自学教程：C++ BN_bn2bin函数代码示例

int receive_and_decrypt(byte * msg){	int length = readFromPipe(inputChannel , msg); 	if(length < 0)	{		fprintf(stderr , " **** error reading message **** /n/n");		return -1;	}		if(strncmp(msg , ClientCloseConnection , length) == 0 && length == strlen(ClientCloseConnection))		return length;		if(encType == PLAIN)		return length;	if(encType == RSA64){		BIGNUM *message = BN_new();			message = BN_bin2bn((const unsigned char *) msg, RSA64_BYTE_LENGTH , NULL);				printf("%s/n", BN_bn2hex(message));				rsaEXP(message , &server64Rsa);	//Decrypt with private keyExchange				BN_bn2bin(message , msg);		BN_free(message);				return length;			}		if(encType == RSA512){		BIGNUM *message = BN_new();			message = BN_bin2bn((const unsigned char *) msg, RSA512_BYTE_LENGTH , NULL);				printf("%s/n", BN_bn2hex(message));				rsaEXP(message , &server512Rsa);	//Decrypt with private keyExchange		BN_bn2bin(message , msg);		BN_free(message);				return length;			}		if(encType == Cipher_ALL5){		BIGNUM *tm = BN_new();			tm = BN_bin2bn((const unsigned char *) msg, length , NULL);		printf("ALL5 : %s/n", BN_bn2hex(tm));		byte message[length - HASH_BYTE_LENGTH];			byte hash[HASH_BYTE_LENGTH];		int recv_length = length;				if(cipherSpec.hash_function == hash_spongeBunny)		{		recv_length -= HASH_BYTE_LENGTH;			memmove(hash , msg + (sizeof(byte) * recv_length) , sizeof(byte) * HASH_BYTE_LENGTH);	//copy the hash		memcpy(message , msg , sizeof(byte) * recv_length);	//copy the cihpertext								ALL5_decrypt(&cipherStruct.all5, message, message, recv_length);	//decrypt				byte rec_hash[HASH_BYTE_LENGTH];		spongeBunnyComputeHash(message , rec_hash , recv_length);	//compute the hash of the plaintext				if(memcmp(rec_hash, hash, sizeof(byte) * HASH_BYTE_LENGTH) != 0)		{			recv_length = 0;			fprintf(stderr , "Wrong HASH !!!!!!! /n");		}				tm = BN_bin2bn((const unsigned char *) hash, HASH_BYTE_LENGTH , NULL);		printf("HASH : %s/n", BN_bn2hex(tm));		memcpy(msg , message , sizeof(byte) * recv_length);							}	//no hash function		else			ALL5_decrypt(&cipherStruct.all5, msg, msg, recv_length);	//decrypt					BN_free(tm);				return recv_length;	}		if(encType == Cipher_MAJ5){		BIGNUM *tm = BN_new();			tm = BN_bin2bn((const unsigned char *) msg, length , NULL);		printf("MAJ5 : %s/n", BN_bn2hex(tm));				int recv_length = length;				if(cipherSpec.hash_function == hash_spongeBunny)				{		byte message[length - HASH_BYTE_LENGTH];			byte hash[HASH_BYTE_LENGTH];				recv_length -= HASH_BYTE_LENGTH;			memmove(hash , msg + (sizeof(byte) * recv_length) , sizeof(byte) * HASH_BYTE_LENGTH);	//copy the hash		memcpy(message , msg , sizeof(byte) * recv_length);	//copy the cihpertext						//.........这里部分代码省略.........

void tgl_do_send_create_encr_chat (struct tgl_state *TLS, void *x, unsigned char *random, void (*callback)(struct tgl_state *TLS, void *callback_extra, int success, struct tgl_secret_chat *E), void *callback_extra) {  int user_id = (long)x;  int i;  unsigned char random_here[256];  tglt_secure_random (random_here, 256);  for (i = 0; i < 256; i++) {    random[i] ^= random_here[i];  }  BIGNUM *a = BN_bin2bn (random, 256, 0);  ensure_ptr (a);  BIGNUM *p = BN_bin2bn (TLS->encr_prime, 256, 0);   ensure_ptr (p);   BIGNUM *g = BN_new ();  ensure_ptr (g);  ensure (BN_set_word (g, TLS->encr_root));  BIGNUM *r = BN_new ();  ensure_ptr (r);  ensure (BN_mod_exp (r, g, a, p, TLS->BN_ctx));  BN_clear_free (a);  static char g_a[256];  memset (g_a, 0, 256);  BN_bn2bin (r, (void *)(g_a + (256 - BN_num_bytes (r))));    int t = lrand48 ();  while (tgl_peer_get (TLS, TGL_MK_ENCR_CHAT (t))) {    t = lrand48 ();  }  //bl_do_encr_chat_init (TLS, t, user_id, (void *)random, (void *)g_a);    int state = sc_waiting;  bl_do_encr_chat_new (TLS, t, NULL, NULL, &TLS->our_id, &user_id, random, NULL, NULL, &state, NULL, NULL, NULL, NULL, NULL, NULL, TGLPF_CREATE | TGLPF_CREATED);    tgl_peer_t *_E = tgl_peer_get (TLS, TGL_MK_ENCR_CHAT (t));  assert (_E);  struct tgl_secret_chat *E = &_E->encr_chat;    clear_packet ();  out_int (CODE_messages_request_encryption);  tgl_peer_t *U = tgl_peer_get (TLS, TGL_MK_USER (E->user_id));  assert (U);  if (U && U->user.access_hash) {    out_int (CODE_input_user_foreign);    out_int (E->user_id);    out_long (U->user.access_hash);  } else {    out_int (CODE_input_user_contact);    out_int (E->user_id);  }  out_int (tgl_get_peer_id (E->id));  out_cstring (g_a, 256);  //write_secret_chat_file ();    BN_clear_free (g);  BN_clear_free (p);  BN_clear_free (r);  tglq_send_query (TLS, TLS->DC_working, packet_ptr - packet_buffer, packet_buffer, &send_encr_request_methods, E, callback, callback_extra);}

