自学教程：C++ EVP_PKEY_set1_RSA函数代码示例

intccn_keypair_from_rsa(int public_only, RSA *private_key_rsa,		PyObject **py_private_key_ccn, PyObject **py_public_key_ccn){	struct ccn_pkey *private_key = NULL, *public_key = NULL;	PyObject *py_private_key = NULL, *py_public_key = NULL;	unsigned int err;	int r;	RSA *public_key_rsa;	if (!public_only && py_private_key_ccn) {		private_key = (struct ccn_pkey *) EVP_PKEY_new();		JUMP_IF_NULL(private_key, openssl_error);		py_private_key = CCNObject_New(PKEY_PRIV, private_key);		JUMP_IF_NULL(py_private_key, error);		r = EVP_PKEY_set1_RSA((EVP_PKEY*) private_key, private_key_rsa);		JUMP_IF_NEG(r, openssl_error);	}	if (py_public_key_ccn) {		public_key = (struct ccn_pkey *) EVP_PKEY_new();		JUMP_IF_NULL(public_key, openssl_error);		py_public_key = CCNObject_New(PKEY_PUB, public_key);		JUMP_IF_NULL(py_public_key, error);		public_key_rsa = RSAPublicKey_dup(private_key_rsa);		JUMP_IF_NULL(public_key_rsa, openssl_error);		r = EVP_PKEY_set1_RSA((EVP_PKEY *) public_key, public_key_rsa);		RSA_free(public_key_rsa);		JUMP_IF_NULL(r, error);	}	if (py_private_key_ccn) {		*py_private_key_ccn = public_only ? (Py_INCREF(Py_None), Py_None) :				py_private_key;	}	if (py_public_key_ccn)		*py_public_key_ccn = py_public_key;	return 0;openssl_error:	err = ERR_get_error();	PyErr_Format(g_PyExc_CCNKeyError, "Unable to generate keypair from the key:"			" %s", ERR_reason_error_string(err));error:	if (!py_public_key && public_key)		ccn_pubkey_free(public_key);	Py_XDECREF(py_public_key);	if (!py_private_key && private_key)		ccn_pubkey_free(private_key);	Py_XDECREF(py_private_key);	return -1;}

// Encode into PKCS#8 DERByteString OSSLRSAPrivateKey::PKCS8Encode(){	ByteString der;	if (rsa == NULL) return der;	EVP_PKEY* pkey = EVP_PKEY_new();	if (pkey == NULL) return der;	if (!EVP_PKEY_set1_RSA(pkey, rsa))	{		EVP_PKEY_free(pkey);		return der;	}	PKCS8_PRIV_KEY_INFO* p8inf = EVP_PKEY2PKCS8(pkey);	EVP_PKEY_free(pkey);	if (p8inf == NULL) return der;	int len = i2d_PKCS8_PRIV_KEY_INFO(p8inf, NULL);	if (len < 0)	{		PKCS8_PRIV_KEY_INFO_free(p8inf);		return der;	}	der.resize(len);	unsigned char* priv = &der[0];	int len2 = i2d_PKCS8_PRIV_KEY_INFO(p8inf, &priv);	PKCS8_PRIV_KEY_INFO_free(p8inf);	if (len2 != len) der.wipe();	return der;}

int keygen_init(void){	m_bignumber = BN_new();	if(!m_bignumber)	{		fprintf(stderr, "Failed to init bignumber/n");		return -1;	}	m_rsa=RSA_new();	if(!m_rsa)	{		fprintf(stderr, "Failed to create RSA context/n");		return -1;	}	if(!BN_set_word(m_bignumber, RSA_F4) || !RSA_generate_key_ex(m_rsa,RSA_KEY_BITS,m_bignumber,NULL))	{		fprintf(stderr, "Failed to generate RSA key/n");		return -1;	}	m_evpkey=EVP_PKEY_new();	if(!EVP_PKEY_set1_RSA(m_evpkey, m_rsa))	{		fprintf(stderr, "Unable to convert RSA key to EVP key/n");		return -1;	}	m_p8info=EVP_PKEY2PKCS8(m_evpkey);	if(!m_p8info)	{		fprintf(stderr, "Failed to convert EVP to PKCS8/n");		return -1;	}	return 0;}

