自学教程：C++ ASN1_INTEGER_new函数代码示例

RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd,                                      const EVP_MD *mgf1md, int saltlen){    RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new();    if (pss == NULL)        goto err;    if (saltlen != 20) {        pss->saltLength = ASN1_INTEGER_new();        if (pss->saltLength == NULL)            goto err;        if (!ASN1_INTEGER_set(pss->saltLength, saltlen))            goto err;    }    if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd))        goto err;    if (mgf1md == NULL)        mgf1md = sigmd;    if (!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md))        goto err;    if (!rsa_md_to_algor(&pss->maskHash, mgf1md))        goto err;    return pss; err:    RSA_PSS_PARAMS_free(pss);    return NULL;}

static ASN1_INTEGER *create_nonce(int bits){	unsigned char buf[20];	ASN1_INTEGER *nonce = NULL;	int len = (bits - 1) / 8 + 1;	int i;	/* Generating random byte sequence. */	if (len > (int) sizeof(buf))		goto err;	arc4random_buf(buf, len);	/* Find the first non-zero byte and creating ASN1_INTEGER object. */	for (i = 0; i < len && !buf[i]; ++i)		;	if (!(nonce = ASN1_INTEGER_new()))		goto err;	free(nonce->data);	/* Allocate at least one byte. */	nonce->length = len - i;	if (!(nonce->data = malloc(nonce->length + 1)))		goto err;	memcpy(nonce->data, buf + i, nonce->length);	return nonce;err:	BIO_printf(bio_err, "could not create nonce/n");	ASN1_INTEGER_free(nonce);	return NULL;}

/* rsa_ctx_to_pss converts EVP_PKEY_CTX in PSS mode into corresponding * algorithm parameter, suitable for setting as an AlgorithmIdentifier. */static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) {  const EVP_MD *sigmd, *mgf1md;  RSA_PSS_PARAMS *pss = NULL;  ASN1_STRING *os = NULL;  EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);  int saltlen, rv = 0;  if (!EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) ||      !EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) ||      !EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen)) {    goto err;  }  if (saltlen == -1) {    saltlen = EVP_MD_size(sigmd);  } else if (saltlen == -2) {    saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;    if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) {      saltlen--;    }  } else {    goto err;  }  pss = RSA_PSS_PARAMS_new();  if (!pss) {    goto err;  }  if (saltlen != 20) {    pss->saltLength = ASN1_INTEGER_new();    if (!pss->saltLength ||        !ASN1_INTEGER_set(pss->saltLength, saltlen)) {      goto err;    }  }  if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd) ||      !rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md)) {    goto err;  }  /* Finally create string with pss parameter encoding. */  if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os)) {    goto err;  }  rv = 1;err:  if (pss) {    RSA_PSS_PARAMS_free(pss);  }  if (rv) {    return os;  }  if (os) {    ASN1_STRING_free(os);  }  return NULL;}

static ASN1_INTEGER *create_nonce(int bits){    unsigned char buf[20];    ASN1_INTEGER *nonce = NULL;    int len = (bits - 1) / 8 + 1;    int i;    if (len > (int)sizeof(buf))        goto err;    if (RAND_bytes(buf, len) <= 0)        goto err;    /* Find the first non-zero byte and creating ASN1_INTEGER object. */    for (i = 0; i < len && !buf[i]; ++i)        continue;    if ((nonce = ASN1_INTEGER_new()) == NULL)        goto err;    OPENSSL_free(nonce->data);    nonce->length = len - i;    nonce->data = app_malloc(nonce->length + 1, "nonce buffer");    memcpy(nonce->data, buf + i, nonce->length);    return nonce; err:    BIO_printf(bio_err, "could not create nonce/n");    ASN1_INTEGER_free(nonce);    return NULL;}

X509_EXTENSION* AuthorityKeyIdentifierExtension::getX509Extension(){    X509_EXTENSION *ret;    AUTHORITY_KEYID *authKeyId;    ByteArray temp;    authKeyId = AUTHORITY_KEYID_new();    if (this->keyIdentifier.size() > 0)    {        authKeyId->keyid = ASN1_OCTET_STRING_new();        temp = this->keyIdentifier;        ASN1_OCTET_STRING_set(authKeyId->keyid, temp.getDataPointer(), temp.size());    }    if (this->authorityCertIssuer.getNumberOfEntries() > 0)    {        authKeyId->issuer = this->authorityCertIssuer.getInternalGeneralNames();    }    if (this->serialNumber >= 0)    {        authKeyId->serial = ASN1_INTEGER_new();        ASN1_INTEGER_set(authKeyId->serial, this->serialNumber);    }    ret = X509V3_EXT_i2d(NID_authority_key_identifier, this->critical?1:0, (void *)authKeyId);    AUTHORITY_KEYID_free(authKeyId);    return ret;}

