自学教程：C++ ASN1_item_i2d函数代码示例

EXPORT_C int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,	     void *asn, EVP_PKEY *pkey)	{	EVP_MD_CTX ctx;	const EVP_MD *type;	unsigned char *buf_in=NULL;	int ret= -1,i,inl;	EVP_MD_CTX_init(&ctx);	i=OBJ_obj2nid(a->algorithm);	type=EVP_get_digestbyname(OBJ_nid2sn(i));	if (type == NULL)		{		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);		goto err;		}	if (!EVP_VerifyInit_ex(&ctx,type, NULL))		{		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);		ret=0;		goto err;		}	inl = ASN1_item_i2d(asn, &buf_in, it);		if (buf_in == NULL)		{		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);		goto err;		}	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);	OPENSSL_cleanse(buf_in,(unsigned int)inl);	OPENSSL_free(buf_in);	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,			(unsigned int)signature->length,pkey) <= 0)		{		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);		ret=0;		goto err;		}	/* we don't need to zero the 'ctx' because we just checked	 * public information */	/* memset(&ctx,0,sizeof(ctx)); */	ret=1;err:	EVP_MD_CTX_cleanup(&ctx);	return(ret);	}

int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x){    unsigned char *b = NULL;    int n = ASN1_item_i2d(x, &b, it);    if (b == NULL) {        OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);        return 0;    }    int ret = BIO_write_all(out, b, n);    OPENSSL_free(b);    return ret;}

int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, ASN1_VALUE *val)	{	static const char req_hdr[] =			"Content-Type: application/ocsp-request/r/n"			"Content-Length: %d/r/n/r/n";	int reqlen = ASN1_item_i2d(val, NULL, it);        if (BIO_printf(rctx->mem, req_hdr, reqlen) <= 0)		return 0;        if (ASN1_item_i2d_bio(it, rctx->mem, val) <= 0)		return 0;	rctx->state = OHS_ASN1_WRITE_INIT;	return 1;	}

int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,		unsigned char *md, unsigned int *len)	{	int i;	unsigned char *str = NULL;	i=ASN1_item_i2d(asn,&str, it);	if (!str) return(0);	EVP_Digest(str, i, md, len, type, NULL);	OPENSSL_free(str);	return(1);	}

void *ASN1_item_dup(const ASN1_ITEM *it, void *x)	{	unsigned char *b = NULL, *p;	long i;	void *ret;	if (x == NULL) return(NULL);	i=ASN1_item_i2d(x,&b,it);	if (b == NULL)		{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }	p= b;	ret=ASN1_item_d2i(NULL,&p,i, it);	OPENSSL_free(b);	return(ret);	}

static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,                                  int ext_nid, int crit, void *ext_struc){    unsigned char *ext_der = NULL;    int ext_len;    ASN1_OCTET_STRING *ext_oct = NULL;    X509_EXTENSION *ext;    /* Convert internal representation to DER */    if (method->it) {        ext_der = NULL;        ext_len =            ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));        if (ext_len < 0)            goto merr;    } else {        unsigned char *p;        ext_len = method->i2d(ext_struc, NULL);        if ((ext_der = OPENSSL_malloc(ext_len)) == NULL)            goto merr;        p = ext_der;        method->i2d(ext_struc, &p);    }    if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL)        goto merr;    ext_oct->data = ext_der;    ext_der = NULL;    ext_oct->length = ext_len;    ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);    if (!ext)        goto merr;    ASN1_OCTET_STRING_free(ext_oct);    return ext; merr:    X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE);    OPENSSL_free(ext_der);    ASN1_OCTET_STRING_free(ext_oct);    return NULL;}

