自学教程：C++ HMAC_CTX_cleanup函数代码示例

void hmac_sha1( uint8_t* key, int32_t key_length,                const uint8_t* data_chunks[],                uint32_t data_chunck_length[],                uint8_t* mac, int32_t* mac_length ) {    HMAC_CTX ctx;    HMAC_CTX_init( &ctx );    HMAC_Init_ex( &ctx, key, key_length, EVP_sha1(), NULL );    while ( *data_chunks ) {        HMAC_Update( &ctx, *data_chunks, *data_chunck_length );        data_chunks ++;        data_chunck_length ++;    }    HMAC_Final( &ctx, mac, reinterpret_cast<uint32_t*>(mac_length) );    HMAC_CTX_cleanup( &ctx );}

bool OSSLEVPMacAlgorithm::verifyFinal(ByteString& signature){	if (!MacAlgorithm::verifyFinal(signature))	{		return false;	}	ByteString macResult;	unsigned int outLen = EVP_MD_size(getEVPHash());	macResult.resize(outLen);	if (!HMAC_Final(&curCTX, &macResult[0], &outLen))	{		ERROR_MSG("HMAC_Final failed");		HMAC_CTX_cleanup(&curCTX);		return false;	}	HMAC_CTX_cleanup(&curCTX);	return macResult == signature;}

static void xmlSecOpenSSLHmacFinalize(xmlSecTransformPtr transform) {    xmlSecOpenSSLHmacCtxPtr ctx;    xmlSecAssert(xmlSecOpenSSLHmacCheckId(transform));    xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize));    ctx = xmlSecOpenSSLHmacGetCtx(transform);    xmlSecAssert(ctx != NULL);    #ifndef XMLSEC_OPENSSL_096    HMAC_CTX_cleanup(&(ctx->hmacCtx));#endif /* XMLSEC_OPENSSL_096 */    memset(ctx, 0, sizeof(xmlSecOpenSSLHmacCtx));}

int encrypt_esp_packet(struct openconnect_info *vpninfo, struct pkt *pkt){	int i, padlen;	const int blksize = 16;	unsigned int hmac_len = 20;	int crypt_len;	HMAC_CTX hmac_ctx;	/* This gets much more fun if the IV is variable-length */	pkt->esp.spi = vpninfo->esp_out.spi;	pkt->esp.seq = htonl(vpninfo->esp_out.seq++);	if (!RAND_bytes((void *)&pkt->esp.iv, sizeof(pkt->esp.iv))) {		vpn_progress(vpninfo, PRG_ERR,			     _("Failed to generate random IV for ESP packet:/n"));		openconnect_report_ssl_errors(vpninfo);		return -EIO;	}	padlen = blksize - 1 - ((pkt->len + 1) % blksize);	for (i=0; i<padlen; i++)		pkt->data[pkt->len + i] = i + 1;	pkt->data[pkt->len + padlen] = padlen;	pkt->data[pkt->len + padlen + 1] = 0x04; /* Legacy IP */		if (!EVP_EncryptInit_ex(&vpninfo->esp_out.cipher, NULL, NULL, NULL,				pkt->esp.iv)) {		vpn_progress(vpninfo, PRG_ERR,			     _("Failed to set up encryption context for ESP packet:/n"));		openconnect_report_ssl_errors(vpninfo);		return -EINVAL;	}	crypt_len = pkt->len + padlen + 2;	if (!EVP_EncryptUpdate(&vpninfo->esp_out.cipher, pkt->data, &crypt_len,			       pkt->data, crypt_len)) {		vpn_progress(vpninfo, PRG_ERR,			     _("Failed to encrypt ESP packet:/n"));		openconnect_report_ssl_errors(vpninfo);		return -EINVAL;	}	HMAC_CTX_copy(&hmac_ctx, &vpninfo->esp_out.hmac);	HMAC_Update(&hmac_ctx, (void *)&pkt->esp, sizeof(pkt->esp) + crypt_len);	HMAC_Final(&hmac_ctx, pkt->data + crypt_len, &hmac_len);	HMAC_CTX_cleanup(&hmac_ctx);	return sizeof(pkt->esp) + crypt_len + 12;}