DWORDVMCAGetNextCrlNumber(    X509_CRL *pCrl,    DWORD *pNextNum){    DWORD dwError = 0;    ASN1_INTEGER *pCrlNumber = NULL;    long nCrlNum = 0;    if(pCrl == NULL) {        dwError = ERROR_INVALID_PARAMETER;        BAIL_ON_ERROR(dwError);    }    pCrlNumber = ASN1_INTEGER_new();    if(pCrlNumber == NULL) {        dwError = VMCA_OUT_MEMORY_ERR;        BAIL_ON_ERROR(dwError);    }    pCrlNumber = X509_CRL_get_ext_d2i(pCrl, NID_crl_number, 0,0);    nCrlNum = ASN1_INTEGER_get(pCrlNumber);    nCrlNum++;    *pNextNum = nCrlNum;cleanup:    if(pCrlNumber) {        ASN1_INTEGER_free(pCrlNumber);    }    return dwError;error :    goto cleanup;}

int main(int argc, char const *argv[]){	/* code */	long value;	int ret, len, i;	unsigned char *buf = NULL;	unsigned char *p;	ASN1_INTEGER *a = ASN1_INTEGER_new();	ret = ASN1_INTEGER_set(a, 100);	len = i2d_ASN1_INTEGER(a, NULL);	p = buf = malloc(sizeof(unsigned char) * len);	len = i2d_ASN1_INTEGER(a, &buf);	for( i = 0; i < len; i++)	{		//printf("%0x/t", p[i]);		printf("%0x/t", buf[i]);	}	printf("/n");	a= d2i_ASN1_INTEGER(&a, &p, len);	value = ASN1_INTEGER_get(a);	printf("value = %d/n", value);	ASN1_INTEGER_free(a);	return 0;}

ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length){	ASN1_INTEGER *ret = NULL;	const unsigned char *p;	unsigned char *s;	long len;	int inf, tag, xclass;	int i;	if ((a == NULL) || ((*a) == NULL)) {		if ((ret = ASN1_INTEGER_new()) == NULL)			return (NULL);	} else		ret = (*a);	p = *pp;	inf = ASN1_get_object(&p, &len, &tag, &xclass, length);	if (inf & 0x80) {		i = ASN1_R_BAD_OBJECT_HEADER;		goto err;	}	if (tag != V_ASN1_INTEGER) {		i = ASN1_R_EXPECTING_AN_INTEGER;		goto err;	}	/* We must malloc stuff, even for 0 bytes otherwise it	 * signifies a missing NULL parameter. */	s = malloc(len + 1);	if (s == NULL) {		i = ERR_R_MALLOC_FAILURE;		goto err;	}	ret->type = V_ASN1_INTEGER;	if (len) {		if ((*p == 0) && (len != 1)) {			p++;			len--;		}		memcpy(s, p, len);		p += len;	}	free(ret->data);	ret->data = s;	ret->length = (int)len;	if (a != NULL)		(*a) = ret;	*pp = p;	return (ret);err:	ASN1error(i);	if (a == NULL || *a != ret)		ASN1_INTEGER_free(ret);	return (NULL);}

int X509_CRL_set_version(X509_CRL *x, long version){    if (x == NULL)        return (0);    if (x->crl.version == NULL) {        if ((x->crl.version = ASN1_INTEGER_new()) == NULL)            return (0);    }    return (ASN1_INTEGER_set(x->crl.version, version));}

