自学教程：C++ BIO_free函数代码示例

//.........这里部分代码省略.........			return FALSE;		}		if (connect(tcp->sockfd, tmp->ai_addr, tmp->ai_addrlen) < 0) {			WLog_ERR(TAG, "connect: %s", strerror(errno));			freeaddrinfo(result);			return FALSE;		}		freeaddrinfo(result);		tcp->socketBio = BIO_new_socket(tcp->sockfd, BIO_NOCLOSE);		/* TODO: make sure the handshake is done by querying the bio */		//		if (BIO_should_retry(tcp->socketBio))		//          return FALSE;#endif /* NO_IPV6 */		if (status <= 0)		{#ifdef HAVE_POLL_H			pollfds.fd = tcp->sockfd;			pollfds.events = POLLOUT;			pollfds.revents = 0;			do			{				status = poll(&pollfds, 1, timeout * 1000);			}			while ((status < 0) && (errno == EINTR));#else			FD_ZERO(&cfds);			FD_SET(tcp->sockfd, &cfds);			tv.tv_sec = timeout;			tv.tv_usec = 0;			status = _select(tcp->sockfd + 1, NULL, &cfds, NULL, &tv);#endif			if (status == 0)			{				return FALSE; /* timeout */			}		}		(void)BIO_set_close(tcp->socketBio, BIO_NOCLOSE);		BIO_free(tcp->socketBio);		tcp->socketBio = BIO_new(BIO_s_simple_socket());		if (!tcp->socketBio)			return FALSE;		BIO_set_fd(tcp->socketBio, tcp->sockfd, BIO_CLOSE);	}	SetEventFileDescriptor(tcp->event, tcp->sockfd);	freerdp_tcp_get_ip_address(tcp);	freerdp_tcp_get_mac_address(tcp);	option_value = 1;	option_len = sizeof(option_value);	if (!tcp->ipcSocket)	{		if (setsockopt(tcp->sockfd, IPPROTO_TCP, TCP_NODELAY, (void*) &option_value, option_len) < 0)			WLog_ERR(TAG,  "unable to set TCP_NODELAY");	}	/* receive buffer must be a least 32 K */	if (getsockopt(tcp->sockfd, SOL_SOCKET, SO_RCVBUF, (void*) &option_value, &option_len) == 0)	{		if (option_value < (1024 * 32))		{			option_value = 1024 * 32;			option_len = sizeof(option_value);			if (setsockopt(tcp->sockfd, SOL_SOCKET, SO_RCVBUF, (void*) &option_value, option_len) < 0)			{				WLog_ERR(TAG,  "unable to set receive buffer len");				return FALSE;			}		}	}	if (!tcp->ipcSocket)	{		if (!freerdp_tcp_set_keep_alive_mode(tcp))			return FALSE;	}	tcp->bufferedBio = BIO_new(BIO_s_buffered_socket());	if (!tcp->bufferedBio)		return FALSE;	tcp->bufferedBio->ptr = tcp;	tcp->bufferedBio = BIO_push(tcp->bufferedBio, tcp->socketBio);	return TRUE;}

/* Return value: * SSL_OK: the SSL handle is created * SSL_ERROR: failed, call ossSSLERRGetError() & ossSSLERRGetErrorMessage() for reason */INT32 ossSSLNewHandle(SSLHandle** handle, SSLContext* ctx, SOCKET sock,                             const char* initialBytes, INT32 len){   SSLHandle* h = NULL;   SSL* ssl = NULL;   BIO* bufferBIO = NULL;   BIO* socketBIO = NULL;   INT32 ret = SSL_OK;   SSL_ASSERT(NULL != handle);   SSL_ASSERT(NULL != ctx);   SSL_ASSERT(len >= 0);   h = (SSLHandle*)OPENSSL_malloc(sizeof(SSLHandle));   if (NULL == h)   {      goto error;   }   _SSLHandleInit(h);   h->sock = sock;   ssl = SSL_new(ctx);   if (NULL == ssl)   {      goto error;   }   h->ssl = ssl;   if (0 == len)   {      /* there is no initial bytes, so we just set the socket to SSL */      ret = SSL_set_fd(ssl, sock);      if (!ret)      {         goto error;      }   }   else /* len > 0 */   {      SSL_ASSERT(NULL != initialBytes);      /*       * There are initial SSL bytes, so we should give these bytes to SSL by some way.       * Here we create a buffer BIO, and put these bytes to it.       * Then we create a socket BIO, and set a BIO chain to link        * the buffer and socket by BIO_push().       * Finally, we set the buffer to SSL instead of the socket.       *       * NOTE: when do SSL operations, it should explicitly flush the buffer.       */      bufferBIO = BIO_new(BIO_f_buffer());      if (NULL == bufferBIO)      {         goto error;      }      ret = BIO_set_buffer_read_data(bufferBIO, (void*)initialBytes, len);      if (!ret)      {         goto error;      }      socketBIO = BIO_new_socket(sock, BIO_NOCLOSE);      if (NULL == socketBIO)      {         goto error;      }      /* link socket to the buffer */      if (NULL == BIO_push(bufferBIO, socketBIO))      {         goto error;      }      /* SSL_free() will also free bufferBIO,       * so it's no need to free bufferBIO later when free the SSL handle.       */      SSL_set_bio(ssl, bufferBIO, bufferBIO);      /* hold the bufferBIO pointer so we can flush it when do SSL operations */      h->bufferBIO = bufferBIO;   }   *handle = h;   ret = SDB_OK;done:   return ret;error:   if (NULL != bufferBIO)   {      BIO_free(bufferBIO);   }   if (NULL != socketBIO)   {//.........这里部分代码省略.........

voidoutput_cert_info(X509 *cert, gf_io_t pc){    char    buf[256];    STORE_S *left,*right;    gf_io_t spc;    int len;            left = so_get(CharStar, NULL, EDIT_ACCESS);    right = so_get(CharStar, NULL, EDIT_ACCESS);    if(!(left && right))      return;    gf_set_so_writec(&spc, left);    if(!cert->cert_info){    	gf_puts("Couldn't find certificate info.", spc);	gf_puts(NEWLINE, spc);    }    else{	gf_puts_uline("Subject (whose certificate it is)", spc);	gf_puts(NEWLINE, spc);	output_X509_NAME(cert->cert_info->subject, spc);	gf_puts(NEWLINE, spc);	gf_puts_uline("Serial Number", spc);	gf_puts(NEWLINE, spc);	snprintf(buf, sizeof(buf), "%ld", ASN1_INTEGER_get(cert->cert_info->serialNumber));	gf_puts(buf, spc);	gf_puts(NEWLINE, spc);	gf_puts(NEWLINE, spc);	gf_puts_uline("Validity", spc);	gf_puts(NEWLINE, spc);    	{    	    BIO *mb = BIO_new(BIO_s_mem());	    char iobuf[4096];	    	    gf_puts("Not Before: ", spc);	    (void) BIO_reset(mb);	    ASN1_UTCTIME_print(mb, cert->cert_info->validity->notBefore);	    (void) BIO_flush(mb);	    while((len = BIO_read(mb, iobuf, sizeof(iobuf))) > 0)	      gf_nputs(iobuf, len, spc);	    gf_puts(NEWLINE, spc);	    gf_puts("Not After:  ", spc);	    (void) BIO_reset(mb);	    ASN1_UTCTIME_print(mb, cert->cert_info->validity->notAfter);	    (void) BIO_flush(mb);	    while((len = BIO_read(mb, iobuf, sizeof(iobuf))) > 0)	      gf_nputs(iobuf, len, spc);    	    	    gf_puts(NEWLINE, spc);	    gf_puts(NEWLINE, spc);	    	    	    BIO_free(mb);	}    }    gf_clear_so_writec(left);    gf_set_so_writec(&spc, right);    if(!cert->cert_info){    	gf_puts(_("Couldn't find certificate info."), spc);	gf_puts(NEWLINE, spc);    }    else{	gf_puts_uline("Issuer", spc);	gf_puts(NEWLINE, spc);	output_X509_NAME(cert->cert_info->issuer, spc);	gf_puts(NEWLINE, spc);    }        gf_clear_so_writec(right);        side_by_side(left, right, pc);    gf_puts_uline("SHA1 Fingerprint", pc);    gf_puts(NEWLINE, pc);    get_fingerprint(cert, EVP_sha1(), buf, sizeof(buf));    gf_puts(buf, pc);    gf_puts(NEWLINE, pc);    gf_puts_uline("MD5 Fingerprint", pc);    gf_puts(NEWLINE, pc);    get_fingerprint(cert, EVP_md5(), buf, sizeof(buf));    gf_puts(buf, pc);    gf_puts(NEWLINE, pc);        so_give(&left);    so_give(&right);}

