From 63252692363d606409a1b0bf24b3ada8ac2c569d Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 25 Nov 2019 15:36:11 +1000 Subject: [PATCH] Generating serial number - clear top bit If the top bit is set then the encoding routine will drop a byte of the serial number. Better to ensure number is positive, top bit clear, and use as much of the serial number data as possible. --- wolfcrypt/src/asn.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 2e64698e9..2c8676b42 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -11870,6 +11870,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, ret = wc_RNG_GenerateBlock(rng, cert->serial, cert->serialSz); if (ret != 0) return ret; + /* Clear the top bit to avoid a negative value */ + cert->serial[0] &= 0x7f; } der->serialSz = SetSerialNumber(cert->serial, cert->serialSz, der->serial, sizeof(der->serial), CTC_SERIAL_SIZE);