/* * Build an EVP_PKEY object */static EVP_PKEY *pkcs11_get_evp_key_rsa(PKCS11_KEY *key){	EVP_PKEY *pk;	RSA *rsa;	rsa = pkcs11_get_rsa(key);	if (rsa == NULL)		return NULL;	pk = EVP_PKEY_new();	if (pk == NULL) {		RSA_free(rsa);		return NULL;	}	EVP_PKEY_set1_RSA(pk, rsa); /* Also increments the rsa ref count */	if (key->isPrivate)		RSA_set_method(rsa, PKCS11_get_rsa_method());	/* TODO: Retrieve the RSA private key object attributes instead,	 * unless the key has the "sensitive" attribute set */#if OPENSSL_VERSION_NUMBER < 0x01010000L	/* RSA_FLAG_SIGN_VER is no longer needed since OpenSSL 1.1 */	rsa->flags |= RSA_FLAG_SIGN_VER;#endif	RSA_set_ex_data(rsa, rsa_ex_index, key);	RSA_free(rsa); /* Drops our reference to it */	return pk;}

static EVP_PKEY * generate_private_key (void){    RSA *rsa = RSA_new();    BIGNUM *bn = BN_new();    EVP_PKEY *pkey;    /*     * create an RSA keypair and assign them to a PKEY and return it.     */    BN_set_word(bn, 0x10001);    RSA_generate_key_ex(rsa, 1024, bn, NULL);        pkey = EVP_PKEY_new();    if (pkey==NULL) {        printf("/nError allocating PKEY structure for new key pair/n");        return NULL;    }    if (!EVP_PKEY_set1_RSA(pkey, rsa)) {        printf("/nError assigning RSA key pair to PKEY structure/n");        return NULL;    }                RSA_free(rsa);    BN_free(bn);        return (pkey);}

static EVP_PKEY *pkey_from_jwk(const grpc_json *json, const char *kty) {  const grpc_json *key_prop;  RSA *rsa = NULL;  EVP_PKEY *result = NULL;  GPR_ASSERT(kty != NULL && json != NULL);  if (strcmp(kty, "RSA") != 0) {    gpr_log(GPR_ERROR, "Unsupported key type %s.", kty);    goto end;  }  rsa = RSA_new();  if (rsa == NULL) {    gpr_log(GPR_ERROR, "Could not create rsa key.");    goto end;  }  for (key_prop = json->child; key_prop != NULL; key_prop = key_prop->next) {    if (strcmp(key_prop->key, "n") == 0) {      rsa->n = bignum_from_base64(validate_string_field(key_prop, "n"));      if (rsa->n == NULL) goto end;    } else if (strcmp(key_prop->key, "e") == 0) {      rsa->e = bignum_from_base64(validate_string_field(key_prop, "e"));      if (rsa->e == NULL) goto end;    }  }  if (rsa->e == NULL || rsa->n == NULL) {    gpr_log(GPR_ERROR, "Missing RSA public key field.");    goto end;  }  result = EVP_PKEY_new();  EVP_PKEY_set1_RSA(result, rsa); /* uprefs rsa. */end:  if (rsa != NULL) RSA_free(rsa);  return result;}

void openssl_evp_comsign(){	RSA *rsa;	EVP_PKEY *evpKey;	EVP_MD_CTX mdctx;	unsigned int i, len;	char ins[MAX1_LEN] = "openssl signature";	unsigned char outs[MAX1_LEN];	OpenSSL_add_all_algorithms();	rsa = RSA_generate_key(MAX1_LEN, RSA_F4, NULL, NULL);	evpKey = EVP_PKEY_new();	EVP_PKEY_set1_RSA(evpKey, rsa);	EVP_MD_CTX_init(&mdctx);	EVP_SignInit_ex(&mdctx, EVP_md5(), NULL);	EVP_SignUpdate(&mdctx, ins, strlen(ins));	EVP_SignFinal(&mdctx, outs, &len, evpKey);	printf("/nEVP_COMSignature(%s) = ", ins);	for (i = 0; i < len; i++)		printf("0x%02x ", outs[i]);	printf("/n");	EVP_MD_CTX_cleanup(&mdctx);	EVP_MD_CTX_init(&mdctx);	EVP_VerifyInit_ex(&mdctx, EVP_md5(), NULL);	EVP_VerifyUpdate(&mdctx, ins, strlen(ins));	if (EVP_VerifyFinal(&mdctx, outs, len, evpKey) == 1)		printf("EVP_COMVerify OK!/n");	EVP_MD_CTX_cleanup(&mdctx);	EVP_PKEY_free(evpKey);	RSA_free(rsa);}

/* creates a self-signed certificate for a key */X509 *ship_create_selfsigned_cert(char *subject, int ttl, RSA* signer_key){	X509 *x = 0, *ret = 0;	X509_NAME *tmp = 0;	EVP_PKEY *pr_key = 0;		ASSERT_TRUE(x = X509_new(), err);	ASSERT_TRUE(pr_key = EVP_PKEY_new(), err);	ASSERT_TRUE(EVP_PKEY_set1_RSA(pr_key, signer_key), err);		ASSERT_TRUE(X509_set_version(x, 2), err); /* version 3 certificate */	ASN1_INTEGER_set(X509_get_serialNumber(x), 0);        ASSERT_TRUE(X509_gmtime_adj(X509_get_notBefore(x), 0), err);	ASSERT_TRUE(X509_gmtime_adj(X509_get_notAfter(x), (long)ttl), err);		ASSERT_TRUE(tmp = X509_get_subject_name(x), err);	ASSERT_TRUE(X509_NAME_add_entry_by_txt(tmp, "CN", MBSTRING_ASC, 					       (unsigned char*)subject, -1, -1, 0), err);	ASSERT_TRUE(X509_set_subject_name(x, tmp), err);	ASSERT_TRUE(X509_set_pubkey(x, pr_key), err);	ASSERT_TRUE(X509_sign(x, pr_key, EVP_sha1()), err);	ret = x;	x = NULL; err:	if (x)		X509_free(x);	if (pr_key)		EVP_PKEY_free(pr_key);	return ret;}

static EVP_PKEY *create_pkey(neverbleed_t *nb, size_t key_index, const char *ebuf, const char *nbuf){    struct st_neverbleed_rsa_exdata_t *exdata;    RSA *rsa;    EVP_PKEY *pkey;    if ((exdata = malloc(sizeof(*exdata))) == NULL) {        fprintf(stderr, "no memory/n");        abort();    }    exdata->nb = nb;    exdata->key_index = key_index;    rsa = RSA_new_method(nb->engine);    RSA_set_ex_data(rsa, 0, exdata);    if (BN_hex2bn(&rsa->e, ebuf) == 0) {        fprintf(stderr, "failed to parse e:%s/n", ebuf);        abort();    }    if (BN_hex2bn(&rsa->n, nbuf) == 0) {        fprintf(stderr, "failed to parse n:%s/n", nbuf);        abort();    }    rsa->flags |= RSA_FLAG_EXT_PKEY;    pkey = EVP_PKEY_new();    EVP_PKEY_set1_RSA(pkey, rsa);    RSA_free(rsa);    return pkey;}

bool Verificador::verificarFirma(ParDeClaves& parDeClaves,const std::string& firma,std::istream& mensaje){    RSA* rsa = parDeClaves;    EVP_PKEY* pk = EVP_PKEY_new();    EVP_MD_CTX ctx;    EVP_PKEY_set1_RSA(pk,parDeClaves);    EVP_MD_CTX_init(&ctx);    M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_PKCS1/*EVP_MD_CTX_FLAG_PAD_X931*/);    EVP_VerifyInit_ex(&ctx, EVP_get_digestbynid(NID_sha1), NULL);    while(!mensaje.eof()){        unsigned char buffer[tamanio_de_buffer_default];        mensaje.read((char*)buffer,tamanio_de_buffer_default);        EVP_VerifyUpdate(&ctx, buffer, mensaje.gcount());        mensaje.peek();    }    int ok = EVP_VerifyFinal(&ctx, (unsigned char*)firma.c_str(), firma.size(), pk);    EVP_MD_CTX_cleanup(&ctx);    // El free esta en el constructor de ParDeClaves no puede    // liberarse aca    //FIPS_rsa_free(pk.pkey.rsa);    EVP_PKEY_free(pk);    return ok==1;}

static EVP_PKEY *pki_generate_keyring(){	jlog(L_DEBUG, "pki_generate_keyring");	EVP_PKEY *keyring;	RSA *rsa_keys;	// create a new keyring	keyring = EVP_PKEY_new();	// generate RSA type public and private keys	rsa_keys = RSA_generate_key(2048, RSA_F4, NULL, NULL);	// if the keys are not usable, give it another try	if (RSA_check_key(rsa_keys) != 1) {		RSA_free(rsa_keys);		rsa_keys = RSA_generate_key(2048, RSA_F4, NULL, NULL);		// we are in serious problem here		if (RSA_check_key(rsa_keys) != 1) {			RSA_free(rsa_keys);			return NULL;		}	}	// add the RSA keys into the keyring	EVP_PKEY_set1_RSA(keyring, rsa_keys);	RSA_free(rsa_keys);	return keyring;}

bool Certificate::verifySignature(RSA *key){	bool res = false;		if (!key)		return false;	if (verified)		return true;		EVP_PKEY *pkey = EVP_PKEY_new();		if (!pkey) {		HAGGLE_ERR("Could not allocate EVP_PKEY/n");		writeErrors("");		return false;	}		EVP_PKEY_set1_RSA(pkey, key);	        res = verifySignature(pkey);		EVP_PKEY_free(pkey);			return res;}

BOOL rsautil_rsa_to_privkeyblob(RSA *rsa, PBYTE *blob, DWORD *cbBlob){	BOOL status = FALSE;	BIO *out;	EVP_PKEY *pk;	int ret;	char *ptr;	if(pk = EVP_PKEY_new())	{		if(out = BIO_new(BIO_s_mem()))		{			EVP_PKEY_set1_RSA(pk, rsa);			ret = i2b_PrivateKey_bio(out, pk);			if(ret > 0)			{				*cbBlob = BIO_get_mem_data(out, &ptr);				if(*blob = (PBYTE) LocalAlloc(LPTR, *cbBlob))				{					status = TRUE;					RtlCopyMemory(*blob, ptr, *cbBlob);				}			}			else /**/;			BIO_free(out);		}		EVP_PKEY_free(pk);	}	return status;}

PyObject *_pyndn_privatekey_dup(const struct ndn_pkey *key){	RSA *private_key_rsa;	PyObject *py_private_key = NULL;	struct ndn_pkey *private_key;	unsigned int err;	int r;	private_key = (struct ndn_pkey *) EVP_PKEY_new();	JUMP_IF_NULL(private_key, openssl_error);	py_private_key = NDNObject_New(PKEY_PRIV, private_key);	if (!py_private_key) {		EVP_PKEY_free((EVP_PKEY *) private_key);		goto error;	}	private_key_rsa = EVP_PKEY_get1_RSA((EVP_PKEY *) key);	JUMP_IF_NULL(private_key_rsa, openssl_error);	r = EVP_PKEY_set1_RSA((EVP_PKEY*) private_key, private_key_rsa);	RSA_free(private_key_rsa);	JUMP_IF_NEG(r, openssl_error);	return py_private_key;openssl_error:	err = ERR_get_error();	PyErr_Format(g_PyExc_NDNKeyError, "Unable to generate keypair from the key:"			" %s", ERR_reason_error_string(err));error:	Py_XDECREF(py_private_key);	return NULL;}

static EVP_PKEY *load_example_rsa_key(void){    EVP_PKEY *ret = NULL;    const unsigned char *derp = kExampleRSAKeyDER;    EVP_PKEY *pkey = NULL;    RSA *rsa = NULL;    if (!d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))) {        return NULL;    }    pkey = EVP_PKEY_new();    if (pkey == NULL || !EVP_PKEY_set1_RSA(pkey, rsa)) {        goto out;    }    ret = pkey;    pkey = NULL; out:    EVP_PKEY_free(pkey);    RSA_free(rsa);    return ret;}

