自学教程：C++ EVP_md5函数代码示例

/* CRAM-MD5 auth state. */intimap_state_cram_md5_auth(struct account *a, struct fetch_ctx *fctx){	struct fetch_imap_data	*data = a->data;	char			*line, *ptr, *src, *b64;	char			 out[EVP_MAX_MD_SIZE * 2 + 1];	u_char			 digest[EVP_MAX_MD_SIZE];	u_int			 i, n;	if (imap_getln(a, fctx, IMAP_CONTINUE, &line) != 0)		return (FETCH_ERROR);	if (line == NULL)		return (FETCH_BLOCK);	ptr = line + 1;	while (isspace((u_char) *ptr))		ptr++;	if (*ptr == '/0')		return (imap_invalid(a, line));	b64 = imap_base64_decode(ptr);	HMAC(EVP_md5(),	    data->pass, strlen(data->pass), b64, strlen(b64), digest, &n);	xfree(b64);	for (i = 0; i < n; i++)		xsnprintf(out + i * 2, 3, "%02hhx", digest[i]);	xasprintf(&src, "%s %s", data->user, out);	b64 = imap_base64_encode(src);	xfree(src);	if (imap_putln(a, "%s", b64) != 0) {		xfree(b64);		return (FETCH_ERROR);	}	xfree(b64);	fctx->state = imap_state_pass;	return (FETCH_BLOCK);}

void ntlm_compute_lm_v2_response(NTLM_CONTEXT* context){    char* response;    char value[16];    char ntlm_v2_hash[16];    /* Compute the NTLMv2 hash */    ntlm_compute_ntlm_v2_hash(context, ntlm_v2_hash);    /* Concatenate the server and client challenges */    CopyMemory(value, context->ServerChallenge, 8);    CopyMemory(&value[8], context->ClientChallenge, 8);    sspi_SecBufferAlloc(&context->LmChallengeResponse, 24);    response = (char*) context->LmChallengeResponse.pvBuffer;    /* Compute the HMAC-MD5 hash of the resulting value using the NTLMv2 hash as the key */    HMAC(EVP_md5(), (void*) ntlm_v2_hash, 16, (void*) value, 16, (void*) response, NULL);    /* Concatenate the resulting HMAC-MD5 hash and the client challenge, giving us the LMv2 response (24 bytes) */    CopyMemory(&response[16], context->ClientChallenge, 8);}

unsigned long X509_issuer_and_serial_hash(X509 *a)	{	unsigned long ret=0;	EVP_MD_CTX ctx;	unsigned char md[16];	char *f;	EVP_MD_CTX_init(&ctx);	f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);	ret=strlen(f);	EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);	EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);	OPENSSL_free(f);	EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,		(unsigned long)a->cert_info->serialNumber->length);	EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)		)&0xffffffffL;	EVP_MD_CTX_cleanup(&ctx);	return(ret);	}

static void_md_init_subsystem (void){    int i;    for (i = 0; i < MUNGE_MAC_LAST_ITEM; i++) {        _md_map [i] = NULL;    }    _md_map [MUNGE_MAC_MD5] = EVP_md5 ();    _md_map [MUNGE_MAC_SHA1] = EVP_sha1 ();    _md_map [MUNGE_MAC_RIPEMD160] = EVP_ripemd160 ();#if HAVE_EVP_SHA256    _md_map [MUNGE_MAC_SHA256] = EVP_sha256 ();#endif /* HAVE_EVP_SHA256 */#if HAVE_EVP_SHA512    _md_map [MUNGE_MAC_SHA512] = EVP_sha512 ();#endif /* HAVE_EVP_SHA512 */    return;}

static gboolean irssi_ssl_verify(SSL *ssl, SSL_CTX *ctx, const char* hostname, X509 *cert){	long result;	result = SSL_get_verify_result(ssl);	if (result != X509_V_OK) {		unsigned char md[EVP_MAX_MD_SIZE];		unsigned int n;		char *str;		g_warning("Could not verify SSL servers certificate: %s",				X509_verify_cert_error_string(result));		if ((str = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0)) == NULL)			g_warning("  Could not get subject-name from peer certificate");		else {			g_warning("  Subject : %s", str);			free(str);		}		if ((str = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0)) == NULL)			g_warning("  Could not get issuer-name from peer certificate");		else {			g_warning("  Issuer  : %s", str);			free(str);		}		if (! X509_digest(cert, EVP_md5(), md, &n))			g_warning("  Could not get fingerprint from peer certificate");		else {			char hex[] = "0123456789ABCDEF";			char fp[EVP_MAX_MD_SIZE*3];			if (n < sizeof(fp)) {				unsigned int i;				for (i = 0; i < n; i++) {					fp[i*3+0] = hex[(md[i] >> 4) & 0xF];					fp[i*3+1] = hex[(md[i] >> 0) & 0xF];					fp[i*3+2] = i == n - 1 ? '/0' : ':';				}				g_warning("  MD5 Fingerprint : %s", fp);			}		}

