diff --git a/cpp/src/vereign/crypto/cert.cc b/cpp/src/vereign/crypto/cert.cc
index a715c17b0c9c4552f8c8610099cbc44e0cc2cec4..bc6f84d2d6f74904056f6b5bfe7c4c9d5402d2a4 100644
--- a/cpp/src/vereign/crypto/cert.cc
+++ b/cpp/src/vereign/crypto/cert.cc
@@ -2,6 +2,7 @@
#include <vereign/crypto/bio.hh>
#include <vereign/crypto/errors.hh>
+#include <vereign/crypto/rand.hh>
#include <vereign/encoding/base64.hh>
#include <openssl/x509v3.h>
@@ -333,10 +334,7 @@ static auto createCert(
// set serial number
auto serial_number = cert_data.SerialNumber;
if (serial_number == 0) {
- // FIXME: is using time ok ?
- serial_number = std::chrono::duration_cast<std::chrono::milliseconds>(
- std::chrono::system_clock::now().time_since_epoch()
- ).count();
+ serial_number = crypto::RandUint64();
}
r = ASN1_INTEGER_set_uint64(X509_get_serialNumber(cert.get()), serial_number);
if (r != 1) {
diff --git a/cpp/src/vereign/crypto/rand.cc b/cpp/src/vereign/crypto/rand.cc
index 2acc168ed6d9df6905c3ad25e7053c041e29a715..f61274887d5a826a22e0db178c86564ae2adcad8 100644
--- a/cpp/src/vereign/crypto/rand.cc
+++ b/cpp/src/vereign/crypto/rand.cc
@@ -23,4 +23,15 @@ auto Rand(std::size_t size) -> bytes::Buffer {
return buf;
}
+auto RandUint64() -> uint64_t {
+ uint64_t x = 0;
+ int result = RAND_bytes((uint8_t*) &x, sizeof(x));
+ if (result == 0) {
+ ERR_clear_error();
+ throw Error("crypto rand failed");
+ }
+
+ return x;
+}
+
} // vereign::crypto
diff --git a/cpp/src/vereign/crypto/rand.hh b/cpp/src/vereign/crypto/rand.hh
index 4c3979900f1464d2e54c9957f689f503af3e7e2f..e377ac88ce42544b57f337ef82f8ba7c9b24f71c 100644
--- a/cpp/src/vereign/crypto/rand.hh
+++ b/cpp/src/vereign/crypto/rand.hh
@@ -43,6 +43,15 @@ void Rand(bytes::Buffer& buf, std::size_t size);
*/
auto Rand(std::size_t size) -> bytes::Buffer;
+/**
+ * Generates random uint64_t.
+ *
+ * @returns random unsigned 64 bit integer.
+ *
+ * @throws crypto::Error on failure.
+ */
+auto RandUint64() -> uint64_t;
+
} // vereign::crypto
#endif // __VEREIGN_CRYPTO_RAND_HH