自学教程：C++ ASN1_OCTET_STRING_free函数代码示例

void X509_PKEY_free(X509_PKEY *x){    int i;    if (x == NULL)        return;    i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY);#ifdef REF_PRINT    REF_PRINT("X509_PKEY", x);#endif    if (i > 0)        return;#ifdef REF_CHECK    if (i < 0) {        fprintf(stderr, "X509_PKEY_free, bad reference count/n");        abort();    }#endif    X509_ALGOR_free(x->enc_algor);    ASN1_OCTET_STRING_free(x->enc_pkey);    EVP_PKEY_free(x->dec_pkey);    if (x->key_free)        OPENSSL_free(x->key_data);    OPENSSL_free(x);}

/* Make sure we do the right thing. Add here if you convert ones in tree */intmain(int argc, char **argv){	ASN1_INTEGER_free(NULL);	ASN1_OBJECT_free(NULL);	ASN1_OCTET_STRING_free(NULL);	BIO_free_all(NULL);	DIST_POINT_free(NULL);	EVP_PKEY_free(NULL);	GENERAL_NAME_free(NULL);	GENERAL_SUBTREE_free(NULL);	NAME_CONSTRAINTS_free(NULL);	sk_GENERAL_NAME_pop_free(NULL, GENERAL_NAME_free);	sk_X509_NAME_ENTRY_pop_free(NULL, X509_NAME_ENTRY_free);	X509_NAME_ENTRY_free(NULL);	printf("PASS/n");	return (0);}

ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,        const ASN1_ITEM *it,        const char *pass, int passlen,        void *obj, int zbuf){    ASN1_OCTET_STRING *oct = NULL;    unsigned char *in = NULL;    int inlen;    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE);        goto err;    }    inlen = ASN1_item_i2d(obj, &in, it);    if (!in) {        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCODE_ERROR);        goto err;    }    if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,                          &oct->length, 1)) {        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);        OPENSSL_free(in);        goto err;    }    if (zbuf)        OPENSSL_cleanse(in, inlen);    OPENSSL_free(in);    return oct;err:    ASN1_OCTET_STRING_free(oct);    return NULL;}

static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length){	ASN1_OCTET_STRING *os, **pos;	pos = a;	if (pos == NULL || *pos == NULL) {		os = ASN1_OCTET_STRING_new();		if (os == NULL)			goto err;	} else		os = *pos;	if (ASN1_OCTET_STRING_set(os, *pp, length) == 0)		goto err;	*pp += length;	if (pos != NULL)		*pos = os;	return os;err:	if (pos == NULL || *pos != os)		ASN1_OCTET_STRING_free(os);	OCSPerror(ERR_R_MALLOC_FAILURE);	return NULL;}

int CMS_set_detached(CMS_ContentInfo *cms, int detached)	{	ASN1_OCTET_STRING **pos;	pos = CMS_get0_content(cms);	if (!pos)		return 0;	if (detached)		{		if (*pos)			{			ASN1_OCTET_STRING_free(*pos);			*pos = NULL;			}		return 1;		}	if (!*pos)		*pos = ASN1_OCTET_STRING_new();	if (*pos)		{		/* NB: special flag to show content is created and not		 * read in.		 */		(*pos)->flags |= ASN1_STRING_FLAG_CONT;		return 1;		}	CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);	return 0;	}

X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen,                         PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe){    X509_SIG *p8;    ASN1_OCTET_STRING *enckey;    enckey =        PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),                                pass, passlen, p8inf, 1);    if (!enckey) {        PKCS12err(PKCS12_F_PKCS8_SET0_PBE, PKCS12_R_ENCRYPT_ERROR);        return NULL;    }    p8 = OPENSSL_zalloc(sizeof(*p8));    if (p8 == NULL) {        PKCS12err(PKCS12_F_PKCS8_SET0_PBE, ERR_R_MALLOC_FAILURE);        ASN1_OCTET_STRING_free(enckey);        return NULL;    }    p8->algor = pbe;    p8->digest = enckey;    return p8;}