//.........这里部分代码省略.........			{			ERR_print_errors(bio_err);			NCONF_free(config);			exit(1);			}		}	prog=prog_init();	/* first check the program name */	program_name(Argv[0],pname,sizeof pname);	f.name=pname;	fp=lh_FUNCTION_retrieve(prog,&f);	if (fp != NULL)		{		Argv[0]=pname;		ret=fp->func(Argc,Argv);		goto end;		}	/* ok, now check that there are not arguments, if there are,	 * run with them, shifting the ssleay off the front */	if (Argc != 1)		{		Argc--;		Argv++;		ret=do_cmd(prog,Argc,Argv);		if (ret < 0) ret=0;		goto end;		}	/* ok, lets enter the old 'OpenSSL>' mode */		for (;;)		{		ret=0;		p=buf;		n=sizeof buf;		i=0;		for (;;)			{			p[0]='/0';			if (i++)				prompt=">";			else	prompt="OpenSSL> ";			fputs(prompt,stdout);			fflush(stdout);			if (!fgets(p,n,stdin))				goto end;			if (p[0] == '/0') goto end;			i=strlen(p);			if (i <= 1) break;			if (p[i-2] != '//') break;			i-=2;			p+=i;			n-=i;			}		if (!chopup_args(&arg,buf,&argc,&argv)) break;		ret=do_cmd(prog,argc,argv);		if (ret < 0)			{			ret=0;			goto end;			}		if (ret != 0)			BIO_printf(bio_err,"error in %s/n",argv[0]);		(void)BIO_flush(bio_err);		}	BIO_printf(bio_err,"bad exit/n");	ret=1;end:	if (to_free)		OPENSSL_free(to_free);	if (config != NULL)		{		NCONF_free(config);		config=NULL;		}	if (prog != NULL) lh_FUNCTION_free(prog);	if (arg.data != NULL) OPENSSL_free(arg.data);	apps_shutdown();	CRYPTO_mem_leaks(bio_err);	if (bio_err != NULL)		{		BIO_free(bio_err);		bio_err=NULL;		}#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)	/* Free any duplicate Argv[] storage. */	if (free_Argv)		{		OPENSSL_free(Argv);		}#endif	OPENSSL_EXIT(ret);	}

static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr){    int *ip;    long ret = 1;    BIO_ACCEPT *data;    char **pp;    data = (BIO_ACCEPT *)b->ptr;    switch (cmd) {        case BIO_CTRL_RESET:            ret = 0;            data->state = ACPT_S_BEFORE;            acpt_close_socket(b);            b->flags = 0;            break;        case BIO_C_DO_STATE_MACHINE:            /* use this one to start the connection */            ret = (long)acpt_state(b, data);            break;        case BIO_C_SET_ACCEPT:            if (ptr != NULL) {                if (num == 0) {                    b->init = 1;                    free(data->param_addr);                    data->param_addr = strdup(ptr);                } else if (num == 1) {                    data->accept_nbio = (ptr != NULL);                } else if (num == 2) {                    BIO_free(data->bio_chain);                    data->bio_chain = (BIO *)ptr;                }            }            break;        case BIO_C_SET_NBIO:            data->nbio = (int)num;            break;        case BIO_C_SET_FD:            b->init = 1;            b->num = *((int *)ptr);            data->accept_sock = b->num;            data->state = ACPT_S_GET_ACCEPT_SOCKET;            b->shutdown = (int)num;            b->init = 1;            break;        case BIO_C_GET_FD:            if (b->init) {                ip = (int *)ptr;                if (ip != NULL)                    *ip = data->accept_sock;                ret = data->accept_sock;            } else                ret = -1;            break;        case BIO_C_GET_ACCEPT:            if (b->init) {                if (ptr != NULL) {                    pp = (char **)ptr;                    *pp = data->param_addr;                } else                    ret = -1;            } else                ret = -1;            break;        case BIO_CTRL_GET_CLOSE:            ret = b->shutdown;            break;        case BIO_CTRL_SET_CLOSE:            b->shutdown = (int)num;            break;        case BIO_CTRL_PENDING:        case BIO_CTRL_WPENDING:            ret = 0;            break;        case BIO_CTRL_FLUSH:            break;        case BIO_C_SET_BIND_MODE:            data->bind_mode = (int)num;            break;        case BIO_C_GET_BIND_MODE:            ret = (long)data->bind_mode;            break;        case BIO_CTRL_DUP:            /*        dbio=(BIO *)ptr;        if (data->param_port) EAY EAY            BIO_set_port(dbio,data->param_port);        if (data->param_hostname)            BIO_set_hostname(dbio,data->param_hostname);        BIO_set_nbio(dbio,data->nbio); */            break;        default:            ret = 0;            break;    }    return (ret);}

//.........这里部分代码省略.........	if (p == NULL)		p=to_free=make_config_name();	default_config_file=p;	config=NCONF_new(NULL);	i=NCONF_load(config,p,&errline);	if (i == 0)		{		NCONF_free(config);		config = NULL;		ERR_clear_error();		}	prog=prog_init();	/* first check the program name */	program_name(Argv[0],pname,sizeof pname);	f.name=pname;	fp=(FUNCTION *)lh_retrieve(prog,&f);	if (fp != NULL)		{		Argv[0]=pname;		ret=fp->func(Argc,Argv);		goto end;		}	/* ok, now check that there are not arguments, if there are,	 * run with them, shifting the ssleay off the front */	if (Argc != 1)		{		Argc--;		Argv++;		ret=do_cmd(prog,Argc,Argv);		if (ret < 0) ret=0;		goto end;		}	/* ok, lets enter the old 'OpenSSL>' mode */		for (;;)		{		ret=0;		p=buf;		n=sizeof buf;		i=0;		for (;;)			{			p[0]='/0';			if (i++)				prompt=">";			else	prompt="OpenSSL> ";			fputs(prompt,stdout);			fflush(stdout);			fgets(p,n,stdin);			if (p[0] == '/0') goto end;			i=strlen(p);			if (i <= 1) break;			if (p[i-2] != '//') break;			i-=2;			p+=i;			n-=i;			}		if (!chopup_args(&arg,buf,&argc,&argv)) break;		ret=do_cmd(prog,argc,argv);		if (ret < 0)			{			ret=0;			goto end;			}		if (ret != 0)			BIO_printf(bio_err,"error in %s/n",argv[0]);		(void)BIO_flush(bio_err);		}	BIO_printf(bio_err,"bad exit/n");	ret=1;end:	if (to_free)		OPENSSL_free(to_free);	if (config != NULL)		{		NCONF_free(config);		config=NULL;		}	if (prog != NULL) lh_free(prog);	if (arg.data != NULL) OPENSSL_free(arg.data);	apps_shutdown();	CRYPTO_mem_leaks(bio_err);	if (bio_err != NULL)		{		BIO_free(bio_err);		bio_err=NULL;		}	OPENSSL_EXIT(ret);	return ret;}