int x509_rsa_ctx_to_pss(EVP_MD_CTX *ctx, X509_ALGOR *algor) {  const EVP_MD *sigmd, *mgf1md;  int saltlen;  if (!EVP_PKEY_CTX_get_signature_md(ctx->pctx, &sigmd) ||      !EVP_PKEY_CTX_get_rsa_mgf1_md(ctx->pctx, &mgf1md) ||      !EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx->pctx, &saltlen)) {    return 0;  }  EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(ctx->pctx);  if (saltlen == -1) {    saltlen = EVP_MD_size(sigmd);  } else if (saltlen == -2) {    saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;    if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) {      saltlen--;    }  } else {    return 0;  }  int ret = 0;  ASN1_STRING *os = NULL;  RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new();  if (!pss) {    goto err;  }  if (saltlen != 20) {    pss->saltLength = ASN1_INTEGER_new();    if (!pss->saltLength ||        !ASN1_INTEGER_set(pss->saltLength, saltlen)) {      goto err;    }  }  if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd) ||      !rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md)) {    goto err;  }  /* Finally create string with pss parameter encoding. */  if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os)) {    goto err;  }  X509_ALGOR_set0(algor, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);  os = NULL;  ret = 1;err:  RSA_PSS_PARAMS_free(pss);  ASN1_STRING_free(os);  return ret;}

intX509_set_version(X509 *x, long version){	if (x == NULL)		return (0);	if (x->cert_info->version == NULL) {		if ((x->cert_info->version = ASN1_INTEGER_new()) == NULL)			return (0);	}	return (ASN1_INTEGER_set(x->cert_info->version, version));}

DWORDVMCAGetCRLInfoPrivate(    PSTR pszFileName,    time_t *ptmLastUpdate,    time_t *ptmNextUpdate,    DWORD  *pdwCRLNumber){    DWORD dwError = 0;    X509_CRL *pCrl = NULL;    ASN1_TIME *pLastUpdate = NULL;    ASN1_TIME *pNextUpdate = NULL;    ASN1_INTEGER *pCrlNumber = NULL;    long nCrlNum = 0;    if (   (IsNullOrEmptyString(pszFileName))        || (ptmNextUpdate == NULL)        || (ptmLastUpdate == NULL)        || (pdwCRLNumber == NULL)        ) {        dwError = ERROR_INVALID_PARAMETER;        BAIL_ON_ERROR(dwError);    }    dwError = VMCAFileToCRL(pszFileName, &pCrl);    BAIL_ON_ERROR(dwError);    pLastUpdate = X509_CRL_get_lastUpdate(pCrl);    pNextUpdate = X509_CRL_get_nextUpdate(pCrl);    pCrlNumber = ASN1_INTEGER_new();    if(pCrlNumber == NULL) {        dwError = VMCA_OUT_MEMORY_ERR;        BAIL_ON_ERROR(dwError);    }    pCrlNumber = X509_CRL_get_ext_d2i(pCrl, NID_crl_number, 0,0);    nCrlNum = ASN1_INTEGER_get(pCrlNumber);    *pdwCRLNumber = nCrlNum;    dwError =  VMCAASN1ToTimeT(pLastUpdate,ptmLastUpdate);    BAIL_ON_ERROR(dwError);    dwError =  VMCAASN1ToTimeT(pNextUpdate,ptmNextUpdate);    BAIL_ON_ERROR(dwError);cleanup:    if(pCrlNumber){        ASN1_INTEGER_free(pCrlNumber);    }    VMCACrlFree(pCrl);    return dwError;error :    goto cleanup;}

ASN1_INTEGER* getRandomSN(){  ASN1_INTEGER* res = ASN1_INTEGER_new();  BIGNUM *btmp = BN_new();  //64 bits of randomness?  BN_pseudo_rand(btmp, 64, 0, 0);  BN_to_ASN1_INTEGER(btmp, res);  BN_free(btmp);  return res;}

static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data)	{	ASN1_INTEGER *serial = ASN1_INTEGER_new();	if (!serial) goto err;	if (!ASN1_INTEGER_set(serial, 1)) goto err;	return serial; err:	TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE);	TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,				    "Error during serial number generation.");	return NULL;	}

