自学教程：C++ BIO_read函数代码示例

int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)	{	int i, n;	const unsigned char *p;	next_io:	if (!(rctx->state & OHS_NOREAD))		{		n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen);		if (n <= 0)			{			if (BIO_should_retry(rctx->io))				return -1;			return 0;			}		/* Write data to memory BIO */		if (BIO_write(rctx->mem, rctx->iobuf, n) != n)			return 0;		}	switch(rctx->state)		{		case OHS_ASN1_WRITE:		n = BIO_get_mem_data(rctx->mem, &p);		i = BIO_write(rctx->io,			p + (n - rctx->asn1_len), rctx->asn1_len);		if (i <= 0)			{			if (BIO_should_retry(rctx->io))				return -1;			rctx->state = OHS_ERROR;			return 0;			}		rctx->asn1_len -= i;		if (rctx->asn1_len > 0)			goto next_io;		rctx->state = OHS_ASN1_FLUSH;		(void)BIO_reset(rctx->mem);		case OHS_ASN1_FLUSH:		i = BIO_flush(rctx->io);		if (i > 0)			{			rctx->state = OHS_FIRSTLINE;			goto next_io;			}		if (BIO_should_retry(rctx->io))			return -1;		rctx->state = OHS_ERROR;		return 0;		case OHS_ERROR:		return 0;		case OHS_FIRSTLINE:		case OHS_HEADERS:		/* Attempt to read a line in */		next_line:		/* Due to &%^*$" memory BIO behaviour with BIO_gets we		 * have to check there's a complete line in there before		 * calling BIO_gets or we'll just get a partial read.		 */		n = BIO_get_mem_data(rctx->mem, &p);		if ((n <= 0) || !TINYCLR_SSL_MEMCHR(p, '/n', n))			{			if (n >= rctx->iobuflen)				{				rctx->state = OHS_ERROR;				return 0;				}			goto next_io;			}		n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen);		if (n <= 0)			{			if (BIO_should_retry(rctx->mem))				goto next_io;			rctx->state = OHS_ERROR;			return 0;			}		/* Don't allow excessive lines */		if (n == rctx->iobuflen)			{//.........这里部分代码省略.........

int main(int argc, char *argv[]){    char *port = "*:4433";    BIO *in = NULL;    BIO *ssl_bio, *tmp;    SSL_CTX *ctx;    SSL_CONF_CTX *cctx = NULL;    CONF *conf = NULL;    STACK_OF(CONF_VALUE) *sect = NULL;    CONF_VALUE *cnf;    long errline = -1;    char buf[512];    int ret = 1, i;    SSL_load_error_strings();    /* Add ciphers and message digests */    OpenSSL_add_ssl_algorithms();    conf = NCONF_new(NULL);    if (NCONF_load(conf, "accept.cnf", &errline) <= 0) {        if (errline <= 0)            fprintf(stderr, "Error processing config file/n");        else            fprintf(stderr, "Error on line %ld/n", errline);        goto err;    }    sect = NCONF_get_section(conf, "default");    if (sect == NULL) {        fprintf(stderr, "Error retrieving default section/n");        goto err;    }    ctx = SSL_CTX_new(TLS_server_method());    cctx = SSL_CONF_CTX_new();    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE);    SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);    for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {        int rv;        cnf = sk_CONF_VALUE_value(sect, i);        rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value);        if (rv > 0)            continue;        if (rv != -2) {            fprintf(stderr, "Error processing %s = %s/n",                    cnf->name, cnf->value);            ERR_print_errors_fp(stderr);            goto err;        }        if (strcmp(cnf->name, "Port") == 0) {            port = cnf->value;        } else {            fprintf(stderr, "Unknown configuration option %s/n", cnf->name);            goto err;        }    }    if (!SSL_CONF_CTX_finish(cctx)) {        fprintf(stderr, "Finish error/n");        ERR_print_errors_fp(stderr);        goto err;    }    /* Setup server side SSL bio */    ssl_bio = BIO_new_ssl(ctx, 0);    if ((in = BIO_new_accept(port)) == NULL)        goto err;    /*     * This means that when a new connection is accepted on 'in', The ssl_bio     * will be 'duplicated' and have the new socket BIO push into it.     * Basically it means the SSL BIO will be automatically setup     */    BIO_set_accept_bios(in, ssl_bio); again:    /*     * The first call will setup the accept socket, and the second will get a     * socket.  In this loop, the first actual accept will occur in the     * BIO_read() function.     */    if (BIO_do_accept(in) <= 0)        goto err;    for (;;) {        i = BIO_read(in, buf, 512);        if (i == 0) {            /*             * If we have finished, remove the underlying BIO stack so the             * next time we call any function for this BIO, it will attempt             * to do an accept             */            printf("Done/n");//.........这里部分代码省略.........

/* Send the OCSP request serialized into BIO 'request' to the * responder at given server given by URI.  Returns socket object or * NULL on error. */static apr_socket_t *send_request(BIO *request, const apr_uri_t *uri,                                  apr_interval_time_t timeout,                                  conn_rec *c, apr_pool_t *p,                                  const apr_uri_t *proxy_uri){    apr_status_t rv;    apr_sockaddr_t *sa;    apr_socket_t *sd;    char buf[HUGE_STRING_LEN];    int len;    const apr_uri_t *next_hop_uri;    if (proxy_uri) {        next_hop_uri = proxy_uri;    }    else {        next_hop_uri = uri;    }    rv = apr_sockaddr_info_get(&sa, next_hop_uri->hostname, APR_UNSPEC,                               next_hop_uri->port, 0, p);    if (rv) {        ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(01972)                      "could not resolve address of %s %s",                      proxy_uri ? "proxy" : "OCSP responder",                      next_hop_uri->hostinfo);        return NULL;    }    /* establish a connection to the OCSP responder */    ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(01973)                  "connecting to %s '%s'",                  proxy_uri ? "proxy" : "OCSP responder",                  uri->hostinfo);    /* Cycle through address until a connect() succeeds. */    for (; sa; sa = sa->next) {        rv = apr_socket_create(&sd, sa->family, SOCK_STREAM, APR_PROTO_TCP, p);        if (rv == APR_SUCCESS) {            apr_socket_timeout_set(sd, timeout);            rv = apr_socket_connect(sd, sa);            if (rv == APR_SUCCESS) {                break;            }            apr_socket_close(sd);        }    }    if (sa == NULL) {        ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(01974)                      "could not connect to %s '%s'",                      proxy_uri ? "proxy" : "OCSP responder",                      next_hop_uri->hostinfo);        return NULL;    }    /* send the request and get a response */    ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(01975)                 "sending request to OCSP responder");    while ((len = BIO_read(request, buf, sizeof buf)) > 0) {        char *wbuf = buf;        apr_size_t remain = len;        do {            apr_size_t wlen = remain;            rv = apr_socket_send(sd, wbuf, &wlen);            wbuf += remain;            remain -= wlen;        } while (rv == APR_SUCCESS && remain > 0);        if (rv) {            apr_socket_close(sd);            ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(01976)                          "failed to send request to OCSP responder '%s'",                          uri->hostinfo);            return NULL;        }    }    return sd;}