static int RSA_eay_public_encrypt(int flen, const unsigned char *from,	     unsigned char *to, RSA *rsa, int padding)	{	BIGNUM *f,*ret;	int i,j,k,num=0,r= -1;	unsigned char *buf=NULL;	BN_CTX *ctx=NULL;	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)		{		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);		return -1;		}	if (BN_ucmp(rsa->n, rsa->e) <= 0)		{		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);		return -1;		}	/* for large moduli, enforce exponent limit */	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)		{		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)			{			RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);			return -1;			}		}		if ((ctx=BN_CTX_new()) == NULL) goto err;	BN_CTX_start(ctx);	f = BN_CTX_get(ctx);	ret = BN_CTX_get(ctx);	num=BN_num_bytes(rsa->n);	buf = OPENSSL_malloc(num);	if (!f || !ret || !buf)		{		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);		goto err;		}	switch (padding)		{	case RSA_PKCS1_PADDING:		i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);		break;#ifndef OPENSSL_NO_SHA	case RSA_PKCS1_OAEP_PADDING:	        i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);		break;#endif	case RSA_SSLV23_PADDING:		i=RSA_padding_add_SSLv23(buf,num,from,flen);		break;	case RSA_NO_PADDING:		i=RSA_padding_add_none(buf,num,from,flen);		break;	default:		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);		goto err;		}	if (i <= 0) goto err;	if (BN_bin2bn(buf,num,f) == NULL) goto err;		if (BN_ucmp(f, rsa->n) >= 0)		{		/* usually the padding functions would catch this */		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);		goto err;		}	if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)		if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))			goto err;	if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,		rsa->_method_mod_n)) goto err;	/* put in leading 0 bytes if the number is less than the	 * length of the modulus */	j=BN_num_bytes(ret);	i=BN_bn2bin(ret,&(to[num-j]));	for (k=0; k<(num-i); k++)		to[k]=0;	r=num;err:	if (ctx != NULL)		{		BN_CTX_end(ctx);		BN_CTX_free(ctx);		}	if (buf != NULL) 		{		OPENSSL_cleanse(buf,num);		OPENSSL_free(buf);		}	return(r);//.........这里部分代码省略.........

intssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,    const u_char *data, u_int datalen){	DSA_SIG *sig;	const EVP_MD *evp_md = EVP_sha1();	EVP_MD_CTX md;	u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];	u_int rlen, slen, len, dlen;	Buffer b;	if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA &&	    key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) {		error("ssh_dss_sign: no DSA key");		return -1;	}	EVP_DigestInit(&md, evp_md);	EVP_DigestUpdate(&md, data, datalen);	EVP_DigestFinal(&md, digest, &dlen);	sig = DSA_do_sign(digest, dlen, key->dsa);	memset(digest, 'd', sizeof(digest));	if (sig == NULL) {		error("ssh_dss_sign: sign failed");		return -1;	}	rlen = BN_num_bytes(sig->r);	slen = BN_num_bytes(sig->s);	if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {		error("bad sig size %u %u", rlen, slen);		DSA_SIG_free(sig);		return -1;	}	memset(sigblob, 0, SIGBLOB_LEN);	BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);	BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);	DSA_SIG_free(sig);	if (datafellows & SSH_BUG_SIGBLOB) {		if (lenp != NULL)			*lenp = SIGBLOB_LEN;		if (sigp != NULL) {			*sigp = xmalloc(SIGBLOB_LEN);			memcpy(*sigp, sigblob, SIGBLOB_LEN);		}	} else {		/* ietf-drafts */		buffer_init(&b);		buffer_put_cstring(&b, "ssh-dss");		buffer_put_string(&b, sigblob, SIGBLOB_LEN);		len = buffer_len(&b);		if (lenp != NULL)			*lenp = len;		if (sigp != NULL) {			*sigp = xmalloc(len);			memcpy(*sigp, buffer_ptr(&b), len);		}		buffer_free(&b);	}	return 0;}

