自学教程：C++ BIO_push函数代码示例

//.........这里部分代码省略.........    else {        if (BIO_read_filename(in, infile) <= 0) {            perror(infile);            goto end;        }    }    BIO_printf(bio_err, "read EC key/n");    if (informat == FORMAT_ASN1) {        if (pubin)            eckey = d2i_EC_PUBKEY_bio(in, NULL);        else            eckey = d2i_ECPrivateKey_bio(in, NULL);    } else if (informat == FORMAT_PEM) {        if (pubin)            eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);        else            eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);    } else {        BIO_printf(bio_err, "bad input format specified for key/n");        goto end;    }    if (eckey == NULL) {        BIO_printf(bio_err, "unable to load Key/n");        ERR_print_errors(bio_err);        goto end;    }    if (outfile == NULL) {        BIO_set_fp(out, stdout, BIO_NOCLOSE);# ifdef OPENSSL_SYS_VMS        {            BIO *tmpbio = BIO_new(BIO_f_linebuffer());            out = BIO_push(tmpbio, out);        }# endif    } else {        if (BIO_write_filename(out, outfile) <= 0) {            perror(outfile);            goto end;        }    }    group = EC_KEY_get0_group(eckey);    if (new_form)        EC_KEY_set_conv_form(eckey, form);    if (new_asn1_flag)        EC_KEY_set_asn1_flag(eckey, asn1_flag);    if (text)        if (!EC_KEY_print(out, eckey, 0)) {            perror(outfile);            ERR_print_errors(bio_err);            goto end;        }    if (noout) {        ret = 0;        goto end;    }    BIO_printf(bio_err, "writing EC key/n");    if (outformat == FORMAT_ASN1) {        if (param_out)

//.........这里部分代码省略.........			BIO_snprintf(buf,sizeof buf,"enter %s %s password:",				     OBJ_nid2ln(EVP_CIPHER_nid(cipher)),				     (enc)?"encryption":"decryption");			strbuf[0]='/0';			i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);			if (i == 0)				{				if (strbuf[0] == '/0')					{					ret=1;					goto end;					}				str=strbuf;				break;				}			if (i < 0)				{				BIO_printf(bio_err,"bad password read/n");				goto end;				}			}		}	if (outf == NULL)		{		BIO_set_fp(out,stdout,BIO_NOCLOSE);		if (bufsize != NULL)			setvbuf(stdout, (char *)NULL, _IONBF, 0);#ifdef OPENSSL_SYS_VMS		{		BIO *tmpbio = BIO_new(BIO_f_linebuffer());		out = BIO_push(tmpbio, out);		}#endif		}	else		{		if (BIO_write_filename(out,outf) <= 0)			{			perror(outf);			goto end;			}		}	rbio=in;	wbio=out;	if (base64)		{		if ((b64=BIO_new(BIO_f_base64())) == NULL)			goto end;		if (debug)			{			BIO_set_callback(b64,BIO_debug_callback);			BIO_set_callback_arg(b64,(char *)bio_err);			}		if (olb64)			BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);		if (enc)			wbio=BIO_push(b64,wbio);		else			rbio=BIO_push(b64,rbio);		}

unsigned int OpenSSLCryptoKeyRSA::signSHA1PKCS1Base64Signature(unsigned char * hashBuf,		unsigned int hashLen,		char * base64SignatureBuf,		unsigned int base64SignatureBufLen,		hashMethod hm) {	// Sign a pre-calculated hash using this key	if (mp_rsaKey == NULL) {		throw XSECCryptoException(XSECCryptoException::RSAError,			"OpenSSL:RSA - Attempt to sign data with empty key");	}	// Build the buffer to be encrypted by prepending the SHA1 OID to the hash	unsigned char * encryptBuf;	unsigned char * preEncryptBuf;	unsigned char * oid;	int oidLen;	int encryptLen;	int preEncryptLen;	oid = getRSASigOID(hm, oidLen);	if (oid == NULL) {		throw XSECCryptoException(XSECCryptoException::RSAError,			"OpenSSL:RSA::sign() - Unsupported HASH algorithm for RSA");	}	if (hashLen != oid[oidLen-1]) {		throw XSECCryptoException(XSECCryptoException::RSAError,			"OpenSSL:RSA::sign() - hashLen incorrect for hash type");	}	preEncryptLen = hashLen + oidLen;	preEncryptBuf = new unsigned char[preEncryptLen];	encryptBuf = new unsigned char[RSA_size(mp_rsaKey)];	memcpy(preEncryptBuf, oid, oidLen);	memcpy(&preEncryptBuf[oidLen], hashBuf, hashLen);	// Now encrypt	encryptLen = RSA_private_encrypt(preEncryptLen,								     preEncryptBuf,									 encryptBuf,									 mp_rsaKey,									 RSA_PKCS1_PADDING);	delete[] preEncryptBuf;	if (encryptLen < 0) {		delete[] encryptBuf;		throw XSECCryptoException(XSECCryptoException::RSAError,			"OpenSSL:RSA::sign() - Error encrypting hash");	}	// Now convert to Base 64	BIO * b64 = BIO_new(BIO_f_base64());	BIO * bmem = BIO_new(BIO_s_mem());	BIO_set_mem_eof_return(bmem, 0);	b64 = BIO_push(b64, bmem);	// Translate signature to Base64	BIO_write(b64, encryptBuf, encryptLen);	BIO_flush(b64);	unsigned int sigValLen = BIO_read(bmem, base64SignatureBuf, base64SignatureBufLen);	BIO_free_all(b64);	delete[] encryptBuf;	if (sigValLen <= 0) {		throw XSECCryptoException(XSECCryptoException::DSAError,			"OpenSSL:RSA - Error base64 encoding signature");	}	return sigValLen;}

int MAIN(int argc, char **argv){    X509_CRL *x=NULL;    char *CAfile = NULL, *CApath = NULL;    int ret=1,i,num,badops=0;    BIO *out=NULL;    int informat,outformat;    char *infile=NULL,*outfile=NULL;    int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;    int fingerprint = 0;    char **pp,buf[256];    X509_STORE *store = NULL;    X509_STORE_CTX ctx;    X509_LOOKUP *lookup = NULL;    X509_OBJECT xobj;    EVP_PKEY *pkey;    int do_ver = 0;    const EVP_MD *md_alg,*digest=EVP_md5();    apps_startup();    if (bio_err == NULL)        if ((bio_err=BIO_new(BIO_s_file())) != NULL)            BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);    if (bio_out == NULL)        if ((bio_out=BIO_new(BIO_s_file())) != NULL)        {            BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);#ifdef VMS            {                BIO *tmpbio = BIO_new(BIO_f_linebuffer());                bio_out = BIO_push(tmpbio, bio_out);            }#endif        }    informat=FORMAT_PEM;    outformat=FORMAT_PEM;    argc--;    argv++;    num=0;    while (argc >= 1)    {#ifdef undef        if	(strcmp(*argv,"-p") == 0)        {            if (--argc < 1) goto bad;            if (!args_from_file(++argv,Nargc,Nargv)) {                goto end;            }*/        }#endif        if 	(strcmp(*argv,"-inform") == 0)        {            if (--argc < 1) goto bad;            informat=str2fmt(*(++argv));        }        else if (strcmp(*argv,"-outform") == 0)        {            if (--argc < 1) goto bad;            outformat=str2fmt(*(++argv));        }        else if (strcmp(*argv,"-in") == 0)        {            if (--argc < 1) goto bad;            infile= *(++argv);        }        else if (strcmp(*argv,"-out") == 0)        {            if (--argc < 1) goto bad;            outfile= *(++argv);        }        else if (strcmp(*argv,"-CApath") == 0)        {            if (--argc < 1) goto bad;            CApath = *(++argv);            do_ver = 1;        }        else if (strcmp(*argv,"-CAfile") == 0)        {            if (--argc < 1) goto bad;            CAfile = *(++argv);            do_ver = 1;        }        else if (strcmp(*argv,"-verify") == 0)            do_ver = 1;        else if (strcmp(*argv,"-text") == 0)            text = 1;        else if (strcmp(*argv,"-hash") == 0)            hash= ++num;        else if (strcmp(*argv,"-issuer") == 0)            issuer= ++num;        else if (strcmp(*argv,"-lastupdate") == 0)            lastupdate= ++num;        else if (strcmp(*argv,"-nextupdate") == 0)            nextupdate= ++num;        else if (strcmp(*argv,"-noout") == 0)            noout= ++num;//.........这里部分代码省略.........