unsigned longX509_NAME_hash_old(X509_NAME *x){	EVP_MD_CTX md_ctx;	unsigned long ret = 0;	unsigned char md[16];	/* Make sure X509_NAME structure contains valid cached encoding */	i2d_X509_NAME(x, NULL);	EVP_MD_CTX_init(&md_ctx);	if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) &&	    EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) &&	    EVP_DigestFinal_ex(&md_ctx, md, NULL))		ret = (((unsigned long)md[0]) |		    ((unsigned long)md[1] << 8L) |		    ((unsigned long)md[2] << 16L) |		    ((unsigned long)md[3] << 24L)) &		    0xffffffffL;	EVP_MD_CTX_cleanup(&md_ctx);	return (ret);}

unsigned long X509_NAME_hash_old(X509_NAME *x){    EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();    unsigned long ret = 0;    unsigned char md[16];    if (md_ctx == NULL)        return ret;    /* Make sure X509_NAME structure contains valid cached encoding */    i2d_X509_NAME(x, NULL);    EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);    if (EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL)        && EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length)        && EVP_DigestFinal_ex(md_ctx, md, NULL))        ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |               ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)            ) & 0xffffffffL;    EVP_MD_CTX_free(md_ctx);    return (ret);}

int main(int argc, char *argv[])	{#ifndef OPENSSL_NO_MD5	int i;	char *p;#endif	int err=0;#ifdef OPENSSL_NO_MD5	printf("test skipped: MD5 disabled/n");#else#ifdef CHARSET_EBCDIC	ebcdic2ascii(test[0].data, test[0].data, test[0].data_len);	ebcdic2ascii(test[1].data, test[1].data, test[1].data_len);	ebcdic2ascii(test[2].key,  test[2].key,  test[2].key_len);	ebcdic2ascii(test[2].data, test[2].data, test[2].data_len);#endif	for (i=0; i<4; i++)		{		p=pt(HMAC(EVP_md5(),			test[i].key, test[i].key_len,			test[i].data, test[i].data_len,			NULL,NULL));		if (strcmp(p,(char *)test[i].digest) != 0)			{			printf("error calculating HMAC on %d entry'/n",i);			printf("got %s instead of %s/n",p,test[i].digest);			err++;			}		else			printf("test %d ok/n",i);		}#endif /* OPENSSL_NO_MD5 */	EXIT(err);	return(0);	}

int EVP_cipher(const char *passw, int cbpass, char *strin, int cbstr, int op, const char *cipher){	const EVP_CIPHER * enc;	if (cipher && *cipher) {		if (!myEvpMap.Find(cipher,enc))			return CIPHER_INVALID;	} else 		enc = EVP_des_ede_cbc();	unsigned char key[EVP_MAX_KEY_LENGTH];	unsigned char iv[EVP_MAX_IV_LENGTH];	EVP_CIPHER_CTX ctx;	EVP_BytesToKey(enc,EVP_md5(),NULL,(unsigned char *)passw,cbpass,1,key,iv);	EVP_CIPHER_CTX_init(&ctx);	EVP_CipherInit(&ctx,enc,key,iv,op);		unsigned char out[CIPHER_BLOCK+EVP_MAX_IV_LENGTH];	int outl;	unsigned char *in = (unsigned char *) strin;	unsigned char *endp = in + cbstr - CIPHER_BLOCK;	unsigned char *outp = in;	while (in < endp)	{		EVP_CipherUpdate(&ctx,out,&outl,in,CIPHER_BLOCK);		memcpy(outp, out, outl); outp += outl;		in += CIPHER_BLOCK;	}	EVP_CipherUpdate(&ctx,out,&outl,in,endp+CIPHER_BLOCK-in);	memcpy(outp, out, outl); outp += outl;	EVP_CipherFinal(&ctx,out,&outl);	memcpy(outp, out, outl); outp += outl;	EVP_CIPHER_CTX_cleanup(&ctx);	return (char *)outp-strin;}

