[src/trunk]: src/crypto/dist/ipsec-tools/src/racoon From Adam Majer <adamm@zo...

[tteras <tteras%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/010441335f3f
branches:  trunk
changeset: 327093:010441335f3f
user:      tteras <tteras%NetBSD.org@localhost>
date:      Thu Feb 27 08:37:58 2014 +0000

description:
>From Adam Majer <adamm%zombino.com@localhost>: Support IPv6 in X509 subjectAltName

diffstat:

 crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c |  61 ++++++++++++++------
 1 files changed, 41 insertions(+), 20 deletions(-)

diffs (76 lines):

diff -r 0a05e738146f -r 010441335f3f crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c
--- a/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c       Thu Feb 27 07:35:04 2014 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c       Thu Feb 27 08:37:58 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: crypto_openssl.c,v 1.24 2012/12/24 14:50:04 tteras Exp $       */
+/*     $NetBSD: crypto_openssl.c,v 1.25 2014/02/27 08:37:58 tteras Exp $       */
 
 /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
 
@@ -601,26 +601,47 @@
        /* read IP address */
        else if (gen->type == GEN_IPADD)
        {
-               unsigned char p[5], *ip;
-               ip = p;
-               
-               /* only support IPv4 */
-               if (gen->d.ip->length != 4)
+               switch (gen->d.iPAddress->length) {
+               case 4: /* IPv4 */
+                       *altname = racoon_malloc(4*3 + 3 + 1); /* digits + decimals + null */
+                       if (!*altname)
+                               goto end;
+
+                       snprintf(*altname, 12+3+1, "%u.%u.%u.%u",
+                                (unsigned)gen->d.iPAddress->data[0],
+                                (unsigned)gen->d.iPAddress->data[1],
+                                (unsigned)gen->d.iPAddress->data[2],
+                                (unsigned)gen->d.iPAddress->data[3]);
+                       break;
+               case 16: { /* IPv6 */
+                       int i;
+
+                       *altname = racoon_malloc(16*2 + 7 + 1); /* digits + colons + null */
+                       if (!*altname)
+                               goto end;
+
+                       /* Make NULL terminated IPv6 address */
+                       for (i=0; i<16; ++i) {
+                               int pos = i*2 + i/2;
+
+                               if (i>0 && i%2==0)
+                                       (*altname)[pos-1] = ':';
+
+                               snprintf(*altname + pos, 3, "%02x",
+                                        (unsigned)gen->d.iPAddress->data[i]);
+
+                       }
+                       plog(LLV_INFO, LOCATION, NULL,
+                            "Remote X509 IPv6 addr: %s", *altname);
+                       break;
+               }
+               default:
+                       plog(LLV_ERROR, LOCATION, NULL,
+                            "Unknown IP address length: %u octects.",
+                            gen->d.iPAddress->length);
                        goto end;
-               
-               /* convert Octet String to String
-                * XXX ???????
-                */
-               /*i2d_ASN1_OCTET_STRING(gen->d.ip,&ip);*/
-               ip = gen->d.ip->data;
-
-               /* XXX Magic, enough for an IPv4 address
-                */
-               *altname = racoon_malloc(20);
-               if (!*altname)
-                       goto end;
-               
-               sprintf(*altname, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
+               }
+
                *type = gen->type;
                error = 0;
        }