自学教程：C++ BIO_new函数代码示例

/* int */BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)	{	int i,j;	BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;	unsigned char *tmp=NULL;	X509_ALGOR *xa;	ASN1_OCTET_STRING *data_body=NULL;	const EVP_MD *evp_md;	const EVP_CIPHER *evp_cipher=NULL;	EVP_CIPHER_CTX *evp_ctx=NULL;	X509_ALGOR *enc_alg=NULL;	STACK_OF(X509_ALGOR) *md_sk=NULL;	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;	X509_ALGOR *xalg=NULL;	PKCS7_RECIP_INFO *ri=NULL;	i=OBJ_obj2nid(p7->type);	p7->state=PKCS7_S_HEADER;	switch (i)		{	case NID_pkcs7_signed:		data_body=p7->d.sign->contents->d.data;		md_sk=p7->d.sign->md_algs;		break;	case NID_pkcs7_signedAndEnveloped:		rsk=p7->d.signed_and_enveloped->recipientinfo;		md_sk=p7->d.signed_and_enveloped->md_algs;		data_body=p7->d.signed_and_enveloped->enc_data->enc_data;		enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;		evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));		if (evp_cipher == NULL)			{			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);			goto err;			}		xalg=p7->d.signed_and_enveloped->enc_data->algorithm;		break;	case NID_pkcs7_enveloped:		rsk=p7->d.enveloped->recipientinfo;		enc_alg=p7->d.enveloped->enc_data->algorithm;		data_body=p7->d.enveloped->enc_data->enc_data;		evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));		if (evp_cipher == NULL)			{			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);			goto err;			}		xalg=p7->d.enveloped->enc_data->algorithm;		break;	default:		PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);	        goto err;		}	/* We will be checking the signature */	if (md_sk != NULL)		{		for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)			{			xa=sk_X509_ALGOR_value(md_sk,i);			if ((btmp=BIO_new(BIO_f_md())) == NULL)				{				PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);				goto err;				}			j=OBJ_obj2nid(xa->algorithm);			evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));			if (evp_md == NULL)				{				PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);				goto err;				}			BIO_set_md(btmp,evp_md);			if (out == NULL)				out=btmp;			else				BIO_push(out,btmp);			btmp=NULL;			}		}	if (evp_cipher != NULL)		{#if 0		unsigned char key[EVP_MAX_KEY_LENGTH];		unsigned char iv[EVP_MAX_IV_LENGTH];		unsigned char *p;		int keylen,ivlen;		int max;		X509_OBJECT ret;#endif		int jj;		if ((etmp=BIO_new(BIO_f_cipher())) == NULL)			{			PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);//.........这里部分代码省略.........

//.........这里部分代码省略.........			add_ext(x509, NID_ext_key_usage, SSL_STRING("serverAuth,clientAuth"));			add_ext(x509, NID_subject_key_identifier, SSL_STRING("hash"));			add_ext(x509, NID_netscape_comment, SSL_STRING("Generated from murmur"));			X509_sign(x509, pkey, EVP_sha1());			crt.resize(i2d_X509(x509, NULL));			unsigned char *dptr=reinterpret_cast<unsigned char *>(crt.data());			i2d_X509(x509, &dptr);			qscCert = QSslCertificate(crt, QSsl::Der);			if (qscCert.isNull())				log("Certificate generation failed");			key.resize(i2d_PrivateKey(pkey, NULL));			dptr=reinterpret_cast<unsigned char *>(key.data());			i2d_PrivateKey(pkey, &dptr);			qskKey = QSslKey(key, QSsl::Rsa, QSsl::Der);			if (qskKey.isNull())				log("Key generation failed");			setConf("certificate", qscCert.toPem());			setConf("key", qskKey.toPem());		}	}#if defined(USE_QSSLDIFFIEHELLMANPARAMETERS)	if (qsdhpDHParams.isEmpty()) {		log("Generating new server 2048-bit Diffie-Hellman parameters. This could take a while...");		DH *dh = DH_new();		if (dh == NULL) {			qFatal("DH_new failed: unable to generate Diffie-Hellman parameters for virtual server");		}		// Generate DH params.		// We register a status callback in order to update the UI		// for Murmur on Windows. We don't show the actual status,		// but we do it to keep Murmur on Windows responsive while		// generating the parameters.		BN_GENCB cb;		memset(&cb, 0, sizeof(BN_GENCB));		BN_GENCB_set(&cb, dh_progress, NULL);		if (DH_generate_parameters_ex(dh, 2048, 2, &cb) == 0) {			qFatal("DH_generate_parameters_ex failed: unable to generate Diffie-Hellman parameters for virtual server");		}		BIO *mem = BIO_new(BIO_s_mem());		if (PEM_write_bio_DHparams(mem, dh) == 0) {			qFatal("PEM_write_bio_DHparams failed: unable to write generated Diffie-Hellman parameters to memory");		}		char *pem = NULL;		long len = BIO_get_mem_data(mem, &pem);		if (len <= 0) {			qFatal("BIO_get_mem_data returned an empty or invalid buffer");		}		QByteArray pemdh(pem, len);		QSslDiffieHellmanParameters qdhp(pemdh);		if (!qdhp.isValid()) {			qFatal("QSslDiffieHellmanParameters: unable to import generated Diffie-HellmanParameters: %s", qdhp.errorString().toStdString().c_str());		}		qsdhpDHParams = qdhp;		setConf("sslDHParams", pemdh);		BIO_free(mem);		DH_free(dh);	}#endif	// Drain OpenSSL's per-thread error queue	// to ensure that errors from the operations	// we've done in here do not leak out into	// Qt's SSL module.	//	// If an error leaks, it can break all connections	// to the server because each invocation of Qt's SSL	// read callback checks OpenSSL's per-thread error	// queue (albeit indirectly, via SSL_get_error()).	// Qt expects any errors returned from SSL_get_error()	// to be related to the QSslSocket it is currently	// processing -- which is the obvious thing to expect:	// SSL_get_error() takes a pointer to an SSL object	// and the return code of the failed operation.	// However, it is also documented as:	//	//  "In addition to ssl and ret, SSL_get_error()	//   inspects the current thread's OpenSSL error	//   queue."	//	// So, if any OpenSSL operation on the main thread	// forgets to clear the error queue, those errors	// *will* leak into other things that *do* error	// checking. In our case, into Qt's SSL read callback,	// resulting in all clients being disconnected.	ERR_clear_error();}

int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file){    unsigned char *serverinfo = NULL;    size_t serverinfo_length = 0;    unsigned char *extension = 0;    long extension_length = 0;    char *name = NULL;    char *header = NULL;    char namePrefix[] = "SERVERINFO FOR ";    int ret = 0;    BIO *bin = NULL;    size_t num_extensions = 0;    if (ctx == NULL || file == NULL) {        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,               ERR_R_PASSED_NULL_PARAMETER);        goto end;    }    bin = BIO_new(BIO_s_file_internal());    if (bin == NULL) {        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_BUF_LIB);        goto end;    }    if (BIO_read_filename(bin, file) <= 0) {        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_SYS_LIB);        goto end;    }    for (num_extensions = 0;; num_extensions++) {        if (PEM_read_bio(bin, &name, &header, &extension, &extension_length)            == 0) {            /*             * There must be at least one extension in this file             */            if (num_extensions == 0) {                SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,                       SSL_R_NO_PEM_EXTENSIONS);                goto end;            } else              /* End of file, we're done */                break;        }        /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */        if (strlen(name) < strlen(namePrefix)) {            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,                   SSL_R_PEM_NAME_TOO_SHORT);            goto end;        }        if (strncmp(name, namePrefix, strlen(namePrefix)) != 0) {            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,                   SSL_R_PEM_NAME_BAD_PREFIX);            goto end;        }        /*         * Check that the decoded PEM data is plausible (valid length field)         */        if (extension_length < 4            || (extension[2] << 8) + extension[3] != extension_length - 4) {            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);            goto end;        }        /* Append the decoded extension to the serverinfo buffer */        serverinfo =            OPENSSL_realloc(serverinfo, serverinfo_length + extension_length);        if (serverinfo == NULL) {            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE);            goto end;        }        memcpy(serverinfo + serverinfo_length, extension, extension_length);        serverinfo_length += extension_length;        OPENSSL_free(name);        name = NULL;        OPENSSL_free(header);        header = NULL;        OPENSSL_free(extension);        extension = NULL;    }    ret = SSL_CTX_use_serverinfo(ctx, serverinfo, serverinfo_length); end:    /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */    OPENSSL_free(name);    OPENSSL_free(header);    OPENSSL_free(extension);    OPENSSL_free(serverinfo);    BIO_free(bin);    return ret;}

