自学教程：C++ DSA_free函数代码示例

voidkey_free(struct key *k){	if (k->type == KEY_RSA)		RSA_free((RSA *)k->data);	else if (k->type == KEY_DSA)		DSA_free((DSA *)k->data);	else if (k->data != NULL)		free(k->data);		free(k);}

/** dsa_init - this is called at startup.  Errors will return -1, and *  should be caught by the try() macro */int dsa_init(){	char *fn; 	ou_seed();	/* initialize the random seed, cannot fail */	dispatch = NULL;	probe = DSA_generate_parameters(DSA_KEYLEN, NULL, 0, NULL, NULL, NULL, 		NULL);	if(probe == NULL) 		return -1;	try(load_probekeys());	dispatch = DSA_generate_parameters(DSA_KEYLEN, NULL, 0, NULL, NULL, 		NULL, NULL);	if(dispatch == NULL)		return 0;	/* no big deal, yet */	fn = fm_abs(FM_KEY_DISPATCH_PUBLIC);	if(load_keys(fn, NULL, &dispatch) == -1) {		DSA_free(dispatch);		dispatch = NULL;	}	free(fn);		return 0;}/** dsa_close -  frees up memory used for key signing and verification, run * this at exit */void dsa_close(){	DSA_free(probe);	DSA_free(dispatch);}

// See https://tools.ietf.org/html/rfc4253: ... the "ssh-dss" key format has ...SEXP R_dsa_pubkey_build(SEXP p, SEXP q, SEXP g, SEXP y){  DSA *dsa = DSA_new();  MY_DSA_set0_pqg(dsa, new_bignum_from_r(p), new_bignum_from_r(q), new_bignum_from_r(g));  MY_DSA_set0_key(dsa, new_bignum_from_r(y), NULL);  unsigned char *buf = NULL;  int len = i2d_DSA_PUBKEY(dsa, &buf);  bail(len);  DSA_free(dsa);  SEXP res = allocVector(RAWSXP, len);  memcpy(RAW(res), buf, len);  OPENSSL_free(buf);  return res;}

/* Override the default free and new methods */static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it){	if(operation == ASN1_OP_NEW_PRE) {		*pval = (ASN1_VALUE *)DSA_new();		if(*pval) return 2;		return 0;	} else if(operation == ASN1_OP_FREE_PRE) {		DSA_free((DSA *)*pval);		*pval = NULL;		return 2;	}	return 1;}

static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa){  DSA *dtmp;  if(!key) return NULL;  dtmp = EVP_PKEY_get1_DSA(key);  EVP_PKEY_free(key);  if(!dtmp) return NULL;  if(dsa) {    DSA_free(*dsa);    *dsa = dtmp;  }  return dtmp;}

/* * Generate DSA algorithm parameters from optional seed input, returning result * into NSS_DSAAlgParamss.[pqg]. This is called from both GenerateParameters and from * KeyPairGenerate (if no GenerateParameters has yet been called).  */void DSAKeyPairGenContext::dsaGenParams(	uint32				keySizeInBits,	const void			*inSeed,		// optional	unsigned			inSeedLen,	NSS_DSAAlgParams 	&algParams,	SecNssCoder			&coder)			// contents of algParams mallocd from here{	unsigned char seedBuf[SHA1_DIGEST_SIZE];	void *seedPtr;		/* validate key size */	if((keySizeInBits < DSA_MIN_KEY_SIZE) || 	   (keySizeInBits > DSA_MAX_KEY_SIZE) ||	   (keySizeInBits & DSA_KEY_BITS_MASK)) {		CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH);	}		/* seed from one of three sources */	if(inSeed == NULL) {		/* 20 random seed bytes */		session().getRandomBytes(SHA1_DIGEST_SIZE, seedBuf);		seedPtr = seedBuf;	}	else if(inSeedLen == SHA1_DIGEST_SIZE) {		/* perfect */		seedPtr = (void *)inSeed;	}	else {		/* hash caller's seed */		cspGenSha1Hash(inSeed, inSeedLen, seedBuf);		seedPtr = seedBuf;	}	DSA *dsaKey = DSA_generate_parameters(keySizeInBits,		(unsigned char *)seedPtr,			SHA1_DIGEST_SIZE,		NULL,		// counter_ret		NULL,		// h_ret		NULL, 		NULL);	if(dsaKey == NULL) {		throwRsaDsa("DSA_generate_parameters");	}		/* stuff dsaKey->[pqg] into a caller's NSS_DSAAlgParams */	bnToCssmData(dsaKey->p, algParams.p, coder);	bnToCssmData(dsaKey->q, algParams.q, coder);	bnToCssmData(dsaKey->g, algParams.g, coder);		DSA_free(dsaKey);}

int main(){   DSA *key;   FILE *fp1, *fp2;   unsigned char digest[8] = "1234567";   int siglen;   unsigned char signature[1000];   int retcode;   key = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, NULL, NULL);   if (key == NULL)   {      printf("/nFailed to generate parameters/n");      exit(1);   }   fp1 = fopen("params.dat", "w");   DSAparams_print_fp(fp1, key);   fclose(fp1);   DSA_generate_key(key);   if (key == NULL)   {      printf("/nFailed to generate key/n");      exit(1);   }   fp2 = fopen("key.dat", "w");   DSA_print_fp(fp2, key, 0);   fclose(fp2);   retcode = DSA_sign(0, digest, 8, signature, &siglen, key);   if (retcode == 0)   {      printf("/n *** Error in signing ***/n/n");      exit(1);   }   printf("/n%s/n",signature);   retcode = DSA_verify(0, digest, 8, signature, siglen, key);   if (retcode == 1)      printf("/n *** Valid signature ***/n/n");   if (retcode == 0)      printf("/n *** Incorrect signature ***/n/n");   if (retcode == -1)      printf("/n *** Error in verifying ***/n/n");   DSA_free(key);   return 0;}

DSA *DSA_new_method(ENGINE *engine){    DSA *ret = OPENSSL_zalloc(sizeof(*ret));    if (ret == NULL) {        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);        return NULL;    }    ret->references = 1;    ret->lock = CRYPTO_THREAD_lock_new();    if (ret->lock == NULL) {        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);        OPENSSL_free(ret);        return NULL;    }    ret->meth = DSA_get_default_method();#ifndef OPENSSL_NO_ENGINE    ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */    if (engine) {        if (!ENGINE_init(engine)) {            DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);            goto err;        }        ret->engine = engine;    } else        ret->engine = ENGINE_get_default_DSA();    if (ret->engine) {        ret->meth = ENGINE_get_DSA(ret->engine);        if (ret->meth == NULL) {            DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);            goto err;        }    }#endif    ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data))        goto err;    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_INIT_FAIL);err:        DSA_free(ret);        ret = NULL;    }    return ret;}

static int dsa_test(void){    BN_GENCB *cb;    DSA *dsa = NULL;    int counter, ret = 0, i, j;    unsigned char buf[256];    unsigned long h;    unsigned char sig[256];    unsigned int siglen;    const BIGNUM *p = NULL, *q = NULL, *g = NULL;    if (!TEST_ptr(cb = BN_GENCB_new()))        goto end;    BN_GENCB_set(cb, dsa_cb, NULL);    if (!TEST_ptr(dsa = DSA_new())        || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20,                                                &counter, &h, cb)))        goto end;    if (!TEST_int_eq(counter, 105))        goto end;    if (!TEST_int_eq(h, 2))        goto end;    DSA_get0_pqg(dsa, &p, &q, &g);    i = BN_bn2bin(q, buf);    j = sizeof(out_q);    if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_q, i))        goto end;    i = BN_bn2bin(p, buf);    j = sizeof(out_p);    if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_p, i))        goto end;    i = BN_bn2bin(g, buf);    j = sizeof(out_g);    if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i))        goto end;    DSA_generate_key(dsa);    DSA_sign(0, str1, 20, sig, &siglen, dsa);    if (TEST_true(DSA_verify(0, str1, 20, sig, siglen, dsa)))        ret = 1; end:    DSA_free(dsa);    BN_GENCB_free(cb);    return ret;}

