Update API to use (char *) for email addresses and hostnames.

Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().

(Imported from upstream's e83c913723fac7432a7706812f12394aaa00e8ce.)

Change-Id: Id0fc11773a0cee8933978cd4bdbd8251fd7cfb5f

crypto/x509/vpm_int.h

@@ -63,7 +63,7 @@ struct X509_VERIFY_PARAM_ID_st
 	STACK_OF(OPENSSL_STRING) *hosts;	/* Set of acceptable names */
 	unsigned int hostflags;	/* Flags to control matching features */
 	char *peername;		/* Matching hostname in peer certificate */
-	unsigned char *email;	/* If not NULL email address to match */
+	char *email;		/* If not NULL email address to match */
 	size_t emaillen;
 	unsigned char *ip;	/* If not NULL IP address to match */
 	size_t iplen;		/* Length of IP address */

crypto/x509/x509_vfy.c

@@ -708,12 +708,12 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
 	{
 	size_t i;
 	size_t n = sk_OPENSSL_STRING_num(id->hosts);
-	unsigned char *name;
+	char *name;
 
 	for (i = 0; i < n; ++i)
 		{
-		name = (unsigned char *)sk_OPENSSL_STRING_value(id->hosts, i);
-		if (X509_check_host(x, name, strlen((const char*) name), id->hostflags,
+		name = sk_OPENSSL_STRING_value(id->hosts, i);
+		if (X509_check_host(x, name, strlen(name), id->hostflags,
 				    &id->peername) > 0)
 			return 1;
 		}

crypto/x509/x509_vpm.c

@@ -76,7 +76,7 @@ static void str_free(char *s) { OPENSSL_free(s); }
 #define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free)
 
 static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
-				    const unsigned char *name, size_t namelen)
+				    const char *name, size_t namelen)
 	{
 	char *copy;
 
@@ -95,7 +95,7 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
 	if (name == NULL || namelen == 0)
 		return 1;
 
-	copy = BUF_strndup((char *)name, namelen);
+	copy = BUF_strndup(name, namelen);
 	if (copy == NULL)
 		return 0;
 
@@ -335,16 +335,16 @@ int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
 	return ret;
 	}
 
-static int int_x509_param_set1(unsigned char **pdest, size_t *pdestlen,
-				const unsigned char *src, size_t srclen)
+static int int_x509_param_set1(char **pdest, size_t *pdestlen,
+				const char *src, size_t srclen)
 	{
 	void *tmp;
 	if (src)
 		{
 		if (srclen == 0)
 			{
-			tmp = BUF_strdup((char *)src);
-			srclen = strlen((char *)src);
+			tmp = BUF_strdup(src);
+			srclen = strlen(src);
 			}
 		else
 			tmp = BUF_memdup(src, srclen);
@@ -464,13 +464,13 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
 	}
 
 int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
-				const unsigned char *name, size_t namelen)
+				const char *name, size_t namelen)
 	{
 	return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen);
 	}
 
 int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
-				const unsigned char *name, size_t namelen)
+				const char *name, size_t namelen)
 	{
 	return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen);
 	}
@@ -487,7 +487,7 @@ char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
 	}
 
 int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
-				const unsigned char *email, size_t emaillen)
+				const char *email, size_t emaillen)
 	{
 	return int_x509_param_set1(&param->id->email, &param->id->emaillen,
 					email, emaillen);
@@ -498,17 +498,19 @@ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
 	{
 	if (iplen != 0 && iplen != 4 && iplen != 16)
 		return 0;
-	return int_x509_param_set1(&param->id->ip, &param->id->iplen, ip, iplen);
+	return int_x509_param_set1((char **)&param->id->ip, &param->id->iplen,
+				   (char *)ip, iplen);
 	}
 
 int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
 	{
 	unsigned char ipout[16];
-	int iplen;
-	iplen = a2i_ipadd(ipout, ipasc);
+	size_t iplen;
+
+	iplen = (size_t) a2i_ipadd(ipout, ipasc);
 	if (iplen == 0)
 		return 0;
-	return X509_VERIFY_PARAM_set1_ip(param, ipout, (size_t)iplen);
+	return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
 	}
 
 int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)

crypto/x509v3/v3_utl.c

@@ -850,8 +850,7 @@ static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
  */
 
 static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
-				unsigned int flags,
-				const unsigned char *b, size_t blen,
+				unsigned int flags, const char *b, size_t blen,
 				char **peername)
 	{
 	int rv = 0;
@@ -863,7 +862,8 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
 		if (cmp_type != a->type)
 			return 0;
 		if (cmp_type == V_ASN1_IA5STRING)
-			rv = equal(a->data, a->length, b, blen, flags);
+			rv = equal(a->data, a->length,
+				   (unsigned char *)b, blen, flags);
 		else if (a->length == (int)blen && !memcmp(a->data, b, blen))
 			rv = 1;
 		if (rv > 0 && peername)
@@ -876,7 +876,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
 		astrlen = ASN1_STRING_to_UTF8(&astr, a);
 		if (astrlen < 0)
 			return -1;
-		rv = equal(astr, astrlen, b, blen, flags);
+		rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
 		OPENSSL_free(astr);
 		if (rv > 0 && peername)
 			*peername = BUF_strndup((char *)astr, astrlen);
@@ -884,7 +884,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
 	return rv;
 	}
 