/**@fn int soap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len)@brief Finalizes (signed) digest computation and returns digest or signature.@param soap context@param[in,out] data smdevp engine context@param[in] buf contains signature for verification (SOAP_SMD_VRFY algorithms)@param[out] buf is populated with the digest or signature@param[in] len points to length of signature to verify (SOAP_SMD_VRFY algorithms)@param[out] len points to length of stored digest or signature (pass NULL if you are not interested in this value)@return SOAP_OK or SOAP_SSL_ERROR*/intsoap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len){ unsigned int n = 0;  int err = 1;  if (buf)  { /* finalize the digest or signature computation */    switch (data->alg & (SOAP_SMD_PASSTHRU-1))    { case SOAP_SMD_DGST_MD5:      case SOAP_SMD_DGST_SHA1:      case SOAP_SMD_DGST_SHA256:        EVP_DigestFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n);        break;      case SOAP_SMD_HMAC_SHA1:        HMAC_Final((HMAC_CTX*)data->ctx, (unsigned char*)buf, &n);        break;      case SOAP_SMD_SIGN_DSA_SHA1:      case SOAP_SMD_SIGN_RSA_SHA1:      case SOAP_SMD_SIGN_RSA_SHA256:        err = EVP_SignFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n, (EVP_PKEY*)data->key);        break;      case SOAP_SMD_VRFY_DSA_SHA1:      case SOAP_SMD_VRFY_RSA_SHA1:        if (len)        { n = (unsigned int)*len;          err = EVP_VerifyFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, n, (EVP_PKEY*)data->key);        }        else          err = 0;        break;    }    DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Final alg=%d (%p) %d bytes--/n", data->alg, data->ctx, n));    DBGHEX(TEST, buf, n);    DBGLOG(TEST, SOAP_MESSAGE(fdebug, "/n--"));    /* return length of digest or signature produced */    if (len)      *len = (int)n;  }  /* cleanup and free the HMAC or EVP_MD context */  if ((data->alg & (SOAP_SMD_PASSTHRU-1)) == SOAP_SMD_HMAC_SHA1)    HMAC_CTX_cleanup((HMAC_CTX*)data->ctx);  else    EVP_MD_CTX_cleanup((EVP_MD_CTX*)data->ctx);  SOAP_FREE(soap, data->ctx);  data->ctx = NULL;  /* check and return */  return soap_smd_check(soap, data, err, "soap_smd_final() failed");}

int getHMACSHA256(char *msg, unsigned char* md_value, int len, unsigned char key[], int keylen){	HMAC_CTX mdctx;	int md_len;	const EVP_MD *md;		OpenSSL_add_all_digests();	md = EVP_get_digestbyname("sha256");	HMAC_CTX_init(&mdctx);	HMAC_Init_ex(&mdctx,key,keylen,md,NULL);	HMAC_Update(&mdctx, msg, len);	HMAC_Final(&mdctx, md_value, &md_len);	HMAC_CTX_cleanup(&mdctx);	return md_len;}

void aes_sha_combo(void* ctx, void* plaintext, void* ciphertext, int size, void* tag){uint8_t iv[16];AES_KEY* key = ctx;HMAC_CTX hctx;unsigned int rlen = 20;	HMAC_CTX_init(&hctx);	HMAC_Init_ex(&hctx, iv, 16, EVP_sha1(), NULL);	HMAC_Update(&hctx, plaintext, size);	HMAC_Final(&hctx, tag, &rlen);	HMAC_CTX_cleanup(&hctx);	AES_cbc_encrypt(plaintext, ciphertext, size, key, iv, 1);}

void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context){	HMAC_CTX hmac_ctx;	/*	 * Compute the HMAC-MD5 hash of ConcatenationOf(NEGOTIATE_MESSAGE,	 * CHALLENGE_MESSAGE, AUTHENTICATE_MESSAGE) using the ExportedSessionKey	 */	HMAC_CTX_init(&hmac_ctx);	HMAC_Init_ex(&hmac_ctx, context->ExportedSessionKey, 16, EVP_md5(), NULL);	HMAC_Update(&hmac_ctx, context->NegotiateMessage.pvBuffer, context->NegotiateMessage.cbBuffer);	HMAC_Update(&hmac_ctx, context->ChallengeMessage.pvBuffer, context->ChallengeMessage.cbBuffer);	HMAC_Update(&hmac_ctx, context->AuthenticateMessage.pvBuffer, context->AuthenticateMessage.cbBuffer);	HMAC_Final(&hmac_ctx, context->MessageIntegrityCheck, NULL);	HMAC_CTX_cleanup(&hmac_ctx);}

