From 89962cf1e32818be68a77b8bd0f645cbb4c8dde5 Mon Sep 17 00:00:00 2001 From: Sun Yimin Date: Tue, 4 Mar 2025 08:48:18 +0800 Subject: [PATCH] smx509: avoid crypto/rand.Int to generate serial number #308 --- smx509/x509.go | 33 +++++++++++++-------------------- 1 file changed, 13 insertions(+), 20 deletions(-) diff --git a/smx509/x509.go b/smx509/x509.go index f905df0..9df8d07 100644 --- a/smx509/x509.go +++ b/smx509/x509.go @@ -26,7 +26,6 @@ import ( "crypto/ecdsa" "crypto/ed25519" "crypto/elliptic" - cryptorand "crypto/rand" "crypto/rsa" "crypto/sha1" "crypto/x509" @@ -118,7 +117,7 @@ func marshalPublicKey(pub any) (publicKeyBytes []byte, publicKeyAlgorithm pkix.A case ed25519.PublicKey: publicKeyBytes = pub publicKeyAlgorithm.Algorithm = oidPublicKeyEd25519 - case *sdkecdh.PublicKey: + case *sdkecdh.PublicKey: publicKeyBytes = pub.Bytes() if pub.Curve() == sdkecdh.X25519() { publicKeyAlgorithm.Algorithm = oidPublicKeyX25519 @@ -1542,25 +1541,19 @@ func CreateCertificate(rand io.Reader, template, parent, pub, priv any) ([]byte, serialNumber := realTemplate.SerialNumber if serialNumber == nil { - // Generate a serial number following RFC 5280 Section 4.1.2.2 if one is not provided. - // Requirements: - // - serial number must be positive - // - at most 20 octets when encoded - maxSerial := big.NewInt(1).Lsh(big.NewInt(1), 20*8) - for { - var err error - serialNumber, err = cryptorand.Int(rand, maxSerial) - if err != nil { - return nil, err - } - // If the serial is exactly 20 octets, check if the high bit of the first byte is set. - // If so, generate a new serial, since it will be padded with a leading 0 byte during - // encoding so that the serial is not interpreted as a negative integer, making it - // 21 octets. - if serialBytes := serialNumber.Bytes(); len(serialBytes) > 0 && (len(serialBytes) < 20 || serialBytes[0]&0x80 == 0) { - break - } + // Generate a serial number following RFC 5280, Section 4.1.2.2 if one + // is not provided. The serial number must be positive and at most 20 + // octets *when encoded*. + serialBytes := make([]byte, 20) + if _, err := io.ReadFull(rand, serialBytes); err != nil { + return nil, err } + // If the top bit is set, the serial will be padded with a leading zero + // byte during encoding, so that it's not interpreted as a negative + // integer. This padding would make the serial 21 octets so we clear the + // top bit to ensure the correct length in all cases. + serialBytes[0] &= 0b0111_1111 + serialNumber = new(big.Int).SetBytes(serialBytes) } // RFC 5280 Section 4.1.2.2: serial number must be positive