自学教程：C++ BUF_MEM_new函数代码示例

int dtls1_accept(SSL *s) {  BUF_MEM *buf = NULL;  void (*cb)(const SSL *ssl, int type, int val) = NULL;  uint32_t alg_a;  int ret = -1;  int new_state, state, skip = 0;  assert(s->handshake_func == dtls1_accept);  assert(s->server);  assert(SSL_IS_DTLS(s));  ERR_clear_error();  ERR_clear_system_error();  if (s->info_callback != NULL) {    cb = s->info_callback;  } else if (s->ctx->info_callback != NULL) {    cb = s->ctx->info_callback;  }  s->in_handshake++;  if (s->cert == NULL) {    OPENSSL_PUT_ERROR(SSL, dtls1_accept, SSL_R_NO_CERTIFICATE_SET);    return -1;  }  for (;;) {    state = s->state;    switch (s->state) {      case SSL_ST_RENEGOTIATE:        s->renegotiate = 1;        /* s->state=SSL_ST_ACCEPT; */      case SSL_ST_ACCEPT:      case SSL_ST_BEFORE | SSL_ST_ACCEPT:        if (cb != NULL) {          cb(s, SSL_CB_HANDSHAKE_START, 1);        }        if (s->init_buf == NULL) {          buf = BUF_MEM_new();          if (buf == NULL || !BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {            ret = -1;            goto end;          }          s->init_buf = buf;          buf = NULL;        }        if (!ssl3_setup_buffers(s)) {          ret = -1;          goto end;        }        s->init_num = 0;        if (s->state != SSL_ST_RENEGOTIATE) {          if (!ssl_init_wbio_buffer(s, 1)) {            ret = -1;            goto end;          }          if (!ssl3_init_finished_mac(s)) {            OPENSSL_PUT_ERROR(SSL, dtls1_accept, ERR_R_INTERNAL_ERROR);            ret = -1;            goto end;          }          s->state = SSL3_ST_SR_CLNT_HELLO_A;        } else {          /* s->state == SSL_ST_RENEGOTIATE, * we will just send a           * HelloRequest */          s->state = SSL3_ST_SW_HELLO_REQ_A;        }        break;      case SSL3_ST_SW_HELLO_REQ_A:      case SSL3_ST_SW_HELLO_REQ_B:        s->shutdown = 0;        dtls1_clear_record_buffer(s);        dtls1_start_timer(s);        ret = ssl3_send_hello_request(s);        if (ret <= 0) {          goto end;        }        s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;        s->state = SSL3_ST_SW_FLUSH;        s->init_num = 0;        if (!ssl3_init_finished_mac(s)) {          OPENSSL_PUT_ERROR(SSL, dtls1_accept, ERR_R_INTERNAL_ERROR);          ret = -1;          goto end;        }        break;      case SSL3_ST_SW_HELLO_REQ_C://.........这里部分代码省略.........

int dtls1_listen(SSL *s, struct sockaddr *client){    int next, n, ret = 0, clearpkt = 0;    unsigned char cookie[DTLS1_COOKIE_LENGTH];    unsigned char seq[SEQ_NUM_SIZE];    unsigned char *data, *p, *buf;    unsigned long reclen, fragoff, fraglen, msglen;    unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;    BIO *rbio, *wbio;    BUF_MEM *bufm;    struct sockaddr_storage tmpclient;    PACKET pkt, msgpkt, msgpayload, session, cookiepkt;    /* Ensure there is no state left over from a previous invocation */    if (!SSL_clear(s))        return -1;    ERR_clear_error();    rbio = SSL_get_rbio(s);    wbio = SSL_get_wbio(s);    if(!rbio || !wbio) {        SSLerr(SSL_F_DTLS1_LISTEN, SSL_R_BIO_NOT_SET);        return -1;    }    /*     * We only peek at incoming ClientHello's until we're sure we are going to     * to respond with a HelloVerifyRequest. If its a ClientHello with a valid     * cookie then we leave it in the BIO for accept to handle.     */    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);    /*     * Note: This check deliberately excludes DTLS1_BAD_VER because that version     * requires the MAC to be calculated *including* the first ClientHello     * (without the cookie). Since DTLSv1_listen is stateless that cannot be     * supported. DTLS1_BAD_VER must use cookies in a stateful manner (e.g. via     * SSL_accept)     */    if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {        SSLerr(SSL_F_DTLS1_LISTEN, SSL_R_UNSUPPORTED_SSL_VERSION);        return -1;    }    if (s->init_buf == NULL) {        if ((bufm = BUF_MEM_new()) == NULL) {            SSLerr(SSL_F_DTLS1_LISTEN, ERR_R_MALLOC_FAILURE);            return -1;        }        if (!BUF_MEM_grow(bufm, SSL3_RT_MAX_PLAIN_LENGTH)) {            BUF_MEM_free(bufm);            SSLerr(SSL_F_DTLS1_LISTEN, ERR_R_MALLOC_FAILURE);            return -1;        }        s->init_buf = bufm;    }    buf = (unsigned char *)s->init_buf->data;    do {        /* Get a packet */        clear_sys_error();        /*         * Technically a ClientHello could be SSL3_RT_MAX_PLAIN_LENGTH         * + DTLS1_RT_HEADER_LENGTH bytes long. Normally init_buf does not store         * the record header as well, but we do here. We've set up init_buf to         * be the standard size for simplicity. In practice we shouldn't ever         * receive a ClientHello as long as this. If we do it will get dropped         * in the record length check below.         */        n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);        if (n <= 0) {            if(BIO_should_retry(rbio)) {                /* Non-blocking IO */                goto end;            }            return -1;        }        /* If we hit any problems we need to clear this packet from the BIO */        clearpkt = 1;        if (!PACKET_buf_init(&pkt, buf, n)) {            SSLerr(SSL_F_DTLS1_LISTEN, ERR_R_INTERNAL_ERROR);            return -1;        }        /*         * Parse the received record. If there are any problems with it we just         * dump it - with no alert. RFC6347 says this "Unlike TLS, DTLS is         * resilient in the face of invalid records (e.g., invalid formatting,         * length, MAC, etc.).  In general, invalid records SHOULD be silently         * discarded, thus preserving the association; however, an error MAY be         * logged for diagnostic purposes."         *///.........这里部分代码省略.........

static intasn1_d2i_read_bio(BIO *in, BUF_MEM **pb){	BUF_MEM *b;	unsigned char *p;	int i;	ASN1_const_CTX c;	size_t want = HEADER_SIZE;	int eos = 0;	size_t off = 0;	size_t len = 0;	b = BUF_MEM_new();	if (b == NULL) {		ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);		return -1;	}	ERR_clear_error();	for (;;) {		if (want >= (len - off)) {			want -= (len - off);			if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {				ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);				goto err;			}			i = BIO_read(in, &(b->data[len]), want);			if ((i < 0) && ((len - off) == 0)) {				ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);				goto err;			}			if (i > 0) {				if (len + i < len) {					ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);					goto err;				}				len += i;			}		}		/* else data already loaded */		p = (unsigned char *) & (b->data[off]);		c.p = p;		c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag),		    &(c.xclass), len - off);		if (c.inf & 0x80) {			unsigned long e;			e = ERR_GET_REASON(ERR_peek_error());			if (e != ASN1_R_TOO_LONG)				goto err;			else				ERR_clear_error(); /* clear error */		}		i = c.p - p;	/* header length */		off += i;	/* end of data */		if (c.inf & 1) {			/* no data body so go round again */			eos++;			if (eos < 0) {				ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);				goto err;			}			want = HEADER_SIZE;		} else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) {			/* eos value, so go back and read another header */			eos--;			if (eos <= 0)				break;			else				want = HEADER_SIZE;		} else {			/* suck in c.slen bytes of data */			want = c.slen;			if (want > (len - off)) {				want -= (len - off);				if (want > INT_MAX /* BIO_read takes an int length */ ||				    len+want < len) {					ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);					goto err;				}				if (!BUF_MEM_grow_clean(b, len + want)) {					ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);					goto err;				}				while (want > 0) {					i = BIO_read(in, &(b->data[len]), want);					if (i <= 0) {						ASN1err(ASN1_F_ASN1_D2I_READ_BIO,						    ASN1_R_NOT_ENOUGH_DATA);						goto err;					}					/* This can't overflow because					 * |len+want| didn't overflow. */					len += i;					want -= i;				}			}//.........这里部分代码省略.........

