Add random serial# support.

Add -rand_serial to CA command and "serial_rand" config option. Up RAND_BITS to 159, and comment why: now confirms to CABForum guidelines (Ballot 164) as well as IETF RFC 5280 (PKIX). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4185)
author: Rich Salz <rsalz@openssl.org> 2017-08-16 15:49:25 -0400
committer: Rich Salz <rsalz@openssl.org> 2017-08-22 09:00:04 -0400
commit: ffb46830e2dfd3203044e6190f50a20fec50162d (patch)
tree: 744d016ce5d6dea1aa48a36e95024d8333dff969 /apps/apps.c
parent: 932c0df29b7a5a2902c52e2f536b5b83392e2d42 (diff)
1 files changed, 2 insertions, 6 deletions
diff --git a/apps/apps.c b/apps/apps.c
index 6ff41972e3..79ef933935 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1503,15 +1503,11 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
     BIGNUM *btmp;
     int ret = 0;
 
-    if (b)
-        btmp = b;
-    else
-        btmp = BN_new();
-
+    btmp = b == NULL ? BN_new() : b;
     if (btmp == NULL)
         return 0;
 
-    if (!BN_rand(btmp, SERIAL_RAND_BITS, 0, 0))
+    if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
         goto error;
     if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
         goto error;
author	Rich Salz <rsalz@openssl.org>	2017-08-16 15:49:25 -0400
committer	Rich Salz <rsalz@openssl.org>	2017-08-22 09:00:04 -0400
commit	ffb46830e2dfd3203044e6190f50a20fec50162d (patch)
tree	744d016ce5d6dea1aa48a36e95024d8333dff969 /apps/apps.c
parent	932c0df29b7a5a2902c52e2f536b5b83392e2d42 (diff)