int main(int argc, char *argv[]){    char *port = NULL;    BIO *in = NULL;    BIO *ssl_bio, *tmp;    SSL_CTX *ctx;    char buf[512];    int ret = 1, i;    if (argc <= 1)        port = "*:4433";    else        port = argv[1];    SSL_load_error_strings();    /* Add ciphers and message digests */    OpenSSL_add_ssl_algorithms();    ctx = SSL_CTX_new(TLS_server_method());    if (!SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE))        goto err;    if (!SSL_CTX_use_PrivateKey_file(ctx, CERT_FILE, SSL_FILETYPE_PEM))        goto err;    if (!SSL_CTX_check_private_key(ctx))        goto err;    /* Setup server side SSL bio */    ssl_bio = BIO_new_ssl(ctx, 0);    if ((in = BIO_new_accept(port)) == NULL)        goto err;    /*     * This means that when a new connection is accepted on 'in', The ssl_bio     * will be 'duplicated' and have the new socket BIO push into it.     * Basically it means the SSL BIO will be automatically setup     */    BIO_set_accept_bios(in, ssl_bio);    /* Arrange to leave server loop on interrupt */    sigsetup(); again:    /*     * The first call will setup the accept socket, and the second will get a     * socket.  In this loop, the first actual accept will occur in the     * BIO_read() function.     */    if (BIO_do_accept(in) <= 0)        goto err;    while (!done) {        i = BIO_read(in, buf, 512);        if (i == 0) {            /*             * If we have finished, remove the underlying BIO stack so the             * next time we call any function for this BIO, it will attempt             * to do an accept             */            printf("Done/n");            tmp = BIO_pop(in);            BIO_free_all(tmp);            goto again;        }        if (i < 0)            goto err;        fwrite(buf, 1, i, stdout);        fflush(stdout);    }    ret = 0; err:    if (ret) {        ERR_print_errors_fp(stderr);    }    BIO_free(in);    exit(ret);    return (!ret);}

//--------------------------------------------------------------------------------------------------le_result_t secSocket_AddCertificate(    secSocket_Ctx_t*  ctxPtr,           ///< [INOUT] Secure socket context pointer    const uint8_t*    certificatePtr,   ///< [IN] Certificate Pointer    size_t            certificateLen    ///< [IN] Certificate Length){    X509_STORE *store = NULL;    X509 *cert = NULL;    BIO *bio = NULL;    le_result_t status = LE_FAULT;    le_clk_Time_t currentTime;    // Check input parameters    if ((!ctxPtr) || (!certificatePtr) || (!certificateLen))    {        return LE_BAD_PARAMETER;    }    OpensslCtx_t* contextPtr = GetContext(ctxPtr);    if (!contextPtr)    {        return LE_BAD_PARAMETER;    }    LE_INFO("Certificate: %p Len:%zu", certificatePtr, certificateLen);    // Get a BIO abstraction pointer    bio = BIO_new_mem_buf((void*)certificatePtr, certificateLen);    if (!bio)    {        LE_ERROR("Unable to allocate BIO pointer");        goto end;    }    // Read the DER formatted certificate from memory into an X509 structure    cert = d2i_X509(NULL, &certificatePtr, certificateLen);    if (!cert)    {        LE_ERROR("Unable to read certificate");        goto end;    }    // Check certificate validity    currentTime = le_clk_GetAbsoluteTime();    if ((X509_cmp_time(X509_get_notBefore(cert), &currentTime.sec) >= 0)  ||        (X509_cmp_time(X509_get_notAfter(cert), &currentTime.sec) <= 0))    {        LE_ERROR("Current certificate expired, please add a valid certificate");        status = LE_FORMAT_ERROR;        goto end;    }    // Get a pointer to the current certificate verification pool    store = SSL_CTX_get_cert_store(contextPtr->sslCtxPtr);    if (!store)    {        LE_ERROR("Unable to get a pointer to the X509 certificate");        goto end;    }    // Add certificate to the verification pool    if (!X509_STORE_add_cert(store, cert))    {        LE_ERROR("Unable to add certificate to pool");        goto end;    }    status = LE_OK;end:    if (cert)    {        X509_free(cert);    }    if (bio)    {        BIO_free(bio);    }    return status;}

extern "C" int32_t BioDestroy(BIO* a){    return BIO_free(a);}

inttls_configure_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,    struct tls_keypair *keypair, int required){	EVP_PKEY *pkey = NULL;	X509 *cert = NULL;	BIO *bio = NULL;	if (!required &&	    keypair->cert_mem == NULL &&	    keypair->key_mem == NULL &&	    keypair->cert_file == NULL &&	    keypair->key_file == NULL)		return(0);	if (keypair->cert_mem != NULL) {		if (keypair->cert_len > INT_MAX) {			tls_set_errorx(ctx, "certificate too long");			goto err;		}		if (SSL_CTX_use_certificate_chain_mem(ssl_ctx,		    keypair->cert_mem, keypair->cert_len) != 1) {			tls_set_errorx(ctx, "failed to load certificate");			goto err;		}		cert = NULL;	}	if (keypair->key_mem != NULL) {		if (keypair->key_len > INT_MAX) {			tls_set_errorx(ctx, "key too long");			goto err;		}		if ((bio = BIO_new_mem_buf(keypair->key_mem,		    keypair->key_len)) == NULL) {			tls_set_errorx(ctx, "failed to create buffer");			goto err;		}		if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL,		    NULL)) == NULL) {			tls_set_errorx(ctx, "failed to read private key");			goto err;		}		if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) {			tls_set_errorx(ctx, "failed to load private key");			goto err;		}		BIO_free(bio);		bio = NULL;		EVP_PKEY_free(pkey);		pkey = NULL;	}	if (keypair->cert_file != NULL) {		if (SSL_CTX_use_certificate_chain_file(ssl_ctx,		    keypair->cert_file) != 1) {			tls_set_errorx(ctx, "failed to load certificate file");			goto err;		}	}	if (keypair->key_file != NULL) {		if (SSL_CTX_use_PrivateKey_file(ssl_ctx,		    keypair->key_file, SSL_FILETYPE_PEM) != 1) {			tls_set_errorx(ctx, "failed to load private key file");			goto err;		}	}	if (SSL_CTX_check_private_key(ssl_ctx) != 1) {		tls_set_errorx(ctx, "private/public key mismatch");		goto err;	}	return (0); err:	EVP_PKEY_free(pkey);	X509_free(cert);	BIO_free(bio);	return (1);}

int main (int argc, char **argv){    BIO *in = NULL, *out = NULL, *tbio = NULL;    X509 *scert = NULL;    EVP_PKEY *skey = NULL;    CMS_ContentInfo *cms = NULL;    int ret = 1;    /* For simple S/MIME signing use CMS_DETACHED.     * On OpenSSL 1.0.0 only:     * for streaming detached set CMS_DETACHED|CMS_STREAM     * for streaming non-detached set CMS_STREAM     */    int flags = CMS_DETACHED | CMS_STREAM;    OpenSSL_add_all_algorithms ();    ERR_load_crypto_strings ();    /* Read in signer certificate and private key */    tbio = BIO_new_file ("signer.pem", "r");    if (!tbio)        goto err;    scert = PEM_read_bio_X509 (tbio, NULL, 0, NULL);    BIO_reset (tbio);    skey = PEM_read_bio_PrivateKey (tbio, NULL, 0, NULL);    if (!scert || !skey)        goto err;    /* Open content being signed */    in = BIO_new_file ("sign.txt", "r");    if (!in)        goto err;    /* Sign content */    cms = CMS_sign (scert, skey, NULL, in, flags);    if (!cms)        goto err;    out = BIO_new_file ("smout.txt", "w");    if (!out)        goto err;    if (!(flags & CMS_STREAM))        BIO_reset (in);    /* Write out S/MIME message */    if (!SMIME_write_CMS (out, cms, in, flags))        goto err;    ret = 0;  err:    if (ret)    {        fprintf (stderr, "Error Signing Data/n");        ERR_print_errors_fp (stderr);    }    if (cms)        CMS_ContentInfo_free (cms);    if (scert)        X509_free (scert);    if (skey)        EVP_PKEY_free (skey);    if (in)        BIO_free (in);    if (out)        BIO_free (out);    if (tbio)        BIO_free (tbio);    return ret;}

