自学教程：C++ EVP_DigestSignFinal函数代码示例

//Create base 64 encoded digital signature of given databool digiSign(StringBuffer &b64Signature, size32_t dataSz, const void *data, const CLoadedKey &signingKey){    OwnedEVPMdCtx signingCtx(EVP_MD_CTX_create());    //initialize context for SHA-256 hashing function    int rc = EVP_DigestSignInit(signingCtx, nullptr, EVP_sha256(), nullptr, signingKey);    if (rc <= 0)        throwEVPException(-1, "digiSign:EVP_DigestSignInit");    //add string to the context    if (EVP_DigestSignUpdate(signingCtx, data, dataSz) <= 0)        throwEVPException(-1, "digiSign:EVP_DigestSignUpdate");    //compute length of signature    size_t encMsgLen;    if (EVP_DigestSignFinal(signingCtx, nullptr, &encMsgLen) <= 0)        throwEVPException(-1, "digiSign:EVP_DigestSignFinal1");    if (encMsgLen == 0)        throwEVPException(-1, "digiSign:EVP_DigestSignFinal length returned 0");    //compute signature (signed digest)    OwnedEVPMemory encMsg = OPENSSL_malloc(encMsgLen);    if (encMsg == nullptr)        throw MakeStringException(-1, "digiSign:OPENSSL_malloc(%u) returned NULL", (unsigned)encMsgLen);    if (EVP_DigestSignFinal(signingCtx, (unsigned char *)encMsg.get(), &encMsgLen) <= 0)        throwEVPException(-1, "digiSign:EVP_DigestSignFinal2");    //convert to base64    JBASE64_Encode(encMsg, encMsgLen, b64Signature, false);    return true;}

static int PKCS7_SIGNER_INFO_sign_0(PKCS7_SIGNER_INFO *si){  EVP_MD_CTX mctx;  EVP_PKEY_CTX *pctx;  unsigned char *abuf = NULL;  int alen;  size_t siglen;  const EVP_MD *md = NULL;  md = EVP_get_digestbyobj(si->digest_alg->algorithm);  if (md == NULL)    return 0;  EVP_MD_CTX_init(&mctx);  if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)    goto err;  if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,                        EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0)  {    PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);    goto err;  }  alen = ASN1_item_i2d((ASN1_VALUE *) si->auth_attr, &abuf,                       ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));  if (!abuf)    goto err;  if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)    goto err;  OPENSSL_free(abuf);  abuf = NULL;  if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)    goto err;  abuf = OPENSSL_malloc(siglen);  if (!abuf)    goto err;  if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)    goto err;  if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,                        EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0)  {    PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);    goto err;  }  EVP_MD_CTX_cleanup(&mctx);  ASN1_STRING_set0(si->enc_digest, abuf, siglen);  return 1;err:  if (abuf)    OPENSSL_free(abuf);  EVP_MD_CTX_cleanup(&mctx);  return 0;}

Handle<std::string> RSA_PKCS1_sign(Handle<ScopedEVP_PKEY> hKey, const EVP_MD *md, Handle<std::string> hData) {    LOG_FUNC();    ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create());    EVP_PKEY_CTX* pctx = nullptr;    size_t siglen = 0;    if (ctx.isEmpty() ||            !EVP_DigestSignInit(ctx.Get(), &pctx, md, nullptr, hKey->Get())) {        THROW_OPENSSL("EVP_DigestSignInit");    }    byte* data = (byte*)hData->c_str();    size_t datalen = hData->length();    if (1 != EVP_DigestSignUpdate(ctx.Get(), data, datalen)) {        THROW_OPENSSL("EVP_DigestSignUpdate");    }    if (1 != EVP_DigestSignFinal(ctx.Get(), nullptr, &siglen)) {        THROW_OPENSSL("EVP_DigestSignFinal");    }    Handle<std::string> hOutput(new std::string());    hOutput->resize(siglen);    byte *output = (byte*)hOutput->c_str();    if (!EVP_DigestSignFinal(ctx.Get(), output, &siglen))        THROW_OPENSSL("EVP_DigestSignFinal");    return hOutput;}

int signMsgRSA(EVP_PKEY* key, const unsigned char* msg, 	unsigned char** sig, size_t* slen, size_t msglen){		EVP_MD_CTX* ctx = NULL;	const EVP_MD* md = NULL;		if(msg == NULL || sig == NULL || slen == NULL)		return 0;	ctx = EVP_MD_CTX_create();	md = EVP_get_digestbyname(hn);	if(md == NULL){		printf("ERR EVP_get_digestbyname/n");		return 0;			}	if(ctx == NULL){		printf("ERR EVP_MD_CTX_create/n");		return 0;			}	if(1 != EVP_DigestInit_ex(ctx, md, NULL)){		printf("ERR EVP_DigestInit_ex/n");		return 0;	}	if(1 != EVP_DigestSignInit(ctx, NULL, md, NULL, key)){		printf("ERR EVP_DigestSignInit/n");		return 0;	}	/*SE FIRMA EL MENSAJE*/	if(1 != EVP_DigestSignUpdate(ctx, msg, msglen)){		printf("ERR EVP_DigestSignUpdate/n");		return 0;	}	if(1 != EVP_DigestSignFinal(ctx, NULL, slen)){		printf("ERR EVP_DigestSignFinal/n");		return 0;		}	*sig = OPENSSL_malloc(*slen);		if(*sig == NULL){		printf("ERR OPENSSL_malloc/n");	}	if(1 != EVP_DigestSignFinal(ctx, *sig, slen)){		printf("ERR EVP_DigestSignFinal/n");		return 0;	}	EVP_MD_CTX_destroy(ctx);	ctx = NULL;	return 1;}

