Merge pull request #4626 from JacobBarthelmeh/certs

add human readable string of IP

src/internal.c

@@ -10368,33 +10368,12 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN)
     }
 
     while (altName) {
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
-        char name[WOLFSSL_MAX_IPSTR] = {0};
-#endif
-
         WOLFSSL_MSG("\tindividual AltName check");
 
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
-        /* check if alt name is stored as IP addr octet */
         if (altName->type == ASN_IP_TYPE) {
-            const unsigned char *ip = (const unsigned char*)altName->name;
-            if (altName->len == WOLFSSL_IP4_ADDR_LEN) {
-                XSNPRINTF(name, sizeof(name), "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
-            }
-            else if (altName->len == WOLFSSL_IP6_ADDR_LEN) {
-                int i;
-                for (i = 0; i < 8; i++) {
-                    XSNPRINTF(name + i * 5, sizeof(name) - i * 5, "%02X%02X%s",
-                              ip[2 * i], ip[2 * i + 1], (i < 7) ? ":" : "");
-                }
-            }
-            else {
-                WOLFSSL_MSG("\tnot an IPv4 or IPv6 address");
-                altName = altName->next;
-                continue;
-            }
-            buf = name;
-            len = (word32)XSTRLEN(name);
+            buf = altName->ipString;
+            len = (word32)XSTRLEN(buf);
         }
         else
 #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */

src/ssl.c

@@ -20658,6 +20658,12 @@ char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert)
         return NULL;
 
     ret = cert->altNamesNext->name;
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+    /* return the IP address as a string */
+    if (cert->altNamesNext->type == ASN_IP_TYPE) {
+        ret = cert->altNamesNext->ipString;
+    }
+#endif
     cert->altNamesNext = cert->altNamesNext->next;
 
     return ret;

wolfcrypt/src/asn.c

@@ -9514,6 +9514,9 @@ void FreeAltNames(DNS_entry* altNames, void* heap)
         DNS_entry* tmp = altNames->next;
 
         XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME);
+    #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+        XFREE(altNames->ipString, heap, DYNAMIC_TYPE_ALTNAME);
+    #endif
         XFREE(altNames,       heap, DYNAMIC_TYPE_ALTNAME);
         altNames = tmp;
     }
@@ -10579,6 +10582,59 @@ static const byte rdnChoice[] = {
 };
 #endif
 
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+/* used to set the human readable string for the IP address with a ASN_IP_TYPE
+ * DNS entry
+ * return 0 on success
+ */
+static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
+{
+    int ret = 0;
+    int nameSz;
+    char tmpName[WOLFSSL_MAX_IPSTR] = {0};
+    char* ip;
+
+    if (entry == NULL || entry->type != ASN_IP_TYPE) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (entry->len != WOLFSSL_IP4_ADDR_LEN &&
+            entry->len != WOLFSSL_IP6_ADDR_LEN) {
+        WOLFSSL_MSG("Unexpected IP size");
+        return BAD_FUNC_ARG;
+    }
+    ip = entry->name;
+
+    /* store IP addresses as a string */
+    if (entry->len == WOLFSSL_IP4_ADDR_LEN) {
+        XSNPRINTF(tmpName, sizeof(tmpName), "%u.%u.%u.%u", 0xFF & ip[0],
+                0xFF & ip[1], 0xFF & ip[2], 0xFF & ip[3]);
+    }
+
+    if (entry->len == WOLFSSL_IP6_ADDR_LEN) {
+        int i;
+        for (i = 0; i < 8; i++) {
+            XSNPRINTF(tmpName + i * 5, sizeof(tmpName) - i * 5,
+                    "%02X%02X%s", 0xFF & ip[2 * i], 0xFF & ip[2 * i + 1],
+                    (i < 7) ? ":" : "");
+        }
+    }
+
+    nameSz = (int)XSTRLEN(tmpName);
+    entry->ipString = (char*)XMALLOC(nameSz + 1, heap, DYNAMIC_TYPE_ALTNAME);
+    if (entry->ipString == NULL) {
+        ret = MEMORY_E;
+    }
+
+    if (ret == 0) {
+        XMEMCPY(entry->ipString, tmpName, nameSz);
+        entry->ipString[nameSz] = '\0';
+    }
+
+    return ret;
+}
+#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
+
 #ifdef WOLFSSL_ASN_TEMPLATE
 #if defined(WOLFSSL_CERT_GEN) || \
     (!defined(NO_CERTS) && !defined(IGNORE_NAME_CONSTRAINTS))
@@ -10623,6 +10679,18 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen,
         XMEMCPY(dnsEntry->name, str, strLen);
         dnsEntry->name[strLen] = '\0';
 
+    #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+        /* store IP addresses as a string */
+        if (type == ASN_IP_TYPE) {
+            if ((ret = GenerateDNSEntryIPString(dnsEntry, cert->heap)) != 0) {
+                XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
+                XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
+            }
+        }
+    #endif
+    }
+
+    if (ret == 0) {
     #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_ALT_NAMES_NO_REV)
         dnsEntry->next = NULL;
         if (*entries == NULL) {
@@ -14424,6 +14492,14 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert)
             XMEMCPY(ipAddr->name, &input[idx], strLen);
             ipAddr->name[strLen] = '\0';
 
+        #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+            if (GenerateDNSEntryIPString(ipAddr, cert->heap) != 0) {
+                WOLFSSL_MSG("\tOut of Memory for IP string");
+                XFREE(ipAddr->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
+                XFREE(ipAddr, cert->heap, DYNAMIC_TYPE_ALTNAME);
+                return MEMORY_E;
+            }
+        #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
             AddAltName(cert, ipAddr);
 
             length -= strLen;

wolfssl/wolfcrypt/asn.h

@@ -1174,6 +1174,9 @@ struct DNS_entry {
     int        type;   /* i.e. ASN_DNS_TYPE */
     int        len;    /* actual DNS len */
     char*      name;   /* actual DNS name */
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
+    char*      ipString; /* human readable form of IP address */
+#endif
 };