From 745eeb1252937e177b0567c296cc4b346e7dc763 Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <viktor@twosigma.com>
Date: Thu, 5 Mar 2015 03:27:15 -0500
Subject: [PATCH] Ensure DER form of hxtool ca random serial numbers

---
 lib/hx509/ca.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/hx509/ca.c b/lib/hx509/ca.c
index a574ab5d8..418a404b4 100644
--- a/lib/hx509/ca.c
+++ b/lib/hx509/ca.c
@@ -1126,6 +1126,12 @@ ca_sign(hx509_context context,
 	    goto out;
 	}
     } else {
+	/*
+	 * If no explicit serial number is specified, 20 random bytes should be
+	 * sufficiently collision resistant.  Since the serial number must be a
+	 * positive integer, ensure minimal ASN.1 DER form by forcing the high
+	 * bit off and the next bit on (thus avoiding an all zero first octet).
+	 */
 	tbsc->serialNumber.length = 20;
 	tbsc->serialNumber.data = malloc(tbsc->serialNumber.length);
 	if (tbsc->serialNumber.data == NULL){
@@ -1133,9 +1139,9 @@ ca_sign(hx509_context context,
 	    hx509_set_error_string(context, 0, ret, "Out of memory");
 	    goto out;
 	}
-	/* XXX diffrent */
 	RAND_bytes(tbsc->serialNumber.data, tbsc->serialNumber.length);
 	((unsigned char *)tbsc->serialNumber.data)[0] &= 0x7f;
+	((unsigned char *)tbsc->serialNumber.data)[0] |= 0x40;
     }
     /* signature            AlgorithmIdentifier, */
     ret = copy_AlgorithmIdentifier(sigalg, &tbsc->signature);
-- 
2.11.4.GIT