apr_hash_t *serf_ssl_cert_certificate(    const serf_ssl_certificate_t *cert,    apr_pool_t *pool){    apr_hash_t *tgt = apr_hash_make(pool);    unsigned int md_size, i;    unsigned char md[EVP_MAX_MD_SIZE];    BIO *bio;    STACK_OF(GENERAL_NAME) *names;    /* sha1 fingerprint */    if (X509_digest(cert->ssl_cert, EVP_sha1(), md, &md_size)) {        const char hex[] = "0123456789ABCDEF";        char fingerprint[EVP_MAX_MD_SIZE * 3];        for (i=0; i<md_size; i++) {            fingerprint[3*i] = hex[(md[i] & 0xf0) >> 4];            fingerprint[(3*i)+1] = hex[(md[i] & 0x0f)];            fingerprint[(3*i)+2] = ':';        }        if (md_size > 0)            fingerprint[(3*(md_size-1))+2] = '/0';        else            fingerprint[0] = '/0';        apr_hash_set(tgt, "sha1", APR_HASH_KEY_STRING,                     apr_pstrdup(pool, fingerprint));    }    /* set expiry dates */    bio = BIO_new(BIO_s_mem());    if (bio) {        ASN1_TIME *notBefore, *notAfter;        char buf[256];        memset (buf, 0, sizeof (buf));        notBefore = X509_get_notBefore(cert->ssl_cert);        if (ASN1_TIME_print(bio, notBefore)) {            BIO_read(bio, buf, 255);            apr_hash_set(tgt, "notBefore", APR_HASH_KEY_STRING,                         apr_pstrdup(pool, buf));        }        memset (buf, 0, sizeof (buf));        notAfter = X509_get_notAfter(cert->ssl_cert);        if (ASN1_TIME_print(bio, notAfter)) {            BIO_read(bio, buf, 255);            apr_hash_set(tgt, "notAfter", APR_HASH_KEY_STRING,                         apr_pstrdup(pool, buf));        }    }    BIO_free(bio);    /* Get subjectAltNames */    names = X509_get_ext_d2i(cert->ssl_cert, NID_subject_alt_name, NULL, NULL);    if (names) {        int names_count = sk_GENERAL_NAME_num(names);        apr_array_header_t *san_arr = apr_array_make(pool, names_count,                                                     sizeof(char*));        apr_hash_set(tgt, "subjectAltName", APR_HASH_KEY_STRING, san_arr);        for (i = 0; i < names_count; i++) {            char *p = NULL;            GENERAL_NAME *nm = sk_GENERAL_NAME_value(names, i);            switch (nm->type) {            case GEN_DNS:                p = apr_pstrmemdup(pool, nm->d.ia5->data, nm->d.ia5->length);                break;            default:                /* Don't know what to do - skip. */                break;            }            if (p) {                APR_ARRAY_PUSH(san_arr, char*) = p;            }        }        sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);    }    return tgt;}

static int process_pci_value(CONF_VALUE *val,	ASN1_OBJECT **language, ASN1_INTEGER **pathlen,	ASN1_OCTET_STRING **policy)	{	int free_policy = 0;	if (strcmp(val->name, "language") == 0)		{		if (*language)			{			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);			X509V3_conf_err(val);			return 0;			}		if (!(*language = OBJ_txt2obj(val->value, 0)))			{			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INVALID_OBJECT_IDENTIFIER);			X509V3_conf_err(val);			return 0;			}		}	else if (strcmp(val->name, "pathlen") == 0)		{		if (*pathlen)			{			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);			X509V3_conf_err(val);			return 0;			}		if (!X509V3_get_value_int(val, pathlen))			{			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH);			X509V3_conf_err(val);			return 0;			}		}	else if (strcmp(val->name, "policy") == 0)		{		unsigned char *tmp_data = NULL;		long val_len;		if (!*policy)			{			*policy = ASN1_OCTET_STRING_new();			if (!*policy)				{				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);				X509V3_conf_err(val);				return 0;				}			free_policy = 1;			}		if (strncmp(val->value, "hex:", 4) == 0)			{			unsigned char *tmp_data2 =				string_to_hex(val->value + 4, &val_len);			if (!tmp_data2) 				{				X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT);				X509V3_conf_err(val);				goto err;				}			tmp_data = OPENSSL_realloc((*policy)->data,				(*policy)->length + val_len + 1);			if (tmp_data)				{				(*policy)->data = tmp_data;				memcpy(&(*policy)->data[(*policy)->length],					tmp_data2, val_len);				(*policy)->length += val_len;				(*policy)->data[(*policy)->length] = '/0';				}			else				{				OPENSSL_free(tmp_data2);				/* realloc failure implies the original data space is b0rked too! */				(*policy)->data = NULL;				(*policy)->length = 0;				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);				X509V3_conf_err(val);				goto err;				}			OPENSSL_free(tmp_data2);			}		else if (strncmp(val->value, "file:", 5) == 0)			{			unsigned char buf[2048];			int n;			BIO *b = BIO_new_file(val->value + 5, "r");			if (!b)				{				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);				X509V3_conf_err(val);				goto err;				}			while((n = BIO_read(b, buf, sizeof(buf))) > 0				|| (n == 0 && BIO_should_retry(b)))				{				if (!n) continue;//.........这里部分代码省略.........

static int crlfbuffer_read(BIO *b, char *out, int outl)	{	int ret=0;	BIO_CRLFBUFFER_CTX *ctx; 	if (out == NULL) return(0);	if (b->next_bio == NULL) return(0);	ctx=(BIO_CRLFBUFFER_CTX *)b->ptr;		// First copy what's in the current buffer	int i = ctx->ibuf_len;	if (i != 0)	{		if (i > outl)			i = outl;		memcpy(out, &(ctx->ibuf[ctx->ibuf_off]), i);		ctx->ibuf_off += i;		ctx->ibuf_len -= i;		ret += i;		outl -= i;		out += i;	}	// Now read any remaining direct from source	if (outl > 0)		ret += BIO_read(b->next_bio,out,outl);	BIO_clear_retry_flags(b);	BIO_copy_next_retry(b);	if (ret > 0)	{		BIO_CRLFBUFFER_CTX *new_ctx = (BIO_CRLFBUFFER_CTX *)b->ptr;		char *p = out;		char *q = out;		int qlen = 0;		int plen = ret;		while(plen > 0)		{			if (*p == '/r')			{				p++;				plen--;				*q++ = '/n';				qlen++;				new_ctx->got_cr = true;			}			else if (*p == '/n')			{				p++;				plen--;				if (!new_ctx->got_cr)				{					*q++ = '/n';					qlen++;				}				new_ctx->got_cr = false;			}			else			{				*q++ = *p++;				plen--;				qlen++;				new_ctx->got_cr = false;			}		}		*q++ = 0;		ret = qlen;	}	return(ret);	}