//.........这里部分代码省略.........        BIO_printf(bio_err, " -out file       output the key to 'file/n");        BIO_printf(bio_err,                   " -passout arg    output file pass phrase source/n");        BIO_printf(bio_err,                   " -f4             use F4 (0x10001) for the E value/n");        BIO_printf(bio_err, " -3              use 3 for the E value/n");# ifndef OPENSSL_NO_ENGINE        BIO_printf(bio_err,                   " -engine e       use engine e, possibly a hardware device./n");# endif        BIO_printf(bio_err, " -rand file%cfile%c.../n", LIST_SEPARATOR_CHAR,                   LIST_SEPARATOR_CHAR);        BIO_printf(bio_err,                   "                 load the file (or the files in the directory) into/n");        BIO_printf(bio_err, "                 the random number generator/n");        goto err;    }    ERR_load_crypto_strings();    if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {        BIO_printf(bio_err, "Error getting password/n");        goto err;    }# ifndef OPENSSL_NO_ENGINE    e = setup_engine(bio_err, engine, 0);# endif    if (outfile == NULL) {        BIO_set_fp(out, stdout, BIO_NOCLOSE);# ifdef OPENSSL_SYS_VMS        {            BIO *tmpbio = BIO_new(BIO_f_linebuffer());            out = BIO_push(tmpbio, out);        }# endif    } else {        if (BIO_write_filename(out, outfile) <= 0) {            perror(outfile);            goto err;        }    }    if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL        && !RAND_status()) {        BIO_printf(bio_err,                   "warning, not much extra random data, consider using the -rand option/n");    }    if (inrand != NULL)        BIO_printf(bio_err, "%ld semi-random bytes loaded/n",                   app_RAND_load_files(inrand));    BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus/n",               num);# ifdef OPENSSL_NO_ENGINE    rsa = RSA_new();# else    rsa = RSA_new_method(e);# endif    if (!rsa)        goto err;    if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))        goto err;    app_RAND_write_file(NULL, bio_err);

static int acpt_state (BIO * b, BIO_ACCEPT * c){    BIO *bio = NULL, *dbio;    int s = -1;    int i;  again:    switch (c->state)    {        case ACPT_S_BEFORE:            if (c->param_addr == NULL)            {                BIOerr (BIO_F_ACPT_STATE, BIO_R_NO_ACCEPT_PORT_SPECIFIED);                return (-1);            }            s = BIO_get_accept_socket (c->param_addr, c->bind_mode);            if (s == INVALID_SOCKET)                return (-1);            if (c->accept_nbio)            {                if (!BIO_socket_nbio (s, 1))                {                    closesocket (s);                    BIOerr (BIO_F_ACPT_STATE, BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);                    return (-1);                }            }            c->accept_sock = s;            b->num = s;            c->state = ACPT_S_GET_ACCEPT_SOCKET;            return (1);            /* break; */        case ACPT_S_GET_ACCEPT_SOCKET:            if (b->next_bio != NULL)            {                c->state = ACPT_S_OK;                goto again;            }            BIO_clear_retry_flags (b);            b->retry_reason = 0;            i = BIO_accept (c->accept_sock, &(c->addr));            /* -2 return means we should retry */            if (i == -2)            {                BIO_set_retry_special (b);                b->retry_reason = BIO_RR_ACCEPT;                return -1;            }            if (i < 0)                return (i);            bio = BIO_new_socket (i, BIO_CLOSE);            if (bio == NULL)                goto err;            BIO_set_callback (bio, BIO_get_callback (b));            BIO_set_callback_arg (bio, BIO_get_callback_arg (b));            if (c->nbio)            {                if (!BIO_socket_nbio (i, 1))                {                    BIOerr (BIO_F_ACPT_STATE, BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);                    goto err;                }            }            /* If the accept BIO has an bio_chain, we dup it and             * put the new socket at the end. */            if (c->bio_chain != NULL)            {                if ((dbio = BIO_dup_chain (c->bio_chain)) == NULL)                    goto err;                if (!BIO_push (dbio, bio))                    goto err;                bio = dbio;            }            if (BIO_push (b, bio) == NULL)                goto err;            c->state = ACPT_S_OK;            return (1);          err:            if (bio != NULL)                BIO_free (bio);            else if (s >= 0)                closesocket (s);            return (0);            /* break; */        case ACPT_S_OK:            if (b->next_bio == NULL)            {                c->state = ACPT_S_GET_ACCEPT_SOCKET;                goto again;            }//.........这里部分代码省略.........

//.........这里部分代码省略.........		{#ifndef OPENSSL_NO_SOCK		cbio = BIO_new_connect(host);#else		BIO_printf(bio_err, "Error creating connect BIO - sockets not supported./n");		goto end;#endif		if (!cbio)			{			BIO_printf(bio_err, "Error creating connect BIO/n");			goto end;			}		if (port) BIO_set_conn_port(cbio, port);		if (use_ssl == 1)			{			BIO *sbio;#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)			ctx = SSL_CTX_new(SSLv23_client_method());#elif !defined(OPENSSL_NO_SSL3)			ctx = SSL_CTX_new(SSLv3_client_method());#elif !defined(OPENSSL_NO_SSL2)			ctx = SSL_CTX_new(SSLv2_client_method());#else			BIO_printf(bio_err, "SSL is disabled/n");			goto end;#endif			if (ctx == NULL)				{				BIO_printf(bio_err, "Error creating SSL context./n");				goto end;				}			SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);			sbio = BIO_new_ssl(ctx, 1);			cbio = BIO_push(sbio, cbio);			}		if (BIO_do_connect(cbio) <= 0)			{			BIO_printf(bio_err, "Error connecting BIO/n");			goto end;			}		resp = OCSP_sendreq_bio(cbio, path, req);		BIO_free_all(cbio);		cbio = NULL;		if (!resp)			{			BIO_printf(bio_err, "Error querying OCSP responsder/n");			goto end;			}		}	else if (respin)		{		derbio = BIO_new_file(respin, "rb");		if (!derbio)			{			BIO_printf(bio_err, "Error Opening OCSP response file/n");			goto end;			}		resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);		BIO_free(derbio);		if(!resp)			{			BIO_printf(bio_err, "Error reading OCSP response/n");			goto end;			}			}

