自学教程：C++ EVP_DigestInit函数代码示例

void md5(	const void *content, ssize_t content_len, 	char *result, ssize_t result_len){	assert(result_len==33); // md5+1 length	int i, j;	EVP_MD_CTX mdctx;	unsigned char md_value[EVP_MAX_MD_SIZE];	unsigned int md_len;	EVP_DigestInit(&mdctx, EVP_md5());	EVP_DigestUpdate(&mdctx, content, (size_t) content_len);	EVP_DigestFinal_ex(&mdctx, md_value, &md_len);	EVP_MD_CTX_cleanup(&mdctx);	char byte[3];	j=0;	for(i=0; i<md_len; i++)	{		snprintf(byte, sizeof(byte), "%02x", md_value[i]);		result[j++]=byte[0];		result[j++]=byte[1];	}		result[j]=0;}

static char *digest_calculate(char *filename,		 char **digest_type, char *digest_string, unsigned *md_len_p,		 file_offset_t *filesizep){	int fd, i, rv;	EVP_MD_CTX md_ctx;	unsigned char md_value[EVP_MAX_MD_SIZE];	char buffer[GFS_FILE_BUFSIZE];	if ((fd = open(filename, O_RDONLY)) == -1)		return (gfarm_errno_to_error(errno));	EVP_DigestInit(&md_ctx, GFS_DEFAULT_DIGEST_MODE);	rv = gfs_digest_calculate_local(		fd, buffer, GFS_FILE_BUFSIZE,		GFS_DEFAULT_DIGEST_MODE,		&md_ctx, md_len_p, md_value, filesizep);	close(fd);	if (rv != 0)		return (gfarm_errno_to_error(rv));	for (i = 0; i < *md_len_p; i++)		sprintf(&digest_string[i + i], "%02x",			md_value[i]);	*digest_type = GFS_DEFAULT_DIGEST_NAME;	return (NULL);}

/** @impl_interface_method{RTCRDIGESTDESC::pfnInit} */static DECLCALLBACK(int) rtCrDigestOsslEvp_Init(void *pvState, void *pvOpaque, bool fReInit){    EVP_MD_CTX   *pThis    = (EVP_MD_CTX *)pvState;    EVP_MD const *pEvpType = (EVP_MD const *)pvOpaque;    if (fReInit)    {        pEvpType = EVP_MD_CTX_md(pThis);# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)        EVP_MD_CTX_reset(pThis);# else        EVP_MD_CTX_cleanup(pThis);# endif    }    AssertPtrReturn(pEvpType, VERR_INVALID_PARAMETER);# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)    Assert(EVP_MD_block_size(pEvpType));# else    Assert(pEvpType->md_size);# endif    if (EVP_DigestInit(pThis, pEvpType))        return VINF_SUCCESS;    return VERR_CR_DIGEST_OSSL_DIGEST_INIT_ERROR;}

intpx_find_digest(const char *name, PX_MD ** res){	const EVP_MD *md;	EVP_MD_CTX *ctx;	PX_MD	   *h;	if (!px_openssl_initialized)	{		px_openssl_initialized = 1;		OpenSSL_add_all_algorithms();	}	md = EVP_get_digestbyname(name);	if (md == NULL)		return PXE_NO_HASH;	ctx = px_alloc(sizeof(*ctx));	EVP_DigestInit(ctx, md);	h = px_alloc(sizeof(*h));	h->result_size = digest_result_size;	h->block_size = digest_block_size;	h->reset = digest_reset;	h->update = digest_update;	h->finish = digest_finish;	h->free = digest_free;	h->p.ptr = (void *) ctx;	*res = h;	return 0;}

static int create_digest(BIO *input, char *digest, const EVP_MD *md,                         unsigned char **md_value){    int md_value_len;    md_value_len = EVP_MD_size(md);    if (md_value_len < 0)        return 0;    if (input) {        EVP_MD_CTX md_ctx;        unsigned char buffer[4096];        int length;        *md_value = app_malloc(md_value_len, "digest buffer");        EVP_DigestInit(&md_ctx, md);        while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) {            EVP_DigestUpdate(&md_ctx, buffer, length);        }        if (!EVP_DigestFinal(&md_ctx, *md_value, NULL))            return 0;    } else {        long digest_len;        *md_value = string_to_hex(digest, &digest_len);        if (!*md_value || md_value_len != digest_len) {            OPENSSL_free(*md_value);            *md_value = NULL;            BIO_printf(bio_err, "bad digest, %d bytes "                       "must be specified/n", md_value_len);            return 0;        }    }    return md_value_len;}