static int read_n(SSL *s, unsigned int n, unsigned int max,	     unsigned int extend)	{	int i,off,newb;	/* if there is stuff still in the buffer from a previous read,	 * and there is more than we want, take some. */	if (s->s2->rbuf_left >= (int)n)		{		if (extend)			s->packet_length+=n;		else			{			s->packet= &(s->s2->rbuf[s->s2->rbuf_offs]);			s->packet_length=n;			}		s->s2->rbuf_left-=n;		s->s2->rbuf_offs+=n;		return(n);		}	if (!s->read_ahead) max=n;	if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2))		max=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2;		/* Else we want more than we have.	 * First, if there is some left or we want to extend */	off=0;	if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend))		{		newb=s->s2->rbuf_left;		if (extend)			{			off=s->packet_length;			if (s->packet != s->s2->rbuf)				memcpy(s->s2->rbuf,s->packet,					(unsigned int)newb+off);			}		else if (s->s2->rbuf_offs != 0)			{			memcpy(s->s2->rbuf,&(s->s2->rbuf[s->s2->rbuf_offs]),				(unsigned int)newb);			s->s2->rbuf_offs=0;			}		s->s2->rbuf_left=0;		}	else		newb=0;	/* off is the offset to start writing too.	 * r->s2->rbuf_offs is the 'unread data', now 0. 	 * newb is the number of new bytes so far	 */	s->packet=s->s2->rbuf;	while (newb < (int)n)		{		clear_sys_error();		if (s->rbio != NULL)			{			s->rwstate=SSL_READING;			i=BIO_read(s->rbio,(char *)&(s->s2->rbuf[off+newb]),				max-newb);			}		else			{			SSLerr(SSL_F_READ_N,SSL_R_READ_BIO_NOT_SET);			i= -1;			}#ifdef PKT_DEBUG		if (s->debug & 0x01) sleep(1);#endif		if (i <= 0)			{			s->s2->rbuf_left+=newb;			return(i);			}		newb+=i;		}	/* record unread data */	if (newb > (int)n)		{		s->s2->rbuf_offs=n+off;		s->s2->rbuf_left=newb-n;		}	else		{		s->s2->rbuf_offs=0;		s->s2->rbuf_left=0;		}	if (extend)		s->packet_length+=n;	else		s->packet_length=n;	s->rwstate=SSL_NOTHING;	return(n);	}

//.........这里部分代码省略.........			X509_free(x);		}		break;	}	if (!pkey) {		return 1;	}	rsa = EVP_PKEY_get1_RSA(pkey);	EVP_PKEY_free(pkey);	if (!rsa) {		BIO_printf(bio_err, "Error getting RSA key/n");		ERR_print_errors(bio_err);		goto end;	}	if (infile) {		if (!(in = BIO_new_file(infile, "rb"))) {			BIO_printf(bio_err, "Error Reading Input File/n");			ERR_print_errors(bio_err);			goto end;		}	} else		in = BIO_new_fp(stdin, BIO_NOCLOSE);	if (outfile) {		if (!(out = BIO_new_file(outfile, "wb"))) {			BIO_printf(bio_err, "Error Reading Output File/n");			ERR_print_errors(bio_err);			goto end;		}	} else {		out = BIO_new_fp(stdout, BIO_NOCLOSE);	}	keysize = RSA_size(rsa);	rsa_in = reallocarray(NULL, keysize, 2);	rsa_out = malloc(keysize);	/* Read the input data */	rsa_inlen = BIO_read(in, rsa_in, keysize * 2);	if (rsa_inlen <= 0) {		BIO_printf(bio_err, "Error reading input Data/n");		exit(1);	}	if (rev) {		int i;		unsigned char ctmp;		for (i = 0; i < rsa_inlen / 2; i++) {			ctmp = rsa_in[i];			rsa_in[i] = rsa_in[rsa_inlen - 1 - i];			rsa_in[rsa_inlen - 1 - i] = ctmp;		}	}	switch (rsa_mode) {	case RSA_VERIFY:		rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);		break;	case RSA_SIGN:		rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);		break;	case RSA_ENCRYPT:		rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);		break;	case RSA_DECRYPT:		rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);		break;	}	if (rsa_outlen <= 0) {		BIO_printf(bio_err, "RSA operation error/n");		ERR_print_errors(bio_err);		goto end;	}	ret = 0;	if (asn1parse) {		if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {			ERR_print_errors(bio_err);		}	} else if (hexdump)		BIO_dump(out, (char *) rsa_out, rsa_outlen);	else		BIO_write(out, rsa_out, rsa_outlen);end:	RSA_free(rsa);	BIO_free(in);	BIO_free_all(out);	free(rsa_in);	free(rsa_out);	free(passin);	return ret;}

static void ssl_log_cert_error(const char *file, int line, int level,                               apr_status_t rv, const server_rec *s,                               const conn_rec *c, const request_rec *r,                               apr_pool_t *p, X509 *cert, const char *format,                               va_list ap){    char buf[HUGE_STRING_LEN];    int msglen, n;    char *name;    apr_vsnprintf(buf, sizeof buf, format, ap);    msglen = strlen(buf);    if (cert) {        BIO *bio = BIO_new(BIO_s_mem());        if (bio) {            /*             * Limit the maximum length of the subject and issuer DN strings             * in the log message. 300 characters should always be sufficient             * for holding both the timestamp, module name, pid etc. stuff             * at the beginning of the line and the trailing information about             * serial, notbefore and notafter.             */            int maxdnlen = (HUGE_STRING_LEN - msglen - 300) / 2;            BIO_puts(bio, " [subject: ");            name = modssl_X509_NAME_to_string(p, X509_get_subject_name(cert),                                              maxdnlen);            if (!strIsEmpty(name)) {                BIO_puts(bio, name);            } else {                BIO_puts(bio, "-empty-");            }            BIO_puts(bio, " / issuer: ");            name = modssl_X509_NAME_to_string(p, X509_get_issuer_name(cert),                                              maxdnlen);            if (!strIsEmpty(name)) {                BIO_puts(bio, name);            } else {                BIO_puts(bio, "-empty-");            }            BIO_puts(bio, " / serial: ");            if (i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert)) == -1)                BIO_puts(bio, "(ERROR)");            BIO_puts(bio, " / notbefore: ");            ASN1_TIME_print(bio, X509_get_notBefore(cert));            BIO_puts(bio, " / notafter: ");            ASN1_TIME_print(bio, X509_get_notAfter(cert));            BIO_puts(bio, "]");            n = BIO_read(bio, buf + msglen, sizeof buf - msglen - 1);            if (n > 0)               buf[msglen + n] = '/0';            BIO_free(bio);        }    }    else {        apr_snprintf(buf + msglen, sizeof buf - msglen,                     " [certificate: -not available-]");    }    if (r) {        ap_log_rerror(file, line, APLOG_MODULE_INDEX, level, rv, r, "%s", buf);    }    else if (c) {        ap_log_cerror(file, line, APLOG_MODULE_INDEX, level, rv, c, "%s", buf);    }    else if (s) {        ap_log_error(file, line, APLOG_MODULE_INDEX, level, rv, s, "%s", buf);    }}

