Fixes memory allocation.
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index f03ca07..bf838ea 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -113,18 +113,10 @@
if ca:
constraints.pathlen = _encode_asn1_int(backend, pathlen)
- # Allocate a buffer for encoded payload.
- cdata = backend._ffi.new(
- 'unsigned char[]',
- 2048, # TODO: shrink to fit!
- )
- assert cdata != backend._ffi.NULL
-
# Fetch the encoded payload.
- p = backend._ffi.new('unsigned char*[1]')
- assert p != backend._ffi.NULL
- p[0] = cdata
- r = backend._lib.i2d_BASIC_CONSTRAINTS(constraints, p)
+ pp = backend._ffi.new('unsigned char**')
+ assert pp != backend._ffi.NULL
+ r = backend._lib.i2d_BASIC_CONSTRAINTS(constraints, pp)
assert r > 0
# Wrap that in an X509 extension object.
@@ -132,7 +124,7 @@
backend._ffi.NULL,
obj,
1 if critical else 0,
- _encode_asn1_str(backend, cdata, r),
+ _encode_asn1_str(backend, pp[0], r),
)
assert extension != backend._ffi.NULL
return extension