int main( int argc, char *argv[]) {	PKCS7 *p7;	PKCS7_SIGNER_INFO *si;	X509_STORE_CTX cert_ctx;	X509_STORE *cert_store=NULL;	BIO *data = NULL, *p7bio=NULL;	BIO *signature = NULL;	int cmd=-1;        char *infile=NULL;        /* char *outfile=NULL; */        char *certfile=NULL;        char *keyfile=NULL;        char *key=NULL;	int nodetach=0;	char *datafile = NULL;	char *outfile = NULL;	char *signaturefile = NULL;	char buf[1024*4];	char **pp = NULL;	int badops=0, outdata=0, err=0, version=0, i;	 /* default certificates dir */	 /* char *certsdir="/usr/local/OpenCA/certs"; */	 /* default certificates file */	 /* char *certsfile="/usr/local/OpenCA/cacert.pem"; */	char *certsdir = NULL;	char *certsfile = NULL;	STACK_OF(PKCS7_SIGNER_INFO) *sk;	if ((bio_err=BIO_new(BIO_s_file())) != NULL)		BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);#ifndef NO_MD5        EVP_add_digest(EVP_md5());#endif#ifndef NO_SHA1        EVP_add_digest(EVP_sha1());#endif	if( argc <= 1 ) {		printVersion( bio_err, INFO );		printf("ERROR: needed command and arguments missing/n/n");		badops=1;		goto badops;	}	if( ( cmd = getCommand( argc, argv ) ) == -1 ) {		printVersion( bio_err, INFO );		printf("ERROR: unknown command %s/n/n", argv[1] );		badops=1;		goto badops;	}	if( argc >= 1 ) {		argc--;		argv++;		if( argc <= 1 )		{			printVersion( bio_err, INFO );			printf("ERROR: needed at least one argument!/n/n" );	                badops=1;        	        goto badops;		}	}	while (argc > 1) {		argc--;		argv++;		if (strcmp(*argv,"-verbose") == 0)                        {			verbose=1;			}		else if (strcmp(*argv,"-print_data") == 0)                        {			outdata=1;			}		else if (strcmp(*argv,"-no_chain") == 0)                        {			chainVerify=0;			}		else if (strcmp(*argv,"-data") == 0)			{                        if (--argc < 1) goto bad;			datafile= *( ++argv );			}		else if (strcmp(*argv,"-d") == 0)			{			/* Present for compatibility reasons ... *///.........这里部分代码省略.........

//.........这里部分代码省略.........			numbits = num;		} else {			BIO_printf(bio_err, "unknown option %s/n", *argv);			badops = 1;			break;		}		argc--;		argv++;	}	if (badops) {bad:		BIO_printf(bio_err, "%s [options] [bits] <infile >outfile/n", prog);		BIO_printf(bio_err, "where options are/n");		BIO_printf(bio_err, " -inform arg   input format - DER or PEM/n");		BIO_printf(bio_err, " -outform arg  output format - DER or PEM/n");		BIO_printf(bio_err, " -in arg       input file/n");		BIO_printf(bio_err, " -out arg      output file/n");		BIO_printf(bio_err, " -text         print as text/n");		BIO_printf(bio_err, " -C            Output C code/n");		BIO_printf(bio_err, " -noout        no output/n");		BIO_printf(bio_err, " -genkey       generate a DSA key/n");#ifndef OPENSSL_NO_ENGINE		BIO_printf(bio_err, " -engine e     use engine e, possibly a hardware device./n");#endif#ifdef GENCB_TEST		BIO_printf(bio_err, " -timebomb n   interrupt keygen after <n> seconds/n");#endif		BIO_printf(bio_err, " number        number of bits to use for generating private key/n");		goto end;	}	ERR_load_crypto_strings();	in = BIO_new(BIO_s_file());	out = BIO_new(BIO_s_file());	if ((in == NULL) || (out == NULL)) {		ERR_print_errors(bio_err);		goto end;	}	if (infile == NULL)		BIO_set_fp(in, stdin, BIO_NOCLOSE);	else {		if (BIO_read_filename(in, infile) <= 0) {			perror(infile);			goto end;		}	}	if (outfile == NULL) {		BIO_set_fp(out, stdout, BIO_NOCLOSE);	} else {		if (BIO_write_filename(out, outfile) <= 0) {			perror(outfile);			goto end;		}	}#ifndef OPENSSL_NO_ENGINE	setup_engine(bio_err, engine, 0);#endif	if (numbits > 0) {		BN_GENCB cb;		BN_GENCB_set(&cb, dsa_cb, bio_err);		dsa = DSA_new();		if (!dsa) {			BIO_printf(bio_err, "Error allocating DSA object/n");

static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options){    TLSContext *p = h->priv_data;    TLSShared *c = &p->tls_shared;    BIO *bio;    int ret;    ff_openssl_init();    if ((ret = ff_tls_open_underlying(c, h, uri, options)) < 0)        goto fail;    p->ctx = SSL_CTX_new(c->listen ? TLSv1_server_method() : TLSv1_client_method());    if (!p->ctx) {        av_log(h, AV_LOG_ERROR, "%s/n", ERR_error_string(ERR_get_error(), NULL));        ret = AVERROR(EIO);        goto fail;    }    if (c->ca_file)        SSL_CTX_load_verify_locations(p->ctx, c->ca_file, NULL);    if (c->cert_file && !SSL_CTX_use_certificate_chain_file(p->ctx, c->cert_file)) {        av_log(h, AV_LOG_ERROR, "Unable to load cert file %s: %s/n",               c->cert_file, ERR_error_string(ERR_get_error(), NULL));        ret = AVERROR(EIO);        goto fail;    }    if (c->key_file && !SSL_CTX_use_PrivateKey_file(p->ctx, c->key_file, SSL_FILETYPE_PEM)) {        av_log(h, AV_LOG_ERROR, "Unable to load key file %s: %s/n",               c->key_file, ERR_error_string(ERR_get_error(), NULL));        ret = AVERROR(EIO);        goto fail;    }    // Note, this doesn't check that the peer certificate actually matches    // the requested hostname.    if (c->verify)        SSL_CTX_set_verify(p->ctx, SSL_VERIFY_PEER, NULL);    p->ssl = SSL_new(p->ctx);    if (!p->ssl) {        av_log(h, AV_LOG_ERROR, "%s/n", ERR_error_string(ERR_get_error(), NULL));        ret = AVERROR(EIO);        goto fail;    }    bio = BIO_new(&url_bio_method);    bio->ptr = c->tcp;    SSL_set_bio(p->ssl, bio, bio);    if (!c->listen && !c->numerichost)        SSL_set_tlsext_host_name(p->ssl, c->host);    ret = c->listen ? SSL_accept(p->ssl) : SSL_connect(p->ssl);    if (ret == 0) {        av_log(h, AV_LOG_ERROR, "Unable to negotiate TLS/SSL session/n");        ret = AVERROR(EIO);        goto fail;    } else if (ret < 0) {        ret = print_tls_error(h, ret);        goto fail;    }    return 0;fail:    tls_close(h);    return ret;}

int MAIN(int argc, char **argv)	{	DSA *dsa=NULL;	int i,badops=0,text=0;	BIO *in=NULL,*out=NULL;	int informat,outformat,noout=0,C=0,ret=1;	char *infile,*outfile,*prog,*inrand=NULL;	int numbits= -1,num,genkey=0;	int need_rand=0;	apps_startup();	if (bio_err == NULL)		if ((bio_err=BIO_new(BIO_s_file())) != NULL)			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);	infile=NULL;	outfile=NULL;	informat=FORMAT_PEM;	outformat=FORMAT_PEM;	prog=argv[0];	argc--;	argv++;	while (argc >= 1)		{		if 	(strcmp(*argv,"-inform") == 0)			{			if (--argc < 1) goto bad;			informat=str2fmt(*(++argv));			}		else if (strcmp(*argv,"-outform") == 0)			{			if (--argc < 1) goto bad;			outformat=str2fmt(*(++argv));			}		else if (strcmp(*argv,"-in") == 0)			{			if (--argc < 1) goto bad;			infile= *(++argv);			}		else if (strcmp(*argv,"-out") == 0)			{			if (--argc < 1) goto bad;			outfile= *(++argv);			}		else if (strcmp(*argv,"-text") == 0)			text=1;		else if (strcmp(*argv,"-C") == 0)			C=1;		else if (strcmp(*argv,"-genkey") == 0)			{			genkey=1;			need_rand=1;			}		else if (strcmp(*argv,"-rand") == 0)			{			if (--argc < 1) goto bad;			inrand= *(++argv);			need_rand=1;			}		else if (strcmp(*argv,"-noout") == 0)			noout=1;		else if (sscanf(*argv,"%d",&num) == 1)			{			/* generate a key */			numbits=num;			need_rand=1;			}		else			{			BIO_printf(bio_err,"unknown option %s/n",*argv);			badops=1;			break;			}		argc--;		argv++;		}	if (badops)		{bad:		BIO_printf(bio_err,"%s [options] [bits] <infile >outfile/n",prog);		BIO_printf(bio_err,"where options are/n");		BIO_printf(bio_err," -inform arg   input format - DER or PEM/n");		BIO_printf(bio_err," -outform arg  output format - DER or PEM/n");		BIO_printf(bio_err," -in arg       input file/n");		BIO_printf(bio_err," -out arg      output file/n");		BIO_printf(bio_err," -text         print as text/n");		BIO_printf(bio_err," -C            Output C code/n");		BIO_printf(bio_err," -noout        no output/n");		BIO_printf(bio_err," -rand         files to use for random number input/n");		BIO_printf(bio_err," number        number of bits to use for generating private key/n");		goto end;		}	ERR_load_crypto_strings();	in=BIO_new(BIO_s_file());	out=BIO_new(BIO_s_file());//.........这里部分代码省略.........

