自学教程：C++ ASN1_STRING_new函数代码示例

static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey){    ASN1_STRING *params = NULL;    ASN1_INTEGER *prkey = NULL;    unsigned char *dp = NULL;    int dplen;    if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) {        DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_MISSING_PARAMETERS);        goto err;    }    params = ASN1_STRING_new();    if (params == NULL) {        DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);        goto err;    }    params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);    if (params->length <= 0) {        DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);        goto err;    }    params->type = V_ASN1_SEQUENCE;    /* Get private key into integer */    prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);    if (!prkey) {        DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR);        goto err;    }    dplen = i2d_ASN1_INTEGER(prkey, &dp);    ASN1_STRING_clear_free(prkey);    prkey = NULL;    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,                         V_ASN1_SEQUENCE, params, dp, dplen))        goto err;    return 1; err:    OPENSSL_free(dp);    ASN1_STRING_free(params);    ASN1_STRING_clear_free(prkey);    return 0;}

static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey){    DSA *dsa;    int ptype;    unsigned char *penc = NULL;    int penclen;    ASN1_STRING *str = NULL;    ASN1_INTEGER *pubint = NULL;    dsa = pkey->pkey.dsa;    if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {        str = ASN1_STRING_new();        if (!str) {            DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);            goto err;        }        str->length = i2d_DSAparams(dsa, &str->data);        if (str->length <= 0) {            DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);            goto err;        }        ptype = V_ASN1_SEQUENCE;    } else        ptype = V_ASN1_UNDEF;    pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL);    if (pubint == NULL) {        DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);        goto err;    }    penclen = i2d_ASN1_INTEGER(pubint, &penc);    ASN1_INTEGER_free(pubint);    if (penclen <= 0) {        DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);        goto err;    }    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),                               ptype, str, penc, penclen))        return 1; err:    if (penc)        OPENSSL_free(penc);    ASN1_STRING_free(str);    return 0;}

ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type){    char* p;    ASN1_TIME *tmps = NULL;    const size_t len = 20;    if (type == V_ASN1_UNDEF) {        if (is_utc(ts->tm_year))            type = V_ASN1_UTCTIME;        else            type = V_ASN1_GENERALIZEDTIME;    } else if (type == V_ASN1_UTCTIME) {        if (!is_utc(ts->tm_year))            goto err;    } else if (type != V_ASN1_GENERALIZEDTIME) {        goto err;    }    if (s == NULL)        tmps = ASN1_STRING_new();    else        tmps = s;    if (tmps == NULL)        return NULL;    if (!ASN1_STRING_set(tmps, NULL, len))        goto err;    tmps->type = type;    p = (char*)tmps->data;    if (type == V_ASN1_GENERALIZEDTIME)        tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ",                                    ts->tm_year + 1900, ts->tm_mon + 1,                                    ts->tm_mday, ts->tm_hour, ts->tm_min,                                    ts->tm_sec);    else        tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ",                                    ts->tm_year % 100, ts->tm_mon + 1,                                    ts->tm_mday, ts->tm_hour, ts->tm_min,                                    ts->tm_sec);#ifdef CHARSET_EBCDIC_not    ebcdic2ascii(tmps->data, tmps->data, tmps->length);#endif    return tmps; err:    if (tmps != s)        ASN1_STRING_free(tmps);    return NULL;}

static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey){	ASN1_STRING *params = NULL;	ASN1_INTEGER *prkey = NULL;	unsigned char *dp = NULL;	int dplen;	params = ASN1_STRING_new();	if (!params)		{		DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);		goto err;		}	params->length = i2d_DHparams(pkey->pkey.dh, &params->data);	if (params->length <= 0)		{		DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);		goto err;		}	params->type = V_ASN1_SEQUENCE;	/* Get private key into integer */	prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);	if (!prkey)		{		DHerr(DH_F_DH_PRIV_ENCODE,DH_R_BN_ERROR);		goto err;		}	dplen = i2d_ASN1_INTEGER(prkey, &dp);	ASN1_INTEGER_free(prkey);	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,				V_ASN1_SEQUENCE, params, dp, dplen))		goto err;	return 1;err:	if (dp != NULL)		free(dp);	if (params != NULL)		ASN1_STRING_free(params);	if (prkey != NULL)		ASN1_INTEGER_free(prkey);	return 0;}