SESSION *session_init_client (void){	SESSION *session;	if ((session = (SESSION *) calloc (1, sizeof (SESSION))) == NULL)		return NULL;	session->client_OS = 0x00;	/* 0x00 == Windows, 0x01 == Mac OS X */	memcpy(session->client_id, "/x01/x04/x01/x01", 4);	session->client_revision = 99999;		/*	 * Client and server generate 16 random bytes each.	 */	RAND_bytes (session->client_random_16, 16);	if ((session->rsa =	     RSA_generate_key (1024, 65537, NULL, NULL)) == NULL) {		DSFYDEBUG ("RSA key generation failed with error %lu/n",			   ERR_get_error ());	}	assert (session->rsa != NULL);	/*	 * Create a private and public key.	 * This, along with key signing, is used to securely	 * agree on a session key for the Shannon stream cipher.	 *	 */	session->dh = DH_new ();	session->dh->p = BN_bin2bn (DH_prime, 96, NULL);	session->dh->g = BN_bin2bn (DH_generator, 1, NULL);	assert (DH_generate_key (session->dh) == 1);	BN_bn2bin (session->dh->priv_key, session->my_priv_key);	BN_bn2bin (session->dh->pub_key, session->my_pub_key);	/*	 * Found in Storage.dat (cache) at offset 16.	 * Automatically generated, but we're lazy.	 *	 */	memcpy (session->cache_hash,		"/xf4/xc2/xaa/x05/xe8/x25/xa7/xb5/xe4/xe6/x59/x0f/x3d/xd0/xbe/x0a/xef/x20/x51/x95",		20);	session->cache_hash[0] = (unsigned char) getpid ();	session->ap_sock = -1;	session->username[0] = 0;	session->server_host[0] = 0;	session->server_port = 0;	session->key_recv_IV = 0;	session->key_send_IV = 0;	session->user_info.username[0] = 0;	session->user_info.country[0] = 0;	session->user_info.server_host[0] = 0;	session->user_info.server_port = 0;	return session;}

BigNumber *cop_convert_bignum(BIGNUM * bn){	BigNumber *r = cop_bn_new_sz((size_t) BN_num_bytes(bn));	BN_bn2bin(bn, r->number);	return r;}

//.........这里部分代码省略.........	if (text)		{		DHparams_print(out,dh);		}		if (check)		{		if (!DH_check(dh,&i))			{			ERR_print_errors(bio_err);			goto end;			}		if (i & DH_CHECK_P_NOT_PRIME)			printf("p value is not prime/n");		if (i & DH_CHECK_P_NOT_SAFE_PRIME)			printf("p value is not a safe prime/n");		if (i & DH_UNABLE_TO_CHECK_GENERATOR)			printf("unable to check the generator value/n");		if (i & DH_NOT_SUITABLE_GENERATOR)			printf("the g value is not a generator/n");		if (i == 0)			printf("DH parameters appear to be ok./n");		}	if (C)		{		unsigned char *data;		int len,l,bits;		len=BN_num_bytes(dh->p);		bits=BN_num_bits(dh->p);		data=(unsigned char *)OPENSSL_malloc(len);		if (data == NULL)			{			perror("OPENSSL_malloc");			goto end;			}		printf("#ifndef HEADER_DH_H/n"		       "#include <openssl/dh.h>/n"		       "#endif/n");		printf("DH *get_dh%d()/n/t{/n",bits);		l=BN_bn2bin(dh->p,data);		printf("/tstatic unsigned char dh%d_p[]={",bits);		for (i=0; i<l; i++)			{			if ((i%12) == 0) printf("/n/t/t");			printf("0x%02X,",data[i]);			}		printf("/n/t/t};/n");		l=BN_bn2bin(dh->g,data);		printf("/tstatic unsigned char dh%d_g[]={",bits);		for (i=0; i<l; i++)			{			if ((i%12) == 0) printf("/n/t/t");			printf("0x%02X,",data[i]);			}		printf("/n/t/t};/n");		printf("/tDH *dh;/n/n");		printf("/tif ((dh=DH_new()) == NULL) return(NULL);/n");		printf("/tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);/n",			bits,bits);		printf("/tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);/n",			bits,bits);		printf("/tif ((dh->p == NULL) || (dh->g == NULL))/n");		printf("/t/t{ DH_free(dh); return(NULL); }/n");		if (dh->length)			printf("/tdh->length = %ld;/n", dh->length);		printf("/treturn(dh);/n/t}/n");		OPENSSL_free(data);		}	if (!noout)		{		if 	(outformat == FORMAT_ASN1)			i=i2d_DHparams_bio(out,dh);		else if (outformat == FORMAT_PEM)			i=PEM_write_bio_DHparams(out,dh);		else	{			BIO_printf(bio_err,"bad output format specified for outfile/n");			goto end;			}		if (!i)			{			BIO_printf(bio_err,"unable to write DH parameters/n");			ERR_print_errors(bio_err);			goto end;			}		}	ret=0;end:	if (in != NULL) BIO_free(in);	if (out != NULL) BIO_free_all(out);	if (dh != NULL) DH_free(dh);	apps_shutdown();	OPENSSL_EXIT(ret);	}