GBytes *cms_sign(GBytes *content, const gchar *certfile, const gchar *keyfile, gchar **interfiles, GError **error){	GError *ierror = NULL;	BIO *incontent = BIO_new_mem_buf((void *)g_bytes_get_data(content, NULL),			g_bytes_get_size(content));	BIO *outsig = BIO_new(BIO_s_mem());	X509 *signcert = NULL;	EVP_PKEY *pkey = NULL;	STACK_OF(X509) *intercerts = NULL;	CMS_ContentInfo *cms = NULL;	GBytes *res = NULL;	int flags = CMS_DETACHED | CMS_BINARY;	g_return_val_if_fail(content != NULL, NULL);	g_return_val_if_fail(certfile != NULL, NULL);	g_return_val_if_fail(keyfile != NULL, NULL);	g_return_val_if_fail(error == NULL || *error == NULL, NULL);	signcert = load_cert(certfile, &ierror);	if (signcert == NULL) {		g_propagate_error(error, ierror);		goto out;	}	pkey = load_key(keyfile, &ierror);	if (pkey == NULL) {		g_propagate_error(error, ierror);		goto out;	}	intercerts = sk_X509_new_null();	for (gchar **intercertpath = interfiles; intercertpath && *intercertpath != NULL; intercertpath++) {		X509 *intercert = load_cert(*intercertpath, &ierror);		if (intercert == NULL) {			g_propagate_error(error, ierror);			goto out;		}		sk_X509_push(intercerts, intercert);	}	cms = CMS_sign(signcert, pkey, intercerts, incontent, flags);	if (cms == NULL) {		unsigned long err;		const gchar *data;		int errflags;		err = ERR_get_error_line_data(NULL, NULL, &data, &errflags);		g_set_error(				error,				R_SIGNATURE_ERROR,				R_SIGNATURE_ERROR_INVALID,				"failed to create signature: %s", (errflags & ERR_TXT_STRING) ? data : ERR_error_string(err, NULL));		goto out;	}	if (!i2d_CMS_bio(outsig, cms)) {		g_set_error_literal(				error,				R_SIGNATURE_ERROR,				R_SIGNATURE_ERROR_SERIALIZE_SIG,				"failed to serialize signature");		goto out;	}	res = bytes_from_bio(outsig);	if (!res) {		g_set_error_literal(				error,				R_SIGNATURE_ERROR,				R_SIGNATURE_ERROR_UNKNOWN,				"Read zero bytes");		goto out;	}	/* keyring was given, perform verification to obtain trust chain */	if (r_context()->config->keyring_path) {		g_autoptr(CMS_ContentInfo) vcms = NULL;		g_autoptr(X509_STORE) store = NULL;		STACK_OF(X509) *verified_chain = NULL;		g_message("Keyring given, doing signature verification");		if (!cms_verify(content, res, &vcms, &store, &ierror)) {			g_propagate_error(error, ierror);			res = NULL;			goto out;		}		if (!cms_get_cert_chain(vcms, store, &verified_chain, &ierror)) {			g_propagate_error(error, ierror);			res = NULL;			goto out;		}		for (int i = 0; i < sk_X509_num(verified_chain); i++) {			const ASN1_TIME *expiry_time;			struct tm *next_month;			time_t now;			time_t comp;//.........这里部分代码省略.........

//.........这里部分代码省略.........        }        if (ctx == NULL) {                CRIT("NULL ctx in oh_ssl_connect()");                return(NULL);        }        if (timeout < 0) {                CRIT("inappropriate timeout in oh_ssl_connect()");                return(NULL);        }        /* Allocate memory to a char pointer "Server" */        Server = (char *) g_malloc0(sizeof(char) * len);        if (Server == NULL){                CRIT("out of memory");                return NULL;        }        memset(Server, 0, len);        /* hostname contains "Port" along with "IP Address". As, only         * "IP Address" is needed for some of the below operations, so copy         * "IP Address" from hostname to "Server".         */        strncpy(Server, hostname, (len - 4));        /* Allocate memory to a char pointer "Port" */        Port = (char *) g_malloc0(sizeof(char) * 4);        if (Port == NULL){                CRIT("out of memory");                g_free(Server);                return NULL;        }        /* As Port number is needed separately for some of the below         * operations, so copy port number from hostname to "Port".         */        strncpy(Port, hostname + (len - 3), 3);                /* Create socket address structure to prepare client socket */        RetVal = getaddrinfo(Server, Port, &Hints, &AddrInfo);        if (RetVal != 0) {                CRIT("Cannot resolve address [%s] and port [%s],"                     " error %d: %s",                       Server, Port, RetVal, gai_strerror(RetVal));                g_free(Server);                g_free(Port);                return NULL;        }                ai = AddrInfo;        /* Create a socket point */        socket_desc = socket(ai->ai_family, ai->ai_socktype,                                            ai->ai_protocol);        if (socket_desc == -1) {                CRIT("Socket failed with error: %s",                       strerror(errno));                g_free(Server);                g_free(Port);                freeaddrinfo(AddrInfo);	                return NULL;        }        /* Now connect to target IP Address */        retval = connect(socket_desc, ai->ai_addr, ai->ai_addrlen);        if (retval != 0) {                CRIT("Socket connect failed with error: %s",                      strerror(errno));                g_free(Server);                g_free(Port);                freeaddrinfo(AddrInfo);	                close(socket_desc);                return NULL;        }        /* Create new SSL structure for connection */        ssl = SSL_new(ctx);        /* Connect ssl object with a socket descriptor */        SSL_set_fd(ssl, socket_desc);        /* Initiate SSL connection */        err = SSL_connect(ssl);        if (err != 1) {                CRIT("SSL connection failed");                g_free(Server);                g_free(Port);                freeaddrinfo(AddrInfo);	                close(socket_desc);                return (NULL);        }        bio = BIO_new(BIO_f_ssl());             /* create an ssl BIO */        BIO_set_ssl(bio, ssl, BIO_CLOSE);       /* assign the ssl BIO to SSL */        /* TODO: Do I need to set the client or server mode here?  I don't         * think so.         */        g_free(Server);        g_free(Port);        freeaddrinfo(AddrInfo);	        return(bio);}

int MAIN(int argc, char **argv)	{	ENGINE *e = NULL;	int operation = 0;	int ret = 0;	char **args;	const char *inmode = "r", *outmode = "w";	char *infile = NULL, *outfile = NULL, *rctfile = NULL;	char *signerfile = NULL, *recipfile = NULL;	STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;	char *certsoutfile = NULL;	const EVP_CIPHER *cipher = NULL, *wrap_cipher = NULL;	CMS_ContentInfo *cms = NULL, *rcms = NULL;	X509_STORE *store = NULL;	X509 *cert = NULL, *recip = NULL, *signer = NULL;	EVP_PKEY *key = NULL;	STACK_OF(X509) *encerts = NULL, *other = NULL;	BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;	int badarg = 0;	int flags = CMS_DETACHED, noout = 0, print = 0;	int verify_retcode = 0;	int rr_print = 0, rr_allorfirst = -1;	STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;	CMS_ReceiptRequest *rr = NULL;	char *to = NULL, *from = NULL, *subject = NULL;	char *CAfile = NULL, *CApath = NULL;	char *passargin = NULL, *passin = NULL;	char *inrand = NULL;	int need_rand = 0;	const EVP_MD *sign_md = NULL;	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;        int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;#ifndef OPENSSL_NO_ENGINE	char *engine=NULL;#endif	unsigned char *secret_key = NULL, *secret_keyid = NULL;	unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;	size_t secret_keylen = 0, secret_keyidlen = 0;	cms_key_param *key_first = NULL, *key_param = NULL;	ASN1_OBJECT *econtent_type = NULL;	X509_VERIFY_PARAM *vpm = NULL;	args = argv + 1;	ret = 1;	apps_startup();	if (bio_err == NULL)		{		if ((bio_err = BIO_new(BIO_s_file())) != NULL)			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);		}	if (!load_config(bio_err, NULL))		goto end;	while (!badarg && *args && *args[0] == '-')		{		if (!strcmp (*args, "-encrypt"))			operation = SMIME_ENCRYPT;		else if (!strcmp (*args, "-decrypt"))			operation = SMIME_DECRYPT;		else if (!strcmp (*args, "-sign"))			operation = SMIME_SIGN;		else if (!strcmp (*args, "-sign_receipt"))			operation = SMIME_SIGN_RECEIPT;		else if (!strcmp (*args, "-resign"))			operation = SMIME_RESIGN;		else if (!strcmp (*args, "-verify"))			operation = SMIME_VERIFY;		else if (!strcmp (*args, "-verify_retcode"))			verify_retcode = 1;		else if (!strcmp(*args,"-verify_receipt"))			{			operation = SMIME_VERIFY_RECEIPT;			if (!args[1])				goto argerr;			args++;			rctfile = *args;			}		else if (!strcmp (*args, "-cmsout"))			operation = SMIME_CMSOUT;		else if (!strcmp (*args, "-data_out"))			operation = SMIME_DATAOUT;		else if (!strcmp (*args, "-data_create"))			operation = SMIME_DATA_CREATE;		else if (!strcmp (*args, "-digest_verify"))			operation = SMIME_DIGEST_VERIFY;		else if (!strcmp (*args, "-digest_create"))			operation = SMIME_DIGEST_CREATE;		else if (!strcmp (*args, "-compress"))			operation = SMIME_COMPRESS;		else if (!strcmp (*args, "-uncompress"))			operation = SMIME_UNCOMPRESS;		else if (!strcmp (*args, "-EncryptedData_decrypt"))			operation = SMIME_ENCRYPTED_DECRYPT;//.........这里部分代码省略.........

