From f18ad089f15c1cb39de8ab21aaa81e472b7dc119 Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@google.com>
Date: Thu, 1 Dec 2016 11:11:26 -0800
Subject: [PATCH] tool: don't generate negative serial numbers.

MSVC, on 32-bit systems, defines sizeof(long)=4 which means that a
uint32_t could end up negative when passed to |ASN1_INTEGER_set| on
Windows.

Change-Id: Ib07487ab524550c832909bf10521aae61d654416
Reviewed-on: https://boringssl-review.googlesource.com/12560
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
Reviewed-by: Adam Langley <agl@google.com>
---
 tool/server.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tool/server.cc b/tool/server.cc
index 2f96961e..a049422e 100644
--- a/tool/server.cc
+++ b/tool/server.cc
@@ -113,7 +113,7 @@ static bssl::UniquePtr<X509> MakeSelfSignedCert(EVP_PKEY *evp_pkey,
   bssl::UniquePtr<X509> x509(X509_new());
   uint32_t serial;
   RAND_bytes(reinterpret_cast<uint8_t*>(&serial), sizeof(serial));
-  ASN1_INTEGER_set(X509_get_serialNumber(x509.get()), serial);
+  ASN1_INTEGER_set(X509_get_serialNumber(x509.get()), serial >> 1);
   X509_gmtime_adj(X509_get_notBefore(x509.get()), 0);
   X509_gmtime_adj(X509_get_notAfter(x509.get()), 60 * 60 * 24 * valid_days);