/* also CRL Entry Extensions */
-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(),
- char *data, STACK_OF(ASN1_OBJECT) *sk)
+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
+ void *data, STACK_OF(ASN1_OBJECT) *sk)
{
int i;
unsigned char *p, *b = NULL;
if (data)
{
if ((i=i2d(data,NULL)) <= 0) goto err;
- if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
+ if (!(b=p=OPENSSL_malloc((unsigned int)i)))
goto err;
if (i2d(data, &p) <= 0) goto err;
}
else if (sk)
{
- if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,i2d,V_ASN1_SEQUENCE,
- V_ASN1_UNIVERSAL,IS_SEQUENCE))<=0) goto err;
- if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
+ if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,
+ (I2D_OF(ASN1_OBJECT))i2d,
+ V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL,
+ IS_SEQUENCE))<=0) goto err;
+ if (!(b=p=OPENSSL_malloc((unsigned int)i)))
goto err;
- if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,i2d,V_ASN1_SEQUENCE,
- V_ASN1_UNIVERSAL,IS_SEQUENCE)<=0) goto err;
+ if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d,
+ V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL,
+ IS_SEQUENCE)<=0) goto err;
}
else
{
/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
* a random nonce will be generated.
+ * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the
+ * nonce, previous versions used the raw nonce.
*/
static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)
ASN1_OCTET_STRING os;
int ret = 0;
if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH;
- if (val) tmpval = val;
+ /* Create the OCTET STRING manually by writing out the header and
+ * appending the content octets. This avoids an extra memory allocation
+ * operation in some cases. Applications should *NOT* do this because
+ * it relies on library internals.
+ */
+ os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
+ os.data = OPENSSL_malloc(os.length);
+ if (os.data == NULL)
+ goto err;
+ tmpval = os.data;
+ ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
+ if (val)
+ memcpy(tmpval, val, len);
else
- {
- if (!(tmpval = OPENSSL_malloc(len))) goto err;
RAND_pseudo_bytes(tmpval, len);
- }
- os.data = tmpval;
- os.length = len;
if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
&os, 0, X509V3_ADD_REPLACE))
goto err;
ret = 1;
err:
- if(!val) OPENSSL_free(tmpval);
+ if (os.data)
+ OPENSSL_free(os.data);
return ret;
}
}
if (!(x = X509_EXTENSION_new())) goto err;
if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
- if (!(ASN1_STRING_encode(x->value,i2d_OCSP_CRLID,(char*)cid,NULL)))
+ if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid,
+ NULL)))
goto err;
OCSP_CRLID_free(cid);
return x;
if (!(x = X509_EXTENSION_new())) goto err;
if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
goto err;
- if (!(ASN1_STRING_encode(x->value,i2d_ASN1_OBJECT,NULL,sk)))
+ if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL,
+ sk)))
goto err;
sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
return x;
if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
if (!(x = X509_EXTENSION_new())) goto err;
if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
- if (!(ASN1_STRING_encode(x->value,i2d_ASN1_GENERALIZEDTIME,
- (char*)gt,NULL))) goto err;
+ if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value,
+ i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err;
ASN1_GENERALIZEDTIME_free(gt);
return x;
err:
if (!(x = X509_EXTENSION_new())) goto err;
if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator)))
goto err;
- if (!(ASN1_STRING_encode(x->value, i2d_OCSP_SERVICELOC,
- (char*)sloc, NULL))) goto err;
+ if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value,
+ i2d_OCSP_SERVICELOC,sloc,NULL))) goto err;
OCSP_SERVICELOC_free(sloc);
return x;
err: