Reduce chances of issuer and serial number duplication by use of random

initial serial numbers. PR: 842
author: Dr. Stephen Henson <steve@openssl.org> 2004-04-20 12:05:26 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2004-04-20 12:05:26 +0000
commit: 64674bcc8cee73853d00388a5e83cb1b2f38bec1 (patch)
tree: 55da245985e07e8e1c75bf1ae8569012a63cb014 /apps/apps.c
parent: 1dc2d655addc773d6d91ee17a52c14a11d1cb8e1 (diff)
1 files changed, 28 insertions, 4 deletions
diff --git a/apps/apps.c b/apps/apps.c
index 5e443221d3..6925ab4cdd 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1434,12 +1434,9 @@ BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
 			}
 		else
 			{
-			ASN1_INTEGER_set(ai,1);
 			ret=BN_new();
-			if (ret == NULL)
+			if (ret == NULL || !rand_serial(ret, ai))
 				BIO_printf(bio_err, "Out of memory\n");
-			else
-				BN_one(ret);
 			}
 		}
 	else
@@ -1601,6 +1598,33 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
 	return 0;
 	}
 
+int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
+	{
+	BIGNUM *btmp;
+	int ret = 0;
+	if (b)
+		btmp = b;
+	else
+		btmp = BN_new();
+
+	if (!btmp)
+		return 0;
+
+	if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
+		goto error;
+	if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
+		goto error;
+
+	ret = 1;
+	
+	error:
+
+	if (!b)
+		BN_free(btmp);
+	
+	return ret;
+	}
+
 CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
 	{
 	CA_DB *retdb = NULL;
author	Dr. Stephen Henson <steve@openssl.org>	2004-04-20 12:05:26 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2004-04-20 12:05:26 +0000
commit	64674bcc8cee73853d00388a5e83cb1b2f38bec1 (patch)
tree	55da245985e07e8e1c75bf1ae8569012a63cb014 /apps/apps.c
parent	1dc2d655addc773d6d91ee17a52c14a11d1cb8e1 (diff)