static LUA_FUNCTION(openssl_csr_sign){  X509_REQ * csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req");  EVP_PKEY *pkey = CHECK_OBJECT(2, EVP_PKEY, "openssl.evp_pkey");  if (openssl_pkey_is_private(pkey))  {    const EVP_MD* md = get_digest(L, 3);    return openssl_pushresult(L, X509_REQ_sign(csr, pkey, md));  } else if (lua_isnoneornil(L, 3) && X509_REQ_set_pubkey(csr, pkey))  {    unsigned char* tosign = NULL;    const ASN1_ITEM *it = ASN1_ITEM_rptr(X509_REQ_INFO);    int inl = ASN1_item_i2d((void*)csr->req_info, &tosign, it);    if (inl > 0 && tosign)    {      lua_pushlstring(L, (const char*)tosign, inl);      OPENSSL_free(tosign);      return 1;    }    return openssl_pushresult(L, 0);  } else {    size_t siglen;    const unsigned char* sigdata = (const unsigned char*)luaL_checklstring(L, 3, &siglen);    const EVP_MD* md = get_digest(L, 4);    /* (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) ? V_ASN1_NULL : V_ASN1_UNDEF, */    X509_ALGOR_set0(csr->sig_alg, OBJ_nid2obj(md->pkey_type), V_ASN1_NULL, NULL);    if (csr->signature->data != NULL)      OPENSSL_free(csr->signature->data);    csr->signature->data = OPENSSL_malloc(siglen);    memcpy(csr->signature->data, sigdata, siglen);    csr->signature->length = siglen;    /*    * In the interests of compatibility, I'll make sure that the bit string    * has a 'not-used bits' value of 0    */    csr->signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);    csr->signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;    lua_pushboolean(L, 1);    return 1;  }}

int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,                     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey){    EVP_MD_CTX ctx;    uint8_t *buf_in = NULL;    int ret = 0, inl = 0;    if (!pkey) {        OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER);        return 0;    }    if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {        OPENSSL_PUT_ERROR(X509, X509_R_INVALID_BIT_STRING_BITS_LEFT);        return 0;    }    EVP_MD_CTX_init(&ctx);    if (!x509_digest_verify_init(&ctx, a, pkey)) {        goto err;    }    inl = ASN1_item_i2d(asn, &buf_in, it);    if (buf_in == NULL) {        OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);        goto err;    }    if (!EVP_DigestVerify(&ctx, signature->data, (size_t)signature->length,                          buf_in, inl)) {        OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB);        goto err;    }    ret = 1;err:    OPENSSL_free(buf_in);    EVP_MD_CTX_cleanup(&ctx);    return ret;}

inti2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out){	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_BAGS_it);}

inti2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out){	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_MAC_DATA_it);}

inti2d_X509_EXTENSIONS(X509_EXTENSIONS *a, unsigned char **out){	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_EXTENSIONS_it);}

//.........这里部分代码省略.........					if (!(sign_time=X509_gmtime_adj(NULL,0)))						{						PKCS7err(PKCS7_F_PKCS7_DATAFINAL,							ERR_R_MALLOC_FAILURE);						goto err;						}					PKCS7_add_signed_attribute(si,						NID_pkcs9_signingTime,						V_ASN1_UTCTIME,sign_time);					}				/* Add digest */				md_tmp=EVP_MD_CTX_md(&ctx_tmp);				EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);				if (!(digest=M_ASN1_OCTET_STRING_new()))					{					PKCS7err(PKCS7_F_PKCS7_DATAFINAL,						ERR_R_MALLOC_FAILURE);					goto err;					}				if (!M_ASN1_OCTET_STRING_set(digest,md_data,								md_len))					{					PKCS7err(PKCS7_F_PKCS7_DATAFINAL,						ERR_R_MALLOC_FAILURE);					goto err;					}				PKCS7_add_signed_attribute(si,					NID_pkcs9_messageDigest,					V_ASN1_OCTET_STRING,digest);				/* Now sign the attributes */				EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);				alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,							ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));				if(!abuf) goto err;				EVP_SignUpdate(&ctx_tmp,abuf,alen);				OPENSSL_free(abuf);				}#ifndef OPENSSL_NO_DSA			if (si->pkey->type == EVP_PKEY_DSA)				ctx_tmp.digest=EVP_dss1();#endif#ifndef OPENSSL_NO_ECDSA 			if (si->pkey->type == EVP_PKEY_EC) 				ctx_tmp.digest=EVP_ecdsa();#endif			if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,				(unsigned int *)&buf->length,si->pkey))				{				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB);				goto err;				}			if (!ASN1_STRING_set(si->enc_digest,				(unsigned char *)buf->data,buf->length))				{				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB);				goto err;				}			}		}	else if (i == NID_pkcs7_digest)		{		unsigned char md_data[EVP_MAX_MD_SIZE];