int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)	{	int ret=0;	int i,j;	BIO *btmp;	BUF_MEM *buf_mem=NULL;	BUF_MEM *buf=NULL;	PKCS7_SIGNER_INFO *si;	EVP_MD_CTX *mdc,ctx_tmp;	STACK_OF(X509_ATTRIBUTE) *sk;	STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;	ASN1_OCTET_STRING *os=NULL;	EVP_MD_CTX_init(&ctx_tmp);	i=OBJ_obj2nid(p7->type);	p7->state=PKCS7_S_HEADER;	switch (i)		{	case NID_pkcs7_signedAndEnveloped:		/* XXXXXXXXXXXXXXXX */		si_sk=p7->d.signed_and_enveloped->signer_info;		if (!(os=M_ASN1_OCTET_STRING_new()))			{			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);			goto err;			}		p7->d.signed_and_enveloped->enc_data->enc_data=os;		break;	case NID_pkcs7_enveloped:		/* XXXXXXXXXXXXXXXX */		if (!(os=M_ASN1_OCTET_STRING_new()))			{			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);			goto err;			}		p7->d.enveloped->enc_data->enc_data=os;		break;	case NID_pkcs7_signed:		si_sk=p7->d.sign->signer_info;		os=PKCS7_get_octet_string(p7->d.sign->contents);		/* If detached data then the content is excluded */		if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {			M_ASN1_OCTET_STRING_free(os);			p7->d.sign->contents->d.data = NULL;		}		break;	case NID_pkcs7_digest:		os=PKCS7_get_octet_string(p7->d.digest->contents);		/* If detached data then the content is excluded */		if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)			{			M_ASN1_OCTET_STRING_free(os);			p7->d.digest->contents->d.data = NULL;			}		break;		}	if (si_sk != NULL)		{		if ((buf=BUF_MEM_new()) == NULL)			{			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);			goto err;			}		for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)			{			si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);			if (si->pkey == NULL) continue;			j=OBJ_obj2nid(si->digest_alg->algorithm);			btmp=bio;			btmp = PKCS7_find_digest(&mdc, btmp, j);			if (btmp == NULL)				goto err;			/* We now have the EVP_MD_CTX, lets do the			 * signing. */			EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);			if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))				{				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);				goto err;				}			sk=si->auth_attr;			/* If there are attributes, we add the digest			 * attribute and only sign the attributes */			if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))				{				unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL;				unsigned int md_len, alen;				ASN1_OCTET_STRING *digest;				ASN1_UTCTIME *sign_time;//.........这里部分代码省略.........

int dtls1_accept(SSL *s){    BUF_MEM *buf;    unsigned long Time = (unsigned long)time(NULL);    void (*cb) (const SSL *ssl, int type, int val) = NULL;    unsigned long alg_k;    int ret = -1;    int new_state, state, skip = 0;    int listen;#ifndef OPENSSL_NO_SCTP    unsigned char sctpauthkey[64];    char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];#endif    RAND_add(&Time, sizeof(Time), 0);    ERR_clear_error();    clear_sys_error();    if (s->info_callback != NULL)        cb = s->info_callback;    else if (s->ctx->info_callback != NULL)        cb = s->ctx->info_callback;    listen = s->d1->listen;    /* init things to blank */    s->in_handshake++;    if (!SSL_in_init(s) || SSL_in_before(s))        SSL_clear(s);    s->d1->listen = listen;#ifndef OPENSSL_NO_SCTP    /*     * Notify SCTP BIO socket to enter handshake mode and prevent stream     * identifier other than 0. Will be ignored if no SCTP is used.     */    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,             s->in_handshake, NULL);#endif    if (s->cert == NULL) {        SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);        return (-1);    }#ifndef OPENSSL_NO_HEARTBEATS    /*     * If we're awaiting a HeartbeatResponse, pretend we already got and     * don't await it anymore, because Heartbeats don't make sense during     * handshakes anyway.     */    if (s->tlsext_hb_pending) {        dtls1_stop_timer(s);        s->tlsext_hb_pending = 0;        s->tlsext_hb_seq++;    }#endif    for (;;) {        state = s->state;        switch (s->state) {        case SSL_ST_RENEGOTIATE:            s->renegotiate = 1;            /* s->state=SSL_ST_ACCEPT; */        case SSL_ST_BEFORE:        case SSL_ST_ACCEPT:        case SSL_ST_BEFORE | SSL_ST_ACCEPT:        case SSL_ST_OK | SSL_ST_ACCEPT:            s->server = 1;            if (cb != NULL)                cb(s, SSL_CB_HANDSHAKE_START, 1);            if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {                SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);                return -1;            }            s->type = SSL_ST_ACCEPT;            if (s->init_buf == NULL) {                if ((buf = BUF_MEM_new()) == NULL) {                    ret = -1;                    s->state = SSL_ST_ERR;                    goto end;                }                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {                    BUF_MEM_free(buf);                    ret = -1;                    s->state = SSL_ST_ERR;                    goto end;                }                s->init_buf = buf;            }            if (!ssl3_setup_buffers(s)) {                ret = -1;                s->state = SSL_ST_ERR;                goto end;            }//.........这里部分代码省略.........

int dtls1_connect(SSL *s){    BUF_MEM *buf = NULL;    unsigned long Time = (unsigned long)time(NULL);    void (*cb) (const SSL *ssl, int type, int val) = NULL;    int ret = -1;    int new_state, state, skip = 0;#ifndef OPENSSL_NO_SCTP    unsigned char sctpauthkey[64];    char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];#endif    RAND_add(&Time, sizeof(Time), 0);    ERR_clear_error();    clear_sys_error();    if (s->info_callback != NULL)        cb = s->info_callback;    else if (s->ctx->info_callback != NULL)        cb = s->ctx->info_callback;    s->in_handshake++;    if (!SSL_in_init(s) || SSL_in_before(s)) {        if (!SSL_clear(s))            return -1;    }#ifndef OPENSSL_NO_SCTP    /*     * Notify SCTP BIO socket to enter handshake mode and prevent stream     * identifier other than 0. Will be ignored if no SCTP is used.     */    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,             s->in_handshake, NULL);#endif#ifndef OPENSSL_NO_HEARTBEATS    /*     * If we're awaiting a HeartbeatResponse, pretend we already got and     * don't await it anymore, because Heartbeats don't make sense during     * handshakes anyway.     */    if (s->tlsext_hb_pending) {        dtls1_stop_timer(s);        s->tlsext_hb_pending = 0;        s->tlsext_hb_seq++;    }#endif    for (;;) {        state = s->state;        switch (s->state) {        case SSL_ST_RENEGOTIATE:            s->renegotiate = 1;            s->state = SSL_ST_CONNECT;            s->ctx->stats.sess_connect_renegotiate++;            /* break */        case SSL_ST_BEFORE:        case SSL_ST_CONNECT:        case SSL_ST_BEFORE | SSL_ST_CONNECT:        case SSL_ST_OK | SSL_ST_CONNECT:            s->server = 0;            if (cb != NULL)                cb(s, SSL_CB_HANDSHAKE_START, 1);            if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) &&                (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) {                SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);                ret = -1;                goto end;            }            /* s->version=SSL3_VERSION; */            s->type = SSL_ST_CONNECT;            if (s->init_buf == NULL) {                if ((buf = BUF_MEM_new()) == NULL) {                    ret = -1;                    goto end;                }                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {                    ret = -1;                    goto end;                }                s->init_buf = buf;                buf = NULL;            }            if (!ssl3_setup_buffers(s)) {                ret = -1;                goto end;            }            /* setup buffing BIO */            if (!ssl_init_wbio_buffer(s, 0)) {                ret = -1;                goto end;            }//.........这里部分代码省略.........

char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)	{	X509_NAME_ENTRY *ne;	size_t i;	int n,lold,l,l1,l2,num,j,type;	const char *s;	char *p;	unsigned char *q;	BUF_MEM *b=NULL;	static const char hex[17]="0123456789ABCDEF";	int gs_doit[4];	char tmp_buf[80];	if (buf == NULL)		{		if ((b=BUF_MEM_new()) == NULL) goto err;		if (!BUF_MEM_grow(b,200)) goto err;		b->data[0]='/0';		len=200;		}	if (a == NULL)	    {	    if(b)		{		buf=b->data;		OPENSSL_free(b);		}	    strncpy(buf,"NO X509_NAME",len);	    buf[len-1]='/0';	    return buf;	    }	len--; /* space for '/0' */	l=0;	for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)		{		ne=sk_X509_NAME_ENTRY_value(a->entries,i);		n=OBJ_obj2nid(ne->object);		if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))			{			i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);			s=tmp_buf;			}		l1=strlen(s);		type=ne->value->type;		num=ne->value->length;		q=ne->value->data;		if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))			{			gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;			for (j=0; j<num; j++)				if (q[j] != 0) gs_doit[j&3]=1;			if (gs_doit[0]|gs_doit[1]|gs_doit[2])				gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;			else				{				gs_doit[0]=gs_doit[1]=gs_doit[2]=0;				gs_doit[3]=1;				}			}		else			gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;		for (l2=j=0; j<num; j++)			{			if (!gs_doit[j&3]) continue;			l2++;			if ((q[j] < ' ') || (q[j] > '~')) l2+=3;			}		lold=l;		l+=1+l1+1+l2;		if (b != NULL)			{			if (!BUF_MEM_grow(b,l+1)) goto err;			p= &(b->data[lold]);			}		else if (l > len)			{			break;			}		else			p= &(buf[lold]);		*(p++)='/';		memcpy(p,s,(unsigned int)l1); p+=l1;		*(p++)='=';		q=ne->value->data;		for (j=0; j<num; j++)			{			if (!gs_doit[j&3]) continue;			n=q[j];			if ((n < ' ') || (n > '~'))				{				*(p++)='//';				*(p++)='x';//.........这里部分代码省略.........