static int test_EVP_DigestSignInit(void) {  int ret = 0;  EVP_PKEY *pkey = NULL;  uint8_t *sig = NULL;  size_t sig_len = 0;  EVP_MD_CTX md_ctx, md_ctx_verify;  EVP_MD_CTX_init(&md_ctx);  EVP_MD_CTX_init(&md_ctx_verify);  pkey = load_example_rsa_key();  if (pkey == NULL ||      !EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) ||      !EVP_DigestSignUpdate(&md_ctx, kMsg, sizeof(kMsg))) {    goto out;  }  /* Determine the size of the signature. */  if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len)) {    goto out;  }  /* Sanity check for testing. */  if (sig_len != EVP_PKEY_size(pkey)) {    fprintf(stderr, "sig_len mismatch/n");    goto out;  }  sig = malloc(sig_len);  if (sig == NULL || !EVP_DigestSignFinal(&md_ctx, sig, &sig_len)) {    goto out;  }  /* Ensure that the signature round-trips. */  if (!EVP_DigestVerifyInit(&md_ctx_verify, NULL, EVP_sha256(), NULL, pkey) ||      !EVP_DigestVerifyUpdate(&md_ctx_verify, kMsg, sizeof(kMsg)) ||      !EVP_DigestVerifyFinal(&md_ctx_verify, sig, sig_len)) {    goto out;  }  ret = 1;out:  if (!ret) {    BIO_print_errors_fp(stderr);  }  EVP_MD_CTX_cleanup(&md_ctx);  EVP_MD_CTX_cleanup(&md_ctx_verify);  if (pkey) {    EVP_PKEY_free(pkey);  }  if (sig) {    free(sig);  }  return ret;}

static int test_EVP_DigestSignInit(void){    int ret = 0;    EVP_PKEY *pkey = NULL;    unsigned char *sig = NULL;    size_t sig_len = 0;    EVP_MD_CTX *md_ctx, *md_ctx_verify;    md_ctx = EVP_MD_CTX_new();    md_ctx_verify = EVP_MD_CTX_new();    if (md_ctx == NULL || md_ctx_verify == NULL)        goto out;    pkey = load_example_rsa_key();    if (pkey == NULL ||        !EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) ||        !EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))) {        goto out;    }    /* Determine the size of the signature. */    if (!EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) {        goto out;    }    /* Sanity check for testing. */    if (sig_len != (size_t)EVP_PKEY_size(pkey)) {        fprintf(stderr, "sig_len mismatch/n");        goto out;    }    sig = OPENSSL_malloc(sig_len);    if (sig == NULL || !EVP_DigestSignFinal(md_ctx, sig, &sig_len)) {        goto out;    }    /* Ensure that the signature round-trips. */    if (!EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(), NULL, pkey)        || !EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))        || !EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)) {        goto out;    }    ret = 1; out:    if (!ret) {        ERR_print_errors_fp(stderr);    }    EVP_MD_CTX_free(md_ctx);    EVP_MD_CTX_free(md_ctx_verify);    EVP_PKEY_free(pkey);    OPENSSL_free(sig);    return ret;}

/* test_algorithm_roundtrip signs a message using an already-initialized * |md_ctx|, sampling the AlgorithmIdentifier. It then uses |pkey| and the * AlgorithmIdentifier to verify the signature. */static int test_algorithm_roundtrip(EVP_MD_CTX *md_ctx, EVP_PKEY *pkey) {  int ret = 0;  uint8_t *sig = NULL;  size_t sig_len = 0;  EVP_MD_CTX md_ctx_verify;  X509_ALGOR *algor = NULL;  EVP_MD_CTX_init(&md_ctx_verify);  if (!EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))) {    goto out;  }  /* Save the algorithm. */  algor = X509_ALGOR_new();  if (algor == NULL || !EVP_DigestSignAlgorithm(md_ctx, algor)) {    goto out;  }  /* Determine the size of the signature. */  if (!EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) {    goto out;  }  /* Sanity check for testing. */  if (sig_len != EVP_PKEY_size(pkey)) {    fprintf(stderr, "sig_len mismatch/n");    goto out;  }  sig = malloc(sig_len);  if (sig == NULL || !EVP_DigestSignFinal(md_ctx, sig, &sig_len)) {    goto out;  }  /* Ensure that the signature round-trips. */  if (!EVP_DigestVerifyInitFromAlgorithm(&md_ctx_verify, algor, pkey) ||      !EVP_DigestVerifyUpdate(&md_ctx_verify, kMsg, sizeof(kMsg)) ||      !EVP_DigestVerifyFinal(&md_ctx_verify, sig, sig_len)) {    goto out;  }  ret = 1;out:  EVP_MD_CTX_cleanup(&md_ctx_verify);  if (sig) {    free(sig);  }  if (algor) {    X509_ALGOR_free(algor);  }  return ret;}

