BN_bn2hex() returns "0" instead of "00" for zero. This disrputs the

requirement that the serial number always be an even amount of characters.
PR: 248

apps/ca.c

@@ -1158,9 +1158,14 @@ bad:
 			}
 		if (verbose)
 			{
-			if ((f=BN_bn2hex(serial)) == NULL) goto err;
+			if (BN_is_zero(serial))
-			BIO_printf(bio_err,"next serial number is %s\n",f);
+				BIO_printf(bio_err,"next serial number is 00\n");
-			OPENSSL_free(f);
+			else
+				{
+				if ((f=BN_bn2hex(serial)) == NULL) goto err;
+				BIO_printf(bio_err,"next serial number is %s\n",f);
+				OPENSSL_free(f);
+				}
 			}
 
 		if ((attribs=NCONF_get_section(conf,policy)) == NULL)
@@ -2094,7 +2099,10 @@ again2:
 			}
 		}
 
-	row[DB_serial]=BN_bn2hex(serial);
+	if (BN_is_zero(serial))
+		row[DB_serial]=BUF_strdup("00");
+	else
+		row[DB_serial]=BN_bn2hex(serial);
 	if (row[DB_serial] == NULL)
 		{
 		BIO_printf(bio_err,"Memory allocation failure\n");
@@ -2588,7 +2596,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
 		row[i]=NULL;
 	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
 	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
-	row[DB_serial]=BN_bn2hex(bn);
+	if (BN_is_zero(bn))
+		row[DB_serial]=BUF_strdup("00");
+	else
+		row[DB_serial]=BN_bn2hex(bn);
 	BN_free(bn);
 	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
 		{

apps/ocsp.c

@@ -1120,7 +1120,10 @@ static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser)
 	char *itmp, *row[DB_NUMBER],**rrow;
 	for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
 	bn = ASN1_INTEGER_to_BN(ser,NULL);
-	itmp = BN_bn2hex(bn);
+	if (BN_is_zero(bn))
+		itmp = BUF_strdup("00");
+	else
+		itmp = BN_bn2hex(bn);
 	row[DB_serial] = itmp;
 	BN_free(bn);
 	rrow=TXT_DB_get_by_index(db,DB_serial,row);