自学教程：C++ EVP_CIPHER_nid函数代码示例

int main(int argc, char **argv){	int i;	char *names[] = {		"sms4-ecb",		"sms4-cbc",		"sms4-cfb",		"sms4-ofb",		"sms4-ctr",	};	const EVP_CIPHER *cipher;		OpenSSL_add_all_ciphers();	printf("%s new ciphers:/n/n", OPENSSL_VERSION_TEXT);	for (i = 0; i < sizeof(names)/sizeof(names[i]); i++) {		if (!(cipher = EVP_get_cipherbyname(names[i]))) {			fprintf(stderr, "cipher /"%s/" is not supported/n", names[i]);			continue;		}		printf("  cipher nid : %d/n", EVP_CIPHER_nid(cipher));		printf(" cipher name : %s/n", EVP_CIPHER_name(cipher));		printf("  block size : %d/n", EVP_CIPHER_block_size(cipher));		printf("  key length : %d/n", EVP_CIPHER_key_length(cipher));		printf("   iv length : %d/n", EVP_CIPHER_iv_length(cipher));		printf("       flags : 0x%016lx/n", EVP_CIPHER_flags(cipher));		printf("/n");	}	return 0;}

/* Convert the various cipher NIDs and dummies to a proper OID NID */int EVP_CIPHER_type(const EVP_CIPHER *ctx){    int nid;    ASN1_OBJECT *otmp;    nid = EVP_CIPHER_nid(ctx);    switch (nid) {    case NID_rc2_cbc:    case NID_rc2_64_cbc:    case NID_rc2_40_cbc:        return NID_rc2_cbc;    case NID_rc4:    case NID_rc4_40:        return NID_rc4;    case NID_aes_128_cfb128:    case NID_aes_128_cfb8:    case NID_aes_128_cfb1:        return NID_aes_128_cfb128;    case NID_aes_192_cfb128:    case NID_aes_192_cfb8:    case NID_aes_192_cfb1:        return NID_aes_192_cfb128;    case NID_aes_256_cfb128:    case NID_aes_256_cfb8:    case NID_aes_256_cfb1:        return NID_aes_256_cfb128;    case NID_des_cfb64:    case NID_des_cfb8:    case NID_des_cfb1:        return NID_des_cfb64;    case NID_des_ede3_cfb64:    case NID_des_ede3_cfb8:    case NID_des_ede3_cfb1:        return NID_des_cfb64;    default:        /* Check it has an OID and it is valid */        otmp = OBJ_nid2obj(nid);        if (OBJ_get0_data(otmp) == NULL)            nid = NID_undef;        ASN1_OBJECT_free(otmp);        return nid;    }}

boolcipher_kt_insecure(const EVP_CIPHER *cipher){    return !(cipher_kt_block_size(cipher) >= 128 / 8#ifdef NID_chacha20_poly1305             || EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305#endif            );}

static int test_cipher_nids(const int **nids){    static int cipher_nids[4] = { 0, 0, 0, 0 };    static int pos = 0;    static int init = 0;    if (!init) {        const EVP_CIPHER *cipher;        if ((cipher = test_r4_cipher()) != NULL)            cipher_nids[pos++] = EVP_CIPHER_nid(cipher);        if ((cipher = test_r4_40_cipher()) != NULL)            cipher_nids[pos++] = EVP_CIPHER_nid(cipher);        cipher_nids[pos] = 0;        init = 1;    }    *nids = cipher_nids;    return pos;}