/* rfc 3711, sections 4.2 and 4.2.1 */static int hmac_sha1_rtp(struct crypto_context *c, char *out, str *in, u_int64_t index) {	unsigned char hmac[20];	HMAC_CTX hc;	u_int32_t roc;	HMAC_Init(&hc, c->session_auth_key, c->crypto_suite->srtp_auth_key_len, EVP_sha1());	HMAC_Update(&hc, (unsigned char *) in->s, in->len);	roc = htonl((index & 0xffffffff0000ULL) >> 16);	HMAC_Update(&hc, (unsigned char *) &roc, sizeof(roc));	HMAC_Final(&hc, hmac, NULL);	HMAC_CTX_cleanup(&hc);	assert(sizeof(hmac) >= c->crypto_suite->srtp_auth_tag);	memcpy(out, hmac, c->crypto_suite->srtp_auth_tag);	return 0;}

static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) {  HMAC_PKEY_CTX *hctx = ctx->data;  if (hctx == NULL) {    return;  }  HMAC_CTX_cleanup(&hctx->ctx);  if (hctx->ktmp.data) {    if (hctx->ktmp.length) {      OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length);    }    OPENSSL_free(hctx->ktmp.data);    hctx->ktmp.data = NULL;  }  OPENSSL_free(hctx);}

 /** * sha256 digest algorithm. * @param key the sha256 key, NULL to use EVP_Digest, for instance, *       hashlib.sha256(data).digest(). */ int openssl_HMACsha256(const void* key, int key_size, const void* data, int data_size, void* digest)  {     int ret = ERROR_SUCCESS;          unsigned int digest_size = 0;          unsigned char* __key = (unsigned char*)key;     unsigned char* __digest = (unsigned char*)digest;          if (key == NULL) {         // use data to digest.         // @see ./crypto/sha/sha256t.c         // @see ./crypto/evp/digest.c         if (EVP_Digest(data, data_size, __digest, &digest_size, EVP_sha256(), NULL) < 0)         {             ret = ERROR_OpenSslSha256EvpDigest;             return ret;         }     } else {         // use key-data to digest.         HMAC_CTX ctx;                  // @remark, if no key, use EVP_Digest to digest,         // for instance, in python, hashlib.sha256(data).digest().         HMAC_CTX_init(&ctx);                  if (HMAC_Init_ex(&ctx, __key, key_size, EVP_sha256(), NULL) < 0) {             ret = ERROR_OpenSslSha256Init;             return ret;         }                  ret = __openssl_HMACsha256(&ctx, data, data_size, __digest, &digest_size);         HMAC_CTX_cleanup(&ctx);                  if (ret != ERROR_SUCCESS) {             return ret;         }     }          if (digest_size != 32) {         ret = ERROR_OpenSslSha256DigestSize;         return ret;     }          return ret; }

static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen){    FILE *f = NULL;    int rv = -1;    unsigned char rbuf[READ_BUFFER_LENGTH];    size_t len;    unsigned int hlen;    HMAC_CTX c;    HMAC_CTX_init(&c);    f = fopen(path, "r");    if (f == NULL) {        goto end;    }    HMAC_Init(&c, hmackey, sizeof(hmackey) - 1, EVP_sha256());    while ((len = fread(rbuf, 1, sizeof(rbuf), f)) != 0) {        HMAC_Update(&c, rbuf, len);    }    len = sizeof(rbuf);    /* reuse rbuf for hmac */    HMAC_Final(&c, rbuf, &hlen);    *buf = malloc(hlen);    if (*buf == NULL) {        goto end;    }    *hmaclen = hlen;    memcpy(*buf, rbuf, hlen);    rv = 0;end:    HMAC_CTX_cleanup(&c);    if (f)        fclose(f);    return rv;}