int main2(){    // Seed RNG    // Generate Key Pair    ERR_load_crypto_strings();    char error[400];    int modulus_length = 2048; // bits    unsigned long e = 65537;    const char* e_hex = "100001";    RSA *rsa = NULL;    rsa = RSA_generate_key(modulus_length, e, NULL /*keygen_progress*/, NULL);    if (rsa == NULL)    {        ERR_error_string(ERR_get_error(), error);        printf("Failed to generate RSA key pair.OpenSSL error:/n %s/n", error);        return -1;    }    unsigned char *n_hex = (unsigned char*)calloc(1, 2*2048/8);    unsigned char *d_hex = (unsigned char*)calloc(1, 2*2048/8);    unsigned char *p_hex = (unsigned char*)calloc(1, 2*2048/8);    unsigned char *q_hex = (unsigned char*)calloc(1, 2*2048/8);    if (!(  n_hex = (unsigned char*) BN_bn2hex((const BIGNUM*)rsa->n)  ))    {        printf("Modulo parsing error/n");        return -1;    }    if (!(  d_hex = (unsigned char*) BN_bn2hex((const BIGNUM*)rsa->d)  ))    {        printf("Private exponent parsing error/n");        return -1;    }    if (!(  p_hex = (unsigned char*) BN_bn2hex((const BIGNUM*)rsa->q)  ))    {        printf("Private exponent parsing error/n");        return -1;    }    if (!(  q_hex = (unsigned char*) BN_bn2hex((const BIGNUM*)rsa->p)  ))    {        printf("Private exponent parsing error/n");        return -1;    }    printf("Public modulus:/n/t%s/n", n_hex);    printf("Private exponent:/n/t%s/n", d_hex);    printf("Prime p:/n/t%s/n", p_hex);    printf("Prime q:/n/t%s/n", q_hex);    // Import Key Pair    sc_cardctl_openpgp_keystore_info_t key_info;    key_info.keytype = SC_OPENPGP_KEY_ENCR;    key_info.keyformat = SC_OPENPGP_KEYFORMAT_STD;        /* n */    unsigned char* n_bin = (unsigned char*)calloc(1, modulus_length/8);    key_info.n_len = BN_bn2bin(rsa->n, n_bin);    key_info.n = n_bin;     /* e */    key_info.e = (u8*)calloc(1, 4);       hex_to_bin(e_hex, key_info.e, &(key_info.e_len));    /* p */    unsigned char* p_bin = (unsigned char*)calloc(1, strlen((const char*)p_hex)/2);    key_info.p_len = BN_bn2bin(rsa->p, p_bin);    key_info.p = p_bin;    /* q */    unsigned char* q_bin = (unsigned char*)calloc(1, strlen((const char*)q_hex)/2);    key_info.q_len = BN_bn2bin(rsa->q, q_bin);    key_info.q = q_bin;        printf("Lengths: n = %lu/ne= %lu/np = %lu/nq = %lu/n",key_info.n_len, key_info.e_len, key_info.p_len, key_info.q_len);    // List readers    int r;    card_t* card;    reader_list* readerList = (reader_list*)malloc(sizeof(reader_list));    r = pcsc_detect_readers(readerList);    if( !r==SC_SUCCESS)    {        printf("pcsc_detect_readers: %s/n",sc_strerror(r));        return -1;    }    connect_card(readerList->root->reader, &card);    card_init(card);    csVerifyAdminPIN(card, (unsigned char*)"12345678", 8);    if( (r = pgp_store_key(card, &key_info)) != 0)        printf("pgp_store_key error: %d/n",r);    // Cleanups//.........这里部分代码省略.........

static voideap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,				 struct eap_method_ret *ret,				 const struct wpabuf *reqData,				 const u8 *payload, size_t payload_len){	BIGNUM *x = NULL, *y = NULL;	struct crypto_hash *hash;	u32 cs;	u16 grp;	u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr;	int offset;	if (data->state != PWD_Confirm_Req) {		ret->ignore = TRUE;		goto fin;	}	if (payload_len != SHA256_MAC_LEN) {		wpa_printf(MSG_INFO,			   "EAP-pwd: Unexpected Confirm payload length %u (expected %u)",			   (unsigned int) payload_len, SHA256_MAC_LEN);		goto fin;	}	/*	 * first build up the ciphersuite which is group | random_function |	 *	prf	 */	grp = htons(data->group_num);	ptr = (u8 *) &cs;	os_memcpy(ptr, &grp, sizeof(u16));	ptr += sizeof(u16);	*ptr = EAP_PWD_DEFAULT_RAND_FUNC;	ptr += sizeof(u8);	*ptr = EAP_PWD_DEFAULT_PRF;	/* each component of the cruft will be at most as big as the prime */	if (((cruft = os_malloc(BN_num_bytes(data->grp->prime))) == NULL) ||	    ((x = BN_new()) == NULL) || ((y = BN_new()) == NULL)) {		wpa_printf(MSG_INFO, "EAP-PWD (server): confirm allocation "			   "fail");		goto fin;	}	/*	 * server's commit is H(k | server_element | server_scalar |	 *			peer_element | peer_scalar | ciphersuite)	 */	hash = eap_pwd_h_init();	if (hash == NULL)		goto fin;	/*	 * zero the memory each time because this is mod prime math and some	 * value may start with a few zeros and the previous one did not.	 */	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(data->k);	BN_bn2bin(data->k, cruft + offset);	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));	/* server element: x, y */	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,						 data->server_element, x, y,						 data->bnctx)) {		wpa_printf(MSG_INFO, "EAP-PWD (server): confirm point "			   "assignment fail");		goto fin;	}	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);	BN_bn2bin(x, cruft + offset);	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);	BN_bn2bin(y, cruft + offset);	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));	/* server scalar */	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));	offset = BN_num_bytes(data->grp->order) -		BN_num_bytes(data->server_scalar);	BN_bn2bin(data->server_scalar, cruft + offset);	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->order));	/* my element: x, y */	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,						 data->my_element, x, y,						 data->bnctx)) {		wpa_printf(MSG_INFO, "EAP-PWD (server): confirm point "			   "assignment fail");		goto fin;	}	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);	BN_bn2bin(x, cruft + offset);	eap_pwd_h_update(hash, cruft, BN_num_bytes(data->grp->prime));	os_memset(cruft, 0, BN_num_bytes(data->grp->prime));//.........这里部分代码省略.........

static int RSA_eay_public_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,	     unsigned char *to, RSA *rsa, int padding)	{	BIGNUM f,ret;	int i,j,k,num=0,r= -1;	unsigned char *buf=NULL;	BN_CTX *ctx=NULL;	BN_init(&f);	BN_init(&ret);	if(FIPS_selftest_failed())		{		FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);		goto err;		}	if ((ctx=BN_CTX_new()) == NULL) goto err;	num=BN_num_bytes(rsa->n);	if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)		{		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);		goto err;		}	switch (padding)		{	case RSA_PKCS1_PADDING:		i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);		break;#ifndef OPENSSL_NO_SHA	case RSA_PKCS1_OAEP_PADDING:	        i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);		break;#endif	case RSA_SSLV23_PADDING:		i=RSA_padding_add_SSLv23(buf,num,from,flen);		break;	case RSA_NO_PADDING:		i=RSA_padding_add_none(buf,num,from,flen);		break;	default:		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);		goto err;		}	if (i <= 0) goto err;	if (BN_bin2bn(buf,num,&f) == NULL) goto err;		if (BN_ucmp(&f, rsa->n) >= 0)		{			/* usually the padding functions would catch this */		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);		goto err;		}	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))		{		BN_MONT_CTX* bn_mont_ctx;		if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)			goto err;		if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))			{			BN_MONT_CTX_free(bn_mont_ctx);			goto err;			}		if (rsa->_method_mod_n == NULL) /* other thread may have finished first */			{			CRYPTO_w_lock(CRYPTO_LOCK_RSA);			if (rsa->_method_mod_n == NULL)				{				rsa->_method_mod_n = bn_mont_ctx;				bn_mont_ctx = NULL;				}			CRYPTO_w_unlock(CRYPTO_LOCK_RSA);			}		if (bn_mont_ctx)			BN_MONT_CTX_free(bn_mont_ctx);		}			if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,		rsa->_method_mod_n)) goto err;	/* put in leading 0 bytes if the number is less than the	 * length of the modulus */	j=BN_num_bytes(&ret);	i=BN_bn2bin(&ret,&(to[num-j]));	for (k=0; k<(num-i); k++)		to[k]=0;	r=num;err:	if (ctx != NULL) BN_CTX_free(ctx);	BN_clear_free(&f);	BN_clear_free(&ret);	if (buf != NULL) 		{		OPENSSL_cleanse(buf,num);		OPENSSL_free(buf);		}//.........这里部分代码省略.........

//.........这里部分代码省略.........				   "is at infinity!/n");			goto fin;		}	}	/* compute the shared key, k */	if ((!EC_POINT_mul(data->grp->group, K, NULL, data->grp->pwe,			   data->server_scalar, data->bnctx)) ||	    (!EC_POINT_add(data->grp->group, K, K, data->server_element,			   data->bnctx)) ||	    (!EC_POINT_mul(data->grp->group, K, NULL, K, data->private_value,			   data->bnctx))) {		wpa_printf(MSG_INFO, "EAP-PWD (peer): computing shared key "			   "fail");		goto fin;	}	/* ensure that the shared key isn't in a small sub-group */	if (BN_cmp(cofactor, BN_value_one())) {		if (!EC_POINT_mul(data->grp->group, K, NULL, K, cofactor,				  NULL)) {			wpa_printf(MSG_INFO, "EAP-PWD (peer): cannot multiply "				   "shared key point by order");			goto fin;		}	}	/*	 * This check is strictly speaking just for the case above where	 * co-factor > 1 but it was suggested that even though this is probably	 * never going to happen it is a simple and safe check "just to be	 * sure" so let's be safe.	 */	if (EC_POINT_is_at_infinity(data->grp->group, K)) {		wpa_printf(MSG_INFO, "EAP-PWD (peer): shared key point is at "			   "infinity!/n");		goto fin;	}	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, K, data->k,						 NULL, data->bnctx)) {		wpa_printf(MSG_INFO, "EAP-PWD (peer): unable to extract "			   "shared secret from point");		goto fin;	}	/* now do the response */	if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group,						 data->my_element, x, y,						 data->bnctx)) {		wpa_printf(MSG_INFO, "EAP-PWD (peer): point assignment fail");		goto fin;	}	if (((scalar = os_malloc(BN_num_bytes(data->grp->order))) == NULL) ||	    ((element = os_malloc(BN_num_bytes(data->grp->prime) * 2)) ==	     NULL)) {		wpa_printf(MSG_INFO, "EAP-PWD (peer): data allocation fail");		goto fin;	}	/*	 * bignums occupy as little memory as possible so one that is	 * sufficiently smaller than the prime or order might need pre-pending	 * with zeros.	 */	os_memset(scalar, 0, BN_num_bytes(data->grp->order));	os_memset(element, 0, BN_num_bytes(data->grp->prime) * 2);	offset = BN_num_bytes(data->grp->order) -		BN_num_bytes(data->my_scalar);	BN_bn2bin(data->my_scalar, scalar + offset);	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x);	BN_bn2bin(x, element + offset);	offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y);	BN_bn2bin(y, element + BN_num_bytes(data->grp->prime) + offset);	data->outbuf = wpabuf_alloc(BN_num_bytes(data->grp->order) +				    2 * BN_num_bytes(data->grp->prime));	if (data->outbuf == NULL)		goto fin;	/* we send the element as (x,y) follwed by the scalar */	wpabuf_put_data(data->outbuf, element,			2 * BN_num_bytes(data->grp->prime));	wpabuf_put_data(data->outbuf, scalar, BN_num_bytes(data->grp->order));fin:	os_free(scalar);	os_free(element);	BN_clear_free(x);	BN_clear_free(y);	BN_clear_free(cofactor);	EC_POINT_clear_free(K);	EC_POINT_clear_free(point);	if (data->outbuf == NULL)		eap_pwd_state(data, FAILURE);	else		eap_pwd_state(data, PWD_Confirm_Req);}