int MAIN(int argc, char **argv)	{	EC_GROUP *group = NULL;	point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; 	int 	new_form = 0;	int 	asn1_flag = OPENSSL_EC_NAMED_CURVE;	int 	new_asn1_flag = 0;	char 	*curve_name = NULL, *inrand = NULL;	int	list_curves = 0, no_seed = 0, check = 0,		badops = 0, text = 0, i, need_rand = 0, genkey = 0;	char	*infile = NULL, *outfile = NULL, *prog;	BIO 	*in = NULL, *out = NULL;	int 	informat, outformat, noout = 0, C = 0, ret = 1;#ifndef OPENSSL_NO_ENGINE	ENGINE	*e = NULL;#endif	char	*engine = NULL;	BIGNUM	*ec_p = NULL, *ec_a = NULL, *ec_b = NULL,		*ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;	unsigned char *buffer = NULL;	apps_startup();	if (bio_err == NULL)		if ((bio_err=BIO_new(BIO_s_file())) != NULL)			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);	if (!load_config(bio_err, NULL))		goto end;	informat=FORMAT_PEM;	outformat=FORMAT_PEM;	prog=argv[0];	argc--;	argv++;	while (argc >= 1)		{		if 	(strcmp(*argv,"-inform") == 0)			{			if (--argc < 1) goto bad;			informat=str2fmt(*(++argv));			}		else if (strcmp(*argv,"-outform") == 0)			{			if (--argc < 1) goto bad;			outformat=str2fmt(*(++argv));			}		else if (strcmp(*argv,"-in") == 0)			{			if (--argc < 1) goto bad;			infile= *(++argv);			}		else if (strcmp(*argv,"-out") == 0)			{			if (--argc < 1) goto bad;			outfile= *(++argv);			}		else if (strcmp(*argv,"-text") == 0)			text = 1;		else if (strcmp(*argv,"-C") == 0)			C = 1;		else if (strcmp(*argv,"-check") == 0)			check = 1;		else if (strcmp (*argv, "-name") == 0)			{			if (--argc < 1)				goto bad;			curve_name = *(++argv);			}		else if (strcmp(*argv, "-list_curves") == 0)			list_curves = 1;		else if (strcmp(*argv, "-conv_form") == 0)			{			if (--argc < 1)				goto bad;			++argv;			new_form = 1;			if (strcmp(*argv, "compressed") == 0)				form = POINT_CONVERSION_COMPRESSED;			else if (strcmp(*argv, "uncompressed") == 0)				form = POINT_CONVERSION_UNCOMPRESSED;			else if (strcmp(*argv, "hybrid") == 0)				form = POINT_CONVERSION_HYBRID;			else				goto bad;			}		else if (strcmp(*argv, "-param_enc") == 0)			{			if (--argc < 1)				goto bad;			++argv;			new_asn1_flag = 1;			if (strcmp(*argv, "named_curve") == 0)				asn1_flag = OPENSSL_EC_NAMED_CURVE;			else if (strcmp(*argv, "explicit") == 0)				asn1_flag = 0;			else				goto bad;//.........这里部分代码省略.........

int MAIN(int argc, char **argv){#ifndef OPENSSL_NO_ENGINE	ENGINE 	*e = NULL;#endif	int 	ret = 1;	EC_KEY 	*eckey = NULL;	const EC_GROUP *group;	int 	i, badops = 0;	const EVP_CIPHER *enc = NULL;	BIO 	*in = NULL, *out = NULL;	int 	informat, outformat, text=0, noout=0;	int  	pubin = 0, pubout = 0, param_out = 0;	char 	*infile, *outfile, *prog, *engine;	char 	*passargin = NULL, *passargout = NULL;	char 	*passin = NULL, *passout = NULL;	point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;	int	new_form = 0;	int	asn1_flag = OPENSSL_EC_NAMED_CURVE;	int 	new_asn1_flag = 0;	apps_startup();	if (bio_err == NULL)		if ((bio_err=BIO_new(BIO_s_file())) != NULL)			BIO_set_fp(bio_err, OPENSSL_TYPE__FILE_STDERR, BIO_NOCLOSE|BIO_FP_TEXT);	if (!load_config(bio_err, NULL))		goto end;	engine = NULL;	infile = NULL;	outfile = NULL;	informat = FORMAT_PEM;	outformat = FORMAT_PEM;	prog = argv[0];	argc--;	argv++;	while (argc >= 1)		{		if (TINYCLR_SSL_STRCMP(*argv,"-inform") == 0)			{			if (--argc < 1) goto bad;			informat=str2fmt(*(++argv));			}		else if (TINYCLR_SSL_STRCMP(*argv,"-outform") == 0)			{			if (--argc < 1) goto bad;			outformat=str2fmt(*(++argv));			}		else if (TINYCLR_SSL_STRCMP(*argv,"-in") == 0)			{			if (--argc < 1) goto bad;			infile= *(++argv);			}		else if (TINYCLR_SSL_STRCMP(*argv,"-out") == 0)			{			if (--argc < 1) goto bad;			outfile= *(++argv);			}		else if (TINYCLR_SSL_STRCMP(*argv,"-passin") == 0)			{			if (--argc < 1) goto bad;			passargin= *(++argv);			}		else if (TINYCLR_SSL_STRCMP(*argv,"-passout") == 0)			{			if (--argc < 1) goto bad;			passargout= *(++argv);			}		else if (TINYCLR_SSL_STRCMP(*argv, "-engine") == 0)			{			if (--argc < 1) goto bad;			engine= *(++argv);			}		else if (TINYCLR_SSL_STRCMP(*argv, "-noout") == 0)			noout = 1;		else if (TINYCLR_SSL_STRCMP(*argv, "-text") == 0)			text = 1;		else if (TINYCLR_SSL_STRCMP(*argv, "-conv_form") == 0)			{			if (--argc < 1)				goto bad;			++argv;			new_form = 1;			if (TINYCLR_SSL_STRCMP(*argv, "compressed") == 0)				form = POINT_CONVERSION_COMPRESSED;			else if (TINYCLR_SSL_STRCMP(*argv, "uncompressed") == 0)				form = POINT_CONVERSION_UNCOMPRESSED;			else if (TINYCLR_SSL_STRCMP(*argv, "hybrid") == 0)				form = POINT_CONVERSION_HYBRID;			else				goto bad;			}		else if (TINYCLR_SSL_STRCMP(*argv, "-param_enc") == 0)			{			if (--argc < 1)				goto bad;			++argv;//.........这里部分代码省略.........

int MAIN(int argc, char **argv)	{	int i,badops=0,offset=0,ret=1,j;	unsigned int length=0;	long num,tmplen;	BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;	int informat,indent=0, noout = 0, dump = 0;	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;	char *genstr=NULL, *genconf=NULL;	unsigned char *tmpbuf;	const unsigned char *ctmpbuf;	BUF_MEM *buf=NULL;	STACK_OF(OPENSSL_STRING) *osk=NULL;	ASN1_TYPE *at=NULL;	informat=FORMAT_PEM;	apps_startup();	if (bio_err == NULL)		if ((bio_err=BIO_new(BIO_s_file())) != NULL)			BIO_set_fp(bio_err,OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE|BIO_FP_TEXT);	if (!load_config(bio_err, NULL))		goto end;	prog=argv[0];	argc--;	argv++;	if ((osk=sk_OPENSSL_STRING_new_null()) == NULL)		{		BIO_printf(bio_err,"Memory allocation failure/n");		goto end;		}	while (argc >= 1)		{		if 	(TINYCLR_SSL_STRCMP(*argv,"-inform") == 0)			{			if (--argc < 1) goto bad;			informat=str2fmt(*(++argv));			}		else if (TINYCLR_SSL_STRCMP(*argv,"-in") == 0)			{			if (--argc < 1) goto bad;			infile= *(++argv);			}		else if (TINYCLR_SSL_STRCMP(*argv,"-out") == 0)			{			if (--argc < 1) goto bad;			derfile= *(++argv);			}		else if (TINYCLR_SSL_STRCMP(*argv,"-i") == 0)			{			indent=1;			}		else if (TINYCLR_SSL_STRCMP(*argv,"-noout") == 0) noout = 1;		else if (TINYCLR_SSL_STRCMP(*argv,"-oid") == 0)			{			if (--argc < 1) goto bad;			oidfile= *(++argv);			}		else if (TINYCLR_SSL_STRCMP(*argv,"-offset") == 0)			{			if (--argc < 1) goto bad;			offset= atoi(*(++argv));			}		else if (TINYCLR_SSL_STRCMP(*argv,"-length") == 0)			{			if (--argc < 1) goto bad;			length= atoi(*(++argv));			if (length == 0) goto bad;			}		else if (TINYCLR_SSL_STRCMP(*argv,"-dump") == 0)			{			dump= -1;			}		else if (TINYCLR_SSL_STRCMP(*argv,"-dlimit") == 0)			{			if (--argc < 1) goto bad;			dump= atoi(*(++argv));			if (dump <= 0) goto bad;			}		else if (TINYCLR_SSL_STRCMP(*argv,"-strparse") == 0)			{			if (--argc < 1) goto bad;			sk_OPENSSL_STRING_push(osk,*(++argv));			}		else if (TINYCLR_SSL_STRCMP(*argv,"-genstr") == 0)			{			if (--argc < 1) goto bad;			genstr= *(++argv);			}		else if (TINYCLR_SSL_STRCMP(*argv,"-genconf") == 0)			{			if (--argc < 1) goto bad;			genconf= *(++argv);			}		else			{			BIO_printf(bio_err,"unknown option %s/n",*argv);//.........这里部分代码省略.........

