Increase # of bits for random serial numbers of certificates with PyOpenSSL backend

[felixfontein]

SUMMARY

Fixes part of #76. Instead of using a random number betwen 1000 and 99999 (both inclusive), selects a 160 bit random number between 2^160 and 2^161 - 1 (both inclusive). No special random input source is used, so the quality is not very high. I think that's ok for serial numbers of certificates (and already a lot better than what we had before).

ISSUE TYPE

• Bugfix Pull Request
• Feature Pull Request

COMPONENT NAME

openssl_certificate

[felixfontein]

ready_for_review

[MarkusTeufelberger]

LGTM, though I wonder why one would set the lower limit at 2^160 instead of 0 for serial numbers? Seems to cut the whole possible range in half...

[felixfontein]

It makes sure that the bitlength is always 161 bits ;-) It's more to make it similar to the old code (which never went below 1000).

I don't mind removing that part. The chance that this is actually 0 is pretty low anyway.

[felixfontein]

(Also always setting bit 160 is less bad as always setting bit 0 IMO, which is another common choice to make sure the serial cannot be 0 ;) )

[felixfontein]

I've adjusted the algorithm to return a <= 160bit number between 1000 and 2^160-1.

[felixfontein]

@MarkusTeufelberger thanks for reviewing this!