/** Calculate HMAC using OpenSSL's MD5 implementation * * @param digest Caller digest to be filled in. * @param in Pointer to data stream. * @param inlen length of data stream. * @param key Pointer to authentication key. * @param key_len Length of authentication key. * */void fr_hmac_md5(uint8_t digest[MD5_DIGEST_LENGTH], uint8_t const *in, size_t inlen,		 uint8_t const *key, size_t key_len){	HMAC_CTX *ctx;	if (unlikely(!md5_hmac_ctx)) {		ctx = HMAC_CTX_new();		if (unlikely(!ctx)) return;		fr_thread_local_set_destructor(md5_hmac_ctx, _hmac_md5_ctx_free_on_exit, ctx);	} else {		ctx = md5_hmac_ctx;	}#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW	/* Since MD5 is not allowed by FIPS, explicitly allow it. */	HMAC_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);#endif /* EVP_MD_CTX_FLAG_NON_FIPS_ALLOW */	HMAC_Init_ex(ctx, key, key_len, EVP_md5(), NULL);	HMAC_Update(ctx, in, inlen);	HMAC_Final(ctx, digest, NULL);	HMAC_CTX_reset(ctx);}

static int32_tsnmp_digest_init(const struct snmp_user *user, EVP_MD_CTX *ctx,    const EVP_MD **dtype, uint32_t *keylen){	if (user->auth_proto == SNMP_AUTH_HMAC_MD5) {		*dtype = EVP_md5();		*keylen = SNMP_AUTH_HMACMD5_KEY_SIZ;	} else if (user->auth_proto == SNMP_AUTH_HMAC_SHA) {		*dtype = EVP_sha1();		*keylen = SNMP_AUTH_HMACSHA_KEY_SIZ;	} else if (user->auth_proto == SNMP_AUTH_NOAUTH)		return (0);	else {		snmp_error("unknown authentication option - %d",		    user->auth_proto);		return (-1);	}	if (EVP_DigestInit(ctx, *dtype) != 1)		return (-1);	return (1);}

/*! * /brief Get message digest type for a given algorithm. * * /param algorithm  Algorithm number. * * /return Pointer to digest type specification, NULL if not implemented. */static const EVP_MD *get_digest_type(knot_dnssec_algorithm_t algorithm){	// EVP_<digest>() functions should not fail (return NULL)	switch (algorithm) {	case KNOT_DNSSEC_ALG_RSASHA1:	case KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1:	case KNOT_DNSSEC_ALG_DSA:	case KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1:		return EVP_sha1();	case KNOT_DNSSEC_ALG_RSAMD5:		return EVP_md5();	case KNOT_DNSSEC_ALG_RSASHA256:	case KNOT_DNSSEC_ALG_ECDSAP256SHA256:		return EVP_sha256();	case KNOT_DNSSEC_ALG_ECDSAP384SHA384:		return EVP_sha384();	case KNOT_DNSSEC_ALG_RSASHA512:		return EVP_sha512();	default:		return NULL;	}}

       bool AESCipher::init2(unsigned char *key_data, int key_data_len)    {        int i, nrounds = 1;        unsigned char key[32], iv[32];        /*        * Gen key & IV for AES 256 CBC mode. A SHA1 digest is used to hash the supplied key material.        * nrounds is the number of times the we hash the material. More rounds are more secure but        * slower.        */        i = EVP_BytesToKey(EVP_aes_256_cfb(), EVP_md5(), NULL, key_data, key_data_len, nrounds, key, iv);        if (i != 32) {            //printf("Key size is %d bits - should be 256 bits/n", i);            return false;        }        EVP_CIPHER_CTX_init(&m_ectx);        EVP_EncryptInit_ex(&m_ectx, EVP_aes_256_cfb(), NULL, key, iv);        EVP_CIPHER_CTX_init(&m_dctx);        EVP_DecryptInit_ex(&m_dctx, EVP_aes_256_cfb(), NULL, key, iv);        return true;    }

