自学教程：C++ ASN1_OBJECT_free函数代码示例

static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms){	if (cms->d.other == NULL) {		cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);		if (!cms->d.envelopedData) {			CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT,			    ERR_R_MALLOC_FAILURE);			return NULL;		}		cms->d.envelopedData->version = 0;		cms->d.envelopedData->encryptedContentInfo->contentType =		    OBJ_nid2obj(NID_pkcs7_data);		ASN1_OBJECT_free(cms->contentType);		cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);		return cms->d.envelopedData;	}	return cms_get0_enveloped(cms);}

int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj){    X509_CERT_AUX *aux;    ASN1_OBJECT *objtmp = NULL;    if (obj) {        objtmp = OBJ_dup(obj);        if (!objtmp)            return 0;    }    if ((aux = aux_get(x)) == NULL)        goto err;    if (aux->trust == NULL        && (aux->trust = sk_ASN1_OBJECT_new_null()) == NULL)        goto err;    if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp))        return 1; err:    ASN1_OBJECT_free(objtmp);    return 0;}

static int gost94_param_decode(EVP_PKEY *pkey, const unsigned char **pder,                               int derlen){    ASN1_OBJECT *obj = NULL;    DSA *dsa = EVP_PKEY_get0(pkey);    int nid;    if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {        return 0;    }    nid = OBJ_obj2nid(obj);    ASN1_OBJECT_free(obj);    if (!dsa) {        dsa = DSA_new();        if (!EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa))            return 0;    }    if (!fill_GOST94_params(dsa, nid))        return 0;    return 1;}

static int gost2001_param_decode(EVP_PKEY *pkey, const unsigned char **pder,                                 int derlen){    ASN1_OBJECT *obj = NULL;    int nid;    EC_KEY *ec = EVP_PKEY_get0(pkey);    if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {        return 0;    }    nid = OBJ_obj2nid(obj);    ASN1_OBJECT_free(obj);    if (!ec) {        ec = EC_KEY_new();        if (!EVP_PKEY_assign(pkey, NID_id_GostR3410_2001, ec))            return 0;    }    if (!fill_GOST2001_params(ec, nid))        return 0;    return 1;}

static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)	{	if (cms->d.other == NULL)		{		cms->d.signedData = M_ASN1_new_of(CMS_SignedData);		if (!cms->d.signedData)			{			CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE);			return NULL;			}		cms->d.signedData->version = 1;		cms->d.signedData->encapContentInfo->eContentType =						OBJ_nid2obj(NID_pkcs7_data);		cms->d.signedData->encapContentInfo->partial = 1;		ASN1_OBJECT_free(cms->contentType);		cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);		return cms->d.signedData;		}	return cms_get0_signed(cms);	}

/* Create a generic extension: for now just handle DER type */static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,	     int crit, int type)	{	unsigned char *ext_der=NULL;	long ext_len;	ASN1_OBJECT *obj=NULL;	ASN1_OCTET_STRING *oct=NULL;	X509_EXTENSION *extension=NULL;	if (!(obj = OBJ_txt2obj(ext, 0)))		{		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);		ERR_add_error_data(2, "name=", ext);		goto err;		}	if (!(ext_der = string_to_hex(value, &ext_len)))		{		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);		ERR_add_error_data(2, "value=", value);		goto err;		}	if (!(oct = M_ASN1_OCTET_STRING_new()))		{		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);		goto err;		}	oct->data = ext_der;	oct->length = ext_len;	ext_der = NULL;	extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);	err:	ASN1_OBJECT_free(obj);	M_ASN1_OCTET_STRING_free(oct);	if(ext_der) OPENSSL_free(ext_der);	return extension;	}

ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,	     long len)	{	ASN1_OBJECT *ret=NULL;	unsigned char *p;	int i;	/* only the ASN1_OBJECTs from the 'table' will have values	 * for ->sn or ->ln */	if ((a == NULL) || ((*a) == NULL) ||		!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))		{		if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);		}	else	ret=(*a);	p= *pp;	if ((ret->data == NULL) || (ret->length < len))		{		if (ret->data != NULL) OPENSSL_free(ret->data);		ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);		ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;		if (ret->data == NULL)			{ i=ERR_R_MALLOC_FAILURE; goto err; }		}	memcpy(ret->data,p,(int)len);	ret->length=(int)len;	ret->sn=NULL;	ret->ln=NULL;	/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */	p+=len;	if (a != NULL) (*a)=ret;	*pp=p;	return(ret);err:	ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);	if ((ret != NULL) && ((a == NULL) || (*a != ret)))		ASN1_OBJECT_free(ret);	return(NULL);	}

intX509_add1_reject_object(X509 *x, ASN1_OBJECT *obj){	X509_CERT_AUX *aux;	ASN1_OBJECT *objtmp;	int rc;	if (!(objtmp = OBJ_dup(obj)))		return 0;	if (!(aux = aux_get(x)))		goto err;	if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null()))		goto err;	rc = sk_ASN1_OBJECT_push(aux->reject, objtmp);	if (rc != 0)		return rc;err:	ASN1_OBJECT_free(objtmp);	return 0;}

static int openssl_ts_req_policy_id(lua_State*L){  TS_REQ* req = CHECK_OBJECT(1, TS_REQ, "openssl.ts_req");  if (lua_isnone(L, 2))  {    ASN1_OBJECT* obj = TS_REQ_get_policy_id(req);    openssl_push_asn1object(L, obj);    ASN1_OBJECT_free(obj);    return 1;  }  else  {    int nid = openssl_get_nid(L, 2);    ASN1_OBJECT* obj;    int ret;    luaL_argcheck(L, nid != NID_undef, 2, "must be asn1_object object identified");    obj = OBJ_nid2obj(nid);    ret = TS_REQ_set_policy_id(req, obj);    return openssl_pushresult(L, ret);  }}

CRYPTO_PUBLIC_KEY *crypto_cert_get_public_key(CRYPTO_CERT * cert, uint32 * key_len){#ifdef CRYPTO_OPENSSL		int nid;	CRYPTO_PUBLIC_KEY *lkey;	EVP_PKEY *epk = NULL;	/* For some reason, Microsoft sets the OID of the Public RSA key to	   the oid for "MD5 with RSA Encryption" instead of "RSA Encryption"	   Kudos to Richard Levitte for the following (intuitive)	   lines of code that resets the OID and lets us extract the key. */		nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);		if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption))	{		ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);		cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);	}		epk = X509_get_pubkey(cert);		if (NULL == epk)		return NULL;	lkey = RSAPublicKey_dup((RSA *) epk->pkey.ptr);	*key_len = RSA_size(lkey);	EVP_PKEY_free(epk);		return lkey;#else /* built-in crypto */	return ssl_cert_get_public_key(cert, key_len);	#endif}

static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) {  EC_KEY *ec_key = pkey->pkey.ec;  void *pval = NULL;  int ptype;  uint8_t *penc = NULL, *p;  int penclen;  if (!eckey_param2type(&ptype, &pval, ec_key)) {    OPENSSL_PUT_ERROR(EVP, ERR_R_EC_LIB);    return 0;  }  penclen = i2o_ECPublicKey(ec_key, NULL);  if (penclen <= 0) {    goto err;  }  penc = OPENSSL_malloc(penclen);  if (!penc) {    goto err;  }  p = penc;  penclen = i2o_ECPublicKey(ec_key, &p);  if (penclen <= 0) {    goto err;  }  if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC), ptype, pval, penc,                             penclen)) {    return 1;  }err:  if (ptype == V_ASN1_OBJECT) {    ASN1_OBJECT_free(pval);  } else {    ASN1_STRING_free(pval);  }  if (penc) {    OPENSSL_free(penc);  }  return 0;}

inthas_voms_extension(const char *certfilepath){    ASN1_OBJECT *acseq_oid = NULL;    X509 *cert = NULL;    int position = -1;    int result = -1;    assert (certfilepath != NULL);    acseq_oid = OBJ_txt2obj(ACSEQ_OID, 1);    if (acseq_oid == NULL) {        return result;    }    cert = load_X509_from_file(certfilepath);    if (cert == NULL) {        goto error;    }    position = X509_get_ext_by_OBJ(cert, acseq_oid, -1);    if (position >= 0) {        result = 1;    } else {        result = 0;    }    if (cert != NULL) {        X509_free(cert);    }  error:    if (acseq_oid != NULL) {        ASN1_OBJECT_free(acseq_oid);    }    return result;}

static PyObject *get_extension (certificate_x509 *self, PyObject *args, PyObject *keywords){	const char *oid = NULL;	const char *name = NULL;	static char *keywordlist[] = { "oid", "name", NULL };	if (!PyArg_ParseTupleAndKeywords (args, keywords, "|ss", keywordlist,					  &oid, &name)) {		return NULL;	}	char *value = NULL;	size_t length;	ASN1_OBJECT *obj = NULL;	if (name != NULL) {		obj = get_object_by_name (name);	} else {		obj = get_object_by_oid (oid);	}	if (obj == NULL) {		Py_INCREF (Py_None);		return Py_None;	}	length = get_extension_by_object (self->x509, obj, &value);	ASN1_OBJECT_free (obj);	if (value != NULL) {		PyObject *extension = PyString_FromStringAndSize (value,								  length);		free (value);		return extension;	} else {		Py_INCREF (Py_None);		return Py_None;	}}

int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval){    if (!alg)        return 0;    if (ptype != V_ASN1_UNDEF) {        if (alg->parameter == NULL)            alg->parameter = ASN1_TYPE_new();        if (alg->parameter == NULL)            return 0;    }    if (alg) {        ASN1_OBJECT_free(alg->algorithm);        alg->algorithm = aobj;    }    if (ptype == 0)        return 1;    if (ptype == V_ASN1_UNDEF) {        ASN1_TYPE_free(alg->parameter);        alg->parameter = NULL;    } else        ASN1_TYPE_set(alg->parameter, ptype, pval);    return 1;}

int TS_CONF_set_def_policy(CONF *conf, const char *section,                           const char *policy, TS_RESP_CTX *ctx){    int ret = 0;    ASN1_OBJECT *policy_obj = NULL;    if (!policy)        policy = NCONF_get_string(conf, section, ENV_DEFAULT_POLICY);    if (!policy) {        ts_CONF_lookup_fail(section, ENV_DEFAULT_POLICY);        goto err;    }    if ((policy_obj = OBJ_txt2obj(policy, 0)) == NULL) {        ts_CONF_invalid(section, ENV_DEFAULT_POLICY);        goto err;    }    if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj))        goto err;    ret = 1; err:    ASN1_OBJECT_free(policy_obj);    return ret;}

intconv_eckey2gkey(EC_KEY *key, TANG_KEY_USE use, TANG_KEY *gkey, BN_CTX *ctx){    const EC_GROUP *grp = EC_KEY_get0_group(key);    int r;    if (!grp)        return EINVAL;    ASN1_OBJECT_free(gkey->grp);    gkey->grp = OBJ_nid2obj(EC_GROUP_get_curve_name(grp));    if (!gkey->grp)        return ENOMEM;    r = conv_point2os(grp, EC_KEY_get0_public_key(key), gkey->key, ctx);    if (r != 0)        return ENOMEM;    if (ASN1_ENUMERATED_set(gkey->use, use) <= 0)        return ENOMEM;    return 0;}

// retrieve the extended key usage for the certLLSD _ext_key_usage_ext(X509* cert){	LLSD result;	EXTENDED_KEY_USAGE *eku = (EXTENDED_KEY_USAGE *)X509_get_ext_d2i(cert, NID_ext_key_usage, NULL, NULL);	if(eku)	{		result = LLSD::emptyArray();		while(sk_ASN1_OBJECT_num(eku))		{			ASN1_OBJECT *usage = sk_ASN1_OBJECT_pop(eku);			if(usage)			{				int nid = OBJ_obj2nid(usage);				if (nid)				{					std::string sn = OBJ_nid2sn(nid);					result.append(sn);				}				ASN1_OBJECT_free(usage);			}		}	}	return result;}

static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md,                            const char *policy, int no_nonce, int cert){    int ret = 0;    TS_REQ *ts_req = NULL;    int len;    TS_MSG_IMPRINT *msg_imprint = NULL;    X509_ALGOR *algo = NULL;    unsigned char *data = NULL;    ASN1_OBJECT *policy_obj = NULL;    ASN1_INTEGER *nonce_asn1 = NULL;    if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)        goto err;    if ((ts_req = TS_REQ_new()) == NULL)        goto err;    if (!TS_REQ_set_version(ts_req, 1))        goto err;    if ((msg_imprint = TS_MSG_IMPRINT_new()) == NULL)        goto err;    if ((algo = X509_ALGOR_new()) == NULL)        goto err;    if ((algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))) == NULL)        goto err;    if ((algo->parameter = ASN1_TYPE_new()) == NULL)        goto err;    algo->parameter->type = V_ASN1_NULL;    if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo))        goto err;    if ((len = create_digest(data_bio, digest, md, &data)) == 0)        goto err;    if (!TS_MSG_IMPRINT_set_msg(msg_imprint, data, len))        goto err;    if (!TS_REQ_set_msg_imprint(ts_req, msg_imprint))        goto err;    if (policy && (policy_obj = txt2obj(policy)) == NULL)        goto err;    if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj))        goto err;    /* Setting nonce if requested. */    if (!no_nonce && (nonce_asn1 = create_nonce(NONCE_LENGTH)) == NULL)        goto err;    if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1))        goto err;    if (!TS_REQ_set_cert_req(ts_req, cert))        goto err;    ret = 1; err:    if (!ret) {        TS_REQ_free(ts_req);        ts_req = NULL;        BIO_printf(bio_err, "could not create query/n");        ERR_print_errors(bio_err);    }    TS_MSG_IMPRINT_free(msg_imprint);    X509_ALGOR_free(algo);    OPENSSL_free(data);    ASN1_OBJECT_free(policy_obj);    ASN1_INTEGER_free(nonce_asn1);    return ts_req;}

//.........这里部分代码省略.........                        nl = 1;                    }                }                ASN1_OCTET_STRING_free(os);                os = NULL;            } else if (tag == V_ASN1_INTEGER) {                ASN1_INTEGER *bs;                int i;                opp = op;                bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl);                if (bs != NULL) {                    if (BIO_write(bp, ":", 1) <= 0)                        goto end;                    if (bs->type == V_ASN1_NEG_INTEGER)                        if (BIO_write(bp, "-", 1) <= 0)                            goto end;                    for (i = 0; i < bs->length; i++) {                        if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)                            goto end;                    }                    if (bs->length == 0) {                        if (BIO_write(bp, "00", 2) <= 0)                            goto end;                    }                } else {                    if (BIO_puts(bp, ":BAD INTEGER") <= 0)                        goto end;                    dump_cont = 1;                }                ASN1_INTEGER_free(bs);            } else if (tag == V_ASN1_ENUMERATED) {                ASN1_ENUMERATED *bs;                int i;                opp = op;                bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl);                if (bs != NULL) {                    if (BIO_write(bp, ":", 1) <= 0)                        goto end;                    if (bs->type == V_ASN1_NEG_ENUMERATED)                        if (BIO_write(bp, "-", 1) <= 0)                            goto end;                    for (i = 0; i < bs->length; i++) {                        if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)                            goto end;                    }                    if (bs->length == 0) {                        if (BIO_write(bp, "00", 2) <= 0)                            goto end;                    }                } else {                    if (BIO_puts(bp, ":BAD ENUMERATED") <= 0)                        goto end;                    dump_cont = 1;                }                ASN1_ENUMERATED_free(bs);            } else if (len > 0 && dump) {                if (!nl) {                    if (BIO_write(bp, "/n", 1) <= 0)                        goto end;                }                if (BIO_dump_indent(bp, (const char *)p,                                    ((dump == -1 || dump > len) ? len : dump),                                    dump_indent) <= 0)                    goto end;                nl = 1;            }            if (dump_cont) {                int i;                const unsigned char *tmp = op + hl;                if (BIO_puts(bp, ":[") <= 0)                    goto end;                for (i = 0; i < len; i++) {                    if (BIO_printf(bp, "%02X", tmp[i]) <= 0)                        goto end;                }                if (BIO_puts(bp, "]") <= 0)                    goto end;            }            if (!nl) {                if (BIO_write(bp, "/n", 1) <= 0)                    goto end;            }            p += len;            if ((tag == V_ASN1_EOC) && (xclass == 0)) {                ret = 2;        /* End of sequence */                goto end;            }        }        length -= len;    }    ret = 1; end:    ASN1_OBJECT_free(o);    ASN1_OCTET_STRING_free(os);    *pp = p;    return (ret);}

static TokenError saveKeys(const CertReq *reqs, const char *hostname,                           const char *password, FILE *file) {    TokenError error = TokenError_Unknown;    PKCS12 *p12 = NULL;        // Add PKCS7 safes with the keys    STACK_OF(PKCS7) *authsafes = NULL;    uint32_t localKeyId = 0;    size_t error_count = 0;    while (reqs) {        STACK_OF(PKCS12_SAFEBAG) *bags = NULL;        X509 *cert = NULL;        ASN1_OBJECT *objOwningHost = NULL;        uint32_t keyid = htonl(localKeyId++);        bool success = false;                // Add private key        PKCS12_SAFEBAG *bag = PKCS12_add_key(&bags, reqs->privkey,            opensslKeyUsages[reqs->pkcs10->keyUsage], ENC_ITER, ENC_NID, (char*)password);        if (!bag) goto loop_end;                // Add name and localKeyId to the key bag        // TODO extract name from subject DN        char *name = "names are not implemented yet";        if (!X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, MBSTRING_UTF8,                                     (unsigned char*)name, strlen(name)) ||            !PKCS12_add_localkeyid(bag, (unsigned char*)&keyid, sizeof(keyid)))            goto loop_end;                // Add a certificate so we can find the key by the subject name        cert = X509_REQ_to_X509(reqs->x509, 3650, reqs->privkey);        if (!cert ||            !X509_keyid_set1(cert, (unsigned char*)&keyid, sizeof(keyid)))            goto loop_end;                if (!X509_add_ext(cert, makeKeyUsageExt(reqs->pkcs10->keyUsage), -1))            goto loop_end;                if (!PKCS12_add_cert(&bags, cert))            goto loop_end;                // Add hostname (FriBID extension) so we can do same-origin checks        // TODO maybe we should use document.domain instead of document.location.hostname?        objOwningHost = OBJ_txt2obj(OID_OWNING_HOST, 1);        if (!objOwningHost) goto loop_end;                bag = sk_PKCS12_SAFEBAG_value(bags, sk_PKCS12_SAFEBAG_num(bags)-1);        if (!X509at_add1_attr_by_OBJ(&bag->attrib, objOwningHost, MBSTRING_UTF8,                                     (unsigned char*)hostname, strlen(hostname)))            goto loop_end;                        // Add a new authsafe        if (!PKCS12_add_safe(&authsafes, bags, -1, 0, NULL))            goto loop_end;                        // Success!        success = true;              loop_end:        if (!success) {            error_count--;            certutil_updateErrorString();        }        ASN1_OBJECT_free(objOwningHost);        X509_free(cert);        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);        reqs = reqs->next;    }        if (error_count != 0)        goto end;        // Create the PKCS12 wrapper    p12 = PKCS12_add_safes(authsafes, 0);    if (!p12) {        certutil_updateErrorString();        goto end;    }    PKCS12_set_mac(p12, (char*)password, -1, NULL, 0, MAC_ITER, NULL);        // Save file    if (i2d_PKCS12_fp(file, p12)) {        error = TokenError_Success;    }      end:    sk_PKCS7_pop_free(authsafes, PKCS7_free);    PKCS12_free(p12);    return error;}

static void cleanup3(ADDED_OBJ *a)  {  if (--a->obj->nid == 0)    ASN1_OBJECT_free(a->obj);  OPENSSL_free(a);  }

int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,              ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,              const EVP_MD *type){    EVP_MD_CTX ctx;    unsigned char *p, *buf_in = NULL, *buf_out = NULL;    int i, inl = 0, outl = 0, outll = 0;    X509_ALGOR *a;    EVP_MD_CTX_init(&ctx);    for (i = 0; i < 2; i++) {        if (i == 0)            a = algor1;        else            a = algor2;        if (a == NULL)            continue;        if (type->pkey_type == NID_dsaWithSHA1) {            /*             * special case: RFC 2459 tells us to omit 'parameters' with             * id-dsa-with-sha1             */            ASN1_TYPE_free(a->parameter);            a->parameter = NULL;        } else if ((a->parameter == NULL) ||                   (a->parameter->type != V_ASN1_NULL)) {            ASN1_TYPE_free(a->parameter);            if ((a->parameter = ASN1_TYPE_new()) == NULL)                goto err;            a->parameter->type = V_ASN1_NULL;        }        ASN1_OBJECT_free(a->algorithm);        a->algorithm = OBJ_nid2obj(type->pkey_type);        if (a->algorithm == NULL) {            ASN1err(ASN1_F_ASN1_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE);            goto err;        }        if (a->algorithm->length == 0) {            ASN1err(ASN1_F_ASN1_SIGN,                    ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);            goto err;        }    }    inl = i2d(data, NULL);    buf_in = (unsigned char *)OPENSSL_malloc((unsigned int)inl);    outll = outl = EVP_PKEY_size(pkey);    buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl);    if ((buf_in == NULL) || (buf_out == NULL)) {        outl = 0;        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);        goto err;    }    p = buf_in;    i2d(data, &p);    if (!EVP_SignInit_ex(&ctx, type, NULL)        || !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl)        || !EVP_SignFinal(&ctx, (unsigned char *)buf_out,                          (unsigned int *)&outl, pkey)) {        outl = 0;        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB);        goto err;    }    if (signature->data != NULL)        OPENSSL_free(signature->data);    signature->data = buf_out;    buf_out = NULL;    signature->length = outl;    /*     * In the interests of compatibility, I'll make sure that the bit string     * has a 'not-used bits' value of 0     */    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err:    EVP_MD_CTX_cleanup(&ctx);    if (buf_in != NULL) {        OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);        OPENSSL_free(buf_in);    }    if (buf_out != NULL) {        OPENSSL_cleanse((char *)buf_out, outll);        OPENSSL_free(buf_out);    }    return (outl);}

int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)	{	X509_PUBKEY *pk=NULL;	X509_ALGOR *a;	ASN1_OBJECT *o;	unsigned char *s,*p = NULL;	int i;	if (x == NULL) return(0);	if ((pk=X509_PUBKEY_new()) == NULL) goto err;	a=pk->algor;	/* set the algorithm id */	if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;	ASN1_OBJECT_free(a->algorithm);	a->algorithm=o;	/* Set the parameter list */	if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))		{		if ((a->parameter == NULL) ||			(a->parameter->type != V_ASN1_NULL))			{			ASN1_TYPE_free(a->parameter);			if (!(a->parameter=ASN1_TYPE_new()))				{				X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);				goto err;				}			a->parameter->type=V_ASN1_NULL;			}		}#ifndef OPENSSL_NO_DSA	else if (pkey->type == EVP_PKEY_DSA)		{		unsigned char *pp;		DSA *dsa;				dsa=pkey->pkey.dsa;		dsa->write_params=0;		ASN1_TYPE_free(a->parameter);		if ((i=i2d_DSAparams(dsa,NULL)) <= 0)			goto err;		if (!(p=(unsigned char *)OPENSSL_malloc(i)))			{			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);			goto err;			}		pp=p;		i2d_DSAparams(dsa,&pp);		if (!(a->parameter=ASN1_TYPE_new()))			{			OPENSSL_free(p);			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);			goto err;			}		a->parameter->type=V_ASN1_SEQUENCE;		if (!(a->parameter->value.sequence=ASN1_STRING_new()))			{			OPENSSL_free(p);			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);			goto err;			}		if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))			{			OPENSSL_free(p);			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);			goto err;			}		OPENSSL_free(p);		}#endif#ifndef OPENSSL_NO_EC	else if (pkey->type == EVP_PKEY_EC)		{		int nid=0;		unsigned char *pp;		EC_KEY *ec_key;		const EC_GROUP *group;				ec_key = pkey->pkey.ec;		ASN1_TYPE_free(a->parameter);		if ((a->parameter = ASN1_TYPE_new()) == NULL)			{			X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);			goto err;			}		group = EC_KEY_get0_group(ec_key);		if (EC_GROUP_get_asn1_flag(group)                     && (nid = EC_GROUP_get_curve_name(group)))			{			/* just set the OID */			a->parameter->type = V_ASN1_OBJECT;			a->parameter->value.object = OBJ_nid2obj(nid);			}		else /* explicit parameters */			{//.........这里部分代码省略.........

//.........这里部分代码省略.........        }        if (signerfile) {            STACK_OF(X509) *signers;            signers = CMS_get0_signers(cms);            if (!save_certs(signerfile, signers)) {                BIO_printf(bio_err,                           "Error writing signers to %s/n", signerfile);                ret = 5;                goto end;            }            sk_X509_free(signers);        }        if (rr_print)            receipt_request_print(bio_err, cms);    } else if (operation == SMIME_VERIFY_RECEIPT) {        if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)            BIO_printf(bio_err, "Verification successful/n");        else {            BIO_printf(bio_err, "Verification failure/n");            goto end;        }    } else {        if (noout) {            if (print)                CMS_ContentInfo_print_ctx(out, cms, 0, NULL);        } else if (outformat == FORMAT_SMIME) {            if (to)                BIO_printf(out, "To: %s/n", to);            if (from)                BIO_printf(out, "From: %s/n", from);            if (subject)                BIO_printf(out, "Subject: %s/n", subject);            if (operation == SMIME_RESIGN)                ret = SMIME_write_CMS(out, cms, indata, flags);            else                ret = SMIME_write_CMS(out, cms, in, flags);        } else if (outformat == FORMAT_PEM)            ret = PEM_write_bio_CMS_stream(out, cms, in, flags);        else if (outformat == FORMAT_ASN1)            ret = i2d_CMS_bio_stream(out, cms, in, flags);        else {            BIO_printf(bio_err, "Bad output format for CMS file/n");            goto end;        }        if (ret <= 0) {            ret = 6;            goto end;        }    }    ret = 0; end:    if (ret)        ERR_print_errors(bio_err);    if (need_rand)        app_RAND_write_file(NULL, bio_err);    sk_X509_pop_free(encerts, X509_free);    sk_X509_pop_free(other, X509_free);    if (vpm)        X509_VERIFY_PARAM_free(vpm);    if (sksigners)        sk_OPENSSL_STRING_free(sksigners);    if (skkeys)        sk_OPENSSL_STRING_free(skkeys);    if (secret_key)        OPENSSL_free(secret_key);    if (secret_keyid)        OPENSSL_free(secret_keyid);    if (pwri_tmp)        OPENSSL_free(pwri_tmp);    if (econtent_type)        ASN1_OBJECT_free(econtent_type);    if (rr)        CMS_ReceiptRequest_free(rr);    if (rr_to)        sk_OPENSSL_STRING_free(rr_to);    if (rr_from)        sk_OPENSSL_STRING_free(rr_from);    for (key_param = key_first; key_param;) {        cms_key_param *tparam;        sk_OPENSSL_STRING_free(key_param->param);        tparam = key_param->next;        OPENSSL_free(key_param);        key_param = tparam;    }    X509_STORE_free(store);    X509_free(cert);    X509_free(recip);    X509_free(signer);    EVP_PKEY_free(key);    CMS_ContentInfo_free(cms);    CMS_ContentInfo_free(rcms);    BIO_free(rctin);    BIO_free(in);    BIO_free(indata);    BIO_free_all(out);    if (passin)        OPENSSL_free(passin);    return (ret);}

static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey){  EC_KEY    *ec_key;  const EC_GROUP  *group;  unsigned char  *p, *pp;  int     nid, i, ret = 0;  unsigned int    tmp_flags, old_flags;  ec_key = pkey->pkey.ec;  if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL)   {    EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);    return 0;  }  /* set the ec parameters OID */  if (p8->pkeyalg->algorithm)    ASN1_OBJECT_free(p8->pkeyalg->algorithm);  p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);  /* set the ec parameters */  if (p8->pkeyalg->parameter)  {    ASN1_TYPE_free(p8->pkeyalg->parameter);    p8->pkeyalg->parameter = NULL;  }  if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)  {    EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);    return 0;  }    if (EC_GROUP_get_asn1_flag(group)                     && (nid = EC_GROUP_get_curve_name(group)))  {    /* we have a 'named curve' => just set the OID */    p8->pkeyalg->parameter->type = V_ASN1_OBJECT;    p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);  }  else  /* explicit parameters */  {    if ((i = i2d_ECParameters(ec_key, NULL)) == 0)    {      EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);      return 0;    }    if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)    {      EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);      return 0;    }      pp = p;    if (!i2d_ECParameters(ec_key, &pp))    {      EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);      OPENSSL_free(p);      return 0;    }    p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;    if ((p8->pkeyalg->parameter->value.sequence       = ASN1_STRING_new()) == NULL)    {      EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);      OPENSSL_free(p);      return 0;    }    ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);    OPENSSL_free(p);  }  /* set the private key */  /* do not include the parameters in the SEC1 private key   * see PKCS#11 12.11 */  old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);  tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;  EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);  i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);  if (!i)  {    EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);    EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);    return 0;  }  p = (unsigned char *) OPENSSL_malloc(i);  if (!p)  {    EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);    EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);    return 0;  }  pp = p;  if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))  {    EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);    EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);    OPENSSL_free(p);//.........这里部分代码省略.........

static void policy_map_free(X509_POLICY_REF *map)	{	if (map->subjectDomainPolicy)		ASN1_OBJECT_free(map->subjectDomainPolicy);	OPENSSL_free(map);	}

ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len){	ASN1_OBJECT *ret = NULL;	const unsigned char *p;	unsigned char *data;	int i, length;	/*	 * Sanity check OID encoding:	 * - need at least one content octet	 * - MSB must be clear in the last octet	 * - can't have leading 0x80 in subidentifiers, see: X.690 8.19.2	 */	if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||	    p[len - 1] & 0x80) {		ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);		return (NULL);	}	/* Now 0 < len <= INT_MAX, so the cast is safe. */	length = (int)len;	for (i = 0; i < length; i++, p++) {		if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {			ASN1err(ASN1_F_C2I_ASN1_OBJECT,			    ASN1_R_INVALID_OBJECT_ENCODING);			return NULL;		}	}	/* only the ASN1_OBJECTs from the 'table' will have values	 * for ->sn or ->ln */	if ((a == NULL) || ((*a) == NULL) ||	    !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {		if ((ret = ASN1_OBJECT_new()) == NULL)			return (NULL);	} else		ret = (*a);	p = *pp;	/* detach data from object */	data = (unsigned char *)ret->data;	ret->data = NULL;	/* once detached we can change it */	if ((data == NULL) || (ret->length < length)) {		ret->length = 0;		free(data);		data = malloc(length);		if (data == NULL) {			i = ERR_R_MALLOC_FAILURE;			goto err;		}		ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;	}	memcpy(data, p, length);	/* reattach data to object, after which it remains const */	ret->data = data;	ret->length = length;	ret->sn = NULL;	ret->ln = NULL;	/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */	p += length;	if (a != NULL)		(*a) = ret;	*pp = p;	return (ret);err:	ASN1err(ASN1_F_C2I_ASN1_OBJECT, i);	if ((ret != NULL) && ((a == NULL) || (*a != ret)))		ASN1_OBJECT_free(ret);	return (NULL);}

int ccn_verify_signature(const unsigned char *msg,                     size_t size,                     const struct ccn_parsed_ContentObject *co,                     const struct ccn_pkey *verification_pubkey){    EVP_MD_CTX verc;    EVP_MD_CTX *ver_ctx = &verc;    X509_SIG *digest_info = NULL;    MP_info *merkle_path_info = NULL;    unsigned char *root_hash;    size_t root_hash_size;    int res;    const EVP_MD *digest = EVP_md_null();    const EVP_MD *merkle_path_digest = EVP_md_null();    const unsigned char *signature_bits = NULL;    size_t signature_bits_size = 0;    const unsigned char *witness = NULL;    size_t witness_size = 0;    EVP_PKEY *pkey = (EVP_PKEY *)verification_pubkey;#ifdef DEBUG    int x, h;#endif    res = ccn_ref_tagged_BLOB(CCN_DTAG_SignatureBits, msg,                              co->offset[CCN_PCO_B_SignatureBits],                              co->offset[CCN_PCO_E_SignatureBits],                              &signature_bits,                              &signature_bits_size);    if (res < 0)        return (-1);    if (co->offset[CCN_PCO_B_DigestAlgorithm] == co->offset[CCN_PCO_E_DigestAlgorithm]) {        digest = EVP_sha256();    }    else {        /* XXX - figure out what algorithm the OID represents */        fprintf(stderr, "not a DigestAlgorithm I understand right now/n");        return (-1);    }    EVP_MD_CTX_init(ver_ctx);    res = EVP_VerifyInit_ex(ver_ctx, digest, NULL);    if (!res)        return (-1);    if (co->offset[CCN_PCO_B_Witness] != co->offset[CCN_PCO_E_Witness]) {        /* The witness is a DigestInfo, where the octet-string therein encapsulates         * a sequence of [integer (origin 1 node#), sequence of [octet-string]]         * where the inner octet-string is the concatenated hashes on the merkle-path         */        res = ccn_ref_tagged_BLOB(CCN_DTAG_Witness, msg,                                  co->offset[CCN_PCO_B_Witness],                                  co->offset[CCN_PCO_E_Witness],                                  &witness,                                  &witness_size);        if (res < 0)            return (-1);        digest_info = d2i_X509_SIG(NULL, &witness, witness_size);        /* digest_info->algor->algorithm->{length, data}         * digest_info->digest->{length, type, data}         */        /* ...2.2 is an MHT w/ SHA256 */        ASN1_OBJECT *merkle_hash_tree_oid = OBJ_txt2obj("1.2.840.113550.11.1.2.2", 1);        if (0 != OBJ_cmp(digest_info->algor->algorithm, merkle_hash_tree_oid)) {            fprintf(stderr, "A witness is present without an MHT OID!/n");            ASN1_OBJECT_free(merkle_hash_tree_oid);            return (-1);        }        /* we're doing an MHT */        ASN1_OBJECT_free(merkle_hash_tree_oid);        merkle_path_digest = EVP_sha256();        /* DER-encoded in the digest_info's digest ASN.1 octet string is the Merkle path info */        merkle_path_info = d2i_MP_info(NULL, (const unsigned char **)&(digest_info->digest->data), digest_info->digest->length);#ifdef DEBUG        int node = ASN1_INTEGER_get(merkle_path_info->node);        int hash_count = merkle_path_info->hashes->num;        ASN1_OCTET_STRING *hash;        fprintf(stderr, "A witness is present with an MHT OID/n");        fprintf(stderr, "This is node %d, with %d hashes/n", node, hash_count);        for (h = 0; h < hash_count; h++) {            hash = (ASN1_OCTET_STRING *)merkle_path_info->hashes->data[h];            fprintf(stderr, "     hashes[%d] len = %d data = ", h, hash->length);            for (x = 0; x < hash->length; x++) {                fprintf(stderr, "%02x", hash->data[x]);            }            fprintf(stderr, "/n");        }#endif        /* In the MHT signature case, we signed/verify the root hash */        root_hash_size = EVP_MD_size(merkle_path_digest);        root_hash = calloc(1, root_hash_size);        res = ccn_merkle_root_hash(msg, size, co, merkle_path_digest, merkle_path_info, root_hash, root_hash_size);        res = EVP_VerifyUpdate(ver_ctx, root_hash, root_hash_size);        res = EVP_VerifyFinal(ver_ctx, signature_bits, signature_bits_size, pkey);        EVP_MD_CTX_cleanup(ver_ctx);//.........这里部分代码省略.........