-static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
+static int do_x509_check(X509 *x, const char *chk, size_t chklen,
 					unsigned int flags, int check_type,
 					char **peername)
 	{
@@ -926,7 +926,7 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
 		}
 
 	if (chklen == 0)
-		chklen = strlen((const char *)chk);
+		chklen = strlen(chk);
 
 	gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
 	if (gens)
@@ -974,8 +974,8 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
 	return 0;
 	}
 
-int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
-					unsigned int flags, char **peername)
+int X509_check_host(X509 *x, const char *chk, size_t chklen,
+			unsigned int flags, char **peername)
 	{
 	if (chk == NULL)
 		return -2;
@@ -984,8 +984,8 @@ int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
 	return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
 	}
 
-int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
-					unsigned int flags)
+int X509_check_email(X509 *x, const char *chk, size_t chklen,
+			unsigned int flags)
 	{
 	if (chk == NULL)
 		return -2;
@@ -999,19 +999,20 @@ int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
 	{
 	if (chk == NULL)
 		return -2;
-	return do_x509_check(x, chk, chklen, flags, GEN_IPADD, NULL);
+	return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL);
 	}
 
 int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags)
 	{
 	unsigned char ipout[16];
-	int iplen;
+	size_t iplen;
+
 	if (ipasc == NULL)
 		return -2;
-	iplen = a2i_ipadd(ipout, ipasc);
+	iplen = (size_t) a2i_ipadd(ipout, ipasc);
 	if (iplen == 0)
 		return -2;
-	return do_x509_check(x, ipout, (size_t)iplen, flags, GEN_IPADD, NULL);
+	return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL);
 	}
 
 /* Convert IP addresses both IPv4 and IPv6 into an 

crypto/x509v3/v3nametest.c

@@ -332,8 +332,7 @@ static void run_cert(X509 *crt, const char *nameincert,
 		int match, ret;
 		memcpy(name, *pname, namelen);
 
-		ret = X509_check_host(crt, (const unsigned char *)name,
-				      namelen, 0, NULL);
+		ret = X509_check_host(crt, name, namelen, 0, NULL);
 		match = -1;
 		if (ret < 0)
 			{
@@ -351,9 +350,8 @@ static void run_cert(X509 *crt, const char *nameincert,
 			match = 1;
 		check_message(fn, "host", nameincert, match, *pname);
 
-		ret = X509_check_host(crt, (const unsigned char *)name,
-				      namelen, X509_CHECK_FLAG_NO_WILDCARDS,
-				      NULL);
+		ret = X509_check_host(crt, name, namelen,
+				      X509_CHECK_FLAG_NO_WILDCARDS, NULL);
 		match = -1;
 		if (ret < 0)
 			{
@@ -372,8 +370,7 @@ static void run_cert(X509 *crt, const char *nameincert,
 		check_message(fn, "host-no-wildcards",
 			      nameincert, match, *pname);
 
-		ret = X509_check_email(crt, (const unsigned char *)name,
-				       namelen, 0);
+		ret = X509_check_email(crt, name, namelen, 0);
 		match = -1;
 		if (fn->email)
 			{

include/openssl/x509_vfy.h

@@ -554,15 +554,15 @@ OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
 					STACK_OF(ASN1_OBJECT) *policies);
 
 OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
-				const unsigned char *name, size_t namelen);
+				const char *name, size_t namelen);
 OPENSSL_EXPORT int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
-					       const unsigned char *name,
+					       const char *name,
 					       size_t namelen);
 OPENSSL_EXPORT void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
 					unsigned int flags);
 OPENSSL_EXPORT char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
 OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
-				const unsigned char *email, size_t emaillen);
+				const char *email, size_t emaillen);
 OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
 					const unsigned char *ip, size_t iplen);
 OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);

include/openssl/x509v3.h

@@ -713,9 +713,9 @@ OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
  */
 #define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
 
-OPENSSL_EXPORT int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
+OPENSSL_EXPORT int X509_check_host(X509 *x, const char *chk, size_t chklen,
 					unsigned int flags, char **peername);
-OPENSSL_EXPORT int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
+OPENSSL_EXPORT int X509_check_email(X509 *x, const char *chk, size_t chklen,
 					unsigned int flags);
 OPENSSL_EXPORT int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
 					unsigned int flags);