//.........这里部分代码省略.........	}#endif	if (oidfile != NULL)		{		if (BIO_read_filename(in,oidfile) <= 0)			{			BIO_printf(bio_err,"problems opening %s/n",oidfile);			ERR_print_errors(bio_err);			goto end;			}		OBJ_create_objects(in);		}	if (infile == NULL)		BIO_set_fp(in,stdin,BIO_NOCLOSE);	else		{		if (BIO_read_filename(in,infile) <= 0)			{			perror(infile);			goto end;			}		}	if (derfile) {		if(!(derout = BIO_new_file(derfile, "wb"))) {			BIO_printf(bio_err,"problems opening %s/n",derfile);			ERR_print_errors(bio_err);			goto end;		}	}	if ((buf=BUF_MEM_new()) == NULL) goto end;	if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */	if (genstr || genconf)		{		num = do_generate(bio_err, genstr, genconf, buf);		if (num < 0)			{			ERR_print_errors(bio_err);			goto end;			}		}	else		{		if (informat == FORMAT_PEM)			{			BIO *tmp;			if ((b64=BIO_new(BIO_f_base64())) == NULL)				goto end;			BIO_push(b64,in);			tmp=in;			in=b64;			b64=tmp;			}		num=0;		for (;;)			{			if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;			i=BIO_read(in,&(buf->data[num]),BUFSIZ);

static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)	{	BUF_MEM *b;	unsigned char *p;	int i;	int ret=-1;	ASN1_const_CTX c;	int want=HEADER_SIZE;	int eos=0;#if defined(__GNUC__) && defined(__ia64)	/* pathetic compiler bug in all known versions as of Nov. 2002 */	long off=0;#else	int off=0;#endif	int len=0;	b=BUF_MEM_new();	if (b == NULL)		{		ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);		return -1;		}	ERR_clear_error();	for (;;)		{		if (want >= (len-off))			{			want-=(len-off);			if (!BUF_MEM_grow_clean(b,len+want))				{				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);				goto err;				}			i=BIO_read(in,&(b->data[len]),want);			if ((i < 0) && ((len-off) == 0))				{				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_NOT_ENOUGH_DATA);				goto err;				}			if (i > 0)				len+=i;			}		/* else data already loaded */		p=(unsigned char *)&(b->data[off]);		c.p=p;		c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass),			len-off);		if (c.inf & 0x80)			{			unsigned long e;			e=ERR_GET_REASON(ERR_peek_error());			if (e != ASN1_R_TOO_LONG)				goto err;			else				ERR_clear_error(); /* clear error */			}		i=c.p-p;/* header length */		off+=i;	/* end of data */		if (c.inf & 1)			{			/* no data body so go round again */			eos++;			want=HEADER_SIZE;			}		else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))			{			/* eos value, so go back and read another header */			eos--;			if (eos <= 0)				break;			else				want=HEADER_SIZE;			}		else 			{			/* suck in c.slen bytes of data */			want=(int)c.slen;			if (want > (len-off))				{				want-=(len-off);				if (!BUF_MEM_grow_clean(b,len+want))					{					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);					goto err;					}				while (want > 0)					{					i=BIO_read(in,&(b->data[len]),want);					if (i <= 0)						{						ASN1err(ASN1_F_ASN1_D2I_READ_BIO,						    ASN1_R_NOT_ENOUGH_DATA);						goto err;						}//.........这里部分代码省略.........

int dtls1_accept(SSL *ssl) {  BUF_MEM *buf = NULL;  void (*cb)(const SSL *ssl, int type, int value) = NULL;  uint32_t alg_a;  int ret = -1;  int new_state, state, skip = 0;  assert(ssl->handshake_func == dtls1_accept);  assert(ssl->server);  assert(SSL_IS_DTLS(ssl));  ERR_clear_error();  ERR_clear_system_error();  if (ssl->info_callback != NULL) {    cb = ssl->info_callback;  } else if (ssl->ctx->info_callback != NULL) {    cb = ssl->ctx->info_callback;  }  ssl->in_handshake++;  for (;;) {    state = ssl->state;    switch (ssl->state) {      case SSL_ST_ACCEPT:        if (cb != NULL) {          cb(ssl, SSL_CB_HANDSHAKE_START, 1);        }        if (ssl->init_buf == NULL) {          buf = BUF_MEM_new();          if (buf == NULL || !BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {            ret = -1;            goto end;          }          ssl->init_buf = buf;          buf = NULL;        }        ssl->init_num = 0;        if (!ssl_init_wbio_buffer(ssl, 1)) {          ret = -1;          goto end;        }        if (!ssl3_init_handshake_buffer(ssl)) {          OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);          ret = -1;          goto end;        }        ssl->state = SSL3_ST_SR_CLNT_HELLO_A;        break;      case SSL3_ST_SR_CLNT_HELLO_A:      case SSL3_ST_SR_CLNT_HELLO_B:      case SSL3_ST_SR_CLNT_HELLO_C:      case SSL3_ST_SR_CLNT_HELLO_D:        ssl->shutdown = 0;        ret = ssl3_get_client_hello(ssl);        if (ret <= 0) {          goto end;        }        dtls1_stop_timer(ssl);        ssl->state = SSL3_ST_SW_SRVR_HELLO_A;        ssl->init_num = 0;        break;      case SSL3_ST_SW_SRVR_HELLO_A:      case SSL3_ST_SW_SRVR_HELLO_B:        dtls1_start_timer(ssl);        ret = ssl3_send_server_hello(ssl);        if (ret <= 0) {          goto end;        }        if (ssl->hit) {          if (ssl->tlsext_ticket_expected) {            ssl->state = SSL3_ST_SW_SESSION_TICKET_A;          } else {            ssl->state = SSL3_ST_SW_CHANGE_A;          }        } else {          ssl->state = SSL3_ST_SW_CERT_A;        }        ssl->init_num = 0;        break;      case SSL3_ST_SW_CERT_A:      case SSL3_ST_SW_CERT_B:        if (ssl_cipher_has_server_public_key(ssl->s3->tmp.new_cipher)) {          dtls1_start_timer(ssl);          ret = ssl3_send_server_certificate(ssl);          if (ret <= 0) {            goto end;          }          if (ssl->s3->tmp.certificate_status_expected) {//.........这里部分代码省略.........

//.........这里部分代码省略.........        case OPT_STRICTPEM:            strictpem = 1;            informat = FORMAT_PEM;            break;        }    }    argc = opt_num_rest();    if (argc != 0)        goto opthelp;    if (oidfile != NULL) {        in = bio_open_default(oidfile, 'r', FORMAT_TEXT);        if (in == NULL)            goto end;        OBJ_create_objects(in);        BIO_free(in);    }    if ((in = bio_open_default(infile, 'r', informat)) == NULL)        goto end;    if (derfile && (derout = bio_open_default(derfile, 'w', FORMAT_ASN1)) == NULL)        goto end;    if (strictpem) {        if (PEM_read_bio(in, &name, &header, &str, &num) !=            1) {            BIO_printf(bio_err, "Error reading PEM file/n");            ERR_print_errors(bio_err);            goto end;        }    } else {        if ((buf = BUF_MEM_new()) == NULL)            goto end;        if (!BUF_MEM_grow(buf, BUFSIZ * 8))            goto end;           /* Pre-allocate :-) */        if (genstr || genconf) {            num = do_generate(genstr, genconf, buf);            if (num < 0) {                ERR_print_errors(bio_err);                goto end;            }        }        else {            if (informat == FORMAT_PEM) {                BIO *tmp;                if ((b64 = BIO_new(BIO_f_base64())) == NULL)                    goto end;                BIO_push(b64, in);                tmp = in;                in = b64;                b64 = tmp;            }            num = 0;            for (;;) {                if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))                    goto end;                i = BIO_read(in, &(buf->data[num]), BUFSIZ);                if (i <= 0)                    break;