static voidget_EVP_CIPHER_once_cb(void *d){    struct once_init_cipher_ctx *arg = d;    const EVP_CIPHER *ossl_evp;    hc_EVP_CIPHER *hc_evp;    hc_evp = arg->hc_memoize;    /*     * We lookup EVP_CIPHER *s by NID so that we don't fail to find a     * symbol such as EVP_aes...() when libcrypto changes after build     * time (e.g., updates, LD_LIBRARY_PATH/LD_PRELOAD).     */    ossl_evp = EVP_get_cipherbynid(arg->nid);    if (ossl_evp == NULL) {        (void) memset(hc_evp, 0, sizeof(*hc_evp));#if HCRYPTO_FALLBACK        *arg->hc_memoizep = arg->fallback;#endif        return;    }    /* Build the hc_EVP_CIPHER */    hc_evp->nid = EVP_CIPHER_nid(ossl_evp); /* We would an hcrypto NIDs if we had them */    hc_evp->block_size = EVP_CIPHER_block_size(ossl_evp);    hc_evp->key_len = EVP_CIPHER_key_length(ossl_evp);    hc_evp->iv_len = EVP_CIPHER_iv_length(ossl_evp);    /*     * We force hc_EVP_CipherInit_ex to always call our init() function,     * otherwise we don't get a chance to call EVP_CipherInit_ex()     * correctly.     */    hc_evp->flags = hc_EVP_CIPH_ALWAYS_CALL_INIT | arg->flags;    /* Our cipher context */    hc_evp->ctx_size = sizeof(struct ossl_cipher_ctx);    /* Our wrappers */    hc_evp->init = cipher_ctx_init;    hc_evp->do_cipher = cipher_do_cipher;    hc_evp->cleanup = cipher_cleanup;    hc_evp->set_asn1_parameters = NULL;    hc_evp->get_asn1_parameters = NULL;    hc_evp->ctrl = cipher_ctrl;    /* Our link to the OpenSSL EVP_CIPHER */    hc_evp->app_data = (void *)ossl_evp;    /* Finally, set the static hc_EVP_CIPHER * to the one we just built */    *arg->hc_memoizep = hc_evp;}

int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,                    EVP_PBE_KEYGEN *keygen){    int cipher_nid, md_nid;    if (cipher)        cipher_nid = EVP_CIPHER_nid(cipher);    else        cipher_nid = -1;    if (md)        md_nid = EVP_MD_type(md);    else        md_nid = -1;    return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid,                                cipher_nid, md_nid, keygen);}

static VALUEossl_engine_get_cipher(VALUE self, VALUE name){    ENGINE *e;    const EVP_CIPHER *ciph, *tmp;    char *s;    int nid;    s = StringValuePtr(name);    tmp = EVP_get_cipherbyname(s);    if(!tmp) ossl_raise(eEngineError, "no such cipher `%s'", s);    nid = EVP_CIPHER_nid(tmp);    GetEngine(self, e);    ciph = ENGINE_get_cipher(e, nid);    if(!ciph) ossl_raise(eEngineError, NULL);    return ossl_cipher_new(ciph);}

intkey_des_num_cblocks (const EVP_CIPHER *kt){  int ret = 0;  const char *name = OBJ_nid2sn (EVP_CIPHER_nid (kt));  if (name)    {      if (!strncmp (name, "DES-", 4))	{	  ret = EVP_CIPHER_key_length (kt) / sizeof (DES_cblock);	}      else if (!strncmp (name, "DESX-", 5))	{	  ret = 1;	}    }  dmsg (D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret);  return ret;}

const EVP_CIPHER *cipher_kt_get (const char *ciphername){  const EVP_CIPHER *cipher = NULL;  ASSERT (ciphername);  cipher = EVP_get_cipherbyname (ciphername);  if ((NULL == cipher) || !cipher_ok (OBJ_nid2sn (EVP_CIPHER_nid (cipher))))    msg (M_SSLERR, "Cipher algorithm '%s' not found", ciphername);  if (EVP_CIPHER_key_length (cipher) > MAX_CIPHER_KEY_LENGTH)    msg (M_FATAL, "Cipher algorithm '%s' uses a default key size (%d bytes) which is larger than " PACKAGE_NAME "'s current maximum key size (%d bytes)",	 ciphername,	 EVP_CIPHER_key_length (cipher),	 MAX_CIPHER_KEY_LENGTH);  return cipher;}