//.........这里部分代码省略.........		goto end;		}	ERR_load_crypto_strings();#ifndef OPENSSL_NO_ENGINE        e = setup_engine(bio_err, engine, 0);#endif	in=BIO_new(BIO_s_file());	out=BIO_new(BIO_s_file());	if ((in == NULL) || (out == NULL))		{		ERR_print_errors(bio_err);		goto end;		}	if (infile == NULL)		BIO_set_fp(in,OPENSSL_TYPE__FILE_STDIN,BIO_NOCLOSE);	else		{		if (BIO_read_filename(in,infile) <= 0)			{			TINYCLR_SSL_PERROR(infile);			goto end;			}		}	if (outfile == NULL)		{		BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE);#ifdef OPENSSL_SYS_VMS		{		BIO *tmpbio = BIO_new(BIO_f_linebuffer());		out = BIO_push(tmpbio, out);		}#endif		}	else		{		if (BIO_write_filename(out,outfile) <= 0)			{			TINYCLR_SSL_PERROR(outfile);			goto end;			}		}	if	(informat == FORMAT_ASN1)		dh=d2i_DHparams_bio(in,NULL);	else if (informat == FORMAT_PEM)		dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);	else		{		BIO_printf(bio_err,"bad input format specified/n");		goto end;		}	if (dh == NULL)		{		BIO_printf(bio_err,"unable to load DH parameters/n");		ERR_print_errors(bio_err);		goto end;		}		if (text)		{

//.........这里部分代码省略.........	out=BIO_new(BIO_s_file());	{		EVP_PKEY	*pkey;		if (pubin)			pkey = load_pubkey(bio_err, infile,				(informat == FORMAT_NETSCAPE && sgckey ?					FORMAT_IISSGC : informat), 1,				passin, e, "Public Key");		else			pkey = load_key(bio_err, infile,				(informat == FORMAT_NETSCAPE && sgckey ?					FORMAT_IISSGC : informat), 1,				passin, e, "Private Key");		if (pkey != NULL)		rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey);		EVP_PKEY_free(pkey);	}	if (rsa == NULL)		{		ERR_print_errors(bio_err);		goto end;		}	if (outfile == NULL)		{		BIO_set_fp(out,stdout,BIO_NOCLOSE);#ifdef OPENSSL_SYS_VMS		{		BIO *tmpbio = BIO_new(BIO_f_linebuffer());		out = BIO_push(tmpbio, out);		}#endif		}	else		{		if (BIO_write_filename(out,outfile) <= 0)			{			perror(outfile);			goto end;			}		}	if (text) 		if (!RSA_print(out,rsa,0))			{			perror(outfile);			ERR_print_errors(bio_err);			goto end;			}	if (modulus)		{		BIO_printf(out,"Modulus=");		BN_print(out,rsa->n);		BIO_printf(out,"/n");		}	if (check)		{		int r = RSA_check_key(rsa);		if (r == 1)

static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)	{	SSL **sslp,*ssl;	BIO_SSL *bs;	BIO *dbio,*bio;	long ret=1;	bs=(BIO_SSL *)b->ptr;	ssl=bs->ssl;	if ((ssl == NULL)  && (cmd != BIO_C_SET_SSL))		return(0);	switch (cmd)		{	case BIO_CTRL_RESET:		SSL_shutdown(ssl);		if (ssl->handshake_func == ssl->method->ssl_connect)			SSL_set_connect_state(ssl);		else if (ssl->handshake_func == ssl->method->ssl_accept)			SSL_set_accept_state(ssl);		SSL_clear(ssl);		if (b->next_bio != NULL)			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);		else if (ssl->rbio != NULL)			ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);		else			ret=1;		break;	case BIO_CTRL_INFO:		ret=0;		break;	case BIO_C_SSL_MODE:		if (num) /* client mode */			SSL_set_connect_state(ssl);		else			SSL_set_accept_state(ssl);		break;	case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:		ret=bs->renegotiate_timeout;		if (num < 60) num=5;		bs->renegotiate_timeout=(unsigned long)num;		bs->last_time=(unsigned long)time(NULL);		break;	case BIO_C_SET_SSL_RENEGOTIATE_BYTES:		ret=bs->renegotiate_count;		if ((long)num >=512)			bs->renegotiate_count=(unsigned long)num;		break;	case BIO_C_GET_SSL_NUM_RENEGOTIATES:		ret=bs->num_renegotiates;		break;	case BIO_C_SET_SSL:		if (ssl != NULL)			{			ssl_free(b);			if (!ssl_new(b))				return 0;			}		b->shutdown=(int)num;		ssl=(SSL *)ptr;		((BIO_SSL *)b->ptr)->ssl=ssl;		bio=SSL_get_rbio(ssl);		if (bio != NULL)			{			if (b->next_bio != NULL)				BIO_push(bio,b->next_bio);			b->next_bio=bio;			CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);			}		b->init=1;		break;	case BIO_C_GET_SSL:		if (ptr != NULL)			{			sslp=(SSL **)ptr;			*sslp=ssl;			}		else			ret=0;		break;	case BIO_CTRL_GET_CLOSE:		ret=b->shutdown;		break;	case BIO_CTRL_SET_CLOSE:		b->shutdown=(int)num;		break;	case BIO_CTRL_WPENDING:		ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);		break;	case BIO_CTRL_PENDING:		ret=SSL_pending(ssl);		if (ret == 0)			ret=BIO_pending(ssl->rbio);		break;	case BIO_CTRL_FLUSH:		BIO_clear_retry_flags(b);		ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);		BIO_copy_next_retry(b);//.........这里部分代码省略.........

//.........这里部分代码省略.........		BIO_set_callback_arg(in,(char *)bio_err);		}	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))		{		BIO_printf(bio_err, "Error getting password/n");		goto end;		}	if ((in == NULL) || (bmd == NULL))		{		ERR_print_errors(bio_err);		goto end;		}	if(out_bin == -1) {		if(keyfile) out_bin = 1;		else out_bin = 0;	}	if(randfile)		app_RAND_load_file(randfile, bio_err, 0);	if(outfile) {		if(out_bin)			out = BIO_new_file(outfile, "wb");		else    out = BIO_new_file(outfile, "w");	} else {		out = BIO_new_fp(stdout, BIO_NOCLOSE);#ifdef OPENSSL_SYS_VMS		{		BIO *tmpbio = BIO_new(BIO_f_linebuffer());		out = BIO_push(tmpbio, out);		}#endif	}	if(!out) {		BIO_printf(bio_err, "Error opening output file %s/n", 					outfile ? outfile : "(stdout)");		ERR_print_errors(bio_err);		goto end;	}	if(keyfile)		{		if (want_pub)			sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,				e, "key file");		else			sigkey = load_key(bio_err, keyfile, keyform, 0, passin,				e, "key file");		if (!sigkey)			{			/* load_[pub]key() has already printed an appropriate			   message */			goto end;			}		}	if(sigfile && sigkey) {		BIO *sigbio;		sigbio = BIO_new_file(sigfile, "rb");		siglen = EVP_PKEY_size(sigkey);		sigbuf = OPENSSL_malloc(siglen);