static int sign_it(const unsigned char *msg, size_t mlen, unsigned char **sig, size_t *slen, EVP_PKEY *pkey) {    int result = GS_FAILED;        *sig = NULL;    *slen = 0;        EVP_MD_CTX *ctx = EVP_MD_CTX_create();    if (ctx == NULL)        return GS_FAILED;        const EVP_MD *md = EVP_get_digestbyname("SHA256");    if (md == NULL)        goto cleanup;        int rc = EVP_DigestInit_ex(ctx, md, NULL);    if (rc != 1)        goto cleanup;        rc = EVP_DigestSignInit(ctx, NULL, md, NULL, pkey);    if (rc != 1)        goto cleanup;        rc = EVP_DigestSignUpdate(ctx, msg, mlen);    if (rc != 1)        goto cleanup;        size_t req = 0;    rc = EVP_DigestSignFinal(ctx, NULL, &req);    if (rc != 1 || !(req > 0))        goto cleanup;        *sig = OPENSSL_malloc(req);    if (*sig == NULL)        goto cleanup;        *slen = req;    rc = EVP_DigestSignFinal(ctx, *sig, slen);    if (rc != 1 || req != *slen)        goto cleanup;        result = GS_OK;    cleanup:    EVP_MD_CTX_destroy(ctx);    ctx = NULL;        return result;}

static int sign(void *ctx,char *file,void *in,int ilen,void *out,int *olen){	int r=NOCARD;	size_t slen=*olen;	ENGINE *e=(ENGINE *)ctx;	EVP_PKEY *key;	EVP_MD_CTX *mdc;	resume_engine(e,engbits);	if(!(key=ENGINE_load_private_key(e,file,NULL,NULL)))goto err1;	r=CRYPTOFAIL;	if(!(mdc=EVP_MD_CTX_create()))goto err2;	if(EVP_DigestInit_ex(mdc,EVP_sha256(),NULL)!=1)goto err3;	if(EVP_DigestSignInit(mdc,NULL,EVP_sha256(),NULL,key)!=1)goto err3;	if(EVP_DigestSignUpdate(mdc,in,ilen)!=1)goto err3;	if(EVP_DigestSignFinal(mdc,out,&slen)!=1)goto err3;	*olen=slen;	r=OK;err3:	EVP_MD_CTX_destroy(mdc);err2:	EVP_PKEY_free(key);err1:	suspend_engine(e,&engbits);	return r;}

/* * Generates the mac for the Finished message. Returns the length of the MAC or * 0 on error. */size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,                             unsigned char *out){    const EVP_MD *md = ssl_handshake_md(s);    unsigned char hash[EVP_MAX_MD_SIZE];    size_t hashlen, ret = 0;    EVP_PKEY *key = NULL;    EVP_MD_CTX *ctx = EVP_MD_CTX_new();    if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen))        goto err;    if (str == s->method->ssl3_enc->server_finished_label)        key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,                                   s->server_finished_secret, hashlen);    else        key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,                                   s->client_finished_secret, hashlen);    if (key == NULL            || ctx == NULL            || EVP_DigestSignInit(ctx, NULL, md, NULL, key) <= 0            || EVP_DigestSignUpdate(ctx, hash, hashlen) <= 0            || EVP_DigestSignFinal(ctx, out, &hashlen) <= 0)        goto err;    ret = hashlen; err:    EVP_PKEY_free(key);    EVP_MD_CTX_free(ctx);    return ret;}

voidSignerFilter::finalize(){  size_t sigLen = 0;  if (EVP_DigestSignFinal(m_impl->ctx, nullptr, &sigLen) != 1)    NDN_THROW(Error(getIndex(), "Failed to estimate buffer length"));  auto buffer = make_unique<OBuffer>(sigLen);  if (EVP_DigestSignFinal(m_impl->ctx, buffer->data(), &sigLen) != 1)    NDN_THROW(Error(getIndex(), "Failed to finalize signature"));  buffer->erase(buffer->begin() + sigLen, buffer->end());  setOutputBuffer(std::move(buffer));  flushAllOutput();}

static int ssl_sign_ecdsa(SSL *ssl, uint8_t *out, size_t *out_len,                          size_t max_out, int curve, const EVP_MD *md,                          const uint8_t *in, size_t in_len) {  EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(ssl->cert->privatekey);  if (ec_key == NULL) {    OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);    return 0;  }  /* In TLS 1.3, the curve is also specified by the signature algorithm. */  if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION &&      (curve == NID_undef ||       EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)) != curve)) {    OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);    return 0;  }  EVP_MD_CTX ctx;  EVP_MD_CTX_init(&ctx);  *out_len = max_out;  int ret = EVP_DigestSignInit(&ctx, NULL, md, NULL, ssl->cert->privatekey) &&            EVP_DigestSignUpdate(&ctx, in, in_len) &&            EVP_DigestSignFinal(&ctx, out, out_len);  EVP_MD_CTX_cleanup(&ctx);  return ret;}