TXT_DB *TXT_DB_read(BIO *in, int num)	{	TXT_DB *ret=NULL;	int er=1;	int esc=0;	long ln=0;	int i,add,n;	int size=BUFSIZE;	int offset=0;	char *p,**pp,*f;	BUF_MEM *buf=NULL;	if ((buf=BUF_MEM_new()) == NULL) goto err;	if (!BUF_MEM_grow(buf,size)) goto err;	if ((ret=(TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL)		goto err;	ret->num_fields=num;	ret->index=NULL;	ret->qual=NULL;	if ((ret->data=sk_new_null()) == NULL)		goto err;	if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL)		goto err;	if ((ret->qual=(int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **))*num)) == NULL)		goto err;	for (i=0; i<num; i++)		{		ret->index[i]=NULL;		ret->qual[i]=NULL;		}	add=(num+1)*sizeof(char *);	buf->data[size-1]='/0';	offset=0;	for (;;)		{		if (offset != 0)			{			size+=BUFSIZE;			if (!BUF_MEM_grow_clean(buf,size)) goto err;			}		buf->data[offset]='/0';		BIO_gets(in,&(buf->data[offset]),size-offset);		ln++;		if (buf->data[offset] == '/0') break;		if ((offset == 0) && (buf->data[0] == '#')) continue;		i=strlen(&(buf->data[offset]));		offset+=i;		if (buf->data[offset-1] != '/n')			continue;		else			{			buf->data[offset-1]='/0'; /* blat the '/n' */			if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err;			offset=0;			}		pp=(char **)p;		p+=add;		n=0;		pp[n++]=p;		i=0;		f=buf->data;		esc=0;		for (;;)			{			if (*f == '/0') break;			if (*f == '/t')				{				if (esc)					p--;				else					{						*(p++)='/0';					f++;					if (n >=  num) break;					pp[n++]=p;					continue;					}				}			esc=(*f == '//');			*(p++)= *(f++);			}		*(p++)='/0';		if ((n != num) || (*f != '/0'))			{#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)	/* temporaty fix :-( */			fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)/n",ln,num,n,f);#endif			er=2;			goto err;			}		pp[n]=p;		if (!sk_push(ret->data,(char *)pp))			{#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)	/* temporaty fix :-( */			fprintf(stderr,"failure in sk_push/n");#endif			er=2;//.........这里部分代码省略.........

int dtls1_accept(SSL *s)	{	BUF_MEM *buf;	void (*cb)(const SSL *ssl,int type,int val)=NULL;	unsigned long alg_a;	int ret= -1;	int new_state,state,skip=0;	int listen;	ERR_clear_error();	ERR_clear_system_error();	if (s->info_callback != NULL)		cb=s->info_callback;	else if (s->ctx->info_callback != NULL)		cb=s->ctx->info_callback;		listen = s->d1->listen;	/* init things to blank */	s->in_handshake++;	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);	s->d1->listen = listen;	if (s->cert == NULL)		{		OPENSSL_PUT_ERROR(SSL, dtls1_accept, SSL_R_NO_CERTIFICATE_SET);		return(-1);		}	for (;;)		{		state=s->state;		switch (s->state)			{		case SSL_ST_RENEGOTIATE:			s->renegotiate=1;			/* s->state=SSL_ST_ACCEPT; */		case SSL_ST_BEFORE:		case SSL_ST_ACCEPT:		case SSL_ST_BEFORE|SSL_ST_ACCEPT:		case SSL_ST_OK|SSL_ST_ACCEPT:			s->server=1;			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);			if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00))				{				OPENSSL_PUT_ERROR(SSL, dtls1_accept, ERR_R_INTERNAL_ERROR);				return -1;				}			s->type=SSL_ST_ACCEPT;			if (s->init_buf == NULL)				{				if ((buf=BUF_MEM_new()) == NULL)					{					ret= -1;					goto end;					}				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))					{					ret= -1;					goto end;					}				s->init_buf=buf;				}			if (!ssl3_setup_buffers(s))				{				ret= -1;				goto end;				}			s->init_num=0;			if (s->state != SSL_ST_RENEGOTIATE)				{				/* Ok, we now need to push on a buffering BIO so that				 * the output is sent in a way that TCP likes :-)				 * ...but not with SCTP :-)				 */					if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }				ssl3_init_finished_mac(s);				s->state=SSL3_ST_SR_CLNT_HELLO_A;				s->ctx->stats.sess_accept++;				}			else				{				/* s->state == SSL_ST_RENEGOTIATE,				 * we will just send a HelloRequest */				s->ctx->stats.sess_accept_renegotiate++;				s->state=SSL3_ST_SW_HELLO_REQ_A;				}			break;//.........这里部分代码省略.........

intdtls1_accept(SSL *s){	void (*cb)(const SSL *ssl, int type, int val) = NULL;	unsigned long alg_k;	int ret = -1;	int new_state, state, skip = 0;	int listen;#ifndef OPENSSL_NO_SCTP	unsigned char sctpauthkey[64];	char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];#endif	ERR_clear_error();	errno = 0;	if (s->info_callback != NULL)		cb = s->info_callback;	else if (s->ctx->info_callback != NULL)		cb = s->ctx->info_callback;	listen = s->d1->listen;	/* init things to blank */	s->in_handshake++;	if (!SSL_in_init(s) || SSL_in_before(s))		SSL_clear(s);	s->d1->listen = listen;#ifndef OPENSSL_NO_SCTP	/* Notify SCTP BIO socket to enter handshake	 * mode and prevent stream identifier other	 * than 0. Will be ignored if no SCTP is used.	 */	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,	    s->in_handshake, NULL);#endif	if (s->cert == NULL) {		SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);		return (-1);	}	for (;;) {		state = s->state;		switch (s->state) {		case SSL_ST_RENEGOTIATE:			s->renegotiate = 1;			/* s->state=SSL_ST_ACCEPT; */		case SSL_ST_BEFORE:		case SSL_ST_ACCEPT:		case SSL_ST_BEFORE|SSL_ST_ACCEPT:		case SSL_ST_OK|SSL_ST_ACCEPT:			s->server = 1;			if (cb != NULL)				cb(s, SSL_CB_HANDSHAKE_START, 1);			if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {				SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);				return -1;			}			s->type = SSL_ST_ACCEPT;			if (s->init_buf == NULL) {				BUF_MEM *buf;				if ((buf = BUF_MEM_new()) == NULL) {					ret = -1;					goto end;				}				if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {					BUF_MEM_free(buf);					ret = -1;					goto end;				}				s->init_buf = buf;			}			if (!ssl3_setup_buffers(s)) {				ret = -1;				goto end;			}			s->init_num = 0;			if (s->state != SSL_ST_RENEGOTIATE) {				/* Ok, we now need to push on a buffering BIO so that				 * the output is sent in a way that TCP likes :-)				 * ...but not with SCTP :-)				 */#ifndef OPENSSL_NO_SCTP				if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))#endif				if (!ssl_init_wbio_buffer(s, 1)) {					ret = -1;					goto end;				}//.........这里部分代码省略.........

char *X509_NAME_oneline(X509_NAME *a, char *buf, int len){    X509_NAME_ENTRY *ne;    int i;    int n, lold, l, l1, l2, num, j, type;    const char *s;    char *p;    unsigned char *q;    BUF_MEM *b = NULL;    static const char hex[17] = "0123456789ABCDEF";    int gs_doit[4];    char tmp_buf[80];#ifdef CHARSET_EBCDIC    char ebcdic_buf[1024];#endif    if (buf == NULL) {        if ((b = BUF_MEM_new()) == NULL)            goto err;        if (!BUF_MEM_grow(b, 200))            goto err;        b->data[0] = '/0';        len = 200;    }    if (a == NULL) {        if (b) {            buf = b->data;            OPENSSL_free(b);        }        strncpy(buf, "NO X509_NAME", len);        buf[len - 1] = '/0';        return buf;    }    len--;                      /* space for '/0' */    l = 0;    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {        ne = sk_X509_NAME_ENTRY_value(a->entries, i);        n = OBJ_obj2nid(ne->object);        if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {            i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object);            s = tmp_buf;        }        l1 = strlen(s);        type = ne->value->type;        num = ne->value->length;        q = ne->value->data;#ifdef CHARSET_EBCDIC        if (type == V_ASN1_GENERALSTRING ||            type == V_ASN1_VISIBLESTRING ||            type == V_ASN1_PRINTABLESTRING ||            type == V_ASN1_TELETEXSTRING ||            type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {            ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf)                         ? sizeof ebcdic_buf : num);            q = ebcdic_buf;        }#endif        if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) {            gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0;            for (j = 0; j < num; j++)                if (q[j] != 0)                    gs_doit[j & 3] = 1;            if (gs_doit[0] | gs_doit[1] | gs_doit[2])                gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;            else {                gs_doit[0] = gs_doit[1] = gs_doit[2] = 0;                gs_doit[3] = 1;            }        } else            gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;        for (l2 = j = 0; j < num; j++) {            if (!gs_doit[j & 3])                continue;            l2++;#ifndef CHARSET_EBCDIC            if ((q[j] < ' ') || (q[j] > '~'))                l2 += 3;#else            if ((os_toascii[q[j]] < os_toascii[' ']) ||                (os_toascii[q[j]] > os_toascii['~']))                l2 += 3;#endif        }        lold = l;        l += 1 + l1 + 1 + l2;        if (b != NULL) {            if (!BUF_MEM_grow(b, l + 1))                goto err;            p = &(b->data[lold]);        } else if (l > len) {            break;        } else            p = &(buf[lold]);        *(p++) = '/';//.........这里部分代码省略.........