static char *handle_serial (char * serial){	int hex = NULL != strchr (serial, ':');	/* Convert serial to a decimal serial when input is	   a hexidecimal representation of the serial */	if (hex)	{		unsigned int i,ii;		char *tmp_serial = (char*) calloc (strlen (serial) + 1,1);		for (i=0,ii=0; '/0'!=serial[i];i++)		{			if (':'!=serial[i])				tmp_serial[ii++]=serial[i];		}		serial=tmp_serial;	}	else	{		unsigned int i;		for (i=0; ! hex && '/0' != serial[i]; i++)			hex = 'a'==serial[i]||'b'==serial[i]||'c'==serial[i]||'d'==serial[i]||'e'==serial[i]||'f'==serial[i];	}	if (hex)	{		ASN1_INTEGER* ai; 		BIGNUM *ret; 		BIO* in = BIO_new_mem_buf(serial, -1);  		char buf[1025];  		ai=ASN1_INTEGER_new();  		if (ai == NULL) return NULL;   		if (!a2i_ASN1_INTEGER(in,ai,buf,1024))   		{			return NULL;   		}   		ret=ASN1_INTEGER_to_BN(ai,NULL);   		if (ret == NULL)   		{			return NULL;   		}   		else   		{    		 serial = BN_bn2dec(ret);   		}  	}	return serial;} /* handle_serial */

X509_EXTENSION* DeltaCRLIndicatorExtension::getX509Extension(){	X509_EXTENSION *ret;	ASN1_INTEGER* baseCrlNumber;		ret = X509_EXTENSION_new();	int rc;	baseCrlNumber = ASN1_INTEGER_new();	ASN1_INTEGER_set(baseCrlNumber, this->baseCrlNumber);		ret = X509V3_EXT_i2d(NID_delta_crl, this->critical?1:0, (void *)baseCrlNumber);	return ret;}

int X509_set_version(X509 *x, long version){    if (x == NULL)        return (0);    if (version == 0) {        ASN1_INTEGER_free(x->cert_info.version);        x->cert_info.version = NULL;        return (1);    }    if (x->cert_info.version == NULL) {        if ((x->cert_info.version = ASN1_INTEGER_new()) == NULL)            return (0);    }    return (ASN1_INTEGER_set(x->cert_info.version, version));}

X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey){	X509 *ret = NULL;	X509_CINF *xi = NULL;	X509_NAME *xn;	if ((ret = X509_new()) == NULL) {		X509error(ERR_R_MALLOC_FAILURE);		goto err;	}	/* duplicate the request */	xi = ret->cert_info;	if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) {		if ((xi->version = ASN1_INTEGER_new()) == NULL)			goto err;		if (!ASN1_INTEGER_set(xi->version, 2))			goto err;/*		xi->extensions=ri->attributes; <- bad, should not ever be done		ri->attributes=NULL; */	}	xn = X509_REQ_get_subject_name(r);	if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0)		goto err;	if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0)		goto err;	if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL)		goto err;	if (X509_gmtime_adj(xi->validity->notAfter,	    (long)60 * 60 * 24 * days) == NULL)		goto err;	X509_set_pubkey(ret, X509_REQ_get_pubkey(r));	if (!X509_sign(ret, pkey, EVP_md5()))		goto err;	if (0) {err:		X509_free(ret);		ret = NULL;	}	return (ret);}

static gbooleanSetCertSerialNumber(X509 *cert)                  // IN{   BIGNUM *btmp = NULL;   ASN1_INTEGER *sno;   gboolean ret = FALSE;   gchar *err = NULL;   sno = ASN1_INTEGER_new();   if (!sno) {      Error("Failed to allocate an ASN1 integer./n");      goto exit;   }   btmp = BN_new();   if (!btmp) {      Error("Failed to allocate a BIGNUM structure./n");      goto exit;   }   if (!BN_rand(btmp, 64, 0, 0)) {      Error("Failed to generate random number: %s./n",            GetSSLError(&err));      goto exit;   }   if (!BN_to_ASN1_INTEGER(btmp, sno)) {      Error("Failed to convert from BIGNUM to ASN1_INTEGER: %s./n",            GetSSLError(&err));      goto exit;   }   if (!X509_set_serialNumber(cert, sno)) {      Error("Failed to set the certificate serial number: %s./n",            GetSSLError(&err));      goto exit;   }   ret = TRUE;exit:   BN_free(btmp);   ASN1_INTEGER_free(sno);   g_free(err);   return ret;}