static int s2n_evp_hmac_p_hash_digest(struct s2n_prf_working_space *ws, void *digest, uint32_t size){    /* EVP_DigestSign API's require size_t data structures */    size_t digest_size = size;    GUARD_OSSL(EVP_DigestSignFinal(ws->tls.p_hash.evp_hmac.evp_digest.ctx, (unsigned char *)digest, &digest_size), S2N_ERR_P_HASH_FINAL_FAILED);    return 0;}

int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,                   const unsigned char *tbs, size_t tbslen){    if (ctx->pctx->pmeth->digestsign != NULL)        return ctx->pctx->pmeth->digestsign(ctx, sigret, siglen, tbs, tbslen);    if (sigret != NULL && EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0)        return 0;    return EVP_DigestSignFinal(ctx, sigret, siglen);}

static int test_EVP_DigestSignInit(void){    int ret = 0;    EVP_PKEY *pkey = NULL;    unsigned char *sig = NULL;    size_t sig_len = 0;    EVP_MD_CTX *md_ctx, *md_ctx_verify = NULL;    if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())            || !TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())            || !TEST_ptr(pkey = load_example_rsa_key()))        goto out;    if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))            || !TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))        goto out;    /* Determine the size of the signature. */    if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))            || !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))        goto out;    if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))            || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))        goto out;    /* Ensure that the signature round-trips. */    if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(),                                        NULL, pkey))            || !TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify,                                                 kMsg, sizeof(kMsg)))            || !TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))        goto out;    ret = 1; out:    EVP_MD_CTX_free(md_ctx);    EVP_MD_CTX_free(md_ctx_verify);    EVP_PKEY_free(pkey);    OPENSSL_free(sig);    return ret;}

char *compute_and_encode_signature(const grpc_auth_json_key *json_key,                                   const char *signature_algorithm,                                   const char *to_sign) {  const EVP_MD *md = openssl_digest_from_algorithm(signature_algorithm);  EVP_MD_CTX *md_ctx = NULL;  EVP_PKEY *key = EVP_PKEY_new();  size_t sig_len = 0;  unsigned char *sig = NULL;  char *result = NULL;  if (md == NULL) return NULL;  md_ctx = EVP_MD_CTX_create();  if (md_ctx == NULL) {    gpr_log(GPR_ERROR, "Could not create MD_CTX");    goto end;  }  EVP_PKEY_set1_RSA(key, json_key->private_key);  if (EVP_DigestSignInit(md_ctx, NULL, md, NULL, key) != 1) {    gpr_log(GPR_ERROR, "DigestInit failed.");    goto end;  }  if (EVP_DigestSignUpdate(md_ctx, to_sign, strlen(to_sign)) != 1) {    gpr_log(GPR_ERROR, "DigestUpdate failed.");    goto end;  }  if (EVP_DigestSignFinal(md_ctx, NULL, &sig_len) != 1) {    gpr_log(GPR_ERROR, "DigestFinal (get signature length) failed.");    goto end;  }  sig = gpr_malloc(sig_len);  if (EVP_DigestSignFinal(md_ctx, sig, &sig_len) != 1) {    gpr_log(GPR_ERROR, "DigestFinal (signature compute) failed.");    goto end;  }  result = grpc_base64_encode(sig, sig_len, 1, 0);end:  if (key != NULL) EVP_PKEY_free(key);  if (md_ctx != NULL) EVP_MD_CTX_destroy(md_ctx);  if (sig != NULL) gpr_free(sig);  return result;}

static boolsig_done(jose_io_t *io){    io_t *i = containerof(io, io_t, io);    size_t len = 0;    if (EVP_DigestSignFinal(i->emc, NULL, &len) <= 0)        return false;    uint8_t buf[len];    if (EVP_DigestSignFinal(i->emc, buf, &len) <= 0)        return false;    if (json_object_set_new(i->sig, "signature",                            jose_b64_enc(buf, len)) < 0)        return false;    return add_entity(i->obj, i->sig,                      "signatures", "signature", "protected", "header", NULL);}

intlws_genhmac_destroy(struct lws_genhmac_ctx *ctx, void *result){	size_t size = lws_genhmac_size(ctx->type);	int n = EVP_DigestSignFinal(ctx->ctx, result, &size);	EVP_MD_CTX_destroy(ctx->ctx);	if (n != 1)		return -1;	return 0;}

static int ssl_sign_rsa_pkcs1(SSL *ssl, uint8_t *out, size_t *out_len,                              size_t max_out, const EVP_MD *md,                              const uint8_t *in, size_t in_len) {  EVP_MD_CTX ctx;  EVP_MD_CTX_init(&ctx);  *out_len = max_out;  int ret = EVP_DigestSignInit(&ctx, NULL, md, NULL, ssl->cert->privatekey) &&            EVP_DigestSignUpdate(&ctx, in, in_len) &&            EVP_DigestSignFinal(&ctx, out, out_len);  EVP_MD_CTX_cleanup(&ctx);  return ret;}

QByteArrayNvPairingManager::signMessage(QByteArray message){    EVP_MD_CTX *ctx = EVP_MD_CTX_create();    THROW_BAD_ALLOC_IF_NULL(ctx);    const EVP_MD *md = EVP_get_digestbyname("SHA256");    THROW_BAD_ALLOC_IF_NULL(md);    EVP_DigestInit_ex(ctx, md, NULL);    EVP_DigestSignInit(ctx, NULL, md, NULL, m_PrivateKey);    EVP_DigestSignUpdate(ctx, reinterpret_cast<unsigned char*>(message.data()), message.length());    size_t signatureLength = 0;    EVP_DigestSignFinal(ctx, NULL, &signatureLength);    QByteArray signature((int)signatureLength, 0);    EVP_DigestSignFinal(ctx, reinterpret_cast<unsigned char*>(signature.data()), &signatureLength);    EVP_MD_CTX_destroy(ctx);    return signature;}

/* * Generates the mac for the Finished message. Returns the length of the MAC or * 0 on error. */size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,                             unsigned char *out){    const EVP_MD *md = ssl_handshake_md(s);    unsigned char hash[EVP_MAX_MD_SIZE];    size_t hashlen, ret = 0;    EVP_PKEY *key = NULL;    EVP_MD_CTX *ctx = EVP_MD_CTX_new();    if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) {        /* SSLfatal() already called */        goto err;    }    if (str == s->method->ssl3_enc->server_finished_label) {        key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,                                           s->server_finished_secret, hashlen);    } else if (SSL_IS_FIRST_HANDSHAKE(s)) {        key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,                                           s->client_finished_secret, hashlen);    } else {        unsigned char finsecret[EVP_MAX_MD_SIZE];        if (!tls13_derive_finishedkey(s, ssl_handshake_md(s),                                      s->client_app_traffic_secret,                                      finsecret, hashlen))            goto err;        key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret,                                           hashlen);        OPENSSL_cleanse(finsecret, sizeof(finsecret));    }    if (key == NULL            || ctx == NULL            || EVP_DigestSignInit(ctx, NULL, md, NULL, key) <= 0            || EVP_DigestSignUpdate(ctx, hash, hashlen) <= 0            || EVP_DigestSignFinal(ctx, out, &hashlen) <= 0) {        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_FINAL_FINISH_MAC,                 ERR_R_INTERNAL_ERROR);        goto err;    }    ret = hashlen; err:    EVP_PKEY_free(key);    EVP_MD_CTX_free(ctx);    return ret;}

soter_status_t soter_sign_final_rsa_pss_pkcs8(soter_sign_ctx_t* ctx, void* signature, size_t* signature_length){    EVP_PKEY* pkey = EVP_PKEY_CTX_get0_pkey(ctx->pkey_ctx);    if (!pkey) {        return SOTER_INVALID_PARAMETER;    }    if ((*signature_length) < (size_t)EVP_PKEY_size(pkey)) {        (*signature_length) = (size_t)EVP_PKEY_size(pkey);        return SOTER_BUFFER_TOO_SMALL;    }    if (!EVP_DigestSignFinal(ctx->md_ctx, signature, signature_length)) {        return SOTER_FAIL;    }    return SOTER_SUCCESS;}

static int ssl_sign_rsa_pss(SSL *ssl, uint8_t *out, size_t *out_len,                              size_t max_out, const EVP_MD *md,                              const uint8_t *in, size_t in_len) {  EVP_MD_CTX ctx;  EVP_MD_CTX_init(&ctx);  *out_len = max_out;  EVP_PKEY_CTX *pctx;  int ret =      EVP_DigestSignInit(&ctx, &pctx, md, NULL, ssl->cert->privatekey) &&      EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) &&      EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1 /* salt len = hash len */) &&      EVP_DigestSignUpdate(&ctx, in, in_len) &&      EVP_DigestSignFinal(&ctx, out, out_len);  EVP_MD_CTX_cleanup(&ctx);  return ret;}

soter_status_t soter_sign_final_ecdsa_none_pkcs8(soter_sign_ctx_t* ctx, void* signature, size_t *signature_length){  EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx->pkey_ctx);  if (!pkey && EVP_PKEY_base_id(pkey)!=EVP_PKEY_EC){    return SOTER_INVALID_PARAMETER;  } /* TODO: need review */  soter_status_t res = SOTER_SUCCESS;  if(!signature || (*signature_length)<(size_t)EVP_PKEY_size(pkey)){    (*signature_length)=(size_t)EVP_PKEY_size(pkey);    res = SOTER_BUFFER_TOO_SMALL;  } else {      if(EVP_DigestSignFinal(ctx->md_ctx, signature, signature_length)!=1)	res = SOTER_INVALID_SIGNATURE;  }  return res;}