//------------------------------------------------------------------------------// helper function to hash with HMAC algorithm:static std::vector<unsigned char> hmac_sha512(const std::vector<unsigned char>& data, 	    const std::vector<unsigned char>& key){      unsigned int len = EVP_MAX_MD_SIZE;   std::vector<unsigned char> digest(len);   HMAC_CTX ctx;   HMAC_CTX_init(&ctx);   HMAC_Init_ex(&ctx, key.data(), key.size(), EVP_sha512(), NULL);   HMAC_Update(&ctx, data.data(), data.size());   HMAC_Final(&ctx, digest.data(), &len);      HMAC_CTX_cleanup(&ctx);      return digest;}

/*---------------------------------------------------------------------- * Name    : HmacSha256Hash * Purpose : * Input   : none * Output  : none *---------------------------------------------------------------------*/int HmacSha256Hash(uint8_t *data, uint32_t len, uint8_t *hash, uint8_t *key){	HMAC_CTX hctx;	HMAC_CTX_init(&hctx);	HMAC_Init_ex(&hctx, key, 32, EVP_sha256(), NULL);	/*	 * FIXME: why we need this? NULL means to use whatever there is?	 * if removed, result is different	 */	HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL);	HMAC_Update(&hctx, data, len);	HMAC_Final(&hctx, hash, NULL);	HMAC_CTX_cleanup(&hctx);	return 0;}

int winpr_HMAC_Final(WINPR_HMAC_CTX* ctx, BYTE* output){#if defined(WITH_OPENSSL)#if (OPENSSL_VERSION_NUMBER < 0x10000000L)	HMAC_Final((HMAC_CTX*) ctx, output, NULL);#else	if (HMAC_Final((HMAC_CTX*) ctx, output, NULL) != 1)		return -1;#endif	HMAC_CTX_cleanup((HMAC_CTX*) ctx);#elif defined(WITH_MBEDTLS)	if (mbedtls_md_hmac_finish((mbedtls_md_context_t*) ctx, output) != 0)		return -1;	mbedtls_md_free((mbedtls_md_context_t*) ctx);#endif	return 0;}

void Hmac::init(ByteArray &key, MessageDigest::Algorithm algorithm, Engine &engine) throw (HmacException) {	if (this->state != Hmac::NO_INIT)	{		HMAC_CTX_cleanup( &this->ctx );	}	HMAC_CTX_init( &this->ctx );	this->algorithm = algorithm;	const EVP_MD *md = MessageDigest::getMessageDigest( this->algorithm );	int rc = HMAC_Init_ex( &this->ctx, (void*)key.getDataPointer(), key.size(), md, engine.getEngine() );	if (!rc)	{		this->state = Hmac::NO_INIT;		throw HmacException(HmacException::CTX_INIT, "Hmac::init");	}	this->state = Hmac::INIT;}

void hmac_sha256(uint8_t* key, uint32_t key_length,                 uint8_t* data_chunks[],                 uint32_t data_chunck_length[],                 uint8_t* mac, uint32_t* mac_length ){    unsigned int tmp;    HMAC_CTX ctx;    HMAC_CTX_init( &ctx );    HMAC_Init_ex( &ctx, key, key_length, EVP_sha256(), NULL );    while( *data_chunks ){      HMAC_Update( &ctx, *data_chunks, *data_chunck_length );      data_chunks ++;      data_chunck_length ++;    }    HMAC_Final( &ctx, mac, &tmp);    *mac_length = tmp;    HMAC_CTX_cleanup( &ctx );}