static void bn_to_bin(BIGNUM* bn, unsigned char* bin, int n) {    memset(bin, 0, n);    int m = BN_num_bytes(bn);    BN_bn2bin(bn, bin+n-m);}

/* Out: bytes_B, len_B. *  * On failure, bytes_B will be set to NULL and len_B will be set to 0 */struct SRPVerifier *  srp_verifier_new( SRP_HashAlgorithm alg, SRP_NGType ng_type, const char * username,                                        const unsigned char * bytes_s, int len_s,                                         const unsigned char * bytes_v, int len_v,                                        const unsigned char * bytes_A, int len_A,                                        const unsigned char ** bytes_B, int * len_B,                                        const char * n_hex, const char * g_hex ){    BIGNUM             *s    = BN_bin2bn(bytes_s, len_s, NULL);    BIGNUM             *v    = BN_bin2bn(bytes_v, len_v, NULL);    BIGNUM             *A    = BN_bin2bn(bytes_A, len_A, NULL);    BIGNUM             *u    = 0;    BIGNUM             *B    = BN_new();    BIGNUM             *S    = BN_new();    BIGNUM             *b    = BN_new();    BIGNUM             *k    = 0;    BIGNUM             *tmp1 = BN_new();    BIGNUM             *tmp2 = BN_new();    BN_CTX             *ctx  = BN_CTX_new();    int                 ulen = strlen(username) + 1;    NGConstant         *ng   = new_ng( ng_type, n_hex, g_hex );    struct SRPVerifier *ver  = 0;    *len_B   = 0;    *bytes_B = 0;        if( !s || !v || !A || !B || !S || !b || !tmp1 || !tmp2 || !ctx || !ng )       goto cleanup_and_exit;        ver = (struct SRPVerifier *) malloc( sizeof(struct SRPVerifier) );    if (!ver)       goto cleanup_and_exit;    init_random(); /* Only happens once */        ver->username = (char *) malloc( ulen );    ver->hash_alg = alg;    ver->ng       = ng;    if (!ver->username)    {       free(ver);       ver = 0;       goto cleanup_and_exit;    }        memcpy( (char*)ver->username, username, ulen );        ver->authenticated = 0;            /* SRP-6a safety check */    BN_mod(tmp1, A, ng->N, ctx);    if ( !BN_is_zero(tmp1) )    {       BN_rand(b, 256, -1, 0);              k = H_nn(alg, ng->N, ng->g);              /* B = kv + g^b */       BN_mul(tmp1, k, v, ctx);       BN_mod_exp(tmp2, ng->g, b, ng->N, ctx);       BN_add(B, tmp1, tmp2);              u = H_nn(alg, A, B);              /* S = (A *(v^u)) ^ b */       BN_mod_exp(tmp1, v, u, ng->N, ctx);       BN_mul(tmp2, A, tmp1, ctx);       BN_mod_exp(S, tmp2, b, ng->N, ctx);              hash_num(alg, S, ver->session_key);              calculate_M( alg, ng, ver->M, username, s, A, B, ver->session_key );       calculate_H_AMK( alg, ver->H_AMK, A, ver->M, ver->session_key );              *len_B   = BN_num_bytes(B);       *bytes_B = malloc( *len_B );              if( !*bytes_B )       {          free( (void*) ver->username );          free( ver );          ver = 0;          *len_B = 0;          goto cleanup_and_exit;       }              BN_bn2bin( B, (unsigned char *) *bytes_B );                 ver->bytes_B = *bytes_B;    }     cleanup_and_exit:    BN_free(s);    BN_free(v);    BN_free(A);//.........这里部分代码省略.........

