diff options
author | Rich Salz <rsalz@openssl.org> | 2017-08-16 15:49:25 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-08-22 09:00:04 -0400 |
commit | ffb46830e2dfd3203044e6190f50a20fec50162d (patch) | |
tree | 744d016ce5d6dea1aa48a36e95024d8333dff969 /apps/apps.c | |
parent | 932c0df29b7a5a2902c52e2f536b5b83392e2d42 (diff) |
Add random serial# support.
Add -rand_serial to CA command and "serial_rand" config option.
Up RAND_BITS to 159, and comment why: now confirms to CABForum
guidelines (Ballot 164) as well as IETF RFC 5280 (PKIX).
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4185)
Diffstat (limited to 'apps/apps.c')
-rw-r--r-- | apps/apps.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/apps/apps.c b/apps/apps.c index 6ff41972e3..79ef933935 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1503,15 +1503,11 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) BIGNUM *btmp; int ret = 0; - if (b) - btmp = b; - else - btmp = BN_new(); - + btmp = b == NULL ? BN_new() : b; if (btmp == NULL) return 0; - if (!BN_rand(btmp, SERIAL_RAND_BITS, 0, 0)) + if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) goto error; if (ai && !BN_to_ASN1_INTEGER(btmp, ai)) goto error; |