/* pkt->len shall be the *payload* length. Omitting the header and the 12-byte HMAC */int decrypt_esp_packet(struct openconnect_info *vpninfo, struct esp *esp, struct pkt *pkt){	unsigned char hmac_buf[20];	unsigned int hmac_len = sizeof(hmac_buf);	int crypt_len = pkt->len;	HMAC_CTX hmac_ctx;	HMAC_CTX_copy(&hmac_ctx, &esp->hmac);	HMAC_Update(&hmac_ctx, (void *)&pkt->esp, sizeof(pkt->esp) + pkt->len);	HMAC_Final(&hmac_ctx, hmac_buf, &hmac_len);	HMAC_CTX_cleanup(&hmac_ctx);	if (memcmp(hmac_buf, pkt->data + pkt->len, 12)) {		vpn_progress(vpninfo, PRG_DEBUG,			     _("Received ESP packet with invalid HMAC/n"));		return -EINVAL;	}	/* Why in $DEITY's name would you ever *not* set this? Perhaps we	 * should do th check anyway, but only warn instead of discarding	 * the packet? */	if (vpninfo->esp_replay_protect &&	    verify_packet_seqno(vpninfo, esp, ntohl(pkt->esp.seq)))		return -EINVAL;	if (!EVP_DecryptInit_ex(&esp->cipher, NULL, NULL, NULL,				pkt->esp.iv)) {		vpn_progress(vpninfo, PRG_ERR,			     _("Failed to set up decryption context for ESP packet:/n"));		openconnect_report_ssl_errors(vpninfo);		return -EINVAL;	}	if (!EVP_DecryptUpdate(&esp->cipher, pkt->data, &crypt_len,			       pkt->data, pkt->len)) {		vpn_progress(vpninfo, PRG_ERR,			     _("Failed to decrypt ESP packet:/n"));		openconnect_report_ssl_errors(vpninfo);		return -EINVAL;	}	return 0;}

/**@fn int soap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len)@brief Finalizes (signed) digest computation and returns digest or signature.@param soap context@param[in,out] data smdevp engine context@param[in] buf contains signature for verification (SOAP_SMD_VRFY algorithms)@param[out] buf is populated with the digest or signature@param[in] len points to length of signature to verify (SOAP_SMD_VRFY algorithms)@param[out] len points to length of stored digest or signature (pass NULL if you are not interested in this value)@return SOAP_OK or SOAP_SSL_ERROR*/intsoap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len){ unsigned int n = 0;  int ok = 1;  if (!data->ctx)    return soap_set_receiver_error(soap, "soap_smd_final() failed", "No context", SOAP_SSL_ERROR);  if (buf)  { /* finalize the digest or signature computation */    switch (data->alg & SOAP_SMD_ALGO)    { case SOAP_SMD_HMAC:        HMAC_Final((HMAC_CTX*)data->ctx, (unsigned char*)buf, &n);        break;      case SOAP_SMD_DGST:        EVP_DigestFinal_ex((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n);        break;      case SOAP_SMD_SIGN:        ok = EVP_SignFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n, (EVP_PKEY*)data->key);        break;      case SOAP_SMD_VRFY:        if (len)        { n = (unsigned int)*len;          ok = EVP_VerifyFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, n, (EVP_PKEY*)data->key);        }        else          ok = 0;        break;    }    DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Final alg=%x (%p) %d bytes--/n", data->alg, data->ctx, n));    DBGHEX(TEST, buf, n);    DBGLOG(TEST, SOAP_MESSAGE(fdebug, "/n--"));    /* pass back length of digest or signature produced */    if (len)      *len = (int)n;  }  /* cleanup */  if ((data->alg & SOAP_SMD_ALGO) == SOAP_SMD_HMAC)    HMAC_CTX_cleanup((HMAC_CTX*)data->ctx);  else    EVP_MD_CTX_cleanup((EVP_MD_CTX*)data->ctx);  SOAP_FREE(soap, data->ctx);  data->ctx = NULL;  /* check and return */  return soap_smd_check(soap, data, ok, "soap_smd_final() failed");}

static int build_packet(char *buffer, const char *metric){	HMAC_CTX ctx;	struct timespec now;	uint64_t timestamp;	uint32_t nonce;	unsigned int hmac_len;	int metric_len = strlen(metric);	RAND_pseudo_bytes((void *)&nonce, sizeof(nonce));	clock_gettime(CLOCK_REALTIME, &now);	timestamp = (uint64_t)now.tv_sec - 2; /* fake delay */	HMAC_CTX_init(&ctx);	HMAC_Init_ex(&ctx, HMAC_KEY, strlen(HMAC_KEY), EVP_sha256(), NULL);	HMAC_Update(&ctx, (void *)&timestamp, sizeof(timestamp));	HMAC_Update(&ctx, (void *)&nonce, sizeof(nonce));	HMAC_Update(&ctx, (void *)metric, metric_len);	HMAC_Final(&ctx, buffer, &hmac_len);	HMAC_CTX_cleanup(&ctx);	memcpy(buffer + SHA_SIZE, &timestamp, sizeof(timestamp));	memcpy(buffer + SHA_SIZE + 8, &nonce, sizeof(nonce));	memcpy(buffer + SHA_SIZE + 12, metric, metric_len);#ifdef DEBUG	{		int i;		fprintf(stderr, "HMAC: ");		for (i = 0; i < SHA_SIZE; ++i)			fprintf(stderr, "%02x", (unsigned char)buffer[i]);		fprintf(stderr, "/nTIMESTAMP: %llu/nNONCE: %08x/nMETRIC: %s/n",			(long long unsigned int)timestamp, nonce, metric);	}#endif	return SHA_SIZE + 12 + metric_len;}

static void switch_write_mac(void) {  /* First we can clear the write MAC, kept from rekeying. */  if (write_macs[write_mac_idx].key) {    clear_mac(&(write_macs[write_mac_idx]));#if OPENSSL_VERSION_NUMBER > 0x000907000L    HMAC_CTX_cleanup(&(write_ctxs[write_mac_idx]));#else    HMAC_cleanup(&(write_ctxs[write_mac_idx]));#endif    /* Now we can switch the index. */    if (write_mac_idx == 1) {      write_mac_idx = 0;      return;    }    write_mac_idx = 1;  }}

static char* __aws_sign ( char * const str ){  HMAC_CTX ctx;  unsigned char MD[256];  unsigned len;  __debug("StrToSign:%s", str );  HMAC_CTX_init(&ctx);  HMAC_Init(&ctx, awsKey, strlen(awsKey), EVP_sha1());  HMAC_Update(&ctx,(unsigned char*)str, strlen(str));  HMAC_Final(&ctx,(unsigned char*)MD,&len);  HMAC_CTX_cleanup(&ctx);  char * b64 = __b64_encode (MD,len);  __debug("Signature:  %s", b64 );  return b64;}

 int openssl_HMACsha256(const void* data, int data_size, const void* key, int key_size, void* digest)  {     HMAC_CTX ctx;          HMAC_CTX_init(&ctx);     HMAC_Init_ex(&ctx, (unsigned char*) key, key_size, EVP_sha256(), NULL);     HMAC_Update(&ctx, (unsigned char *) data, data_size);      unsigned int digest_size;     HMAC_Final(&ctx, (unsigned char *) digest, &digest_size);          HMAC_CTX_cleanup(&ctx);          if (digest_size != 32) {         return ERROR_OpenSslSha256DigestSize;     }          return ERROR_SUCCESS; }

voiddsa_free(struct iked_dsa *dsa){	if (dsa == NULL)		return;	if (dsa->dsa_hmac) {		HMAC_CTX_cleanup((HMAC_CTX *)dsa->dsa_ctx);		free(dsa->dsa_ctx);	} else {		EVP_MD_CTX_destroy((EVP_MD_CTX *)dsa->dsa_ctx);		if (dsa->dsa_key)			EVP_PKEY_free(dsa->dsa_key);		if (dsa->dsa_cert)			X509_free(dsa->dsa_cert);	}	ibuf_release(dsa->dsa_keydata);	free(dsa);}

/**@fn int soap_smd_check(struct soap *soap, struct soap_smd_data *data, int err, const char *msg)@brief Check result of init/update/final smdevp engine operations.@param soap context@param[in,out] data smdevp engine context@param[in] err EVP error value@param[in] msg error message@return SOAP_OK or SOAP_SSL_ERROR*/static intsoap_smd_check(struct soap *soap, struct soap_smd_data *data, int err, const char *msg){ if (err <= 0)  { unsigned long r;    while ((r = ERR_get_error()))    { ERR_error_string_n(r, soap->msgbuf, sizeof(soap->msgbuf));      DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Error (%d) %s: %s/n", err, msg, soap->msgbuf));    }    if (data->ctx)    { if ((data->alg & (SOAP_SMD_PASSTHRU-1)) == SOAP_SMD_HMAC_SHA1)        HMAC_CTX_cleanup((HMAC_CTX*)data->ctx);      else        EVP_MD_CTX_cleanup((EVP_MD_CTX*)data->ctx);      SOAP_FREE(soap, data->ctx);      data->ctx = NULL;    }    return soap_set_receiver_error(soap, msg, soap->msgbuf, SOAP_SSL_ERROR);  }  return SOAP_OK;}