/* ---------- Public key functions * --------------------------------------*/static int pub_decode_gost94(EVP_PKEY *pk, X509_PUBKEY *pub)	{	X509_ALGOR *palg = NULL;	const unsigned char *pubkey_buf = NULL;	unsigned char *databuf;	ASN1_OBJECT *palgobj = NULL;	int pub_len,i,j;	DSA *dsa;	ASN1_OCTET_STRING *octet= NULL;	if (!X509_PUBKEY_get0_param(&palgobj,&pubkey_buf,&pub_len,			&palg, pub)) return 0;	EVP_PKEY_assign(pk,OBJ_obj2nid(palgobj),NULL);		if (!decode_gost_algor_params(pk,palg)) return 0;	octet = d2i_ASN1_OCTET_STRING(NULL,&pubkey_buf,pub_len);	if (!octet) 		{		GOSTerr(GOST_F_PUB_DECODE_GOST94,ERR_R_MALLOC_FAILURE);		return 0;		}		databuf = (unsigned char*)OPENSSL_malloc(octet->length);	for (i=0,j=octet->length-1;i<octet->length;i++,j--)		{		databuf[j]=octet->data[i];		}		dsa = (DSA*)EVP_PKEY_get0(pk);	dsa->pub_key=BN_bin2bn(databuf,octet->length,NULL);	ASN1_OCTET_STRING_free(octet);	OPENSSL_free(databuf);	return 1;	}

/** * @ingroup proxypolicy * * Sets the policy of the PROXYPOLICY * * @param proxypolicy the proxy policy to set the policy of * @param policy the policy to set it to * @param length the length of the policy * * @return 1 on success, 0 on error */int PROXYPOLICY_set_policy(    PROXYPOLICY *                       proxypolicy,    unsigned char *                     policy,    int                                 length){    if(policy != NULL)    {        unsigned char *                 copy = malloc(length);        memcpy(copy, policy, length);        if(!proxypolicy->policy)        {            proxypolicy->policy = ASN1_OCTET_STRING_new();        }                ASN1_OCTET_STRING_set(proxypolicy->policy, copy, length);    }    else    {        if(proxypolicy->policy)        {            ASN1_OCTET_STRING_free(proxypolicy->policy);        }    }    return 1;}

/* For this case, I will malloc the return strings */static intget_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2) {  ASN1_TYPE *so;#if 0  if (signed_seq2string_nid == -1)    signed_seq2string_nid=      OBJ_create("1.9.9999","OID_example","Our example OID");  /* To retrieve */  so=PKCS7_get_signed_attribute(si,signed_seq2string_nid);  if (so && (so->type == V_ASN1_SEQUENCE))    {      ASN1_CTX c;      ASN1_STRING *s;      long length;      ASN1_OCTET_STRING *os1,*os2;            s=so->value.sequence;      c.p=ASN1_STRING_data(s);      c.max=c.p+ASN1_STRING_length(s);      if (!asn1_GetSequence(&c,&length)) GOTO_ERR("") err;      /* Length is the length of the seqence */            c.q=c.p;      if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 	GOTO_ERR("");      c.slen-=(c.p-c.q);            c.q=c.p;      if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 	GOTO_ERR("");      c.slen-=(c.p-c.q);            if (!asn1_Finish(&c)) GOTO_ERR("") err;      *str1=Malloc(os1->length+1);      *str2=Malloc(os2->length+1);      memcpy(*str1,os1->data,os1->length);      memcpy(*str2,os2->data,os2->length);      (*str1)[os1->length]='/0';      (*str2)[os2->length]='/0';      ASN1_OCTET_STRING_free(os1);      ASN1_OCTET_STRING_free(os2);      return(1);    }#endif err:  return(0);}

static int pub_decode_gost01(EVP_PKEY *pk,X509_PUBKEY *pub)	{	X509_ALGOR *palg = NULL;	const unsigned char *pubkey_buf = NULL;	unsigned char *databuf;	ASN1_OBJECT *palgobj = NULL;	int pub_len,i,j;	EC_POINT *pub_key;	BIGNUM *X,*Y;	ASN1_OCTET_STRING *octet= NULL;	int len;	const EC_GROUP *group;	if (!X509_PUBKEY_get0_param(&palgobj,&pubkey_buf,&pub_len,			&palg, pub)) return 0;	EVP_PKEY_assign(pk,OBJ_obj2nid(palgobj),NULL);		if (!decode_gost_algor_params(pk,palg)) return 0;	group = EC_KEY_get0_group(EVP_PKEY_get0(pk));	octet = d2i_ASN1_OCTET_STRING(NULL,&pubkey_buf,pub_len);	if (!octet) 		{		GOSTerr(GOST_F_PUB_DECODE_GOST01,ERR_R_MALLOC_FAILURE);		return 0;		}		databuf = OPENSSL_malloc(octet->length);	for (i=0,j=octet->length-1;i<octet->length;i++,j--)		{		databuf[j]=octet->data[i];		}	len=octet->length/2;	ASN1_OCTET_STRING_free(octet);			Y= getbnfrombuf(databuf,len);	X= getbnfrombuf(databuf+len,len);	OPENSSL_free(databuf);	pub_key = EC_POINT_new(group);	if (!EC_POINT_set_affine_coordinates_GFp(group			,pub_key,X,Y,NULL))		{		GOSTerr(GOST_F_PUB_DECODE_GOST01,			ERR_R_EC_LIB);		EC_POINT_free(pub_key);		BN_free(X);		BN_free(Y);		return 0;		}		BN_free(X);	BN_free(Y);	if (!EC_KEY_set_public_key(EVP_PKEY_get0(pk),pub_key))		{		GOSTerr(GOST_F_PUB_DECODE_GOST01,			ERR_R_EC_LIB);		EC_POINT_free(pub_key);		return 0;		}		EC_POINT_free(pub_key);	return 1;	}