inti2d_X509_REVOKED(X509_REVOKED *a, unsigned char **out){	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_REVOKED_it);}

inti2d_GENERAL_NAMES(GENERAL_NAMES *a, unsigned char **out){	return ASN1_item_i2d((ASN1_VALUE *)a, out, &GENERAL_NAMES_it);}

inti2d_EDIPARTYNAME(EDIPARTYNAME *a, unsigned char **out){	return ASN1_item_i2d((ASN1_VALUE *)a, out, &EDIPARTYNAME_it);}

inti2d_OTHERNAME(OTHERNAME *a, unsigned char **out){	return ASN1_item_i2d((ASN1_VALUE *)a, out, &OTHERNAME_it);}

int i2d_ASN1_INTEGER(const ASN1_INTEGER *a, unsigned char **out){    return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(ASN1_INTEGER));}

inti2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out){	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_SAFEBAG_it);}

inti2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **out){	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CRL_INFO_it);}

inti2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a, unsigned char **out){	return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_SPKAC_it);}

int ASN1_item_sign_ctx(const ASN1_ITEM *it,                       X509_ALGOR *algor1, X509_ALGOR *algor2,                       ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx){    const EVP_MD *type;    EVP_PKEY *pkey;    unsigned char *buf_in = NULL, *buf_out = NULL;    size_t inl = 0, outl = 0, outll = 0;    int signid, paramtype;    int rv;    type = EVP_MD_CTX_md(ctx);    pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);    if (!type || !pkey) {        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);        return 0;    }    if (pkey->ameth->item_sign) {        rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature);        if (rv == 1)            outl = signature->length;        /*-         * Return value meanings:         * <=0: error.         *   1: method does everything.         *   2: carry on as normal.         *   3: ASN1 method sets algorithm identifiers: just sign.         */        if (rv <= 0)            ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);        if (rv <= 1)            goto err;    } else        rv = 2;    if (rv == 2) {        if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {            if (!pkey->ameth ||                !OBJ_find_sigid_by_algs(&signid,                                        EVP_MD_nid(type),                                        pkey->ameth->pkey_id)) {                ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,                        ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);                return 0;            }        } else            signid = type->pkey_type;        if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)            paramtype = V_ASN1_NULL;        else            paramtype = V_ASN1_UNDEF;        if (algor1)            X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);        if (algor2)            X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);    }    inl = ASN1_item_i2d(asn, &buf_in, it);    outll = outl = EVP_PKEY_size(pkey);    buf_out = OPENSSL_malloc((unsigned int)outl);    if ((buf_in == NULL) || (buf_out == NULL)) {        outl = 0;        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE);        goto err;    }    if (!EVP_DigestSignUpdate(ctx, buf_in, inl)        || !EVP_DigestSignFinal(ctx, buf_out, &outl)) {        outl = 0;        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);        goto err;    }    if (signature->data != NULL)        OPENSSL_free(signature->data);    signature->data = buf_out;    buf_out = NULL;    signature->length = outl;    /*     * In the interests of compatibility, I'll make sure that the bit string     * has a 'not-used bits' value of 0     */    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err:    EVP_MD_CTX_cleanup(ctx);    if (buf_in != NULL) {        OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);        OPENSSL_free(buf_in);    }    if (buf_out != NULL) {        OPENSSL_cleanse((char *)buf_out, outll);        OPENSSL_free(buf_out);    }    return (outl);//.........这里部分代码省略.........

