
=head1 DESCRIPTION

12
doc/crypto/X509_check_host.pod
View File

@ -8,12 +8,12 @@ X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 cert
#include <openssl/x509.h>
int X509_check_host(X509 *, const unsigned char *name,
size_t namelen, unsigned int flags, char **peername);
int X509_check_email(X509 *, const unsigned char *address,
size_t addresslen, unsigned int flags);
int X509_check_ip(X509 *, const unsigned char *address,
size_t addresslen, unsigned int flags);
int X509_check_host(X509 *, const char *name, size_t namelen,
unsigned int flags, char **peername);
int X509_check_email(X509 *, const char *address, size_t addresslen,
unsigned int flags);
int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen,
unsigned int flags);
int X509_check_ip_asc(X509 *, const char *address, unsigned int flags);
=head1 DESCRIPTION