char *do_sha1(char *tohash, int size){  EVP_MD_CTX ctx;  char *hash_ret;  int evp_ret_len;  if (!tohash)    {      debug_printf(DEBUG_NORMAL, "Invalid value passed to do_sha1()!/n");      return NULL;    }  hash_ret = (char *)malloc(21);  // We should get 20 bytes returned.  if (hash_ret == NULL)    {      printf("There was a malloc() error in eapsim.c with hash_ret!/n");      return NULL;    }   EVP_DigestInit(&ctx, EVP_sha1());  EVP_DigestUpdate(&ctx, tohash, size);  EVP_DigestFinal(&ctx, hash_ret, (int *)&evp_ret_len);  if (evp_ret_len != 20) printf("SHA1 returned something other than what it should have!/n");  return hash_ret;}

void HashFile(char *filename, unsigned char digest[EVP_MAX_MD_SIZE + 1], HashMethod type){    FILE *file;    EVP_MD_CTX context;    int len, md_len;    unsigned char buffer[1024];    const EVP_MD *md = NULL;    CfDebug("HashFile(%d,%s)/n", type, filename);    if ((file = fopen(filename, "rb")) == NULL)    {        CfOut(OUTPUT_LEVEL_INFORM, "fopen", "%s can't be opened/n", filename);    }    else    {        md = EVP_get_digestbyname(FileHashName(type));        EVP_DigestInit(&context, md);        while ((len = fread(buffer, 1, 1024, file)))        {            EVP_DigestUpdate(&context, buffer, len);        }        EVP_DigestFinal(&context, digest, &md_len);        /* Digest length stored in md_len */        fclose(file);    }}

void HashString(const char *buffer, int len, unsigned char digest[EVP_MAX_MD_SIZE + 1], HashMethod type){    EVP_MD_CTX context;    const EVP_MD *md = NULL;    int md_len;    CfDebug("HashString(%c)/n", type);    switch (type)    {    case HASH_METHOD_CRYPT:        CfOut(OUTPUT_LEVEL_ERROR, "", "The crypt support is not presently implemented, please use another algorithm instead");        memset(digest, 0, EVP_MAX_MD_SIZE + 1);        break;    default:        md = EVP_get_digestbyname(FileHashName(type));        if (md == NULL)        {            CfOut(OUTPUT_LEVEL_INFORM, "", " !! Digest type %s not supported by OpenSSL library", CF_DIGEST_TYPES[type][0]);        }        EVP_DigestInit(&context, md);        EVP_DigestUpdate(&context, (unsigned char *) buffer, (size_t) len);        EVP_DigestFinal(&context, digest, &md_len);        break;    }}

/* * MD5authencrypt - generate message digest * * Returns length of MAC including key ID and digest. */intMD5authencrypt(	int	type,		/* hash algorithm */	u_char	*key,		/* key pointer */	u_int32 *pkt,		/* packet pointer */	int	length		/* packet length */	){	u_char	digest[EVP_MAX_MD_SIZE];	u_int	len;	EVP_MD_CTX ctx;	/*	 * Compute digest of key concatenated with packet. Note: the	 * key type and digest type have been verified when the key	 * was creaded.	 */	INIT_SSL();	EVP_DigestInit(&ctx, EVP_get_digestbynid(type));	EVP_DigestUpdate(&ctx, key, (u_int)cache_keylen);	EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length);	EVP_DigestFinal(&ctx, digest, &len);	memmove((u_char *)pkt + length + 4, digest, len);	return (len + 4);}

int _ldapfull_chk_hashed(moddata_t data, const char *scheme, int salted, const char *hash, const char *passwd) {    char *bhash; // binary hash, will get it from base64    EVP_MD_CTX mdctx;    const EVP_MD *md;    unsigned char digest[EVP_MAX_MD_SIZE];    int bhlen, rc;    md = EVP_get_digestbyname(scheme);    if (!md) {        return 0;    }    if( ! _ldapfull_base64_decode(hash, &bhash, &bhlen) ) {        return 0;    }    EVP_DigestInit(&mdctx, md);    EVP_DigestUpdate(&mdctx, passwd, strlen(passwd));    if (salted) {        EVP_DigestUpdate(&mdctx, &bhash[EVP_MD_size(md)],                bhlen - EVP_MD_size(md));    }    EVP_DigestFinal(&mdctx, digest, NULL);    rc = memcmp((char *)bhash, (char *)digest, EVP_MD_size(md));    free(bhash);    return !rc;}