static size_tget_extension_by_object (X509 *x509, ASN1_OBJECT *obj, char **output){	int pos = X509_get_ext_by_OBJ (x509, obj, -1);	if (pos < 0) {		return 0;	}	X509_EXTENSION *ext = X509_get_ext (x509, pos);	int tag;	long len;	int tc;	const unsigned char *p = ext->value->data;	ASN1_get_object (&p, &len, &tag, &tc, ext->value->length);	size_t size;	switch (tag) {		case V_ASN1_UTF8STRING:			{				ASN1_UTF8STRING *str =					ASN1_item_unpack (ext->value,							  ASN1_ITEM_rptr							  (ASN1_UTF8STRING));				*output = strndup ((const char *)						   ASN1_STRING_data (str),						   str->length);				size = str->length;				ASN1_UTF8STRING_free (str);				return size;			}		case V_ASN1_OCTET_STRING:			{				ASN1_OCTET_STRING *octstr =					ASN1_item_unpack (ext->value,							  ASN1_ITEM_rptr							  (ASN1_OCTET_STRING));				*output = malloc (octstr->length);				memcpy (*output, octstr->data, octstr->length);				size = octstr->length;				ASN1_OCTET_STRING_free (octstr);				return size;			}		default:			{				BIO *bio = BIO_new (BIO_s_mem ());				X509V3_EXT_print (bio, ext, 0, 0);				size_t size = BIO_ctrl_pending (bio);				char *buf = malloc (sizeof (char) * size);				BIO_read (bio, buf, size);				*output = buf;				BIO_free (bio);				return size;			}	}}

static void hmac_key_free(EVP_PKEY *pkey){    ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;    if (os) {        if (os->data)            OPENSSL_cleanse(os->data, os->length);        ASN1_OCTET_STRING_free(os);    }}

static void hmac_key_free(EVP_PKEY *pkey){    ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;    if (os) {        if (os->data)            vigortls_zeroize(os->data, os->length);        ASN1_OCTET_STRING_free(os);    }}

static void hmac_key_free(EVP_PKEY *pkey){    ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey);    if (os) {        if (os->data)            OPENSSL_cleanse(os->data, os->length);        ASN1_OCTET_STRING_free(os);    }}

static void siphash_key_free(EVP_PKEY *pkey){    ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey);    if (os != NULL) {        if (os->data != NULL)            OPENSSL_cleanse(os->data, os->length);        ASN1_OCTET_STRING_free(os);    }}

static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,                                  int ext_nid, int crit, void *ext_struc){    unsigned char *ext_der = NULL;    int ext_len;    ASN1_OCTET_STRING *ext_oct = NULL;    X509_EXTENSION *ext;    /* Convert internal representation to DER */    if (method->it) {        ext_der = NULL;        ext_len =            ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));        if (ext_len < 0)            goto merr;    } else {        unsigned char *p;        ext_len = method->i2d(ext_struc, NULL);        if ((ext_der = OPENSSL_malloc(ext_len)) == NULL)            goto merr;        p = ext_der;        method->i2d(ext_struc, &p);    }    if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL)        goto merr;    ext_oct->data = ext_der;    ext_der = NULL;    ext_oct->length = ext_len;    ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);    if (!ext)        goto merr;    ASN1_OCTET_STRING_free(ext_oct);    return ext; merr:    X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE);    OPENSSL_free(ext_der);    ASN1_OCTET_STRING_free(ext_oct);    return NULL;}