static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) {  ASN1_STRING *params = NULL;  ASN1_INTEGER *prkey = NULL;  uint8_t *dp = NULL;  int dplen;  if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) {    OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS);    goto err;  }  params = ASN1_STRING_new();  if (!params) {    OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);    goto err;  }  params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);  if (params->length <= 0) {    OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);    goto err;  }  params->type = V_ASN1_SEQUENCE;  /* Get private key into integer. */  prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);  if (!prkey) {    OPENSSL_PUT_ERROR(EVP, ERR_LIB_BN);    goto err;  }  dplen = i2d_ASN1_INTEGER(prkey, &dp);  ASN1_INTEGER_free(prkey);  prkey = NULL;  if (!PKCS8_pkey_set0(p8, (ASN1_OBJECT *)OBJ_nid2obj(NID_dsa), 0,                       V_ASN1_SEQUENCE, params, dp, dplen)) {    goto err;  }  return 1;err:  OPENSSL_free(dp);  ASN1_STRING_free(params);  ASN1_INTEGER_free(prkey);  return 0;}

static intdsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey){	DSA *dsa;	void *pval = NULL;	int ptype;	unsigned char *penc = NULL;	int penclen;	dsa = pkey->pkey.dsa;	if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {		ASN1_STRING *str;		str = ASN1_STRING_new();		if (str == NULL) {			DSAerror(ERR_R_MALLOC_FAILURE);			goto err;		}		str->length = i2d_DSAparams(dsa, &str->data);		if (str->length <= 0) {			DSAerror(ERR_R_MALLOC_FAILURE);			ASN1_STRING_free(str);			goto err;		}		pval = str;		ptype = V_ASN1_SEQUENCE;	} else		ptype = V_ASN1_UNDEF;	dsa->write_params = 0;	penclen = i2d_DSAPublicKey(dsa, &penc);	if (penclen <= 0) {		DSAerror(ERR_R_MALLOC_FAILURE);		goto err;	}	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, pval,	    penc, penclen))		return 1;err:	free(penc);	ASN1_STRING_free(pval);	return 0;}

static ASN1_STRING  *encode_gost_algor_params(const EVP_PKEY *key)	{	ASN1_STRING *params = ASN1_STRING_new();	GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();	int pkey_param_nid = NID_undef;	if (!params || !gkp) 		{		GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,			ERR_R_MALLOC_FAILURE);		ASN1_STRING_free(params);		params = NULL;		goto err;		}		switch (EVP_PKEY_base_id(key)) 		{		case NID_id_GostR3410_2001:			pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)key)));			break;		case NID_id_GostR3410_94:			pkey_param_nid = (int) gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)key));			if (pkey_param_nid == NID_undef) 				{				GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,					GOST_R_INVALID_GOST94_PARMSET);				ASN1_STRING_free(params);				params=NULL;				goto err;				}				break;		}		gkp->key_params = OBJ_nid2obj(pkey_param_nid);	gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet);	/*gkp->cipher_params = OBJ_nid2obj(cipher_param_nid);*/	params->length = i2d_GOST_KEY_PARAMS(gkp, &params->data);	if (params->length <=0 ) 		{		GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,			ERR_R_MALLOC_FAILURE);		ASN1_STRING_free(params);		params = NULL;		goto err;		}	params ->type = V_ASN1_SEQUENCE;	err:	GOST_KEY_PARAMS_free(gkp);	return params;	}

static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey){    DH *dh;    int ptype;    unsigned char *penc = NULL;    int penclen;    ASN1_STRING *str;    ASN1_INTEGER *pub_key = NULL;    dh = pkey->pkey.dh;    str = ASN1_STRING_new();    if (!str) {        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);        goto err;    }    str->length = i2d_dhp(pkey, dh, &str->data);    if (str->length <= 0) {        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);        goto err;    }    ptype = V_ASN1_SEQUENCE;    pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);    if (!pub_key)        goto err;    penclen = i2d_ASN1_INTEGER(pub_key, &penc);    ASN1_INTEGER_free(pub_key);    if (penclen <= 0) {        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);        goto err;    }    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),                               ptype, str, penc, penclen))        return 1; err:    if (penc)        OPENSSL_free(penc);    if (str)        ASN1_STRING_free(str);    return 0;}

static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) {  DSA *dsa;  ASN1_STRING *pval = NULL;  uint8_t *penc = NULL;  int penclen;  dsa = pkey->pkey.dsa;  dsa->write_params = 0;  int ptype;  if (dsa->p && dsa->q && dsa->g) {    pval = ASN1_STRING_new();    if (!pval) {      OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);      goto err;    }    pval->length = i2d_DSAparams(dsa, &pval->data);    if (pval->length <= 0) {      OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);      goto err;    }    ptype = V_ASN1_SEQUENCE;  } else {    ptype = V_ASN1_UNDEF;  }  penclen = i2d_DSAPublicKey(dsa, &penc);  if (penclen <= 0) {    OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);    goto err;  }  if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, pval,                             penc, penclen)) {    return 1;  }err:  OPENSSL_free(penc);  ASN1_STRING_free(pval);  return 0;}

