BN_bn2hex() returns "0" instead of "00" for zero. This disrputs the

requirement that the serial number always be an even amount of characters.
PR: 248

apps/ca.c

@@ -1157,11 +1157,16 @@ bad:
 			goto err;
 			}
 		if (verbose)
+			{
+			if (BN_is_zero(serial))
+				BIO_printf(bio_err,"next serial number is 00\n");
+			else
 				{
 				if ((f=BN_bn2hex(serial)) == NULL) goto err;
 				BIO_printf(bio_err,"next serial number is %s\n",f);
 				OPENSSL_free(f);
 				}
+			}
 
 		if ((attribs=NCONF_get_section(conf,policy)) == NULL)
 			{
@@ -2089,6 +2094,9 @@ again2:
 			}
 		}
 
+	if (BN_is_zero(serial))
+		row[DB_serial]=BUF_strdup("00");
+	else
 		row[DB_serial]=BN_bn2hex(serial);
 	if (row[DB_serial] == NULL)
 		{
@@ -2573,6 +2581,9 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
 		row[i]=NULL;
 	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
 	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
+	if (BN_is_zero(bn))
+		row[DB_serial]=BUF_strdup("00");
+	else
 		row[DB_serial]=BN_bn2hex(bn);
 	BN_free(bn);
 	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))

apps/ocsp.c

@@ -1120,6 +1120,9 @@ static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser)
 	char *itmp, *row[DB_NUMBER],**rrow;
 	for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
 	bn = ASN1_INTEGER_to_BN(ser,NULL);
+	if (BN_is_zero(bn))
+		itmp = BUF_strdup("00");
+	else
 		itmp = BN_bn2hex(bn);
 	row[DB_serial] = itmp;
 	BN_free(bn);