BN_bn2hex() returns "0" instead of "00" for zero. This disrputs the

requirement that the serial number always be an even amount of characters.
PR: 248

diff --git a/apps/ca.c b/apps/ca.c
index d60001b0188e53047411e32cd6c79dfea98d3d9b..22c9f820c561c60d388cca29bfa5a77bab8a6c15 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1158,9 +1158,14 @@ bad:
                        }
                if (verbose)
                        {
                        }
                if (verbose)
                        {

-                       if ((f=BN_bn2hex(serial)) == NULL) goto err;
-                       BIO_printf(bio_err,"next serial number is %s\n",f);
-                       OPENSSL_free(f);
+                       if (BN_is_zero(serial))
+                               BIO_printf(bio_err,"next serial number is 00\n");
+                       else
+                               {
+                               if ((f=BN_bn2hex(serial)) == NULL) goto err;
+                               BIO_printf(bio_err,"next serial number is %s\n",f);
+                               OPENSSL_free(f);
+                               }

                        }
 
                if ((attribs=NCONF_get_section(conf,policy)) == NULL)
                        }
 
                if ((attribs=NCONF_get_section(conf,policy)) == NULL)


@@ -2094,7 +2099,10 @@ again2:
                        }
                }
 
                        }
                }
 

-       row[DB_serial]=BN_bn2hex(serial);
+       if (BN_is_zero(serial))
+               row[DB_serial]=BUF_strdup("00");
+       else
+               row[DB_serial]=BN_bn2hex(serial);

        if (row[DB_serial] == NULL)
                {
                BIO_printf(bio_err,"Memory allocation failure\n");
        if (row[DB_serial] == NULL)
                {
                BIO_printf(bio_err,"Memory allocation failure\n");


@@ -2588,7 +2596,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
                row[i]=NULL;
        row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
        bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
                row[i]=NULL;
        row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
        bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);

-       row[DB_serial]=BN_bn2hex(bn);
+       if (BN_is_zero(bn))
+               row[DB_serial]=BUF_strdup("00");
+       else
+               row[DB_serial]=BN_bn2hex(bn);

        BN_free(bn);
        if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
                {
        BN_free(bn);
        if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
                {

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 59b97a634b3ce2c003b9f1cffb2eddca0dff8cdd..17b2a659c3c24d76fe08cb056e56f99dafc62d3d 100644 (file)
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1120,7 +1120,10 @@ static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser)
        char *itmp, *row[DB_NUMBER],**rrow;
        for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
        bn = ASN1_INTEGER_to_BN(ser,NULL);
        char *itmp, *row[DB_NUMBER],**rrow;
        for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
        bn = ASN1_INTEGER_to_BN(ser,NULL);

-       itmp = BN_bn2hex(bn);
+       if (BN_is_zero(bn))
+               itmp = BUF_strdup("00");
+       else
+               itmp = BN_bn2hex(bn);

        row[DB_serial] = itmp;
        BN_free(bn);
        rrow=TXT_DB_get_by_index(db,DB_serial,row);
        row[DB_serial] = itmp;
        BN_free(bn);
        rrow=TXT_DB_get_by_index(db,DB_serial,row);