static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,	     X509_OBJECT *ret)	{	BY_DIR *ctx;	union	{		struct	{			X509 st_x509;			X509_CINF st_x509_cinf;			} x509;		struct	{			X509_CRL st_crl;			X509_CRL_INFO st_crl_info;			} crl;		} data;	int ok=0;	int i,j,k;	unsigned long h;	BUF_MEM *b=NULL;	struct stat st;	X509_OBJECT stmp,*tmp;	const char *postfix="";	if (name == NULL) return(0);	stmp.type=type;	if (type == X509_LU_X509)		{		data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;		data.x509.st_x509_cinf.subject=name;		stmp.data.x509= &data.x509.st_x509;		postfix="";		}	else if (type == X509_LU_CRL)		{		data.crl.st_crl.crl= &data.crl.st_crl_info;		data.crl.st_crl_info.issuer=name;		stmp.data.crl= &data.crl.st_crl;		postfix="r";		}	else		{		X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);		goto finish;		}	if ((b=BUF_MEM_new()) == NULL)		{		X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);		goto finish;		}		ctx=(BY_DIR *)xl->method_data;	h=X509_NAME_hash(name);	for (i=0; i<ctx->num_dirs; i++)		{		j=strlen(ctx->dirs[i])+1+8+6+1+1;		if (!BUF_MEM_grow(b,j))			{			X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);			goto finish;			}		k=0;		for (;;)			{			char c = '/';#ifdef OPENSSL_SYS_VMS			c = ctx->dirs[i][strlen(ctx->dirs[i])-1];			if (c != ':' && c != '>' && c != ']')				{				/* If no separator is present, we assume the				   directory specifier is a logical name, and				   add a colon.  We really should use better				   VMS routines for merging things like this,				   but this will do for now...				   -- Richard Levitte */				c = ':';				}			else				{				c = '/0';				}#endif			if (c == '/0')				{				/* This is special.  When c == '/0', no				   directory separator should be added. */				BIO_snprintf(b->data,b->max,					"%s%08lx.%s%d",ctx->dirs[i],h,					postfix,k);				}			else				{				BIO_snprintf(b->data,b->max,					"%s%c%08lx.%s%d",ctx->dirs[i],c,h,					postfix,k);				}			k++;			if (stat(b->data,&st) < 0)				break;//.........这里部分代码省略.........

int dtls1_connect(SSL *s)	{	BUF_MEM *buf=NULL;	unsigned long Time=(unsigned long)time(NULL);	void (*cb)(const SSL *ssl,int type,int val)=NULL;	int ret= -1;	int new_state,state,skip=0;;	RAND_add(&Time,sizeof(Time),0);	ERR_clear_error();	clear_sys_error();	if (s->info_callback != NULL)		cb=s->info_callback;	else if (s->ctx->info_callback != NULL)		cb=s->ctx->info_callback;		s->in_handshake++;	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 	for (;;)		{		state=s->state;		switch(s->state)			{		case SSL_ST_RENEGOTIATE:			s->new_session=1;			s->state=SSL_ST_CONNECT;			s->ctx->stats.sess_connect_renegotiate++;			/* break */		case SSL_ST_BEFORE:		case SSL_ST_CONNECT:		case SSL_ST_BEFORE|SSL_ST_CONNECT:		case SSL_ST_OK|SSL_ST_CONNECT:			s->server=0;			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);			if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&			    (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))				{				SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);				ret = -1;				goto end;				}							/* s->version=SSL3_VERSION; */			s->type=SSL_ST_CONNECT;			if (s->init_buf == NULL)				{				if ((buf=BUF_MEM_new()) == NULL)					{					ret= -1;					goto end;					}				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))					{					ret= -1;					goto end;					}				s->init_buf=buf;				buf=NULL;				}			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }			/* setup buffing BIO */			if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }			/* don't push the buffering BIO quite yet */			s->state=SSL3_ST_CW_CLNT_HELLO_A;			s->ctx->stats.sess_connect++;			s->init_num=0;			/* mark client_random uninitialized */			memset(s->s3->client_random,0,sizeof(s->s3->client_random));			s->d1->send_cookie = 0;			s->hit = 0;			break;		case SSL3_ST_CW_CLNT_HELLO_A:		case SSL3_ST_CW_CLNT_HELLO_B:			s->shutdown=0;			/* every DTLS ClientHello resets Finished MAC */			ssl3_init_finished_mac(s);			dtls1_start_timer(s);			ret=dtls1_client_hello(s);			if (ret <= 0) goto end;			if ( s->d1->send_cookie)				{				s->state=SSL3_ST_CW_FLUSH;				s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A;				}			else//.........这里部分代码省略.........

intdtls1_accept(SSL *s){	void (*cb)(const SSL *ssl, int type, int val) = NULL;	unsigned long alg_k;	int ret = -1;	int new_state, state, skip = 0;	int listen;	ERR_clear_error();	errno = 0;	if (s->info_callback != NULL)		cb = s->info_callback;	else if (s->ctx->info_callback != NULL)		cb = s->ctx->info_callback;	listen = s->d1->listen;	/* init things to blank */	s->in_handshake++;	if (!SSL_in_init(s) || SSL_in_before(s))		SSL_clear(s);	s->d1->listen = listen;	if (s->cert == NULL) {		SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);		return (-1);	}	for (;;) {		state = s->state;		switch (s->state) {		case SSL_ST_RENEGOTIATE:			s->renegotiate = 1;			/* s->state=SSL_ST_ACCEPT; */		case SSL_ST_BEFORE:		case SSL_ST_ACCEPT:		case SSL_ST_BEFORE|SSL_ST_ACCEPT:		case SSL_ST_OK|SSL_ST_ACCEPT:			s->server = 1;			if (cb != NULL)				cb(s, SSL_CB_HANDSHAKE_START, 1);			if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {				SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);				return -1;			}			s->type = SSL_ST_ACCEPT;			if (s->init_buf == NULL) {				BUF_MEM *buf;				if ((buf = BUF_MEM_new()) == NULL) {					ret = -1;					goto end;				}				if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {					BUF_MEM_free(buf);					ret = -1;					goto end;				}				s->init_buf = buf;			}			if (!ssl3_setup_buffers(s)) {				ret = -1;				goto end;			}			s->init_num = 0;			if (s->state != SSL_ST_RENEGOTIATE) {				/* Ok, we now need to push on a buffering BIO so that				 * the output is sent in a way that TCP likes :-)				 * ...but not with SCTP :-)				 */				if (!ssl_init_wbio_buffer(s, 1)) {					ret = -1;					goto end;				}				if (!ssl3_init_finished_mac(s)) {					ret = -1;					goto end;				}				s->state = SSL3_ST_SR_CLNT_HELLO_A;				s->ctx->stats.sess_accept++;			} else {				/* s->state == SSL_ST_RENEGOTIATE,				 * we will just send a HelloRequest */				s->ctx->stats.sess_accept_renegotiate++;				s->state = SSL3_ST_SW_HELLO_REQ_A;			}			break;//.........这里部分代码省略.........

int ssl23_connect(SSL *s)	{	BUF_MEM *buf=NULL;	unsigned long Time=(unsigned long)time(NULL);	void (*cb)(const SSL *ssl,int type,int val)=NULL;	int ret= -1;	int new_state,state;	RAND_add(&Time,sizeof(Time),0);	ERR_clear_error();	clear_sys_error();	if (s->info_callback != NULL)		cb=s->info_callback;	else if (s->ctx->info_callback != NULL)		cb=s->ctx->info_callback;		s->in_handshake++;	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 	for (;;)		{		state=s->state;		switch(s->state)			{		case SSL_ST_BEFORE:		case SSL_ST_CONNECT:		case SSL_ST_BEFORE|SSL_ST_CONNECT:		case SSL_ST_OK|SSL_ST_CONNECT:			if (s->session != NULL)				{				SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);				ret= -1;				goto end;				}			s->server=0;			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);			/* s->version=TLS1_VERSION; */			s->type=SSL_ST_CONNECT;			if (s->init_buf == NULL)				{				if ((buf=BUF_MEM_new()) == NULL)					{					ret= -1;					goto end;					}				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))					{					ret= -1;					goto end;					}				s->init_buf=buf;				buf=NULL;				}			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }			ssl3_init_finished_mac(s);			s->state=SSL23_ST_CW_CLNT_HELLO_A;			s->ctx->stats.sess_connect++;			s->init_num=0;			break;		case SSL23_ST_CW_CLNT_HELLO_A:		case SSL23_ST_CW_CLNT_HELLO_B:			s->shutdown=0;			ret=ssl23_client_hello(s);			if (ret <= 0) goto end;			s->state=SSL23_ST_CR_SRVR_HELLO_A;			s->init_num=0;			break;		case SSL23_ST_CR_SRVR_HELLO_A:		case SSL23_ST_CR_SRVR_HELLO_B:			ret=ssl23_get_server_hello(s);			if (ret >= 0) cb=NULL;			goto end;			/* break; */		default:			SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);			ret= -1;			goto end;			/* break; */			}		if (s->debug) { (void)BIO_flush(s->wbio); }		if ((cb != NULL) && (s->state != state))			{			new_state=s->state;			s->state=state;			cb(s,SSL_CB_CONNECT_LOOP,1);//.........这里部分代码省略.........