/* * Caclulate a new key after a reconnect */voidcalculate_new_key(u_int64_t *key, u_int64_t cookie, u_int64_t challenge){	int r;	const EVP_MD *md = EVP_sha1();	EVP_MD_CTX ctx;	char hash[EVP_MAX_MD_SIZE];	struct sshbuf *b;	if ((b = sshbuf_new()) == NULL)		fatal("%s: sshbuf_new failed", __func__);	if ((r = sshbuf_put_u64(b, *key)) != 0 ||	    (r = sshbuf_put_u64(b, cookie)) != 0 ||	    (r = sshbuf_put_u64(b, challenge)) != 0)		fatal("%s: buffer error: %s", __func__, ssh_err(r));	EVP_DigestInit(&ctx, md);	EVP_DigestUpdate(&ctx, sshbuf_ptr(b), sshbuf_len(b));	EVP_DigestFinal(&ctx, hash, NULL);	sshbuf_reset(b);	if ((r = sshbuf_put(b, hash, EVP_MD_size(md))) != 0 ||	    (r = sshbuf_get_u64(b, key)) != 0)		fatal("%s: buffer error: %s", __func__, ssh_err(r));	sshbuf_free(b);}

QString pki_evp::sha512passwd(QString pass, QString salt){	EVP_MD_CTX mdctx;	QString str;	int n;	int j;	unsigned char m[EVP_MAX_MD_SIZE];	if (salt.length() <5)		abort();	str = salt.left(5);	pass = str + pass;	EVP_DigestInit(&mdctx, EVP_sha512());	EVP_DigestUpdate(&mdctx, CCHAR(pass), pass.size());	EVP_DigestFinal(&mdctx, m, (unsigned*)&n);	for (j=0; j<n; j++) {		char zs[4];		sprintf(zs, "%02X",m[j]);		str += zs;	}	return str;}

bool _IDB_XCH::new_msgiv( IDB_PH1 * ph1 ){	if( ph1->evp_cipher == NULL )		return false;	unsigned char iv_data[ EVP_MAX_MD_SIZE ];	unsigned long iv_size = EVP_CIPHER_iv_length( ph1->evp_cipher );	EVP_MD_CTX ctx_hash;	EVP_DigestInit( &ctx_hash, ph1->evp_hash );	EVP_DigestUpdate( &ctx_hash, ph1->iv.buff(), ph1->iv.size() );	EVP_DigestUpdate( &ctx_hash, &msgid, 4 );	EVP_DigestFinal( &ctx_hash, iv_data, NULL );	EVP_MD_CTX_cleanup( &ctx_hash );	iv.set( iv_data, iv_size );	iked.log.bin(		LLOG_DEBUG,		LLOG_DECODE,		iv.buff(),		iv.size(),		"== : new %s iv",		name() );	return true;}

bool send_chal_reply(connection_t *c) {	char hash[EVP_MAX_MD_SIZE * 2 + 1];	EVP_MD_CTX *ctx;	/* Calculate the hash from the challenge we received */	ctx = EVP_MD_CTX_create();	if(!ctx) {		abort();	}	if(!EVP_DigestInit(ctx, c->indigest)	                || !EVP_DigestUpdate(ctx, c->mychallenge, RSA_size(myself->connection->rsa_key))	                || !EVP_DigestFinal(ctx, (unsigned char *)hash, NULL)) {		EVP_MD_CTX_destroy(ctx);		logger(LOG_ERR, "Error during calculation of response for %s (%s): %s",		       c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));		return false;	}	EVP_MD_CTX_destroy(ctx);	/* Convert the hash to a hexadecimal formatted string */	bin2hex(hash, hash, EVP_MD_size(c->indigest));	hash[EVP_MD_size(c->indigest) * 2] = '/0';	/* Send the reply */	return send_request(c, "%d %s", CHAL_REPLY, hash);}