/**  Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for  subsequent use.  If HmacMd5Context is NULL, then return FALSE.  @param[out]  HmacMd5Context  Pointer to HMAC-MD5 context being initialized.  @param[in]   Key             Pointer to the user-supplied key.  @param[in]   KeySize         Key size in bytes.  @retval TRUE   HMAC-MD5 context initialization succeeded.  @retval FALSE  HMAC-MD5 context initialization failed.**/BOOLEANEFIAPIHmacMd5Init (  OUT  VOID         *HmacMd5Context,  IN   CONST UINT8  *Key,  IN   UINTN        KeySize  ){  //  // Check input parameters.  //  if (HmacMd5Context == NULL || KeySize > INT_MAX) {    return FALSE;  }  //  // OpenSSL HMAC-MD5 Context Initialization  //  HMAC_CTX_init (HmacMd5Context);  HMAC_Init_ex (HmacMd5Context, Key, (UINT32) KeySize, EVP_md5(), NULL);  return TRUE;}

cipher_t * cipher_new(const char * pass){  OpenSSL_add_all_algorithms();  //  const char * name;//  name = "aes-128-cfb";//  name = "bf-cfb";    cipher_t *  cipher       = calloc(1, sizeof(cipher_t));  cipher->type = EVP_get_cipherbyname(conf.method);  cipher->keyl = EVP_CIPHER_key_length(cipher->type);  cipher->key  = malloc(cipher->keyl);    EVP_CIPHER_CTX_init(&cipher->encrypt.ctx);  EVP_CIPHER_CTX_init(&cipher->decrypt.ctx);    EVP_BytesToKey(cipher->type, EVP_md5(), NULL,                 (uint8_t *)conf.pass, (int)strlen(conf.pass), 1,                 cipher->key, NULL);    return cipher;}

void md5_compute(FILE *f, int start, int end, std::string &md5){  // initialize openssl md5 digest  static unsigned char data[102400]; // 100K buffer to read from file  static unsigned char md_val[EVP_MAX_MD_SIZE];  unsigned int md_len;  EVP_MD_CTX mdctx;  const EVP_MD *md = EVP_md5();  EVP_MD_CTX_init(&mdctx);  EVP_DigestInit_ex(&mdctx, md, NULL);  // read data in chunks from the file and update the digest  size_t rv;  fseek(f, start, SEEK_SET);  do {    rv = end - start + 1;    if(rv > 102400)      rv = 102400;    rv = fread(data, 1, rv, f);    if(rv == 0)      break;    EVP_DigestUpdate(&mdctx, data, rv);    start += rv;  } while(start <= end);  // finalize the digest  EVP_DigestFinal_ex(&mdctx, md_val, &md_len);  EVP_MD_CTX_cleanup(&mdctx);  // output  md5.reserve(64);  char digit[3];  for(unsigned int i = 0; i < md_len; ++i) {    sprintf(digit, "%02x", md_val[i]);    md5.append(digit);  }}

void openssl_evp_keyiv(){	int i;	const EVP_MD *md;	const EVP_CIPHER *type;	unsigned char salt[32], data[COMM_LEN], *key, *iv;	md = EVP_md5();	printf("/nEVP_Md info: type[%d], ", EVP_MD_type(md));	printf("nid[%d], ", EVP_MD_nid(md));	printf("name[%s], ", EVP_MD_name(md));	printf("pkey type[%d], ", EVP_MD_pkey_type(md));	printf("size[%d], ", EVP_MD_size(md));	printf("block size[%d], ", EVP_MD_block_size(md));	type = EVP_des_ecb();	printf("/nEVP_ECB info: encrypto nid[%d], ", EVP_CIPHER_nid(type));	printf("name[%s], ", EVP_CIPHER_name(type));	printf("bock size[%d]", EVP_CIPHER_block_size(type));	key = (unsigned char *)malloc(EVP_CIPHER_key_length(type));	iv = (unsigned char *)malloc(EVP_CIPHER_iv_length(type));	for (i = 0; i < COMM_LEN; i++)		memset(&data[i], i, 1);	for (i = 0; i < 32; i++)		memset(&salt[i], i, 1);	EVP_BytesToKey(type, md, salt, data, COMM_LEN, 2, key, iv);	printf("/nEVP_key value: ");	for (i = 0; i < EVP_CIPHER_key_length(type); i++)		printf("%x ", key[i]);	printf("/nEVP_iv value: ");	for (i = 0; i < EVP_CIPHER_iv_length(type); i++)		printf("%x ", iv[i]);	printf("/n");}