static ASN1_INTEGER *next_serial(const char *serialfile){    int ret = 0;    BIO *in = NULL;    ASN1_INTEGER *serial = NULL;    BIGNUM *bn = NULL;    if ((serial = ASN1_INTEGER_new()) == NULL)        goto err;    if ((in = BIO_new_file(serialfile, "r")) == NULL) {        ERR_clear_error();        BIO_printf(bio_err, "Warning: could not open file %s for "                   "reading, using serial number: 1/n", serialfile);        if (!ASN1_INTEGER_set(serial, 1))            goto err;    } else {        char buf[1024];        if (!a2i_ASN1_INTEGER(in, serial, buf, sizeof(buf))) {            BIO_printf(bio_err, "unable to load number from %s/n",                       serialfile);            goto err;        }        if ((bn = ASN1_INTEGER_to_BN(serial, NULL)) == NULL)            goto err;        ASN1_INTEGER_free(serial);        serial = NULL;        if (!BN_add_word(bn, 1))            goto err;        if ((serial = BN_to_ASN1_INTEGER(bn, NULL)) == NULL)            goto err;    }    ret = 1; err:    if (!ret) {        ASN1_INTEGER_free(serial);        serial = NULL;    }    BIO_free_all(in);    BN_free(bn);    return serial;}

ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai){	ASN1_INTEGER *ret;	int len, j;	if (ai == NULL)		ret = ASN1_INTEGER_new();	else		ret = ai;	if (ret == NULL) {		ASN1error(ERR_R_NESTED_ASN1_ERROR);		goto err;	}	if (BN_is_negative(bn))		ret->type = V_ASN1_NEG_INTEGER;	else		ret->type = V_ASN1_INTEGER;	j = BN_num_bits(bn);	len = ((j == 0) ? 0 : ((j / 8) + 1));	if (ret->length < len + 4) {		unsigned char *new_data = realloc(ret->data, len + 4);		if (!new_data) {			ASN1error(ERR_R_MALLOC_FAILURE);			goto err;		}		ret->data = new_data;	}	ret->length = BN_bn2bin(bn, ret->data);	/* Correct zero case */	if (!ret->length) {		ret->data[0] = 0;		ret->length = 1;	}	return (ret);err:	if (ret != ai)		ASN1_INTEGER_free(ret);	return (NULL);}

X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md){	X509_REQ *ret;	X509_REQ_INFO *ri;	int i;	EVP_PKEY *pktmp;	ret = X509_REQ_new();	if (ret == NULL) {		X509error(ERR_R_MALLOC_FAILURE);		goto err;	}	ri = ret->req_info;	if ((ri->version = ASN1_INTEGER_new()) == NULL)		goto err;	if (ASN1_INTEGER_set(ri->version, 0) == 0)		goto err;	if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x)))		goto err;	if ((pktmp = X509_get_pubkey(x)) == NULL)		goto err;	i = X509_REQ_set_pubkey(ret, pktmp);	EVP_PKEY_free(pktmp);	if (!i)		goto err;	if (pkey != NULL) {		if (!X509_REQ_sign(ret, pkey, md))			goto err;	}	return (ret);err:	X509_REQ_free(ret);	return (NULL);}

/* * Creates a x509v3 extension containing a nvcounter encapsulated in an ASN1 * Integer * * Parameters: *   pex: OpenSSL extension pointer (output parameter) *   nid: extension identifier *   crit: extension critical (EXT_NON_CRIT, EXT_CRIT) *   value: nvcounter value * * Return: Extension address, NULL if error */X509_EXTENSION *ext_new_nvcounter(int nid, int crit, int value){	X509_EXTENSION *ex;	ASN1_INTEGER *counter;	unsigned char *p = NULL;	int sz;	/* Encode counter */	counter = ASN1_INTEGER_new();	ASN1_INTEGER_set(counter, value);	sz = i2d_ASN1_INTEGER(counter, &p);	/* Create the extension */	ex = ext_new(nid, crit, p, sz);	/* Free objects */	OPENSSL_free(p);	ASN1_INTEGER_free(counter);	return ex;}