inti2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **out){	return ASN1_item_i2d((ASN1_VALUE *)a, out, &BASIC_CONSTRAINTS_it);}

                      ASN1_ITEM_rptr(X509_EXTENSIONS));}/* * Add a STACK_OF extensions to a certificate request: allow alternative OIDs * in case we want to create a non standard one. */int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,                                int nid){    int extlen;    int rv = 0;    unsigned char *ext = NULL;    /* Generate encoding of extensions */    extlen = ASN1_item_i2d((ASN1_VALUE *)exts, &ext,                           ASN1_ITEM_rptr(X509_EXTENSIONS));    if (extlen <= 0)        return 0;    rv = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen);    OPENSSL_free(ext);    return rv;}/* This is the normal usage: use the "official" OID */int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts){    return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);}/* Request attribute functions */

inti2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a, unsigned char **out){	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_ATTRIBUTE_it);}

inti2d_X509(X509 *a, unsigned char **out){	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_it);}

static X509_EXTENSION* openssl_new_xextension(lua_State*L, int idx, int v3){  int nid;  int critical = 0;  ASN1_OCTET_STRING* value = NULL;  X509_EXTENSION* y = NULL;  lua_getfield(L, idx, "object");  nid = openssl_get_nid(L, -1);  lua_pop(L, 1);  lua_getfield(L, idx, "critical");  critical = lua_isnil(L, -1) ? 0 : lua_toboolean(L, -1);  lua_pop(L, 1);  if (nid == NID_undef)  {    lua_pushfstring(L, "%s is not valid object id", lua_tostring(L, -1));    luaL_argerror(L, idx, lua_tostring(L, -1));  }  lua_getfield(L, idx, "value");  luaL_argcheck(L, lua_isstring(L, -1) || auxiliar_isgroup(L, "openssl.asn1group", -1),                1, "field value must be string or openssl.asn1group object");  if (lua_isstring(L, -1))  {    size_t size;    const char* data = lua_tolstring(L, -1, &size);    if (v3)    {      const X509V3_EXT_METHOD *method = X509V3_EXT_get_nid(nid);      if (method)      {        void *ext_struc = NULL;        STACK_OF(CONF_VALUE) *nval = X509V3_parse_list(data);        /* Now get internal extension representation based on type */        if (method->v2i && nval)        {          if (sk_CONF_VALUE_num(nval) > 0)          {            ext_struc = method->v2i(method, NULL, nval);          }        }        else if (method->s2i)        {          ext_struc = method->s2i(method, NULL, data);        }        if (nval)          sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);        if (ext_struc)        {          unsigned char *ext_der = NULL;          int ext_len;          /* Convert internal representation to DER */          if (method->it)          {            ext_der = NULL;            ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));            if (ext_len < 0)            {              ext_der = NULL;            }          }          else          {            ext_len = method->i2d(ext_struc, NULL);            ext_der = OPENSSL_malloc(ext_len);            if (ext_der)            {              unsigned char* p = ext_der;              method->i2d(ext_struc, &p);            }          }          if (ext_der)          {            value = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);            ASN1_STRING_set(value, ext_der, ext_len);          }          else            value = NULL;          if (method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));          else method->ext_free(ext_struc);        }      }    }    else    {      value = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);      ASN1_STRING_set(value, data, size);    }    if (value)    {      y = X509_EXTENSION_create_by_NID(NULL, nid, critical, value);      ASN1_STRING_free(value);      return y;    }    else    {//.........这里部分代码省略.........

