diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2004-04-20 12:05:26 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2004-04-20 12:05:26 +0000 |
commit | 64674bcc8cee73853d00388a5e83cb1b2f38bec1 (patch) | |
tree | 55da245985e07e8e1c75bf1ae8569012a63cb014 /apps/apps.c | |
parent | 1dc2d655addc773d6d91ee17a52c14a11d1cb8e1 (diff) |
Reduce chances of issuer and serial number duplication by use of random
initial serial numbers.
PR: 842
Diffstat (limited to 'apps/apps.c')
-rw-r--r-- | apps/apps.c | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/apps/apps.c b/apps/apps.c index 5e443221d3..6925ab4cdd 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1434,12 +1434,9 @@ BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai) } else { - ASN1_INTEGER_set(ai,1); ret=BN_new(); - if (ret == NULL) + if (ret == NULL || !rand_serial(ret, ai)) BIO_printf(bio_err, "Out of memory\n"); - else - BN_one(ret); } } else @@ -1601,6 +1598,33 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) return 0; } +int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) + { + BIGNUM *btmp; + int ret = 0; + if (b) + btmp = b; + else + btmp = BN_new(); + + if (!btmp) + return 0; + + if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0)) + goto error; + if (ai && !BN_to_ASN1_INTEGER(btmp, ai)) + goto error; + + ret = 1; + + error: + + if (!b) + BN_free(btmp); + + return ret; + } + CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) { CA_DB *retdb = NULL; |