static int cryptodev_select_cipher_cb(const char *str, int len, void *usr){    int *cipher_list = (int *)usr;    char *name;    const EVP_CIPHER *EVP;    size_t i;    if (len == 0)        return 1;    if (usr == NULL || (name = OPENSSL_strndup(str, len)) == NULL)        return 0;    EVP = EVP_get_cipherbyname(name);    if (EVP == NULL)        fprintf(stderr, "devcrypto: unknown cipher %s/n", name);    else if ((i = find_cipher_data_index(EVP_CIPHER_nid(EVP))) != (size_t)-1)        cipher_list[i] = 1;    else        fprintf(stderr, "devcrypto: cipher %s not available/n", name);    OPENSSL_free(name);    return 1;}

boolcipher_kt_mode_aead(const cipher_kt_t *cipher){#ifdef HAVE_AEAD_CIPHER_MODES    if (cipher)    {        switch (EVP_CIPHER_nid(cipher))        {        case NID_aes_128_gcm:        case NID_aes_192_gcm:        case NID_aes_256_gcm:#ifdef NID_chacha20_poly1305        case NID_chacha20_poly1305:#endif            return true;        }    }#endif    return false;}

void openssl_evp_keyiv(){	int i;	const EVP_MD *md;	const EVP_CIPHER *type;	unsigned char salt[32], data[COMM_LEN], *key, *iv;	md = EVP_md5();	printf("/nEVP_Md info: type[%d], ", EVP_MD_type(md));	printf("nid[%d], ", EVP_MD_nid(md));	printf("name[%s], ", EVP_MD_name(md));	printf("pkey type[%d], ", EVP_MD_pkey_type(md));	printf("size[%d], ", EVP_MD_size(md));	printf("block size[%d], ", EVP_MD_block_size(md));	type = EVP_des_ecb();	printf("/nEVP_ECB info: encrypto nid[%d], ", EVP_CIPHER_nid(type));	printf("name[%s], ", EVP_CIPHER_name(type));	printf("bock size[%d]", EVP_CIPHER_block_size(type));	key = (unsigned char *)malloc(EVP_CIPHER_key_length(type));	iv = (unsigned char *)malloc(EVP_CIPHER_iv_length(type));	for (i = 0; i < COMM_LEN; i++)		memset(&data[i], i, 1);	for (i = 0; i < 32; i++)		memset(&salt[i], i, 1);	EVP_BytesToKey(type, md, salt, data, COMM_LEN, 2, key, iv);	printf("/nEVP_key value: ");	for (i = 0; i < EVP_CIPHER_key_length(type); i++)		printf("%x ", key[i]);	printf("/nEVP_iv value: ");	for (i = 0; i < EVP_CIPHER_iv_length(type); i++)		printf("%x ", iv[i]);	printf("/n");}