/* ########################################### */intadd_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2){	/* To add an object of OID 1.9.999, which is a sequence containing	 * 2 octet strings */	unsigned char *p;	ASN1_OCTET_STRING *os1, *os2;	ASN1_STRING *seq;	unsigned char *data;	int i, total;	if (signed_seq2string_nid == -1)		signed_seq2string_nid =		    OBJ_create("1.9.9999","OID_example","Our example OID");	os1 = ASN1_OCTET_STRING_new();	os2 = ASN1_OCTET_STRING_new();	ASN1_OCTET_STRING_set(os1, (unsigned char*)str1, strlen(str1));	ASN1_OCTET_STRING_set(os2, (unsigned char*)str1, strlen(str1));	i = i2d_ASN1_OCTET_STRING(os1, NULL);	i += i2d_ASN1_OCTET_STRING(os2, NULL);	total = ASN1_object_size(1, i, V_ASN1_SEQUENCE);	data = malloc(total);	p = data;	ASN1_put_object(&p, 1,i, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);	i2d_ASN1_OCTET_STRING(os1, &p);	i2d_ASN1_OCTET_STRING(os2, &p);	seq = ASN1_STRING_new();	ASN1_STRING_set(seq, data, total);	free(data);	ASN1_OCTET_STRING_free(os1);	ASN1_OCTET_STRING_free(os2);	PKCS7_add_signed_attribute(si, signed_seq2string_nid,	    V_ASN1_SEQUENCE, (char *)seq);	return (1);}

intASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,    int len){	int n, size;	ASN1_OCTET_STRING os, *osp;	ASN1_INTEGER in;	unsigned char *p;	unsigned char buf[32]; /* when they have 256bit longs,				* I'll be in trouble */	in.data = buf;	in.length = 32;	os.data = data;	os.type = V_ASN1_OCTET_STRING;	os.length = len;	ASN1_INTEGER_set(&in, num);	n = i2d_ASN1_INTEGER(&in, NULL);	n += M_i2d_ASN1_OCTET_STRING(&os, NULL);	size = ASN1_object_size(1, n, V_ASN1_SEQUENCE);	if ((osp = ASN1_STRING_new()) == NULL)		return (0);	/* Grow the 'string' */	if (!ASN1_STRING_set(osp, NULL, size)) {		ASN1_STRING_free(osp);		return (0);	}	M_ASN1_STRING_length_set(osp, size);	p = M_ASN1_STRING_data(osp);	ASN1_put_object(&p, 1,n, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);	i2d_ASN1_INTEGER(&in, &p);	M_i2d_ASN1_OCTET_STRING(&os, &p);	ASN1_TYPE_set(a, V_ASN1_SEQUENCE, osp);	return (1);}

		inline string string::create()		{			return take_ownership(ASN1_STRING_new());		}

static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey){  ASN1_STRING *params = NULL;  ASN1_INTEGER *prkey = NULL;  ASN1_TYPE *ttmp = NULL;  STACK_OF(ASN1_TYPE) *ndsa = NULL;  unsigned char *p = NULL, *q;  int len;  p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);  len = i2d_DSAparams (pkey->pkey.dsa, NULL);  if (!(p = OPENSSL_malloc(len))) {    EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);    goto err;  }  q = p;  i2d_DSAparams (pkey->pkey.dsa, &q);  if (!(params = ASN1_STRING_new())) {    EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);    goto err;  }  if (!ASN1_STRING_set(params, p, len)) {    EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);    goto err;  }  OPENSSL_free(p);  p = NULL;  /* Get private key into integer */  if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {    EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);    goto err;  }  switch(p8->broken) {    case PKCS8_OK:    case PKCS8_NO_OCTET:    if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER,           &p8->pkey->value.octet_string)) {      EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);      goto err;    }    M_ASN1_INTEGER_free (prkey);    prkey = NULL;    p8->pkeyalg->parameter->value.sequence = params;    params = NULL;    p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;    break;    case PKCS8_NS_DB:    p8->pkeyalg->parameter->value.sequence = params;    params = NULL;    p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;    if (!(ndsa = sk_ASN1_TYPE_new_null())) {      EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);      goto err;    }    if (!(ttmp = ASN1_TYPE_new())) {      EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);      goto err;    }    if (!(ttmp->value.integer =      BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {      EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);      goto err;    }    ttmp->type = V_ASN1_INTEGER;    if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {      EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);      goto err;    }    if (!(ttmp = ASN1_TYPE_new())) {      EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);      goto err;    }    ttmp->value.integer = prkey;    prkey = NULL;    ttmp->type = V_ASN1_INTEGER;    if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {      EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);      goto err;    }    ttmp = NULL;    if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {      EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);      goto err;    }    if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,           &p8->pkey->value.octet_string->data,           &p8->pkey->value.octet_string->length)) {      EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);      goto err;//.........这里部分代码省略.........