SubjectKeyIdentifierExtension::SubjectKeyIdentifierExtension(X509_EXTENSION *ext)		throw (CertificationException) : Extension(ext){	ASN1_OCTET_STRING *octetString;	if (OBJ_obj2nid(ext->object) != NID_subject_key_identifier)	{		throw CertificationException(CertificationException::INVALID_TYPE, "SubjectKeyIdentifierExtension::SubjectKeyIdentifierExtension");	}	octetString = (ASN1_OCTET_STRING *)X509V3_EXT_d2i(ext);	keyIdentifier = ByteArray(octetString->data, octetString->length);	ASN1_OCTET_STRING_free(octetString);}

void X509_PKEY_free(X509_PKEY *x){    if (x == NULL)        return;    X509_ALGOR_free(x->enc_algor);    ASN1_OCTET_STRING_free(x->enc_pkey);    EVP_PKEY_free(x->dec_pkey);    if (x->key_free)        OPENSSL_free(x->key_data);    OPENSSL_free(x);}

/* int max_len:  for returned value    */int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num,                                  unsigned char *data, int max_len){    int ret = -1, n;    ASN1_INTEGER *ai = NULL;    ASN1_OCTET_STRING *os = NULL;    const unsigned char *p;    long length;    ASN1_const_CTX c;    if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) {        goto err;    }    p = ASN1_STRING_data(a->value.sequence);    length = ASN1_STRING_length(a->value.sequence);    c.pp = &p;    c.p = p;    c.max = p + length;    c.error = ASN1_R_DATA_IS_WRONG;    M_ASN1_D2I_start_sequence();    c.q = c.p;    if ((ai = d2i_ASN1_INTEGER(NULL, &c.p, c.slen)) == NULL)        goto err;    c.slen -= (c.p - c.q);    c.q = c.p;    if ((os = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)        goto err;    c.slen -= (c.p - c.q);    if (!M_ASN1_D2I_end_sequence())        goto err;    if (num != NULL)        *num = ASN1_INTEGER_get(ai);    ret = ASN1_STRING_length(os);    if (max_len > ret)        n = ret;    else        n = max_len;    if (data != NULL)        memcpy(data, ASN1_STRING_data(os), n);    if (0) { err:        ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG);    }    ASN1_OCTET_STRING_free(os);    if (ai != NULL)        ASN1_INTEGER_free(ai);    return (ret);}

intgost2814789_set_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params){	int len = 0;	unsigned char *buf = NULL;	unsigned char *p = NULL;	EVP_GOST2814789_CTX *c = ctx->cipher_data;	ASN1_OCTET_STRING *os = NULL;	GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();	if (gcp == NULL) {		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS,		    ERR_R_MALLOC_FAILURE);		return 0;	}	if (ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len) == 0) {		GOST_CIPHER_PARAMS_free(gcp);		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_ASN1_LIB);		return 0;	}	ASN1_OBJECT_free(gcp->enc_param_set);	gcp->enc_param_set = OBJ_nid2obj(c->param_nid);	len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);	p = buf = malloc(len);	if (buf == NULL) {		GOST_CIPHER_PARAMS_free(gcp);		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS,		    ERR_R_MALLOC_FAILURE);		return 0;	}	i2d_GOST_CIPHER_PARAMS(gcp, &p);	GOST_CIPHER_PARAMS_free(gcp);	os = ASN1_OCTET_STRING_new();	if (os == NULL) {		free(buf);		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS,		    ERR_R_MALLOC_FAILURE);		return 0;	}	if (ASN1_OCTET_STRING_set(os, buf, len) == 0) {		ASN1_OCTET_STRING_free(os);		free(buf);		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_ASN1_LIB);		return 0;	}	free(buf);	ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);	return 1;}

static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,                                      X509V3_CTX *ctx, char *str){    ASN1_OCTET_STRING *oct;    X509_PUBKEY *pubkey;    const unsigned char *pk;    int pklen;    unsigned char pkey_dig[EVP_MAX_MD_SIZE];    unsigned int diglen;    if (strcmp(str, "hash"))        return s2i_ASN1_OCTET_STRING(method, ctx, str);    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {        X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);        return NULL;    }    if (ctx && (ctx->flags == CTX_TEST))        return oct;    if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) {        X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);        goto err;    }    if (ctx->subject_req)        pubkey = ctx->subject_req->req_info.pubkey;    else        pubkey = ctx->subject_cert->cert_info.key;    if (pubkey == NULL) {        X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);        goto err;    }    X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey);    if (!EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL))        goto err;    if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {        X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);        goto err;    }    return oct; err:    ASN1_OCTET_STRING_free(oct);    return NULL;}