/**  *  @brief To generate Auth Code for RAKP 3, RAKP-HMAC-SHA1, RAKP-HMAC-MD5.  *  *  @param[in] alg algorithm  *  @param[in] key  *  @param[in] key_len  *  @param[in] data the input data before encode  *  @param[in] data_len the input data length  *  @param[out] buf the output buffer  *  @return  the output data length  */int ipmi20_generate_auth_code(unsigned char alg,							  void *key,							  int key_len,							  unsigned char *data,							  int data_len,							  unsigned char *buf){	unsigned int len = 0;	switch (alg) {	case AUTH_ALG_RAKP_NONE: /* INTEGRITY_ALG_NONE has the same value */		return 0;	case AUTH_ALG_RAKP_HMAC_SHA1: /* INTEGRITY_ALG_HMAC_SHA1_96 has the same value */		HMAC(EVP_sha1(), key, key_len, data, data_len, buf, &len);		break;	case AUTH_ALG_RAKP_HMAC_MD5: /* INTEGRITY_ALG_HMAC_MD5_128 has the same value */	case INTEGRITY_ALG_MD5_128:		HMAC(EVP_md5(), key, key_len, data, data_len, buf, &len);	default:		break;	}	return len;}

/** * Consult EVP_DigestInit(3SSL) for details. */static char *md5_digest(int n, ...){	EVP_MD_CTX mdctx;	const EVP_MD *md;	unsigned char md_value[EVP_MAX_MD_SIZE];	unsigned int md_len = 0;	int i, rc;	char *string;	char *md5_result = NULL;	OpenSSL_add_all_digests();	md = EVP_md5();	if(!md)		err(1, "Unknown message digest");	EVP_MD_CTX_init(&mdctx);	EVP_DigestInit_ex(&mdctx, md, NULL);	va_list argPtr;	va_start(argPtr, n);	for (i = 0; i < n; i++) {		string = va_arg(argPtr, char *);		EVP_DigestUpdate(&mdctx, string, strlen(string));	}	va_end(argPtr);	EVP_DigestFinal_ex(&mdctx, md_value, &md_len);	EVP_MD_CTX_cleanup(&mdctx);	EVP_cleanup();	rc = md5toa(md_value, md_len, &md5_result);	if (rc == -1)		err(1, "md5 digest failure.");	return md5_result;}

HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) {  HMACCTX ctx = NULL;  ctx = HMAC_CTX_new();  if (ctx == NULL) {    return NULL;  }#ifndef OLD_CRYPTO  HMAC_CTX_reset(ctx); // openssl 0.9.7 requires it.#endif  switch(type) {    case SSH_HMAC_SHA1:      HMAC_Init_ex(ctx, key, len, EVP_sha1(), NULL);      break;    case SSH_HMAC_SHA256:      HMAC_Init_ex(ctx, key, len, EVP_sha256(), NULL);      break;    case SSH_HMAC_SHA384:      HMAC_Init_ex(ctx, key, len, EVP_sha384(), NULL);      break;    case SSH_HMAC_SHA512:      HMAC_Init_ex(ctx, key, len, EVP_sha512(), NULL);      break;    case SSH_HMAC_MD5:      HMAC_Init_ex(ctx, key, len, EVP_md5(), NULL);      break;    default:      HMAC_CTX_free(ctx);      SAFE_FREE(ctx);      ctx = NULL;  }  return ctx;}

void config_encryption(const char *password, const char *method) {    SSLeay_add_all_algorithms();    _method = encryption_method_from_string(method);    if (_method != ENCRYPTION_TABLE) {        const char *name = shadowsocks_encryption_names[_method];        _cipher = EVP_get_cipherbyname(name);        if (_cipher == NULL) {//            assert(0);            // TODO            printf("_cipher is nil! /r/nThe %s doesn't supported!/r/n please chose anthor!",name);        }        else        {            unsigned char tmp[EVP_MAX_IV_LENGTH];            _key_len = EVP_BytesToKey(_cipher, EVP_md5(), NULL, (unsigned char *)password,                                      strlen(password), 1, (unsigned char *)_key, tmp);            shadowsocks_key = _key;        }//        printf("%d/n", _key_len);    } else {        get_table((unsigned char *)password);    }}

