From b9ff110b2e126f86178063b0995f5954cfea80ec Mon Sep 17 00:00:00 2001
From: Todd A Ouska <todd@yassl.com>
Date: Fri, 11 Mar 2011 15:22:16 -0800
Subject: [PATCH] add CyaSSL_X509_get_serial_number()

---
 ctaocrypt/include/asn.h       |  4 +++-
 ctaocrypt/src/asn.c           |  7 +++++++
 include/cyassl_int.h          |  1 +
 include/openssl/cyassl_test.h | 11 +++++++++++
 include/openssl/ssl.h         |  2 ++
 src/cyassl_int.c              |  1 +
 src/ssl.c                     | 12 ++++++++++++
 7 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/ctaocrypt/include/asn.h b/ctaocrypt/include/asn.h
index 4623da953..12a874954 100644
--- a/ctaocrypt/include/asn.h
+++ b/ctaocrypt/include/asn.h
@@ -41,6 +41,8 @@ enum {
     ISSUER  = 0,
     SUBJECT = 1,
 
+    SERIAL_SIZE  =  8,
+
     BEFORE  = 0,
     AFTER   = 1
 };
@@ -171,6 +173,7 @@ typedef struct DecodedCert {
     byte*   source;                  /* byte buffer holder cert, NOT owner */
     word32  srcIdx;                  /* current offset into buffer       */
     void*   heap;                    /* for user memory overrides        */
+    byte    serial[SERIAL_SIZE];     /* raw serial number                */
 #ifdef CYASSL_CERT_GEN
     /* easy access to sujbect info for other sign */
     char*   subjectSN;
@@ -250,7 +253,6 @@ int DerToPem(const byte* der, word32 derSz, byte* output, word32 outputSz,
 #ifdef CYASSL_CERT_GEN
 
 enum cert_enums {
-    SERIAL_SIZE     =  8,
     NAME_SIZE       = 64,
     NAME_ENTRIES    =  8,
     JOINT_LEN       =  2,
diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c
index 844ab71d7..106974bc9 100644
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -668,6 +668,7 @@ void InitDecodedCert(DecodedCert* cert, byte* source, void* heap)
     cert->source          = source;  /* don't own */
     cert->srcIdx          = 0;
     cert->heap            = heap;
+    XMEMSET(cert->serial, 0, SERIAL_SIZE);
 #ifdef CYASSL_CERT_GEN
     cert->subjectSN       = 0;
     cert->subjectSNLen    = 0;
@@ -718,6 +719,12 @@ static int GetCertHeader(DecodedCert* cert, word32 inSz)
     if (GetInt(&mpi, cert->source, &cert->srcIdx) < 0) 
         ret = ASN_PARSE_E;
 
+    len = mp_unsigned_bin_size(&mpi);
+    if (len > SERIAL_SIZE)
+        ret = MP_TO_E;
+    if (mp_to_unsigned_bin(&mpi, cert->serial + (SERIAL_SIZE - len)) != MP_OKAY)
+        ret = MP_TO_E;
+
     mp_clear(&mpi);
     return ret;
 }
diff --git a/include/cyassl_int.h b/include/cyassl_int.h
index c70ab970c..39042801d 100644
--- a/include/cyassl_int.h
+++ b/include/cyassl_int.h
@@ -924,6 +924,7 @@ struct X509_NAME {
 struct X509 {
     X509_NAME issuer;
     X509_NAME subject;
+    byte      serial[SERIAL_SIZE];
 };
 
 
diff --git a/include/openssl/cyassl_test.h b/include/openssl/cyassl_test.h
index 555f3e19c..8e0a458cc 100644
--- a/include/openssl/cyassl_test.h
+++ b/include/openssl/cyassl_test.h
@@ -174,9 +174,20 @@ static INLINE void showPeer(SSL* ssl)
     if (peer) {
         char* issuer  = X509_NAME_oneline(X509_get_issuer_name(peer), 0, 0);
         char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0);
+        byte  serial[SERIAL_SZ];
+        int   ret;
         
         printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer,
                                                                   subject);
+        ret = CyaSSL_X509_get_serial_number(peer, serial);
+        if (ret == 0) {
+            int i;
+            printf(" serial number");
+            for (i = 0; i < sizeof(serial); i++)
+                printf(":%02x", serial[i]);
+            printf("\n");
+        }
+
         XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
         XFREE(issuer,  0, DYNAMIC_TYPE_OPENSSL);
     }
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 37050072a..83ba59c51 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -385,6 +385,7 @@ enum {
     OCSP_BASICRESP = 16,
 
     ASN1_GENERALIZEDTIME = 4,
+    SERIAL_SZ            = 8,
 
     SSL_OP_MICROSOFT_SESS_ID_BUG = 1,
     SSL_OP_NETSCAPE_CHALLENGE_BUG = 2,
@@ -622,6 +623,7 @@ unsigned char* CyaSSL_get_chain_cert(X509_CHAIN*, int idx);   /* index cert */
 int  CyaSSL_get_chain_cert_pem(X509_CHAIN*, int idx, unsigned char* buffer,
                           int inLen, int* outLen); /* get index cert in PEM */
 const unsigned char* CyaSSL_get_sessionID(const SSL_SESSION* session);
+int  CyaSSL_X509_get_serial_number(X509*, unsigned char*);
 
 #ifndef _WIN32
     #ifndef NO_WRITEV
diff --git a/src/cyassl_int.c b/src/cyassl_int.c
index 6f1c56c2d..baf85255e 100644
--- a/src/cyassl_int.c
+++ b/src/cyassl_int.c
@@ -1446,6 +1446,7 @@ static int DoCertificate(SSL* ssl, byte* input, word32* inOutIdx)
         XSTRNCPY(ssl->peerCert.issuer.name, dCert.issuer, ASN_NAME_MAX);
         ssl->peerCert.subject.sz   = (int)XSTRLEN(dCert.subject) + 1;
         XSTRNCPY(ssl->peerCert.subject.name, dCert.subject, ASN_NAME_MAX);
+        XMEMCPY(ssl->peerCert.serial, dCert.serial, SERIAL_SIZE);
 #endif    
 
         XMEMCPY(domain, dCert.subjectCN, dCert.subjectCNLen);
diff --git a/src/ssl.c b/src/ssl.c
index 02c3fc62d..32b6d30e9 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -3404,6 +3404,18 @@ int CyaSSL_set_compression(SSL* ssl)
         return 0; 
     }
 
+    /* write X509 serial number in unsigned binary to buffer 
+       buffer needs to be at least SERIAL_SIZE
+       return 0 on success */
+    int CyaSSL_X509_get_serial_number(X509* x509, byte* buffer)
+    {
+        if (x509 == NULL || buffer == NULL)
+            return -1;
+
+        XMEMCPY(buffer, x509->serial, SERIAL_SIZE);
+
+        return 0;
+    }
 
 #endif /* OPENSSL_EXTRA */