//--------------------------------------------------// sends an OCSP_REQUES object to remore server and// retrieves the OCSP_RESPONSE object// resp - buffer to store the new responses pointer// req - request objects pointer// url - OCSP responder URL//--------------------------------------------------int ddocPullUrl(const char* url, DigiDocMemBuf* pSendData, DigiDocMemBuf* pRecvData,                const char* proxyHost, const char* proxyPort){    BIO* cbio = 0, *sbio = 0;    SSL_CTX *ctx = NULL;    char *host = NULL, *port = NULL, *path = "/", buf[200];    int err = ERR_OK, use_ssl = -1, rc;    long e;    //RETURN_IF_NULL_PARAM(pSendData); // may be null if nothing to send?    RETURN_IF_NULL_PARAM(pRecvData);    RETURN_IF_NULL_PARAM(url);    ddocDebug(4, "ddocPullUrl", "URL: %s, in: %d bytes", url, pSendData->nLen);    //there is an HTTP proxy - connect to that instead of the target host    if (proxyHost != 0 && *proxyHost != '/0') {        host = (char*)proxyHost;        if(proxyPort != 0 && *proxyPort != '/0')            port = (char*)proxyPort;        path = (char*)url;    } else {        if(OCSP_parse_url((char*)url, &host, &port, &path, &use_ssl) == 0) {            ddocDebug(1, "ddocPullUrl", "Failed to parse the URL");            return ERR_WRONG_URL_OR_PROXY;        }    }    if((cbio = BIO_new_connect(host)) != 0) {        ddocDebug(4, "ddocPullUrl", "Host: %s port: %s", host, port);        if(port != NULL) {            BIO_set_conn_port(cbio, port);        }        if(use_ssl == 1) {            ctx = SSL_CTX_new(SSLv23_client_method());            SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);            sbio = BIO_new_ssl(ctx, 1);            cbio = BIO_push(sbio, cbio);        }        if ((rc = BIO_do_connect(cbio)) > 0) {            ddocDebug(4, "ddocPullUrl", "Connected: %d", rc);            if(pSendData && pSendData->nLen && pSendData->pMem) {                rc = BIO_write(cbio, pSendData->pMem, pSendData->nLen);                ddocDebug(4, "ddocPullUrl", "Sent: %d bytes, got: %d", pSendData->nLen, rc);            }            do {                memset(buf, 0, sizeof(buf));                rc = BIO_read(cbio, buf, sizeof(buf)-1);                ddocDebug(4, "ddocPullUrl", "Received: %d bytes/n", rc);                if(rc > 0)                    err = ddocMemAppendData(pRecvData, buf, rc);            } while(rc > 0);            ddocDebug(4, "ddocPullUrl", "Total received: %d bytes/n", pRecvData->nLen);        } else {            //if no connection            e = checkErrors();            if(ERR_GET_REASON(e) == BIO_R_BAD_HOSTNAME_LOOKUP ||                    ERR_GET_REASON(e) == OCSP_R_SERVER_WRITE_ERROR)                err = ERR_CONNECTION_FAILURE;            else                err = (host != NULL) ? ERR_WRONG_URL_OR_PROXY : ERR_CONNECTION_FAILURE;        }        BIO_free_all(cbio);        if (use_ssl != -1) {            OPENSSL_free(host);            OPENSSL_free(port);            OPENSSL_free(path);            SSL_CTX_free(ctx);        }    }    else        err = ERR_CONNECTION_FAILURE;    return(err);}

//.........这里部分代码省略.........		else if (strcmp(argv[i], "-base64") == 0)			{			if (!base64)				base64 = 1;			else				badopt = 1;			}		else if (isdigit((unsigned char)argv[i][0]))			{			if (num < 0)				{				r = sscanf(argv[i], "%d", &num);				if (r == 0 || num < 0)					badopt = 1;				}			else				badopt = 1;			}		else			badopt = 1;		}	if (num < 0)		badopt = 1;		if (badopt) 		{		BIO_printf(bio_err, "Usage: rand [options] num/n");		BIO_printf(bio_err, "where options are/n");		BIO_printf(bio_err, "-out file             - write to file/n");#ifndef OPENSSL_NO_ENGINE		BIO_printf(bio_err, "-engine e             - use engine e, possibly a hardware device./n");#endif		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files/n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);		BIO_printf(bio_err, "-base64               - encode output/n");		goto err;		}#ifndef OPENSSL_NO_ENGINE        e = setup_engine(bio_err, engine, 0);#endif	app_RAND_load_file(NULL, bio_err, (inrand != NULL));	if (inrand != NULL)		BIO_printf(bio_err,"%ld semi-random bytes loaded/n",			app_RAND_load_files(inrand));	out = BIO_new(BIO_s_file());	if (out == NULL)		goto err;	if (outfile != NULL)		r = BIO_write_filename(out, outfile);	else		{		r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);	#ifdef OPENSSL_SYS_VMS		{		BIO *tmpbio = BIO_new(BIO_f_linebuffer());		out = BIO_push(tmpbio, out);		}#endif		}	if (r <= 0)		goto err;	if (base64)		{		BIO *b64 = BIO_new(BIO_f_base64());		if (b64 == NULL)			goto err;		out = BIO_push(b64, out);		}		while (num > 0) 		{		unsigned char buf[4096];		int chunk;		chunk = num;		if (chunk > (int)sizeof(buf))			chunk = sizeof buf;		r = RAND_bytes(buf, chunk);		if (r <= 0)			goto err;		BIO_write(out, buf, chunk);		num -= chunk;		}	BIO_flush(out);	app_RAND_write_file(NULL, bio_err);	ret = 0;	err:	ERR_print_errors(bio_err);	if (out)		BIO_free_all(out);	apps_shutdown();	OPENSSL_EXIT(ret);	}

static int do_cmd(LHASH *prog, int argc, char *argv[])	{	FUNCTION f,*fp;	int i,ret=1,tp,nl;	if ((argc <= 0) || (argv[0] == NULL))		{ ret=0; goto end; }	f.name=argv[0];	fp=(FUNCTION *)lh_retrieve(prog,&f);	if (fp != NULL)		{		ret=fp->func(argc,argv);		}	else if ((strncmp(argv[0],"no-",3)) == 0)		{		BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);#ifdef OPENSSL_SYS_VMS		{		BIO *tmpbio = BIO_new(BIO_f_linebuffer());		bio_stdout = BIO_push(tmpbio, bio_stdout);		}#endif		f.name=argv[0]+3;		ret = (lh_retrieve(prog,&f) != NULL);		if (!ret)			BIO_printf(bio_stdout, "%s/n", argv[0]);		else			BIO_printf(bio_stdout, "%s/n", argv[0]+3);		BIO_free_all(bio_stdout);		goto end;		}	else if ((strcmp(argv[0],"quit") == 0) ||		(strcmp(argv[0],"q") == 0) ||		(strcmp(argv[0],"exit") == 0) ||		(strcmp(argv[0],"bye") == 0))		{		ret= -1;		goto end;		}	else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||		(strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||		(strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0))		{		int list_type;		BIO *bio_stdout;		if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0)			list_type = FUNC_TYPE_GENERAL;		else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0)			list_type = FUNC_TYPE_MD;		else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */			list_type = FUNC_TYPE_CIPHER;		bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);#ifdef OPENSSL_SYS_VMS		{		BIO *tmpbio = BIO_new(BIO_f_linebuffer());		bio_stdout = BIO_push(tmpbio, bio_stdout);		}#endif				for (fp=functions; fp->name != NULL; fp++)			if (fp->type == list_type)				BIO_printf(bio_stdout, "%s/n", fp->name);		BIO_free_all(bio_stdout);		ret=0;		goto end;		}	else		{		BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command./n",			argv[0]);		BIO_printf(bio_err, "/nStandard commands");		i=0;		tp=0;		for (fp=functions; fp->name != NULL; fp++)			{			nl=0;			if (((i++) % 5) == 0)				{				BIO_printf(bio_err,"/n");				nl=1;				}			if (fp->type != tp)				{				tp=fp->type;				if (!nl) BIO_printf(bio_err,"/n");				if (tp == FUNC_TYPE_MD)					{					i=1;					BIO_printf(bio_err,						"/nMessage Digest commands (see the `dgst' command for more details)/n");					}				else if (tp == FUNC_TYPE_CIPHER)					{					i=1;					BIO_printf(bio_err,"/nCipher commands (see the `enc' command for more details)/n");					}				}			BIO_printf(bio_err,"%-15s",fp->name);			}//.........这里部分代码省略.........

