Assert that the serial number for generated certificates

author Christos Tsantilas <chtsanti@users.sourceforge.net>

Fri, 24 Feb 2012 09:20:19 +0000 (11:20 +0200)

committer Christos Tsantilas <chtsanti@users.sourceforge.net>

Fri, 24 Feb 2012 09:20:19 +0000 (11:20 +0200)
author Christos Tsantilas <chtsanti@users.sourceforge.net>
Fri, 24 Feb 2012 09:20:19 +0000 (11:20 +0200)
committer Christos Tsantilas <chtsanti@users.sourceforge.net>
Fri, 24 Feb 2012 09:20:19 +0000 (11:20 +0200)
diff --git a/src/ssl/gadgets.cc b/src/ssl/gadgets.cc

index e9ed33f76b959c2bee9766bcde7c25a77f49e6e4..d701b5103382cc746339a6de86e573c573636f61 100644 (file)
--- a/src/ssl/gadgets.cc
+++ b/src/ssl/gadgets.cc
@@ -353,6 +353,9 @@ static  BIGNUM *createCertSerial(unsigned char *md, unsigned int n)
      if (BN_is_zero(serial))
          BN_one(serial);
  
+    // serial size does not exceed 20 bytes
+    assert(BN_num_bits(serial) <= 160);
+
      // According the RFC 5280, serial is an 20 bytes ASN.1 INTEGER (a signed big integer)
      // and the maximum value for X.509 certificate serial number is 2^159-1 and
      // the minimum 0. If the first bit of the serial is '1' ( eg 2^160-1),
author	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Fri, 24 Feb 2012 09:20:19 +0000 (11:20 +0200)
committer	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Fri, 24 Feb 2012 09:20:19 +0000 (11:20 +0200)