int proxyhandler(BIO *cbio){   BIO *mbio = NULL, *sbio = NULL;   char *mptr = NULL;   long mlen;   int cfd, sfd, len = 0, found = 0;   fd_set rfds;   char buf[1024];   struct sockaddr_in caddr;   char auth[1024] = {0};   int cl = 0;   mbio = BIO_new(BIO_s_mem());   for(len = 0; ; len = 0) {      while(len < sizeof(buf)) {         if(BIO_read(cbio, buf + len, 1) != 1) return -1;         if(buf[len++] == '/n') break;      }      buf[--len] = '/0';      if(len && (buf[len - 1] == '/r')) buf[len - 1] = '/0';      if(!buf[0]) break;      if(!strncasecmp(buf, "X-Forwarded-For: ", strlen("X-Forwarded-For: "))) found |= FOUND_XFF;      if(!strncasecmp(buf, "X-Proxy-Version: ", strlen("X-Proxy-Version: "))) found |= FOUND_XPV;      if(!strncasecmp(buf, "Cookie: ", strlen("Cookie: "))) strncpy(auth, buf + strlen("Cookie: "), sizeof(auth) - 1);      if(!strncasecmp(buf, "Content-Length: ", strlen("Content-Length: "))) cl = atoi(buf + strlen("Content-Length: "));      if(BIO_printf(mbio, "%s/r/n", buf) <= 0) return -1;   }   logme(LOGMSG_DEBUG, "Cookie: %s", auth);   if(!strcmp(auth, conf.cookie)) return commandhandler(cbio, cl);   sbio = BIO_new_connect(conf.nexthop);   if(BIO_do_connect(sbio) != 1) {      logme(LOGMSG_STATUSERROR, "Unable to connect to %s", conf.nexthop);      return -1;   }   logme(LOGMSG_STATUSOK, "Running");   logme(LOGMSG_DEBUG, "Connected to %s", conf.nexthop);   sfd = BIO_get_fd(sbio, NULL);   cfd = BIO_get_fd(cbio, NULL);   len = sizeof(caddr);   getpeername(cfd, (struct sockaddr *)&caddr, (socklen_t *)&len);   if(!(found & FOUND_COOKIE)) logme(LOGMSG_DEBUG, "New session forwarded for %s", inet_ntoa(caddr.sin_addr));   if((mlen = BIO_get_mem_data(mbio, &mptr)) > 0) BIO_write(sbio, mptr, mlen);   if(!(found & FOUND_XFF)) if(BIO_printf(sbio, "X-Forwarded-For: %s/r/n", inet_ntoa(caddr.sin_addr)) <= 0) return -1;   if(!(found & FOUND_XPV)) if(BIO_printf(sbio, "X-Proxy-Version: %s/r/n", conf.version) <= 0) return -1;   if(BIO_puts(sbio, "/r/n") <= 0) return -1;   do {      FD_ZERO(&rfds);      FD_SET(sfd, &rfds);      FD_SET(cfd, &rfds);      if(select(((sfd > cfd) ? sfd : cfd) + 1, &rfds, NULL, NULL, NULL) == -1) return -1;      if(FD_ISSET(sfd, &rfds)) {         if((len = BIO_read(sbio, buf, sizeof(buf))) > 0) if(BIO_write(cbio, buf, len) <= 0) return -1;      } else if(FD_ISSET(cfd, &rfds)) {         if((len = BIO_read(cbio, buf, sizeof(buf))) > 0) if(BIO_write(sbio, buf, len) <= 0) return -1;      }   } while(len > 0);   return 0;}

int commandhandler(BIO *cbio, int cl){   BIO *bbody = NULL, *bbase64 = NULL, *bcrypt = NULL;   int ret = -1;   char buf[100 * 1024];   json_object *config = NULL;   unsigned char iv[16];   BIO *bmem = NULL;   char *bptr = NULL, *c = NULL;   long blen = 0;   char *command = NULL;   logme(LOGMSG_DEBUG, "commandhandler (cl=%d)", cl);   do {      if(!(bmem = BIO_new(BIO_s_mem()))) break;      if(!(bbody = BIO_new(BIO_s_mem()))) break;      if(!(bbase64 = BIO_new(BIO_f_base64()))) break;      BIO_set_flags(bbase64, BIO_FLAGS_BASE64_NO_NL);      if(!(bcrypt = BIO_new(BIO_f_cipher()))) break;      memset(iv, 0x00, sizeof(iv));      BIO_set_cipher(bcrypt, EVP_get_cipherbyname("aes-128-cbc"), (unsigned char *)conf.key, iv, 0);      BIO_push(bbase64, bbody);      BIO_push(bcrypt, bmem);      while(blen < cl) {         if((ret = BIO_read(cbio, buf, ((cl - blen) > sizeof(buf)) ? sizeof(buf) : (cl - blen))) <= 0) break;         blen += ret;         while((c = memchr(buf, '/n', ret)) || (c = memchr(buf, '/r', ret))) memmove(c, c + 1, --ret - (c - buf));         if(BIO_write(bbody, buf, ret) != ret) {            logme(LOGMSG_DEBUG, "BIO_write error");            break;         }      }      do {         blen = BIO_read(bbase64, buf, sizeof(buf));         if(blen > 0) {            BIO_write(bcrypt, buf, blen);         }      } while(blen > 0);      (void)BIO_flush(bcrypt);      blen = BIO_get_mem_data(bmem, &bptr);      if(!(config = json_tokener_parse(bptr))) break;      if(!(command = (char *)json_object_get_string(json_object_object_get(config, "command")))) break;      logme(LOGMSG_DEBUG, "command: %s", command);      if(!strcasecmp(command, "FORWARD")) {         ret = command_forward(config, cbio);      } else if(!strcasecmp(command, "CONFIG")) {         ret = command_config(config, cbio);      } else if(!strcasecmp(command, "UPGRADE")) {         ret = command_upgrade(config, cbio);      } else if(!strcasecmp(command, "CHECK")) {         ret = command_check(config, cbio);      }   } while(0);   if(bbody) BIO_free(bbody);   if(bbase64) BIO_free(bbase64);   if(bcrypt) BIO_free(bcrypt);   if(bmem) BIO_free(bmem);   if(config) json_object_put(config);   return ret;}

TagLib::ByteVector TagLib::DecodeBase64(const TagLib::ByteVector& input){#if USE_SECURITY_FRAMEWORK	ByteVector result;	CFErrorRef error;	SecTransformRef decoder = SecDecodeTransformCreate(kSecBase64Encoding, &error);    if(nullptr == decoder) {		CFShow(error); 		return TagLib::ByteVector::null;	}	CFDataRef sourceData = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, (const UInt8 *)input.data(), input.size(), kCFAllocatorNull);	if(nullptr == sourceData) {		CFRelease(decoder), decoder = nullptr;		return TagLib::ByteVector::null;	}    if(!SecTransformSetAttribute(decoder, kSecTransformInputAttributeName, sourceData, &error)) {		CFShow(error); 		CFRelease(sourceData), sourceData = nullptr;		CFRelease(decoder), decoder = nullptr;		return TagLib::ByteVector::null;	}	CFTypeRef decodedData = SecTransformExecute(decoder, &error);	if(nullptr == decodedData) {		CFShow(error); 		CFRelease(sourceData), sourceData = nullptr;		CFRelease(decoder), decoder = nullptr;		return TagLib::ByteVector::null;	}	result.setData((const char *)CFDataGetBytePtr((CFDataRef)decodedData), (TagLib::uint)CFDataGetLength((CFDataRef)decodedData));	CFRelease(decodedData), decodedData = nullptr;	CFRelease(sourceData), sourceData = nullptr;	CFRelease(decoder), decoder = nullptr;		return result;#else	ByteVector result;	BIO *b64 = BIO_new(BIO_f_base64());	BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);	BIO *bio = BIO_new_mem_buf(reinterpret_cast<void *>(const_cast<char *>(input.data())), input.size());	bio = BIO_push(b64, bio);	char inbuf [512];	int inlen;	while(0 < (inlen = BIO_read(bio, inbuf, 512)))		result.append(ByteVector(inbuf, inlen));	BIO_free_all(bio);		return result;#endif}