//.........这里部分代码省略.........            pubin = 1;            pubout = 1;            pubtext = 1;        } else if (strcmp(*args, "-pubout") == 0)            pubout = 1;        else if (strcmp(*args, "-text_pub") == 0) {            pubtext = 1;            text = 1;        } else if (strcmp(*args, "-text") == 0)            text = 1;        else if (strcmp(*args, "-noout") == 0)            noout = 1;        else {            cipher = EVP_get_cipherbyname(*args + 1);            if (!cipher) {                BIO_printf(bio_err, "Unknown cipher %s/n",                           *args + 1);                badarg = 1;            }        }        args++;    }    if (badarg) {bad:        BIO_printf(bio_err, "Usage pkey [options]/n");        BIO_printf(bio_err, "where options are/n");        BIO_printf(bio_err, "-in file        input file/n");        BIO_printf(bio_err, "-inform X       input format (DER or PEM)/n");        BIO_printf(bio_err, "-passin arg     input file pass phrase source/n");        BIO_printf(bio_err, "-outform X      output format (DER or PEM)/n");        BIO_printf(bio_err, "-out file       output file/n");        BIO_printf(bio_err, "-passout arg    output file pass phrase source/n");#ifndef OPENSSL_NO_ENGINE        BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device./n");#endif        return 1;    }#ifndef OPENSSL_NO_ENGINE    e = setup_engine(bio_err, engine, 0);#endif    if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {        BIO_printf(bio_err, "Error getting passwords/n");        goto end;    }    if (outfile) {        if (!(out = BIO_new_file(outfile, "wb"))) {            BIO_printf(bio_err,                       "Can't open output file %s/n", outfile);            goto end;        }    } else {        out = BIO_new_fp(stdout, BIO_NOCLOSE);    }    if (pubin)        pkey = load_pubkey(bio_err, infile, informat, 1,                           passin, e, "Public Key");    else        pkey = load_key(bio_err, infile, informat, 1,                        passin, e, "key");    if (!pkey)        goto end;    if (!noout) {        if (outformat == FORMAT_PEM) {            if (pubout)                PEM_write_bio_PUBKEY(out, pkey);            else                PEM_write_bio_PrivateKey(out, pkey, cipher,                                         NULL, 0, NULL, passout);        } else if (outformat == FORMAT_ASN1) {            if (pubout)                i2d_PUBKEY_bio(out, pkey);            else                i2d_PrivateKey_bio(out, pkey);        } else {            BIO_printf(bio_err, "Bad format specified for key/n");            goto end;        }    }    if (text) {        if (pubtext)            EVP_PKEY_print_public(out, pkey, 0, NULL);        else            EVP_PKEY_print_private(out, pkey, 0, NULL);    }    ret = 0;end:    EVP_PKEY_free(pkey);    BIO_free_all(out);    BIO_free(in);    free(passin);    free(passout);    return ret;}

//.........这里部分代码省略.........    argc = opt_num_rest();    if (argc != 0)        goto opthelp;    in = bio_open_default(infile, 'r', informat);    if (in == NULL)        goto end;    if (informat == FORMAT_ASN1)        p7 = d2i_PKCS7_bio(in, NULL);    else        p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);    if (p7 == NULL) {        BIO_printf(bio_err, "unable to load PKCS7 object/n");        ERR_print_errors(bio_err);        goto end;    }    out = bio_open_default(outfile, 'w', outformat);    if (out == NULL)        goto end;    if (p7_print)        PKCS7_print_ctx(out, p7, 0, NULL);    if (print_certs) {        STACK_OF(X509) *certs = NULL;        STACK_OF(X509_CRL) *crls = NULL;        i = OBJ_obj2nid(p7->type);        switch (i) {        case NID_pkcs7_signed:            if (p7->d.sign != NULL) {                certs = p7->d.sign->cert;                crls = p7->d.sign->crl;            }            break;        case NID_pkcs7_signedAndEnveloped:            if (p7->d.signed_and_enveloped != NULL) {                certs = p7->d.signed_and_enveloped->cert;                crls = p7->d.signed_and_enveloped->crl;            }            break;        default:            break;        }        if (certs != NULL) {            X509 *x;            for (i = 0; i < sk_X509_num(certs); i++) {                x = sk_X509_value(certs, i);                if (text)                    X509_print(out, x);                else                    dump_cert_text(out, x);                if (!noout)                    PEM_write_bio_X509(out, x);                BIO_puts(out, "/n");            }        }        if (crls != NULL) {            X509_CRL *crl;            for (i = 0; i < sk_X509_CRL_num(crls); i++) {                crl = sk_X509_CRL_value(crls, i);                X509_CRL_print(out, crl);                if (!noout)                    PEM_write_bio_X509_CRL(out, crl);                BIO_puts(out, "/n");            }        }        ret = 0;        goto end;    }    if (!noout) {        if (outformat == FORMAT_ASN1)            i = i2d_PKCS7_bio(out, p7);        else            i = PEM_write_bio_PKCS7(out, p7);        if (!i) {            BIO_printf(bio_err, "unable to write pkcs7 object/n");            ERR_print_errors(bio_err);            goto end;        }    }    ret = 0; end:    PKCS7_free(p7);    release_engine(e);    BIO_free(in);    BIO_free_all(out);    return (ret);}

//.........这里部分代码省略.........    char **args = argv + 1;    const char *connect_str = "localhost:4433";    int nargs = argc - 1;    ERR_load_crypto_strings();    ERR_load_SSL_strings();    SSL_library_init();    ctx = SSL_CTX_new(TLS_client_method());    cctx = SSL_CONF_CTX_new();    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);    SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);    while (*args && **args == '-') {        int rv;        /* Parse standard arguments */        rv = SSL_CONF_cmd_argv(cctx, &nargs, &args);        if (rv == -3) {            fprintf(stderr, "Missing argument for %s/n", *args);            goto end;        }        if (rv < 0) {            fprintf(stderr, "Error in command %s/n", *args);            ERR_print_errors_fp(stderr);            goto end;        }        /* If rv > 0 we processed something so proceed to next arg */        if (rv > 0)            continue;        /* Otherwise application specific argument processing */        if (strcmp(*args, "-connect") == 0) {            connect_str = args[1];            if (connect_str == NULL) {                fprintf(stderr, "Missing -connect argument/n");                goto end;            }            args += 2;            nargs -= 2;            continue;        } else {            fprintf(stderr, "Unknown argument %s/n", *args);            goto end;        }    }    if (!SSL_CONF_CTX_finish(cctx)) {        fprintf(stderr, "Finish error/n");        ERR_print_errors_fp(stderr);        goto end;    }    /*     * We'd normally set some stuff like the verify paths and * mode here     * because as things stand this will connect to * any server whose     * certificate is signed by any CA.     */    sbio = BIO_new_ssl_connect(ctx);    BIO_get_ssl(sbio, &ssl);    if (!ssl) {        fprintf(stderr, "Can't locate SSL pointer/n");        goto end;    }    /* Don't want any retries */    SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);    /* We might want to do other things with ssl here */    BIO_set_conn_hostname(sbio, connect_str);    out = BIO_new_fp(stdout, BIO_NOCLOSE);    if (BIO_do_connect(sbio) <= 0) {        fprintf(stderr, "Error connecting to server/n");        ERR_print_errors_fp(stderr);        goto end;    }    if (BIO_do_handshake(sbio) <= 0) {        fprintf(stderr, "Error establishing SSL connection/n");        ERR_print_errors_fp(stderr);        goto end;    }    /* Could examine ssl here to get connection info */    BIO_puts(sbio, "GET / HTTP/1.0/n/n");    for (;;) {        len = BIO_read(sbio, tmpbuf, 1024);        if (len <= 0)            break;        BIO_write(out, tmpbuf, len);    } end:    SSL_CONF_CTX_free(cctx);    BIO_free_all(sbio);    BIO_free(out);    return 0;}