int DTLSv1_listen(SSL *s, BIO_ADDR *client){    int next, n, ret = 0, clearpkt = 0;    unsigned char cookie[DTLS1_COOKIE_LENGTH];    unsigned char seq[SEQ_NUM_SIZE];    const unsigned char *data;    unsigned char *buf;    size_t fragoff, fraglen, msglen;    unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;    BIO *rbio, *wbio;    BUF_MEM *bufm;    BIO_ADDR *tmpclient = NULL;    PACKET pkt, msgpkt, msgpayload, session, cookiepkt;    /* Ensure there is no state left over from a previous invocation */    if (!SSL_clear(s))        return -1;    ERR_clear_error();    rbio = SSL_get_rbio(s);    wbio = SSL_get_wbio(s);    if (!rbio || !wbio) {        SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_BIO_NOT_SET);        return -1;    }    /*     * We only peek at incoming ClientHello's until we're sure we are going to     * to respond with a HelloVerifyRequest. If its a ClientHello with a valid     * cookie then we leave it in the BIO for accept to handle.     */    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);    /*     * Note: This check deliberately excludes DTLS1_BAD_VER because that version     * requires the MAC to be calculated *including* the first ClientHello     * (without the cookie). Since DTLSv1_listen is stateless that cannot be     * supported. DTLS1_BAD_VER must use cookies in a stateful manner (e.g. via     * SSL_accept)     */    if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {        SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNSUPPORTED_SSL_VERSION);        return -1;    }    if (s->init_buf == NULL) {        if ((bufm = BUF_MEM_new()) == NULL) {            SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);            return -1;        }        if (!BUF_MEM_grow(bufm, SSL3_RT_MAX_PLAIN_LENGTH)) {            BUF_MEM_free(bufm);            SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);            return -1;        }        s->init_buf = bufm;    }    buf = (unsigned char *)s->init_buf->data;    do {        /* Get a packet */        clear_sys_error();        /*         * Technically a ClientHello could be SSL3_RT_MAX_PLAIN_LENGTH         * + DTLS1_RT_HEADER_LENGTH bytes long. Normally init_buf does not store         * the record header as well, but we do here. We've set up init_buf to         * be the standard size for simplicity. In practice we shouldn't ever         * receive a ClientHello as long as this. If we do it will get dropped         * in the record length check below.         */        n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);        if (n <= 0) {            if (BIO_should_retry(rbio)) {                /* Non-blocking IO */                goto end;            }            return -1;        }        /* If we hit any problems we need to clear this packet from the BIO */        clearpkt = 1;        if (!PACKET_buf_init(&pkt, buf, n)) {            SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR);            return -1;        }        /*         * Parse the received record. If there are any problems with it we just         * dump it - with no alert. RFC6347 says this "Unlike TLS, DTLS is         * resilient in the face of invalid records (e.g., invalid formatting,         * length, MAC, etc.).  In general, invalid records SHOULD be silently         * discarded, thus preserving the association; however, an error MAY be         * logged for diagnostic purposes."         *///.........这里部分代码省略.........

int ssl23_accept(SSL *s)	{	BUF_MEM *buf;	unsigned long Time=(unsigned long)time(NULL);	void (*cb)(const SSL *ssl,int type,int val)=NULL;	int ret= -1;	int new_state,state;	RAND_add(&Time,sizeof(Time),0);	ERR_clear_error();	clear_sys_error();	if (s->info_callback != NULL)		cb=s->info_callback;	else if (s->ctx->info_callback != NULL)		cb=s->ctx->info_callback;		s->in_handshake++;	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 	for (;;)		{		state=s->state;		switch(s->state)			{		case SSL_ST_BEFORE:		case SSL_ST_ACCEPT:		case SSL_ST_BEFORE|SSL_ST_ACCEPT:		case SSL_ST_OK|SSL_ST_ACCEPT:			s->server=1;			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);			/* s->version=SSL3_VERSION; */			s->type=SSL_ST_ACCEPT;			if (s->init_buf == NULL)				{				if ((buf=BUF_MEM_new()) == NULL)					{					ret= -1;					goto end;					}				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))					{					ret= -1;					goto end;					}				s->init_buf=buf;				}			ssl3_init_finished_mac(s);			s->state=SSL23_ST_SR_CLNT_HELLO_A;			s->ctx->stats.sess_accept++;			s->init_num=0;			break;		case SSL23_ST_SR_CLNT_HELLO_A:		case SSL23_ST_SR_CLNT_HELLO_B:			s->shutdown=0;			ret=ssl23_get_client_hello(s);			if (ret >= 0) cb=NULL;			goto end;			/* break; */		default:			SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);			ret= -1;			goto end;			/* break; */			}		if ((cb != NULL) && (s->state != state))			{			new_state=s->state;			s->state=state;			cb(s,SSL_CB_ACCEPT_LOOP,1);			s->state=new_state;			}		}end:	s->in_handshake--;	if (cb != NULL)		cb(s,SSL_CB_ACCEPT_EXIT,ret);	return(ret);	}

static int def_load_bio(CONF *conf, BIO *in, long *line){/* The macro BUFSIZE conflicts with a system macro in VxWorks */#define CONFBUFSIZE     512    int bufnum = 0, i, ii;    BUF_MEM *buff = NULL;    char *s, *p, *end;    int again;    long eline = 0;    char btmp[DECIMAL_SIZE(eline) + 1];    CONF_VALUE *v = NULL, *tv;    CONF_VALUE *sv = NULL;    char *section = NULL, *buf;    char *start, *psection, *pname;    void *h = (void *)(conf->data);    if ((buff = BUF_MEM_new()) == NULL) {        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);        goto err;    }    section = (char *)OPENSSL_malloc(10);    if (section == NULL) {        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);        goto err;    }    BUF_strlcpy(section, "default", 10);    if (_CONF_new_data(conf) == 0) {        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);        goto err;    }    sv = _CONF_new_section(conf, section);    if (sv == NULL) {        CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION);        goto err;    }    bufnum = 0;    again = 0;    for (;;) {        if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) {            CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);            goto err;        }        p = &(buff->data[bufnum]);        *p = '/0';        BIO_gets(in, p, CONFBUFSIZE - 1);        p[CONFBUFSIZE - 1] = '/0';        ii = i = sgx_strlen(p);        if (i == 0 && !again)            break;        again = 0;        while (i > 0) {            if ((p[i - 1] != '/r') && (p[i - 1] != '/n'))                break;            else                i--;        }        /*         * we removed some trailing stuff so there is a new line on the end.         */        if (ii && i == ii)            again = 1;          /* long line */        else {            p[i] = '/0';            eline++;            /* another input line */        }        /* we now have a line with trailing /r/n removed */        /* i is the number of bytes */        bufnum += i;        v = NULL;        /* check for line continuation */        if (bufnum >= 1) {            /*             * If we have bytes and the last char '//' and second last char             * is not '//'             */            p = &(buff->data[bufnum - 1]);            if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) {                bufnum--;                again = 1;            }        }        if (again)            continue;        bufnum = 0;        buf = buff->data;        clear_comments(conf, buf);        s = eat_ws(conf, buf);        if (IS_EOF(conf, *s))            continue;           /* blank line */        if (*s == '[') {            char *ss;//.........这里部分代码省略.........