static LUA_FUNCTION(openssl_signFinal){  EVP_MD_CTX *ctx = CHECK_OBJECT(1, EVP_MD_CTX, "openssl.evp_digest_ctx");  EVP_PKEY *pkey = lua_gettop(L) > 1 ? CHECK_OBJECT(2, EVP_PKEY, "openssl.evp_pkey") : NULL;  size_t siglen = EVP_PKEY_size(pkey);  unsigned char *sigbuf = malloc(siglen + 1);  int ret = 0;  if (pkey)    ret = EVP_SignFinal(ctx, sigbuf, (unsigned int *)&siglen, pkey);  else    ret = EVP_DigestSignFinal(ctx, sigbuf, &siglen);  if (ret == 1)  {    lua_pushlstring(L, (char *)sigbuf, siglen);  }  free(sigbuf);  EVP_MD_CTX_cleanup(ctx);  if (ret == 1)    return 1;  return openssl_pushresult(L, ret);}

int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,          EVP_PKEY *key, unsigned char *sigin, int siglen,          const char *sig_name, const char *md_name,          const char *file, BIO *bmd){    size_t len;    int i;    for (;;) {        i = BIO_read(bp, (char *)buf, BUFSIZE);        if (i < 0) {            BIO_printf(bio_err, "Read Error in %s/n", file);            ERR_print_errors(bio_err);            return 1;        }        if (i == 0)            break;    }    if (sigin) {        EVP_MD_CTX *ctx;        BIO_get_md_ctx(bp, &ctx);        i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);        if (i > 0)            BIO_printf(out, "Verified OK/n");        else if (i == 0) {            BIO_printf(out, "Verification Failure/n");            return 1;        } else {            BIO_printf(bio_err, "Error Verifying Data/n");            ERR_print_errors(bio_err);            return 1;        }        return 0;    }    if (key) {        EVP_MD_CTX *ctx;        BIO_get_md_ctx(bp, &ctx);        len = BUFSIZE;        if (!EVP_DigestSignFinal(ctx, buf, &len)) {            BIO_printf(bio_err, "Error Signing Data/n");            ERR_print_errors(bio_err);            return 1;        }    } else {        len = BIO_gets(bp, (char *)buf, BUFSIZE);        if ((int)len < 0) {            ERR_print_errors(bio_err);            return 1;        }    }    if (binout)        BIO_write(out, buf, len);    else if (sep == 2) {        for (i = 0; i < (int)len; i++)            BIO_printf(out, "%02x", buf[i]);        BIO_printf(out, " *%s/n", file);    } else {        if (sig_name) {            BIO_puts(out, sig_name);            if (md_name)                BIO_printf(out, "-%s", md_name);            BIO_printf(out, "(%s)= ", file);        } else if (md_name)            BIO_printf(out, "%s(%s)= ", md_name, file);        else            BIO_printf(out, "(%s)= ", file);        for (i = 0; i < (int)len; i++) {            if (sep && (i != 0))                BIO_printf(out, ":");            BIO_printf(out, "%02x", buf[i]);        }        BIO_printf(out, "/n");    }    return 0;}

int tls1_mac(SSL *ssl, unsigned char *md, int send)	{	SSL3_RECORD *rec;	unsigned char *seq;	EVP_MD_CTX *hash;	size_t md_size;	int i;	EVP_MD_CTX hmac, *mac_ctx;	unsigned char buf[5]; 	int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));	int t;	if (send)		{		rec= &(ssl->s3->wrec);		seq= &(ssl->s3->write_sequence[0]);		hash=ssl->write_hash;		}	else		{		rec= &(ssl->s3->rrec);		seq= &(ssl->s3->read_sequence[0]);		hash=ssl->read_hash;		}	t=EVP_MD_CTX_size(hash);	TINYCLR_SSL_ASSERT(t >= 0);	md_size=t;	buf[0]=rec->type;	buf[1]=(unsigned char)(ssl->version>>8);	buf[2]=(unsigned char)(ssl->version);	buf[3]=rec->length>>8;	buf[4]=rec->length&0xff;	/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */	if (stream_mac) 		{			mac_ctx = hash;		}		else		{			EVP_MD_CTX_copy(&hmac,hash);			mac_ctx = &hmac;		}	if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER)		{		unsigned char dtlsseq[8],*p=dtlsseq;		s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);		TINYCLR_SSL_MEMCPY (p,&seq[2],6);		EVP_DigestSignUpdate(mac_ctx,dtlsseq,8);		}	else		EVP_DigestSignUpdate(mac_ctx,seq,8);	EVP_DigestSignUpdate(mac_ctx,buf,5);	EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);	t=EVP_DigestSignFinal(mac_ctx,md,&md_size);	TINYCLR_SSL_ASSERT(t > 0);			if (!stream_mac) EVP_MD_CTX_cleanup(&hmac);#ifdef TLS_DEBUGTINYCLR_SSL_PRINTF("sec=");{unsigned int z; for (z=0; z<md_size; z++) TINYCLR_SSL_PRINTF("%02X ",mac_sec[z]); TINYCLR_SSL_PRINTF("/n"); }TINYCLR_SSL_PRINTF("seq=");{int z; for (z=0; z<8; z++) TINYCLR_SSL_PRINTF("%02X ",seq[z]); TINYCLR_SSL_PRINTF("/n"); }TINYCLR_SSL_PRINTF("buf=");{int z; for (z=0; z<5; z++) TINYCLR_SSL_PRINTF("%02X ",buf[z]); TINYCLR_SSL_PRINTF("/n"); }TINYCLR_SSL_PRINTF("rec=");{unsigned int z; for (z=0; z<rec->length; z++) TINYCLR_SSL_PRINTF("%02X ",buf[z]); TINYCLR_SSL_PRINTF("/n"); }#endif	if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)		{		for (i=7; i>=0; i--)			{			++seq[i];			if (seq[i] != 0) break; 			}		}#ifdef TLS_DEBUG{unsigned int z; for (z=0; z<md_size; z++) TINYCLR_SSL_PRINTF("%02X ",md[z]); TINYCLR_SSL_PRINTF("/n"); }#endif	return(md_size);	}