void ServiceTask::run(){	//logger << dlib << endl;	string ip = "invalid session";	string alldatlg = "/ngot fd from parent";	SSL *ssl=NULL;	BIO *sbio=NULL;	BIO *io=NULL,*ssl_bio=NULL;	try	{		int cntlen = 0;		char buf[MAXBUFLENM];		strVec results;		stringstream ss;		string temp;		//int bytes = -1;		if(isSSLEnabled)		{			sbio=BIO_new_socket(fd,BIO_NOCLOSE);			ssl=SSL_new(ctx);			SSL_set_bio(ssl,sbio,sbio);			io=BIO_new(BIO_f_buffer());			ssl_bio=BIO_new(BIO_f_ssl());			BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE);			BIO_push(io,ssl_bio);			int r = SSL_accept(ssl);			cout << r << endl;			int bser = SSL_get_error(ssl,r);			cout << bser << endl;			if(r<=0)			{				sslHandler.error_occurred((char*)"SSL accept error",fd,ssl);				return;			}			int er=-1;			bool flag = true;			while(flag)			{				er = BIO_gets(io,buf,BUFSIZZ-1);				cout << er << endl;				int bser = SSL_get_error(ssl,er);				cout << bser << endl;				switch(bser)				{					case SSL_ERROR_WANT_READ:					{						logger << "more to read error" << endl;						break;					}					case SSL_ERROR_WANT_WRITE:					{						logger << "more to write error" << endl;						break;					}					case SSL_ERROR_NONE:					{						break;					}					case SSL_ERROR_ZERO_RETURN:					{						sslHandler.error_occurred((char*)"SSL error problem",fd,ssl);						if(io!=NULL)BIO_free(io);						return;					}					default:					{						sslHandler.error_occurred((char*)"SSL read problem",fd,ssl);						if(io!=NULL)BIO_free(io);						return;					}				}				ss << buf;				//logger <<buf <<endl;				if(!strcmp(buf,"/r/n") || !strcmp(buf,"/n"))					break;				string temp(buf);				if(temp=="")continue;				temp = temp.substr(0,temp.length()-1);				results.push_back(temp);				//logger << temp <<endl;				if(temp.find("Content-Length:")!=string::npos)				{					std::string cntle = temp.substr(temp.find(": ")+2);					cntle = cntle.substr(0,cntle.length()-1);					//logger << "contne-length="<<cntle <<endl;					try					{						cntlen = CastUtil::lexical_cast<int>(cntle);					}					catch(const char* ex)					{						logger << "bad lexical cast" <<endl;					}				}				memset(&buf[0], 0, sizeof(buf));			}//.........这里部分代码省略.........

//.........这里部分代码省略.........		{bad:		BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file/n");		BIO_printf(bio_err," -out file - output the key to 'file'/n");#ifndef OPENSSL_NO_DES		BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode/n");		BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)/n");#endif#ifndef OPENSSL_NO_IDEA		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode/n");#endif#ifndef OPENSSL_NO_AES		BIO_printf(bio_err," -aes128, -aes192, -aes256/n");		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes/n");#endif#ifndef OPENSSL_NO_ENGINE		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device./n");#endif		BIO_printf(bio_err," -rand file%cfile%c.../n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);		BIO_printf(bio_err,"           - load the file (or the files in the directory) into/n");		BIO_printf(bio_err,"             the random number generator/n");		BIO_printf(bio_err," dsaparam-file/n");		BIO_printf(bio_err,"           - a DSA parameter file as generated by the dsaparam command/n");		goto end;		}#ifndef OPENSSL_NO_ENGINE        e = setup_engine(bio_err, engine, 0);#endif	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {		BIO_printf(bio_err, "Error getting password/n");		goto end;	}	in=BIO_new(BIO_s_file());	if (!(BIO_read_filename(in,dsaparams)))		{		perror(dsaparams);		goto end;		}	if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)		{		BIO_printf(bio_err,"unable to load DSA parameter file/n");		goto end;		}	BIO_free(in);	in = NULL;			out=BIO_new(BIO_s_file());	if (out == NULL) goto end;	if (outfile == NULL)		{		BIO_set_fp(out,stdout,BIO_NOCLOSE);#ifdef OPENSSL_SYS_VMS		{		BIO *tmpbio = BIO_new(BIO_f_linebuffer());		out = BIO_push(tmpbio, out);		}#endif		}	else		{		if (BIO_write_filename(out,outfile) <= 0)			{			perror(outfile);			goto end;			}		}	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)		{		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option/n");		}	if (inrand != NULL)		BIO_printf(bio_err,"%ld semi-random bytes loaded/n",			app_RAND_load_files(inrand));	BIO_printf(bio_err,"Generating DSA key, %d bits/n",							BN_num_bits(dsa->p));	if (!DSA_generate_key(dsa)) goto end;	app_RAND_write_file(NULL, bio_err);	if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout))		goto end;	ret=0;end:	if (ret != 0)		ERR_print_errors(bio_err);	if (in != NULL) BIO_free(in);	if (out != NULL) BIO_free_all(out);	if (dsa != NULL) DSA_free(dsa);	if(passout) OPENSSL_free(passout);	apps_shutdown();	OPENSSL_EXIT(ret);	}

