From c5bd24d6b84f9289025b7fe4291c6043d622941d Mon Sep 17 00:00:00 2001
From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Fri, 24 Feb 2012 11:20:19 +0200
Subject: [PATCH] Assert that the serial number for generated certificates does
 not exceed 20 bytes

---
 src/ssl/gadgets.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/ssl/gadgets.cc b/src/ssl/gadgets.cc
index e9ed33f76b..d701b51033 100644
--- a/src/ssl/gadgets.cc
+++ b/src/ssl/gadgets.cc
@@ -353,6 +353,9 @@ static  BIGNUM *createCertSerial(unsigned char *md, unsigned int n)
     if (BN_is_zero(serial))
         BN_one(serial);
 
+    // serial size does not exceed 20 bytes
+    assert(BN_num_bits(serial) <= 160);
+
     // According the RFC 5280, serial is an 20 bytes ASN.1 INTEGER (a signed big integer)
     // and the maximum value for X.509 certificate serial number is 2^159-1 and
     // the minimum 0. If the first bit of the serial is '1' ( eg 2^160-1),
-- 
2.47.2