static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey){  EC_KEY    *ec_key;  const EC_GROUP  *group;  unsigned char  *p, *pp;  int     nid, i, ret = 0;  unsigned int    tmp_flags, old_flags;  ec_key = pkey->pkey.ec;  if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL)   {    EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);    return 0;  }  /* set the ec parameters OID */  if (p8->pkeyalg->algorithm)    ASN1_OBJECT_free(p8->pkeyalg->algorithm);  p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);  /* set the ec parameters */  if (p8->pkeyalg->parameter)  {    ASN1_TYPE_free(p8->pkeyalg->parameter);    p8->pkeyalg->parameter = NULL;  }  if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)  {    EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);    return 0;  }    if (EC_GROUP_get_asn1_flag(group)                     && (nid = EC_GROUP_get_curve_name(group)))  {    /* we have a 'named curve' => just set the OID */    p8->pkeyalg->parameter->type = V_ASN1_OBJECT;    p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);  }  else  /* explicit parameters */  {    if ((i = i2d_ECParameters(ec_key, NULL)) == 0)    {      EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);      return 0;    }    if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)    {      EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);      return 0;    }      pp = p;    if (!i2d_ECParameters(ec_key, &pp))    {      EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);      OPENSSL_free(p);      return 0;    }    p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;    if ((p8->pkeyalg->parameter->value.sequence       = ASN1_STRING_new()) == NULL)    {      EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);      OPENSSL_free(p);      return 0;    }    ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);    OPENSSL_free(p);  }  /* set the private key */  /* do not include the parameters in the SEC1 private key   * see PKCS#11 12.11 */  old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);  tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;  EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);  i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);  if (!i)  {    EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);    EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);    return 0;  }  p = (unsigned char *) OPENSSL_malloc(i);  if (!p)  {    EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);    EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);    return 0;  }  pp = p;  if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))  {    EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);    EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);    OPENSSL_free(p);//.........这里部分代码省略.........

static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)	{	ASN1_TYPE *atmp = NULL;	CONF_VALUE vtmp;	unsigned char *rdata;	long rdlen;	int no_unused = 1;	if (!(atmp = ASN1_TYPE_new()))		{		ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);		return NULL;		}	if (!str)		str = "";	switch(utype)		{		case V_ASN1_NULL:		if (str && *str)			{			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);			goto bad_form;			}		break;				case V_ASN1_BOOLEAN:		if (format != ASN1_GEN_FORMAT_ASCII)			{			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);			goto bad_form;			}		vtmp.name = NULL;		vtmp.section = NULL;		vtmp.value = (char *)str;		if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))			{			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);			goto bad_str;			}		break;		case V_ASN1_INTEGER:		case V_ASN1_ENUMERATED:		if (format != ASN1_GEN_FORMAT_ASCII)			{			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);			goto bad_form;			}		if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str)))			{			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);			goto bad_str;			}		break;		case V_ASN1_OBJECT:		if (format != ASN1_GEN_FORMAT_ASCII)			{			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);			goto bad_form;			}		if (!(atmp->value.object = OBJ_txt2obj(str, 0)))			{			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);			goto bad_str;			}		break;		case V_ASN1_UTCTIME:		case V_ASN1_GENERALIZEDTIME:		if (format != ASN1_GEN_FORMAT_ASCII)			{			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);			goto bad_form;			}		if (!(atmp->value.asn1_string = ASN1_STRING_new()))			{			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);			goto bad_str;			}		if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1))			{			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);			goto bad_str;			}		atmp->value.asn1_string->type = utype;		if (!ASN1_TIME_check(atmp->value.asn1_string))			{			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);			goto bad_str;			}		break;//.........这里部分代码省略.........