static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,                   void *exarg){    X509 *ret = (X509 *)*pval;    switch (operation) {    case ASN1_OP_NEW_POST:        ret->valid = 0;        ret->name = NULL;        ret->ex_flags = 0;        ret->ex_pathlen = -1;        ret->skid = NULL;        ret->akid = NULL;#ifndef OPENSSL_NO_RFC3779        ret->rfc3779_addr = NULL;        ret->rfc3779_asid = NULL;#endif        ret->aux = NULL;        ret->crldp = NULL;        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);        break;    case ASN1_OP_D2I_POST:        if (ret->name != NULL)            OPENSSL_free(ret->name);        ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0);        break;    case ASN1_OP_FREE_POST:        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);        X509_CERT_AUX_free(ret->aux);        ASN1_OCTET_STRING_free(ret->skid);        AUTHORITY_KEYID_free(ret->akid);        CRL_DIST_POINTS_free(ret->crldp);        policy_cache_free(ret->policy_cache);        GENERAL_NAMES_free(ret->altname);        NAME_CONSTRAINTS_free(ret->nc);#ifndef OPENSSL_NO_RFC3779        sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);        ASIdentifiers_free(ret->rfc3779_asid);#endif        if (ret->name != NULL)            OPENSSL_free(ret->name);        break;    }    return 1;}

/* ########################################### */intadd_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2){	/* To add an object of OID 1.9.999, which is a sequence containing	 * 2 octet strings */	unsigned char *p;	ASN1_OCTET_STRING *os1, *os2;	ASN1_STRING *seq;	unsigned char *data;	int i, total;	if (signed_seq2string_nid == -1)		signed_seq2string_nid =		    OBJ_create("1.9.9999","OID_example","Our example OID");	os1 = ASN1_OCTET_STRING_new();	os2 = ASN1_OCTET_STRING_new();	ASN1_OCTET_STRING_set(os1, (unsigned char*)str1, strlen(str1));	ASN1_OCTET_STRING_set(os2, (unsigned char*)str1, strlen(str1));	i = i2d_ASN1_OCTET_STRING(os1, NULL);	i += i2d_ASN1_OCTET_STRING(os2, NULL);	total = ASN1_object_size(1, i, V_ASN1_SEQUENCE);	data = malloc(total);	p = data;	ASN1_put_object(&p, 1,i, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);	i2d_ASN1_OCTET_STRING(os1, &p);	i2d_ASN1_OCTET_STRING(os2, &p);	seq = ASN1_STRING_new();	ASN1_STRING_set(seq, data, total);	free(data);	ASN1_OCTET_STRING_free(os1);	ASN1_OCTET_STRING_free(os2);	PKCS7_add_signed_attribute(si, signed_seq2string_nid,	    V_ASN1_SEQUENCE, (char *)seq);	return (1);}

int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len){    ASN1_STRING *os;    if ((os = ASN1_OCTET_STRING_new()) == NULL)        return (0);    if (!ASN1_OCTET_STRING_set(os, data, len)) {        ASN1_OCTET_STRING_free(os);        return 0;    }    ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os);    return (1);}

long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)	{	int nid;	long ret;	nid=OBJ_obj2nid(p7->type);	switch (cmd)		{	/* NOTE(emilia): does not support detached digested data. */	case PKCS7_OP_SET_DETACHED_SIGNATURE:		if (nid == NID_pkcs7_signed)			{			ret=p7->detached=(int)larg;			if (ret && PKCS7_type_is_data(p7->d.sign->contents))					{					ASN1_OCTET_STRING *os;					os=p7->d.sign->contents->d.data;					ASN1_OCTET_STRING_free(os);					p7->d.sign->contents->d.data = NULL;					}			}		else			{			PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);			ret=0;			}		break;	case PKCS7_OP_GET_DETACHED_SIGNATURE:		if (nid == NID_pkcs7_signed)			{			if(!p7->d.sign  || !p7->d.sign->contents->d.ptr)				ret = 1;			else ret = 0;							p7->detached = ret;			}		else			{			PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);			ret=0;			}					break;	default:		PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION);		ret=0;		}	return(ret);	}

