commit 7d56b75791f317618c9c3ff08a4cfc36c91c9611
author Dmitry Shmidt <dimitrysh@google.com> Tue Dec 22 10:59:44 2015 -0800
committer Dmitry Shmidt <dimitrysh@google.com> Tue Dec 22 13:07:34 2015 -0800
tree 856d772b38ff3e94486b088d8f4ff82d545b08ec
parent 55840adb6cd32ca52064f327b72a40e769f70661

Cumulative patch from commit c24f8e8e75b46f0b191cca788b6f4c10bed81861 (DO NOT MERGE)

c24f8e8 GAS: Do not cancel initial offchannel wait with comeback delay 1
364282c GAS: Retry full GAS query if comeback response is not received
a587666 GAS server: Replenish temporary STA entry timeout on comeback request
8fb718a GAS: Shorten the duration of the wait for GAS comeback response
c012567 GAS: Clear offchannel_tx_started when ending remain-on-channel
cb73008 EAP-TTLS/PEAP/FAST: Reject unsupported Phase 2 method in configuration
18704f6 EAP-TLS: Merge common error paths
4f5c86e EAP-PEAP peer: Fix a memory leak on an error path
e7160bd Drop any pending EAPOL RX frame when starting a new connection
cd5895e WPA: Explicitly clear the buffer used for decrypting Key Data
4b90fcd EAP-PEAP peer: Check SHA1 result when deriving Compond_MAC
6ca5838 EAP-PEAP server: Add support for fast-connect crypto binding
6560caf EAP-PEAP peer: Remove unused return value and error path
61f25f8 HS 2.0: Remove duplicate icon entries
ca9968a HS 2.0: Convert icon storage to use dl_list
8dd5c1b HS 2.0: Add a command to retrieve icon with in-memory storage
0e92fb8 rfkill: Match only the correct expected wiphy rfkill
6da504a nl80211: Handle rfkill for P2P Device interface
96e8d83 wpa_supplicant: Add SIGNAL_MONITOR command
2c0d0ae GAS: End remain-on-channel due to delayed GAS comeback request
dabdef9 TDLS: Ignore incoming TDLS Setup Response retries
0fc5707 hlr_auc_gw: Simplify string parsers with str_token()
d67e63d hlr_auc_gw: Fix a typo in an error message
59e7120 hlr_auc_gw: Remove unnecessary assignment
685ea2f wpa_cli: Send ALL_STA command to the correct interface
0e6a2cf Disconnect before trying to switch to a different network
706e11a Avoid network selection from scan during connection
819ad5b utils: Fix NULL pointer dereference with unexpected kernel behavior
1b3dd69 P2P: Fix possible NULL pointer dereference
f24e488 EAP-TTLS peer: Fix parsing auth= and autheap= phase2 params
47c1de2 atheros: Unify memory processing functions
d06a350 mesh: Fix VHT Operation information in peering messages
8ba8c01 TLS: Report OCSP rejection cases when no valid response if found
f163ed8 TLS: Process OCSP SingleResponse(s)
8e3271d TLS: Store DER encoded version of Subject DN for X.509 certificates
32ce690 TLS: Share digest OID checkers from X.509
b72a367 TLS: Support longer X.509 serialNumber values
af4eba1 TLS: Parse and validate BasicOCSPResponse

Change-Id: I0fadef8993a548d64a4280372bc105fefa11e62a
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

src/tls/x509v3.h

diff --git a/src/tls/x509v3.h b/src/tls/x509v3.h
index 12ef86e..dcdb4a3 100644
--- a/src/tls/x509v3.h
+++ b/src/tls/x509v3.h
@@ -45,13 +45,18 @@
 	struct asn1_oid rid; /* registeredID */
 };
 
+#define X509_MAX_SERIAL_NUM_LEN 20
+
 struct x509_certificate {
 	struct x509_certificate *next;
 	enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version;
-	unsigned long serial_number;
+	u8 serial_number[X509_MAX_SERIAL_NUM_LEN];
+	size_t serial_number_len;
 	struct x509_algorithm_identifier signature;
 	struct x509_name issuer;
 	struct x509_name subject;
+	u8 *subject_dn;
+	size_t subject_dn_len;
 	os_time_t not_before;
 	os_time_t not_after;
 	struct x509_algorithm_identifier public_key_alg;
@@ -91,6 +96,7 @@
 #define X509_EXT_KEY_USAGE_ANY			(1 << 0)
 #define X509_EXT_KEY_USAGE_SERVER_AUTH		(1 << 1)
 #define X509_EXT_KEY_USAGE_CLIENT_AUTH		(1 << 2)
+#define X509_EXT_KEY_USAGE_OCSP			(1 << 3)
 
 	/*
 	 * The DER format certificate follows struct x509_certificate. These
@@ -113,10 +119,21 @@
 };
 
 void x509_certificate_free(struct x509_certificate *cert);
+int x509_parse_algorithm_identifier(const u8 *buf, size_t len,
+				    struct x509_algorithm_identifier *id,
+				    const u8 **next);
+int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
+		    const u8 **next);
+int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag, os_time_t *val);
 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len);
+void x509_free_name(struct x509_name *name);
 void x509_name_string(struct x509_name *name, char *buf, size_t len);
 int x509_name_compare(struct x509_name *a, struct x509_name *b);
 void x509_certificate_chain_free(struct x509_certificate *cert);
+int x509_check_signature(struct x509_certificate *issuer,
+			 struct x509_algorithm_identifier *signature,
+			 const u8 *sign_value, size_t sign_value_len,
+			 const u8 *signed_data, size_t signed_data_len);
 int x509_certificate_check_signature(struct x509_certificate *issuer,
 				     struct x509_certificate *cert);
 int x509_certificate_chain_validate(struct x509_certificate *trusted,
@@ -127,4 +144,9 @@
 			     struct x509_name *name);
 int x509_certificate_self_signed(struct x509_certificate *cert);
 
+int x509_sha1_oid(struct asn1_oid *oid);
+int x509_sha256_oid(struct asn1_oid *oid);
+int x509_sha384_oid(struct asn1_oid *oid);
+int x509_sha512_oid(struct asn1_oid *oid);
+
 #endif /* X509V3_H */