int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)	{	X509_PUBKEY *pk=NULL;	X509_ALGOR *a;	ASN1_OBJECT *o;	unsigned char *s,*p = NULL;	int i;	if (x == NULL) return(0);	if ((pk=X509_PUBKEY_new()) == NULL) goto err;	a=pk->algor;	/* set the algorithm id */	if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;	ASN1_OBJECT_free(a->algorithm);	a->algorithm=o;	/* Set the parameter list */	if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))		{		if ((a->parameter == NULL) ||			(a->parameter->type != V_ASN1_NULL))			{			ASN1_TYPE_free(a->parameter);			if (!(a->parameter=ASN1_TYPE_new()))				{				X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);				goto err;				}			a->parameter->type=V_ASN1_NULL;			}		}	else#ifndef OPENSSL_NO_DSA		if (pkey->type == EVP_PKEY_DSA)		{		unsigned char *pp;		DSA *dsa;		dsa=pkey->pkey.dsa;		dsa->write_params=0;		ASN1_TYPE_free(a->parameter);		if ((i=i2d_DSAparams(dsa,NULL)) <= 0)			goto err;		if (!(p=(unsigned char *)OPENSSL_malloc(i)))			{			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);			goto err;			}		pp=p;		i2d_DSAparams(dsa,&pp);		if (!(a->parameter=ASN1_TYPE_new()))			{			OPENSSL_free(p);			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);			goto err;			}		a->parameter->type=V_ASN1_SEQUENCE;		if (!(a->parameter->value.sequence=ASN1_STRING_new()))			{			OPENSSL_free(p);			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);			goto err;			}		if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))			{			OPENSSL_free(p);			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);			goto err;			}		OPENSSL_free(p);		}	else#endif		{		X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);		goto err;		}	if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;	if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)		{		X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);		goto err;		}	p=s;	i2d_PublicKey(pkey,&p);	if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))		{		X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);		goto err;		}	/* Set number of unused bits to zero */	pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);	pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;	OPENSSL_free(s);#if 0//.........这里部分代码省略.........

          s8 *buffer　添加内容输出参数: 无返 回 值: 1,成功；-1，失败--------------------------------------------------------------------------------最近一次修改记录:修改作者:王朝修改目的:添加新函数修改日期:2009年12月28日*********************************************************************************/s32 cert_add_attribute_string(STACK_OF(X509_ATTRIBUTE) *attrs, s32 nid, s8 *buffer){	ASN1_STRING     *asn1_string = NULL;	X509_ATTRIBUTE  *x509_a;	asn1_string = ASN1_STRING_new();	if ((ASN1_STRING_set(asn1_string, buffer, (s32)strlen(buffer))) <= 0)    {		return -1;	}	x509_a = X509_ATTRIBUTE_create(nid, V_ASN1_PRINTABLESTRING,asn1_string);	sk_X509_ATTRIBUTE_push(attrs, x509_a);	return 1;}/*******************************************************************************函数名称: cert_add_attribute_octet功能描述: 向PKCS#7中signed类型的结构中signed attributes中添加字节型的attribute输入参数: STACK_OF(X509_ATTRIBUTE) *attrs,　PKCS#7中signed类型的结构中signed attributes          s32 nid,　要添加的属性的NID

