From ea2585963f775b49483702c2686dfb75b32c90a0 Mon Sep 17 00:00:00 2001
From: John Safranek <jasaf@mac.com>
Date: Tue, 8 May 2012 19:02:25 -0700
Subject: [PATCH] flattens the serial number

---
 ctaocrypt/src/asn.c    | 75 +++++++++++++++++++++++-------------------
 cyassl/ctaocrypt/asn.h |  1 +
 src/ocsp.c             |  5 +--
 3 files changed, 46 insertions(+), 35 deletions(-)

diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c
index 5c1fe7010..80f285689 100644
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -4113,48 +4113,57 @@ int OcspResponseDecode(OcspResponse* resp)
 }
 
 
-static int SetInt(const byte* input, word32 inputSz, byte* output)
+static int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
 {
-	return 0;
+    int result = 0;
+
+    if (snSz <= EXTERNAL_SERIAL_SIZE) {
+        output[0] = ASN_INTEGER;
+        output[1] = snSz;
+        output[2] = 0;
+        XMEMCPY(&output[3], sn, snSz);
+        result = snSz + 3;
+    }
+    return result;
 }
-#define MAX_INT_SZ 32
+
 
 int EncodeOcspRequest(DecodedCert* cert, byte* output, word32 outputSz)
 {
-	byte seqArray[5][MAX_SEQ_SZ];
-	/* The ASN.1 of the OCSP Request is an onion of sequences */
-	byte algoArray[MAX_ALGO_SZ];
-	byte issuerArray[MAX_ENCODED_DIG_SZ];
-	byte issuerKeyArray[MAX_ENCODED_DIG_SZ];
-	byte snArray[MAX_INT_SZ];
+    byte seqArray[5][MAX_SEQ_SZ];
+    /* The ASN.1 of the OCSP Request is an onion of sequences */
+    byte algoArray[MAX_ALGO_SZ];
+    byte issuerArray[MAX_ENCODED_DIG_SZ];
+    byte issuerKeyArray[MAX_ENCODED_DIG_SZ];
+    byte snArray[MAX_SN_SZ];
 
-	word32 seqSz[5], algoSz, issuerSz, issuerKeySz, snSz, totalSz;
-	int i;
+    word32 seqSz[5], algoSz, issuerSz, issuerKeySz, snSz, totalSz;
+    int i;
 
-	algoSz = SetAlgoID(SHAh, algoArray, hashType);
-	issuerSz = SetDigest(cert->issuerHash, SHA_SIZE, issuerArray);
-	issuerKeySz = SetDigest(cert->issuerKeyHash, SHA_SIZE, issuerKeyArray);
-	snSz = SetInt(cert->serial, cert->serialSz, snArray);
+    algoSz = SetAlgoID(SHAh, algoArray, hashType);
+    issuerSz = SetDigest(cert->issuerHash, SHA_SIZE, issuerArray);
+    issuerKeySz = SetDigest(cert->issuerKeyHash, SHA_SIZE, issuerKeyArray);
+    snSz = SetSerialNumber(cert->serial, cert->serialSz, snArray);
 
-	totalSz = algoSz + issuerSz + issuerKeySz + snSz;
+    totalSz = algoSz + issuerSz + issuerKeySz + snSz;
 
-	for (i = 4; i >= 0; i--) {
-		seqSz[i] = SetSequence(totalSz, seqArray[i]);
-		totalSz += seqSz[i];
-	}
-	totalSz = 0;
-	for (i = 0; i < 5; i++) {
-		XMEMCPY(output + totalSz, seqArray[i], seqSz[i]);
-		totalSz += seqSz[i];
-	}
-	XMEMCPY(output + totalSz, algoArray, algoSz);
-	totalSz += algoSz;
-	XMEMCPY(output + totalSz, issuerArray, issuerSz);
-	totalSz += issuerSz;
-	XMEMCPY(output + totalSz, issuerKeyArray, issuerKeySz);
-	totalSz += issuerKeySz;
-	XMEMCPY(output + totalSz, snArray, snSz);
-	totalSz += snSz;
+    for (i = 4; i >= 0; i--) {
+        seqSz[i] = SetSequence(totalSz, seqArray[i]);
+        totalSz += seqSz[i];
+    }
+    totalSz = 0;
+    for (i = 0; i < 5; i++) {
+        XMEMCPY(output + totalSz, seqArray[i], seqSz[i]);
+        totalSz += seqSz[i];
+    }
+    XMEMCPY(output + totalSz, algoArray, algoSz);
+    totalSz += algoSz;
+    XMEMCPY(output + totalSz, issuerArray, issuerSz);
+    totalSz += issuerSz;
+    XMEMCPY(output + totalSz, issuerKeyArray, issuerKeySz);
+    totalSz += issuerKeySz;
+    XMEMCPY(output + totalSz, snArray, snSz);
+    totalSz += snSz;
 
     return totalSz;
 }
diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h
index 87590a73d..3090288f4 100644
--- a/cyassl/ctaocrypt/asn.h
+++ b/cyassl/ctaocrypt/asn.h
@@ -127,6 +127,7 @@ enum Misc_ASN {
     MAX_LENGTH_SZ       =   4,     /* Max length size for DER encoding */
     MAX_RSA_E_SZ        =  16,     /* Max RSA public e size */
     MAX_CA_SZ           =  32,     /* Max encoded CA basic constraint length */
+    MAX_SN_SZ           =  35,     /* Max encoded serial number (INT) length */
 #ifdef CYASSL_CERT_GEN
     #ifdef CYASSL_ALT_NAMES
         MAX_EXTENSIONS_SZ   = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
diff --git a/src/ocsp.c b/src/ocsp.c
index ffc34a312..bc5ea8bfe 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -202,7 +202,7 @@ static int build_http_request(CYASSL_OCSP* ocsp, int ocspReqSz,
         ocsp->overridePath, ocsp->overrideName, ocspReqSz);
 }
 
-
+#if 0
 static const char foo[] = \
         "\x30\x81\xB7\x30\x81\xB4\x30\x81\x8C\x30\x44\x30\x42\x30\x09\x06\x05\x2B\x0E\x03" \
         "\x02\x1A\x05\x00\x04\x14\x49\x2D\x52\x83\x4B\x40\x37\xF5\xA9\x9E\x26\xA2\x3E\x48" \
@@ -221,7 +221,7 @@ static int build_ocsp_request(CYASSL_OCSP* ocsp, byte* buf, int bufSz)
     memcpy(buf, foo, sizeof(foo));
     return sizeof(foo) - 1;
 }
-
+#endif
 
 static byte* decode_http_response(byte* httpBuf, int httpBufSz, int* ocspRespSz)
 {
@@ -311,6 +311,7 @@ int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
     ocsp->status[0].serialSz = cert->serialSz;
     ocsp->statusLen = 1;
 
+	/*ocspReqSz = build_ocsp_request(ocsp, ocspReqBuf, ocspReqSz);*/
     ocspReqSz = EncodeOcspRequest(cert, ocspReqBuf, ocspReqSz);
     httpBufSz = build_http_request(ocsp, ocspReqSz, httpBuf, httpBufSz);