wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Generating serial number - clear top bit

Browse Source 
If the top bit is set then the encoding routine will drop a byte of the
serial number.
Better to ensure number is positive, top bit clear, and use as much of
the serial number data as possible.
This commit is contained in:
Sean Parkinson
2019-11-25 15:36:11 +10:00
parent edb07cf68e
commit 6325269236
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
wolfcrypt/src/asn.c
View File

@@ -11870,6 +11870,8 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
ret = wc_RNG_GenerateBlock(rng, cert->serial, cert->serialSz); ret = wc_RNG_GenerateBlock(rng, cert->serial, cert->serialSz);
if (ret != 0) if (ret != 0)
return ret; return ret;
/* Clear the top bit to avoid a negative value */
cert->serial[0] &= 0x7f;
} }
der->serialSz = SetSerialNumber(cert->serial, cert->serialSz, der->serial, der->serialSz = SetSerialNumber(cert->serial, cert->serialSz, der->serial,
sizeof(der->serial), CTC_SERIAL_SIZE); sizeof(der->serial), CTC_SERIAL_SIZE);