crypto: avoid generating 0 or negative certificate serial numbers

efb5f8e3 · Adrien Béraud · 8aa24f12 · efb5f8e3 · efb5f8e3
Commit efb5f8e3 authored 4 years ago by Adrien Béraud
--- a/include/opendht/crypto.h
+++ b/include/opendht/crypto.h
@@ -80,6 +80,8 @@ struct OPENDHT_PUBLIC PublicKey
     * Takes ownership of an existing gnutls_pubkey.
     */
    PublicKey(gnutls_pubkey_t k) : pk(k) {}
+
+    /** Import public key from serialized data */
    PublicKey(const uint8_t* dat, size_t dat_size);
    PublicKey(const Blob& pk) : PublicKey(pk.data(), pk.size()) {}
    PublicKey(PublicKey&& o) noexcept : pk(o.pk) { o.pk = nullptr; };

--- a/src/crypto.cpp
+++ b/src/crypto.cpp
@@ -1147,8 +1147,8 @@ void
 setRandomSerial(gnutls_x509_crt_t cert)
 {
    random_device rdev;
-    std::uniform_int_distribution<uint64_t> dist{};
-    uint64_t cert_serial = dist(rdev);
+    std::uniform_int_distribution<int64_t> dist{1};
+    int64_t cert_serial = dist(rdev);
    gnutls_x509_crt_set_serial(cert, &cert_serial, sizeof(cert_serial));
 }