OpenSSL: Make serial number of peer certificate available in event_cb

Add serial number to the event_cb() information for the peer certificate
chain.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

src/crypto/tls.h

@@ -64,6 +64,7 @@ union tls_event_data {
 		size_t hash_len;
 		const char *altsubject[TLS_MAX_ALT_SUBJECT];
 		int num_altsubject;
+		const char *serial_num;
 	} peer_cert;
 
 	struct {

src/crypto/tls_openssl.c

@@ -111,6 +111,12 @@ static int RSA_bits(const RSA *r)
 	return BN_num_bits(r->n);
 }
 #endif /* CONFIG_SUITEB */
+
+
+static const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x)
+{
+	return ASN1_STRING_data((ASN1_STRING *) x);
+}
 #endif
 
 #ifdef ANDROID
@@ -1824,6 +1830,8 @@ static void openssl_tls_cert_event(struct tls_connection *conn,
 	GENERAL_NAME *gen;
 	void *ext;
 	stack_index_t i;
+	ASN1_INTEGER *ser;
+	char serial_num[128];
 #ifdef CONFIG_SHA256
 	u8 hash[32];
 #endif /* CONFIG_SHA256 */
@@ -1852,6 +1860,14 @@ static void openssl_tls_cert_event(struct tls_connection *conn,
 	ev.peer_cert.depth = depth;
 	ev.peer_cert.subject = subject;
 
+	ser = X509_get_serialNumber(err_cert);
+	if (ser) {
+		wpa_snprintf_hex_uppercase(serial_num, sizeof(serial_num),
+					   ASN1_STRING_get0_data(ser),
+					   ASN1_STRING_length(ser));
+		ev.peer_cert.serial_num = serial_num;
+	}
+
 	ext = X509_get_ext_d2i(err_cert, NID_subject_alt_name, NULL, NULL);
 	for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) {
 		char *pos;