//.........这里部分代码省略.........        BN_rand(a, NUM_BITS + c, 0, 0);        RAND_bytes(&c, 1);        c = (c % BN_BITS) - BN_BITS2;        BN_rand(b, NUM_BITS + c, 0, 0);        RAND_bytes(&c, 1);        c = (c % BN_BITS) - BN_BITS2;        BN_rand(m, NUM_BITS + c, 0, 1);        BN_mod(a, a, m, ctx);        BN_mod(b, b, m, ctx);        ret = BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL);        if (ret <= 0) {            printf("BN_mod_exp_mont() problems/n");            ERR_print_errors(out);            EXIT(1);        }        ret = BN_mod_exp_recp(r_recp, a, b, m, ctx);        if (ret <= 0) {            printf("BN_mod_exp_recp() problems/n");            ERR_print_errors(out);            EXIT(1);        }        ret = BN_mod_exp_simple(r_simple, a, b, m, ctx);        if (ret <= 0) {            printf("BN_mod_exp_simple() problems/n");            ERR_print_errors(out);            EXIT(1);        }        ret = BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL);        if (ret <= 0) {            printf("BN_mod_exp_mont_consttime() problems/n");            ERR_print_errors(out);            EXIT(1);        }        if (BN_cmp(r_simple, r_mont) == 0            && BN_cmp(r_simple, r_recp) == 0            && BN_cmp(r_simple, r_mont_const) == 0) {            printf(".");            fflush(stdout);        } else {            if (BN_cmp(r_simple, r_mont) != 0)                printf("/nsimple and mont results differ/n");            if (BN_cmp(r_simple, r_mont_const) != 0)                printf("/nsimple and mont const time results differ/n");            if (BN_cmp(r_simple, r_recp) != 0)                printf("/nsimple and recp results differ/n");            printf("a (%3d) = ", BN_num_bits(a));            BN_print(out, a);            printf("/nb (%3d) = ", BN_num_bits(b));            BN_print(out, b);            printf("/nm (%3d) = ", BN_num_bits(m));            BN_print(out, m);            printf("/nsimple   =");            BN_print(out, r_simple);            printf("/nrecp     =");            BN_print(out, r_recp);            printf("/nmont     =");            BN_print(out, r_mont);            printf("/nmont_ct  =");            BN_print(out, r_mont_const);            printf("/n");            EXIT(1);        }    }    BN_free(r_mont);    BN_free(r_mont_const);    BN_free(r_recp);    BN_free(r_simple);    BN_free(a);    BN_free(b);    BN_free(m);    BN_CTX_free(ctx);    ERR_remove_thread_state(NULL);    CRYPTO_mem_leaks(out);    BIO_free(out);    printf("/n");    if (test_exp_mod_zero() != 0)        goto err;    printf("done/n");    EXIT(0); err:    ERR_load_crypto_strings();    ERR_print_errors(out);#ifdef OPENSSL_SYS_NETWARE    printf("ERROR/n");#endif    EXIT(1);    return (1);}

//.........这里部分代码省略.........			NCONF_free(config);			exit(1);		}	}	if (!load_config(bio_err, NULL)) {		BIO_printf(bio_err, "failed to load configuration/n");		goto end;	}	prog = prog_init();	/* first check the program name */	program_name(argv[0], pname, sizeof pname);	f.name = pname;	fp = lh_FUNCTION_retrieve(prog, &f);	if (fp != NULL) {		argv[0] = pname;		single_execution = 1;		ret = fp->func(argc, argv);		goto end;	}	/*	 * ok, now check that there are not arguments, if there are, run with	 * them, shifting the ssleay off the front	 */	if (argc != 1) {		argc--;		argv++;		single_execution = 1;		ret = do_cmd(prog, argc, argv);		if (ret < 0)			ret = 0;		goto end;	}	/* ok, lets enter the old 'OpenSSL>' mode */	for (;;) {		ret = 0;		p = buf;		n = sizeof buf;		i = 0;		for (;;) {			p[0] = '/0';			if (i++)				prompt = ">";			else				prompt = "OpenSSL> ";			fputs(prompt, stdout);			fflush(stdout);			if (!fgets(p, n, stdin))				goto end;			if (p[0] == '/0')				goto end;			i = strlen(p);			if (i <= 1)				break;			if (p[i - 2] != '//')				break;			i -= 2;			p += i;			n -= i;		}		if (!chopup_args(&arg, buf, &argc, &argv))			break;		ret = do_cmd(prog, argc, argv);		if (ret < 0) {			ret = 0;			goto end;		}		if (ret != 0)			BIO_printf(bio_err, "error in %s/n", argv[0]);		(void) BIO_flush(bio_err);	}	BIO_printf(bio_err, "bad exit/n");	ret = 1;end:	free(to_free);	if (config != NULL) {		NCONF_free(config);		config = NULL;	}	if (prog != NULL)		lh_FUNCTION_free(prog);	free(arg.data);	openssl_shutdown();	if (bio_err != NULL) {		BIO_free(bio_err);		bio_err = NULL;	}	return (ret);}

static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))	{	int to_return = 1;	switch(cmd)		{	case HWCRHK_CMD_SO_PATH:		if(hwcrhk_dso)			{			HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_ALREADY_LOADED);			return 0;			}		if(p == NULL)			{			HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER);			return 0;			}		return set_HWCRHK_LIBNAME((const char *)p);	case ENGINE_CTRL_SET_LOGSTREAM:		{		BIO *bio = (BIO *)p;		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);		if (logstream)			{			BIO_free(logstream);			logstream = NULL;			}		if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)			logstream = bio;		else			HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_BIO_WAS_FREED);		}		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);		break;	case ENGINE_CTRL_SET_PASSWORD_CALLBACK:		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);		password_context.password_callback = (pem_password_cb *)f;		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);		break;	case ENGINE_CTRL_SET_USER_INTERFACE:	case HWCRHK_CMD_SET_USER_INTERFACE:		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);		password_context.ui_method = (UI_METHOD *)p;		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);		break;	case ENGINE_CTRL_SET_CALLBACK_DATA:	case HWCRHK_CMD_SET_CALLBACK_DATA:		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);		password_context.callback_data = p;		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);		break;	/* this enables or disables the "SimpleForkCheck" flag used in the	 * initialisation structure. */	case ENGINE_CTRL_CHIL_SET_FORKCHECK:	case HWCRHK_CMD_FORK_CHECK:		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);		if(i)			hwcrhk_globals.flags |=				HWCryptoHook_InitFlags_SimpleForkCheck;		else			hwcrhk_globals.flags &=				~HWCryptoHook_InitFlags_SimpleForkCheck;		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);		break;	/* This will prevent the initialisation function from "installing"	 * the mutex-handling callbacks, even if they are available from	 * within the library (or were provided to the library from the	 * calling application). This is to remove any baggage for	 * applications not using multithreading. */	case ENGINE_CTRL_CHIL_NO_LOCKING:		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);		disable_mutex_callbacks = 1;		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);		break;	case HWCRHK_CMD_THREAD_LOCKING:		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);		disable_mutex_callbacks = ((i == 0) ? 0 : 1);		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);		break;	/* The command isn't understood by this engine */	default:		HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,			HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);		to_return = 0;		break;		}	return to_return;	}