X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,				 unsigned char *salt, int saltlen,				 unsigned char *aiv, int prf_nid){	X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;	int alg_nid, keylen;	EVP_CIPHER_CTX ctx;	unsigned char iv[EVP_MAX_IV_LENGTH];	PBE2PARAM *pbe2 = NULL;	const ASN1_OBJECT *obj;	alg_nid = EVP_CIPHER_nid(cipher);	if(alg_nid == NID_undef) {		OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);		goto err;	}	obj = OBJ_nid2obj(alg_nid);	if(!(pbe2 = PBE2PARAM_new())) goto merr;	/* Setup the AlgorithmIdentifier for the encryption scheme */	scheme = pbe2->encryption;	scheme->algorithm = (ASN1_OBJECT*) obj;	if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;	/* Create random IV */	if (EVP_CIPHER_iv_length(cipher))		{		if (aiv)			memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));		else if (!RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)))  			goto err;		}	EVP_CIPHER_CTX_init(&ctx);	/* Dummy cipherinit to just setup the IV, and PRF */	if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))		goto err;	if(param_to_asn1(&ctx, scheme->parameter) < 0) {		OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_ERROR_SETTING_CIPHER_PARAMS);		EVP_CIPHER_CTX_cleanup(&ctx);		goto err;	}	/* If prf NID unspecified see if cipher has a preference.	 * An error is OK here: just means use default PRF.	 */	if ((prf_nid == -1) && 	EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0)		{		ERR_clear_error();		prf_nid = NID_hmacWithSHA1;		}	EVP_CIPHER_CTX_cleanup(&ctx);	/* If its RC2 then we'd better setup the key length */	if(alg_nid == NID_rc2_cbc)		keylen = EVP_CIPHER_key_length(cipher);	else		keylen = -1;	/* Setup keyfunc */	X509_ALGOR_free(pbe2->keyfunc);	pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);	if (!pbe2->keyfunc)		goto merr;	/* Now set up top level AlgorithmIdentifier */	if(!(ret = X509_ALGOR_new())) goto merr;	if(!(ret->parameter = ASN1_TYPE_new())) goto merr;	ret->algorithm = (ASN1_OBJECT*) OBJ_nid2obj(NID_pbes2);	/* Encode PBE2PARAM into parameter */	if(!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),				 &ret->parameter->value.sequence)) goto merr;	ret->parameter->type = V_ASN1_SEQUENCE;	PBE2PARAM_free(pbe2);	pbe2 = NULL;	return ret;	merr:	OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE);	err:	PBE2PARAM_free(pbe2);	/* Note 'scheme' is freed as part of pbe2 */	X509_ALGOR_free(kalg);	X509_ALGOR_free(ret);	return NULL;//.........这里部分代码省略.........

//.........这里部分代码省略.........	if (inf == NULL)	        {#ifndef OPENSSL_NO_SETVBUF_IONBF		if (bufsize != NULL)			setvbuf(stdin, (char *)NULL, _IONBF, 0);#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */		BIO_set_fp(in,stdin,BIO_NOCLOSE);	        }	else		{		if (BIO_read_filename(in,inf) <= 0)			{			perror(inf);			goto end;			}		}	if(!str && passarg) {		if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {			BIO_printf(bio_err, "Error getting password/n");			goto end;		}		str = pass;	}	if ((str == NULL) && (cipher != NULL) && (hkey == NULL))		{		for (;;)			{			char buf[200];			BIO_snprintf(buf,sizeof buf,"enter %s %s password:",				     OBJ_nid2ln(EVP_CIPHER_nid(cipher)),				     (enc)?"encryption":"decryption");			strbuf[0]='/0';			i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);			if (i == 0)				{				if (strbuf[0] == '/0')					{					ret=1;					goto end;					}				str=strbuf;				break;				}			if (i < 0)				{				BIO_printf(bio_err,"bad password read/n");				goto end;				}			}		}	if (outf == NULL)		{		BIO_set_fp(out,stdout,BIO_NOCLOSE);#ifndef OPENSSL_NO_SETVBUF_IONBF		if (bufsize != NULL)			setvbuf(stdout, (char *)NULL, _IONBF, 0);#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */#ifdef OPENSSL_SYS_VMS		{		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

//.........这里部分代码省略.........    }    strbuf = app_malloc(SIZE, "strbuf");    buff = app_malloc(EVP_ENCODE_LENGTH(bsize), "evp buffer");    if (debug) {        BIO_set_callback(in, BIO_debug_callback);        BIO_set_callback(out, BIO_debug_callback);        BIO_set_callback_arg(in, (char *)bio_err);        BIO_set_callback_arg(out, (char *)bio_err);    }    if (infile == NULL) {        unbuffer(stdin);        in = dup_bio_in(informat);    } else        in = bio_open_default(infile, 'r', informat);    if (in == NULL)        goto end;    if (!str && passarg) {        if (!app_passwd(passarg, NULL, &pass, NULL)) {            BIO_printf(bio_err, "Error getting password/n");            goto end;        }        str = pass;    }    if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {        for (;;) {            char prompt[200];            BIO_snprintf(prompt, sizeof prompt, "enter %s %s password:",                         OBJ_nid2ln(EVP_CIPHER_nid(cipher)),                         (enc) ? "encryption" : "decryption");            strbuf[0] = '/0';            i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc);            if (i == 0) {                if (strbuf[0] == '/0') {                    ret = 1;                    goto end;                }                str = strbuf;                break;            }            if (i < 0) {                BIO_printf(bio_err, "bad password read/n");                goto end;            }        }    }    out = bio_open_default(outfile, 'w', outformat);    if (out == NULL)        goto end;    rbio = in;    wbio = out;#ifdef ZLIB    if (do_zlib) {        if ((bzl = BIO_new(BIO_f_zlib())) == NULL)            goto end;        if (enc)            wbio = BIO_push(bzl, wbio);        else

