From 0d3a117608db561a5e43e428a3f890aa94c40bf6 Mon Sep 17 00:00:00 2001
From: terrafrost <terrafrost@php.net>
Date: Fri, 17 Jul 2015 00:45:20 -0500
Subject: [PATCH] X509: add a comment to explain the bitmask

---
 phpseclib/File/X509.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php
index f3c86d3f..6f8de788 100644
--- a/phpseclib/File/X509.php
+++ b/phpseclib/File/X509.php
@@ -3283,9 +3283,13 @@ class File_X509
                 if (!function_exists('crypt_random_string')) {
                     include_once 'Crypt/Random.php';
                 }
-                // "The serial number MUST be a positive integer"
-                // "Conforming CAs MUST NOT use serialNumber values longer than 20 octets."
-                //  -- https://tools.ietf.org/html/rfc5280#section-4.1.2.2
+                /* "The serial number MUST be a positive integer"
+                   "Conforming CAs MUST NOT use serialNumber values longer than 20 octets."
+                    -- https://tools.ietf.org/html/rfc5280#section-4.1.2.2
+
+                   for the integer to be positive the leading bit needs to be 0 hence the
+                   application of a bitmap
+                */
                 $serialNumber = new Math_BigInteger(crypt_random_string(20) & ("\x7F" . str_repeat("\xFF", 19)), 256);
             }