自学教程：C++ ASN1err函数代码示例

X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,                              unsigned char *salt, int saltlen,                              unsigned char *aiv, int prf_nid){    X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;    int alg_nid, keylen;    EVP_CIPHER_CTX ctx;    unsigned char iv[EVP_MAX_IV_LENGTH];    PBE2PARAM *pbe2 = NULL;    ASN1_OBJECT *obj;    alg_nid = EVP_CIPHER_type(cipher);    if (alg_nid == NID_undef) {        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);        goto err;    }    obj = OBJ_nid2obj(alg_nid);    if (!(pbe2 = PBE2PARAM_new()))        goto merr;    /* Setup the AlgorithmIdentifier for the encryption scheme */    scheme = pbe2->encryption;    scheme->algorithm = obj;    if (!(scheme->parameter = ASN1_TYPE_new()))        goto merr;    /* Create random IV */    if (EVP_CIPHER_iv_length(cipher)) {        if (aiv)            sgx_memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));        else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)            goto err;    }    EVP_CIPHER_CTX_init(&ctx);    /* Dummy cipherinit to just setup the IV, and PRF */    if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))        goto err;    if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS);        EVP_CIPHER_CTX_cleanup(&ctx);        goto err;    }    /*     * If prf NID unspecified see if cipher has a preference. An error is OK     * here: just means use default PRF.     */    if ((prf_nid == -1) &&        EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {        ERR_clear_error();        prf_nid = NID_hmacWithSHA1;    }    EVP_CIPHER_CTX_cleanup(&ctx);    /* If its RC2 then we'd better setup the key length */    if (alg_nid == NID_rc2_cbc)        keylen = EVP_CIPHER_key_length(cipher);    else        keylen = -1;    /* Setup keyfunc */    X509_ALGOR_free(pbe2->keyfunc);    pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);    if (!pbe2->keyfunc)        goto merr;    /* Now set up top level AlgorithmIdentifier */    if (!(ret = X509_ALGOR_new()))        goto merr;    if (!(ret->parameter = ASN1_TYPE_new()))        goto merr;    ret->algorithm = OBJ_nid2obj(NID_pbes2);    /* Encode PBE2PARAM into parameter */    if (!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),                        &ret->parameter->value.sequence))         goto merr;    ret->parameter->type = V_ASN1_SEQUENCE;    PBE2PARAM_free(pbe2);    pbe2 = NULL;    return ret; merr:    ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE); err:    PBE2PARAM_free(pbe2);//.........这里部分代码省略.........

static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype){    ASN1_TYPE *atmp = NULL;    CONF_VALUE vtmp;    unsigned char *rdata;    long rdlen;    int no_unused = 1;    if (!(atmp = ASN1_TYPE_new())) {        ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);        return NULL;    }    if (!str)        str = "";    switch (utype) {    case V_ASN1_NULL:        if (str && *str) {            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);            goto bad_form;        }        break;    case V_ASN1_BOOLEAN:        if (format != ASN1_GEN_FORMAT_ASCII) {            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);            goto bad_form;        }        vtmp.name = NULL;        vtmp.section = NULL;        vtmp.value = (char *)str;        if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) {            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);            goto bad_str;        }        break;    case V_ASN1_INTEGER:    case V_ASN1_ENUMERATED:        if (format != ASN1_GEN_FORMAT_ASCII) {            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);            goto bad_form;        }        if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) {            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);            goto bad_str;        }        break;    case V_ASN1_OBJECT:        if (format != ASN1_GEN_FORMAT_ASCII) {            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);            goto bad_form;        }        if (!(atmp->value.object = OBJ_txt2obj(str, 0))) {            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);            goto bad_str;        }        break;    case V_ASN1_UTCTIME:    case V_ASN1_GENERALIZEDTIME:        if (format != ASN1_GEN_FORMAT_ASCII) {            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);            goto bad_form;        }        if (!(atmp->value.asn1_string = ASN1_STRING_new())) {            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);            goto bad_str;        }        if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);            goto bad_str;        }        atmp->value.asn1_string->type = utype;        if (!ASN1_TIME_check(atmp->value.asn1_string)) {            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);            goto bad_str;        }        break;    case V_ASN1_BMPSTRING:    case V_ASN1_PRINTABLESTRING:    case V_ASN1_IA5STRING:    case V_ASN1_T61STRING:    case V_ASN1_UTF8STRING:    case V_ASN1_VISIBLESTRING:    case V_ASN1_UNIVERSALSTRING:    case V_ASN1_GENERALSTRING:    case V_ASN1_NUMERICSTRING:        if (format == ASN1_GEN_FORMAT_ASCII)            format = MBSTRING_ASC;        else if (format == ASN1_GEN_FORMAT_UTF8)//.........这里部分代码省略.........