int ssl2_connect(SSL *s)	{	unsigned long l=(unsigned long)time(NULL);	BUF_MEM *buf=NULL;	int ret= -1;	void (*cb)(const SSL *ssl,int type,int val)=NULL;	int new_state,state;	RAND_add(&l,sizeof(l),0);	ERR_clear_error();	clear_sys_error();	if (s->info_callback != NULL)		cb=s->info_callback;	else if (s->ctx->info_callback != NULL)		cb=s->ctx->info_callback;	/* init things to blank */	s->in_handshake++;	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);	for (;;)		{		state=s->state;		switch (s->state)			{		case SSL_ST_BEFORE:		case SSL_ST_CONNECT:		case SSL_ST_BEFORE|SSL_ST_CONNECT:		case SSL_ST_OK|SSL_ST_CONNECT:			s->server=0;			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);			s->version=SSL2_VERSION;			s->type=SSL_ST_CONNECT;			buf=s->init_buf;			if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))				{				ret= -1;				goto end;				}			if (!BUF_MEM_grow(buf,				SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))				{				if (buf == s->init_buf)					buf=NULL;				ret= -1;				goto end;				}			s->init_buf=buf;			buf=NULL;			s->init_num=0;			s->state=SSL2_ST_SEND_CLIENT_HELLO_A;			s->ctx->stats.sess_connect++;			s->handshake_func=ssl2_connect;			BREAK;		case SSL2_ST_SEND_CLIENT_HELLO_A:		case SSL2_ST_SEND_CLIENT_HELLO_B:			s->shutdown=0;			ret=client_hello(s);			if (ret <= 0) goto end;			s->init_num=0;			s->state=SSL2_ST_GET_SERVER_HELLO_A;			BREAK;				case SSL2_ST_GET_SERVER_HELLO_A:		case SSL2_ST_GET_SERVER_HELLO_B:			ret=get_server_hello(s);			if (ret <= 0) goto end;			s->init_num=0;			if (!s->hit) /* new session */				{				s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_A;				BREAK; 				}			else				{				s->state=SSL2_ST_CLIENT_START_ENCRYPTION;				break;				}			case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:		case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:			ret=client_master_key(s);			if (ret <= 0) goto end;			s->init_num=0;			s->state=SSL2_ST_CLIENT_START_ENCRYPTION;			break;		case SSL2_ST_CLIENT_START_ENCRYPTION:			/* Ok, we now have all the stuff needed to			 * start encrypting, so lets fire it up :-) */			if (!ssl2_enc_init(s,1))				{				ret= -1;				goto end;//.........这里部分代码省略.........

static int str_copy(CONF *conf, char *section, char **pto, char *from){    int q, r, rr = 0, to = 0, len = 0;    char *s, *e, *rp, *p, *rrp, *np, *cp, v;    BUF_MEM *buf;    if ((buf = BUF_MEM_new()) == NULL)        return (0);    len = sgx_strlen(from) + 1;    if (!BUF_MEM_grow(buf, len))        goto err;    for (;;) {        if (IS_QUOTE(conf, *from)) {            q = *from;            from++;            while (!IS_EOF(conf, *from) && (*from != q)) {                if (IS_ESC(conf, *from)) {                    from++;                    if (IS_EOF(conf, *from))                        break;                }                buf->data[to++] = *(from++);            }            if (*from == q)                from++;        } else if (IS_DQUOTE(conf, *from)) {            q = *from;            from++;            while (!IS_EOF(conf, *from)) {                if (*from == q) {                    if (*(from + 1) == q) {                        from++;                    } else {                        break;                    }                }                buf->data[to++] = *(from++);            }            if (*from == q)                from++;        } else if (IS_ESC(conf, *from)) {            from++;            v = *(from++);            if (IS_EOF(conf, v))                break;            else if (v == 'r')                v = '/r';            else if (v == 'n')                v = '/n';            else if (v == 'b')                v = '/b';            else if (v == 't')                v = '/t';            buf->data[to++] = v;        } else if (IS_EOF(conf, *from))            break;        else if (*from == '$') {            /* try to expand it */            rrp = NULL;            s = &(from[1]);            if (*s == '{')                q = '}';            else if (*s == '(')                q = ')';            else                q = 0;            if (q)                s++;            cp = section;            e = np = s;            while (IS_ALPHA_NUMERIC(conf, *e))                e++;            if ((e[0] == ':') && (e[1] == ':')) {                cp = np;                rrp = e;                rr = *e;                *rrp = '/0';                e += 2;                np = e;                while (IS_ALPHA_NUMERIC(conf, *e))                    e++;            }            r = *e;            *e = '/0';            rp = e;            if (q) {                if (r != q) {                    CONFerr(CONF_F_STR_COPY, CONF_R_NO_CLOSE_BRACE);                    goto err;                }                e++;            }            /*-             * So at this point we have             * np which is the start of the name string which is             *   '/0' terminated.             * cp which is the start of the section string which is//.........这里部分代码省略.........

/* * This function is used by the server side of the EST proxy to respond to an * incoming Simple Enroll request.  This function is similar to the Client API * function, est_client_enroll_req(), except it bypasses some things that are * not done when functioning as a proxy, such as signing the CSR, not * inserting the TLS unique id and instead including the id-kp-cmcRA usage * extension. */static EST_ERROR est_proxy_handle_simple_enroll (EST_CTX *ctx, void *http_ctx,                                                 SSL *ssl, const char *ct,                                                 char *body, int body_len,					         int reenroll){    EST_ERROR rv;    BUF_MEM *pkcs10;    unsigned char *pkcs7;    int pkcs7_len = 0;    X509_REQ *csr = NULL;    EST_CTX *client_ctx;         /*     * Make sure the client has sent us a PKCS10 CSR request     */    if (strcmp(ct, "application/pkcs10")) {        return (EST_ERR_BAD_CONTENT_TYPE);    }    /*     * Authenticate the client     */    switch (est_enroll_auth(ctx, http_ctx, ssl, reenroll)) {    case EST_HTTP_AUTH:    case EST_SRP_AUTH:    case EST_CERT_AUTH:        break;    case EST_HTTP_AUTH_PENDING:        return (EST_ERR_AUTH_PENDING);        break;    case EST_UNAUTHORIZED:    default:        return (EST_ERR_AUTH_FAIL);        break;    }    /*     * Parse the PKCS10 CSR from the client     */    csr = est_server_parse_csr((unsigned char*)body, body_len);    if (!csr) {	EST_LOG_ERR("Unable to parse the PKCS10 CSR sent by the client");	return (EST_ERR_BAD_PKCS10);    }        /*     * Perform a sanity check on the CSR     */    if (est_server_check_csr(csr)) {	EST_LOG_ERR("PKCS10 CSR sent by the client failed sanity check");	X509_REQ_free(csr);	return (EST_ERR_BAD_PKCS10);    }    /*     * Do the PoP check (Proof of Possession).  The challenge password     * in the pkcs10 request should match the TLS unique ID.     */    rv = est_tls_uid_auth(ctx, ssl, csr);    X509_REQ_free(csr);    if (rv != EST_ERR_NONE) {        return (EST_ERR_AUTH_FAIL_TLSUID);    }    /*     * body now points to the pkcs10 data, pass     * this to the enrollment routine.  Need to hi-jack     * a BUF_MEM.  Attach the body to a new BUF_MEM     */    pkcs10 = BUF_MEM_new();    pkcs10->data = body;    pkcs10->length = body_len;    pkcs10->max = body_len;    /*     * get the client context for this thread     */    client_ctx = get_client_ctx(ctx);    if (!client_ctx) {        EST_LOG_ERR("Unable to obtain client context for proxy operation");        est_proxy_free_ossl_bufmem(pkcs10);	return (EST_ERR_NO_CTX);    }    /*     * Allocate some space to hold the cert that we     * expect to receive from the EST server.     */    pkcs7 = malloc(EST_CA_MAX);     /*//.........这里部分代码省略.........

static int def_load_bio(CONF *conf, BIO *in, long *line)	{/* The macro BUFSIZE conflicts with a system macro in VxWorks */#define CONFBUFSIZE	512	int bufnum=0,i,ii;	BUF_MEM *buff=NULL;	char *s,*p,*end;	int again;	long eline=0;	char btmp[DECIMAL_SIZE(eline)+1];	CONF_VALUE *v=NULL,*tv;	CONF_VALUE *sv=NULL;	char *section=NULL,*buf;	STACK_OF(CONF_VALUE) *section_sk=NULL,*ts __UNUSED;	char *start,*psection,*pname;	void *h = (void *)(conf->data);	if ((buff=BUF_MEM_new()) == NULL)		{		CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB);		goto err;		}	section=(char *)OPENSSL_malloc(10);	if (section == NULL)		{		CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE);		goto err;		}	BUF_strlcpy(section,"default",10);	if (_CONF_new_data(conf) == 0)		{		CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE);		goto err;		}	sv=_CONF_new_section(conf,section);	if (sv == NULL)		{		CONFerr(CONF_F_DEF_LOAD_BIO,					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);		goto err;		}	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;	bufnum=0;	again=0;	for (;;)		{		if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE))			{			CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB);			goto err;			}		p= &(buff->data[bufnum]);		*p='/0';		BIO_gets(in, p, CONFBUFSIZE-1);		p[CONFBUFSIZE-1]='/0';		ii=i=strlen(p);		if (i == 0 && !again) break;		again=0;		while (i > 0)			{			if ((p[i-1] != '/r') && (p[i-1] != '/n'))				break;			else				i--;			}		/* we removed some trailing stuff so there is a new		 * line on the end. */		if (ii && i == ii)			again=1; /* long line */		else			{			p[i]='/0';			eline++; /* another input line */			}		/* we now have a line with trailing /r/n removed */		/* i is the number of bytes */		bufnum+=i;		v=NULL;		/* check for line continuation */		if (bufnum >= 1)			{			/* If we have bytes and the last char '//' and			 * second last char is not '//' */			p= &(buff->data[bufnum-1]);			if (IS_ESC(conf,p[0]) &&				((bufnum <= 1) || !IS_ESC(conf,p[-1])))				{				bufnum--;				again=1;				}			}		if (again) continue;		bufnum=0;//.........这里部分代码省略.........