		EVPPKey EVPPKey::createFromRSAKey(const RSAKey& key)		{			boost::shared_ptr<EVP_PKEY> _pkey(EVP_PKEY_new(), EVP_PKEY_free);			EXCEPTION_ASSERT(_pkey, Exception::bad_function_call, "Unable to create a EVP_PKEY structure");			EVP_PKEY_set1_RSA(_pkey.get(), key.d_rsa.get());			return EVPPKey(_pkey, key.hasPrivateCompound());		}

static EVP_PKEY* ssls_dup_PrivateRSA_ENV_PKEY( EVP_PKEY* src ){	EVP_PKEY* pDupKey = EVP_PKEY_new();	RSA* pRSA = EVP_PKEY_get1_RSA(src);	RSA* pRSADupKey = RSAPrivateKey_dup(pRSA);	RSA_free(pRSA);	EVP_PKEY_set1_RSA(pDupKey, pRSADupKey);	RSA_free(pRSADupKey);	return(pDupKey);}

int dnskey_build_pkey(struct rr_dnskey *rr){	if (rr->pkey_built)		return rr->pkey ? 1 : 0;	rr->pkey_built = 1;	if (algorithm_type(rr->algorithm) == ALG_RSA_FAMILY) {		RSA *rsa;		EVP_PKEY *pkey;		unsigned int e_bytes;		unsigned char *pk;		int l;		rsa = RSA_new();		if (!rsa)			goto done;		pk = (unsigned char *)rr->pubkey.data;		l = rr->pubkey.length;		e_bytes = *pk++;		l--;		if (e_bytes == 0) {			if (l < 2) /* public key is too short */				goto done;			e_bytes = (*pk++)  << 8;			e_bytes += *pk++;			l -= 2;		}		if (l < e_bytes) /* public key is too short */			goto done;		rsa->e = BN_bin2bn(pk, e_bytes, NULL);		pk += e_bytes;		l -= e_bytes;		rsa->n = BN_bin2bn(pk, l, NULL);		pkey = EVP_PKEY_new();		if (!pkey)			goto done;		if (!EVP_PKEY_set1_RSA(pkey, rsa))			goto done;		rr->pkey = pkey;	}done:	if (!rr->pkey) {		moan(rr->rr.file_name, rr->rr.line, "error building pkey");	}	return rr->pkey ? 1 : 0;}

int RSA_print(BIO *bp, const RSA *x, int off){    EVP_PKEY *pk;    int ret;    pk = EVP_PKEY_new();    if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x))        return 0;    ret = EVP_PKEY_print_private(bp, pk, off, NULL);    EVP_PKEY_free(pk);    return ret;}

void setRsaKeys(char *rsaprivKeyPath,char *rsapubKeyPath,char *rsapubKeyPath2){	 SSL_load_error_strings();	 OpenSSL_add_all_algorithms();	 OpenSSL_add_all_ciphers();	 OpenSSL_add_all_digests();	 sKey = EVP_PKEY_new();	 pKey = EVP_PKEY_new();	 pKey2 = EVP_PKEY_new();	 priv = getRsaFp( rsaprivKeyPath );	 pub = getRsaFp2( rsapubKeyPath );	 pub2 = getRsaFp2( rsapubKeyPath2 );	 EVP_PKEY_set1_RSA( sKey, priv );	 EVP_PKEY_set1_RSA( pKey, pub );	 EVP_PKEY_set1_RSA( pKey2, pub2 );}