//.........这里部分代码省略.........	if (enc_config.debug) {		BIO_set_callback(in, BIO_debug_callback);		BIO_set_callback(out, BIO_debug_callback);		BIO_set_callback_arg(in, (char *) bio_err);		BIO_set_callback_arg(out, (char *) bio_err);	}	if (enc_config.inf == NULL) {		if (enc_config.bufsize != NULL)			setvbuf(stdin, (char *) NULL, _IONBF, 0);		BIO_set_fp(in, stdin, BIO_NOCLOSE);	} else {		if (BIO_read_filename(in, enc_config.inf) <= 0) {			perror(enc_config.inf);			goto end;		}	}	if (!enc_config.keystr && enc_config.passarg) {		if (!app_passwd(bio_err, enc_config.passarg, NULL,		    &pass, NULL)) {			BIO_printf(bio_err, "Error getting password/n");			goto end;		}		enc_config.keystr = pass;	}	if (enc_config.keystr == NULL && enc_config.cipher != NULL &&	    enc_config.hkey == NULL) {		for (;;) {			char buf[200];			int retval;			retval = snprintf(buf, sizeof buf,			    "enter %s %s password:",			    OBJ_nid2ln(EVP_CIPHER_nid(enc_config.cipher)),			    enc_config.enc ? "encryption" : "decryption");			if ((size_t)retval >= sizeof buf) {				BIO_printf(bio_err,				    "Password prompt too long/n");				goto end;			}			strbuf[0] = '/0';			i = EVP_read_pw_string((char *)strbuf, SIZE, buf,			    enc_config.enc);			if (i == 0) {				if (strbuf[0] == '/0') {					ret = 1;					goto end;				}				enc_config.keystr = strbuf;				break;			}			if (i < 0) {				BIO_printf(bio_err, "bad password read/n");				goto end;			}		}	}	if (enc_config.outf == NULL) {		BIO_set_fp(out, stdout, BIO_NOCLOSE);		if (enc_config.bufsize != NULL)			setvbuf(stdout, (char *)NULL, _IONBF, 0);	} else {		if (BIO_write_filename(out, enc_config.outf) <= 0) {			perror(enc_config.outf);			goto end;		}