//.........这里部分代码省略.........			RSA_get0_key(rsa, &rsa_n, &rsa_e, NULL);			if (!do_convert_bignum(&dst->modulus, rsa_n)			 || !do_convert_bignum(&dst->exponent, rsa_e))				goto out;		}		r = sc_pkcs15_encode_pubkey(ctx, &key, &pdata, &lg);		if(r) goto out;		printf("Public key length %"SC_FORMAT_LEN_SIZE_T"d/n", lg);		sc_format_path("3F000002", &path);		r = sc_select_file(card, &path, NULL);		if(r) goto out;		printf("Write public key./n");		r = sc_update_binary(card,0,pdata,lg,0);		if(r<0) goto out;		printf("Public key correctly written./n");	}	if(cert)	{		BIO *bio;		X509 *xp;		u8 *pdata;		bio = BIO_new(BIO_s_file());		if (BIO_read_filename(bio, cert) <= 0)		{			BIO_free(bio);			printf("Can't open file %s./n", cert);			goto out;		}		xp = PEM_read_bio_X509(bio, NULL, NULL, NULL);		BIO_free(bio);		if (xp == NULL)		{			print_openssl_error();			goto out;		}		else		{			int lg = cert2der(xp, &pdata);			sc_format_path("0002", &path);			r = sc_select_file(card, &path, NULL);			if(r) goto out;			/* FIXME: verify if the file has a compatible size... */			printf("Write certificate %s./n", cert);			r = sc_update_binary(card,0,pdata,lg,0);			if(r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED)			{				if(verify_pin(card, 0, pin))				{					printf("Wrong pin./n");				}				else				{					r = sc_update_binary(card,0,pdata,lg,0);				}

//.........这里部分代码省略.........	if (operation == SMIME_ENCRYPT)		p7 = PKCS7_encrypt(encerts, in, cipher, flags);	else if (operation == SMIME_SIGN)		{		/* If detached data and SMIME output enable partial		 * signing.		 */		if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))			flags |= PKCS7_STREAM;		p7 = PKCS7_sign(signer, key, other, in, flags);		}	else		{		if (informat == FORMAT_SMIME) 			p7 = SMIME_read_PKCS7(in, &indata);		else if (informat == FORMAT_PEM) 			p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);		else if (informat == FORMAT_ASN1) 			p7 = d2i_PKCS7_bio(in, NULL);		else			{			BIO_printf(bio_err, "Bad input format for PKCS#7 file/n");			goto end;			}		if (!p7)			{			BIO_printf(bio_err, "Error reading S/MIME message/n");			goto end;			}		if (contfile)			{			BIO_free(indata);			if (!(indata = BIO_new_file(contfile, "rb")))				{				BIO_printf(bio_err, "Can't read content file %s/n", contfile);				goto end;				}			}		}	if (!p7)		{		BIO_printf(bio_err, "Error creating PKCS#7 structure/n");		goto end;		}	ret = 4;	if (operation == SMIME_DECRYPT)		{		if (!PKCS7_decrypt(p7, key, recip, out, flags))			{			BIO_printf(bio_err, "Error decrypting PKCS#7 structure/n");			goto end;			}		}	else if (operation == SMIME_VERIFY)		{		STACK_OF(X509) *signers;		if (PKCS7_verify(p7, other, store, indata, out, flags))			BIO_printf(bio_err, "Verification successful/n");		else			{			BIO_printf(bio_err, "Verification failure/n");			goto end;

int tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname, int port){	int match;	int index;	char* common_name = NULL;	int common_name_length = 0;	char** alt_names = NULL;	int alt_names_count = 0;	int* alt_names_lengths = NULL;	BOOL certificate_status;	BOOL hostname_match = FALSE;	BOOL verification_status = FALSE;	rdpCertificateData* certificate_data;	if (tls->settings->ExternalCertificateManagement)	{		BIO* bio;		int status;		int length;		int offset;		BYTE* pemCert;		freerdp* instance = (freerdp*) tls->settings->instance;		/**		 * Don't manage certificates internally, leave it up entirely to the external client implementation		 */		bio = BIO_new(BIO_s_mem());				if (!bio)		{			WLog_ERR(TAG,  "BIO_new() failure");			return -1;		}		status = PEM_write_bio_X509(bio, cert->px509);		if (status < 0)		{			WLog_ERR(TAG,  "PEM_write_bio_X509 failure: %d", status);			return -1;		}				offset = 0;		length = 2048;		pemCert = (BYTE*) malloc(length + 1);		status = BIO_read(bio, pemCert, length);				if (status < 0)		{			WLog_ERR(TAG,  "failed to read certificate");			return -1;		}				offset += status;		while (offset >= length)		{			length *= 2;			pemCert = (BYTE*) realloc(pemCert, length + 1);			status = BIO_read(bio, &pemCert[offset], length);			if (status < 0)				break;			offset += status;		}		if (status < 0)		{			WLog_ERR(TAG,  "failed to read certificate");			return -1;		}				length = offset;		pemCert[length] = '/0';		status = -1;				if (instance->VerifyX509Certificate)		{			status = instance->VerifyX509Certificate(instance, pemCert, length, hostname, port, tls->isGatewayTransport);		}				WLog_ERR(TAG,  "(length = %d) status: %d%s",	length, status, pemCert);		free(pemCert);		BIO_free(bio);		if (status < 0)			return -1;		return (status == 0) ? 0 : 1;	}	/* ignore certificate verification if user explicitly required it (discouraged) */	if (tls->settings->IgnoreCertificate)		return 1;  /* success! *///.........这里部分代码省略.........

/*  call-seq: *     OpenSSL::PKey::EC.new() *     OpenSSL::PKey::EC.new(ec_key) *     OpenSSL::PKey::EC.new(ec_group) *     OpenSSL::PKey::EC.new("secp112r1") *     OpenSSL::PKey::EC.new(pem_string) *     OpenSSL::PKey::EC.new(pem_string [, pwd]) *     OpenSSL::PKey::EC.new(der_string) * *  See the OpenSSL documentation for: *     EC_KEY_* */static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self){    EVP_PKEY *pkey;    EC_KEY *ec = NULL;    VALUE arg, pass;    VALUE group = Qnil;    char *passwd = NULL;    GetPKey(self, pkey);    if (pkey->pkey.ec)        ossl_raise(eECError, "EC_KEY already initialized");    rb_scan_args(argc, argv, "02", &arg, &pass);    if (NIL_P(arg)) {        ec = EC_KEY_new();    } else {        if (rb_obj_is_kind_of(arg, cEC)) {            EC_KEY *other_ec = NULL;            SafeRequire_EC_KEY(arg, other_ec);            ec = EC_KEY_dup(other_ec);        } else if (rb_obj_is_kind_of(arg, cEC_GROUP)) {        	ec = EC_KEY_new();        	group = arg;        } else {            BIO *in = ossl_obj2bio(arg);            if (!NIL_P(pass)) {		passwd = StringValuePtr(pass);	    }	    ec = PEM_read_bio_ECPrivateKey(in, NULL, ossl_pem_passwd_cb, passwd);            if (!ec) {		OSSL_BIO_reset(in);		ec = PEM_read_bio_EC_PUBKEY(in, NULL, ossl_pem_passwd_cb, passwd);            }            if (!ec) {		OSSL_BIO_reset(in);                ec = d2i_ECPrivateKey_bio(in, NULL);            }            if (!ec) {		OSSL_BIO_reset(in);                ec = d2i_EC_PUBKEY_bio(in, NULL);            }            BIO_free(in);            if (ec == NULL) {                const char *name = StringValueCStr(arg);                int nid = OBJ_sn2nid(name);                (void)ERR_get_error();                if (nid == NID_undef)                    ossl_raise(eECError, "unknown curve name (%s)/n", name);                if ((ec = EC_KEY_new_by_curve_name(nid)) == NULL)                    ossl_raise(eECError, "unable to create curve (%s)/n", name);                EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);                EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);            }        }    }    if (ec == NULL)        ossl_raise(eECError, NULL);    if (!EVP_PKEY_assign_EC_KEY(pkey, ec)) {	EC_KEY_free(ec);	ossl_raise(eECError, "EVP_PKEY_assign_EC_KEY");    }    rb_iv_set(self, "@group", Qnil);    if (!NIL_P(group))        rb_funcall(self, rb_intern("group="), 1, arg);    return self;}