/* Creates an X509 certificate request (1st stage). */EXPORT int MakeCertificateRequest(unsigned char *reqbuf, int *reqlen, char *x500dn, unsigned char *rsabuf, int rsalen){	EVP_PKEY *pkey = NULL;	RSA *rsa = NULL;	unsigned char *p = NULL;	int ret = OPENSSLCA_NO_ERR;	if (reqbuf == NULL || reqlen == NULL || x500dn == NULL || rsabuf == NULL || rsalen == 0)		return OPENSSLCA_ERR_ARGS;	/* Decode RSA public key from DER format */	if ((rsa = RSA_new()) == NULL) {		ret = OPENSSLCA_ERR_RSA_NEW;		goto err;	}	p = rsabuf;	if (d2i_RSAPublicKey(&rsa, &p, rsalen) == NULL) {		ret = OPENSSLCA_ERR_RSA_DECODE;		goto err;	}	/* Add RSA to EVP_PKEY */	if ((pkey = EVP_PKEY_new()) == NULL) {		ret = OPENSSLCA_ERR_KEY_NEW;		goto err;	}	if (!EVP_PKEY_set1_RSA(pkey, rsa)) {		ret = OPENSSLCA_ERR_KEY_ASSIGN;		goto err;	}#ifdef _DEBUG	{		FILE *fp = fopen(DBG_PATH("rsa.bin"), "wb");		if (fp != NULL) {			i2d_RSAPublicKey_fp(fp, rsa);			fclose(fp);		}	}#endif	ret = MakeCertificateRequest2(reqbuf, reqlen, x500dn, pkey);err:	print_err("MakeCertificateRequest()", ret);	if (rsa)		RSA_free(rsa);	if (pkey)		EVP_PKEY_free(pkey);	return ret;}

Qt::HANDLE QSmartCard::key(){	RSA *rsa = RSAPublicKey_dup( (RSA*)d->t.authCert().publicKey().handle() );	if ( !rsa )		return 0;	RSA_set_method( rsa, &d->method );	rsa->flags |= RSA_FLAG_SIGN_VER;	RSA_set_app_data( rsa, d );	EVP_PKEY *key = EVP_PKEY_new();	EVP_PKEY_set1_RSA( key, rsa );	RSA_free( rsa );	return Qt::HANDLE(key);}

static EVP_PKEY *b2i_rsa(const unsigned char **in,                         unsigned int bitlen, int ispub){    const unsigned char *pin = *in;    EVP_PKEY *ret = NULL;    BIGNUM *e = NULL, *n = NULL, *d = NULL;    RSA *rsa = NULL;    unsigned int nbyte, hnbyte;    nbyte = (bitlen + 7) >> 3;    hnbyte = (bitlen + 15) >> 4;    rsa = RSA_new();    ret = EVP_PKEY_new();    if (rsa == NULL || ret == NULL)        goto memerr;    e = BN_new();    if (e == NULL)        goto memerr;    if (!BN_set_word(e, read_ledword(&pin)))        goto memerr;    if (!read_lebn(&pin, nbyte, &n))        goto memerr;    if (!ispub) {        BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;        if (!read_lebn(&pin, hnbyte, &p))            goto memerr;        if (!read_lebn(&pin, hnbyte, &q))            goto memerr;        if (!read_lebn(&pin, hnbyte, &dmp1))            goto memerr;        if (!read_lebn(&pin, hnbyte, &dmq1))            goto memerr;        if (!read_lebn(&pin, hnbyte, &iqmp))            goto memerr;        if (!read_lebn(&pin, nbyte, &d))            goto memerr;        RSA_set0_factors(rsa, p, q);        RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);    }    RSA_set0_key(rsa, e, n, d);    EVP_PKEY_set1_RSA(ret, rsa);    RSA_free(rsa);    *in = pin;    return ret; memerr:    PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);    RSA_free(rsa);    EVP_PKEY_free(ret);    return NULL;}