/* * This function performs a basic simple enroll using * a UID/PWD to identify the client to the server.  This * is used for a variet of test cases in this module. */static void us898_test1 (void) {    EST_CTX *ectx;    EVP_PKEY *key;    int rv;    int pkcs7_len = 0;    unsigned char *new_cert = NULL;    PKCS7 *p7 = NULL;    BIO *b64, *out;    X509 *cert = NULL;    STACK_OF(X509) *certs = NULL;    int i;    unsigned char *attr_data = NULL;    int attr_len;    LOG_FUNC_NM;    /*     * Create a client context      */    ectx = est_client_init(cacerts, cacerts_len,                            EST_CERT_FORMAT_PEM,                           client_manual_cert_verify);    CU_ASSERT(ectx != NULL);    /*     * Set the authentication mode to use a user id/password     */    rv = est_client_set_auth(ectx, US898_UID, US898_PWD, NULL, NULL);    CU_ASSERT(rv == EST_ERR_NONE);    /*     * Set the EST server address/port     */    est_client_set_server(ectx, US898_SERVER_IP, US898_SERVER_PORT);    /*     * generate a private key     */    key = generate_private_key();    CU_ASSERT(key != NULL);    /*     * Get the latest CSR attributes     */    rv = est_client_get_csrattrs(ectx, &attr_data, &attr_len);    CU_ASSERT(rv == EST_ERR_NONE);    /*     * Use the simplified API to enroll a CSR     */    rv = est_client_enroll(ectx, "TC-US898-1", &pkcs7_len, key);    CU_ASSERT(rv == EST_ERR_NONE);    if (rv != EST_ERR_NONE) return;    /*     * Retrieve the cert that was given to us by the EST server     */    if (rv == EST_ERR_NONE) {	new_cert = malloc(pkcs7_len);	CU_ASSERT(new_cert != NULL);	rv = est_client_copy_enrolled_cert(ectx, new_cert);	CU_ASSERT(rv == EST_ERR_NONE);    }    /*     * Convert the cert to an X509.  Be warned this is     * pure hackery.       */    b64 = BIO_new(BIO_f_base64());    out = BIO_new_mem_buf(new_cert, pkcs7_len);    out = BIO_push(b64, out);    p7 = d2i_PKCS7_bio(out,NULL);    CU_ASSERT(p7 != NULL);    BIO_free_all(out);    i=OBJ_obj2nid(p7->type);    switch (i) {    case NID_pkcs7_signed:	certs = p7->d.sign->cert;	break;    case NID_pkcs7_signedAndEnveloped:	certs = p7->d.signed_and_enveloped->cert;	break;    default:	break;    }    CU_ASSERT(certs != NULL);    if (!certs) return;    /* our new cert should be the one and only     * cert in the pkcs7 blob.  We shouldn't have to     * iterate through the full list to find it. */    cert = sk_X509_value(certs, 0);    CU_ASSERT(cert != NULL);//.........这里部分代码省略.........

static BOOL rdg_tls_connect(rdpRdg* rdg, rdpTls* tls, const char* peerAddress, int timeout){	int sockfd = 0;	int status = 0;	BIO* socketBio = NULL;	BIO* bufferedBio = NULL;	rdpSettings* settings = rdg->settings;	const char* peerHostname = settings->GatewayHostname;	UINT16 peerPort = settings->GatewayPort;	const char* proxyUsername, *proxyPassword;	BOOL isProxyConnection = proxy_prepare(settings, &peerHostname, &peerPort, &proxyUsername,	                                       &proxyPassword);	sockfd = freerdp_tcp_connect(rdg->context, settings,	                             peerAddress ? peerAddress : peerHostname,	                             peerPort, timeout);	if (sockfd < 0)	{		return FALSE;	}	socketBio = BIO_new(BIO_s_simple_socket());	if (!socketBio)	{		closesocket(sockfd);		return FALSE;	}	BIO_set_fd(socketBio, sockfd, BIO_CLOSE);	bufferedBio = BIO_new(BIO_s_buffered_socket());	if (!bufferedBio)	{		closesocket(sockfd);		BIO_free(socketBio);		return FALSE;	}	bufferedBio = BIO_push(bufferedBio, socketBio);	status = BIO_set_nonblock(bufferedBio, TRUE);	if (isProxyConnection)	{		if (!proxy_connect(settings, bufferedBio, proxyUsername, proxyPassword, settings->GatewayHostname,		                   settings->GatewayPort))			return FALSE;	}	if (!status)	{		BIO_free_all(bufferedBio);		return FALSE;	}	tls->hostname = settings->GatewayHostname;	tls->port = settings->GatewayPort;	tls->isGatewayTransport = TRUE;	status = tls_connect(tls, bufferedBio);	return (status >= 1);}

//.........这里部分代码省略.........		BIO_printf(bio_err, " -rand file        files to use for"				" random number input/n");		BIO_printf(bio_err, " -engine e         use engine e, "				"possibly a hardware device/n");		goto end;		}	ERR_load_crypto_strings();	in=BIO_new(BIO_s_file());	out=BIO_new(BIO_s_file());	if ((in == NULL) || (out == NULL))		{		ERR_print_errors(bio_err);		goto end;		}	if (infile == NULL)		BIO_set_fp(in,OPENSSL_TYPE__FILE_STDIN,BIO_NOCLOSE);	else		{		if (BIO_read_filename(in,infile) <= 0)			{			TINYCLR_SSL_PERROR(infile);			goto end;			}		}	if (outfile == NULL)		{		BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE);#ifdef OPENSSL_SYS_VMS		{		BIO *tmpbio = BIO_new(BIO_f_linebuffer());		out = BIO_push(tmpbio, out);		}#endif		}	else		{		if (BIO_write_filename(out,outfile) <= 0)			{			TINYCLR_SSL_PERROR(outfile);			goto end;			}		}#ifndef OPENSSL_NO_ENGINE	e = setup_engine(bio_err, engine, 0);#endif	if (list_curves)		{		EC_builtin_curve *curves = NULL;		size_t crv_len = 0;		size_t n = 0;		crv_len = EC_get_builtin_curves(NULL, 0);		curves = (EC_builtin_curve*)OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * crv_len));		if (curves == NULL)			goto end;		if (!EC_get_builtin_curves(curves, crv_len))			{			OPENSSL_free(curves);

int dtls1_connect(SSL *s) {  BUF_MEM *buf = NULL;  void (*cb)(const SSL *ssl, int type, int val) = NULL;  int ret = -1;  int new_state, state, skip = 0;  assert(s->handshake_func == dtls1_connect);  assert(!s->server);  assert(SSL_IS_DTLS(s));  ERR_clear_error();  ERR_clear_system_error();  if (s->info_callback != NULL) {    cb = s->info_callback;  } else if (s->ctx->info_callback != NULL) {    cb = s->ctx->info_callback;  }  s->in_handshake++;  for (;;) {    state = s->state;    switch (s->state) {      case SSL_ST_RENEGOTIATE:        s->renegotiate = 1;        s->state = SSL_ST_CONNECT;        s->ctx->stats.sess_connect_renegotiate++;      /* break */      case SSL_ST_CONNECT:      case SSL_ST_BEFORE | SSL_ST_CONNECT:        if (cb != NULL) {          cb(s, SSL_CB_HANDSHAKE_START, 1);        }        if (s->init_buf == NULL) {          buf = BUF_MEM_new();          if (buf == NULL ||              !BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {            ret = -1;            goto end;          }          s->init_buf = buf;          buf = NULL;        }        if (!ssl3_setup_buffers(s) ||            !ssl_init_wbio_buffer(s, 0)) {          ret = -1;          goto end;        }        /* don't push the buffering BIO quite yet */        s->state = SSL3_ST_CW_CLNT_HELLO_A;        s->ctx->stats.sess_connect++;        s->init_num = 0;        s->d1->send_cookie = 0;        s->hit = 0;        break;      case SSL3_ST_CW_CLNT_HELLO_A:      case SSL3_ST_CW_CLNT_HELLO_B:        s->shutdown = 0;        /* every DTLS ClientHello resets Finished MAC */        if (!ssl3_init_finished_mac(s)) {          OPENSSL_PUT_ERROR(SSL, dtls1_connect, ERR_R_INTERNAL_ERROR);          ret = -1;          goto end;        }        dtls1_start_timer(s);        ret = ssl3_send_client_hello(s);        if (ret <= 0) {          goto end;        }        if (s->d1->send_cookie) {          s->state = SSL3_ST_CW_FLUSH;          s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;        } else {          s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;        }        s->init_num = 0;        /* turn on buffering for the next lot of output */        if (s->bbio != s->wbio) {          s->wbio = BIO_push(s->bbio, s->wbio);        }        break;      case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:      case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:        ret = dtls1_get_hello_verify(s);        if (ret <= 0) {          goto end;        }//.........这里部分代码省略.........