static intpub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub){	X509_ALGOR *palg = NULL;	const unsigned char *pubkey_buf = NULL;	const unsigned char *p;	ASN1_OBJECT *palgobj = NULL;	int pub_len;	BIGNUM *X, *Y;	ASN1_OCTET_STRING *octet = NULL;	int len;	int ret;	int ptype = V_ASN1_UNDEF;	ASN1_STRING *pval = NULL;	if (X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub)	    == 0)		return 0;	(void)EVP_PKEY_assign_GOST(pk, NULL);	X509_ALGOR_get0(NULL, &ptype, (void **)&pval, palg);	if (ptype != V_ASN1_SEQUENCE) {		GOSTerr(GOST_F_PUB_DECODE_GOST01,		    GOST_R_BAD_KEY_PARAMETERS_FORMAT);		return 0;	}	p = pval->data;	if (decode_gost01_algor_params(pk, &p, pval->length) == 0)		return 0;	octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len);	if (octet == NULL) {		GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_MALLOC_FAILURE);		return 0;	}	len = octet->length / 2;	X = GOST_le2bn(octet->data, len, NULL);	Y = GOST_le2bn(octet->data + len, len, NULL);	ASN1_OCTET_STRING_free(octet);	ret = GOST_KEY_set_public_key_affine_coordinates(pk->pkey.gost, X, Y);	if (ret == 0)		GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_EC_LIB);	BN_free(X);	BN_free(Y);	return ret;}

static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,                   void *exarg){    X509 *ret = (X509 *)*pval;    switch (operation) {    case ASN1_OP_NEW_POST:        ret->name = NULL;        ret->ex_flags = 0;        ret->ex_pathlen = -1;        ret->skid = NULL;        ret->akid = NULL;        ret->aux = NULL;        ret->crldp = NULL;        ret->buf = NULL;        CRYPTO_new_ex_data(&ret->ex_data);        CRYPTO_MUTEX_init(&ret->lock);        break;    case ASN1_OP_D2I_PRE:        CRYPTO_BUFFER_free(ret->buf);        ret->buf = NULL;        break;    case ASN1_OP_D2I_POST:        if (ret->name != NULL)            OPENSSL_free(ret->name);        ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0);        break;    case ASN1_OP_FREE_POST:        CRYPTO_MUTEX_cleanup(&ret->lock);        CRYPTO_free_ex_data(&g_ex_data_class, ret, &ret->ex_data);        X509_CERT_AUX_free(ret->aux);        ASN1_OCTET_STRING_free(ret->skid);        AUTHORITY_KEYID_free(ret->akid);        CRL_DIST_POINTS_free(ret->crldp);        policy_cache_free(ret->policy_cache);        GENERAL_NAMES_free(ret->altname);        NAME_CONSTRAINTS_free(ret->nc);        CRYPTO_BUFFER_free(ret->buf);        OPENSSL_free(ret->name);        break;    }    return 1;}

static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,                                      X509V3_CTX *ctx, char *str){    ASN1_OCTET_STRING *oct;    ASN1_BIT_STRING *pk;    unsigned char pkey_dig[EVP_MAX_MD_SIZE];    unsigned int diglen;    if (strcmp(str, "hash"))        return s2i_ASN1_OCTET_STRING(method, ctx, str);    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {        X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);        return NULL;    }    if (ctx && (ctx->flags == CTX_TEST))        return oct;    if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) {        X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);        goto err;    }    if (ctx->subject_req)        pk = ctx->subject_req->req_info->pubkey->public_key;    else        pk = ctx->subject_cert->cert_info->key->public_key;    if (!pk) {        X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);        goto err;    }    if (!EVP_Digest        (pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL))        goto err;    if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {        X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);        goto err;    }    return oct; err:    ASN1_OCTET_STRING_free(oct);    return NULL;}

static int old_hmac_decode(EVP_PKEY *pkey,                           const unsigned char **pder, int derlen){    ASN1_OCTET_STRING *os;    os = ASN1_OCTET_STRING_new();    if (os == NULL || !ASN1_OCTET_STRING_set(os, *pder, derlen))        goto err;    if (!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os))        goto err;    return 1; err:    ASN1_OCTET_STRING_free(os);    return 0;}

int X509_keyid_set1(X509 *x, unsigned char *id, int len){	X509_CERT_AUX *aux;	if (!id)		{		if (!x || !x->aux || !x->aux->keyid)			return 1;		ASN1_OCTET_STRING_free(x->aux->keyid);		x->aux->keyid = NULL;		return 1;		}	if(!(aux = aux_get(x))) return 0;	if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;	return ASN1_STRING_set(aux->keyid, id, len);}