int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size){    int ret = 0;    int i, j, k, m, n, again, bufsize;    unsigned char *s = NULL, *sp;    unsigned char *bufp;    int num = 0, slen = 0, first = 1;    bufsize = BIO_gets(bp, buf, size);    for (;;) {        if (bufsize < 1) {            if (first)                break;            else                goto err_sl;        }        first = 0;        i = bufsize;        if (buf[i - 1] == '/n')            buf[--i] = '/0';        if (i == 0)            goto err_sl;        if (buf[i - 1] == '/r')            buf[--i] = '/0';        if (i == 0)            goto err_sl;        again = (buf[i - 1] == '//');        for (j = i - 1; j > 0; j--) {#ifndef CHARSET_EBCDIC            if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||                  ((buf[j] >= 'A') && (buf[j] <= 'F'))))#else            /*             * This #ifdef is not strictly necessary, since the characters             * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but             * not the whole alphabet). Nevertheless, isxdigit() is faster.             */            if (!isxdigit(buf[j]))#endif            {                i = j;                break;            }        }        buf[i] = '/0';        /*         * We have now cleared all the crap off the end of the line         */        if (i < 2)            goto err_sl;        bufp = (unsigned char *)buf;        k = 0;        i -= again;        if (i % 2 != 0) {            ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS);            goto err;        }        i /= 2;        if (num + i > slen) {            if (s == NULL)                sp = (unsigned char *)OPENSSL_malloc((unsigned int)num +                                                     i * 2);            else                sp = (unsigned char *)OPENSSL_realloc(s,                                                      (unsigned int)num +                                                      i * 2);            if (sp == NULL) {                ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE);                goto err;            }            s = sp;            slen = num + i * 2;        }        for (j = 0; j < i; j++, k += 2) {            for (n = 0; n < 2; n++) {                m = bufp[k + n];                if ((m >= '0') && (m <= '9'))                    m -= '0';                else if ((m >= 'a') && (m <= 'f'))                    m = m - 'a' + 10;                else if ((m >= 'A') && (m <= 'F'))                    m = m - 'A' + 10;                else {                    ASN1err(ASN1_F_A2I_ASN1_STRING,                            ASN1_R_NON_HEX_CHARACTERS);                    goto err;                }                s[num + j] <<= 4;                s[num + j] |= m;            }        }        num += i;        if (again)            bufsize = BIO_gets(bp, buf, size);        else//.........这里部分代码省略.........

X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,				 unsigned char *salt, int saltlen){	X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;	int alg_nid;	EVP_CIPHER_CTX ctx;	unsigned char iv[EVP_MAX_IV_LENGTH];	PBKDF2PARAM *kdf = NULL;	PBE2PARAM *pbe2 = NULL;	ASN1_OCTET_STRING *osalt = NULL;	ASN1_OBJECT *obj;	alg_nid = EVP_CIPHER_type(cipher);	if(alg_nid == NID_undef) {		ASN1err(ASN1_F_PKCS5_PBE2_SET,				ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);		goto err;	}	obj = OBJ_nid2obj(alg_nid);	if(!(pbe2 = PBE2PARAM_new())) goto merr;	/* Setup the AlgorithmIdentifier for the encryption scheme */	scheme = pbe2->encryption;	scheme->algorithm = obj;	if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;	/* Create random IV */	if (EVP_CIPHER_iv_length(cipher) &&		RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)  		goto err;	EVP_CIPHER_CTX_init(&ctx);	/* Dummy cipherinit to just setup the IV */	EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);	if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {		ASN1err(ASN1_F_PKCS5_PBE2_SET,					ASN1_R_ERROR_SETTING_CIPHER_PARAMS);		EVP_CIPHER_CTX_cleanup(&ctx);		goto err;	}	EVP_CIPHER_CTX_cleanup(&ctx);	if(!(kdf = PBKDF2PARAM_new())) goto merr;	if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr;	if (!saltlen) saltlen = PKCS5_SALT_LEN;	if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr;	osalt->length = saltlen;	if (salt) memcpy (osalt->data, salt, saltlen);	else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr;	if(iter <= 0) iter = PKCS5_DEFAULT_ITER;	if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;	/* Now include salt in kdf structure */	kdf->salt->value.octet_string = osalt;	kdf->salt->type = V_ASN1_OCTET_STRING;	osalt = NULL;	/* If its RC2 then we'd better setup the key length */	if(alg_nid == NID_rc2_cbc) {		if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr;		if(!ASN1_INTEGER_set (kdf->keylength,				 EVP_CIPHER_key_length(cipher))) goto merr;	}	/* prf can stay NULL because we are using hmacWithSHA1 */	/* Now setup the PBE2PARAM keyfunc structure */	pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);	/* Encode PBKDF2PARAM into parameter of pbe2 */	if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;	if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM,			 &pbe2->keyfunc->parameter->value.sequence)) goto merr;	pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;	PBKDF2PARAM_free(kdf);	kdf = NULL;	/* Now set up top level AlgorithmIdentifier */	if(!(ret = X509_ALGOR_new())) goto merr;	if(!(ret->parameter = ASN1_TYPE_new())) goto merr;	ret->algorithm = OBJ_nid2obj(NID_pbes2);	/* Encode PBE2PARAM into parameter */	if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM,				 &ret->parameter->value.sequence)) goto merr;	ret->parameter->type = V_ASN1_SEQUENCE;//.........这里部分代码省略.........

int ASN1_item_sign_ctx(const ASN1_ITEM *it,                       X509_ALGOR *algor1, X509_ALGOR *algor2,                       ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx){    const EVP_MD *type;    EVP_PKEY *pkey;    unsigned char *buf_in = NULL, *buf_out = NULL;    size_t inl = 0, outl = 0, outll = 0;    int signid, paramtype;    int rv;    type = EVP_MD_CTX_md(ctx);    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));    if (type == NULL || pkey == NULL) {        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);        goto err;    }    if (pkey->ameth == NULL) {        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);        goto err;    }    if (pkey->ameth->item_sign) {        rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature);        if (rv == 1)            outl = signature->length;        /*-         * Return value meanings:         * <=0: error.         *   1: method does everything.         *   2: carry on as normal.         *   3: ASN1 method sets algorithm identifiers: just sign.         */        if (rv <= 0)            ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);        if (rv <= 1)            goto err;    } else        rv = 2;    if (rv == 2) {        if (!OBJ_find_sigid_by_algs(&signid,                                    EVP_MD_nid(type),                                    pkey->ameth->pkey_id)) {            ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,                    ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);            goto err;        }        if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)            paramtype = V_ASN1_NULL;        else            paramtype = V_ASN1_UNDEF;        if (algor1)            X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);        if (algor2)            X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);    }    inl = ASN1_item_i2d(asn, &buf_in, it);    outll = outl = EVP_PKEY_size(pkey);    buf_out = OPENSSL_malloc((unsigned int)outl);    if ((buf_in == NULL) || (buf_out == NULL)) {        outl = 0;        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE);        goto err;    }    if (!EVP_DigestSignUpdate(ctx, buf_in, inl)        || !EVP_DigestSignFinal(ctx, buf_out, &outl)) {        outl = 0;        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);        goto err;    }    OPENSSL_free(signature->data);    signature->data = buf_out;    buf_out = NULL;    signature->length = outl;    /*     * In the interests of compatibility, I'll make sure that the bit string     * has a 'not-used bits' value of 0     */    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err:    EVP_MD_CTX_free(ctx);    OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);    OPENSSL_clear_free((char *)buf_out, outll);    return (outl);}

int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)	{	int ret=0;	int i,j,k,m,n,again,bufsize;	unsigned char *s=NULL,*sp;	unsigned char *bufp;	int num=0,slen=0,first=1;	bs->type=V_ASN1_ENUMERATED;	bufsize=BIO_gets(bp,buf,size);	for (;;)		{		if (bufsize < 1) goto err_sl;		i=bufsize;		if (buf[i-1] == '/n') buf[--i]='/0';		if (i == 0) goto err_sl;		if (buf[i-1] == '/r') buf[--i]='/0';		if (i == 0) goto err_sl;		again=(buf[i-1] == '//');		for (j=0; j<i; j++)			{			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||				((buf[j] >= 'a') && (buf[j] <= 'f')) ||				((buf[j] >= 'A') && (buf[j] <= 'F'))))				{				i=j;				break;				}			}		buf[i]='/0';		/* We have now cleared all the crap off the end of the		 * line */		if (i < 2) goto err_sl;		bufp=(unsigned char *)buf;		if (first)			{			first=0;			if ((bufp[0] == '0') && (buf[1] == '0'))				{				bufp+=2;				i-=2;				}			}		k=0;		i-=again;		if (i%2 != 0)			{			ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_ODD_NUMBER_OF_CHARS);			goto err;			}		i/=2;		if (num+i > slen)			{			if (s == NULL)				sp=(unsigned char *)OPENSSL_malloc(					(unsigned int)num+i*2);			else				sp=(unsigned char *)OPENSSL_realloc(s,					(unsigned int)num+i*2);			if (sp == NULL)				{				ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);				if (s != NULL) OPENSSL_free(s);				goto err;				}			s=sp;			slen=num+i*2;			}		for (j=0; j<i; j++,k+=2)			{			for (n=0; n<2; n++)				{				m=bufp[k+n];				if ((m >= '0') && (m <= '9'))					m-='0';				else if ((m >= 'a') && (m <= 'f'))					m=m-'a'+10;				else if ((m >= 'A') && (m <= 'F'))					m=m-'A'+10;				else					{					ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_NON_HEX_CHARACTERS);					goto err;					}				s[num+j]<<=4;				s[num+j]|=m;				}			}		num+=i;		if (again)			bufsize=BIO_gets(bp,buf,size);		else			break;		}	bs->length=num;	bs->data=s;	ret=1;//.........这里部分代码省略.........

/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of * ASN1 integers: some broken software can encode a positive INTEGER * with its MSB set as negative (it doesn't add a padding zero). */ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,	     long length)	{	ASN1_INTEGER *ret=NULL;	const unsigned char *p;	unsigned char *s;	long len;	int inf,tag,xclass;	int i;	if ((a == NULL) || ((*a) == NULL))		{		if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);		ret->type=V_ASN1_INTEGER;		}	else		ret=(*a);	p= *pp;	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);	if (inf & 0x80)		{		i=ASN1_R_BAD_OBJECT_HEADER;		goto err;		}	if (tag != V_ASN1_INTEGER)		{		i=ASN1_R_EXPECTING_AN_INTEGER;		goto err;		}	/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it	 * signifies a missing NULL parameter. */	s=(unsigned char *)OPENSSL_malloc((int)len+1);	if (s == NULL)		{		i=ERR_R_MALLOC_FAILURE;		goto err;		}	ret->type=V_ASN1_INTEGER;	if(len) {		if ((*p == 0) && (len != 1))			{			p++;			len--;			}		op_memcpy(s,p,(int)len);		p+=len;	}	if (ret->data != NULL) OPENSSL_free(ret->data);	ret->data=s;	ret->length=(int)len;	if (a != NULL) (*a)=ret;	*pp=p;	return(ret);err:	ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i);	if ((ret != NULL) && ((a == NULL) || (*a != ret)))		M_ASN1_INTEGER_free(ret);	return(NULL);	}

X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,				 unsigned char *salt, int saltlen,				 unsigned char *aiv, int prf_nid){	X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;	int alg_nid;	EVP_CIPHER_CTX ctx;	unsigned char iv[EVP_MAX_IV_LENGTH];	PBKDF2PARAM *kdf = NULL;	PBE2PARAM *pbe2 = NULL;	ASN1_OCTET_STRING *osalt = NULL;	ASN1_OBJECT *obj;	alg_nid = EVP_CIPHER_type(cipher);	if(alg_nid == NID_undef) {		ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,				ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);		goto err;	}	obj = OBJ_nid2obj(alg_nid);	if(!(pbe2 = PBE2PARAM_new())) goto merr;	/* Setup the AlgorithmIdentifier for the encryption scheme */	scheme = pbe2->encryption;	scheme->algorithm = obj;	if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;	/* Create random IV */	if (EVP_CIPHER_iv_length(cipher))		{		if (aiv)			TINYCLR_SSL_MEMCPY(iv, aiv, EVP_CIPHER_iv_length(cipher));		else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)  			goto err;		}	EVP_CIPHER_CTX_init(&ctx);	/* Dummy cipherinit to just setup the IV, and PRF */	EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);	if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {		ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,					ASN1_R_ERROR_SETTING_CIPHER_PARAMS);		EVP_CIPHER_CTX_cleanup(&ctx);		goto err;	}	/* If prf NID unspecified see if cipher has a preference.	 * An error is OK here: just means use default PRF.	 */	if ((prf_nid == -1) && 	EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0)		{		ERR_clear_error();		prf_nid = NID_hmacWithSHA1;		}	EVP_CIPHER_CTX_cleanup(&ctx);	if(!(kdf = PBKDF2PARAM_new())) goto merr;	if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr;	if (!saltlen) saltlen = PKCS5_SALT_LEN;	if (!(osalt->data = (unsigned char*)OPENSSL_malloc (saltlen))) goto merr; //MS: cast to unsigned char*	osalt->length = saltlen;	if (salt) TINYCLR_SSL_MEMCPY (osalt->data, salt, saltlen);	else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr;	if(iter <= 0) iter = PKCS5_DEFAULT_ITER;	if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;	/* Now include salt in kdf structure */	kdf->salt->value.octet_string = osalt;	kdf->salt->type = V_ASN1_OCTET_STRING;	osalt = NULL;	/* If its RC2 then we'd better setup the key length */	if(alg_nid == NID_rc2_cbc) {		if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr;		if(!ASN1_INTEGER_set (kdf->keylength,				 EVP_CIPHER_key_length(cipher))) goto merr;	}	/* prf can stay NULL if we are using hmacWithSHA1 */	if (prf_nid != NID_hmacWithSHA1)		{		kdf->prf = X509_ALGOR_new();		if (!kdf->prf)			goto merr;		X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),					V_ASN1_NULL, NULL);		}	/* Now setup the PBE2PARAM keyfunc structure */	pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);	/* Encode PBKDF2PARAM into parameter of pbe2 *///.........这里部分代码省略.........

int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)	{	int i,first,len=0,c, use_bn;	char ftmp[24], *tmp = ftmp;	int tmpsize = sizeof ftmp;	const char *p;	unsigned long l;	BIGNUM *bl = NULL;	if (num == 0)		return(0);	else if (num == -1)		num=strlen(buf);	p=buf;	c= *(p++);	num--;	if ((c >= '0') && (c <= '2'))		{		first= c-'0';		}	else		{		ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE);		goto err;		}	if (num <= 0)		{		ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER);		goto err;		}	c= *(p++);	num--;	for (;;)		{		if (num <= 0) break;		if ((c != '.') && (c != ' '))			{			ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR);			goto err;			}		l=0;		use_bn = 0;		for (;;)			{			if (num <= 0) break;			num--;			c= *(p++);			if ((c == ' ') || (c == '.'))				break;			if ((c < '0') || (c > '9'))				{				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);				goto err;				}			if (!use_bn && l > (ULONG_MAX / 10L))				{				use_bn = 1;				if (!bl)					bl = BN_new();				if (!bl || !BN_set_word(bl, l))					goto err;				}			if (use_bn)				{				if (!BN_mul_word(bl, 10L)					|| !BN_add_word(bl, c-'0'))					goto err;				}			else				l=l*10L+(long)(c-'0');			}		if (len == 0)			{			if ((first < 2) && (l >= 40))				{				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE);				goto err;				}			if (use_bn)				{				if (!BN_add_word(bl, first * 40))					goto err;				}			else				l+=(long)first*40;			}		i=0;		if (use_bn)			{			int blsize;			blsize = BN_num_bits(bl);			blsize = (blsize + 6)/7;			if (blsize > tmpsize)				{				if (tmp != ftmp)					OPENSSL_free(tmp);				tmpsize = blsize + 32;				tmp = OPENSSL_malloc(tmpsize);//.........这里部分代码省略.........

/* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)    */int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,		 int ex_class, int is_set)	{	int ret=0,r;	int i;	unsigned char *p;        unsigned char *pStart, *pTempMem;        MYBLOB *rgSetBlob;        int totSize;	if (a == NULL) return(0);	for (i=sk_num(a)-1; i>=0; i--)		ret+=i2d(sk_value(a,i),NULL);	r=ASN1_object_size(1,ret,ex_tag);	if (pp == NULL) return(r);	p= *pp;	ASN1_put_object(&p,1,ret,ex_tag,ex_class);/* Modified by [email
C++ ASN_DEBUG函数代码示例
C++ ASN1_object_size函数代码示例