Update API to use (char *) for email addresses and hostnames

Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().

3 files changed, 22 insertions, 24 deletions

diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 981e602037..75efd9912a 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -852,8 +852,7 @@ static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
  */
 
 static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
-				unsigned int flags,
-				const unsigned char *b, size_t blen,
+				unsigned int flags, const char *b, size_t blen,
 				char **peername)
 	{
 	int rv = 0;
@@ -865,7 +864,8 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
 		if (cmp_type != a->type)
 			return 0;
 		if (cmp_type == V_ASN1_IA5STRING)
-			rv = equal(a->data, a->length, b, blen, flags);
+			rv = equal(a->data, a->length,
+				   (unsigned char *)b, blen, flags);
 		else if (a->length == (int)blen && !memcmp(a->data, b, blen))
 			rv = 1;
 		if (rv > 0 && peername)
@@ -878,7 +878,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
 		astrlen = ASN1_STRING_to_UTF8(&astr, a);
 		if (astrlen < 0)
 			return -1;
-		rv = equal(astr, astrlen, b, blen, flags);
+		rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
 		OPENSSL_free(astr);
 		if (rv > 0 && peername)
 			*peername = BUF_strndup((char *)astr, astrlen);
@@ -886,7 +886,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
 	return rv;
 	}
 
-static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
+static int do_x509_check(X509 *x, const char *chk, size_t chklen,
 					unsigned int flags, int check_type,
 					char **peername)
 	{
@@ -927,7 +927,7 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
 		}
 
 	if (chklen == 0)
-		chklen = strlen((const char *)chk);
+		chklen = strlen(chk);
 
 	gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
 	if (gens)
@@ -975,8 +975,8 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
 	return 0;
 	}
 
-int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
-					unsigned int flags, char **peername)
+int X509_check_host(X509 *x, const char *chk, size_t chklen,
+			unsigned int flags, char **peername)
 	{
 	if (chk == NULL)
 		return -2;
@@ -986,7 +986,7 @@ int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
 	 * NUL in string length).
 	 */
 	if (chklen == 0)
-		chklen = strlen((char *)chk);
+		chklen = strlen(chk);
 	else if (memchr(chk, '\0', chklen > 1 ? chklen-1 : chklen))
 		return -2;
 	if (chklen > 1 && chk[chklen-1] == '\0')
@@ -994,8 +994,8 @@ int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
 	return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
 	}
 
-int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
-					unsigned int flags)
+int X509_check_email(X509 *x, const char *chk, size_t chklen,
+			unsigned int flags)
 	{
 	if (chk == NULL)
 		return -2;
@@ -1018,19 +1018,20 @@ int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
 	{
 	if (chk == NULL)
 		return -2;
-	return do_x509_check(x, chk, chklen, flags, GEN_IPADD, NULL);
+	return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL);
 	}
 
 int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags)
 	{
 	unsigned char ipout[16];
-	int iplen;
+	size_t iplen;
+
 	if (ipasc == NULL)
 		return -2;
-	iplen = a2i_ipadd(ipout, ipasc);
+	iplen = (size_t) a2i_ipadd(ipout, ipasc);
 	if (iplen == 0)
 		return -2;
-	return do_x509_check(x, ipout, (size_t)iplen, flags, GEN_IPADD, NULL);
+	return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL);
 	}
 
 /* Convert IP addresses both IPv4 and IPv6 into an 
diff --git a/crypto/x509v3/v3nametest.c b/crypto/x509v3/v3nametest.c
index fc84b27c41..dd5f9f8c42 100644
--- a/crypto/x509v3/v3nametest.c
+++ b/crypto/x509v3/v3nametest.c
@@ -275,8 +275,7 @@ static void run_cert(X509 *crt, const char *nameincert,
 		int match, ret;
 		memcpy(name, *pname, namelen);
 
-		ret = X509_check_host(crt, (const unsigned char *)name,
-				      namelen, 0, NULL);
+		ret = X509_check_host(crt, name, namelen, 0, NULL);
 		match = -1;
 		if (ret < 0)
 			{
@@ -294,9 +293,8 @@ static void run_cert(X509 *crt, const char *nameincert,
 			match = 1;
 		check_message(fn, "host", nameincert, match, *pname);
 
-		ret = X509_check_host(crt, (const unsigned char *)name,
-				      namelen, X509_CHECK_FLAG_NO_WILDCARDS,
-				      NULL);
+		ret = X509_check_host(crt, name, namelen,
+				      X509_CHECK_FLAG_NO_WILDCARDS, NULL);
 		match = -1;
 		if (ret < 0)
 			{
@@ -315,8 +313,7 @@ static void run_cert(X509 *crt, const char *nameincert,
 		check_message(fn, "host-no-wildcards",
 			      nameincert, match, *pname);
 
-		ret = X509_check_email(crt, (const unsigned char *)name,
-				       namelen, 0);
+		ret = X509_check_email(crt, name, namelen, 0);
 		match = -1;
 		if (fn->email)
 			{
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index 971bc3084e..4e5daa842c 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -719,9 +719,9 @@ STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
  */
 #define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
 
-int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
+int X509_check_host(X509 *x, const char *chk, size_t chklen,
 					unsigned int flags, char **peername);
-int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
+int X509_check_email(X509 *x, const char *chk, size_t chklen,
 					unsigned int flags);
 int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
 					unsigned int flags);