static int acpt_state(BIO *b, BIO_ACCEPT *c){    BIO *bio = NULL, *dbio;    int s = -1;    int i;again:    switch (c->state) {        case ACPT_S_BEFORE:            if (c->param_addr == NULL) {                BIOerr(BIO_F_ACPT_STATE, BIO_R_NO_ACCEPT_PORT_SPECIFIED);                return (-1);            }            s = BIO_get_accept_socket(c->param_addr, c->bind_mode);            if (s == INVALID_SOCKET)                return (-1);            if (c->accept_nbio) {                if (!BIO_socket_nbio(s, 1)) {                    close(s);                    BIOerr(BIO_F_ACPT_STATE, BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);                    return (-1);                }            }            c->accept_sock = s;            b->num = s;            c->state = ACPT_S_GET_ACCEPT_SOCKET;            return (1);        /* break; */        case ACPT_S_GET_ACCEPT_SOCKET:            if (b->next_bio != NULL) {                c->state = ACPT_S_OK;                goto again;            }            BIO_clear_retry_flags(b);            b->retry_reason = 0;            i = BIO_accept(c->accept_sock, &(c->addr));            /* -2 return means we should retry */            if (i == -2) {                BIO_set_retry_special(b);                b->retry_reason = BIO_RR_ACCEPT;                return -1;            }            if (i < 0)                return (i);            bio = BIO_new_socket(i, BIO_CLOSE);            if (bio == NULL)                goto err;            BIO_set_callback(bio, BIO_get_callback(b));            BIO_set_callback_arg(bio, BIO_get_callback_arg(b));            if (c->nbio) {                if (!BIO_socket_nbio(i, 1)) {                    BIOerr(BIO_F_ACPT_STATE, BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);                    goto err;                }            }            /* If the accept BIO has an bio_chain, we dup it and             * put the new socket at the end. */            if (c->bio_chain != NULL) {                if ((dbio = BIO_dup_chain(c->bio_chain)) == NULL)                    goto err;                if (!BIO_push(dbio, bio))                    goto err;                bio = dbio;            }            if (BIO_push(b, bio) == NULL)                goto err;            c->state = ACPT_S_OK;            return (1);        err:            BIO_free(bio);            if (s >= 0)                close(s);            return (0);        /* break; */        case ACPT_S_OK:            if (b->next_bio == NULL) {                c->state = ACPT_S_GET_ACCEPT_SOCKET;                goto again;            }            return (1);        /* break; */        default:            return (0);            /* break; */    }}

static void bio_cleanup (void){	if (in)		BIO_free(in);}

PKI_X509_OCSP_REQ * ocspd_req_get_socket ( int connfd, OCSPD_CONFIG *ocspd_conf) {	PKI_X509_OCSP_REQ 	*req = NULL;	PKI_X509_OCSP_REQ_VALUE *req_val = NULL;	PKI_IO			*mem = NULL;	PKI_MEM			*pathmem = NULL;	PKI_SOCKET		sock;	size_t maxsize  = 0;	maxsize = (size_t) ocspd_conf->max_req_size;	PKI_HTTP *http_msg = NULL;	if ( connfd <= 0 ) return NULL;	// Initialize the sock structure	sock.ssl = NULL;	PKI_SOCKET_set_fd ( &sock, connfd );	http_msg = PKI_HTTP_get_message(&sock, (int) ocspd_conf->max_timeout_secs, maxsize);	if (http_msg == NULL)	{		PKI_log_err ("Network Error while reading Request!");		return NULL;	}	/* If method is METHOD_GET we shall de-urlify the buffer and get the	   right begin (keep in mind there might be a path set in the config */	if( http_msg->method == PKI_HTTP_METHOD_GET )	{		char *req_pnt = NULL;		if (http_msg->path == NULL)		{			PKI_log_err("Malformed GET request");			goto err;		}				req_pnt = http_msg->path;		while(strchr(req_pnt, '/') != NULL)		{			req_pnt = strchr(req_pnt, '/') + 1;		}		pathmem = PKI_MEM_new_data(strlen(req_pnt), (unsigned char *) req_pnt);		if (pathmem == NULL)		{			PKI_log_err("Memory Allocation Error!");			goto err;		}		if (PKI_MEM_decode(pathmem, PKI_DATA_FORMAT_URL, 0) != PKI_OK)		{			PKI_log_err("Memory Allocation Error!");			PKI_MEM_free(pathmem);			goto err;		}		if (PKI_MEM_decode(pathmem, PKI_DATA_FORMAT_B64, 0) != PKI_OK)		{			PKI_log_err ("Error decoding B64 Mem");			PKI_MEM_free (pathmem);			goto err;		}		// Generates a new mem bio from the pathmem		if((mem = BIO_new_mem_buf(pathmem->data, (int) pathmem->size)) == NULL)		{			PKI_log_err("Memory Allocation Error");			PKI_MEM_free(pathmem);			goto err;		}		// Transfer data ownership and release the pathmem		pathmem->data = NULL;		pathmem->size = 0;		// Tries to decode the binary (der) encoded request		if ((req_val = d2i_OCSP_REQ_bio(mem, NULL)) == NULL)		{			PKI_log_err("Can not parse REQ");			BIO_free(mem);			PKI_MEM_free(pathmem);			goto err;		}		// Let's free the mem		BIO_free(mem);		PKI_MEM_free(pathmem);	} 	else if (http_msg->method == PKI_HTTP_METHOD_POST)	{		mem = BIO_new_mem_buf(http_msg->body->data, (int) http_msg->body->size);		if (mem == NULL)		{			PKI_log_err( "Memory Allocation Error");//.........这里部分代码省略.........

static intget_raw_key_from_file (int type, u_int8_t *id, size_t id_len, RSA **rsa){  char filename[FILENAME_MAX];  char *fstr;  struct stat st;  BIO *bio;  if (type != IKE_AUTH_RSA_SIG) /* XXX More types? */    {      LOG_DBG ((LOG_NEGOTIATION, 20, "get_raw_key_from_file: "		"invalid auth type %d/n", type));      return -1;    }  *rsa = 0;  fstr = conf_get_str ("General", "Pubkey-directory");  if (!fstr)    fstr = CONF_DFLT_PUBKEY_DIR;  if (snprintf (filename, sizeof filename, "%s/", fstr) > sizeof filename - 1)    return -1;  fstr = ipsec_id_string (id, id_len);  if (!fstr)    {      LOG_DBG ((LOG_NEGOTIATION, 50, "get_raw_key_from_file: "		"ipsec_id_string failed"));      return -1;    }  strlcat (filename, fstr, sizeof filename - strlen (filename));  free (fstr);  /* If the file does not exist, fail silently.  */  if (stat (filename, &st) == 0)    {      bio = BIO_new (BIO_s_file ());      if (!bio)	{	  log_error ("get_raw_key_from_file: could not initialize BIO");	  return -1;	}      if (BIO_read_filename (bio, filename) <= 0)	{	  LOG_DBG ((LOG_NEGOTIATION, 50, "get_raw_key_from_file: "		    "BIO_read_filename(bio, /"%s/") failed", filename));	  BIO_free (bio);	  return -1;	}      LOG_DBG ((LOG_NEGOTIATION, 80, "get_raw_key_from_file: reading file %s",		filename));      *rsa = PEM_read_bio_RSA_PUBKEY (bio, NULL, NULL, NULL);      BIO_free (bio);    }  else    LOG_DBG ((LOG_NEGOTIATION, 50, "get_raw_key_from_file: file %s not found",	      filename));  return (*rsa ? 0 : -1);}

int main(int argc, char **argv){    BIO *in = NULL, *out = NULL, *tbio = NULL;    X509 *rcert = NULL;    STACK_OF(X509) *recips = NULL;    CMS_ContentInfo *cms = NULL;    int ret = 1;    /*     * On OpenSSL 1.0.0 and later only:     * for streaming set CMS_STREAM     */    int flags = CMS_STREAM;    OpenSSL_add_all_algorithms();    ERR_load_crypto_strings();    /* Read in recipient certificate */    tbio = BIO_new_file("signer.pem", "r");    if (!tbio)        goto err;    rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL);    if (!rcert)        goto err;    /* Create recipient STACK and add recipient cert to it */    recips = sk_X509_new_null();    if (!recips || !sk_X509_push(recips, rcert))        goto err;    /*     * sk_X509_pop_free will free up recipient STACK and its contents so set     * rcert to NULL so it isn't freed up twice.     */    rcert = NULL;    /* Open content being encrypted */    in = BIO_new_file("encr.txt", "r");    if (!in)        goto err;    /* encrypt content */    cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags);    if (!cms)        goto err;    out = BIO_new_file("smencr.txt", "w");    if (!out)        goto err;    /* Write out S/MIME message */    if (!SMIME_write_CMS(out, cms, in, flags))        goto err;    ret = 0; err:    if (ret) {        fprintf(stderr, "Error Encrypting Data/n");        ERR_print_errors_fp(stderr);    }    CMS_ContentInfo_free(cms);    X509_free(rcert);    sk_X509_pop_free(recips, X509_free);    BIO_free(in);    BIO_free(out);    BIO_free(tbio);    return ret;}