void test_md5(void){  char plaintext[]= "Hello world";    // MD5 produces a 16 byte hash value (one way)  unsigned char hash[MD5_HASH_SIZE];   memset(hash, 0, sizeof(hash));  encrypt_digest(plaintext, strlen(plaintext), hash, 0, EVP_md5());    // Below output should be the same as echo -n "Hello world" | openssl md5  char buffer[256];  memset(buffer, 0, sizeof(buffer));  sprintf(buffer, "(stdin)= ");  int i;  for(i = 0; i < MD5_HASH_SIZE; i++){    sprintf(buffer+9+2*i, "%02x", hash[i]);  }  sprintf(buffer+9+2*i, "/n");    char *linux_call = get_command_output("echo -n /"Hello world/" | openssl md5 2>&1", 256);  if(strcmp(linux_call, buffer) == 0){    printf(" MD5 PASSED/n");  }}

/** Low-level signature operation. *  /param key_count Number of keys in the /a source array. *  /param source Array of keys.  The keys must include private key data. *  /param data Data to sign. *  /return Array of signatures, one for each key, *          or NULL if the operation failed.  *  /sa gale_crypto_verify_raw(), gale_crypto_sign() */const struct gale_data *gale_crypto_sign_raw(int key_count,        const struct gale_group *source,        struct gale_data data){	int i;	struct gale_data *output;	RSA *rsa;	EVP_MD_CTX *context = EVP_MD_CTX_new();	EVP_SignInit(context,EVP_md5());	EVP_SignUpdate(context,data.p,data.l);	gale_create_array(output,key_count);	for (i = 0; NULL != output && i < key_count; ++i) {		EVP_PKEY *key = EVP_PKEY_new();		EVP_PKEY_assign_RSA(key,RSA_new());		rsa = EVP_PKEY_get0_RSA(key);		crypto_i_rsa(source[i],rsa);		if (!crypto_i_private_valid(rsa)) {			gale_alert(GALE_WARNING,G_("invalid private key"),0);			output = NULL;			goto cleanup;		}		output[i].p = gale_malloc(EVP_PKEY_size(key));		if (!EVP_SignFinal(context,output[i].p,&output[i].l,key)) {			crypto_i_error();			output = NULL;			goto cleanup;		}	cleanup:		EVP_PKEY_free(key);	}	return output;}

SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP){	int index;	int length;	void* data;	UINT32 SeqNo;	HMAC_CTX hmac;	BYTE digest[16];	BYTE checksum[8];	UINT32 version = 1;	NTLM_CONTEXT* context;	BYTE expected_signature[16];	PSecBuffer data_buffer = NULL;	PSecBuffer signature_buffer = NULL;	SeqNo = (UINT32) MessageSeqNo;	context = (NTLM_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext);	for (index = 0; index < (int) pMessage->cBuffers; index++)	{		if (pMessage->pBuffers[index].BufferType == SECBUFFER_DATA)			data_buffer = &pMessage->pBuffers[index];		else if (pMessage->pBuffers[index].BufferType == SECBUFFER_TOKEN)			signature_buffer = &pMessage->pBuffers[index];	}	if (!data_buffer)		return SEC_E_INVALID_TOKEN;	if (!signature_buffer)		return SEC_E_INVALID_TOKEN;	/* Copy original data buffer */	length = data_buffer->cbBuffer;	data = malloc(length);	if (!data)		return SEC_E_INSUFFICIENT_MEMORY;	CopyMemory(data, data_buffer->pvBuffer, length);	/* Decrypt message using with RC4, result overwrites original buffer */	if (context->confidentiality)		RC4(&context->RecvRc4Seal, length, (BYTE*) data, (BYTE*) data_buffer->pvBuffer);	else		CopyMemory(data_buffer->pvBuffer, data, length);	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */	HMAC_CTX_init(&hmac);	HMAC_Init_ex(&hmac, context->RecvSigningKey, 16, EVP_md5(), NULL);	HMAC_Update(&hmac, (void*) &(SeqNo), 4);	HMAC_Update(&hmac, (void*) data_buffer->pvBuffer, data_buffer->cbBuffer);	HMAC_Final(&hmac, digest, NULL);	HMAC_CTX_cleanup(&hmac);#ifdef WITH_DEBUG_NTLM	fprintf(stderr, "Encrypted Data Buffer (length = %d)/n", length);	winpr_HexDump(data, length);	fprintf(stderr, "/n");	fprintf(stderr, "Data Buffer (length = %d)/n", (int) data_buffer->cbBuffer);	winpr_HexDump(data_buffer->pvBuffer, data_buffer->cbBuffer);	fprintf(stderr, "/n");#endif	free(data);	/* RC4-encrypt first 8 bytes of digest */	RC4(&context->RecvRc4Seal, 8, digest, checksum);	/* Concatenate version, ciphertext and sequence number to build signature */	CopyMemory(expected_signature, (void*) &version, 4);	CopyMemory(&expected_signature[4], (void*) checksum, 8);	CopyMemory(&expected_signature[12], (void*) &(SeqNo), 4);	context->RecvSeqNum++;	if (memcmp(signature_buffer->pvBuffer, expected_signature, 16) != 0)	{		/* signature verification failed! */		fprintf(stderr, "signature verification failed, something nasty is going on!/n");		fprintf(stderr, "Expected Signature:/n");		winpr_HexDump(expected_signature, 16);		fprintf(stderr, "Actual Signature:/n");		winpr_HexDump((BYTE*) signature_buffer->pvBuffer, 16);		return SEC_E_MESSAGE_ALTERED;	}	return SEC_E_OK;}

