X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2FsimpleOpensslSigner.cpp;h=eb7d8b9e720232989b8a60c5b0bfc792a50d2fe0;hb=7a72391242e316a16992e0874a118999486afb87;hp=21e5b949350d9664fcd01867292ddb04caf8ce30;hpb=9278cdd550c327a863f7515723cc4031d71e7f06;p=cassiopeia.git diff --git a/src/simpleOpensslSigner.cpp b/src/simpleOpensslSigner.cpp index 21e5b94..eb7d8b9 100644 --- a/src/simpleOpensslSigner.cpp +++ b/src/simpleOpensslSigner.cpp @@ -73,7 +73,7 @@ SimpleOpensslSigner::SimpleOpensslSigner() { SimpleOpensslSigner::~SimpleOpensslSigner() { } -std::shared_ptr SimpleOpensslSigner::nextSerial() { +std::shared_ptr SimpleOpensslSigner::nextSerial( uint16_t profile ) { std::ifstream serialif( "serial" ); std::string res; serialif >> res; @@ -97,10 +97,12 @@ std::shared_ptr SimpleOpensslSigner::nextSerial() { std::shared_ptr data = std::shared_ptr( ( unsigned char* ) malloc( BN_num_bytes( serial.get() ) + 20 ), free ); int len = BN_bn2bin( serial.get(), data.get() ); + data.get()[len] = 0x0; - data.get()[len + 1] = 0x0; // profile id - data.get()[len + 2] = 0x0; - data.get()[len + 3] = 0x0; // signer id + data.get()[len + 1] = 0x0; // signer id + + data.get()[len + 2] = profile >> 8; + data.get()[len + 3] = profile & 0xFF; // profile id if( !RAND_bytes( data.get() + len + 4, 16 ) || !BN_add_word( serial.get(), 1 ) ) { throw "Big number math failed while calcing serials."; @@ -177,7 +179,13 @@ std::shared_ptr SimpleOpensslSigner::sign( std::shared_ptr ser = nextSerial(); + long int profile = strtol( cert->profile.c_str(), 0, 10 ); + + if( profile > 0xFFFF || profile < 0 || ( profile == 0 && cert->profile != "0" ) ) { + throw "invalid profile id"; + } + + std::shared_ptr ser = nextSerial( profile ); c.setSerialNumber( ser.get() ); c.setTimes( 0, 60 * 60 * 24 * 10 ); c.setExtensions( caCert, cert->SANs );