bool send_metakey(connection_t *c) {	bool x;	int len = RSA_size(c->rsa_key);	/* Allocate buffers for the meta key */	char buffer[2 * len + 1];	c->outkey = xrealloc(c->outkey, len);	if(!c->outctx) {		c->outctx = EVP_CIPHER_CTX_new();		if(!c->outctx) {			abort();		}	}	/* Copy random data to the buffer */	if(1 != RAND_bytes((unsigned char *)c->outkey, len)) {		int err = ERR_get_error();		logger(LOG_ERR, "Failed to generate meta key (%s)", ERR_error_string(err, NULL));		return false;	}	/* The message we send must be smaller than the modulus of the RSA key.	   By definition, for a key of k bits, the following formula holds:	   2^(k-1) <= modulus < 2^(k)	   Where ^ means "to the power of", not "xor".	   This means that to be sure, we must choose our message < 2^(k-1).	   This can be done by setting the most significant bit to zero.	 */	c->outkey[0] &= 0x7F;	ifdebug(SCARY_THINGS) {		bin2hex(c->outkey, buffer, len);		buffer[len * 2] = '/0';		logger(LOG_DEBUG, "Generated random meta key (unencrypted): %s",		       buffer);	}	/* Encrypt the random data	   We do not use one of the PKCS padding schemes here.	   This is allowed, because we encrypt a totally random string	   with a length equal to that of the modulus of the RSA key.	 */	if(RSA_public_encrypt(len, (unsigned char *)c->outkey, (unsigned char *)buffer, c->rsa_key, RSA_NO_PADDING) != len) {		logger(LOG_ERR, "Error during encryption of meta key for %s (%s): %s",		       c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));		return false;	}	/* Convert the encrypted random data to a hexadecimal formatted string */	bin2hex(buffer, buffer, len);	buffer[len * 2] = '/0';	/* Send the meta key */	x = send_request(c, "%d %d %d %d %d %s", METAKEY,	                 c->outcipher ? EVP_CIPHER_nid(c->outcipher) : 0,	                 c->outdigest ? EVP_MD_type(c->outdigest) : 0, c->outmaclength,	                 c->outcompression, buffer);	/* Further outgoing requests are encrypted with the key we just generated */	if(c->outcipher) {		if(!EVP_EncryptInit(c->outctx, c->outcipher,		                    (unsigned char *)c->outkey + len - EVP_CIPHER_key_length(c->outcipher),		                    (unsigned char *)c->outkey + len - EVP_CIPHER_key_length(c->outcipher) -		                    EVP_CIPHER_iv_length(c->outcipher))) {			logger(LOG_ERR, "Error during initialisation of cipher for %s (%s): %s",			       c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));			return false;		}		c->outbudget = byte_budget(c->outcipher);		c->status.encryptout = true;	}	return x;}

int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,                       void *x, const EVP_CIPHER *enc, unsigned char *kstr,                       int klen, pem_password_cb *callback, void *u){    EVP_CIPHER_CTX *ctx = NULL;    int dsize = 0, i = 0, j = 0, ret = 0;    unsigned char *p, *data = NULL;    const char *objstr = NULL;    char buf[PEM_BUFSIZE];    unsigned char key[EVP_MAX_KEY_LENGTH];    unsigned char iv[EVP_MAX_IV_LENGTH];    if (enc != NULL) {        objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));        if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0                || EVP_CIPHER_iv_length(enc) > (int)sizeof(iv)                   /*                    * Check "Proc-Type: 4,Encrypted/nDEK-Info: objstr,hex-iv/n"                    * fits into buf                    */                || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)                   > sizeof(buf)) {            PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);            goto err;        }    }    if ((dsize = i2d(x, NULL)) < 0) {        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB);        dsize = 0;        goto err;    }    /* dsize + 8 bytes are needed */    /* actually it needs the cipher block size extra... */    data = OPENSSL_malloc((unsigned int)dsize + 20);    if (data == NULL) {        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE);        goto err;    }    p = data;    i = i2d(x, &p);    if (enc != NULL) {        if (kstr == NULL) {            if (callback == NULL)                klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);            else                klen = (*callback) (buf, PEM_BUFSIZE, 1, u);            if (klen <= 0) {                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_READ_KEY);                goto err;            }#ifdef CHARSET_EBCDIC            /* Convert the pass phrase from EBCDIC */            ebcdic2ascii(buf, buf, klen);#endif            kstr = (unsigned char *)buf;        }        if (RAND_bytes(iv, EVP_CIPHER_iv_length(enc)) <= 0) /* Generate a salt */            goto err;        /*         * The 'iv' is used as the iv and as a salt.  It is NOT taken from         * the BytesToKey function         */        if (!EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1, key, NULL))            goto err;        if (kstr == (unsigned char *)buf)            OPENSSL_cleanse(buf, PEM_BUFSIZE);        buf[0] = '/0';        PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);        PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), (char *)iv);        /* k=strlen(buf); */        ret = 1;        if ((ctx = EVP_CIPHER_CTX_new()) == NULL            || !EVP_EncryptInit_ex(ctx, enc, NULL, key, iv)            || !EVP_EncryptUpdate(ctx, data, &j, data, i)            || !EVP_EncryptFinal_ex(ctx, &(data[j]), &i))            ret = 0;        if (ret == 0)            goto err;        i += j;    } else {        ret = 1;        buf[0] = '/0';    }    i = PEM_write_bio(bp, name, buf, data, i);    if (i <= 0)        ret = 0; err:    OPENSSL_cleanse(key, sizeof(key));    OPENSSL_cleanse(iv, sizeof(iv));    EVP_CIPHER_CTX_free(ctx);    OPENSSL_cleanse(buf, PEM_BUFSIZE);    OPENSSL_clear_free(data, (unsigned int)dsize);    return ret;}