ops_boolean_t ops_dsa_verify(const unsigned char *hash,size_t hash_length,			     const ops_dsa_signature_t *sig,			     const ops_dsa_public_key_t *dsa)    {    DSA_SIG *osig;    DSA *odsa;    int ret;    osig=DSA_SIG_new();    osig->r=sig->r;    osig->s=sig->s;    odsa=DSA_new();    odsa->p=dsa->p;    odsa->q=dsa->q;    odsa->g=dsa->g;    odsa->pub_key=dsa->y;    if (debug)        {        fprintf(stderr,"hash passed in:/n");        unsigned i;        for (i=0; i<hash_length; i++)            {            fprintf(stderr,"%02x ", hash[i]);            }        fprintf(stderr,"/n");        }    //printf("hash_length=%ld/n", hash_length);    //printf("Q=%d/n", BN_num_bytes(odsa->q));    unsigned int qlen=BN_num_bytes(odsa->q);    if (qlen < hash_length)        hash_length=qlen;    //    ret=DSA_do_verify(hash,hash_length,osig,odsa);    ret=DSA_do_verify(hash,hash_length,osig,odsa);    if (debug)        {        fprintf(stderr,"ret=%d/n",ret);        }    assert(ret >= 0);    odsa->p=odsa->q=odsa->g=odsa->pub_key=NULL;    DSA_free(odsa);     osig->r=osig->s=NULL;    DSA_SIG_free(osig);    return ret != 0;    }

/** * @brief clean up the key and deallocate all existing keys * @param[in] key ssh_key to clean */void ssh_key_clean (ssh_key key){    if(key == NULL)        return;#ifdef HAVE_LIBGCRYPT    if(key->dsa) gcry_sexp_release(key->dsa);    if(key->rsa) gcry_sexp_release(key->rsa);#elif defined HAVE_LIBCRYPTO    if(key->dsa) DSA_free(key->dsa);    if(key->rsa) RSA_free(key->rsa);#endif    key->flags=SSH_KEY_FLAG_EMPTY;    key->type=SSH_KEYTYPE_UNKNOWN;    key->type_c=NULL;    key->dsa = NULL;    key->rsa = NULL;}

static int pkey_gost94_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey){    struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);    DSA *dsa = NULL;    if (data->sign_param_nid == NID_undef) {        GOSTerr(GOST_F_PKEY_GOST94_PARAMGEN, GOST_R_NO_PARAMETERS_SET);        return 0;    }    dsa = DSA_new();    if (!fill_GOST94_params(dsa, data->sign_param_nid)) {        DSA_free(dsa);        return 0;    }    EVP_PKEY_assign(pkey, NID_id_GostR3410_94, dsa);    return 1;}

DSA *DSA_parse_parameters(CBS *cbs) {  DSA *ret = DSA_new();  if (ret == NULL) {    return NULL;  }  CBS child;  if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||      !parse_integer(&child, &ret->p) ||      !parse_integer(&child, &ret->q) ||      !parse_integer(&child, &ret->g) ||      CBS_len(&child) != 0) {    OPENSSL_PUT_ERROR(DSA, DSA_R_DECODE_ERROR);    DSA_free(ret);    return NULL;  }  return ret;}

static DSA *get_fips_dsa(void) {  DSA *dsa = DSA_new();  if (!dsa) {    return NULL;  }  dsa->p = BN_bin2bn(fips_p, sizeof(fips_p), NULL);  dsa->q = BN_bin2bn(fips_q, sizeof(fips_q), NULL);  dsa->g = BN_bin2bn(fips_g, sizeof(fips_g), NULL);  dsa->pub_key = BN_bin2bn(fips_y, sizeof(fips_y), NULL);  dsa->priv_key = BN_bin2bn(fips_x, sizeof(fips_x), NULL);  if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL ||      dsa->pub_key == NULL || dsa->priv_key == NULL) {    DSA_free(dsa);    return NULL;  }  return dsa;}

DSA *d2i_DSAparams(DSA **out, const uint8_t **inp, long len) {  if (len < 0) {    return NULL;  }  CBS cbs;  CBS_init(&cbs, *inp, (size_t)len);  DSA *ret = DSA_parse_parameters(&cbs);  if (ret == NULL) {    return NULL;  }  if (out != NULL) {    DSA_free(*out);    *out = ret;  }  *inp = CBS_data(&cbs);  return ret;}

static void check_license_signature(license_raw *lptr){    unsigned char message_digest[SHA_DIGEST_LENGTH];    SHA_CTX sha_ctx;    DSA *dsa = DSA_new();    SHA1_Init(&sha_ctx);    SHA1_Update(&sha_ctx, lptr, sizeof(*lptr) - sizeof(lptr->dsa_signature));    SHA1_Final(message_digest, &sha_ctx);    dsa->p = BN_bin2bn(dsa_p, sizeof(dsa_p), NULL);    dsa->q = BN_bin2bn(dsa_q, sizeof(dsa_q), NULL);    dsa->g = BN_bin2bn(dsa_g, sizeof(dsa_g), NULL);    dsa->pub_key = BN_bin2bn(dsa_pub_key, sizeof(dsa_pub_key), NULL);  // calculate the right len of the signiture  DSA_SIG *temp_sig=DSA_SIG_new();  int siglen = -1;  const unsigned char *data =lptr->dsa_signature;   if (temp_sig == NULL || d2i_DSA_SIG(&temp_sig,&data,sizeof(lptr->dsa_signature)) == NULL){  	fprintf(stderr, "License signature verification failed: %s/n",	    ERR_error_string(ERR_get_error(), NULL));	  exit(EXIT_FAILURE);  }  unsigned char *tmp_buff= NULL;  siglen = i2d_DSA_SIG(temp_sig, &tmp_buff);  OPENSSL_cleanse(tmp_buff, siglen);	OPENSSL_free(tmp_buff);	DSA_SIG_free(temp_sig);    switch(DSA_verify(0, message_digest, sizeof(message_digest),        lptr->dsa_signature, siglen, dsa)) {    case 0:	fputs("License file is corrupted: invalid DSA signature./n", stderr);	exit(EXIT_FAILURE);    case 1:	break; /* valid signature */    default:	fprintf(stderr, "License signature verification failed: %s/n",	    ERR_error_string(ERR_get_error(), NULL));	exit(EXIT_FAILURE);    }    DSA_free(dsa);}

/* * DSA: generate keys and sign, verify input plaintext. */static int FIPS_dsa_test(int bad){    DSA *dsa = NULL;    EVP_PKEY pk;    unsigned char dgst[] = "etaonrishdlc";    unsigned char buf[60];    unsigned int slen;    int r = 0;    EVP_MD_CTX mctx;    ERR_clear_error();    EVP_MD_CTX_init(&mctx);    dsa = DSA_new();    if (!dsa)        goto end;    if (!DSA_generate_parameters_ex(dsa, 1024, NULL, 0, NULL, NULL, NULL))        goto end;    if (!DSA_generate_key(dsa))        goto end;    if (bad)        BN_add_word(dsa->pub_key, 1);    pk.type = EVP_PKEY_DSA;    pk.pkey.dsa = dsa;    if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))        goto end;    if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))        goto end;    if (!EVP_SignFinal(&mctx, buf, &slen, &pk))        goto end;    if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))        goto end;    if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))        goto end;    r = EVP_VerifyFinal(&mctx, buf, slen, &pk);end:    EVP_MD_CTX_cleanup(&mctx);    if (dsa)        DSA_free(dsa);    if (r != 1)        return 0;    return 1;}

static void pgpFreeKeyDSA(pgpDigAlg pgpkey){    struct pgpDigKeyDSA_s *key = pgpkey->data;    if (key) {        if (key->dsa_key) {            DSA_free(key->dsa_key);        } else {            /* If sig->dsa_key was constructed,             * the memory management of these BNs             * are freed with it. */            BN_clear_free(key->p);            BN_clear_free(key->q);            BN_clear_free(key->g);            BN_clear_free(key->y);        }        free(key);    }}

unsigned __ops_dsa_verify(const uint8_t *hash, size_t hash_length,	       const __ops_dsa_sig_t *sig,	       const __ops_dsa_pubkey_t *dsa){	unsigned	qlen;	DSA_SIG        *osig;	DSA            *odsa;	int             ret;	osig = DSA_SIG_new();	osig->r = sig->r;	osig->s = sig->s;	odsa = DSA_new();	odsa->p = dsa->p;	odsa->q = dsa->q;	odsa->g = dsa->g;	odsa->pub_key = dsa->y;	if (__ops_get_debug_level(__FILE__)) {		hexdump(stderr, "input hash", hash, hash_length);		(void) fprintf(stderr, "Q=%d/n", BN_num_bytes(odsa->q));	}	if ((qlen = (unsigned)BN_num_bytes(odsa->q)) < hash_length) {		hash_length = qlen;	}	ret = DSA_do_verify(hash, (int)hash_length, osig, odsa);	if (__ops_get_debug_level(__FILE__)) {		(void) fprintf(stderr, "ret=%d/n", ret);	}	if (ret < 0) {		(void) fprintf(stderr, "__ops_dsa_verify: DSA verification/n");		return 0;	}	odsa->p = odsa->q = odsa->g = odsa->pub_key = NULL;	DSA_free(odsa);	osig->r = osig->s = NULL;	DSA_SIG_free(osig);	return (unsigned)ret;}

DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp,	     long length){	EVP_PKEY *pkey;	DSA *key;	unsigned char *q;	q = *pp;	pkey = d2i_PUBKEY(NULL, &q, length);	if(!pkey) return NULL;	key = EVP_PKEY_get1_DSA(pkey);	EVP_PKEY_free(pkey);	if(!key) return NULL;	*pp = q;	if(a) {		DSA_free(*a);		*a = key;	}	return key;}

staticPKCS11H_BOOL__pkcs11h_openssl_session_setDSA(	IN const pkcs11h_openssl_session_t openssl_session,	IN EVP_PKEY * evp) {	PKCS11H_BOOL ret = FALSE;	DSA *dsa = NULL;	_PKCS11H_DEBUG (		PKCS11H_LOG_DEBUG2,		"PKCS#11: __pkcs11h_openssl_session_setDSA - entered openssl_session=%p, evp=%p",		(void *)openssl_session,		(void *)evp	);	if (		(dsa = EVP_PKEY_get1_DSA (evp)) == NULL	) {		_PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get DSA key");		goto cleanup;	}	DSA_set_method (dsa, __openssl_methods.dsa);	DSA_set_ex_data (dsa, __openssl_methods.dsa_index, openssl_session);	ret = TRUE;cleanup:	if (dsa != NULL) {		DSA_free (dsa);		dsa = NULL;	}	_PKCS11H_DEBUG (		PKCS11H_LOG_DEBUG2,		"PKCS#11: __pkcs11h_openssl_session_setDSA - return ret=%d",		ret	);	return ret;}

DSA_SIG* ops_dsa_sign(unsigned char* hashbuf, unsigned hashsize, const ops_dsa_secret_key_t *sdsa, const ops_dsa_public_key_t *dsa)    {    DSA *odsa;    DSA_SIG *dsasig;    odsa=DSA_new();    odsa->p=dsa->p;    odsa->q=dsa->q;    odsa->g=dsa->g;    odsa->pub_key=dsa->y;    odsa->priv_key=sdsa->x;    dsasig=DSA_do_sign(hashbuf,hashsize,odsa);    odsa->p=odsa->q=odsa->g=odsa->pub_key=odsa->priv_key=NULL;    DSA_free(odsa);    return dsasig;    }

int32_t CryptoNative_DsaGenerateKey(DSA** dsa, int32_t bits){    *dsa = DSA_new();    if (!dsa)    {        assert(false);        return 0;    }    if (!DSA_generate_parameters_ex(*dsa, bits, NULL, 0, NULL, NULL, NULL) ||        !DSA_generate_key(*dsa))    {        DSA_free(*dsa);        *dsa = NULL;        return 0;    }    return 1;}

DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,    int *counter_ret, unsigned long *h_ret, void (*callback)(int, int, void *),    void *cb_arg){	BN_GENCB cb;	DSA *ret;	if ((ret = DSA_new()) == NULL)		return NULL;	BN_GENCB_set_old(&cb, callback, cb_arg);	if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,	    counter_ret, h_ret, &cb))		return ret;	DSA_free(ret);	return NULL;}

//// キ
C++ DSA_generate_key函数代码示例
C++ DSA_SIG_new函数代码示例