init the serial with a random value

caveman99 · mhaberler · commit 1e94c7dd8690 · 2024-07-22T23:41:44.000+02:00
diff --git a/src/SSLCert.cpp b/src/SSLCert.cpp
@@ -223,10 +223,10 @@ static int cert_write(SSLCert &certCtx, std::string dn, std::string validityFrom
     goto error_after_cert;
   }
 
-  // Initialize the serial number
+  // generate random serial number
   mbedtls_mpi_init( &serial );
-  stepRes = mbedtls_mpi_read_string( &serial, 10, "1" );
-  if (stepRes != 0) {
+  stepRes = mbedtls_mpi_fill_random( &serial, 10, mbedtls_ctr_drbg_random, &ctr_drbg );
+    if (stepRes != 0) {
     funcRes = HTTPS_SERVER_ERROR_CERTGEN_SERIAL;
     goto error_after_cert_serial;
   }

Original file line number	Diff line number	Diff line change
`@@ -223,10 +223,10 @@ static int cert_write(SSLCert &certCtx, std::string dn, std::string validityFrom`
`223`	`223`	`goto error_after_cert;`
`224`	`224`	`}`
`225`	`225`
`226`		`- // Initialize the serial number`
	`226`	`+ // generate random serial number`
`227`	`227`	`mbedtls_mpi_init( &serial );`
`228`		`- stepRes = mbedtls_mpi_read_string( &serial, 10, "1" );`
`229`		`- if (stepRes != 0) {`
	`228`	`+ stepRes = mbedtls_mpi_fill_random( &serial, 10, mbedtls_ctr_drbg_random, &ctr_drbg );`
	`229`	`+ if (stepRes != 0) {`
`230`	`230`	`funcRes = HTTPS_SERVER_ERROR_CERTGEN_SERIAL;`
`231`	`231`	`goto error_after_cert_serial;`
`232`	`232`	`}`