voidderive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,    u_int8_t cookie[8], u_int8_t id[16]){	const EVP_MD *evp_md = EVP_md5();	EVP_MD_CTX md;	u_int8_t nbuf[2048], obuf[EVP_MAX_MD_SIZE];	int len;	EVP_DigestInit(&md, evp_md);	len = BN_num_bytes(host_modulus);	if (len < (512 / 8) || (u_int)len > sizeof(nbuf))		fatal("%s: bad host modulus (len %d)", __func__, len);	BN_bn2bin(host_modulus, nbuf);	EVP_DigestUpdate(&md, nbuf, len);	len = BN_num_bytes(server_modulus);	if (len < (512 / 8) || (u_int)len > sizeof(nbuf))		fatal("%s: bad server modulus (len %d)", __func__, len);	BN_bn2bin(server_modulus, nbuf);	EVP_DigestUpdate(&md, nbuf, len);	EVP_DigestUpdate(&md, cookie, 8);	EVP_DigestFinal(&md, obuf, NULL);	memcpy(id, obuf, 16);	memset(nbuf, 0, sizeof(nbuf));	memset(obuf, 0, sizeof(obuf));	memset(&md, 0, sizeof(md));}

TSS_RESULTTrspi_HashInit(Trspi_HashCtx *ctx, UINT32 HashType){	int rv;	EVP_MD *md;	switch (HashType) {		case TSS_HASH_SHA1:			md = (EVP_MD *)EVP_sha1();			break;		default:			return TSPERR(TSS_E_BAD_PARAMETER);			break;	}	if ((ctx->ctx = malloc(sizeof(EVP_MD_CTX))) == NULL)		return TSPERR(TSS_E_OUTOFMEMORY);	rv = EVP_DigestInit((EVP_MD_CTX *)ctx->ctx, (const EVP_MD *)md);	if (rv != EVP_SUCCESS) {		DEBUG_print_openssl_errors();		return TSPERR(TSS_E_INTERNAL_ERROR);	}	return TSS_SUCCESS;}

/* * MD5authdecrypt - verify MD5 message authenticator * * Returns one if digest valid, zero if invalid. */intMD5authdecrypt(	int		type,	/* hash algorithm */	const u_char *	key,	/* key pointer */	u_int32	*	pkt,	/* packet pointer */	size_t		length,	/* packet length */	size_t		size	/* MAC size */	){	u_char	digest[EVP_MAX_MD_SIZE];	u_int	len;	EVP_MD_CTX ctx;	/*	 * Compute digest of key concatenated with packet. Note: the	 * key type and digest type have been verified when the key	 * was created.	 */	INIT_SSL();	if (!EVP_DigestInit(&ctx, EVP_get_digestbynid(type))) {		msyslog(LOG_ERR,		    "MAC decrypt: digest init failed");		return (0);	}	EVP_DigestUpdate(&ctx, key, cache_secretsize);	EVP_DigestUpdate(&ctx, (u_char *)pkt, length);	EVP_DigestFinal(&ctx, digest, &len);	if (size != (size_t)len + 4) {		msyslog(LOG_ERR,		    "MAC decrypt: MAC length error");		return (0);	}	return !isc_tsmemcmp(digest, (const char *)pkt + length + 4, len);}

/* * Calculate the reference id from the address. If it is an IPv4 * address, use it as is. If it is an IPv6 address, do a md5 on * it and use the bottom 4 bytes. * The result is in network byte order. */u_int32addr2refid(sockaddr_u *addr){	u_char		digest[20];	u_int32		addr_refid;	EVP_MD_CTX	ctx;	u_int		len;	if (IS_IPV4(addr))		return (NSRCADR(addr));	INIT_SSL();#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x0090700fL	EVP_MD_CTX_init(&ctx);#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW	/* MD5 is not used as a crypto hash here. */	EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);#endif#endif	if (!EVP_DigestInit(&ctx, EVP_md5())) {		msyslog(LOG_ERR,		    "MD5 init failed");		exit(1);	}	EVP_DigestUpdate(&ctx, (u_char *)PSOCK_ADDR6(addr),	    sizeof(struct in6_addr));	EVP_DigestFinal(&ctx, digest, &len);	memcpy(&addr_refid, digest, sizeof(addr_refid));	return (addr_refid);}