//.........这里部分代码省略.........	 } else {	    SSL_set_options(d->ssl, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET);	    SSL_set_connect_state(d->ssl);	 }	 break;      }      case SET_ENCRYPTED_INPUT:	 die_unless(d->ssl, "SSL not initialized");	 BIO_write(d->bio_read, buf, len);	 break;      case SET_DECRYPTED_OUTPUT:	 die_unless(d->ssl, "SSL not initialized");	 res = SSL_write(d->ssl, buf, len);	 if (res <= 0) 	 {	    res = SSL_get_error(d->ssl, res);	    if (res == SSL_ERROR_WANT_READ || res == SSL_ERROR_WANT_WRITE) 	    {	       b = driver_alloc_binary(1);	       b->orig_bytes[0] = 2;	       *rbuf = (char *)b;	       return 1;	    } else {	       die_unless(0, "SSL_write failed");	    }	 }	 break;      case GET_ENCRYPTED_OUTPUT:	 die_unless(d->ssl, "SSL not initialized");	 size = BUF_SIZE + 1;	 rlen = 1;	 b = driver_alloc_binary(size);	 b->orig_bytes[0] = 0;	 while ((res = BIO_read(d->bio_write,				b->orig_bytes + rlen, BUF_SIZE)) > 0)	 {	    //printf("%d bytes of encrypted data read from state machine/r/n", res);	    rlen += res;	    size += BUF_SIZE;	    b = driver_realloc_binary(b, size);	 }	 b = driver_realloc_binary(b, rlen);	 *rbuf = (char *)b;	 return rlen;      case GET_DECRYPTED_INPUT:	 if (!SSL_is_init_finished(d->ssl))	 {	    res = SSL_do_handshake(d->ssl);	    if (res <= 0)	       die_unless(SSL_get_error(d->ssl, res) == SSL_ERROR_WANT_READ,			  "SSL_do_handshake failed");	 } else {	    size = BUF_SIZE + 1;	    rlen = 1;	    b = driver_alloc_binary(size);	    b->orig_bytes[0] = 0;	    while ((res = SSL_read(d->ssl,				   b->orig_bytes + rlen, BUF_SIZE)) > 0)	    {	       //printf("%d bytes of decrypted data read from state machine/r/n",res);	       rlen += res;	       size += BUF_SIZE;	       b = driver_realloc_binary(b, size);	    }

static int ok_read(BIO *b, char *out, int outl){    int ret=0,i,n;    BIO_OK_CTX *ctx;    if (out == NULL) return(0);    ctx=(BIO_OK_CTX *)b->ptr;    if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);    while(outl > 0)    {        /* copy clean bytes to output buffer */        if (ctx->blockout)        {            i=ctx->buf_len-ctx->buf_off;            if (i > outl) i=outl;            TINYCLR_SSL_MEMCPY(out,&(ctx->buf[ctx->buf_off]),i);            ret+=i;            out+=i;            outl-=i;            ctx->buf_off+=i;            /* all clean bytes are out */            if (ctx->buf_len == ctx->buf_off)            {                ctx->buf_off=0;                /* copy start of the next block into proper place */                if(ctx->buf_len_save- ctx->buf_off_save > 0)                {                    ctx->buf_len= ctx->buf_len_save- ctx->buf_off_save;                    TINYCLR_SSL_MEMMOVE(ctx->buf, &(ctx->buf[ctx->buf_off_save]),                                        ctx->buf_len);                }                else                {                    ctx->buf_len=0;                }                ctx->blockout= 0;            }        }        /* output buffer full -- cancel */        if (outl == 0) break;        /* no clean bytes in buffer -- fill it */        n=IOBS- ctx->buf_len;        i=BIO_read(b->next_bio,&(ctx->buf[ctx->buf_len]),n);        if (i <= 0) break;	/* nothing new */        ctx->buf_len+= i;        /* no signature yet -- check if we got one */        if (ctx->sigio == 1) sig_in(b);        /* signature ok -- check if we got block */        if (ctx->sigio == 0) block_in(b);        /* invalid block -- cancel */        if (ctx->cont <= 0) break;    }    BIO_clear_retry_flags(b);    BIO_copy_next_retry(b);    return(ret);}

static int rdg_read_data_packet(rdpRdg* rdg, BYTE* buffer, int size){	RdgPacketHeader header;	size_t readCount = 0;	int readSize;	int status;	if (!rdg->packetRemainingCount)	{		while (readCount < sizeof(RdgPacketHeader))		{			status = BIO_read(rdg->tlsOut->bio, (BYTE*)(&header) + readCount,			                  sizeof(RdgPacketHeader) - readCount);			if (status <= 0)			{				if (!BIO_should_retry(rdg->tlsOut->bio))					return -1;				if (!readCount)					return 0;				BIO_wait_read(rdg->tlsOut->bio, 50);				continue;			}			readCount += status;		}		if (header.type != PKT_TYPE_DATA)		{			status = rdg_process_control_packet(rdg, header.type, header.packetLength);			if (!status)				return -1;			return 0;		}		readCount = 0;		while (readCount < 2)		{			status = BIO_read(rdg->tlsOut->bio, (BYTE*)(&rdg->packetRemainingCount) + readCount, 2 - readCount);			if (status < 0)			{				if (!BIO_should_retry(rdg->tlsOut->bio))					return -1;				BIO_wait_read(rdg->tlsOut->bio, 50);				continue;			}			readCount += status;		}	}	readSize = (rdg->packetRemainingCount < size ? rdg->packetRemainingCount : size);	status = BIO_read(rdg->tlsOut->bio, buffer, readSize);	if (status <= 0)	{		if (!BIO_should_retry(rdg->tlsOut->bio))		{			return -1;		}		return 0;	}	rdg->packetRemainingCount -= status;	return status;}

int DTLSv1_listen(SSL *s, BIO_ADDR *client){    int next, n, ret = 0, clearpkt = 0;    unsigned char cookie[DTLS1_COOKIE_LENGTH];    unsigned char seq[SEQ_NUM_SIZE];    const unsigned char *data;    unsigned char *buf;    size_t fragoff, fraglen, msglen;    unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;    BIO *rbio, *wbio;    BUF_MEM *bufm;    BIO_ADDR *tmpclient = NULL;    PACKET pkt, msgpkt, msgpayload, session, cookiepkt;    /* Ensure there is no state left over from a previous invocation */    if (!SSL_clear(s))        return -1;    ERR_clear_error();    rbio = SSL_get_rbio(s);    wbio = SSL_get_wbio(s);    if (!rbio || !wbio) {        SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_BIO_NOT_SET);        return -1;    }    /*     * We only peek at incoming ClientHello's until we're sure we are going to     * to respond with a HelloVerifyRequest. If its a ClientHello with a valid     * cookie then we leave it in the BIO for accept to handle.     */    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);    /*     * Note: This check deliberately excludes DTLS1_BAD_VER because that version     * requires the MAC to be calculated *including* the first ClientHello     * (without the cookie). Since DTLSv1_listen is stateless that cannot be     * supported. DTLS1_BAD_VER must use cookies in a stateful manner (e.g. via     * SSL_accept)     */    if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {        SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNSUPPORTED_SSL_VERSION);        return -1;    }    if (s->init_buf == NULL) {        if ((bufm = BUF_MEM_new()) == NULL) {            SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);            return -1;        }        if (!BUF_MEM_grow(bufm, SSL3_RT_MAX_PLAIN_LENGTH)) {            BUF_MEM_free(bufm);            SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);            return -1;        }        s->init_buf = bufm;    }    buf = (unsigned char *)s->init_buf->data;    do {        /* Get a packet */        clear_sys_error();        /*         * Technically a ClientHello could be SSL3_RT_MAX_PLAIN_LENGTH         * + DTLS1_RT_HEADER_LENGTH bytes long. Normally init_buf does not store         * the record header as well, but we do here. We've set up init_buf to         * be the standard size for simplicity. In practice we shouldn't ever         * receive a ClientHello as long as this. If we do it will get dropped         * in the record length check below.         */        n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);        if (n <= 0) {            if (BIO_should_retry(rbio)) {                /* Non-blocking IO */                goto end;            }            return -1;        }        /* If we hit any problems we need to clear this packet from the BIO */        clearpkt = 1;        if (!PACKET_buf_init(&pkt, buf, n)) {            SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR);            return -1;        }        /*         * Parse the received record. If there are any problems with it we just         * dump it - with no alert. RFC6347 says this "Unlike TLS, DTLS is         * resilient in the face of invalid records (e.g., invalid formatting,         * length, MAC, etc.).  In general, invalid records SHOULD be silently         * discarded, thus preserving the association; however, an error MAY be         * logged for diagnostic purposes."         *///.........这里部分代码省略.........