/* * We need to replace a standard chunk of PKCS7 signature with one mandated * by Authenticode.  Problem is, replacing it just like that and then calling * PKCS7_final() would make OpenSSL segfault somewhere in PKCS7_dataFinal(). * So, instead, we call PKCS7_dataInit(), then put our Authenticode-specific * data into BIO it returned, then call PKCS7_dataFinal() - which now somehow * does not panic - and _then_ we replace it in the signature.  This technique * was used in sbsigntool by Jeremy Kerr, and might have originated in * osslsigncode. */static voidmagic(PKCS7 *pkcs7, const char *digest, size_t digest_len){	BIO *bio, *t_bio;	ASN1_TYPE *t;	ASN1_STRING *s;	CONF *cnf;	unsigned char *buf, *tmp;	char *digest_hex, *magic_conf, *str;	int len, nid, ok;	digest_hex = bin2hex(digest, digest_len);	/*	 * Construct the SpcIndirectDataContent chunk.	 */	nid = OBJ_create("1.3.6.1.4.1.311.2.1.4", NULL, NULL);	asprintf(&magic_conf, magic_fmt, digest_hex);	if (magic_conf == NULL)		err(1, "asprintf");	bio = BIO_new_mem_buf((void *)magic_conf, -1);	if (bio == NULL) {		ERR_print_errors_fp(stderr);		errx(1, "BIO_new_mem_buf(3) failed");	}	cnf = NCONF_new(NULL);	if (cnf == NULL) {		ERR_print_errors_fp(stderr);		errx(1, "NCONF_new(3) failed");	}	ok = NCONF_load_bio(cnf, bio, NULL);	if (ok == 0) {		ERR_print_errors_fp(stderr);		errx(1, "NCONF_load_bio(3) failed");	}	str = NCONF_get_string(cnf, "default", "asn1");	if (str == NULL) {		ERR_print_errors_fp(stderr);		errx(1, "NCONF_get_string(3) failed");	}	t = ASN1_generate_nconf(str, cnf);	if (t == NULL) {		ERR_print_errors_fp(stderr);		errx(1, "ASN1_generate_nconf(3) failed");	}	/*	 * We now have our proprietary piece of ASN.1.  Let's do	 * the actual signing.	 */	len = i2d_ASN1_TYPE(t, NULL);	tmp = buf = calloc(1, len);	if (tmp == NULL)		err(1, "calloc");	i2d_ASN1_TYPE(t, &tmp);	/*	 * We now have contents of 't' stuffed into memory buffer 'buf'.	 */	tmp = NULL;	t = NULL;	t_bio = PKCS7_dataInit(pkcs7, NULL);	if (t_bio == NULL) {		ERR_print_errors_fp(stderr);		errx(1, "PKCS7_dataInit(3) failed");	}	BIO_write(t_bio, buf + 2, len - 2);	ok = PKCS7_dataFinal(pkcs7, t_bio);	if (ok == 0) {		ERR_print_errors_fp(stderr);		errx(1, "PKCS7_dataFinal(3) failed");	}	t = ASN1_TYPE_new();	s = ASN1_STRING_new();	ASN1_STRING_set(s, buf, len);	ASN1_TYPE_set(t, V_ASN1_SEQUENCE, s);	PKCS7_set0_type_other(pkcs7->d.sign->contents, nid, t);}

//.........这里部分代码省略.........        if (penclen <= 0)            goto err;        ASN1_STRING_set0(pubkey, penc, penclen);        pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);        pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;        penc = NULL;        X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey),                        V_ASN1_UNDEF, NULL);    }    /* See if custom paraneters set */    kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx);    if (kdf_type <= 0)        goto err;    if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md))        goto err;    ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx);    if (ecdh_nid < 0)        goto err;    else if (ecdh_nid == 0)        ecdh_nid = NID_dh_std_kdf;    else if (ecdh_nid == 1)        ecdh_nid = NID_dh_cofactor_kdf;    if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {        kdf_type = EVP_PKEY_ECDH_KDF_X9_62;        if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)            goto err;    } else        /* Uknown KDF */        goto err;    if (kdf_md == NULL) {        /* Fixme later for better MD */        kdf_md = EVP_sha1();        if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0)            goto err;    }    if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm))        goto err;    /* Lookup NID for KDF+cofactor+digest */    if (!OBJ_find_sigid_by_algs(&kdf_nid, EVP_MD_type(kdf_md), ecdh_nid))        goto err;    /* Get wrap NID */    ctx = CMS_RecipientInfo_kari_get0_ctx(ri);    wrap_nid = EVP_CIPHER_CTX_type(ctx);    keylen = EVP_CIPHER_CTX_key_length(ctx);    /* Package wrap algorithm in an AlgorithmIdentifier */    wrap_alg = X509_ALGOR_new();    if (!wrap_alg)        goto err;    wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);    wrap_alg->parameter = ASN1_TYPE_new();    if (!wrap_alg->parameter)        goto err;    if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)        goto err;    if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) {        ASN1_TYPE_free(wrap_alg->parameter);        wrap_alg->parameter = NULL;    }    if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0)        goto err;    penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen);    if (!penclen)        goto err;    if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0)        goto err;    penc = NULL;    /*     * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter     * of another AlgorithmIdentifier.     */    penclen = i2d_X509_ALGOR(wrap_alg, &penc);    if (!penc || !penclen)        goto err;    wrap_str = ASN1_STRING_new();    if (!wrap_str)        goto err;    ASN1_STRING_set0(wrap_str, penc, penclen);    penc = NULL;    X509_ALGOR_set0(talg, OBJ_nid2obj(kdf_nid), V_ASN1_SEQUENCE, wrap_str);    rv = 1; err:    OPENSSL_free(penc);    X509_ALGOR_free(wrap_alg);    return rv;}