    jdoubleArray Java_de_blinkt_openvpn_core_NativeUtils_getOpenSSLSpeed(JNIEnv* env, jclass thiz, jstring algorithm, jint testnumber){    static const unsigned char key16[16] = {        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12    };    const EVP_CIPHER *evp_cipher = NULL;    const char* alg = (*env)->GetStringUTFChars( env, algorithm , NULL ) ;    evp_cipher = EVP_get_cipherbyname(alg);    if (evp_cipher == NULL)        evp_md = EVP_get_digestbyname(alg);    if (evp_cipher == NULL && evp_md == NULL) {        //        BIO_printf(bio_err, "%s: %s is an unknown cipher or digest/n", prog, opt_arg());        //jniThrowException(env, "java/security/NoSuchAlgorithmException", "Algorithm not found");        return NULL;    }    const char* name;    loopargs_t *loopargs = NULL;    int loopargs_len = 1;    int async_jobs=0;    loopargs = malloc(loopargs_len * sizeof(loopargs_t));    memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));    jdoubleArray ret = (*env)->NewDoubleArray(env, 3);    if (testnum < 0 || testnum >= SIZE_NUM)        return NULL;    testnum = testnumber;    for (int i = 0; i < loopargs_len; i++) {        int misalign=0;        loopargs[i].buf_malloc = malloc((int)BUFSIZE + MAX_MISALIGNMENT + 1);        loopargs[i].buf2_malloc = malloc((int)BUFSIZE + MAX_MISALIGNMENT + 1);        /* Align the start of buffers on a 64 byte boundary */        loopargs[i].buf = loopargs[i].buf_malloc + misalign;        loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;    }    int count;    float d;    if (evp_cipher) {        name = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher));        /*         * -O3 -fschedule-insns messes up an optimization here!         * names[D_EVP] somehow becomes NULL         */        for (int k = 0; k < loopargs_len; k++) {            loopargs[k].ctx = EVP_CIPHER_CTX_new();            if (decrypt)                EVP_DecryptInit_ex(loopargs[k].ctx, evp_cipher, NULL, key16, iv);            else                EVP_EncryptInit_ex(loopargs[k].ctx, evp_cipher, NULL, key16, iv);            EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);        }        Time_F(START);        pthread_t timer_thread;        if (pthread_create(&timer_thread, NULL, stop_run, NULL))            return NULL;        count = run_benchmark(async_jobs, EVP_Update_loop, loopargs);        d = Time_F(STOP);        for (int k = 0; k < loopargs_len; k++) {            EVP_CIPHER_CTX_free(loopargs[k].ctx);        }    }    if (evp_md) {        name = OBJ_nid2ln(EVP_MD_type(evp_md));        //            print_message(names[D_EVP], save_count, lengths[testnum]);        pthread_t timer_thread;        if (pthread_create(&timer_thread, NULL, stop_run, NULL))            return NULL;        Time_F(START);        count = run_benchmark(async_jobs, EVP_Digest_loop, loopargs);        d = Time_F(STOP);    }    // Save results in hacky way    double results[] = {(double) lengths[testnum], (double) count, d};    (*env)->SetDoubleArrayRegion(env, ret, 0, 3, results);    //        print_result(D_EVP, testnum, count, d);    return ret;//.........这里部分代码省略.........