/* * Calculate the reference id from the address. If it is an IPv4 * address, use it as is. If it is an IPv6 address, do a md5 on * it and use the bottom 4 bytes. * The result is in network byte order. */uint32_taddr2refid(sockaddr_u *addr){	uint8_t		digest[20];	uint32_t		addr_refid;	EVP_MD_CTX	ctx;	u_int		len;	if (IS_IPV4(addr))		return (NSRCADR(addr));	INIT_SSL();#if defined(HAVE_OPENSSL)	EVP_MD_CTX_init(&ctx);#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW	/* MD5 is not used as a crypto hash here. */	EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);#endif	if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) {		msyslog(LOG_ERR,		    "MD5 init failed");		exit(1);	}#else	EVP_DigestInit(&ctx, EVP_md5());#endif	EVP_DigestUpdate(&ctx, (uint8_t *)PSOCK_ADDR6(addr),	    sizeof(struct in6_addr));	EVP_DigestFinal(&ctx, digest, &len);	memcpy(&addr_refid, digest, sizeof(addr_refid));	return (addr_refid);}

/* * keytype_from_text	returns OpenSSL NID for digest by name, and *			optionally the associated digest length. * * Used by ntpd authreadkeys(), ntpq and ntpdc keytype() */intkeytype_from_text(	const char *text,	size_t *pdigest_len	){	const u_long	max_digest_len = MAX_MAC_LEN - sizeof(keyid_t);	int		key_type;	u_int		digest_len;#ifdef OPENSSL	u_char		digest[EVP_MAX_MD_SIZE];	char *		upcased;	char *		pch;	EVP_MD_CTX	ctx;	/*	 * OpenSSL digest short names are capitalized, so uppercase the	 * digest name before passing to OBJ_sn2nid().  If it is not	 * recognized but begins with 'M' use NID_md5 to be consistent	 * with past behavior.	 */	INIT_SSL();	LIB_GETBUF(upcased);	strncpy(upcased, text, LIB_BUFLENGTH);	for (pch = upcased; '/0' != *pch; pch++)		*pch = (char)toupper((unsigned char)*pch);	key_type = OBJ_sn2nid(upcased);#else	key_type = 0;#endif	if (!key_type && 'm' == tolower((unsigned char)text[0]))		key_type = NID_md5;	if (!key_type)		return 0;	if (NULL != pdigest_len) {#ifdef OPENSSL		EVP_DigestInit(&ctx, EVP_get_digestbynid(key_type));		EVP_DigestFinal(&ctx, digest, &digest_len);		if (digest_len + sizeof(keyid_t) > MAX_MAC_LEN) {			fprintf(stderr,				"key type %s %u octet digests are too big, max %lu/n",				keytype_name(key_type), digest_len,				max_digest_len);			msyslog(LOG_ERR,				"key type %s %u octet digests are too big, max %lu/n",				keytype_name(key_type), digest_len,				max_digest_len);			return 0;		}#else		digest_len = 16;#endif		*pdigest_len = digest_len;	}	return key_type;}

static void *x963_kdf(const EVP_MD *md, const void *in, size_t inlen,	void *out, size_t *outlen){	EVP_MD_CTX ctx;	uint32_t counter = 1;	uint32_t counter_be;	unsigned char dgst[EVP_MAX_MD_SIZE];	unsigned int dgstlen;	size_t rlen = *outlen;	size_t len;	EVP_MD_CTX_init(&ctx);	//FIXME: it might be wrong	while (rlen > 0) {		counter_be = cpu_to_be32(counter);		counter++;		EVP_DigestInit(&ctx, md);		EVP_DigestUpdate(&ctx, in, inlen);		EVP_DigestUpdate(&ctx, &counter_be, sizeof(counter_be));		EVP_DigestFinal(&ctx, dgst, &dgstlen);		len = dgstlen <= rlen ? dgstlen : rlen;		memcpy(out, dgst, len);		rlen -= len;		out += len;	}	EVP_MD_CTX_cleanup(&ctx);	return out;}