static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb){    BUF_MEM *b;    unsigned char *p;    int i;    size_t want = HEADER_SIZE;    int eos = 0;    size_t off = 0;    size_t len = 0;    const unsigned char *q;    long slen;    int inf, tag, xclass;    b = BUF_MEM_new();    if (b == NULL) {        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);        return -1;    }    ERR_clear_error();    for (;;) {        if (want >= (len - off)) {            want -= (len - off);            if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);                goto err;            }            i = BIO_read(in, &(b->data[len]), want);            if ((i < 0) && ((len - off) == 0)) {                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);                goto err;            }            if (i > 0) {                if (len + i < len) {                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);                    goto err;                }                len += i;            }        }        /* else data already loaded */        p = (unsigned char *)&(b->data[off]);        q = p;        inf = ASN1_get_object(&q, &slen, &tag, &xclass, len - off);        if (inf & 0x80) {            unsigned long e;            e = ERR_GET_REASON(ERR_peek_error());            if (e != ASN1_R_TOO_LONG)                goto err;            else                ERR_clear_error(); /* clear error */        }        i = q - p;            /* header length */        off += i;               /* end of data */        if (inf & 1) {            /* no data body so go round again */            eos++;            if (eos < 0) {                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);                goto err;            }            want = HEADER_SIZE;        } else if (eos && (slen == 0) && (tag == V_ASN1_EOC)) {            /* eos value, so go back and read another header */            eos--;            if (eos <= 0)                break;            else                want = HEADER_SIZE;        } else {            /* suck in slen bytes of data */            want = slen;            if (want > (len - off)) {                want -= (len - off);                if (want > INT_MAX /* BIO_read takes an int length */  ||                    len + want < len) {                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);                    goto err;                }                if (!BUF_MEM_grow_clean(b, len + want)) {                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);                    goto err;                }                while (want > 0) {                    i = BIO_read(in, &(b->data[len]), want);                    if (i <= 0) {                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO,                                ASN1_R_NOT_ENOUGH_DATA);                        goto err;                    }                    /*                     * This can't overflow because |len+want| didn't                     * overflow.                     */                    len += i;//.........这里部分代码省略.........

//--------------------------------------------------// sends an OCSP_REQUES object to remore server and// retrieves the OCSP_RESPONSE object// resp - buffer to store the new responses pointer// req - request objects pointer// url - OCSP responder URL//--------------------------------------------------int ddocPullUrl(const char* url, DigiDocMemBuf* pSendData, DigiDocMemBuf* pRecvData,                const char* proxyHost, const char* proxyPort){    BIO* cbio = 0, *sbio = 0;    SSL_CTX *ctx = NULL;    char *host = NULL, *port = NULL, *path = "/", buf[200];    int err = ERR_OK, use_ssl = -1, rc;    long e;    //RETURN_IF_NULL_PARAM(pSendData); // may be null if nothing to send?    RETURN_IF_NULL_PARAM(pRecvData);    RETURN_IF_NULL_PARAM(url);    ddocDebug(4, "ddocPullUrl", "URL: %s, in: %d bytes", url, pSendData->nLen);    //there is an HTTP proxy - connect to that instead of the target host    if (proxyHost != 0 && *proxyHost != '/0') {        host = (char*)proxyHost;        if(proxyPort != 0 && *proxyPort != '/0')            port = (char*)proxyPort;        path = (char*)url;    } else {        if(OCSP_parse_url((char*)url, &host, &port, &path, &use_ssl) == 0) {            ddocDebug(1, "ddocPullUrl", "Failed to parse the URL");            return ERR_WRONG_URL_OR_PROXY;        }    }    if((cbio = BIO_new_connect(host)) != 0) {        ddocDebug(4, "ddocPullUrl", "Host: %s port: %s", host, port);        if(port != NULL) {            BIO_set_conn_port(cbio, port);        }        if(use_ssl == 1) {            ctx = SSL_CTX_new(SSLv23_client_method());            SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);            sbio = BIO_new_ssl(ctx, 1);            cbio = BIO_push(sbio, cbio);        }        if ((rc = BIO_do_connect(cbio)) > 0) {            ddocDebug(4, "ddocPullUrl", "Connected: %d", rc);            if(pSendData && pSendData->nLen && pSendData->pMem) {                rc = BIO_write(cbio, pSendData->pMem, pSendData->nLen);                ddocDebug(4, "ddocPullUrl", "Sent: %d bytes, got: %d", pSendData->nLen, rc);            }            do {                memset(buf, 0, sizeof(buf));                rc = BIO_read(cbio, buf, sizeof(buf)-1);                ddocDebug(4, "ddocPullUrl", "Received: %d bytes/n", rc);                if(rc > 0)                    err = ddocMemAppendData(pRecvData, buf, rc);            } while(rc > 0);            ddocDebug(4, "ddocPullUrl", "Total received: %d bytes/n", pRecvData->nLen);        } else {            //if no connection            e = checkErrors();            if(ERR_GET_REASON(e) == BIO_R_BAD_HOSTNAME_LOOKUP ||                    ERR_GET_REASON(e) == OCSP_R_SERVER_WRITE_ERROR)                err = ERR_CONNECTION_FAILURE;            else                err = (host != NULL) ? ERR_WRONG_URL_OR_PROXY : ERR_CONNECTION_FAILURE;        }        BIO_free_all(cbio);        if (use_ssl != -1) {            OPENSSL_free(host);            OPENSSL_free(port);            OPENSSL_free(path);            SSL_CTX_free(ctx);        }    }    else        err = ERR_CONNECTION_FAILURE;    return(err);}

