From a883ee95a555cc56edff654efd3b9db9dc1d0872 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 18 Jun 2024 07:58:19 -0700
Subject: [PATCH] Use version 0 for CSR. ZD 18153

---
 src/tpm2_wrap.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
index 8267adac..d99fb387 100644
--- a/src/tpm2_wrap.c
+++ b/src/tpm2_wrap.c
@@ -277,6 +277,9 @@ WOLFTPM2_CSR* wolfTPM2_NewCSR(void)
             XFREE(csr, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             csr = NULL;
         }
+        if (csr) {
+            csr->req.version = 0; /* per RFC2986 : CSR version should be 0 */
+        }
     }
     return csr;
 }
@@ -6842,6 +6845,8 @@ int wolfTPM2_CSR_Generate_ex(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
     XMEMSET(&csrKey, 0, sizeof(csrKey));
     rc = wc_InitCert(&csr.req);
     if (rc == 0) {
+        csr.req.version = 0; /* per RFC2986 : CSR version should be 0 */
+
         rc = CSR_KeySetup(dev, &csr, key, &csrKey, sigType, devId);
     }
     if (rc == 0) {