int ssh_key_sign(ssh_key* key, const char* data, int length, unsigned char* sig) {    const EVP_MD* md;    EVP_MD_CTX md_ctx;    unsigned char digest[EVP_MAX_MD_SIZE];    unsigned int dlen, len;    /* Get SHA1 digest */    if ((md = EVP_get_digestbynid(NID_sha1)) == NULL)        return -1;    /* Digest data */    EVP_DigestInit(&md_ctx, md);    EVP_DigestUpdate(&md_ctx, data, length);    EVP_DigestFinal(&md_ctx, digest, &dlen);    /* Sign with key */    switch (key->type) {        case SSH_KEY_RSA:            if (RSA_sign(NID_sha1, digest, dlen, sig, &len, key->rsa) == 1)                return len;        case SSH_KEY_DSA: {            DSA_SIG* dsa_sig = DSA_do_sign(digest, dlen, key->dsa);            if (dsa_sig != NULL) {                /* Compute size of each half of signature */                int rlen = BN_num_bytes(dsa_sig->r);                int slen = BN_num_bytes(dsa_sig->s);                /* Ensure each number is within the required size */                if (rlen > DSA_SIG_NUMBER_SIZE || slen > DSA_SIG_NUMBER_SIZE)                    return -1;                /* Init to all zeroes */                memset(sig, 0, DSA_SIG_SIZE);                /* Add R at the end of the first block of the signature */                BN_bn2bin(dsa_sig->r, sig + DSA_SIG_SIZE                                          - DSA_SIG_NUMBER_SIZE - rlen);                /* Add S at the end of the second block of the signature */                BN_bn2bin(dsa_sig->s, sig + DSA_SIG_SIZE - slen);                /* Done */                DSA_SIG_free(dsa_sig);                return DSA_SIG_SIZE;            }        }    }    return -1;}

static int_md_init (md_ctx *x, munge_mac_t md){    EVP_MD *algo;    assert (x != NULL);    if (_md_map_enum (md, &algo) < 0) {        return (-1);    }    if (_md_ctx_create (x) < 0) {        return (-1);    }#if HAVE_EVP_DIGESTINIT_EX    /*  OpenSSL >= 0.9.7  */    if (EVP_DigestInit_ex (x->ctx, algo, NULL) != 1) {        return (-1);    }#elif HAVE_EVP_DIGESTINIT    /*  EVP_DigestInit() implicitly initializes the EVP_MD_CTX.  */    /*  OpenSSL < 0.9.7  */    EVP_DigestInit (x->ctx, algo);#else  /* !HAVE_EVP_DIGESTINIT */#error "No OpenSSL EVP_DigestInit"#endif /* !HAVE_EVP_DIGESTINIT */    x->diglen = EVP_MD_size (algo);    return (0);}

static u_char *derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen,    BIGNUM *shared_secret){	Buffer b;	EVP_MD_CTX md;	char c = id;	u_int have;	int mdsz;	u_char *digest;	if ((mdsz = EVP_MD_size(kex->evp_md)) <= 0)		fatal("bad kex md size %d", mdsz);	digest = xmalloc(roundup(need, mdsz));	buffer_init(&b);	buffer_put_bignum2(&b, shared_secret);	/* K1 = HASH(K || H || "A" || session_id) */	EVP_DigestInit(&md, kex->evp_md);	if (!(datafellows & SSH_BUG_DERIVEKEY))		EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));	EVP_DigestUpdate(&md, hash, hashlen);	EVP_DigestUpdate(&md, &c, 1);	EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len);	EVP_DigestFinal(&md, digest, NULL);	/*	 * expand key:	 * Kn = HASH(K || H || K1 || K2 || ... || Kn-1)	 * Key = K1 || K2 || ... || Kn	 */	for (have = mdsz; need > have; have += mdsz) {		EVP_DigestInit(&md, kex->evp_md);		if (!(datafellows & SSH_BUG_DERIVEKEY))			EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));		EVP_DigestUpdate(&md, hash, hashlen);		EVP_DigestUpdate(&md, digest, have);		EVP_DigestFinal(&md, digest + have, NULL);	}	buffer_free(&b);#ifdef DEBUG_KEX	fprintf(stderr, "key '%c'== ", c);	dump_digest("key", digest, need);#endif	return digest;}

