From a4a6150ba5e359d35752b5131183f0d02746f1db Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:35 +0000
Subject: [PATCH 10/28] X.509: Add bits needed for PKCS#7

PKCS#7 validation requires access to the serial number and the raw names in an
X.509 certificate.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Josh Boyer <jwboyer@redhat.com>
---
 crypto/asymmetric_keys/x509.asn1          |    2 +-
 crypto/asymmetric_keys/x509_cert_parser.c |   17 +++++++++++++++++
 crypto/asymmetric_keys/x509_parser.h      |    6 ++++++
 3 files changed, 24 insertions(+), 1 deletion(-)

Index: linux-2.6/crypto/asymmetric_keys/x509.asn1
===================================================================
--- linux-2.6.orig/crypto/asymmetric_keys/x509.asn1	2014-05-16 13:09:03.551502582 -0400
+++ linux-2.6/crypto/asymmetric_keys/x509.asn1	2014-06-17 08:28:26.911602610 -0400
@@ -6,7 +6,7 @@ Certificate ::= SEQUENCE {
 
 TBSCertificate ::= SEQUENCE {
 	version           [ 0 ]	Version DEFAULT,
-	serialNumber		CertificateSerialNumber,
+	serialNumber		CertificateSerialNumber ({ x509_note_serial }),
 	signature		AlgorithmIdentifier ({ x509_note_pkey_algo }),
 	issuer			Name ({ x509_note_issuer }),
 	validity		Validity,
Index: linux-2.6/crypto/asymmetric_keys/x509_cert_parser.c
===================================================================
--- linux-2.6.orig/crypto/asymmetric_keys/x509_cert_parser.c	2014-05-16 13:09:03.551502582 -0400
+++ linux-2.6/crypto/asymmetric_keys/x509_cert_parser.c	2014-06-17 08:28:26.912602610 -0400
@@ -211,6 +211,19 @@ int x509_note_signature(void *context, s
 }
 
 /*
+ * Note the certificate serial number
+ */
+int x509_note_serial(void *context, size_t hdrlen,
+		     unsigned char tag,
+		     const void *value, size_t vlen)
+{
+	struct x509_parse_context *ctx = context;
+	ctx->cert->raw_serial = value;
+	ctx->cert->raw_serial_size = vlen;
+	return 0;
+}
+
+/*
  * Note some of the name segments from which we'll fabricate a name.
  */
 int x509_extract_name_segment(void *context, size_t hdrlen,
@@ -322,6 +335,8 @@ int x509_note_issuer(void *context, size
 		     const void *value, size_t vlen)
 {
 	struct x509_parse_context *ctx = context;
+	ctx->cert->raw_issuer = value;
+	ctx->cert->raw_issuer_size = vlen;
 	return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen);
 }
 
@@ -330,6 +345,8 @@ int x509_note_subject(void *context, siz
 		      const void *value, size_t vlen)
 {
 	struct x509_parse_context *ctx = context;
+	ctx->cert->raw_subject = value;
+	ctx->cert->raw_subject_size = vlen;
 	return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen);
 }
 
Index: linux-2.6/crypto/asymmetric_keys/x509_parser.h
===================================================================
--- linux-2.6.orig/crypto/asymmetric_keys/x509_parser.h	2014-05-16 13:09:03.551502582 -0400
+++ linux-2.6/crypto/asymmetric_keys/x509_parser.h	2014-06-17 08:28:26.912602610 -0400
@@ -25,6 +25,12 @@ struct x509_certificate {
 	unsigned	tbs_size;		/* Size of signed data */
 	unsigned	raw_sig_size;		/* Size of sigature */
 	const void	*raw_sig;		/* Signature data */
+	const void	*raw_serial;		/* Raw serial number in ASN.1 */
+	unsigned	raw_serial_size;
+	unsigned	raw_issuer_size;
+	const void	*raw_issuer;		/* Raw issuer name in ASN.1 */
+	const void	*raw_subject;		/* Raw subject name in ASN.1 */
+	unsigned	raw_subject_size;
 	struct public_key_signature sig;	/* Signature parameters */
 };