Skip to content

Commit

Permalink
ensure default serial generation fits 20 bytes
Browse files Browse the repository at this point in the history
  • Loading branch information
@BiagioFesta
BiagioFesta committed Dec 18, 2023
1 parent d382a37 commit 944d3b7
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion rcgen/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -937,7 +937,8 @@ impl CertificateParams {
} else {
let hash = digest::digest(&digest::SHA256, pub_key.raw_bytes());
// RFC 5280 specifies at most 20 bytes for a serial number
let sl = &hash.as_ref()[0..20];
let mut sl = hash.as_ref()[0..20].to_vec();
sl[0] = sl[0] & 0x7f; // MSB must be 0 to ensure encoding bignum in 20 bytes
writer.next().write_bigint_bytes(sl, true);
};
// Write signature
Expand Down

0 comments on commit 944d3b7

Please sign in to comment.