Reduce chances of issuer and serial number duplication by use of random

 Changes between 0.9.7c and 0.9.8  [xx XXX xxxx]

  *) Reduce the chances of duplicate issuer name and serial numbers (in

     violation of RFC3280) using the OpenSSL certificate creation utilities. 

     This is done by creating a random 64 bit value for the initial serial

     number when a serial number file is created or when a self signed

     certificate is created using 'openssl req -x509'. The initial serial

     number file is now moved from CA.pl to the 'ca' utility with a new

     option -create_serial.

     [Steve Henson]

  *) Reduced header interdepencies by declaring more opaque objects in

     ossl_typ.h. As a consequence, including some headers (eg. engine.h) will

     give fewer recursive includes, which could break lazy source code - so

		mkdir "${CATOP}/crl", $DIRMODE ;

		mkdir "${CATOP}/newcerts", $DIRMODE;

		mkdir "${CATOP}/private", $DIRMODE;

		open OUT, ">${CATOP}/serial";

		print OUT "01\n";

		close OUT;

		open OUT, ">${CATOP}/index.txt";

		close OUT;

	    }

		    print "Making CA certificate ...\n";

		    system ("$REQ -new -keyout " .

			"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");

		    system ("$CA -out ${CATOP}/$CACERT $CADAYS -batch " . 

		    system ("$CA -create_serial " .

			"-out ${CATOP}/$CACERT $CADAYS -batch " . 

			"-keyfile ${CATOP}/private/$CAKEY -selfsign " .

			"-infiles ${CATOP}/$CAREQ ");

		    $RET=$?;

			}

		else

			{

			ASN1_INTEGER_set(ai,1);

			ret=BN_new();

			if (ret == NULL)

			if (ret == NULL || !rand_serial(ret, ai))

				BIO_printf(bio_err, "Out of memory\n");

			else

				BN_one(ret);

			}

		}

	else

	return 0;

	}

int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)

	{

	BIGNUM *btmp;

	int ret = 0;

	if (b)

		btmp = b;

	else

		btmp = BN_new();

	if (!btmp)

		return 0;

	if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))

		goto error;

	if (ai && !BN_to_ASN1_INTEGER(btmp, ai))

		goto error;

	ret = 1;

	error:

	if (!b)

		BN_free(btmp);

	return ret;

	}

CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)

	{

	CA_DB *retdb = NULL;

BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);

int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);

int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);

int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);

CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);

int index_index(CA_DB *db);

int save_index(char *dbfile, char *suffix, CA_DB *db);

#define APP_PASS_LEN	1024

#define SERIAL_RAND_BITS	64

#endif

	{

	ENGINE *e = NULL;

	char *key=NULL,*passargin=NULL;

	int create_ser = 0;

	int free_key = 0;

	int total=0;

	int total_done=0;

			subj= *(++argv);

			/* preserve=1; */

			}

		else if (strcmp(*argv,"-create_serial") == 0)

			create_ser = 1;

		else if (strcmp(*argv,"-multivalue-rdn") == 0)

			multirdn=1;

		else if (strcmp(*argv,"-startdate") == 0)

			goto err;

			}

		if ((serial=load_serial(serialfile, 0, NULL)) == NULL)

		if ((serial=load_serial(serialfile, create_ser, NULL)) == NULL)

			{

			BIO_printf(bio_err,"error while loading serial number\n");

			goto err;