static OCSP_BASICRESP *make_dummy_resp(void){    const unsigned char namestr[] = "openssl.example.com";    unsigned char keybytes[128] = {7};    OCSP_BASICRESP *bs = OCSP_BASICRESP_new();    OCSP_BASICRESP *bs_out = NULL;    OCSP_CERTID *cid = NULL;    ASN1_TIME *thisupd = ASN1_TIME_set(NULL, time(NULL));    ASN1_TIME *nextupd = ASN1_TIME_set(NULL, time(NULL) + 200);    X509_NAME *name = X509_NAME_new();    ASN1_BIT_STRING *key = ASN1_BIT_STRING_new();    ASN1_INTEGER *serial = ASN1_INTEGER_new();    if (!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC,                                   namestr, -1, -1, 1)        || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes))        || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1))        goto err;    cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial);    if (!TEST_ptr(bs)        || !TEST_ptr(thisupd)        || !TEST_ptr(nextupd)        || !TEST_ptr(cid)        || !TEST_true(OCSP_basic_add1_status(bs, cid,                                             V_OCSP_CERTSTATUS_UNKNOWN,                                             0, NULL, thisupd, nextupd)))        goto err;    bs_out = bs;    bs = NULL; err:    ASN1_TIME_free(thisupd);    ASN1_TIME_free(nextupd);    ASN1_BIT_STRING_free(key);    ASN1_INTEGER_free(serial);    OCSP_CERTID_free(cid);    OCSP_BASICRESP_free(bs);    X509_NAME_free(name);    return bs_out;}

/* Set up a mac structure */intPKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,    const EVP_MD *md_type){	if (!(p12->mac = PKCS12_MAC_DATA_new()))		return PKCS12_ERROR;	if (iter > 1) {		if (!(p12->mac->iter = ASN1_INTEGER_new())) {			PKCS12err(PKCS12_F_PKCS12_SETUP_MAC,			    ERR_R_MALLOC_FAILURE);			return 0;		}		if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {			PKCS12err(PKCS12_F_PKCS12_SETUP_MAC,			    ERR_R_MALLOC_FAILURE);			return 0;		}	}	if (!saltlen)		saltlen = PKCS12_SALT_LEN;	if (!(p12->mac->salt->data = malloc(saltlen))) {		PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);		return 0;	}	p12->mac->salt->length = saltlen;	if (!salt)		arc4random_buf(p12->mac->salt->data, saltlen);	else		memcpy (p12->mac->salt->data, salt, saltlen);	p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));	if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {		PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);		return 0;	}	p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;	return 1;}

/* Taken from openssl certmodule.c */static int certificate_set_serial(X509 *x){        ASN1_INTEGER *sno = ASN1_INTEGER_new();        BIGNUM *bn = NULL;        int rv = 0;                bn = BN_new();                if (!bn) {                ASN1_INTEGER_free(sno);                return 0;        }                if (BN_pseudo_rand(bn, SERIAL_RAND_BITS, 0, 0) == 1 &&            (sno = BN_to_ASN1_INTEGER(bn, sno)) != NULL &&            X509_set_serialNumber(x, sno) == 1)                rv = 1;                BN_free(bn);        ASN1_INTEGER_free(sno);                return rv;}

//.........这里部分代码省略.........			(req->req_info->pubkey->public_key->data == NULL))			{			BIO_printf(bio_err,"The certificate request appears to corrupted/n");			BIO_printf(bio_err,"It does not contain a public key/n");			goto end;			}		if ((pkey=X509_REQ_get_pubkey(req)) == NULL)	                {	                BIO_printf(bio_err,"error unpacking public key/n");	                goto end;	                }		i=X509_REQ_verify(req,pkey);		EVP_PKEY_free(pkey);		if (i < 0)			{			BIO_printf(bio_err,"Signature verification error/n");			ERR_print_errors(bio_err);			goto end;			}	        if (i == 0)			{			BIO_printf(bio_err,"Signature did not match the certificate request/n");			goto end;			}		else			BIO_printf(bio_err,"Signature ok/n");		print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);		if ((x=X509_new()) == NULL) goto end;		if (sno == NULL)			{			sno = ASN1_INTEGER_new();			if (!sno || !rand_serial(NULL, sno))				goto end;			if (!X509_set_serialNumber(x, sno)) 				goto end;			ASN1_INTEGER_free(sno);			sno = NULL;			}		else if (!X509_set_serialNumber(x, sno)) 			goto end;		if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;		if (!X509_set_subject_name(x,req->req_info->subject)) goto end;		X509_gmtime_adj(X509_get_notBefore(x),0);	        X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL);		pkey = X509_REQ_get_pubkey(req);		X509_set_pubkey(x,pkey);		EVP_PKEY_free(pkey);		}	else		x=load_cert(bio_err,infile,informat,NULL,e,"Certificate");	if (x == NULL) goto end;	if (CA_flag)		{		xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate");		if (xca == NULL) goto end;		}	if (!noout || text || next_serial)		{