//.........这里部分代码省略.........	      return 0;	    }	  buf = calloc (size + 1, sizeof (char));	  if (!buf)	    {	      log_print ("ike_auth_get_key: failed allocating %lu bytes",			 (unsigned long)size + 1);	      free (keyfile);	      return 0;	    }	  if (read (fd, buf, size) != size)	    {	      free (buf);	      log_print ("ike_auth_get_key: "			 "failed reading %lu bytes from /"%s/"",			(unsigned long)size, keyfile);	      free (keyfile);	      return 0;	    }	  close (fd);	  /* Parse private key string */	  buf2 = kn_get_string (buf);	  free (buf);	  if (kn_decode_key (&dc, buf2, KEYNOTE_PRIVATE_KEY) == -1)	    {	      free (buf2);	      log_print ("ike_auth_get_key: failed decoding key in /"%s/"",			 keyfile);	      free (keyfile);	      return 0;	    }	  free (buf2);	  if (dc.dec_algorithm != KEYNOTE_ALGORITHM_RSA)	    {	      log_print ("ike_auth_get_key: wrong algorithm type %d in /"%s/"",			 dc.dec_algorithm, keyfile);	      free (keyfile);	      kn_free_key (&dc);	      return 0;	    }	  free (keyfile);	  return dc.dec_key;	}    ignorekeynote:#endif /* USE_KEYNOTE */#ifdef USE_X509      /* Otherwise, try X.509 */      keyfile = conf_get_str ("X509-certificates", "Private-key");      if (check_file_secrecy (keyfile, &fsize))	return 0;      keyh = BIO_new (BIO_s_file ());      if (keyh == NULL)	{	  log_print ("ike_auth_get_key: "		     "BIO_new (BIO_s_file ()) failed");	  return 0;	}      if (BIO_read_filename (keyh, keyfile) == -1)	{	  log_print ("ike_auth_get_key: "		     "BIO_read_filename (keyh, /"%s/") failed",		     keyfile);	  BIO_free (keyh);	  return 0;	}#if SSLEAY_VERSION_NUMBER >= 0x00904100L      rsakey = PEM_read_bio_RSAPrivateKey (keyh, NULL, NULL, NULL);#else      rsakey = PEM_read_bio_RSAPrivateKey (keyh, NULL, NULL);#endif      BIO_free (keyh);      if (!rsakey)	{	  log_print ("ike_auth_get_key: PEM_read_bio_RSAPrivateKey failed");	  return 0;	}      return rsakey;#endif /* USE_X509 */#endif /* USE_X509 || USE_KEYNOTE */    default:      log_print ("ike_auth_get_key: unknown key type %d", type);      return 0;    }  return key;}

//.........这里部分代码省略.........			b64 = tmp;		}		num = 0;		for (;;) {			if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))				goto end;			i = BIO_read(in, &(buf->data[num]), BUFSIZ);			if (i <= 0)				break;			num += i;		}	}	str = buf->data;	/* If any structs to parse go through in sequence */	if (sk_OPENSSL_STRING_num(osk)) {		tmpbuf = (unsigned char *)str;		tmplen = num;		for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {			ASN1_TYPE *atmp;			int typ;			j = atoi(sk_OPENSSL_STRING_value(osk, i));			if (j == 0) {				BIO_printf(bio_err,				    "'%s' is an invalid number/n",				    sk_OPENSSL_STRING_value(osk, i));				continue;			}			tmpbuf += j;			tmplen -= j;			atmp = at;			ctmpbuf = tmpbuf;			at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);			ASN1_TYPE_free(atmp);			if (!at) {				BIO_printf(bio_err, "Error parsing structure/n");				ERR_print_errors(bio_err);				goto end;			}			typ = ASN1_TYPE_get(at);			if ((typ == V_ASN1_OBJECT) ||			    (typ == V_ASN1_NULL)) {				BIO_printf(bio_err, "Can't parse %s type/n",				    typ == V_ASN1_NULL ? "NULL" : "OBJECT");				ERR_print_errors(bio_err);				goto end;			}			/* hmm... this is a little evil but it works */			tmpbuf = at->value.asn1_string->data;			tmplen = at->value.asn1_string->length;		}		str = (char *)tmpbuf;		num = tmplen;	}	if (offset >= num) {		BIO_printf(bio_err, "Error: offset too large/n");		goto end;	}	num -= offset;	if ((length == 0) || ((long)length > num))		length = (unsigned int)num;	if (derout) {		if (BIO_write(derout, str + offset, length) != (int)length) {			BIO_printf(bio_err, "Error writing output/n");			ERR_print_errors(bio_err);			goto end;		}	}	if (!noout &&	    !ASN1_parse_dump(out, (unsigned char *)&(str[offset]), length,		indent, dump)) {		ERR_print_errors(bio_err);		goto end;	}	ret = 0;end:	BIO_free(derout);	if (in != NULL)		BIO_free(in);	if (out != NULL)		BIO_free_all(out);	if (b64 != NULL)		BIO_free(b64);	if (ret != 0)		ERR_print_errors(bio_err);	if (buf != NULL)		BUF_MEM_free(buf);	if (at != NULL)		ASN1_TYPE_free(at);	if (osk != NULL)		sk_OPENSSL_STRING_free(osk);	OBJ_cleanup();	apps_shutdown();	OPENSSL_EXIT(ret);}

//.........这里部分代码省略.........	if (infile)		{		if (!(in = BIO_new_file(infile, inmode)))			{			BIO_printf (bio_err,				 "Can't open input file %s/n", infile);			goto end;			}		}	else		in = BIO_new_fp(stdin, BIO_NOCLOSE);	if (operation & SMIME_IP)		{		if (informat == FORMAT_SMIME) 			cms = SMIME_read_CMS(in, &indata);		else if (informat == FORMAT_PEM) 			cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);		else if (informat == FORMAT_ASN1) 			cms = d2i_CMS_bio(in, NULL);		else			{			BIO_printf(bio_err, "Bad input format for CMS file/n");			goto end;			}		if (!cms)			{			BIO_printf(bio_err, "Error reading S/MIME message/n");			goto end;			}		if (contfile)			{			BIO_free(indata);			if (!(indata = BIO_new_file(contfile, "rb")))				{				BIO_printf(bio_err, "Can't read content file %s/n", contfile);				goto end;				}			}		if (certsoutfile)			{			STACK_OF(X509) *allcerts;			allcerts = CMS_get1_certs(cms);			if (!save_certs(certsoutfile, allcerts))				{				BIO_printf(bio_err,						"Error writing certs to %s/n",								certsoutfile);				ret = 5;				goto end;				}			sk_X509_pop_free(allcerts, X509_free);			}		}	if (rctfile)		{		char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";		if (!(rctin = BIO_new_file(rctfile, rctmode)))			{			BIO_printf (bio_err,				 "Can't open receipt file %s/n", rctfile);			goto end;			}