bool chal_reply_h(connection_t *c) {	char hishash[MAX_STRING_SIZE];	char myhash[EVP_MAX_MD_SIZE];	EVP_MD_CTX *ctx;	if(sscanf(c->buffer, "%*d " MAX_STRING, hishash) != 1) {		logger(LOG_ERR, "Got bad %s from %s (%s)", "CHAL_REPLY", c->name,		       c->hostname);		return false;	}	/* Check if the length of the hash is all right */	if(strlen(hishash) != (size_t)EVP_MD_size(c->outdigest) * 2) {		logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name,		       c->hostname, "wrong challenge reply length");		return false;	}	/* Convert the hash to binary format */	if(!hex2bin(hishash, hishash, EVP_MD_size(c->outdigest))) {		logger(LOG_ERR, "Got bad %s from %s(%s): %s", "CHAL_REPLY", c->name, c->hostname, "invalid hash");		return false;	}	/* Calculate the hash from the challenge we sent */	ctx = EVP_MD_CTX_create();	if(!ctx) {		abort();	}	if(!EVP_DigestInit(ctx, c->outdigest)	                || !EVP_DigestUpdate(ctx, c->hischallenge, RSA_size(c->rsa_key))	                || !EVP_DigestFinal(ctx, (unsigned char *)myhash, NULL)) {		EVP_MD_CTX_destroy(ctx);		logger(LOG_ERR, "Error during calculation of response from %s (%s): %s",		       c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));		return false;	}	EVP_MD_CTX_destroy(ctx);	/* Verify the incoming hash with the calculated hash */	if(memcmp(hishash, myhash, EVP_MD_size(c->outdigest))) {		logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name,		       c->hostname, "wrong challenge reply");		ifdebug(SCARY_THINGS) {			bin2hex(myhash, hishash, SHA_DIGEST_LENGTH);			hishash[SHA_DIGEST_LENGTH * 2] = '/0';			logger(LOG_DEBUG, "Expected challenge reply: %s", hishash);		}		return false;	}

uint8_t*do_sha256_digest (uint8_t* msg, size_t msg_len){    uint8_t *dig;    unsigned int dig_len;    EVP_MD_CTX *ctx;    if (msg == NULL || msg_len == 0)    {        fprintf(stderr, "%s: invalid parameter value/n", __func__);        dig = NULL;        goto exit_do_sha256_digest;    }    dig = malloc(EVP_MD_size(EVP_sha256()));    if (dig == NULL)    {        fprintf(stderr, "Error allocating memory for the digest/n");        goto exit_do_sha256_digest;    }    // Do the hashing of the msg    ctx = EVP_MD_CTX_create();    if (EVP_DigestInit(ctx, EVP_sha256()) != 1)    {        fprintf(stderr, "Error initializing digest algorithm/n");        free(dig);        dig = NULL;        goto cleanup_do_sha256_digest;    }    if (EVP_DigestUpdate(ctx, msg, msg_len) != 1)    {        fprintf(stderr, "Error during the hashing of the message/n");        free(dig);        dig = NULL;        goto cleanup_do_sha256_digest;    }    if (EVP_DigestFinal(ctx, dig, &dig_len) != 1)    {        fprintf(stderr, "Error finalizing the digest/n");        free(dig);        dig = NULL;        goto cleanup_do_sha256_digest;    }    // Check if the size is correct    if (dig_len != EVP_MD_size(EVP_sha256()))    {        fprintf(stderr, "Error, the digest's length is less than expected/n");        free(dig);        dig = NULL;    }cleanup_do_sha256_digest:    EVP_MD_CTX_cleanup(ctx);    free(ctx);exit_do_sha256_digest:    return dig;}

voidmd_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt){    ASSERT(NULL != ctx && NULL != kt);    EVP_MD_CTX_init(ctx);    EVP_DigestInit(ctx, kt);}

int API_SWU_VerifyImage(unsigned char* image, unsigned int imageSize) { 	unsigned char *md_value;	unsigned int md_len = 0;	md_value = malloc(0x40);	EVP_MD_CTX ctx1, ctx2;	EVP_DigestInit(&ctx1, EVP_get_digestbyname("sha1"));	EVP_DigestUpdate(&ctx1, image + SIGNATURE_SIZE, imageSize - SIGNATURE_SIZE);	EVP_DigestFinal(&ctx1, md_value, &md_len);	EVP_DigestInit(&ctx2, EVP_sha1());	EVP_DigestUpdate(&ctx2, md_value, md_len);	int result = 0;	if (EVP_VerifyFinal(&ctx2, image, SIGNATURE_SIZE, _gpPubKey) == 1) result = 1;	EVP_MD_CTX_cleanup(&ctx1);	EVP_MD_CTX_cleanup(&ctx2);	free(md_value);	return result;}