//.........这里部分代码省略.........	}	siglen = ulen;	if (verbose) {		size_t i;		printf("signature (%zu bytes) = ", siglen);		for (i = 0; i < siglen; i++) {			printf("%02X", sig[i]);		}		printf("/n");	}	if (!EVP_VerifyInit_ex(mdctx, EVP_sm3(), engine)) {		fprintf(stderr, "error: %s %d/n", __FILE__, __LINE__);		goto end;	}	if (!EVP_VerifyUpdate(mdctx, msg, msglen)) {		fprintf(stderr, "error: %s %d/n", __FILE__, __LINE__);		goto end;	}	if (EVP_VerifyFinal(mdctx, sig, ulen, pkey) != SM2_VERIFY_SUCCESS) {		fprintf(stderr, "error: %s %d/n", __FILE__, __LINE__);		goto end;	}	/* EVP_DigestSignInit/Update/Final() */	// FIXME: return values might be different, not just 1 or 0	if (!EVP_DigestSignInit(mdctx, &pkctx, md, engine, pkey)) {		fprintf(stderr, "error: %s %d/n", __FILE__, __LINE__);		goto end;	}	if (!EVP_DigestSignUpdate(mdctx, msg, msglen)) {		fprintf(stderr, "error: %s %d/n", __FILE__, __LINE__);		goto end;	}	siglen = sizeof(sig);	if (!EVP_DigestSignFinal(mdctx, sig, &siglen)) {		fprintf(stderr, "error: %s %d/n", __FILE__, __LINE__);		goto end;	}	pkctx = NULL;		if (!EVP_DigestVerifyInit(mdctx, &pkctx, md, engine, pkey)) {		ERR_print_errors_fp(stderr);		fprintf(stderr, "error: %s %d/n", __FILE__, __LINE__);		goto end;	}	if (!EVP_DigestVerifyUpdate(mdctx, msg, msglen)) {		fprintf(stderr, "error: %s %d/n", __FILE__, __LINE__);		goto end;	}	if (!EVP_DigestVerifyFinal(mdctx, sig, siglen)) {		fprintf(stderr, "error: %s %d/n", __FILE__, __LINE__);		goto end;	}	/* EVP_SealInit/Update/Final() EVP_OpenInit/Update/Final() */	/*	EVP_PKEY *pk[NUM_PKEYS] = {0};	unsigned char iv[16];	unsigned char ek[NUM_PKEYS][256];	int eklen[NUM_PKEYS];	RAND_pseudo_bytes(iv, sizeof(iv));	int i;	for (i = 0; i < NUM_PKEYS; i++) {	}	if (!(cpctx = EVP_CIPHER_CTX_new())) {		goto end;	}	if (!EVP_SealInit(cpctx, cipher, ek, &ekl, iv, pubk, npubk)) {		goto end;	}	if (!EVP_SealUpdate(cpctx, msg, msglen)) {		goto end;	}	if (!EVP_SealFinal(cpctx, cbuf, (int *)&cbuflen)) {		goto end;	}	*/	printf("test success!/n");	ret = 1;end:	ERR_print_errors_fp(stderr);	return ret;}