/* type is a 'bitmap' of acceptable string types. */ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,	     long length, int type)	{	ASN1_STRING *ret=NULL;	const unsigned char *p;	unsigned char *s;	long len;	int inf,tag,xclass;	int i=0;	p= *pp;	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);	if (inf & 0x80) goto err;	if (tag >= 32)		{		i=ASN1_R_TAG_VALUE_TOO_HIGH;		goto err;		}	if (!(ASN1_tag2bit(tag) & type))		{		i=ASN1_R_WRONG_TYPE;		goto err;		}	/* If a bit-string, exit early */	if (tag == V_ASN1_BIT_STRING)		return(d2i_ASN1_BIT_STRING(a,pp,length));	if ((a == NULL) || ((*a) == NULL))		{		if ((ret=ASN1_STRING_new()) == NULL) return(NULL);		}	else		ret=(*a);	if (len != 0)		{		s=(unsigned char *)OPENSSL_malloc((int)len+1);		if (s == NULL)			{			i=ERR_R_MALLOC_FAILURE;			goto err;			}		memcpy(s,p,(int)len);		s[len]='/0';		p+=len;		}	else		s=NULL;	if (ret->data != NULL) OPENSSL_free(ret->data);	ret->length=(int)len;	ret->data=s;	ret->type=tag;	if (a != NULL) (*a)=ret;	*pp=p;	return(ret);err:	OPENSSL_PUT_ERROR(ASN1, d2i_ASN1_type_bytes, i);	if ((ret != NULL) && ((a == NULL) || (*a != ret)))		ASN1_STRING_free(ret);	return(NULL);	}

//.........这里部分代码省略.........        ASN1_INTEGER_free(pubk);        if (penclen <= 0)            goto err;        ASN1_STRING_set0(pubkey, penc, penclen);        pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);        pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;        penc = NULL;        X509_ALGOR_set0(talg, OBJ_nid2obj(NID_dhpublicnumber),                        V_ASN1_UNDEF, NULL);    }    /* See if custom paraneters set */    kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx);    if (kdf_type <= 0)        goto err;    if (!EVP_PKEY_CTX_get_dh_kdf_md(pctx, &kdf_md))        goto err;    if (kdf_type == EVP_PKEY_DH_KDF_NONE) {        kdf_type = EVP_PKEY_DH_KDF_X9_42;        if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, kdf_type) <= 0)            goto err;    } else if (kdf_type != EVP_PKEY_DH_KDF_X9_42)        /* Unknown KDF */        goto err;    if (kdf_md == NULL) {        /* Only SHA1 supported */        kdf_md = EVP_sha1();        if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, kdf_md) <= 0)            goto err;    } else if (EVP_MD_type(kdf_md) != NID_sha1)        /* Unsupported digest */        goto err;    if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm))        goto err;    /* Get wrap NID */    ctx = CMS_RecipientInfo_kari_get0_ctx(ri);    wrap_nid = EVP_CIPHER_CTX_type(ctx);    if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, OBJ_nid2obj(wrap_nid)) <= 0)        goto err;    keylen = EVP_CIPHER_CTX_key_length(ctx);    /* Package wrap algorithm in an AlgorithmIdentifier */    wrap_alg = X509_ALGOR_new();    if (!wrap_alg)        goto err;    wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);    wrap_alg->parameter = ASN1_TYPE_new();    if (!wrap_alg->parameter)        goto err;    if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)        goto err;    if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) {        ASN1_TYPE_free(wrap_alg->parameter);        wrap_alg->parameter = NULL;    }    if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)        goto err;    if (ukm) {        dukmlen = ASN1_STRING_length(ukm);        dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen);        if (!dukm)            goto err;    }    if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0)        goto err;    dukm = NULL;    /*     * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter     * of another AlgorithmIdentifier.     */    penc = NULL;    penclen = i2d_X509_ALGOR(wrap_alg, &penc);    if (!penc || !penclen)        goto err;    wrap_str = ASN1_STRING_new();    if (!wrap_str)        goto err;    ASN1_STRING_set0(wrap_str, penc, penclen);    penc = NULL;    X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH),                    V_ASN1_SEQUENCE, wrap_str);    rv = 1; err:    if (penc)        OPENSSL_free(penc);    if (wrap_alg)        X509_ALGOR_free(wrap_alg);    return rv;}