intmain(int argc, char **argv){	BIO *bio_in, *bio_content, *bio_out, *bio_cert, *bio_pkey;	STACK_OF(X509) *certs;	const EVP_CIPHER *cipher;	EVP_PKEY *pkey;	X509_STORE *store;	X509 *cert;	PKCS7 *p7;	size_t len;	char *out;	int flags;	ERR_load_crypto_strings();	OpenSSL_add_all_algorithms();	/*	 * A bunch of setup...	 */	cipher = EVP_aes_256_cbc();	if (cipher == NULL)		fatal("cipher");	certs = sk_X509_new_null();	if (certs == NULL)		fatal("sk_X509_new_null");	bio_cert = BIO_new_mem_buf((char *)certificate, sizeof(certificate));	if (bio_cert == NULL)		fatal("BIO_new_mem_buf certificate");	cert = PEM_read_bio_X509_AUX(bio_cert, NULL, NULL, NULL);	if (cert == NULL)		fatal("PEM_read_bio_X509_AUX");	sk_X509_push(certs, cert);	store = X509_STORE_new();	if (store == NULL)		fatal("X509_STORE_new");	X509_STORE_set_verify_cb(store, x509_store_callback);	bio_pkey = BIO_new_mem_buf((char *)private_key, sizeof(private_key));	if (bio_pkey == NULL)		fatal("BIO_new_mem_buf private_key");	pkey = PEM_read_bio_PrivateKey(bio_pkey, NULL, NULL, NULL);	if (pkey == NULL)		fatal("PEM_read_bio_PrivateKey");	bio_content = BIO_new_mem_buf((char *)message, sizeof(message));	if (bio_content == NULL)		fatal("BIO_new_mem_buf message");	/*	 * Encrypt and then decrypt.	 */	if (BIO_reset(bio_content) != 1)		fatal("BIO_reset");	bio_out = BIO_new(BIO_s_mem());	if (bio_out == NULL)		fatal("BIO_new");	p7 = PKCS7_encrypt(certs, bio_content, cipher, 0);	if (p7 == NULL)		fatal("PKCS7_encrypt");	if (PEM_write_bio_PKCS7(bio_out, p7) != 1)		fatal("PEM_write_bio_PKCS7");	PKCS7_free(p7);	bio_in = bio_out;	bio_out = BIO_new(BIO_s_mem());	if (bio_out == NULL)		fatal("BIO_new");	p7 = PEM_read_bio_PKCS7(bio_in, NULL, NULL, NULL);	if (p7 == NULL)		fatal("PEM_read_bio_PKCS7");	if (PKCS7_decrypt(p7, pkey, cert, bio_out, 0) != 1)		fatal("PKCS7_decrypt");	len = BIO_get_mem_data(bio_out, &out);	message_compare(out, len);	BIO_free(bio_out);	/*	 * Sign and then verify.	 */	if (BIO_reset(bio_content) != 1)		fatal("BIO_reset");	bio_out = BIO_new(BIO_s_mem());	if (bio_out == NULL)		fatal("BIO_new");	p7 = PKCS7_sign(cert, pkey, certs, bio_content, 0);	if (p7 == NULL)		fatal("PKCS7_sign");	if (PEM_write_bio_PKCS7(bio_out, p7) != 1)		fatal("PEM_write_bio_PKCS7");//.........这里部分代码省略.........

int doit(char *ctx[4]){    SSL_CTX *s_ctx, *c_ctx;    static char cbuf[200], sbuf[200];    SSL *c_ssl = NULL;    SSL *s_ssl = NULL;    BIO *c_to_s = NULL;    BIO *s_to_c = NULL;    BIO *c_bio = NULL;    BIO *s_bio = NULL;    int c_r, c_w, s_r, s_w;    int c_want, s_want;    int i;    int done = 0;    int c_write, s_write;    int do_server = 0, do_client = 0;    s_ctx = (SSL_CTX *)ctx[0];    c_ctx = (SSL_CTX *)ctx[1];    if (ctx[2] != NULL)        s_ssl = (SSL *)ctx[2];    else        s_ssl = SSL_new(s_ctx);    if (ctx[3] != NULL)        c_ssl = (SSL *)ctx[3];    else        c_ssl = SSL_new(c_ctx);    if ((s_ssl == NULL) || (c_ssl == NULL))        goto err;    c_to_s = BIO_new(BIO_s_mem());    s_to_c = BIO_new(BIO_s_mem());    if ((s_to_c == NULL) || (c_to_s == NULL))        goto err;    c_bio = BIO_new(BIO_f_ssl());    s_bio = BIO_new(BIO_f_ssl());    if ((c_bio == NULL) || (s_bio == NULL))        goto err;    SSL_set_connect_state(c_ssl);    SSL_set_bio(c_ssl, s_to_c, c_to_s);    BIO_set_ssl(c_bio, c_ssl, (ctx[2] == NULL) ? BIO_CLOSE : BIO_NOCLOSE);    SSL_set_accept_state(s_ssl);    SSL_set_bio(s_ssl, c_to_s, s_to_c);    BIO_set_ssl(s_bio, s_ssl, (ctx[3] == NULL) ? BIO_CLOSE : BIO_NOCLOSE);    c_r = 0;    s_r = 1;    c_w = 1;    s_w = 0;    c_want = W_WRITE;    s_want = 0;    c_write = 1, s_write = 0;    /* We can always do writes */    for (;;) {        do_server = 0;        do_client = 0;        i = (int)BIO_pending(s_bio);        if ((i && s_r) || s_w)            do_server = 1;        i = (int)BIO_pending(c_bio);        if ((i && c_r) || c_w)            do_client = 1;        if (do_server && verbose) {            if (SSL_in_init(s_ssl))                printf("server waiting in SSL_accept - %s/n",                       SSL_state_string_long(s_ssl));            else if (s_write)                printf("server:SSL_write()/n");            else                printf("server:SSL_read()/n");        }        if (do_client && verbose) {            if (SSL_in_init(c_ssl))                printf("client waiting in SSL_connect - %s/n",                       SSL_state_string_long(c_ssl));            else if (c_write)                printf("client:SSL_write()/n");            else                printf("client:SSL_read()/n");        }        if (!do_client && !do_server) {            fprintf(stdout, "ERROR IN STARTUP/n");            break;        }        if (do_client && !(done & C_DONE)) {            if (c_write) {                i = BIO_write(c_bio, "hello from client/n", 18);                if (i < 0) {//.........这里部分代码省略.........