//.........这里部分代码省略.........				}			}		else#endif			{			if (informat == FORMAT_ASN1)				dh=d2i_DHparams_bio(in,NULL);			else /* informat == FORMAT_PEM */				dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);						if (dh == NULL)				{				BIO_printf(bio_err,"unable to load DH parameters/n");				ERR_print_errors(bio_err);				goto end;				}			}				/* dh != NULL */	}		out=BIO_new(BIO_s_file());	if (out == NULL)		{		ERR_print_errors(bio_err);		goto end;		}	if (outfile == NULL)		{		BIO_set_fp(out,stdout,BIO_NOCLOSE);#ifdef OPENSSL_SYS_VMS		{		BIO *tmpbio = BIO_new(BIO_f_linebuffer());		out = BIO_push(tmpbio, out);		}#endif		}	else		{		if (BIO_write_filename(out,outfile) <= 0)			{			perror(outfile);			goto end;			}		}	if (text)		{		DHparams_print(out,dh);		}		if (check)		{		if (!DH_check(dh,&i))			{			ERR_print_errors(bio_err);			goto end;			}		if (i & DH_CHECK_P_NOT_PRIME)			printf("p value is not prime/n");		if (i & DH_CHECK_P_NOT_SAFE_PRIME)			printf("p value is not a safe prime/n");		if (i & DH_UNABLE_TO_CHECK_GENERATOR)			printf("unable to check the generator value/n");		if (i & DH_NOT_SUITABLE_GENERATOR)

int MAIN (int argc, char **argv){    ENGINE *e = NULL;    int ret = 1;    X509_REQ *req = NULL;    X509 *x = NULL, *xca = NULL;    ASN1_OBJECT *objtmp;    STACK_OF (OPENSSL_STRING) * sigopts = NULL;    EVP_PKEY *Upkey = NULL, *CApkey = NULL;    ASN1_INTEGER *sno = NULL;    int i, num, badops = 0;    BIO *out = NULL;    BIO *STDout = NULL;    STACK_OF (ASN1_OBJECT) * trust = NULL, *reject = NULL;    int informat, outformat, keyformat, CAformat, CAkeyformat;    char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL;    char *CAkeyfile = NULL, *CAserial = NULL;    char *alias = NULL;    int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0, enddate = 0;    int next_serial = 0;    int subject_hash = 0, issuer_hash = 0, ocspid = 0;#ifndef OPENSSL_NO_MD5    int subject_hash_old = 0, issuer_hash_old = 0;#endif    int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0, email = 0;    int ocsp_uri = 0;    int trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0, clrext = 0;    int C = 0;    int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0;    int pprint = 0;    const char **pp;    X509_STORE *ctx = NULL;    X509_REQ *rq = NULL;    int fingerprint = 0;    char buf[256];    const EVP_MD *md_alg, *digest = NULL;    CONF *extconf = NULL;    char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;    int need_rand = 0;    int checkend = 0, checkoffset = 0;    unsigned long nmflag = 0, certflag = 0;#ifndef OPENSSL_NO_ENGINE    char *engine = NULL;#endif    reqfile = 0;    apps_startup ();    if (bio_err == NULL)        bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);    if (!load_config (bio_err, NULL))        goto end;    STDout = BIO_new_fp (stdout, BIO_NOCLOSE);#ifdef OPENSSL_SYS_VMS    {        BIO *tmpbio = BIO_new (BIO_f_linebuffer ());        STDout = BIO_push (tmpbio, STDout);    }#endif    informat = FORMAT_PEM;    outformat = FORMAT_PEM;    keyformat = FORMAT_PEM;//.........这里部分代码省略.........

int MAIN(int argc, char **argv)	{	int ret=1,i;	const char **pp;	int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;	ENGINE *e;	STACK *engines = sk_new_null();	STACK *pre_cmds = sk_new_null();	STACK *post_cmds = sk_new_null();	int badops=1;	BIO *bio_out=NULL;	const char *indent = "     ";	apps_startup();	SSL_load_error_strings();	if (bio_err == NULL)		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);	if (!load_config(bio_err, NULL))		goto end;	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);#ifdef OPENSSL_SYS_VMS	{	BIO *tmpbio = BIO_new(BIO_f_linebuffer());	bio_out = BIO_push(tmpbio, bio_out);	}#endif	argc--;	argv++;	while (argc >= 1)		{		if (strncmp(*argv,"-v",2) == 0)			{			if(strspn(*argv + 1, "v") < strlen(*argv + 1))				goto skip_arg_loop;			if((verbose=strlen(*argv + 1)) > 4)				goto skip_arg_loop;			}		else if (strcmp(*argv,"-c") == 0)			list_cap=1;		else if (strncmp(*argv,"-t",2) == 0)			{			test_avail=1;			if(strspn(*argv + 1, "t") < strlen(*argv + 1))				goto skip_arg_loop;			if((test_avail_noise = strlen(*argv + 1) - 1) > 1)				goto skip_arg_loop;			}		else if (strcmp(*argv,"-pre") == 0)			{			argc--; argv++;			if (argc == 0)				goto skip_arg_loop;			sk_push(pre_cmds,*argv);			}		else if (strcmp(*argv,"-post") == 0)			{			argc--; argv++;			if (argc == 0)				goto skip_arg_loop;			sk_push(post_cmds,*argv);			}		else if ((strncmp(*argv,"-h",2) == 0) ||				(strcmp(*argv,"-?") == 0))			goto skip_arg_loop;		else			sk_push(engines,*argv);		argc--;		argv++;		}	/* Looks like everything went OK */	badops = 0;skip_arg_loop:	if (badops)		{		for (pp=engine_usage; (*pp != NULL); pp++)			BIO_printf(bio_err,"%s",*pp);		goto end;		}	if (sk_num(engines) == 0)		{		for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))			{			sk_push(engines,(char *)ENGINE_get_id(e));			}		}	for (i=0; i<sk_num(engines); i++)		{		const char *id = sk_value(engines,i);		if ((e = ENGINE_by_id(id)) != NULL)			{			const char *name = ENGINE_get_name(e);			/* Do "id" first, then "name". Easier to auto-parse. */			BIO_printf(bio_out, "(%s) %s/n", id, name);			util_do_cmds(e, pre_cmds, bio_out, indent);//.........这里部分代码省略.........