int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,		ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)	{	EVP_MD_CTX ctx;	unsigned char *buf_in=NULL;	int ret= -1,inl;	int mdnid, pknid;	if (!pkey)		{		ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);		return -1;		}	EVP_MD_CTX_init(&ctx);	/* Convert signature OID into digest and public key OIDs */	if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid))		{		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);		goto err;		}	if (mdnid == NID_undef)		{		if (!pkey->ameth || !pkey->ameth->item_verify)			{			ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);			goto err;			}		ret = pkey->ameth->item_verify(&ctx, it, asn, a,							signature, pkey);		/* Return value of 2 means carry on, anything else means we		 * exit straight away: either a fatal error of the underlying		 * verification routine handles all verification.		 */		if (ret != 2)			goto err;		ret = -1;		}	else		{		const EVP_MD *type;		type=EVP_get_digestbynid(mdnid);		if (type == NULL)			{			ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);			goto err;			}		/* Check public key OID matches public key type */		if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)			{			ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);			goto err;			}		if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey))			{			ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);			ret=0;			goto err;			}		}	inl = ASN1_item_i2d(asn, &buf_in, it);		if (buf_in == NULL)		{		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);		goto err;		}	if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl))		{		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);		ret=0;		goto err;		}	OPENSSL_cleanse(buf_in,(unsigned int)inl);	OPENSSL_free(buf_in);	if (EVP_DigestVerifyFinal(&ctx,signature->data,			(size_t)signature->length) <= 0)		{		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);		ret=0;		goto err;		}	/* we don't need to zero the 'ctx' because we just checked	 * public information */	/* memset(&ctx,0,sizeof(ctx)); */	ret=1;err:	EVP_MD_CTX_cleanup(&ctx);	return(ret);	}

inti2d_PROXY_CERT_INFO_EXTENSION(PROXY_CERT_INFO_EXTENSION *a, unsigned char **out){	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PROXY_CERT_INFO_EXTENSION_it);}

int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,                          X509 *x509){    ASN1_OCTET_STRING *os;    EVP_MD_CTX mdc_tmp, *mdc;    int ret = 0, i;    int md_type;    STACK_OF(X509_ATTRIBUTE) *sk;    BIO *btmp;    EVP_PKEY *pkey;    EVP_MD_CTX_init(&mdc_tmp);    if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) {        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);        goto err;    }    md_type = OBJ_obj2nid(si->digest_alg->algorithm);    btmp = bio;    for (;;) {        if ((btmp == NULL) ||            ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);            goto err;        }        BIO_get_md_ctx(btmp, &mdc);        if (mdc == NULL) {            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_INTERNAL_ERROR);            goto err;        }        if (EVP_MD_CTX_type(mdc) == md_type)            break;        /*         * Workaround for some broken clients that put the signature OID         * instead of the digest OID in digest_alg->algorithm         */        if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)            break;        btmp = BIO_next(btmp);    }    /*     * mdc is the digest ctx that we want, unless there are attributes, in     * which case the digest is the signed attributes     */    if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc))        goto err;    sk = si->auth_attr;    if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {        unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;        unsigned int md_len;        int alen;        ASN1_OCTET_STRING *message_digest;        if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len))            goto err;        message_digest = PKCS7_digest_from_attributes(sk);        if (!message_digest) {            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);            goto err;        }        if ((message_digest->length != (int)md_len) ||            (memcmp(message_digest->data, md_dat, md_len))) {#if 0            {                int ii;                for (ii = 0; ii < message_digest->length; ii++)                    printf("%02X", message_digest->data[ii]);                printf(" sent/n");                for (ii = 0; ii < md_len; ii++)                    printf("%02X", md_dat[ii]);                printf(" calc/n");            }#endif            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE);            ret = -1;            goto err;        }        if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL))            goto err;        alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,                             ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));        if (alen <= 0) {            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB);            ret = -1;            goto err;        }        if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))            goto err;        OPENSSL_free(abuf);    }//.........这里部分代码省略.........

inti2d_PROXY_POLICY(PROXY_POLICY *a, unsigned char **out){	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PROXY_POLICY_it);}