int MAIN(int argc, char **argv)	{	BN_GENCB cb;#ifndef OPENSSL_NO_ENGINE	ENGINE *e = NULL;#endif	DH *dh=NULL;	int ret=1,num=DEFBITS;	int g=2;	char *outfile=NULL;	char *inrand=NULL;#ifndef OPENSSL_NO_ENGINE	char *engine=NULL;#endif	BIO *out=NULL;	apps_startup();	BN_GENCB_set(&cb, dh_cb, bio_err);	if (bio_err == NULL)		if ((bio_err=BIO_new(BIO_s_file())) != NULL)			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);	if (!load_config(bio_err, NULL))		goto end;	argv++;	argc--;	for (;;)		{		if (argc <= 0) break;		if (strcmp(*argv,"-out") == 0)			{			if (--argc < 1) goto bad;			outfile= *(++argv);			}		else if (strcmp(*argv,"-2") == 0)			g=2;	/*	else if (strcmp(*argv,"-3") == 0)			g=3; */		else if (strcmp(*argv,"-5") == 0)			g=5;#ifndef OPENSSL_NO_ENGINE		else if (strcmp(*argv,"-engine") == 0)			{			if (--argc < 1) goto bad;			engine= *(++argv);			}#endif		else if (strcmp(*argv,"-rand") == 0)			{			if (--argc < 1) goto bad;			inrand= *(++argv);			}		else			break;		argv++;		argc--;		}	if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))		{bad:		BIO_printf(bio_err,"usage: gendh [args] [numbits]/n");		BIO_printf(bio_err," -out file - output the key to 'file/n");		BIO_printf(bio_err," -2        - use 2 as the generator value/n");	/*	BIO_printf(bio_err," -3        - use 3 as the generator value/n"); */		BIO_printf(bio_err," -5        - use 5 as the generator value/n");#ifndef OPENSSL_NO_ENGINE		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device./n");#endif		BIO_printf(bio_err," -rand file%cfile%c.../n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);		BIO_printf(bio_err,"           - load the file (or the files in the directory) into/n");		BIO_printf(bio_err,"             the random number generator/n");		goto end;		}		#ifndef OPENSSL_NO_ENGINE        e = setup_engine(bio_err, engine, 0);#endif	out=BIO_new(BIO_s_file());	if (out == NULL)		{		ERR_print_errors(bio_err);		goto end;		}	if (outfile == NULL)		{		BIO_set_fp(out,stdout,BIO_NOCLOSE);#ifdef OPENSSL_SYS_VMS		{		BIO *tmpbio = BIO_new(BIO_f_linebuffer());		out = BIO_push(tmpbio, out);		}#endif		}	else		{		if (BIO_write_filename(out,outfile) <= 0)//.........这里部分代码省略.........

//.........这里部分代码省略.........	if( fp == NULL )	{		return -1;	}	if( fseek(fp, 0L, SEEK_END) != 0 )	{		fclose(fp);		return -2;	}	FileSize = ftell(fp);	if( FileSize < 0 )	{		fclose(fp);		return -3;	}	if( fseek(fp, 0L, SEEK_SET) != 0 )	{		fclose(fp);		return -4;	}	FileContent = SafeMalloc(FileSize);	if( FileContent == NULL )	{		fclose(fp);		return -5;	}	if( fread(FileContent, 1, FileSize, fp) != FileSize )	{		SafeFree(FileContent);		fclose(fp);		return -6;	}	fclose(fp);	ub64 = BIO_new(BIO_f_base64());	if( ub64 == NULL )	{		SafeFree(FileContent);		return -7;	}	bmem = BIO_new_mem_buf(FileContent, FileSize);	if( ub64 == NULL )	{		SafeFree(FileContent);		return -8;	}	fp = fopen(File, "wb");	if( fp == NULL )	{		BIO_free_all(bmem);		SafeFree(FileContent);		return -9;	}	bmem = BIO_push(ub64, bmem);	if( bmem== NULL )	{		SafeFree(FileContent);		fclose(fp);		return -10;	}	ResultContent = SafeMalloc(FileSize);	if( ResultContent == NULL )	{		BIO_free_all(bmem);		SafeFree(FileContent);		fclose(fp);		return -11;	}	OutputSize = BIO_read(bmem, ResultContent, FileSize);	if( OutputSize < 1 )	{		BIO_free_all(bmem);		SafeFree(ResultContent);		SafeFree(FileContent);		fclose(fp);		return -12;	}	fwrite(ResultContent, 1, OutputSize, fp);	BIO_free_all(bmem);	SafeFree(ResultContent);	SafeFree(FileContent);	fclose(fp);	return 0;#endif /* WIN32 */}

int MAIN(int argc, char **argv){    int off=0;    SSL *con=NULL,*con2=NULL;    X509_STORE *store = NULL;    int s,k,width,state=0;    char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;    int cbuf_len,cbuf_off;    int sbuf_len,sbuf_off;    fd_set readfds,writefds;    short port=PORT;    int full_log=1;    char *host=SSL_HOST_NAME;    char *cert_file=NULL,*key_file=NULL;    int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;    char *passarg = NULL, *pass = NULL;    X509 *cert = NULL;    EVP_PKEY *key = NULL;    char *CApath=NULL,*CAfile=NULL,*cipher=NULL;    int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;    int crlf=0;    int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;    SSL_CTX *ctx=NULL;    int ret=1,in_init=1,i,nbio_test=0;    int starttls_proto = 0;    int prexit = 0, vflags = 0;    SSL_METHOD *meth=NULL;#ifdef sock_type#undef sock_type#endif    int sock_type=SOCK_STREAM;    BIO *sbio;    char *inrand=NULL;#ifndef OPENSSL_NO_ENGINE    char *engine_id=NULL;    ENGINE *e=NULL;#endif#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)    struct timeval tv;#endif    struct sockaddr peer;    int peerlen = sizeof(peer);    int enable_timeouts = 0 ;    long mtu = 0;#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)    meth=SSLv23_client_method();#elif !defined(OPENSSL_NO_SSL3)    meth=SSLv3_client_method();#elif !defined(OPENSSL_NO_SSL2)    meth=SSLv2_client_method();#endif    apps_startup();    c_Pause=0;    c_quiet=0;    c_ign_eof=0;    c_debug=0;    c_msg=0;    c_showcerts=0;    if (bio_err == NULL)        bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);    if (!load_config(bio_err, NULL))        goto end;    if (	((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||            ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||            ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))    {        BIO_printf(bio_err,"out of memory/n");        goto end;    }    verify_depth=0;    verify_error=X509_V_OK;#ifdef FIONBIO    c_nbio=0;#endif    argc--;    argv++;    while (argc >= 1)    {        if	(strcmp(*argv,"-host") == 0)        {            if (--argc < 1) goto bad;            host= *(++argv);        }        else if	(strcmp(*argv,"-port") == 0)        {            if (--argc < 1) goto bad;            port=atoi(*(++argv));            if (port == 0) goto bad;        }        else if (strcmp(*argv,"-connect") == 0)        {            if (--argc < 1) goto bad;//.........这里部分代码省略.........

int MAIN(int argc, char **argv){    ENGINE *e = NULL;    char *infile=NULL, *outfile=NULL, *keyname = NULL;	    char *certfile=NULL;    BIO *in=NULL, *out = NULL;    char **args;    char *name = NULL;    char *csp_name = NULL;    PKCS12 *p12 = NULL;    char pass[50], macpass[50];    int export_cert = 0;    int options = 0;    int chain = 0;    int badarg = 0;    int iter = PKCS12_DEFAULT_ITER;    int maciter = PKCS12_DEFAULT_ITER;    int twopass = 0;    int keytype = 0;    int cert_pbe;    int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;    int ret = 1;    int macver = 1;    int noprompt = 0;    STACK *canames = NULL;    char *cpass = NULL, *mpass = NULL;    char *passargin = NULL, *passargout = NULL, *passarg = NULL;    char *passin = NULL, *passout = NULL;    char *inrand = NULL;    char *CApath = NULL, *CAfile = NULL;#ifndef OPENSSL_NO_ENGINE    char *engine=NULL;#endif    apps_startup();#ifdef OPENSSL_FIPS    if (FIPS_mode())	cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;    else#endif    cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;    enc = EVP_des_ede3_cbc();    if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);	if (!load_config(bio_err, NULL))		goto end;    args = argv + 1;    while (*args) {	if (*args[0] == '-') {		if (!strcmp (*args, "-nokeys")) options |= NOKEYS;		else if (!strcmp (*args, "-keyex")) keytype = KEY_EX;		else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG;		else if (!strcmp (*args, "-nocerts")) options |= NOCERTS;		else if (!strcmp (*args, "-clcerts")) options |= CLCERTS;		else if (!strcmp (*args, "-cacerts")) options |= CACERTS;		else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS);		else if (!strcmp (*args, "-info")) options |= INFO;		else if (!strcmp (*args, "-chain")) chain = 1;		else if (!strcmp (*args, "-twopass")) twopass = 1;		else if (!strcmp (*args, "-nomacver")) macver = 0;		else if (!strcmp (*args, "-descert"))    			cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;		else if (!strcmp (*args, "-export")) export_cert = 1;		else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();#ifndef OPENSSL_NO_IDEA		else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();#endif		else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();#ifndef OPENSSL_NO_AES		else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();		else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();		else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();#endif		else if (!strcmp (*args, "-noiter")) iter = 1;		else if (!strcmp (*args, "-maciter"))					 maciter = PKCS12_DEFAULT_ITER;		else if (!strcmp (*args, "-nomaciter"))					 maciter = 1;		else if (!strcmp (*args, "-nodes")) enc=NULL;		else if (!strcmp (*args, "-certpbe")) {			if (args[1]) {				args++;				cert_pbe=OBJ_txt2nid(*args);				if(cert_pbe == NID_undef) {					BIO_printf(bio_err,						 "Unknown PBE algorithm %s/n", *args);					badarg = 1;				}			} else badarg = 1;		} else if (!strcmp (*args, "-keypbe")) {			if (args[1]) {				args++;				key_pbe=OBJ_txt2nid(*args);				if(key_pbe == NID_undef) {					BIO_printf(bio_err,//.........这里部分代码省略.........