int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,           char *x, const EVP_CIPHER *enc, unsigned char *kstr,           int klen, pem_password_cb *callback, void *u)  {  EVP_CIPHER_CTX ctx;  int dsize=0,i,j,ret=0;  unsigned char *p,*data=NULL;  const char *objstr=NULL;  char buf[PEM_BUFSIZE];  unsigned char key[EVP_MAX_KEY_LENGTH];  unsigned char iv[EVP_MAX_IV_LENGTH];    if (enc != NULL)    {    objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));    if (objstr == NULL)      {      PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);      goto err;      }    }  if ((dsize=i2d(x,NULL)) < 0)    {    PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB);    dsize=0;    goto err;    }  /* dzise + 8 bytes are needed */  /* actually it needs the cipher block size extra... */  data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);  if (data == NULL)    {    PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);    goto err;    }  p=data;  i=i2d(x,&p);  if (enc != NULL)    {    if (kstr == NULL)      {      if (callback == NULL)        klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);      else        klen=(*callback)(buf,PEM_BUFSIZE,1,u);      if (klen <= 0)        {        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);        goto err;        }#ifdef CHARSET_EBCDIC      /* Convert the pass phrase from EBCDIC */      ebcdic2ascii(buf, buf, klen);#endif      kstr=(unsigned char *)buf;      }    RAND_add(data,i,0);/* put in the RSA key. */    OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));    if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */      goto err;    /* The 'iv' is used as the iv and as a salt.  It is     * NOT taken from the BytesToKey function */    EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);    if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);    OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);    buf[0]='/0';    PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);    PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);    /* k=strlen(buf); */    EVP_CIPHER_CTX_init(&ctx);    EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);    EVP_EncryptUpdate(&ctx,data,&j,data,i);    EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);    EVP_CIPHER_CTX_cleanup(&ctx);    i+=j;    ret=1;    }  else    {    ret=1;    buf[0]='/0';    }  i=PEM_write_bio(bp,name,buf,data,i);  if (i <= 0) ret=0;err:  OPENSSL_cleanse(key,sizeof(key));  OPENSSL_cleanse(iv,sizeof(iv));  OPENSSL_cleanse((char *)&ctx,sizeof(ctx));  OPENSSL_cleanse(buf,PEM_BUFSIZE);  if (data != NULL)    {    OPENSSL_cleanse(data,(unsigned int)dsize);    OPENSSL_free(data);    }//.........这里部分代码省略.........

//.........这里部分代码省略.........		{		BIO_set_callback(in,BIO_debug_callback);		BIO_set_callback(out,BIO_debug_callback);		BIO_set_callback_arg(in,bio_err);		BIO_set_callback_arg(out,bio_err);		}	if (inf == NULL)		BIO_set_fp(in,stdin,BIO_NOCLOSE);	else		{		if (BIO_read_filename(in,inf) <= 0)			{			perror(inf);			goto end;			}		}	if(!str && passarg) {		if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {			BIO_printf(bio_err, "Error getting password/n");			goto end;		}		str = pass;	}	if ((str == NULL) && (cipher != NULL) && (hkey == NULL))		{		for (;;)			{			char buf[200];			sprintf(buf,"enter %s %s password:",				OBJ_nid2ln(EVP_CIPHER_nid(cipher)),				(enc)?"encryption":"decryption");			strbuf[0]='/0';			i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);			if (i == 0)				{				if (strbuf[0] == '/0')					{					ret=1;					goto end;					}				str=strbuf;				break;				}			if (i < 0)				{				BIO_printf(bio_err,"bad password read/n");				goto end;				}			}		}	if (outf == NULL)		{		BIO_set_fp(out,stdout,BIO_NOCLOSE);#ifdef VMS		{		BIO *tmpbio = BIO_new(BIO_f_linebuffer());		out = BIO_push(tmpbio, out);		}#endif		}