int ASN1_item_sign_ctx(const ASN1_ITEM *it,                       X509_ALGOR *algor1, X509_ALGOR *algor2,                       ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx){    const EVP_MD *type;    EVP_PKEY *pkey;    unsigned char *buf_in = NULL, *buf_out = NULL;    size_t inl = 0, outl = 0, outll = 0;    int signid, paramtype;    int rv;    type = EVP_MD_CTX_md(ctx);    pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);    if (!type || !pkey) {        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);        return 0;    }    if (pkey->ameth->item_sign) {        rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature);        if (rv == 1)            outl = signature->length;        /*-         * Return value meanings:         * <=0: error.         *   1: method does everything.         *   2: carry on as normal.         *   3: ASN1 method sets algorithm identifiers: just sign.         */        if (rv <= 0)            ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);        if (rv <= 1)            goto err;    } else        rv = 2;    if (rv == 2) {        if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {            if (!pkey->ameth ||                !OBJ_find_sigid_by_algs(&signid,                                        EVP_MD_nid(type),                                        pkey->ameth->pkey_id)) {                ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,                        ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);                return 0;            }        } else            signid = type->pkey_type;        if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)            paramtype = V_ASN1_NULL;        else            paramtype = V_ASN1_UNDEF;        if (algor1)            X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);        if (algor2)            X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);    }    inl = ASN1_item_i2d(asn, &buf_in, it);    outll = outl = EVP_PKEY_size(pkey);    buf_out = OPENSSL_malloc((unsigned int)outl);    if ((buf_in == NULL) || (buf_out == NULL)) {        outl = 0;        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE);        goto err;    }    if (!EVP_DigestSignUpdate(ctx, buf_in, inl)        || !EVP_DigestSignFinal(ctx, buf_out, &outl)) {        outl = 0;        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);        goto err;    }    if (signature->data != NULL)        OPENSSL_free(signature->data);    signature->data = buf_out;    buf_out = NULL;    signature->length = outl;    /*     * In the interests of compatibility, I'll make sure that the bit string     * has a 'not-used bits' value of 0     */    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err:    EVP_MD_CTX_cleanup(ctx);    if (buf_in != NULL) {        OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);        OPENSSL_free(buf_in);    }    if (buf_out != NULL) {        OPENSSL_cleanse((char *)buf_out, outll);        OPENSSL_free(buf_out);    }    return (outl);//.........这里部分代码省略.........

//.........这里部分代码省略.........    ngx_free(tmp.data);    json_decref(header);    /*     * Create signature     */    /* Create signing input */    /* = ASCII(BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload)) */    signing_input.len = encoded_protected_header.len + strlen(".") + encoded_payload.len;    signing_input.data = ngx_alloc(signing_input.len, cf->log);    tmp_char_p = ngx_copy(signing_input.data, encoded_protected_header.data, encoded_protected_header.len);    tmp_char_p = ngx_copy(tmp_char_p, ".", strlen("."));    tmp_char_p = ngx_copy(tmp_char_p, encoded_payload.data, encoded_payload.len);    /* Convert the RSA key to the EVP_PKEY structure */    evp_key = EVP_PKEY_new();    if(evp_key == NULL) {        ngx_log_error(NGX_LOG_ERR, cf->log, 0,                "Error signing the message digest for the JWS signature.");        return NGX_CONF_ERROR;    }    if(EVP_PKEY_set1_RSA(evp_key, key) == 0) {        ngx_log_error(NGX_LOG_ERR, cf->log, 0,                "Error signing the message digest for the JWS signature.");        return NGX_CONF_ERROR;    }    /* Create the message digest context */    ret = 0;    mdctx = EVP_MD_CTX_create();    if(mdctx == NULL)        goto err;    /* Initialize the DigestSign operation - SHA-256 has been selected as the message digest function */    if(EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, evp_key) != 1)        goto err;    /* Call update with the message */    if(EVP_DigestSignUpdate(mdctx, signing_input.data, signing_input.len) != 1)        goto err;    /* Finalise the DigestSign operation */    /* First call EVP_DigestSignFinal with a NULL sig parameter to obtain the length of the */    /* signature. The length is returned in siglen. */    if(EVP_DigestSignFinal(mdctx, NULL, &signature.len) != 1)        goto err;    /* Allocate memory for the signature */    signature.data = ngx_alloc(signature.len, cf->log);    /* Obtain the signature */    if(EVP_DigestSignFinal(mdctx, signature.data, &signature.len) != 1)        goto err;    /* Success */    ret = 1;    err:    if(ret != 1) {        ngx_log_error(NGX_LOG_ERR, cf->log, 0,                "Error signing the message digest for the JWS signature. OpenSSL error 0x%xl", ERR_get_error());        return NGX_CONF_ERROR;    }    /* Clean up */    EVP_MD_CTX_destroy(mdctx);    EVP_PKEY_free(evp_key);    /* base64url encode the signature */    encoded_signature.len = ngx_base64_encoded_length(signature.len);    encoded_signature.data = ngx_alloc(encoded_signature.len, cf->log);    ngx_encode_base64url(&encoded_signature, &signature);    ngx_free(signature.data);    /*     * Create flattened JWS serialization     */    *flattened_jws = json_pack("{s:s%,s:s%,s:s%}",            "payload", encoded_payload.data, encoded_payload.len,            "protected", encoded_protected_header.data, encoded_protected_header.len,            "signature", encoded_signature.data, encoded_signature.len            );    ngx_free(serialized_payload.data);    // TODO (KK) Maybe this is too early for a free since the strings will be used in the flattened JWS (but when to free then?)    ngx_free(encoded_payload.data);    ngx_free(encoded_protected_header.data);    ngx_free(encoded_signature.data);    if(*flattened_jws == NULL) {        ngx_log_error(NGX_LOG_ERR, cf->log, 0, "Error serializing flattened JWS");        return NGX_CONF_ERROR;    }    return NGX_CONF_OK;} /* ngx_http_acme_sign_json */