int main(int argc, char *argv[])	{	BN_CTX *ctx;	BIO *out=NULL;	int i,ret;	unsigned char c;	BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't	                                       * even check its return value	                                       * (which we should) */	ERR_load_BN_strings();	ctx=BN_CTX_new();	if (ctx == NULL) EXIT(1);	r_mont=BN_new();	r_mont_const=BN_new();	r_recp=BN_new();	r_simple=BN_new();	a=BN_new();	b=BN_new();	m=BN_new();	if (	(r_mont == NULL) || (r_recp == NULL) ||		(a == NULL) || (b == NULL))		goto err;	out=BIO_new(BIO_s_file());	if (out == NULL) EXIT(1);	BIO_set_fp(out,stdout,BIO_NOCLOSE);	for (i=0; i<200; i++)		{		RAND_bytes(&c,1);		c=(c%BN_BITS)-BN_BITS2;		BN_rand(a,NUM_BITS+c,0,0);		RAND_bytes(&c,1);		c=(c%BN_BITS)-BN_BITS2;		BN_rand(b,NUM_BITS+c,0,0);		RAND_bytes(&c,1);		c=(c%BN_BITS)-BN_BITS2;		BN_rand(m,NUM_BITS+c,0,1);		BN_mod(a,a,m,ctx);		BN_mod(b,b,m,ctx);		ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);		if (ret <= 0)			{			printf("BN_mod_exp_mont() problems/n");			ERR_print_errors(out);			EXIT(1);			}		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);		if (ret <= 0)			{			printf("BN_mod_exp_recp() problems/n");			ERR_print_errors(out);			EXIT(1);			}		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);		if (ret <= 0)			{			printf("BN_mod_exp_simple() problems/n");			ERR_print_errors(out);			EXIT(1);			}		ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);		if (ret <= 0)			{			printf("BN_mod_exp_mont_consttime() problems/n");			ERR_print_errors(out);			EXIT(1);			}		if (BN_cmp(r_simple, r_mont) == 0		    && BN_cmp(r_simple,r_recp) == 0			&& BN_cmp(r_simple,r_mont_const) == 0)			{			printf(".");			fflush(stdout);			}		else		  	{			if (BN_cmp(r_simple,r_mont) != 0)				printf("/nsimple and mont results differ/n");			if (BN_cmp(r_simple,r_mont_const) != 0)				printf("/nsimple and mont const time results differ/n");			if (BN_cmp(r_simple,r_recp) != 0)				printf("/nsimple and recp results differ/n");			printf("a (%3d) = ",BN_num_bits(a));   BN_print(out,a);			printf("/nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);			printf("/nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);//.........这里部分代码省略.........

/***sign x509_req object@function sign@tparam evp_pkey pkey private key which to sign x509_req object@tparam number|string|evp_md md message digest alg used to sign@treturn boolean result true for suceess*/static LUA_FUNCTION(openssl_csr_sign){  X509_REQ * csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req");  EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr);  if (auxiliar_getclassudata(L, "openssl.evp_pkey", 2))  {    EVP_PKEY *pkey = CHECK_OBJECT(2, EVP_PKEY, "openssl.evp_pkey");    const EVP_MD* md = get_digest(L, 3, "sha256");    int ret = 1;    if (pubkey == NULL)    {      BIO* bio = BIO_new(BIO_s_mem());      if ((ret = i2d_PUBKEY_bio(bio, pkey)) == 1)      {        pubkey = d2i_PUBKEY_bio(bio, NULL);        if (pubkey)        {          ret = X509_REQ_set_pubkey(csr, pubkey);          EVP_PKEY_free(pubkey);        }        else        {          ret = 0;        }      }      BIO_free(bio);    }    else    {      EVP_PKEY_free(pubkey);    }    if (ret == 1)      ret = X509_REQ_sign(csr, pkey, md);    return openssl_pushresult(L, ret);  }  else if (lua_isstring(L, 2))  {    size_t siglen;    unsigned char* sigdata = (unsigned char*)luaL_checklstring(L, 2, &siglen);    const EVP_MD* md = get_digest(L, 3, NULL);    ASN1_BIT_STRING *sig = NULL;    X509_ALGOR *alg = NULL;    luaL_argcheck(L, pubkey != NULL, 1, "has not set public key!!!");    X509_REQ_get0_signature(csr, (const ASN1_BIT_STRING **)&sig, (const X509_ALGOR **)&alg);    /* (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) ? V_ASN1_NULL : V_ASN1_UNDEF, */    X509_ALGOR_set0((X509_ALGOR *)alg, OBJ_nid2obj(EVP_MD_pkey_type(md)), V_ASN1_NULL, NULL);    ASN1_BIT_STRING_set((ASN1_BIT_STRING *)sig, sigdata, siglen);    /*    * In the interests of compatibility, I'll make sure that the bit string    * has a 'not-used bits' value of 0    */    sig->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);    sig->flags |= ASN1_STRING_FLAG_BITS_LEFT;    lua_pushboolean(L, 1);    return 1;  }  else  {    int inl;    unsigned char* tosign = NULL;    luaL_argcheck(L, pubkey != NULL, 1, "has not set public key!!!");    inl = i2d_re_X509_REQ_tbs(csr, &tosign);    if (inl > 0 && tosign)    {      lua_pushlstring(L, (const char*)tosign, inl);      OPENSSL_free(tosign);      return 1;    }    return openssl_pushresult(L, 0);  }}

int main(int argc, char *argv[]){    BN_GENCB *_cb = NULL;    DH *a = NULL;    DH *b = NULL;    char buf[12] = {0};    unsigned char *abuf = NULL;    unsigned char *bbuf = NULL;    int i, alen, blen, aout, bout;    int ret = 1;    BIO *out = NULL;    CRYPTO_set_mem_debug(1);    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);    RAND_seed(rnd_seed, sizeof rnd_seed);    out = BIO_new(BIO_s_file());    if (out == NULL)        EXIT(1);    BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);    _cb = BN_GENCB_new();    if (_cb == NULL)        goto err;    BN_GENCB_set(_cb, &cb, out);    if (((a = DH_new()) == NULL)        || (!DH_generate_parameters_ex(a, 64, DH_GENERATOR_5, _cb)))        goto err;    if (!DH_check(a, &i))        goto err;    if (i & DH_CHECK_P_NOT_PRIME)        BIO_puts(out, "p value is not prime/n");    if (i & DH_CHECK_P_NOT_SAFE_PRIME)        BIO_puts(out, "p value is not a safe prime/n");    if (i & DH_UNABLE_TO_CHECK_GENERATOR)        BIO_puts(out, "unable to check the generator value/n");    if (i & DH_NOT_SUITABLE_GENERATOR)        BIO_puts(out, "the g value is not a generator/n");    BIO_puts(out, "/np    =");    BN_print(out, a->p);    BIO_puts(out, "/ng    =");    BN_print(out, a->g);    BIO_puts(out, "/n");    b = DH_new();    if (b == NULL)        goto err;    b->p = BN_dup(a->p);    b->g = BN_dup(a->g);    if ((b->p == NULL) || (b->g == NULL))        goto err;    /* Set a to run with normal modexp and b to use constant time */    a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;    b->flags |= DH_FLAG_NO_EXP_CONSTTIME;    if (!DH_generate_key(a))        goto err;    BIO_puts(out, "pri 1=");    BN_print(out, a->priv_key);    BIO_puts(out, "/npub 1=");    BN_print(out, a->pub_key);    BIO_puts(out, "/n");    if (!DH_generate_key(b))        goto err;    BIO_puts(out, "pri 2=");    BN_print(out, b->priv_key);    BIO_puts(out, "/npub 2=");    BN_print(out, b->pub_key);    BIO_puts(out, "/n");    alen = DH_size(a);    abuf = OPENSSL_malloc(alen);    if (abuf == NULL)        goto err;    aout = DH_compute_key(abuf, b->pub_key, a);    BIO_puts(out, "key1 =");    for (i = 0; i < aout; i++) {        sprintf(buf, "%02X", abuf[i]);        BIO_puts(out, buf);    }    BIO_puts(out, "/n");    blen = DH_size(b);    bbuf = OPENSSL_malloc(blen);    if (bbuf == NULL)        goto err;    bout = DH_compute_key(bbuf, a->pub_key, b);    BIO_puts(out, "key2 =");    for (i = 0; i < bout; i++) {        sprintf(buf, "%02X", bbuf[i]);//.........这里部分代码省略.........