inttls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,    const char *pkcs12_file_inline,    bool load_ca_file    ){  FILE *fp;  EVP_PKEY *pkey;  X509 *cert;  STACK_OF(X509) *ca = NULL;  PKCS12 *p12;  int i;  char password[256];  ASSERT(NULL != ctx);  if (!strcmp (pkcs12_file, INLINE_FILE_TAG) && pkcs12_file_inline)    {      BIO *b64 = BIO_new(BIO_f_base64());      BIO *bio = BIO_new_mem_buf((void *) pkcs12_file_inline,	  (int) strlen(pkcs12_file_inline));      ASSERT(b64 && bio);      BIO_push(b64, bio);      p12 = d2i_PKCS12_bio(b64, NULL);      if (!p12)	msg(M_SSLERR, "Error reading inline PKCS#12 file");      BIO_free(b64);      BIO_free(bio);    }  else    {      /* Load the PKCS #12 file */      if (!(fp = platform_fopen(pkcs12_file, "rb")))	msg(M_SSLERR, "Error opening file %s", pkcs12_file);      p12 = d2i_PKCS12_fp(fp, NULL);      fclose(fp);      if (!p12)	msg(M_SSLERR, "Error reading PKCS#12 file %s", pkcs12_file);    }  /* Parse the PKCS #12 file */  if (!PKCS12_parse(p12, "", &pkey, &cert, &ca))   {     pem_password_callback (password, sizeof(password) - 1, 0, NULL);     /* Reparse the PKCS #12 file with password */     ca = NULL;     if (!PKCS12_parse(p12, password, &pkey, &cert, &ca))      {#ifdef ENABLE_MANAGEMENT	      if (management && (ERR_GET_REASON (ERR_peek_error()) == PKCS12_R_MAC_VERIFY_FAILURE))		management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL);#endif	PKCS12_free(p12);	return 1;      }   }  PKCS12_free(p12);  /* Load Certificate */  if (!SSL_CTX_use_certificate (ctx->ctx, cert))   msg (M_SSLERR, "Cannot use certificate");  /* Load Private Key */  if (!SSL_CTX_use_PrivateKey (ctx->ctx, pkey))   msg (M_SSLERR, "Cannot use private key");  warn_if_group_others_accessible (pkcs12_file);  /* Check Private Key */  if (!SSL_CTX_check_private_key (ctx->ctx))   msg (M_SSLERR, "Private key does not match the certificate");  /* Set Certificate Verification chain */  if (load_ca_file)   {     if (ca && sk_X509_num(ca))      {	for (i = 0; i < sk_X509_num(ca); i++)	  {	      if (!X509_STORE_add_cert(ctx->ctx->cert_store,sk_X509_value(ca, i)))	      msg (M_SSLERR, "Cannot add certificate to certificate chain (X509_STORE_add_cert)");	    if (!SSL_CTX_add_client_CA(ctx->ctx, sk_X509_value(ca, i)))	      msg (M_SSLERR, "Cannot add certificate to client CA list (SSL_CTX_add_client_CA)");	  }      }   }  return 0;}

int MAIN(int argc, char **argv){	char **args, *infile = NULL, *outfile = NULL;	BIO *in = NULL, *out = NULL;	int toseq = 0;	X509 *x509 = NULL;	NETSCAPE_CERT_SEQUENCE *seq = NULL;	int i, ret = 1;	int badarg = 0;	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);	ERR_load_crypto_strings();	args = argv + 1;	while (!badarg && *args && *args[0] == '-') {		if (!strcmp (*args, "-toseq")) toseq = 1;		else if (!strcmp (*args, "-in")) {			if (args[1]) {				args++;				infile = *args;			} else badarg = 1;		} else if (!strcmp (*args, "-out")) {			if (args[1]) {				args++;				outfile = *args;			} else badarg = 1;		} else badarg = 1;		args++;	}	if (badarg) {		BIO_printf (bio_err, "Netscape certificate sequence utility/n");		BIO_printf (bio_err, "Usage nseq [options]/n");		BIO_printf (bio_err, "where options are/n");		BIO_printf (bio_err, "-in file  input file/n");		BIO_printf (bio_err, "-out file output file/n");		BIO_printf (bio_err, "-toseq    output NS Sequence file/n");		OPENSSL_EXIT(1);	}	if (infile) {		if (!(in = BIO_new_file (infile, "r"))) {			BIO_printf (bio_err,				 "Can't open input file %s/n", infile);			goto end;		}	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);	if (outfile) {		if (!(out = BIO_new_file (outfile, "w"))) {			BIO_printf (bio_err,				 "Can't open output file %s/n", outfile);			goto end;		}	} else {		out = BIO_new_fp(stdout, BIO_NOCLOSE);#ifdef VMS		{		BIO *tmpbio = BIO_new(BIO_f_linebuffer());		out = BIO_push(tmpbio, out);		}#endif	}	if (toseq) {		seq = NETSCAPE_CERT_SEQUENCE_new();		seq->certs = sk_X509_new_null();		while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) 		    sk_X509_push(seq->certs,x509);		if(!sk_X509_num(seq->certs))		{			BIO_printf (bio_err, "Error reading certs file %s/n", infile);			ERR_print_errors(bio_err);			goto end;		}		PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);		ret = 0;		goto end;	}	if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {		BIO_printf (bio_err, "Error reading sequence file %s/n", infile);		ERR_print_errors(bio_err);		goto end;	}	for(i = 0; i < sk_X509_num(seq->certs); i++) {		x509 = sk_X509_value(seq->certs, i);		dump_cert_text(out, x509);		PEM_write_bio_X509(out, x509);	}	ret = 0;end:	BIO_free(in);	BIO_free_all(out);	NETSCAPE_CERT_SEQUENCE_free(seq);	OPENSSL_EXIT(ret);}

//.........这里部分代码省略.........			PKCS7err(PKCS7_F_PKCS7_DATAINIT,			    PKCS7_R_CIPHER_NOT_INITIALIZED);			goto err;		}		break;	case NID_pkcs7_digest:		xa = p7->d.digest->md;		os = PKCS7_get_octet_string(p7->d.digest->contents);		break;	case NID_pkcs7_data:		break;	default:		PKCS7err(PKCS7_F_PKCS7_DATAINIT,		    PKCS7_R_UNSUPPORTED_CONTENT_TYPE);		goto err;	}	for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)		if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))			goto err;	if (xa && !PKCS7_bio_add_digest(&out, xa))		goto err;	if (evp_cipher != NULL) {		unsigned char key[EVP_MAX_KEY_LENGTH];		unsigned char iv[EVP_MAX_IV_LENGTH];		int keylen, ivlen;		EVP_CIPHER_CTX *ctx;		if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {			PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB);			goto err;		}		BIO_get_cipher_ctx(btmp, &ctx);		keylen = EVP_CIPHER_key_length(evp_cipher);		ivlen = EVP_CIPHER_iv_length(evp_cipher);		xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));		if (ivlen > 0)			arc4random_buf(iv, ivlen);		if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL,		    NULL, 1) <= 0)			goto err;		if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)			goto err;		if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)			goto err;		if (ivlen > 0) {			if (xalg->parameter == NULL) {				xalg->parameter = ASN1_TYPE_new();				if (xalg->parameter == NULL)					goto err;			}			if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)				goto err;		}		/* Lets do the pub key stuff :-) */		for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {			ri = sk_PKCS7_RECIP_INFO_value(rsk, i);			if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)				goto err;		}		explicit_bzero(key, keylen);		if (out == NULL)			out = btmp;		else			BIO_push(out, btmp);		btmp = NULL;	}	if (bio == NULL) {		if (PKCS7_is_detached(p7))			bio = BIO_new(BIO_s_null());		else if (os && os->length > 0)			bio = BIO_new_mem_buf(os->data, os->length);		if (bio == NULL) {			bio = BIO_new(BIO_s_mem());			if (bio == NULL)				goto err;			BIO_set_mem_eof_return(bio, 0);		}	}	if (out)		BIO_push(out, bio);	else		out = bio;	bio = NULL;	if (0) {err:		if (out != NULL)			BIO_free_all(out);		if (btmp != NULL)			BIO_free_all(btmp);		out = NULL;	}	return (out);}