From dc90f64d563f2c9709749d0731d6b26c6bce5325 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Thu, 19 Feb 2004 18:16:38 +0000
Subject: [PATCH 1/1] Use an OCTET STRING for the encoding of an OCSP nonce
 value.

The old raw format can't be handled by some implementations
and updates to RFC2560 will make this mandatory.
---
 CHANGES                |  7 +++++++
 crypto/ocsp/ocsp_ext.c | 24 +++++++++++++++++-------
 2 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index 5590487fd1..bea8e76838 100644
--- a/CHANGES
+++ b/CHANGES
@@ -617,6 +617,13 @@
 
  Changes between 0.9.7c and 0.9.7d  [xx XXX XXXX]
 
+  *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
+     A clarification of RFC2560 will require the use of OCTET STRINGs and 
+     some implementations cannot handle the current raw format. Since OpenSSL
+     copies and compares OCSP nonces as opaque blobs without any attempt at
+     parsing them this should not create any compatibility issues.
+     [Steve Henson]
+
   *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
      calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
      this HMAC (and other) operations are several times slower than OpenSSL
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
index d6c8899f58..57399433fc 100644
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -305,6 +305,8 @@ err:
 
 /* Add a nonce to an extension stack. A nonce can be specificed or if NULL
  * a random nonce will be generated.
+ * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the 
+ * nonce, previous versions used the raw nonce.
  */
 
 static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)
@@ -313,20 +315,28 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val,
 	ASN1_OCTET_STRING os;
 	int ret = 0;
 	if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH;
-	if (val) tmpval = val;
+	/* Create the OCTET STRING manually by writing out the header and
+	 * appending the content octets. This avoids an extra memory allocation
+	 * operation in some cases. Applications should *NOT* do this because
+         * it relies on library internals.
+	 */
+	os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
+	os.data = OPENSSL_malloc(os.length);
+	if (os.data == NULL)
+		goto err;
+	tmpval = os.data;
+	ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
+	if (val)
+		memcpy(tmpval, val, len);
 	else
-		{
-		if (!(tmpval = OPENSSL_malloc(len))) goto err;
 		RAND_pseudo_bytes(tmpval, len);
-		}
-	os.data = tmpval;
-	os.length = len;
 	if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
 			&os, 0, X509V3_ADD_REPLACE))
 				goto err;
 	ret = 1;
 	err:
-	if(!val) OPENSSL_free(tmpval);
+	if (os.data)
+		OPENSSL_free(os.data);
 	return ret;
 	}
 
-- 
2.34.1