static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen,                                    size_t keylen, uint64_t N, uint64_t r,                                    uint64_t p){    X509_ALGOR *keyfunc = NULL;    SCRYPT_PARAMS *sparam = NULL;    sparam = SCRYPT_PARAMS_new();    if (sparam == NULL)        goto merr;    if (!saltlen)        saltlen = PKCS5_SALT_LEN;    /* This will either copy salt or grow the buffer */    if (ASN1_STRING_set(sparam->salt, salt, saltlen) == 0)        goto merr;    if (salt == NULL && RAND_bytes(sparam->salt->data, saltlen) <= 0)        goto err;    if (ASN1_INTEGER_set_uint64(sparam->costParameter, N) == 0)        goto merr;    if (ASN1_INTEGER_set_uint64(sparam->blockSize, r) == 0)        goto merr;    if (ASN1_INTEGER_set_uint64(sparam->parallelizationParameter, p) == 0)        goto merr;    /* If have a key len set it up */    if (keylen > 0) {        sparam->keyLength = ASN1_INTEGER_new();        if (sparam->keyLength == NULL)            goto merr;        if (ASN1_INTEGER_set_int64(sparam->keyLength, keylen) == 0)            goto merr;    }    /* Finally setup the keyfunc structure */    keyfunc = X509_ALGOR_new();    if (keyfunc == NULL)        goto merr;    keyfunc->algorithm = OBJ_nid2obj(NID_id_scrypt);    /* Encode SCRYPT_PARAMS into parameter of pbe2 */    if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), sparam,                                &keyfunc->parameter) == NULL)        goto merr;    SCRYPT_PARAMS_free(sparam);    return keyfunc; merr:    ASN1err(ASN1_F_PKCS5_SCRYPT_SET, ERR_R_MALLOC_FAILURE); err:    SCRYPT_PARAMS_free(sparam);    X509_ALGOR_free(keyfunc);    return NULL;}

//.........这里部分代码省略.........            (req->req_info->pubkey == NULL) ||            (req->req_info->pubkey->public_key == NULL) ||            (req->req_info->pubkey->public_key->data == NULL)) {            BIO_printf(bio_err,                       "The certificate request appears to corrupted/n");            BIO_printf(bio_err, "It does not contain a public key/n");            goto end;        }        if ((pkey = X509_REQ_get_pubkey(req)) == NULL) {            BIO_printf(bio_err, "error unpacking public key/n");            goto end;        }        i = X509_REQ_verify(req, pkey);        EVP_PKEY_free(pkey);        if (i < 0) {            BIO_printf(bio_err, "Signature verification error/n");            ERR_print_errors(bio_err);            goto end;        }        if (i == 0) {            BIO_printf(bio_err,                       "Signature did not match the certificate request/n");            goto end;        } else            BIO_printf(bio_err, "Signature ok/n");        print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),                   nmflag);        if ((x = X509_new()) == NULL)            goto end;        if (sno == NULL) {            sno = ASN1_INTEGER_new();            if (!sno || !rand_serial(NULL, sno))                goto end;            if (!X509_set_serialNumber(x, sno))                goto end;            ASN1_INTEGER_free(sno);            sno = NULL;        } else if (!X509_set_serialNumber(x, sno))            goto end;        if (!X509_set_issuer_name(x, req->req_info->subject))            goto end;        if (!X509_set_subject_name(x, req->req_info->subject))            goto end;        X509_gmtime_adj(X509_get_notBefore(x), 0);        X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL);        if (fkey)            X509_set_pubkey(x, fkey);        else {            pkey = X509_REQ_get_pubkey(req);            X509_set_pubkey(x, pkey);            EVP_PKEY_free(pkey);        }    } else        x = load_cert(infile, informat, NULL, e, "Certificate");    if (x == NULL)        goto end;    if (CA_flag) {        xca = load_cert(CAfile, CAformat, NULL, e, "CA Certificate");        if (xca == NULL)            goto end;