int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,           char *x, const EVP_CIPHER *enc, unsigned char *kstr,           int klen, pem_password_cb *callback, void *u)  {  EVP_CIPHER_CTX ctx;  int dsize=0,i,j,ret=0;  unsigned char *p,*data=NULL;  const char *objstr=NULL;  char buf[PEM_BUFSIZE];  unsigned char key[EVP_MAX_KEY_LENGTH];  unsigned char iv[EVP_MAX_IV_LENGTH];    if (enc != NULL)    {    objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));    if (objstr == NULL)      {      PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);      goto err;      }    }  if ((dsize=i2d(x,NULL)) < 0)    {    PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB);    dsize=0;    goto err;    }  /* dzise + 8 bytes are needed */  /* actually it needs the cipher block size extra... */  data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);  if (data == NULL)    {    PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);    goto err;    }  p=data;  i=i2d(x,&p);  if (enc != NULL)    {    if (kstr == NULL)      {      if (callback == NULL)        klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);      else        klen=(*callback)(buf,PEM_BUFSIZE,1,u);      if (klen <= 0)        {        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);        goto err;        }#ifdef CHARSET_EBCDIC      /* Convert the pass phrase from EBCDIC */      ebcdic2ascii(buf, buf, klen);#endif      kstr=(unsigned char *)buf;      }    RAND_add(data,i,0);/* put in the RSA key. */    OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));    if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */      goto err;    /* The 'iv' is used as the iv and as a salt.  It is     * NOT taken from the BytesToKey function */    EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);    if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);    OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);    buf[0]='/0';    PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);    PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);    /* k=strlen(buf); */    EVP_CIPHER_CTX_init(&ctx);    EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);    EVP_EncryptUpdate(&ctx,data,&j,data,i);    EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);    EVP_CIPHER_CTX_cleanup(&ctx);    i+=j;    ret=1;    }  else    {    ret=1;    buf[0]='/0';    }  i=PEM_write_bio(bp,name,buf,data,i);  if (i <= 0) ret=0;err:  OPENSSL_cleanse(key,sizeof(key));  OPENSSL_cleanse(iv,sizeof(iv));  OPENSSL_cleanse((char *)&ctx,sizeof(ctx));  OPENSSL_cleanse(buf,PEM_BUFSIZE);  if (data != NULL)    {    OPENSSL_cleanse(data,(unsigned int)dsize);    OPENSSL_free(data);    }//.........这里部分代码省略.........

intotp_md5_next (OtpKey key){  unsigned char res[16];  return otp_md_next (key, EVP_md5(), 0, res, sizeof(res));}

intotp_md5_init (OtpKey key, const char *pwd, const char *seed){  unsigned char res[16];  return otp_md_init (key, pwd, seed, EVP_md5(), 0, res, sizeof(res));}

