webadmin/pico-keys-sdk
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-keys-sdk synced 2026-05-28 17:11:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix random serial DER encoding.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2026-05-12 19:48:30 +02:00
parent a4a1651ed4
commit d3ce3c20dc
2 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/usb/lwip/rest_server.c
View File

@@ -980,6 +980,17 @@ void rest_handle_request(rest_conn_t *conn) {
} }
} }
int x509_set_random_serial(mbedtls_x509write_cert *crt) {
uint8_t serial[16];
random_fill_buffer(serial, sizeof(serial));
serial[0] &= 0x7F;
size_t off = 0;
while (off < sizeof(serial) - 1 && serial[off] == 0x00) off++;
return mbedtls_x509write_crt_set_serial_raw(crt, serial + off, sizeof(serial) - off);
}
static void rest_check_and_load_credentials(void) { static void rest_check_and_load_credentials(void) {
file_t *ef = file_new(EF_TLS_KEY); file_t *ef = file_new(EF_TLS_KEY);
if (!file_has_data(ef)) { if (!file_has_data(ef)) {
@@ -1030,9 +1041,7 @@ static void rest_check_and_load_credentials(void) {
if (ret != 0) goto out; if (ret != 0) goto out;
ret = mbedtls_x509write_crt_set_issuer_name(&crt, "CN=pico-novus"); ret = mbedtls_x509write_crt_set_issuer_name(&crt, "CN=pico-novus");
if (ret != 0) goto out; if (ret != 0) goto out;
uint8_t serial[16]; x509_set_random_serial(&crt);
random_fill_buffer(serial, sizeof(serial));
mbedtls_x509write_crt_set_serial_raw(&crt, serial, sizeof(serial));
if (ret != 0) goto out; if (ret != 0) goto out;
ret = mbedtls_x509write_crt_set_validity(&crt, "20260101000000", "20360101000000"); ret = mbedtls_x509write_crt_set_validity(&crt, "20260101000000", "20360101000000");
if (ret != 0) goto out; if (ret != 0) goto out;

2
src/usb/lwip/rest_server.h
View File

@@ -74,6 +74,8 @@ typedef struct {
err_t rest_server_init(rest_conn_type_t conn_type); err_t rest_server_init(rest_conn_type_t conn_type);
void rest_handle_request(rest_conn_t *conn); void rest_handle_request(rest_conn_t *conn);
extern int x509_set_random_serial(mbedtls_x509write_cert *crt);
extern int rest_server_error(rest_response_t *response, int status_code, const char *message); extern int rest_server_error(rest_response_t *response, int status_code, const char *message);
#endif #endif