static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,						unsigned int bitlen, int ispub)			{	const unsigned char *p = *in;	EVP_PKEY *ret = NULL;	RSA *rsa = NULL;	unsigned int nbyte, hnbyte;	nbyte = (bitlen + 7) >> 3;	hnbyte = (bitlen + 15) >> 4;	rsa = RSA_new();	ret = EVP_PKEY_new();	if (!rsa || !ret)		goto memerr;	rsa->e = BN_new();	if (!rsa->e)		goto memerr;	if (!BN_set_word(rsa->e, read_ledword(&p)))		goto memerr;	if (!read_lebn(&p, nbyte, &rsa->n))		goto memerr;	if (!ispub)		{		if (!read_lebn(&p, hnbyte, &rsa->p))			goto memerr;		if (!read_lebn(&p, hnbyte, &rsa->q))			goto memerr;		if (!read_lebn(&p, hnbyte, &rsa->dmp1))			goto memerr;		if (!read_lebn(&p, hnbyte, &rsa->dmq1))			goto memerr;		if (!read_lebn(&p, hnbyte, &rsa->iqmp))			goto memerr;		if (!read_lebn(&p, nbyte, &rsa->d))			goto memerr;		}	EVP_PKEY_set1_RSA(ret, rsa);	RSA_free(rsa);	*in = p;	return ret;	memerr:	PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);	if (rsa)		RSA_free(rsa);	if (ret)		EVP_PKEY_free(ret);	return NULL;	}

int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp){	EVP_PKEY *pktmp;	int ret;	if(!a) return 0;	pktmp = EVP_PKEY_new();	if(!pktmp) {		ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);		return 0;	}	EVP_PKEY_set1_RSA(pktmp, a);	ret = i2d_PUBKEY(pktmp, pp);	EVP_PKEY_free(pktmp);	return ret;}

int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,                                unsigned char *kstr, int klen,                                pem_password_cb *cb, void *u){    EVP_PKEY *k;    int ret;    k = EVP_PKEY_new();    if (!k)        return 0;    EVP_PKEY_set1_RSA(k, x);    ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);    EVP_PKEY_free(k);    return ret;}

int i2d_RSA_PUBKEY(const RSA *a, unsigned char **pp)	{	EVP_PKEY *pktmp;	int ret;	if (!a) return 0;	pktmp = EVP_PKEY_new();	if (!pktmp)		{		OPENSSL_PUT_ERROR(X509, i2d_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);		return 0;		}	EVP_PKEY_set1_RSA(pktmp, (RSA*) a);	ret = i2d_PUBKEY(pktmp, pp);	EVP_PKEY_free(pktmp);	return ret;	}

boolparcSelfSignedCertificate_CreateRSACertificate(const char *subjectname, unsigned keylength, unsigned validityDays, X509 *cert, RSA *rsa, EVP_PKEY *private_key){    int res;    bool return_value = false;    BIGNUM *pub_exp;    pub_exp = BN_new();    BN_set_word(pub_exp, RSA_F4);    res = 1;    if (RSA_generate_key_ex(rsa, keylength, pub_exp, NULL)) {        if (EVP_PKEY_set1_RSA(private_key, rsa)) {            if (X509_set_version(cert, 2)) { // 2 => X509v3                return_value = true;            }        }    }    if (return_value) {        // add serial number        if (_addRandomSerial(cert) == true) {            if (_addValidityPeriod(cert, validityDays) == true) {                if (X509_set_pubkey(cert, private_key) == 1) {                    if (_addSubjectName(cert, subjectname) == true) {                        if (_addExtensions(cert) == true) {                            if (_addKeyIdentifier(cert) == true) {                                // The certificate is complete, sign it.                                if (X509_sign(cert, private_key, EVP_sha256())) {                                    return_value = true;                                } else {                                    printf("error: (%d) %s/n", res, ERR_lib_error_string(res));                                }                            }                        }                    }                }            }        }    }    ERR_print_errors_fp(stdout);    BN_free(pub_exp);    return return_value;}

static bool EVP_verify(RSA *rsa, const char *sign, size_t sigl, const char *data, size_t l) {	EVP_MD_CTX ctx;	EVP_PKEY *pkey;	bool ret = false;	pkey = EVP_PKEY_new();	if (!pkey) return ret;	if (!EVP_PKEY_set1_RSA(pkey, rsa)) goto _fail;	EVP_VerifyInit(&ctx, EVP_sha256());	if (!EVP_VerifyUpdate(&ctx, data, l)) goto _fail;	if (EVP_VerifyFinal(&ctx, sign, sigl, pkey) == 1) ret = true;_fail:	EVP_PKEY_free(pkey);	return ret;}