static ERL_NIF_TERM x509_make_cert_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]){  int expiry, serial;  ASN1_INTEGER *asn1serial = NULL;  BIGNUM *bn_rsa_genkey=NULL;  BIO *bio_signing_private=NULL, *bio_issuer_cert = NULL, *bio_newcert_public = NULL;  BIO *bio_x509=NULL;  char *issuer_cert_pem=NULL;  X509 *pX509 = NULL;  X509 *pIssuerX509 = NULL;  X509_NAME *pX509Name = NULL;  X509_NAME *pIssuerName = NULL;  x509_subject_entry *subject_entries;  int num_subject_entries;  int iret = 0;  RSA *rsa=NULL;  unsigned long f4=RSA_F4;  unsigned args_len=-1;  char *signing_keys[2], *cert_keys[2];  ERL_NIF_TERM tail, *arg_terms=NULL;  int idx;  ERL_NIF_TERM ret, x509term;  int x509len;  unsigned char *x509data;  EVP_PKEY *evp_signing_private = EVP_PKEY_new();  EVP_PKEY *evp_newcert_public_key = EVP_PKEY_new();  /* set RSA key gen type */  bn_rsa_genkey = BN_new();  BN_set_word(bn_rsa_genkey, f4);  //  // 1. stick subject of CA cert into NewCert  // 2. stick public key of NewKeypair into NewCert  // 3. sign NewCert with CA keypair  /* Should be 6 elements in the list of X509 parameters.  We'll check each */  if(!enif_get_list_length(env, argv[0], &args_len) || args_len != 6 ||     NULL == (arg_terms = (ERL_NIF_TERM*)malloc(args_len * sizeof(ERL_NIF_TERM)))) return enif_make_badarg(env);    enif_get_list_cell(env, argv[0], &arg_terms[0], &tail);  for(idx=1; idx<args_len; idx++){    if(!enif_get_list_cell(env, tail, &arg_terms[idx], &tail)){      free(arg_terms);      return enif_make_badarg(env);    }  }    idx=0;  /* get the signing private key */  x509_parse_keypair(env, "signing_key", arg_terms[idx++], signing_keys);  /* get the issuer cert */  x509_parse_issuer_cert(env, arg_terms[idx++], &issuer_cert_pem);  /* get the soon-to-be cert's public key */  x509_parse_keypair(env, "newcert_public_key", arg_terms[idx++], cert_keys);  /* get the subject */  x509_parse_subject(env, arg_terms[idx++], &num_subject_entries, &subject_entries);  /* get the serial number */  x509_parse_int_tuple(env, arg_terms[idx++], "serial", &serial);  /* get the expiry */  x509_parse_int_tuple(env, arg_terms[idx++], "expiry", &expiry);  /* work the OpenSSL cert creation magic */  if ((bio_signing_private = BIO_new_mem_buf(signing_keys[1], -1))      && (rsa = PEM_read_bio_RSAPrivateKey(bio_signing_private, NULL, NULL, NULL))      && (iret = EVP_PKEY_assign_RSA(evp_signing_private, rsa))                    && (bio_newcert_public = BIO_new_mem_buf(cert_keys[0], -1))      && (evp_newcert_public_key = PEM_read_bio_PUBKEY(bio_newcert_public, NULL, NULL, NULL))                    && (bio_issuer_cert = BIO_new_mem_buf(issuer_cert_pem, -1))      && (pIssuerX509 = PEM_read_bio_X509(bio_issuer_cert, NULL, NULL, NULL))      && (pX509 = X509_new())) {    /* if we've managed to generate a key and allocate structure memory,       set X509 fields */    asn1serial = ASN1_INTEGER_new();    X509_set_version(pX509, 2); /* cert_helper uses '3' here */    ASN1_INTEGER_set(asn1serial, serial);    X509_set_serialNumber(pX509, asn1serial);    X509_gmtime_adj(X509_get_notBefore(pX509),0);    X509_gmtime_adj(X509_get_notAfter(pX509),(long)60*60*24*expiry);    X509_set_pubkey(pX509, evp_newcert_public_key);    pX509Name = X509_get_subject_name(pX509);        while(--num_subject_entries >= 0){      X509_NAME_add_entry_by_txt(pX509Name, (subject_entries[num_subject_entries]).name,                                 MBSTRING_ASC, (unsigned char*)(subject_entries[num_subject_entries]).value, -1, -1, 0);    }        pIssuerName = X509_get_issuer_name(pIssuerX509);    X509_set_issuer_name(pX509, pIssuerName);    X509_sign(pX509, evp_signing_private, digest);        bio_x509 = BIO_new(BIO_s_mem());    PEM_write_bio_X509(bio_x509, pX509);//.........这里部分代码省略.........