TSS_RESULTmake_fake_key(TSS_HCONTEXT hContext, TSS_HKEY *hCAKey, RSA **rsa, int padding){	TSS_RESULT result;	UINT32 encScheme, size_n, pub_size;	BYTE n[2048];	TCPA_PUBKEY pubkey;	UINT32 blob_size, size;	BYTE *blob, pub_blob[1024];	switch (padding) {		case RSA_PKCS1_PADDING:			encScheme = TSS_ES_RSAESPKCSV15;			break;		case RSA_PKCS1_OAEP_PADDING:			encScheme = TSS_ES_RSAESOAEP_SHA1_MGF1;			break;		case RSA_NO_PADDING:			encScheme = TSS_ES_NONE;			break;		default:			return TSS_E_INTERNAL_ERROR;			break;	}		//Create CA Key Object	result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,	    TSS_KEY_TYPE_LEGACY|TSS_KEY_SIZE_2048, hCAKey);	if (result != TSS_SUCCESS) {		check("Tspi_Context_CreateObject", result);		return result;	}		// generate a software key to represent the CA's key	if ((*rsa = RSA_generate_key(2048, 65537, NULL, NULL)) == NULL) {		ERR_print_errors_fp(stdout);		return 254; // ?	}		// get the pub CA key	if ((size_n = BN_bn2bin((*rsa)->n, n)) <= 0) {		fprintf(stderr, "BN_bn2bin failed/n");		ERR_print_errors_fp(stdout);		RSA_free(*rsa);                return 254; // ?        }	result = Tspi_GetAttribData(*hCAKey, TSS_TSPATTRIB_KEY_BLOB,	    TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blob_size, &blob);	if (result != TSS_SUCCESS) {		check("Tspi_GetAttribData", result);		return result;	}	pub_size = blob_pubkey(pub_blob, 1024, blob, blob_size, n, size_n);	result = Tspi_SetAttribData(*hCAKey, TSS_TSPATTRIB_KEY_BLOB,	    TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, pub_size, pub_blob);	if (result != TSS_SUCCESS) {		check("Tspi_SetAttribData", result);		return result;	}		// set the CA key's algorithm	result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_KEY_INFO,				      TSS_TSPATTRIB_KEYINFO_ALGORITHM,				      TSS_ALG_RSA);	if (result != TSS_SUCCESS) {		check("Tspi_SetAttribUint32", result);		RSA_free(*rsa);		return result;	}		// set the CA key's number of primes	result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_RSAKEY_INFO,				      TSS_TSPATTRIB_KEYINFO_RSA_PRIMES,				      2);	if (result != TSS_SUCCESS) {		check("Tspi_SetAttribUint32", result);		RSA_free(*rsa);		return result;	}		// set the CA key's encryption scheme	result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_KEY_INFO,				      TSS_TSPATTRIB_KEYINFO_ENCSCHEME,				      encScheme);	if (result != TSS_SUCCESS) {		check("Tspi_SetAttribUint32", result);		RSA_free(*rsa);		return result;	}	return TSS_SUCCESS;}

*																			*****************************************************************************//* The keys for testing the RSA, DSA, and Elgamal implementations. The key    values may be extracted with the following code pasted into the    generateKey() function in ctx_dsa.c/ctx_rsa.c */#if 0{#include <stdio.h>BYTE buffer[ CRYPT_MAX_PKCSIZE ];int length, i;printf( "static const RSA_KEY FAR_BSS rsaTestKey = {/n" );length = BN_bn2bin( &contextInfoPtr->ctxPKC->rsaParam_n, buffer );printf( "/t/* n *//n/t%d,", BN_num_bits( &contextInfoPtr->ctxPKC->rsaParam_n ) );for( i = 0; i < length; i++ )	{ if( !( i % 8 ) ) printf( "/n/t  " );	printf( "0x%02X, ", buffer[ i ] ); }length = BN_bn2bin( &contextInfoPtr->ctxPKC->rsaParam_e, buffer );printf( "/n/n/t/* e *//n/t%d,", BN_num_bits( &contextInfoPtr->ctxPKC->rsaParam_e ) );for( i = 0; i < length; i++ )	{ if( !( i % 8 ) ) printf( "/n/t  " );	printf( "0x%02X, ", buffer[ i ] ); }length = BN_bn2bin( &contextInfoPtr->ctxPKC->rsaParam_d, buffer );printf( "/n/n/t/* d *//n/t%d,", BN_num_bits( &contextInfoPtr->ctxPKC->rsaParam_d ) );for( i = 0; i < length; i++ )	{ if( !( i % 8 ) ) printf( "/n/t  " );	printf( "0x%02X, ", buffer[ i ] ); }length = BN_bn2bin( &contextInfoPtr->ctxPKC->rsaParam_p, buffer );