int MAIN(int argc, char **argv)    {    int hex=0;    int checks=20;    BIGNUM *bn=NULL;    BIO *bio_out;    apps_startup();    if (bio_err == NULL)	if ((bio_err=BIO_new(BIO_s_file())) != NULL)	    BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);    --argc;    ++argv;    while (argc >= 1 && **argv == '-')	{	if(!strcmp(*argv,"-hex"))	    hex=1;	else if(!strcmp(*argv,"-checks"))	    if(--argc < 1)		goto bad;	    else		checks=atoi(*++argv);	else	    {	    BIO_printf(bio_err,"Unknown option '%s'/n",*argv);	    goto bad;	    }	--argc;	++argv;	}    if (argv[0] == NULL)	{	BIO_printf(bio_err,"No prime specified/n");	goto bad;	}   if ((bio_out=BIO_new(BIO_s_file())) != NULL)	{	BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);#ifdef OPENSSL_SYS_VMS	    {	    BIO *tmpbio = BIO_new(BIO_f_linebuffer());	    bio_out = BIO_push(tmpbio, bio_out);	    }#endif	}    if(hex)	BN_hex2bn(&bn,argv[0]);    else	BN_dec2bn(&bn,argv[0]);    BN_print(bio_out,bn);    BIO_printf(bio_out," is %sprime/n",	       BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not ");    BN_free(bn);    BIO_free_all(bio_out);    return 0;    bad:    BIO_printf(bio_err,"options are/n");    BIO_printf(bio_err,"%-14s hex/n","-hex");    BIO_printf(bio_err,"%-14s number of checks/n","-checks <n>");    return 1;    }

/* * Read a file that contains our certificate in "PEM" format, possibly * followed by a sequence of CA certificates that should be sent to the peer * in the Certificate message. */static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file){    BIO *in;    int ret = 0;    X509 *x = NULL;    ERR_clear_error();          /* clear error stack for                                 * SSL_CTX_use_certificate() */    in = BIO_new(BIO_s_file_internal());    if (in == NULL) {        SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);        goto end;    }    if (BIO_read_filename(in, file) <= 0) {        SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);        goto end;    }    x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,                              ctx->default_passwd_callback_userdata);    if (x == NULL) {        SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);        goto end;    }    if (ctx)        ret = SSL_CTX_use_certificate(ctx, x);    else        ret = SSL_use_certificate(ssl, x);    if (ERR_peek_error() != 0)        ret = 0;                /* Key/certificate mismatch doesn't imply                                 * ret==0 ... */    if (ret) {        /*         * If we could set up our certificate, now proceed to the CA         * certificates.         */        X509 *ca;        int r;        unsigned long err;        if (ctx)            r = SSL_CTX_clear_chain_certs(ctx);        else            r = SSL_clear_chain_certs(ssl);        if (r == 0) {            ret = 0;            goto end;        }        while ((ca = PEM_read_bio_X509(in, NULL,                                       ctx->default_passwd_callback,                                       ctx->default_passwd_callback_userdata))               != NULL) {            if (ctx)                r = SSL_CTX_add0_chain_cert(ctx, ca);            else                r = SSL_add0_chain_cert(ssl, ca);            /*             * Note that we must not free ca if it was successfully added to             * the chain (while we must free the main certificate, since its             * reference count is increased by SSL_CTX_use_certificate).             */            if (!r) {                X509_free(ca);                ret = 0;                goto end;            }        }        /* When the while loop ends, it's usually just EOF. */        err = ERR_peek_last_error();        if (ERR_GET_LIB(err) == ERR_LIB_PEM            && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)            ERR_clear_error();        else            ret = 0;            /* some real error */    } end:    X509_free(x);    BIO_free(in);    return (ret);}

void ssl3_init_finished_mac(SSL *s){    ssl3_free_digest_list(s);    s->s3->handshake_buffer = BIO_new(BIO_s_mem());    (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);}

static int tls_drv_control(ErlDrvData handle,			   unsigned int command,			   char *buf, int len,			   char **rbuf, int rlen){   tls_data *d = (tls_data *)handle;   int res;   int size;   ErlDrvBinary *b;   switch (command)   {      case SET_CERTIFICATE_FILE:	 d->ctx = SSL_CTX_new(SSLv23_server_method());	 die_unless(d->ctx, "SSL_CTX_new failed");	 res = SSL_CTX_use_certificate_chain_file(d->ctx, buf);	 die_unless(res > 0, "ssl_ctx_use_certificate_chain_file failed");	 res = SSL_CTX_use_PrivateKey_file(d->ctx, buf, SSL_FILETYPE_PEM);	 die_unless(res > 0, "SSL_CTX_use_PrivateKey_file failed");	 res = SSL_CTX_check_private_key(d->ctx);	 die_unless(res > 0, "SSL_CTX_check_private_key failed");	 d->ssl = SSL_new(d->ctx);	 die_unless(d->ssl, "SSL_new failed");	 d->bio_read = BIO_new(BIO_s_mem());	 d->bio_write = BIO_new(BIO_s_mem());	 SSL_set_bio(d->ssl, d->bio_read, d->bio_write);	 SSL_set_accept_state(d->ssl);	 break;      case SET_ENCRYPTED_INPUT:	 die_unless(d->ssl, "SSL not initialized");	 BIO_write(d->bio_read, buf, len);	 break;      case SET_DECRYPTED_OUTPUT:	 die_unless(d->ssl, "SSL not initialized");	 res = SSL_write(d->ssl, buf, len);	 break;      case GET_ENCRYPTED_OUTPUT:	 die_unless(d->ssl, "SSL not initialized");	 size = BUF_SIZE + 1;	 rlen = 1;	 b = driver_alloc_binary(size);	 b->orig_bytes[0] = 0;	 while ((res = BIO_read(d->bio_write,				b->orig_bytes + rlen, BUF_SIZE)) > 0)	 {	    //printf("%d bytes of encrypted data read from state machine/r/n", res);	    rlen += res;	    size += BUF_SIZE;	    b = driver_realloc_binary(b, size);	 }	 b = driver_realloc_binary(b, rlen);	 *rbuf = (char *)b;	 return rlen;      case GET_DECRYPTED_INPUT:	 if (!SSL_is_init_finished(d->ssl))	 {	    //printf("Doing SSL_accept/r/n");	    res = SSL_accept(d->ssl);	    //if (res == 0)	    //   printf("SSL_accept returned zero/r/n");	    if (res < 0)	       die_unless(SSL_get_error(d->ssl, res) == SSL_ERROR_WANT_READ,			  "SSL_accept failed");	 } else {	    size = BUF_SIZE + 1;	    rlen = 1;	    b = driver_alloc_binary(size);	    b->orig_bytes[0] = 0;	    while ((res = SSL_read(d->ssl,				   b->orig_bytes + rlen, BUF_SIZE)) > 0)	    {	       //printf("%d bytes of decrypted data read from state machine/r/n",res);	       rlen += res;	       size += BUF_SIZE;	       b = driver_realloc_binary(b, size);	    }	    if (res < 0)	    {	       int err = SSL_get_error(d->ssl, res);	       if (err == SSL_ERROR_WANT_READ)	       {		  //printf("SSL_read wants more data/r/n");		  //return 0;	       }	       // TODO	    }	    b = driver_realloc_binary(b, rlen);	    *rbuf = (char *)b;	    return rlen;//.........这里部分代码省略.........

int MAIN(int argc, char **argv)	{	ENGINE *e = NULL;	char **args, *outfile = NULL;	char *passarg = NULL;	BIO *in = NULL, *out = NULL;	const EVP_CIPHER *cipher = NULL;	int outformat;	int text = 0;	EVP_PKEY *pkey=NULL;	EVP_PKEY_CTX *ctx = NULL;	char *pass = NULL;	int badarg = 0;	int ret = 1, rv;	int do_param = 0;	if (bio_err == NULL)		bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);	if (!load_config(bio_err, NULL))		goto end;	outformat=FORMAT_PEM;	ERR_load_crypto_strings();	OpenSSL_add_all_algorithms();	args = argv + 1;	while (!badarg && *args && *args[0] == '-')		{		if (!strcmp(*args,"-outform"))			{			if (args[1])				{				args++;				outformat=str2fmt(*args);				}			else badarg = 1;			}		else if (!strcmp(*args,"-pass"))			{			if (!args[1]) goto bad;			passarg= *(++args);			}#ifndef OPENSSL_NO_ENGINE		else if (strcmp(*args,"-engine") == 0)			{			if (!args[1])				goto bad;        		e = setup_engine(bio_err, *(++args), 0);			}#endif		else if (!strcmp (*args, "-paramfile"))			{			if (!args[1])				goto bad;			args++;			if (do_param == 1)				goto bad;			if (!init_keygen_file(bio_err, &ctx, *args, e))				goto end;			}		else if (!strcmp (*args, "-out"))			{			if (args[1])				{				args++;				outfile = *args;				}			else badarg = 1;			}		else if (strcmp(*args,"-algorithm") == 0)			{			if (!args[1])				goto bad;			if (!init_gen_str(bio_err, &ctx, *(++args),e, do_param))				goto end;			}		else if (strcmp(*args,"-pkeyopt") == 0)			{			if (!args[1])				goto bad;			if (!ctx)				{				BIO_puts(bio_err, "No keytype specified/n");				goto bad;				}			else if (pkey_ctrl_string(ctx, *(++args)) <= 0)				{				BIO_puts(bio_err, "parameter setting error/n");				ERR_print_errors(bio_err);				goto end;				}			}		else if (strcmp(*args,"-genparam") == 0)			{			if (ctx)				goto bad;			do_param = 1;			}//.........这里部分代码省略.........