From 1ec86ee4ccb1f82ddee22df5a9a6c13894314249 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 2 Dec 2021 16:04:58 -0700 Subject: [PATCH] add human readable string of IP --- src/internal.c | 25 ++------------ src/ssl.c | 6 ++++ wolfcrypt/src/asn.c | 76 +++++++++++++++++++++++++++++++++++++++++ wolfssl/wolfcrypt/asn.h | 3 ++ 4 files changed, 87 insertions(+), 23 deletions(-) diff --git a/src/internal.c b/src/internal.c index fc2c5634c..0b2319394 100644 --- a/src/internal.c +++ b/src/internal.c @@ -10368,33 +10368,12 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN) } while (altName) { -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) - char name[WOLFSSL_MAX_IPSTR] = {0}; -#endif - WOLFSSL_MSG("\tindividual AltName check"); #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) - /* check if alt name is stored as IP addr octet */ if (altName->type == ASN_IP_TYPE) { - const unsigned char *ip = (const unsigned char*)altName->name; - if (altName->len == WOLFSSL_IP4_ADDR_LEN) { - XSNPRINTF(name, sizeof(name), "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]); - } - else if (altName->len == WOLFSSL_IP6_ADDR_LEN) { - int i; - for (i = 0; i < 8; i++) { - XSNPRINTF(name + i * 5, sizeof(name) - i * 5, "%02X%02X%s", - ip[2 * i], ip[2 * i + 1], (i < 7) ? ":" : ""); - } - } - else { - WOLFSSL_MSG("\tnot an IPv4 or IPv6 address"); - altName = altName->next; - continue; - } - buf = name; - len = (word32)XSTRLEN(name); + buf = altName->ipString; + len = (word32)XSTRLEN(buf); } else #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ diff --git a/src/ssl.c b/src/ssl.c index 92a134ec4..d7b8740c2 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -20658,6 +20658,12 @@ char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert) return NULL; ret = cert->altNamesNext->name; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + /* return the IP address as a string */ + if (cert->altNamesNext->type == ASN_IP_TYPE) { + ret = cert->altNamesNext->ipString; + } +#endif cert->altNamesNext = cert->altNamesNext->next; return ret; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index f407966c7..cc9f0b782 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -9514,6 +9514,9 @@ void FreeAltNames(DNS_entry* altNames, void* heap) DNS_entry* tmp = altNames->next; XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME); + #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + XFREE(altNames->ipString, heap, DYNAMIC_TYPE_ALTNAME); + #endif XFREE(altNames, heap, DYNAMIC_TYPE_ALTNAME); altNames = tmp; } @@ -10579,6 +10582,59 @@ static const byte rdnChoice[] = { }; #endif +#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +/* used to set the human readable string for the IP address with a ASN_IP_TYPE + * DNS entry + * return 0 on success + */ +static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap) +{ + int ret = 0; + int nameSz; + char tmpName[WOLFSSL_MAX_IPSTR] = {0}; + char* ip; + + if (entry == NULL || entry->type != ASN_IP_TYPE) { + return BAD_FUNC_ARG; + } + + if (entry->len != WOLFSSL_IP4_ADDR_LEN && + entry->len != WOLFSSL_IP6_ADDR_LEN) { + WOLFSSL_MSG("Unexpected IP size"); + return BAD_FUNC_ARG; + } + ip = entry->name; + + /* store IP addresses as a string */ + if (entry->len == WOLFSSL_IP4_ADDR_LEN) { + XSNPRINTF(tmpName, sizeof(tmpName), "%u.%u.%u.%u", 0xFF & ip[0], + 0xFF & ip[1], 0xFF & ip[2], 0xFF & ip[3]); + } + + if (entry->len == WOLFSSL_IP6_ADDR_LEN) { + int i; + for (i = 0; i < 8; i++) { + XSNPRINTF(tmpName + i * 5, sizeof(tmpName) - i * 5, + "%02X%02X%s", 0xFF & ip[2 * i], 0xFF & ip[2 * i + 1], + (i < 7) ? ":" : ""); + } + } + + nameSz = (int)XSTRLEN(tmpName); + entry->ipString = (char*)XMALLOC(nameSz + 1, heap, DYNAMIC_TYPE_ALTNAME); + if (entry->ipString == NULL) { + ret = MEMORY_E; + } + + if (ret == 0) { + XMEMCPY(entry->ipString, tmpName, nameSz); + entry->ipString[nameSz] = '\0'; + } + + return ret; +} +#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ + #ifdef WOLFSSL_ASN_TEMPLATE #if defined(WOLFSSL_CERT_GEN) || \ (!defined(NO_CERTS) && !defined(IGNORE_NAME_CONSTRAINTS)) @@ -10623,6 +10679,18 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen, XMEMCPY(dnsEntry->name, str, strLen); dnsEntry->name[strLen] = '\0'; + #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + /* store IP addresses as a string */ + if (type == ASN_IP_TYPE) { + if ((ret = GenerateDNSEntryIPString(dnsEntry, cert->heap)) != 0) { + XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME); + XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); + } + } + #endif + } + + if (ret == 0) { #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_ALT_NAMES_NO_REV) dnsEntry->next = NULL; if (*entries == NULL) { @@ -14424,6 +14492,14 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) XMEMCPY(ipAddr->name, &input[idx], strLen); ipAddr->name[strLen] = '\0'; + #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + if (GenerateDNSEntryIPString(ipAddr, cert->heap) != 0) { + WOLFSSL_MSG("\tOut of Memory for IP string"); + XFREE(ipAddr->name, cert->heap, DYNAMIC_TYPE_ALTNAME); + XFREE(ipAddr, cert->heap, DYNAMIC_TYPE_ALTNAME); + return MEMORY_E; + } + #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ AddAltName(cert, ipAddr); length -= strLen; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 817adfdad..23948a42b 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1174,6 +1174,9 @@ struct DNS_entry { int type; /* i.e. ASN_DNS_TYPE */ int len; /* actual DNS len */ char* name; /* actual DNS name */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + char* ipString; /* human readable form of IP address */ +#endif };