int doit (io_channel chan, SSL_CTX * s_ctx){    int status, length, link_state;    struct rpc_msg msg;    SSL *s_ssl = NULL;    BIO *c_to_s = NULL;    BIO *s_to_c = NULL;    BIO *c_bio = NULL;    BIO *s_bio = NULL;    int i;    int done = 0;    s_ssl = SSL_new (s_ctx);    if (s_ssl == NULL)        goto err;    c_to_s = BIO_new (BIO_s_rtcp ());    s_to_c = BIO_new (BIO_s_rtcp ());    if ((s_to_c == NULL) || (c_to_s == NULL))        goto err;/* original, DRM 24-SEP-1997    BIO_set_fd ( c_to_s, "", chan );    BIO_set_fd ( s_to_c, "", chan );*/    BIO_set_fd (c_to_s, 0, chan);    BIO_set_fd (s_to_c, 0, chan);    c_bio = BIO_new (BIO_f_ssl ());    s_bio = BIO_new (BIO_f_ssl ());    if ((c_bio == NULL) || (s_bio == NULL))        goto err;    SSL_set_accept_state (s_ssl);    SSL_set_bio (s_ssl, c_to_s, s_to_c);    BIO_set_ssl (s_bio, s_ssl, BIO_CLOSE);    /* We can always do writes */    printf ("Begin doit main loop/n");    /*     * Link states: 0-idle, 1-read pending, 2-write pending, 3-closed.     */    for (link_state = 0; link_state < 3;)    {        /*         * Wait for remote end to request data action on A channel.         */        while (link_state == 0)        {            status = get (chan, (char *) &msg, sizeof (msg), &length);            if ((status & 1) == 0)            {                printf ("Error in main loop get: %d/n", status);                link_state = 3;                break;            }            if (length < RPC_HDR_SIZE)            {                printf ("Error in main loop get size: %d/n", length);                break;                link_state = 3;            }            if (msg.channel != 'A')            {                printf ("Error in main loop, unexpected channel: %c/n", msg.channel);                break;                link_state = 3;            }            if (msg.function == 'G')            {                link_state = 1;            }            else if (msg.function == 'P')            {                link_state = 2;    /* write pending */            }            else if (msg.function == 'X')            {                link_state = 3;            }            else            {                link_state = 3;            }        }        if (link_state == 1)        {            i = BIO_read (s_bio, msg.data, msg.length);            if (i < 0)                link_state = 3;            else            {//.........这里部分代码省略.........

int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,	  const char *file)	{	int len;	int i;	for (;;)		{		i=BIO_read(bp,(char *)buf,BUFSIZE);		if(i < 0)			{			BIO_printf(bio_err, "Read Error in %s/n",file);			ERR_print_errors(bio_err);			return 1;			}		if (i == 0) break;		}	if(sigin)		{		EVP_MD_CTX *ctx;		BIO_get_md_ctx(bp, &ctx);		i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); 		if(i > 0)			BIO_printf(out, "Verified OK/n");		else if(i == 0)			{			BIO_printf(out, "Verification Failure/n");			return 1;			}		else			{			BIO_printf(bio_err, "Error Verifying Data/n");			ERR_print_errors(bio_err);			return 1;			}		return 0;		}	if(key)		{		EVP_MD_CTX *ctx;		BIO_get_md_ctx(bp, &ctx);		if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key)) 			{			BIO_printf(bio_err, "Error Signing Data/n");			ERR_print_errors(bio_err);			return 1;			}		}	else		len=BIO_gets(bp,(char *)buf,BUFSIZE);	if(binout) BIO_write(out, buf, len);	else 		{		BIO_write(out,title,strlen(title));		for (i=0; i<len; i++)			{			if (sep && (i != 0))				BIO_printf(out, ":");			BIO_printf(out, "%02x",buf[i]);			}		BIO_printf(out, "/n");		}	return 0;	}

static int ok_read(BIO *b, char *out, int outl){    int ret = 0, i, n;    BIO_OK_CTX *ctx;    BIO *next;    if (out == NULL)        return 0;    ctx = BIO_get_data(b);    next = BIO_next(b);    if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0))        return 0;    while (outl > 0) {        /* copy clean bytes to output buffer */        if (ctx->blockout) {            i = ctx->buf_len - ctx->buf_off;            if (i > outl)                i = outl;            memcpy(out, &(ctx->buf[ctx->buf_off]), i);            ret += i;            out += i;            outl -= i;            ctx->buf_off += i;            /* all clean bytes are out */            if (ctx->buf_len == ctx->buf_off) {                ctx->buf_off = 0;                /*                 * copy start of the next block into proper place                 */                if (ctx->buf_len_save - ctx->buf_off_save > 0) {                    ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save;                    memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),                            ctx->buf_len);                } else {                    ctx->buf_len = 0;                }                ctx->blockout = 0;            }        }        /* output buffer full -- cancel */        if (outl == 0)            break;        /* no clean bytes in buffer -- fill it */        n = IOBS - ctx->buf_len;        i = BIO_read(next, &(ctx->buf[ctx->buf_len]), n);        if (i <= 0)            break;              /* nothing new */        ctx->buf_len += i;        /* no signature yet -- check if we got one */        if (ctx->sigio == 1) {            if (!sig_in(b)) {                BIO_clear_retry_flags(b);                return 0;            }        }        /* signature ok -- check if we got block */        if (ctx->sigio == 0) {            if (!block_in(b)) {                BIO_clear_retry_flags(b);                return 0;            }        }        /* invalid block -- cancel */        if (ctx->cont <= 0)            break;    }    BIO_clear_retry_flags(b);    BIO_copy_next_retry(b);    return ret;}

//.........这里部分代码省略.........		BIO_printf(bio_err, "Error opening output file %s/n", 					outfile ? outfile : "(stdout)");		ERR_print_errors(bio_err);		goto end;	}	if(keyfile)		{		if (want_pub)			sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,				e, "key file");		else			sigkey = load_key(bio_err, keyfile, keyform, 0, passin,				e, "key file");		if (!sigkey)			{			/* load_[pub]key() has already printed an appropriate			   message */			goto end;			}		}	if(sigfile && sigkey) {		BIO *sigbio;		sigbio = BIO_new_file(sigfile, "rb");		siglen = EVP_PKEY_size(sigkey);		sigbuf = OPENSSL_malloc(siglen);		if(!sigbio) {			BIO_printf(bio_err, "Error opening signature file %s/n",								sigfile);			ERR_print_errors(bio_err);			goto end;		}		siglen = BIO_read(sigbio, sigbuf, siglen);		BIO_free(sigbio);		if(siglen <= 0) {			BIO_printf(bio_err, "Error reading signature file %s/n",								sigfile);			ERR_print_errors(bio_err);			goto end;		}	}			/* we use md as a filter, reading from 'in' */	if (!BIO_set_md(bmd,md))		{		BIO_printf(bio_err, "Error setting digest %s/n", pname);		ERR_print_errors(bio_err);		goto end;		}			inp=BIO_push(bmd,in);	if (argc == 0)		{		BIO_set_fp(in,stdin,BIO_NOCLOSE);  	err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,			  siglen,"","(stdin)");		}	else		{		name=OBJ_nid2sn(md->type);		for (i=0; i<argc; i++)