static void switch_read_mac(void) {  /* First we can clear the read MAC, kept from rekeying. */  if (read_macs[read_mac_idx].key) {    clear_mac(&(read_macs[read_mac_idx]));#if OPENSSL_VERSION_NUMBER > 0x000907000L    HMAC_CTX_cleanup(&(read_ctxs[read_mac_idx]));#else    HMAC_cleanup(&(read_ctxs[read_mac_idx]));#endif    mac_blockszs[read_mac_idx] = 0;     /* Now we can switch the index. */    if (read_mac_idx == 1) {      read_mac_idx = 0;      return;    }    read_mac_idx = 1;  }}

unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,		    const unsigned char *d, size_t n, unsigned char *md,		    unsigned int *md_len)	{	HMAC_CTX c;	static unsigned char m[EVP_MAX_MD_SIZE];	if (md == NULL) md=m;	HMAC_CTX_init(&c);	if (!HMAC_Init(&c,key,key_len,evp_md))		goto err;	if (!HMAC_Update(&c,d,n))		goto err;	if (!HMAC_Final(&c,md,md_len))		goto err;	HMAC_CTX_cleanup(&c);	return md;	err:	return NULL;	}

/* * input: msg, len * output: hval, plen */int get_hmac(void *msg, unsigned int len, void *hval, unsigned int *plen){	int rc = 0;	HMAC_CTX ctxObj;	HMAC_CTX *ctx = &ctxObj;	(void) HMAC_CTX_init(ctx);	rc = HMAC_Init_ex(ctx, priv_key, sizeof(priv_key), EVP_sha512(), NULL);	if (rc == 0) return -1;	rc = HMAC_Update(ctx, (unsigned char*)msg, len);	if (rc == 0) return -1;	rc = HMAC_Final(ctx,  (unsigned char*)hval, plen);	if (rc == 0) return -1;	(void) HMAC_CTX_cleanup(ctx);	return 0;}

int pbkdf2(const char *pass, const char *salt, long iter, const EVP_MD *digest, unsigned char *out){  unsigned char digtmp[32], itmp[4];  int k, mdlen, saltlen = strlen(salt);  unsigned long j;  HMAC_CTX hctx_tpl, hctx;  mdlen = EVP_MD_size(digest);  HMAC_CTX_init(&hctx_tpl);  HMAC_Init_ex(&hctx_tpl, pass, strlen(pass), digest, NULL);  itmp[0] = itmp[1] = itmp[2] = 0; itmp[3] = 1;  HMAC_CTX_copy(&hctx, &hctx_tpl); HMAC_Update(&hctx, (const unsigned char*)salt, saltlen); HMAC_Update(&hctx, itmp, 4); HMAC_Final(&hctx, digtmp, NULL); HMAC_CTX_cleanup(&hctx);  memcpy(out, digtmp, mdlen);  for (j = 1; j < iter; j++) {    HMAC_CTX_copy(&hctx, &hctx_tpl); HMAC_Update(&hctx, digtmp, mdlen); HMAC_Final(&hctx, digtmp, NULL); HMAC_CTX_cleanup(&hctx);    for (k = 0; k < mdlen; k++) out[k] ^= digtmp[k];  }  HMAC_CTX_cleanup(&hctx_tpl);  return 1;}

char * Crypto_Digest_HMAC (int count, char * algoName,                           char * data, char * key) {  count = count;  HMAC_CTX ctx;  const EVP_MD *md;  unsigned char hmac_value [EVP_MAX_MD_SIZE];  unsigned int hmac_len;  OpenSSL_add_all_digests ();  md = EVP_get_digestbyname (algoName);  if (!md) return "";  HMAC_CTX_init (&ctx);  HMAC_Init_ex (&ctx, key, strlen (key), md, NULL);  HMAC_Update (&ctx, (unsigned char *) data, strlen (data));  HMAC_Final (&ctx, hmac_value, &hmac_len);  HMAC_CTX_cleanup (&ctx);  return Crypto_Digest_MakeHexDigest (hmac_value, hmac_len);;}