int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)	{	X509_PUBKEY *pk=NULL;	X509_ALGOR *a;	ASN1_OBJECT *o;	unsigned char *s,*p = NULL;	int i;	if (x == NULL) return(0);	if ((pk=X509_PUBKEY_new()) == NULL) goto err;	a=pk->algor;	/* set the algorithm id */	if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;	ASN1_OBJECT_free(a->algorithm);	a->algorithm=o;	/* Set the parameter list */	if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))		{		if ((a->parameter == NULL) ||			(a->parameter->type != V_ASN1_NULL))			{			ASN1_TYPE_free(a->parameter);			if (!(a->parameter=ASN1_TYPE_new()))				{				X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);				goto err;				}			a->parameter->type=V_ASN1_NULL;			}		}#ifndef OPENSSL_NO_DSA	else if (pkey->type == EVP_PKEY_DSA)		{		unsigned char *pp;		DSA *dsa;				dsa=pkey->pkey.dsa;		dsa->write_params=0;		ASN1_TYPE_free(a->parameter);		if ((i=i2d_DSAparams(dsa,NULL)) <= 0)			goto err;		if (!(p=(unsigned char *)OPENSSL_malloc(i)))			{			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);			goto err;			}		pp=p;		i2d_DSAparams(dsa,&pp);		if (!(a->parameter=ASN1_TYPE_new()))			{			OPENSSL_free(p);			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);			goto err;			}		a->parameter->type=V_ASN1_SEQUENCE;		if (!(a->parameter->value.sequence=ASN1_STRING_new()))			{			OPENSSL_free(p);			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);			goto err;			}		if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))			{			OPENSSL_free(p);			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);			goto err;			}		OPENSSL_free(p);		}#endif#ifndef OPENSSL_NO_EC	else if (pkey->type == EVP_PKEY_EC)		{		int nid=0;		unsigned char *pp;		EC_KEY *ec_key;		const EC_GROUP *group;				ec_key = pkey->pkey.ec;		ASN1_TYPE_free(a->parameter);		if ((a->parameter = ASN1_TYPE_new()) == NULL)			{			X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);			goto err;			}		group = EC_KEY_get0_group(ec_key);		if (EC_GROUP_get_asn1_flag(group)                     && (nid = EC_GROUP_get_curve_name(group)))			{			/* just set the OID */			a->parameter->type = V_ASN1_OBJECT;			a->parameter->value.object = OBJ_nid2obj(nid);			}		else /* explicit parameters */			{//.........这里部分代码省略.........

ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,	     long length, int Ptag, int Pclass)	{	ASN1_STRING *ret=NULL;	const unsigned char *p;	unsigned char *s;	long len;	int inf,tag,xclass;	int i=0;	if ((a == NULL) || ((*a) == NULL))		{		if ((ret=ASN1_STRING_new()) == NULL) return(NULL);		}	else		ret=(*a);	p= *pp;	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);	if (inf & 0x80)		{		i=ASN1_R_BAD_OBJECT_HEADER;		goto err;		}	if (tag != Ptag)		{		i=ASN1_R_WRONG_TAG;		goto err;		}	if (inf & V_ASN1_CONSTRUCTED)		{		ASN1_const_CTX c;		c.pp=pp;		c.p=p;		c.inf=inf;		c.slen=len;		c.tag=Ptag;		c.xclass=Pclass;		c.max=(length == 0)?0:(p+length);		if (!asn1_collate_primitive(ret,&c)) 			goto err; 		else			{			p=c.p;			}		}	else		{		if (len != 0)			{			if ((ret->length < len) || (ret->data == NULL))				{				if (ret->data != NULL) OPENSSL_free(ret->data);				s=(unsigned char *)OPENSSL_malloc((int)len + 1);				if (s == NULL)					{					i=ERR_R_MALLOC_FAILURE;					goto err;					}				}			else				s=ret->data;			memcpy(s,p,(int)len);			s[len] = '/0';			p+=len;			}		else			{			s=NULL;			if (ret->data != NULL) OPENSSL_free(ret->data);			}		ret->length=(int)len;		ret->data=s;		ret->type=Ptag;		}	if (a != NULL) (*a)=ret;	*pp=p;	return(ret);err:	if ((ret != NULL) && ((a == NULL) || (*a != ret)))		ASN1_STRING_free(ret);	OPENSSL_PUT_ERROR(ASN1, d2i_ASN1_bytes, i);	return(NULL);	}