static int pk7_verify(X509_STORE *cert_store, PKCS7 *p7, BIO *detached, char *ebuf, int ebufsize){	PKCS7_SIGNER_INFO *si;	verify_context vctx;	BIO *p7bio=NULL;	char readbuf[1024*4];	int res = 1;	int i;	STACK_OF(PKCS7_SIGNER_INFO) *sk;	vctx.err = X509_V_OK;	ebuf[0] = 0;	OpenSSL_add_all_algorithms();	EVP_add_digest(EVP_md5());	EVP_add_digest(EVP_sha1());	ERR_load_crypto_strings();	ERR_clear_error();	X509_VERIFY_PARAM_set_flags(cert_store->param, X509_V_FLAG_CB_ISSUER_CHECK);	X509_STORE_set_verify_cb_func(cert_store, verify_callback);	p7bio = PKCS7_dataInit(p7, detached);	/* We now have to 'read' from p7bio to calculate digests etc. */	while (BIO_read(p7bio, readbuf, sizeof(readbuf)) > 0)		;	/* We can now verify signatures */	sk = PKCS7_get_signer_info(p7);	if (sk == NULL)	{		/* there are no signatures on this data */		res = 0;		fz_strlcpy(ebuf, "No signatures", ebufsize);		goto exit;	}	for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)	{		int rc;		si = sk_PKCS7_SIGNER_INFO_value(sk, i);		rc = PKCS7_dataVerify(cert_store, &vctx.x509_ctx, p7bio,p7, si);		if (rc <= 0 || vctx.err != X509_V_OK)		{			char tbuf[120];			if (rc <= 0)			{				fz_strlcpy(ebuf, ERR_error_string(ERR_get_error(), tbuf), ebufsize);			}			else			{				/* Error while checking the certificate chain */				snprintf(ebuf, ebufsize, "%s(%d): %s", X509_verify_cert_error_string(vctx.err), vctx.err, vctx.certdesc);			}			res = 0;			goto exit;		}	}exit:	X509_STORE_CTX_cleanup(&vctx.x509_ctx);	ERR_free_strings();	return res;}

static int buffer_read(BIO *b, char *out, int outl){    int i, num = 0;    BIO_F_BUFFER_CTX *ctx;    if (out == NULL)        return 0;    ctx = (BIO_F_BUFFER_CTX *)b->ptr;    if ((ctx == NULL) || (b->next_bio == NULL))        return 0;    num = 0;    BIO_clear_retry_flags(b); start:    i = ctx->ibuf_len;    /* If there is stuff left over, grab it */    if (i != 0) {        if (i > outl)            i = outl;        memcpy(out, &(ctx->ibuf[ctx->ibuf_off]), i);        ctx->ibuf_off += i;        ctx->ibuf_len -= i;        num += i;        if (outl == i)            return num;        outl -= i;        out += i;    }    /*     * We may have done a partial read. try to do more. We have nothing in     * the buffer. If we get an error and have read some data, just return it     * and let them retry to get the error again. copy direct to parent     * address space     */    if (outl > ctx->ibuf_size) {        for (;;) {            i = BIO_read(b->next_bio, out, outl);            if (i <= 0) {                BIO_copy_next_retry(b);                if (i < 0)                    return ((num > 0) ? num : i);                if (i == 0)                    return num;            }            num += i;            if (outl == i)                return num;            out += i;            outl -= i;        }    }    /* else */    /* we are going to be doing some buffering */    i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size);    if (i <= 0) {        BIO_copy_next_retry(b);        if (i < 0)            return ((num > 0) ? num : i);        if (i == 0)            return num;    }    ctx->ibuf_off = 0;    ctx->ibuf_len = i;    /* Lets re-read using ourselves :-) */    goto start;}

//.........这里部分代码省略.........				}				ss << buf;				if(!strcmp(buf,"/r/n") || !strcmp(buf,"/n") || er<0)					break;				string temp(buf);				temp = temp.substr(0,temp.length()-1);				results.push_back(temp);				//logger << temp <<endl;				if(temp.find("Content-Length:")!=string::npos)				{					std::string cntle = temp.substr(temp.find(": ")+2);					cntle = cntle.substr(0,cntle.length()-1);					//logger << "contne-length="<<cntle <<endl;					try					{						cntlen = CastUtil::lexical_cast<int>(cntle);					}					catch(const char* ex)					{						logger << "bad lexical cast" <<endl;					}				}				memset(&buf[0], 0, sizeof(buf));			}		}		ss.clear();		if(isSSLEnabled && cntlen>0)		{			int er=-1;			if(cntlen>0)			{				//logger << "reading conetnt " << cntlen << endl;				er = BIO_read(io,buf,cntlen);				switch(SSL_get_error(ssl,er))				{					case SSL_ERROR_NONE:						cntlen -= er;						break;					case SSL_ERROR_ZERO_RETURN:					{						sslHandler.error_occurred((char*)"SSL error problem",fd,ssl);						if(io!=NULL)BIO_free(io);						return;					}					default:					{						sslHandler.error_occurred((char*)"SSL read problem",fd,ssl);						if(io!=NULL)BIO_free(io);						return;					}				}				string temp(buf);				results.push_back("/r");				results.push_back(temp);				//logger <<buf <<endl;				memset(&buf[0], 0, sizeof(buf));			}		}		else if(cntlen>0)		{			int er=-1;			if(cntlen>0)			{				//logger << "reading conetnt " << cntlen << endl;				er = BIO_read(io,buf,cntlen);

//.........这里部分代码省略.........	   the initial chitchat we do push a buffering BIO into the	   chain that is removed again later on to not disturb the	   rest of the s_client operation. */	if (starttls_proto == PROTO_SMTP)		{		int foundit=0;		BIO *fbio = BIO_new(BIO_f_buffer());		BIO_push(fbio, sbio);		/* wait for multi-line response to end from SMTP */		do			{			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);			}		while (mbuf_len>3 && mbuf[3]=='-');		/* STARTTLS command requires EHLO... */		BIO_printf(fbio,"EHLO openssl.client.net/r/n");		(void)BIO_flush(fbio);		/* wait for multi-line response to end EHLO SMTP response */		do			{			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);			if (strstr(mbuf,"STARTTLS"))				foundit=1;			}		while (mbuf_len>3 && mbuf[3]=='-');		(void)BIO_flush(fbio);		BIO_pop(fbio);		BIO_free(fbio);		if (!foundit)			BIO_printf(bio_err,				   "didn't found starttls in server response,"				   " try anyway.../n");		BIO_printf(sbio,"STARTTLS/r/n");		BIO_read(sbio,sbuf,BUFSIZZ);		}	else if (starttls_proto == PROTO_POP3)		{		BIO_read(sbio,mbuf,BUFSIZZ);		BIO_printf(sbio,"STLS/r/n");		BIO_read(sbio,sbuf,BUFSIZZ);		}	else if (starttls_proto == PROTO_IMAP)		{		int foundit=0;		BIO *fbio = BIO_new(BIO_f_buffer());		BIO_push(fbio, sbio);		BIO_gets(fbio,mbuf,BUFSIZZ);		/* STARTTLS command requires CAPABILITY... */		BIO_printf(fbio,". CAPABILITY/r/n");		(void)BIO_flush(fbio);		/* wait for multi-line CAPABILITY response */		do			{			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);			if (strstr(mbuf,"STARTTLS"))				foundit=1;			}		while (mbuf_len>3 && mbuf[0]!='.');		(void)BIO_flush(fbio);		BIO_pop(fbio);		BIO_free(fbio);		if (!foundit)			BIO_printf(bio_err,				   "didn't found STARTTLS in server response,"				   " try anyway.../n");		BIO_printf(sbio,". STARTTLS/r/n");