/* * Encrypted PKCS#8 decoder.  It operates by just decrypting the given blob * into a new blob, which is returned as an EMBEDDED STORE_INFO.  The whole * decoding process will then start over with the new blob. */static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name,                                                  const char *pem_header,                                                  const unsigned char *blob,                                                  size_t len, void **pctx,                                                  int *matchcount,                                                  const UI_METHOD *ui_method,                                                  void *ui_data){    X509_SIG *p8 = NULL;    char kbuf[PEM_BUFSIZE];    char *pass = NULL;    const X509_ALGOR *dalg = NULL;    const ASN1_OCTET_STRING *doct = NULL;    OSSL_STORE_INFO *store_info = NULL;    BUF_MEM *mem = NULL;    unsigned char *new_data = NULL;    int new_data_len;    if (pem_name != NULL) {        if (strcmp(pem_name, PEM_STRING_PKCS8) != 0)            return NULL;        *matchcount = 1;    }    if ((p8 = d2i_X509_SIG(NULL, &blob, len)) == NULL)        return NULL;    *matchcount = 1;    if ((mem = BUF_MEM_new()) == NULL) {        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,                      ERR_R_MALLOC_FAILURE);        goto nop8;    }    if ((pass = file_get_pass(ui_method, kbuf, PEM_BUFSIZE,                              "PKCS8 decrypt password", ui_data)) == NULL) {        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,                      OSSL_STORE_R_BAD_PASSWORD_READ);        goto nop8;    }    X509_SIG_get0(p8, &dalg, &doct);    if (!PKCS12_pbe_crypt(dalg, pass, strlen(pass), doct->data, doct->length,                          &new_data, &new_data_len, 0))        goto nop8;    mem->data = (char *)new_data;    mem->max = mem->length = (size_t)new_data_len;    X509_SIG_free(p8);    store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem);    if (store_info == NULL) {        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,                      ERR_R_MALLOC_FAILURE);        goto nop8;    }    return store_info; nop8:    X509_SIG_free(p8);    BUF_MEM_free(mem);    return NULL;}

int dtls1_connect(SSL *s) {  BUF_MEM *buf = NULL;  void (*cb)(const SSL *ssl, int type, int val) = NULL;  int ret = -1;  int new_state, state, skip = 0;  assert(s->handshake_func == dtls1_connect);  assert(!s->server);  assert(SSL_IS_DTLS(s));  ERR_clear_error();  ERR_clear_system_error();  if (s->info_callback != NULL) {    cb = s->info_callback;  } else if (s->ctx->info_callback != NULL) {    cb = s->ctx->info_callback;  }  s->in_handshake++;  for (;;) {    state = s->state;    switch (s->state) {      case SSL_ST_RENEGOTIATE:        s->renegotiate = 1;        s->state = SSL_ST_CONNECT;        s->ctx->stats.sess_connect_renegotiate++;      /* break */      case SSL_ST_CONNECT:      case SSL_ST_BEFORE | SSL_ST_CONNECT:        if (cb != NULL) {          cb(s, SSL_CB_HANDSHAKE_START, 1);        }        if (s->init_buf == NULL) {          buf = BUF_MEM_new();          if (buf == NULL ||              !BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {            ret = -1;            goto end;          }          s->init_buf = buf;          buf = NULL;        }        if (!ssl3_setup_buffers(s) ||            !ssl_init_wbio_buffer(s, 0)) {          ret = -1;          goto end;        }        /* don't push the buffering BIO quite yet */        s->state = SSL3_ST_CW_CLNT_HELLO_A;        s->ctx->stats.sess_connect++;        s->init_num = 0;        s->d1->send_cookie = 0;        s->hit = 0;        break;      case SSL3_ST_CW_CLNT_HELLO_A:      case SSL3_ST_CW_CLNT_HELLO_B:        s->shutdown = 0;        /* every DTLS ClientHello resets Finished MAC */        if (!ssl3_init_finished_mac(s)) {          OPENSSL_PUT_ERROR(SSL, dtls1_connect, ERR_R_INTERNAL_ERROR);          ret = -1;          goto end;        }        dtls1_start_timer(s);        ret = ssl3_send_client_hello(s);        if (ret <= 0) {          goto end;        }        if (s->d1->send_cookie) {          s->state = SSL3_ST_CW_FLUSH;          s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;        } else {          s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;        }        s->init_num = 0;        /* turn on buffering for the next lot of output */        if (s->bbio != s->wbio) {          s->wbio = BIO_push(s->bbio, s->wbio);        }        break;      case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:      case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:        ret = dtls1_get_hello_verify(s);        if (ret <= 0) {          goto end;        }//.........这里部分代码省略.........

int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,	     long *len)	{	EVP_ENCODE_CTX ctx;	int end=0,i,k,bl=0,hl=0,nohead=0;	char buf[256];	BUF_MEM *nameB;	BUF_MEM *headerB;	BUF_MEM *dataB,*tmpB;		nameB=BUF_MEM_new();	headerB=BUF_MEM_new();	dataB=BUF_MEM_new();	if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL))		{		BUF_MEM_free(nameB);		BUF_MEM_free(headerB);		BUF_MEM_free(dataB);		OPENSSL_PUT_ERROR(PEM, PEM_read_bio, ERR_R_MALLOC_FAILURE);		return(0);		}	buf[254]='/0';	for (;;)		{		i=BIO_gets(bp,buf,254);		if (i <= 0)			{			OPENSSL_PUT_ERROR(PEM, PEM_read_bio, PEM_R_NO_START_LINE);			goto err;			}		while ((i >= 0) && (buf[i] <= ' ')) i--;		buf[++i]='/n'; buf[++i]='/0';		if (strncmp(buf,"-----BEGIN ",11) == 0)			{			i=strlen(&(buf[11]));			if (strncmp(&(buf[11+i-6]),"-----/n",6) != 0)				continue;			if (!BUF_MEM_grow(nameB,i+9))				{				OPENSSL_PUT_ERROR(PEM, PEM_read_bio, ERR_R_MALLOC_FAILURE);				goto err;				}			memcpy(nameB->data,&(buf[11]),i-6);			nameB->data[i-6]='/0';			break;			}		}	hl=0;	if (!BUF_MEM_grow(headerB,256))		{ OPENSSL_PUT_ERROR(PEM, PEM_read_bio, ERR_R_MALLOC_FAILURE); goto err; }	headerB->data[0]='/0';	for (;;)		{		i=BIO_gets(bp,buf,254);		if (i <= 0) break;		while ((i >= 0) && (buf[i] <= ' ')) i--;		buf[++i]='/n'; buf[++i]='/0';		if (buf[0] == '/n') break;		if (!BUF_MEM_grow(headerB,hl+i+9))			{ OPENSSL_PUT_ERROR(PEM, PEM_read_bio, ERR_R_MALLOC_FAILURE); goto err; }		if (strncmp(buf,"-----END ",9) == 0)			{			nohead=1;			break;			}		memcpy(&(headerB->data[hl]),buf,i);		headerB->data[hl+i]='/0';		hl+=i;		}	bl=0;	if (!BUF_MEM_grow(dataB,1024))		{ OPENSSL_PUT_ERROR(PEM, PEM_read_bio, ERR_R_MALLOC_FAILURE); goto err; }	dataB->data[0]='/0';	if (!nohead)		{		for (;;)			{			i=BIO_gets(bp,buf,254);			if (i <= 0) break;			while ((i >= 0) && (buf[i] <= ' ')) i--;			buf[++i]='/n'; buf[++i]='/0';			if (i != 65) end=1;			if (strncmp(buf,"-----END ",9) == 0)				break;			if (i > 65) break;			if (!BUF_MEM_grow_clean(dataB,i+bl+9))				{				OPENSSL_PUT_ERROR(PEM, PEM_read_bio, ERR_R_MALLOC_FAILURE);				goto err;				}//.........这里部分代码省略.........

int ssl3_init_handshake_buffer(SSL *ssl) {  ssl3_free_handshake_buffer(ssl);  ssl3_free_handshake_hash(ssl);  ssl->s3->handshake_buffer = BUF_MEM_new();  return ssl->s3->handshake_buffer != NULL;}