Skip to content
Snippets Groups Projects
Verified Commit b9311b0b authored by Daniel Lyubomirov's avatar Daniel Lyubomirov
Browse files

Use crypto random generator for certificate serial numbers

parent ce101c52
No related branches found
No related tags found
1 merge request!98Profile certificates
This commit is part of merge request !98. Comments created here will be created in the context of that merge request.
......@@ -2,6 +2,7 @@
#include <vereign/crypto/bio.hh>
#include <vereign/crypto/errors.hh>
#include <vereign/crypto/rand.hh>
#include <vereign/encoding/base64.hh>
#include <openssl/x509v3.h>
......@@ -333,10 +334,7 @@ static auto createCert(
// set serial number
auto serial_number = cert_data.SerialNumber;
if (serial_number == 0) {
// FIXME: is using time ok ?
serial_number = std::chrono::duration_cast<std::chrono::milliseconds>(
std::chrono::system_clock::now().time_since_epoch()
).count();
serial_number = crypto::RandUint64();
}
r = ASN1_INTEGER_set_uint64(X509_get_serialNumber(cert.get()), serial_number);
if (r != 1) {
......
......@@ -23,4 +23,15 @@ auto Rand(std::size_t size) -> bytes::Buffer {
return buf;
}
auto RandUint64() -> uint64_t {
uint64_t x = 0;
int result = RAND_bytes((uint8_t*) &x, sizeof(x));
if (result == 0) {
ERR_clear_error();
throw Error("crypto rand failed");
}
return x;
}
} // vereign::crypto
......@@ -43,6 +43,15 @@ void Rand(bytes::Buffer& buf, std::size_t size);
*/
auto Rand(std::size_t size) -> bytes::Buffer;
/**
* Generates random uint64_t.
*
* @returns random unsigned 64 bit integer.
*
* @throws crypto::Error on failure.
*/
auto RandUint64() -> uint64_t;
} // vereign::crypto
#endif // __VEREIGN_CRYPTO_RAND_HH
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment