自学教程：C++ stell函数代码示例

static int readDNComponent( INOUT STREAM *stream, 							INOUT DN_COMPONENT **dnComponentListPtrPtr )	{	int rdnLength, iterationCount, status;	/* Read the start of the RDN */	status = readSet( stream, &rdnLength );	if( cryptStatusError( status ) )		return( status );	/* Read each RDN component */	for( iterationCount = 0;		 rdnLength > 0 && iterationCount < FAILSAFE_ITERATIONS_MED;		 iterationCount++ )		{		const int rdnStart = stell( stream );		REQUIRES( rdnStart > 0 && rdnStart < MAX_INTLENGTH_SHORT );		status = readRDNcomponent( stream, dnComponentListPtrPtr, 								   rdnLength );		if( cryptStatusError( status ) && status != OK_SPECIAL )			return( status );		rdnLength -= stell( stream ) - rdnStart;		}	if( rdnLength < 0 || iterationCount >= FAILSAFE_ITERATIONS_MED )		return( CRYPT_ERROR_BADDATA );	return( CRYPT_OK );	}

static int readGeneralInfo( INOUT STREAM *stream, 							INOUT CMP_PROTOCOL_INFO *protocolInfo )	{	long endPos;	int length, iterationCount, status;	assert( isWritePtr( stream, sizeof( STREAM ) ) );	assert( isWritePtr( protocolInfo, sizeof( CMP_PROTOCOL_INFO ) ) );	/* Go through the various attributes looking for anything that we can	   use */	readConstructed( stream, NULL, CTAG_PH_GENERALINFO );	status = readSequence( stream, &length );	if( cryptStatusError( status ) )		return( status );	endPos = stell( stream ) + length;	for( iterationCount = 0; 		 stell( stream ) < endPos && /			iterationCount < FAILSAFE_ITERATIONS_MED; iterationCount++ )		{		status = readGeneralInfoAttribute( stream, protocolInfo );		if( cryptStatusError( status ) )			return( status );		}	ENSURES( iterationCount < FAILSAFE_ITERATIONS_MED );	return( status );	}

static int getMPIsize( INOUT STREAM *stream, 					   IN_LENGTH_PKC const int minMpiSize, 					   IN_LENGTH_PKC const int maxMpiSize,					   OUT_LENGTH_SHORT_Z int *length )	{	const int position = stell( stream );	int dummy, status;	assert( isWritePtr( stream, sizeof( STREAM ) ) );	assert( isWritePtr( length, sizeof( int ) ) );	REQUIRES( minMpiSize > 0 && maxMpiSize > 0 && /			  minMpiSize <= maxMpiSize && maxMpiSize <= CRYPT_MAX_PKCSIZE );	REQUIRES( !cryptStatusError( position ) );	/* Clear return value */	*length = 0;		status = readInteger16Ubits( stream, NULL, &dummy, minMpiSize, 								 maxMpiSize );	if( cryptStatusError( status ) )		return( status );	*length = stell( stream ) - position;	return( CRYPT_OK );	}

static int readRDNcomponent( INOUT STREAM *stream, 							 INOUT DN_COMPONENT **dnComponentListPtrPtr,							 IN_LENGTH_SHORT const int rdnDataLeft )	{		CRYPT_ERRTYPE_TYPE dummy;	BYTE stringBuffer[ MAX_ATTRIBUTE_SIZE + 8 ];	void *value;	const int rdnStart = stell( stream );	int type, valueLength, valueStringType, stringTag;	int flags = DN_FLAG_NOCHECK, status;	assert( isWritePtr( stream, sizeof( STREAM ) ) );	assert( isWritePtr( dnComponentListPtrPtr, sizeof( DN_COMPONENT * ) ) );	REQUIRES( rdnDataLeft > 0 && rdnDataLeft < MAX_INTLENGTH_SHORT );	REQUIRES( rdnStart > 0 && rdnStart < MAX_INTLENGTH_SHORT );	/* Read the type information for this AVA */	status = readAVA( stream, &type, &valueLength, &stringTag );	if( cryptStatusError( status ) )		return( status );	if( valueLength <= 0 )		{		/* Skip broken AVAs with zero-length strings */		return( CRYPT_OK );		}	status = sMemGetDataBlock( stream, &value, valueLength );	if( cryptStatusOK( status ) )		status = sSkip( stream, valueLength );	if( cryptStatusError( status ) )		return( status );	ANALYSER_HINT( value != NULL );	/* If there's room for another AVA, mark this one as being continued.  The	   +10 value is the minimum length for an AVA: SEQUENCE { OID, value } 	   (2-bytes SEQUENCE + 5 bytes OID + 2 bytes (tag + length) + 1 byte min-	   length data).  We don't do a simple =/!= check to get around incorrectly 	   encoded lengths */	if( rdnDataLeft >= ( stell( stream ) - rdnStart ) + 10 )		flags |= DN_FLAG_CONTINUED;	/* Convert the string into the local character set */	status = copyFromAsn1String( stringBuffer, MAX_ATTRIBUTE_SIZE, 								 &valueLength, &valueStringType, value, 								 valueLength, stringTag );	if( cryptStatusError( status ) )		return( status );	/* Add the DN component to the DN.  If we hit a non-memory related error	   we turn it into a generic CRYPT_ERROR_BADDATA error since the other	   codes are somewhat too specific for this case, something like 	   CRYPT_ERROR_INITED or an arg error isn't too useful for the caller */	status = insertDNstring( dnComponentListPtrPtr, type, stringBuffer, 							 valueLength, valueStringType, flags, &dummy );	return( ( cryptStatusError( status ) && status != CRYPT_ERROR_MEMORY ) ? /			CRYPT_ERROR_BADDATA : status );	}

int getPgpPacketInfo( INOUT STREAM *stream, 					  OUT QUERY_INFO *queryInfo )	{	const long startPos = stell( stream );	long offset, length;	int ctb, status;	assert( isWritePtr( stream, sizeof( STREAM ) ) );	assert( isWritePtr( queryInfo, sizeof( QUERY_INFO ) ) );	/* Clear return value */	memset( queryInfo, 0, sizeof( QUERY_INFO ) );	/* Read the packet header and extract information from the CTB.  Note	   that the assignment of version numbers is speculative only because	   it's possible to use PGP 2.x packet headers to wrap up OpenPGP	   packets */	status = pgpReadPacketHeader( stream, &ctb, &length, 8 );	if( cryptStatusError( status ) )		return( status );	queryInfo->formatType = CRYPT_FORMAT_PGP;	queryInfo->version = pgpGetPacketVersion( ctb );	offset = stell( stream );	if( cryptStatusError( offset ) )		return( offset );	queryInfo->size = ( offset - startPos ) + length;	switch( pgpGetPacketType( ctb ) )		{		case PGP_PACKET_SKE:			queryInfo->type = CRYPT_OBJECT_ENCRYPTED_KEY;			break;		case PGP_PACKET_PKE:			queryInfo->type = CRYPT_OBJECT_PKCENCRYPTED_KEY;			break;		case PGP_PACKET_SIGNATURE:			queryInfo->type = CRYPT_OBJECT_SIGNATURE;			break;		case PGP_PACKET_SIGNATURE_ONEPASS:			/* First half of a one-pass signature, this is given a special			   type of 'none' since it's not a normal packet */			queryInfo->type = CRYPT_OBJECT_NONE;			break;		default:			DEBUG_DIAG(( "Found unrecognised ctb %X", ctb ));			assert( DEBUG_WARN );			return( CRYPT_ERROR_BADDATA );		}	/* Make sure that all of the data is present without resetting the 	   stream */	return( ( sMemDataLeft( stream ) < length ) ? /			CRYPT_ERROR_UNDERFLOW : CRYPT_OK );	}

static int getItem( INOUT STREAM *stream, OUT ASN1_ITEM *item )	{	const long offset = stell( stream );	long length;	int status;	assert( isWritePtr( stream, sizeof( STREAM ) ) );	assert( isWritePtr( item, sizeof( ASN1_ITEM ) ) );	REQUIRES_EXT( ( offset >= 0 && offset < MAX_INTLENGTH ), /				  ASN1_STATE_ERROR );	/* Clear return value */	memset( item, 0, sizeof( ASN1_ITEM ) );	/* Read the tag.  We can't use peekTag() for this since we may be 	   reading EOC octets, which would be rejected by peekTag() */	status = item->tag = sPeek( stream );	if( cryptStatusError( status ) )		return( ASN1_STATE_ERROR );	if( item->tag == BER_EOC )		{		/* It looks like EOC octets, make sure that they're in order */		status = checkEOC( stream );		if( cryptStatusError( status ) )			return( ASN1_STATE_ERROR );		if( status == TRUE )			{			item->headerSize = 2;			return( ASN1_STATE_NONE );			}		}	/* Make sure that it's at least vaguely valid before we try the	   readLongGenericHole() */	if( item->tag <= 0 || item->tag >= MAX_TAG )		return( ASN1_STATE_ERROR );	/* It's not an EOC, read the tag and length as a generic hole */	status = readLongGenericHole( stream, &length, item->tag );	if( cryptStatusError( status ) )		return( ASN1_STATE_ERROR );	item->headerSize = stell( stream ) - offset;	if( length == CRYPT_UNUSED )		item->indefinite = TRUE;	else		{		/* If the length that we've just read is larger than the object 		   itself, it's an error */		if( length >= MAX_BUFFER_SIZE - 1 ) 			return( ASN1_STATE_ERROR );		item->length = length;		}	return( ASN1_STATE_NONE );	}

int readDN( INOUT STREAM *stream, 			OUT_PTR_COND DN_PTR **dnComponentListPtrPtr )	{	DN_COMPONENT *dnComponentListPtr = NULL;	int length, iterationCount, status;	assert( isWritePtr( stream, sizeof( STREAM ) ) );	assert( isWritePtr( dnComponentListPtrPtr, sizeof( DN_COMPONENT * ) ) );	/* Clear return value */	*dnComponentListPtrPtr = NULL;	/* Read the encoded DN into the local copy of the DN (in other words 	   into the dnComponentListPtr, not the externally-visible	   dnComponentListPtrPtr) */	status = readSequenceZ( stream, &length );	if( cryptStatusError( status ) )		return( status );	if( length <= 0 )		{		/* Some buggy certificates include zero-length DNs, which we skip */		return( CRYPT_OK );		}	for( iterationCount = 0;		 length > 0 && iterationCount < FAILSAFE_ITERATIONS_MED;		 iterationCount++ )		{		const int startPos = stell( stream );		REQUIRES( startPos > 0 && startPos < MAX_INTLENGTH_SHORT );		status = readDNComponent( stream, &dnComponentListPtr );		if( cryptStatusError( status ) )			break;		length -= stell( stream ) - startPos;		}	if( cryptStatusError( status ) || /		length < 0 || iterationCount >= FAILSAFE_ITERATIONS_MED )		{		/* Delete the local copy of the DN read so far if necessary */		if( dnComponentListPtr != NULL )			deleteDN( ( DN_PTR ** ) &dnComponentListPtr );		return( cryptStatusError( status ) ? status : CRYPT_ERROR_BADDATA );		}	/* Copy the local copy of the DN back to the caller */	*dnComponentListPtrPtr = dnComponentListPtr;	return( CRYPT_OK );	}

/* token */intztoken(register os_ptr op){	stream st;	stream *s = &st;	int code;	ref token;	switch ( r_type(op) )	   {	default: return e_typecheck;	case t_file: return ztoken_file(op);	case t_string: ;	   }	check_read(*op);	sread_string(s, op->value.bytes, r_size(op));	switch ( code = scan_token(s, 1, &token) )	   {	case 0:				/* read a token */	   {	uint pos = stell(s);		op->value.bytes += pos;		r_inc_size(op, -pos);	   }		push(2);		op[-1] = token;		make_bool(op, 1);		return 0;	case 1:				/* no tokens */		make_bool(op, 0);		return 0;	default:			/* error */		return code;	   }}

/* Procedures for reading from a file */static ints_fileno_available(register stream * s, long *pl){    long max_avail = s->file_limit - stell(s);    long buf_avail = sbufavailable(s);    int fd = sfileno(s);    *pl = min(max_avail, buf_avail);    if (sseekable(s)) {        long pos, end;        pos = ltell(fd);        if (pos < 0)            return ERRC;        end = lseek(fd, 0L, SEEK_END);        if (lseek(fd, pos, SEEK_SET) < 0 || end < 0)            return ERRC;        buf_avail += end - pos;        *pl = min(max_avail, buf_avail);        if (*pl == 0)            *pl = -1;		/* EOF */    } else {        if (*pl == 0)            *pl = -1;		/* EOF */    }    return 0;}

static int readAVABitstring( INOUT STREAM *stream, 							 OUT_LENGTH_SHORT_Z int *length, 							 OUT_TAG_ENCODED_Z int *stringTag )	{	long streamPos;	int bitStringLength, innerTag, innerLength = DUMMY_INIT, status;	assert( isWritePtr( stream, sizeof( STREAM ) ) );	assert( isWritePtr( length, sizeof( int ) ) );	assert( isWritePtr( stringTag, sizeof( int ) ) );	/* Bitstrings are used for uniqueIdentifiers, however these usually 	   encapsulate something else:		BIT STRING {			IA5String 'xxxxx'			}	   so we try and dig one level deeper to find the encapsulated string if 	   there is one.  This gets a bit complicated because we have to 	   speculatively try and decode the inner content and if that fails 	   assume that it's raw bitstring data.  First we read the bitstring 	   wrapper and remember where the bitstring data starts */	status = readBitStringHole( stream, &bitStringLength, 2, DEFAULT_TAG );	if( cryptStatusError( status ) )		return( status );	streamPos = stell( stream );	/* Then we try and read any inner content */	status = innerTag = peekTag( stream );	if( !cryptStatusError( status ) )		status = readGenericHole( stream, &innerLength, 1, innerTag );	if( !cryptStatusError( status ) && /		bitStringLength == sizeofObject( innerLength ) )		{		/* There was inner content present, treat it as the actual type and 		   value of the bitstring.  This assumes that the inner content is		   a string data type, which always seems to be the case (in any 		   event it's not certain what we should be returning to the user if		   we find, for example, a SEQUENCE with further encapsulated 		   content at this point) */		*stringTag = innerTag;		*length = innerLength;		return( CRYPT_OK );		}	/* We couldn't identify any (obvious) inner content, it must be raw	   bitstring data.  Unfortunately we have no idea what format this is	   in, it could in fact really be raw binary data but never actually 	   seems to be this, it's usually ASCII text so we mark it as such and 	   let the string-read routines sort it out */	sClearError( stream );	sseek( stream, streamPos );	*stringTag = BER_STRING_IA5;	*length = bitStringLength;	return( CRYPT_OK );	}

voidst_endfile (st_parameter_filepos *fpp){  gfc_unit *u;  library_start (&fpp->common);  u = find_unit (fpp->common.unit);  if (u != NULL)    {      if (u->flags.access == ACCESS_DIRECT)	{	  generate_error (&fpp->common, LIBERROR_OPTION_CONFLICT,			  "Cannot perform ENDFILE on a file opened"			  " for DIRECT access");	  goto done;	}      /* If there are previously written bytes from a write with ADVANCE="no",	 add a record marker before performing the ENDFILE.  */      if (u->previous_nonadvancing_write)	finish_last_advance_record (u);      u->previous_nonadvancing_write = 0;      if (u->current_record)	{	  st_parameter_dt dtp;	  dtp.common = fpp->common;	  memset (&dtp.u.p, 0, sizeof (dtp.u.p));	  dtp.u.p.current_unit = u;	  next_record (&dtp, 1);	}      unit_truncate (u, stell (u->s), &fpp->common);      u->endfile = AFTER_ENDFILE;      if (0 == stell (u->s))        u->flags.position = POSITION_REWIND;    done:      unlock_unit (u);    }  library_end ();}

static voidtest_endfile (gfc_unit * u){  if (u->endfile == NO_ENDFILE)    {       gfc_offset sz = ssize (u->s);      if (sz == 0 || sz == stell (u->s))	u->endfile = AT_ENDFILE;    }}

voidst_rewind (st_parameter_filepos *fpp){  gfc_unit *u;  library_start (&fpp->common);  u = find_unit (fpp->common.unit);  if (u != NULL)    {      if (u->flags.access == ACCESS_DIRECT)	generate_error (&fpp->common, LIBERROR_BAD_OPTION,			"Cannot REWIND a file opened for DIRECT access");      else	{	  /* If there are previously written bytes from a write with ADVANCE="no",	     add a record marker before performing the ENDFILE.  */	  if (u->previous_nonadvancing_write)	    finish_last_advance_record (u);	  u->previous_nonadvancing_write = 0;	  fbuf_reset (u);	  u->last_record = 0;	  if (sseek (u->s, 0, SEEK_SET) < 0)	    generate_error (&fpp->common, LIBERROR_OS, NULL);	  /* Handle special files like /dev/null differently.  */	  if (!is_special (u->s))	    {	      /* We are rewinding so we are not at the end.  */	      u->endfile = NO_ENDFILE;	    }	  else	    {	      /* Set this for compatibilty with g77 for /dev/null.  */	      if (file_length (u->s) == 0  && stell (u->s) == 0)		u->endfile = AT_ENDFILE;	      /* Future refinements on special files can go here.  */	    }	  u->current_record = 0;	  u->strm_pos = 1;	  u->read_bad = 0;	}      /* Update position for INQUIRE.  */      u->flags.position = POSITION_REWIND;      unlock_unit (u);    }  library_end ();}

static int updateMacInfo( INOUT SESSION_INFO *sessionInfoPtr,						  INOUT CMP_PROTOCOL_INFO *protocolInfo,						  INOUT STREAM *stream,						  const BOOLEAN isRevocation )	{	const ATTRIBUTE_LIST *passwordPtr = /					findSessionInfo( sessionInfoPtr->attributeList,									 CRYPT_SESSINFO_PASSWORD );	BYTE macKey[ 64 + 8 ];	BOOLEAN decodedMacKey = FALSE;	const void *macKeyPtr;	const int streamPos = stell( stream );	int macKeyLength, status;	REQUIRES( passwordPtr != NULL );	sseek( stream, protocolInfo->macInfoPos );	if( isRevocation && protocolInfo->altMacKeySize > 0 )		{		/* If it's a revocation and we're using a distinct revocation		   password (which we've already decoded into a MAC key), use		   that */		macKeyPtr = protocolInfo->altMacKey;		macKeyLength = protocolInfo->altMacKeySize;		}	else		{		/* It's a standard issue (or we're using the same password/key		   for the issue and revocation), use that */		if( passwordPtr->flags & ATTR_FLAG_ENCODEDVALUE )			{			/* It's an encoded value, get the decoded form */			macKeyPtr = macKey;			status = decodePKIUserValue( macKey, 64, &macKeyLength, 										 passwordPtr->value, 										 passwordPtr->valueLength );			ENSURES( cryptStatusOK( status ) );			decodedMacKey = TRUE;			}		else			{			macKeyPtr = passwordPtr->value;			macKeyLength = passwordPtr->valueLength;			}		}	status = readMacInfo( stream, protocolInfo, macKeyPtr,						  macKeyLength, SESSION_ERRINFO );	if( decodedMacKey )		zeroise( macKey, 64 );	if( cryptStatusError( status ) )		return( status );	sseek( stream, streamPos );	return( CRYPT_OK );	}

int streamBookmarkComplete( INOUT STREAM *stream, 							OUT_OPT_PTR void **dataPtrPtr, 							OUT_LENGTH_Z int *length, 							IN_LENGTH const int position )	{	const int dataLength = stell( stream ) - position;	assert( isWritePtr( stream, sizeof( STREAM ) ) );	assert( isWritePtr( dataPtrPtr, sizeof( void * ) ) );	assert( isWritePtr( length, sizeof( int ) ) );	REQUIRES( position >= 0 && position < MAX_INTLENGTH );	REQUIRES( dataLength > 0 || dataLength < stell( stream ) );	/* Clear return values */	*dataPtrPtr = NULL;	*length = 0;	*length = dataLength;	return( sMemGetDataBlockAbs( stream, position, dataPtrPtr, dataLength ) );	}

static int pgpReadDecryptMPI( INOUT STREAM *stream,							  IN_HANDLE const CRYPT_CONTEXT iCryptContext,							  IN_LENGTH_PKC const int minLength, 							  IN_LENGTH_PKC const int maxLength )	{	void *mpiDataPtr = DUMMY_INIT_PTR;	const long mpiDataStartPos = stell( stream ) + UINT16_SIZE;	int mpiLength, dummy, status;	assert( isWritePtr( stream, sizeof( STREAM ) ) );		REQUIRES( isHandleRangeValid( iCryptContext ) );	REQUIRES( minLength >= bitsToBytes( 155 ) && /			  minLength <= maxLength && /			  maxLength <= CRYPT_MAX_PKCSIZE );	/* Get the MPI length and decrypt the payload data.  We have to be 	   careful how we handle this because readInteger16Ubits() returns the 	   canonicalised form of the values (with leading zeroes truncated) so 	   the returned length value doesn't necessarily represent the amount	   of data that we need to decrypt:		startPos	dataStart		 stell()			|			|				|			v			v <-- length -->v		+---+-----------+---------------+		|	|			|///////////////| Stream		+---+-----------+---------------+ */	status = readInteger16Ubits( stream, NULL, &dummy, minLength, 								 maxLength );	if( cryptStatusError( status ) )		return( status );	mpiLength = stell( stream ) - mpiDataStartPos;	status = sMemGetDataBlockAbs( stream, mpiDataStartPos, &mpiDataPtr, 								  mpiLength );	if( cryptStatusOK( status ) )		status = krnlSendMessage( iCryptContext, IMESSAGE_CTX_DECRYPT,								  mpiDataPtr, mpiLength );	return( status );	}

static gfc_offsetgf_ftell (int unit){  gfc_unit * u = find_unit (unit);  if (u == NULL)    return -1;  int pos = fbuf_reset (u);  if (pos != 0)    sseek (u->s, pos, SEEK_CUR);  gfc_offset ret = stell (u->s);  unlock_unit (u);  return ret;}

static voidformatted_backspace (st_parameter_filepos *fpp, gfc_unit *u){  gfc_offset base;  char p[READ_CHUNK];  ssize_t n;  base = stell (u->s) - 1;  do    {      n = (base < READ_CHUNK) ? base : READ_CHUNK;      base -= n;      if (sseek (u->s, base, SEEK_SET) < 0)        goto io_error;      if (sread (u->s, p, n) != n)	goto io_error;      /* We have moved backwards from the current position, it should         not be possible to get a short read.  Because it is not         clear what to do about such thing, we ignore the possibility.  */      /* There is no memrchr() in the C library, so we have to do it         ourselves.  */      while (n > 0)	{          n--;	  if (p[n] == '/n')	    {	      base += n + 1;	      goto done;	    }	}    }  while (base != 0);  /* base is the new pointer.  Seek to it exactly.  */ done:  if (sseek (u->s, base, SEEK_SET) < 0)    goto io_error;  u->last_record--;  u->endfile = NO_ENDFILE;  return; io_error:  generate_error (&fpp->common, LIBERROR_OS, NULL);}

/* Switch a file stream to reading or writing. */static ints_fileno_switch(stream * s, bool writing){    uint modes = s->file_modes;    int fd = sfileno(s);    long pos;    if (writing) {        if (!(s->file_modes & s_mode_write))            return ERRC;        pos = stell(s);        if_debug2('s', "[s]switch 0x%lx to write at %ld/n",                  (ulong) s, pos);        lseek(fd, pos, SEEK_SET);	/* pacify OS */        if (modes & s_mode_append) {            sappend_file(s, s->file, s->cbuf, s->cbsize);  /* sets position */        } else {            swrite_file(s, s->file, s->cbuf, s->cbsize);            s->position = pos;        }        s->modes = modes;    } else {        if (!(s->file_modes & s_mode_read))            return ERRC;        pos = stell(s);        if_debug2('s', "[s]switch 0x%lx to read at %ld/n",                  (ulong) s, pos);        if (sflush(s) < 0)            return ERRC;        lseek(fd, 0L, SEEK_CUR);	/* pacify OS */        sread_file(s, s->file, s->cbuf, s->cbsize);        s->modes |= modes & s_mode_append;	/* don't lose append info */        s->position = pos;    }    s->file_modes = modes;    return 0;}

static int readRawSignature( INOUT STREAM *stream, 							 OUT QUERY_INFO *queryInfo )	{	const int startPos = stell( stream );	int status;	assert( isWritePtr( stream, sizeof( STREAM ) ) );	assert( isWritePtr( queryInfo, sizeof( QUERY_INFO ) ) );	REQUIRES( startPos >= 0 && startPos < MAX_BUFFER_SIZE );	/* Clear return value */	memset( queryInfo, 0, sizeof( QUERY_INFO ) );	/* Read the start of the signature */	status = readBitStringHole( stream, &queryInfo->dataLength, 18 + 18,								DEFAULT_TAG );	if( cryptStatusError( status ) )		return( status );	queryInfo->dataStart = stell( stream ) - startPos;	/* Make sure that the remaining signature data is present */	return( sSkip( stream, queryInfo->dataLength, MAX_INTLENGTH_SHORT ) );	}

static int readProtectionAlgo( INOUT STREAM *stream, 							   INOUT CMP_PROTOCOL_INFO *protocolInfo )	{	CRYPT_ALGO_TYPE cryptAlgo, hashAlgo;	int hashParam, streamPos, status;	assert( isWritePtr( stream, sizeof( STREAM ) ) );	assert( isWritePtr( protocolInfo, sizeof( CMP_PROTOCOL_INFO ) ) );	/* Read the wrapper.  If there's a problem we exit immediately since an 	   error status from the readAlgoIDex() that follows is interpreted to 	   indicate the presence of the weird Entrust MAC rather than a real 	   error */	status = readConstructed( stream, NULL, CTAG_PH_PROTECTIONALGO );	if( cryptStatusError( status ) )		return( status );	streamPos = stell( stream );	status = readAlgoIDex( stream, &cryptAlgo, &hashAlgo, &hashParam,						   ALGOID_CLASS_PKCSIG );	if( cryptStatusOK( status ) )		{		/* Make sure that it's a recognised signature algorithm to avoid		   false positives if the other side sends some bizarre algorithm 		   ID */		if( !isSigAlgo( cryptAlgo ) )			return( CRYPT_ERROR_NOTAVAIL );		/* It's a recognised signature algorithm, use the CA certificate to 		   verify it rather than the MAC */		protocolInfo->useMACreceive = FALSE;		protocolInfo->hashAlgo = hashAlgo;		protocolInfo->hashParam = hashParam;		return( CRYPT_OK );		}	ENSURES( cryptStatusError( status ) );	/* It's nothing normal, it must be the Entrust MAC algorithm information, 	   remember where it starts so that we can process it later */	sClearError( stream );	protocolInfo->macInfoPos = streamPos;	status = readUniversal( stream );	protocolInfo->useMACreceive = TRUE;	return( status );	}

static int readPubkeyAttributes( INOUT STREAM *stream, 								 INOUT PKCS15_INFO *pkcs15infoPtr,								 IN_LENGTH const int endPos, 								 const BOOLEAN isPubKeyObject )	{	int usageFlags, status;	assert( isWritePtr( stream, sizeof( STREAM ) ) );	assert( isWritePtr( pkcs15infoPtr, sizeof( PKCS15_INFO ) ) );	REQUIRES( endPos > 0 && endPos > stell( stream ) && /			  endPos < MAX_INTLENGTH );	status = readBitString( stream, &usageFlags );		/* Usage flags */	if( canContinue( stream, status, endPos ) &&		/* Native flag */		peekTag( stream ) == BER_BOOLEAN )		status = readUniversal( stream );	if( canContinue( stream, status, endPos ) &&		/* Access flags */		peekTag( stream ) == BER_BITSTRING )		status = readUniversal( stream );	if( canContinue( stream, status, endPos ) &&		/* Key reference */		peekTag( stream ) == BER_INTEGER )		status = readUniversal( stream );	if( canContinue( stream, status, endPos ) &&		/* Start date */		peekTag( stream ) == BER_TIME_GENERALIZED )		status = readGeneralizedTime( stream, &pkcs15infoPtr->validFrom );	if( canContinue( stream, status, endPos ) &&		/* End date */		peekTag( stream ) == MAKE_CTAG( CTAG_KA_VALIDTO ) )		status = readGeneralizedTimeTag( stream, &pkcs15infoPtr->validTo, 										 CTAG_KA_VALIDTO );	if( cryptStatusError( status ) )		return( status );	if( isPubKeyObject )		pkcs15infoPtr->pubKeyUsage = usageFlags;	else		pkcs15infoPtr->privKeyUsage = usageFlags;	return( CRYPT_OK );	}

static intzreusablestream(i_ctx_t *i_ctx_p){    os_ptr op = osp;    os_ptr source_op = op - 1;    long length = max_long;    bool close_source;    int code;    check_type(*op, t_boolean);    close_source = op->value.boolval;    if (r_has_type(source_op, t_string)) {        uint size = r_size(source_op);        check_read(*source_op);        code = make_rss(i_ctx_p, source_op, source_op->value.const_bytes,                        size, r_space(source_op), 0L, size, false);    } else if (r_has_type(source_op, t_astruct)) {        uint size = gs_object_size(imemory, source_op->value.pstruct);        if (gs_object_type(imemory, source_op->value.pstruct) != &st_bytes)            return_error(e_rangecheck);        check_read(*source_op);        code = make_rss(i_ctx_p, source_op,                        (const byte *)source_op->value.pstruct, size,                        r_space(source_op), 0L, size, true);    } else if (r_has_type(source_op, t_array)) {  /* no packedarrays */        int i, blk_cnt, blk_sz;        ref *blk_ref;        ulong filelen = 0;        check_read(*source_op);        blk_cnt = r_size(source_op);        blk_ref = source_op->value.refs;        if (blk_cnt > 0) {            blk_sz = r_size(blk_ref);            for (i = 0; i < blk_cnt; i++) {                int len;                check_read_type(blk_ref[i], t_string);                len = r_size(&blk_ref[i]);                if (len > blk_sz || (len < blk_sz && i < blk_cnt - 1))                   return_error(e_rangecheck); /* last block can be smaller */                filelen += len;            }        }        if (filelen == 0) {           code = make_rss(i_ctx_p, source_op, (unsigned char *)"", 0,               r_space(source_op), 0, 0, false);        } else {           code = make_aos(i_ctx_p, source_op, blk_sz, r_size(&blk_ref[blk_cnt - 1]), filelen);        }    } else {        long offset = 0;        stream *source;        stream *s;        check_read_file(i_ctx_p, source, source_op);        s = source;rs:        if (s->cbuf_string.data != 0) {	/* string stream */            long pos = stell(s);            long avail = sbufavailable(s) + pos;            offset += pos;            code = make_rss(i_ctx_p, source_op, s->cbuf_string.data,                            s->cbuf_string.size,                            imemory_space((const gs_ref_memory_t *)s->memory),                            offset, min(avail, length), false);        } else if (s->file != 0) { /* file stream */            if (~s->modes & (s_mode_read | s_mode_seek))                return_error(e_ioerror);            code = make_rfs(i_ctx_p, source_op, s, offset + stell(s), length);        } else if (s->state->templat == &s_SFD_template) {            /* SubFileDecode filter */            const stream_SFD_state *const sfd_state =                (const stream_SFD_state *)s->state;            if (sfd_state->eod.size != 0)                return_error(e_rangecheck);            offset += sfd_state->skip_count - sbufavailable(s);            if (sfd_state->count != 0) {                long left = max(sfd_state->count, 0) + sbufavailable(s);                if (left < length)                    length = left;            }            s = s->strm;            goto rs;        }        else			/* some other kind of stream */            return_error(e_rangecheck);        if (close_source) {            stream *rs = fptr(source_op);            rs->strm = source;	/* only for close_source */            rs->close_strm = true;        }    }    if (code >= 0)//.........这里部分代码省略.........

//.........这里部分代码省略.........      if ((cf2 & IOPARM_INQUIRE_HAS_IQSTREAM) != 0)	{	  if (u == NULL)	    p = "UNKNOWN";	  else	    switch (u->flags.access)	      {	      case ACCESS_SEQUENTIAL:	      case ACCESS_DIRECT:		p = no;		break;	      case ACCESS_STREAM:		p = yes;		break;	      default:		internal_error (&iqp->common, "inquire_via_unit(): Bad pad");	      }    	  cf_strcpy (iqp->iqstream, iqp->iqstream_len, p);	}    }  if ((cf & IOPARM_INQUIRE_HAS_POSITION) != 0)    {      if (u == NULL || u->flags.access == ACCESS_DIRECT)        p = undefined;      else	{	  /* If the position is unspecified, check if we can figure	     out whether it's at the beginning or end.  */	  if (u->flags.position == POSITION_UNSPECIFIED)	    {	      gfc_offset cur = stell (u->s);	      if (cur == 0)		u->flags.position = POSITION_REWIND;	      else if (cur != -1 && (ssize (u->s) == cur))		u->flags.position = POSITION_APPEND;	    }	  switch (u->flags.position)	    {	    case POSITION_REWIND:	      p = "REWIND";	      break;	    case POSITION_APPEND:	      p = "APPEND";	      break;	    case POSITION_ASIS:	      p = "ASIS";	      break;	    default:	      /* If the position has changed and is not rewind or		 append, it must be set to a processor-dependent		 value.  */	      p = "UNSPECIFIED";	      break;	    }	}      cf_strcpy (iqp->position, iqp->position_len, p);    }  if ((cf & IOPARM_INQUIRE_HAS_ACTION) != 0)    {      if (u == NULL)	p = undefined;      else

static int processAdditionalScepRequest( INOUT SESSION_INFO *sessionInfoPtr,										 const HTTP_URI_INFO *httpReqInfo )	{	HTTP_URI_INFO rewrittenHttpReqInfo;	MESSAGE_DATA msgData;	int operationType, status;	assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) );	assert( isReadPtr( httpReqInfo, sizeof( HTTP_URI_INFO ) ) );	/* If the client has fed us an HTTP GET request, find out what they  	   want.  SCEP's handling of HTTP requests is a bit different from the 	   "attribute '=' value" lookup that's normally used for HTTP data 	   retrieval.  Instead, it uses the format 	   "'operation =' value '&' extraData", with the search key buried in 	   the 'extraData' value.  In addition the content of the 'extraData' 	   value isn't defined outside of "any string which is understood by the 	   CA".  However since 'value' defines what we want, we can determine 	   what to return based on this and ignore the 'extraData' portion.	   In order to fix up the query information into a format that works 	   with standard HTTP queries, we rewrite the query data from the 	   "'operation =' value '&' extraData" form into "attribute '=' value" 	   before we process the query */	memset( &rewrittenHttpReqInfo, 0, sizeof( HTTP_URI_INFO ) );	memcpy( rewrittenHttpReqInfo.attribute, httpReqInfo->value, 			httpReqInfo->valueLen );	rewrittenHttpReqInfo.attributeLen = httpReqInfo->valueLen;	if( httpReqInfo->extraDataLen > 0 )		{		memcpy( rewrittenHttpReqInfo.value, httpReqInfo->extraData, 				httpReqInfo->extraDataLen );		rewrittenHttpReqInfo.valueLen = httpReqInfo->extraDataLen;		}	status = processCertQuery( sessionInfoPtr, &rewrittenHttpReqInfo,							   certstoreReadInfo, 							   FAILSAFE_ARRAYSIZE( certstoreReadInfo, /												   CERTSTORE_READ_INFO ),							   &operationType, NULL, 0, NULL );	if( cryptStatusError( status ) )		{		sendCertErrorResponse( sessionInfoPtr, status );		return( status );		}	ENSURES( operationType == SCEP_OPERATION_GETCACAPS || /			 operationType == SCEP_OPERATION_GETCACERT || /			 operationType == SCEP_OPERATION_GETCACERTCHAIN );	/* If it's a CA capabilities query, return the information as raw text	   over HTTP */	if( operationType == SCEP_OPERATION_GETCACAPS )		{		STREAM stream;		sMemOpen( &stream, sessionInfoPtr->receiveBuffer, 1024 );		status = swrite( &stream, "POSTPKIOperation/n", 17 );		if( algoAvailable( CRYPT_ALGO_SHA1 ) )			status = swrite( &stream, "SHA-1/n", 6 );		if( algoAvailable( CRYPT_ALGO_SHA2 ) )			status = swrite( &stream, "SHA-256/n", 8 );		if( algoAvailable( CRYPT_ALGO_SHAng ) )			status = swrite( &stream, "SHAng/n", 6 );		if( algoAvailable( CRYPT_ALGO_3DES ) )			status = swrite( &stream, "DES3/n", 5 );		if( algoAvailable( CRYPT_ALGO_AES ) )			status = swrite( &stream, "AES/n", 4 );		if( cryptStatusOK( status ) )			sessionInfoPtr->receiveBufEnd = stell( &stream );		sMemDisconnect( &stream );		ENSURES( cryptStatusOK( status ) );		return( writePkiDatagram( sessionInfoPtr, SCEP_CONTENT_TYPE,								  SCEP_CONTENT_TYPE_LEN ) );		}	/* Export the CA certificate and send it to the client */	setMessageData( &msgData, sessionInfoPtr->receiveBuffer,					sessionInfoPtr->receiveBufSize );	status = krnlSendMessage( sessionInfoPtr->privateKey,							  IMESSAGE_CRT_EXPORT, &msgData,							  ( operationType == SCEP_OPERATION_GETCACERT ) ? /								CRYPT_CERTFORMAT_CERTIFICATE : /								CRYPT_CERTFORMAT_CERTCHAIN );	if( cryptStatusError( status ) )		{		retExt( status,				( status, SESSION_ERRINFO, 				  "Couldn't export CA certificate%s for '%s' request", 				  ( operationType == SCEP_OPERATION_GETCACERT ) ? /					"" : " chain",				  ( operationType == SCEP_OPERATION_GETCACERT ) ? /					"GetCACert" : "GetCACertChain" ) );		}	sessionInfoPtr->receiveBufEnd = msgData.length;	if( operationType == SCEP_OPERATION_GETCACERT )		{		return( writePkiDatagram( sessionInfoPtr, 								  SCEP_CONTENT_TYPE_GETCACERT,								  SCEP_CONTENT_TYPE_GETCACERT_LEN ) );		}	return( writePkiDatagram( sessionInfoPtr, //.........这里部分代码省略.........

//.........这里部分代码省略.........  if (flags->position == POSITION_APPEND)    {      if (sseek (u->s, 0, SEEK_END) < 0)	generate_error (&opp->common, LIBERROR_OS, NULL);      u->endfile = AT_ENDFILE;    }  /* Unspecified recl ends up with a processor dependent value.  */  if ((opp->common.flags & IOPARM_OPEN_HAS_RECL_IN))    {      u->flags.has_recl = 1;      u->recl = opp->recl_in;      u->recl_subrecord = u->recl;      u->bytes_left = u->recl;    }  else    {      u->flags.has_recl = 0;      u->recl = max_offset;      if (compile_options.max_subrecord_length)	{	  u->recl_subrecord = compile_options.max_subrecord_length;	}      else	{	  switch (compile_options.record_marker)	    {	    case 0:	      /* Fall through */	    case sizeof (GFC_INTEGER_4):	      u->recl_subrecord = GFC_MAX_SUBRECORD_LENGTH;	      break;	    case sizeof (GFC_INTEGER_8):	      u->recl_subrecord = max_offset - 16;	      break;	    default:	      runtime_error ("Illegal value for record marker");	      break;	    }	}    }  /* If the file is direct access, calculate the maximum record number     via a division now instead of letting the multiplication overflow     later.  */  if (flags->access == ACCESS_DIRECT)    u->maxrec = max_offset / u->recl;    if (flags->access == ACCESS_STREAM)    {      u->maxrec = max_offset;      u->recl = 1;      u->bytes_left = 1;      u->strm_pos = stell (u->s) + 1;    }  memmove (u->file, opp->file, opp->file_len);  u->file_len = opp->file_len;  /* Curiously, the standard requires that the     position specifier be ignored for new files so a newly connected     file starts out at the initial point.  We still need to figure     out if the file is at the end or not.  */  test_endfile (u);  if (flags->status == STATUS_SCRATCH && opp->file != NULL)    free (opp->file);      if (flags->form == FORM_FORMATTED)    {      if ((opp->common.flags & IOPARM_OPEN_HAS_RECL_IN))        fbuf_init (u, u->recl);      else        fbuf_init (u, 0);    }  else    u->fbuf = NULL;          return u; cleanup:  /* Free memory associated with a temporary filename.  */  if (flags->status == STATUS_SCRATCH && opp->file != NULL)    free (opp->file); fail:  close_unit (u);  return NULL;}