//.........这里部分代码省略.........            ERR_print_errors(bio_err);            goto end;        }        if (do_verify)            r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);        else            r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);        if (!r) {            BIO_printf(bio_err, "Error setting context/n");            ERR_print_errors(bio_err);            goto end;        }        if (sigopts) {            char *sigopt;            for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {                sigopt = sk_OPENSSL_STRING_value(sigopts, i);                if (pkey_ctrl_string(pctx, sigopt) <= 0) {                    BIO_printf(bio_err, "parameter error /"%s/"/n", sigopt);                    ERR_print_errors(bio_err);                    goto end;                }            }        }    }    /* we use md as a filter, reading from 'in' */    else {        EVP_MD_CTX *mctx = NULL;        if (!BIO_get_md_ctx(bmd, &mctx)) {            BIO_printf(bio_err, "Error getting context/n");            ERR_print_errors(bio_err);            goto end;        }        if (md == NULL)            md = EVP_md5();        if (!EVP_DigestInit_ex(mctx, md, impl)) {            BIO_printf(bio_err, "Error setting digest/n");            ERR_print_errors(bio_err);            goto end;        }    }    if (sigfile && sigkey) {        BIO *sigbio = BIO_new_file(sigfile, "rb");        if (!sigbio) {            BIO_printf(bio_err, "Error opening signature file %s/n", sigfile);            ERR_print_errors(bio_err);            goto end;        }        siglen = EVP_PKEY_size(sigkey);        sigbuf = app_malloc(siglen, "signature buffer");        siglen = BIO_read(sigbio, sigbuf, siglen);        BIO_free(sigbio);        if (siglen <= 0) {            BIO_printf(bio_err, "Error reading signature file %s/n", sigfile);            ERR_print_errors(bio_err);            goto end;        }    }    inp = BIO_push(bmd, in);    if (md == NULL) {        EVP_MD_CTX *tctx;        BIO_get_md_ctx(bmd, &tctx);        md = EVP_MD_CTX_md(tctx);    }

/** * Setup key and digest for verification. Adjust sig if necessary. * * @param algo: key algorithm * @param evp_key: EVP PKEY public key to create. * @param digest_type: digest type to use * @param key: key to setup for. * @param keylen: length of key. * @return false on failure. */static intsetup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, 	unsigned char* key, size_t keylen){#if defined(USE_DSA) && defined(USE_SHA1)	DSA* dsa;#endif	RSA* rsa;	switch(algo) {#if defined(USE_DSA) && defined(USE_SHA1)		case LDNS_DSA:		case LDNS_DSA_NSEC3:			*evp_key = EVP_PKEY_new();			if(!*evp_key) {				log_err("verify: malloc failure in crypto");				return 0;			}			dsa = sldns_key_buf2dsa_raw(key, keylen);			if(!dsa) {				verbose(VERB_QUERY, "verify: "					"sldns_key_buf2dsa_raw failed");				return 0;			}			if(EVP_PKEY_assign_DSA(*evp_key, dsa) == 0) {				verbose(VERB_QUERY, "verify: "					"EVP_PKEY_assign_DSA failed");				return 0;			}#ifdef HAVE_EVP_DSS1			*digest_type = EVP_dss1();#else			*digest_type = EVP_sha1();#endif			break;#endif /* USE_DSA && USE_SHA1 */#if defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2))#ifdef USE_SHA1		case LDNS_RSASHA1:		case LDNS_RSASHA1_NSEC3:#endif#if defined(HAVE_EVP_SHA256) && defined(USE_SHA2)		case LDNS_RSASHA256:#endif#if defined(HAVE_EVP_SHA512) && defined(USE_SHA2)		case LDNS_RSASHA512:#endif			*evp_key = EVP_PKEY_new();			if(!*evp_key) {				log_err("verify: malloc failure in crypto");				return 0;			}			rsa = sldns_key_buf2rsa_raw(key, keylen);			if(!rsa) {				verbose(VERB_QUERY, "verify: "					"sldns_key_buf2rsa_raw SHA failed");				return 0;			}			if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) {				verbose(VERB_QUERY, "verify: "					"EVP_PKEY_assign_RSA SHA failed");				return 0;			}			/* select SHA version */#if defined(HAVE_EVP_SHA256) && defined(USE_SHA2)			if(algo == LDNS_RSASHA256)				*digest_type = EVP_sha256();			else#endif#if defined(HAVE_EVP_SHA512) && defined(USE_SHA2)				if(algo == LDNS_RSASHA512)				*digest_type = EVP_sha512();			else#endif#ifdef USE_SHA1				*digest_type = EVP_sha1();#else				{ verbose(VERB_QUERY, "no digest available"); return 0; }#endif			break;#endif /* defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) */		case LDNS_RSAMD5:			*evp_key = EVP_PKEY_new();			if(!*evp_key) {				log_err("verify: malloc failure in crypto");				return 0;//.........这里部分代码省略.........