//.........这里部分代码省略.........			}#endif			ERR_print_errors(bio_err);			BIO_printf(bio_err, "Error, DSA key generation failed/n");			goto end;		}	} else if (informat == FORMAT_ASN1)		dsa = d2i_DSAparams_bio(in, NULL);	else if (informat == FORMAT_PEM)		dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);	else {		BIO_printf(bio_err, "bad input format specified/n");		goto end;	}	if (dsa == NULL) {		BIO_printf(bio_err, "unable to load DSA parameters/n");		ERR_print_errors(bio_err);		goto end;	}	if (text) {		DSAparams_print(out, dsa);	}	if (C) {		unsigned char *data;		int l, len, bits_p;		len = BN_num_bytes(dsa->p);		bits_p = BN_num_bits(dsa->p);		data = malloc(len + 20);		if (data == NULL) {			perror("malloc");			goto end;		}		l = BN_bn2bin(dsa->p, data);		printf("static unsigned char dsa%d_p[] = {", bits_p);		for (i = 0; i < l; i++) {			if ((i % 12) == 0)				printf("/n/t");			printf("0x%02X, ", data[i]);		}		printf("/n/t};/n");		l = BN_bn2bin(dsa->q, data);		printf("static unsigned char dsa%d_q[] = {", bits_p);		for (i = 0; i < l; i++) {			if ((i % 12) == 0)				printf("/n/t");			printf("0x%02X, ", data[i]);		}		printf("/n/t};/n");		l = BN_bn2bin(dsa->g, data);		printf("static unsigned char dsa%d_g[] = {", bits_p);		for (i = 0; i < l; i++) {			if ((i % 12) == 0)				printf("/n/t");			printf("0x%02X, ", data[i]);		}		free(data);		printf("/n/t};/n/n");		printf("DSA *get_dsa%d()/n/t{/n", bits_p);		printf("/tDSA *dsa;/n/n");		printf("/tif ((dsa = DSA_new()) == NULL) return(NULL);/n");		printf("/tdsa->p = BN_bin2bn(dsa%d_p, sizeof(dsa%d_p), NULL);/n",		    bits_p, bits_p);

//.........这里部分代码省略.........        goto end;    }    if (text) {        DHparams_print(out, dh);# ifdef undef        printf("p=");        BN_print(stdout, dh->p);        printf("/ng=");        BN_print(stdout, dh->g);        printf("/n");        if (dh->length != 0)            printf("recommended private length=%ld/n", dh->length);# endif    }    if (check) {        if (!DH_check(dh, &i)) {            ERR_print_errors(bio_err);            goto end;        }        if (i & DH_CHECK_P_NOT_PRIME)            printf("p value is not prime/n");        if (i & DH_CHECK_P_NOT_SAFE_PRIME)            printf("p value is not a safe prime/n");        if (i & DH_UNABLE_TO_CHECK_GENERATOR)            printf("unable to check the generator value/n");        if (i & DH_NOT_SUITABLE_GENERATOR)            printf("the g value is not a generator/n");        if (i == 0)            printf("DH parameters appear to be ok./n");    }    if (C) {        unsigned char *data;        int len, l, bits;        len = BN_num_bytes(dh->p);        bits = BN_num_bits(dh->p);        data = (unsigned char *)OPENSSL_malloc(len);        if (data == NULL) {            perror("OPENSSL_malloc");            goto end;        }        l = BN_bn2bin(dh->p, data);        printf("static unsigned char dh%d_p[]={", bits);        for (i = 0; i < l; i++) {            if ((i % 12) == 0)                printf("/n/t");            printf("0x%02X,", data[i]);        }        printf("/n/t};/n");        l = BN_bn2bin(dh->g, data);        printf("static unsigned char dh%d_g[]={", bits);        for (i = 0; i < l; i++) {            if ((i % 12) == 0)                printf("/n/t");            printf("0x%02X,", data[i]);        }        printf("/n/t};/n/n");        printf("DH *get_dh%d()/n/t{/n", bits);        printf("/tDH *dh;/n/n");        printf("/tif ((dh=DH_new()) == NULL) return(NULL);/n");        printf("/tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);/n",               bits, bits);        printf("/tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);/n",               bits, bits);        printf("/tif ((dh->p == NULL) || (dh->g == NULL))/n");        printf("/t/treturn(NULL);/n");        printf("/treturn(dh);/n/t}/n");        OPENSSL_free(data);    }    if (!noout) {        if (outformat == FORMAT_ASN1)            i = i2d_DHparams_bio(out, dh);        else if (outformat == FORMAT_PEM)            i = PEM_write_bio_DHparams(out, dh);        else {            BIO_printf(bio_err, "bad output format specified for outfile/n");            goto end;        }        if (!i) {            BIO_printf(bio_err, "unable to write DH parameters/n");            ERR_print_errors(bio_err);            goto end;        }    }    ret = 0; end:    if (in != NULL)        BIO_free(in);    if (out != NULL)        BIO_free_all(out);    if (dh != NULL)        DH_free(dh);    apps_shutdown();    OPENSSL_EXIT(ret);}

//.........这里部分代码省略.........		if (ECDSA_verify(0, digest, 20, signature, sig_len - 1,			eckey) == 1)			{			BIO_printf(out, " failed/n");			goto builtin_err;			}		BIO_printf(out, ".");		(void)BIO_flush(out);		/* Modify a single byte of the signature: to ensure we don't		 * garble the ASN1 structure, we read the raw signature and		 * modify a byte in one of the bignums directly. */		sig_ptr = signature;		if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL)			{			BIO_printf(out, " failed/n");			goto builtin_err;			}		/* Store the two BIGNUMs in raw_buf. */		r_len = BN_num_bytes(ecdsa_sig->r);		s_len = BN_num_bytes(ecdsa_sig->s);		bn_len = (degree + 7) / 8;		if ((r_len > bn_len) || (s_len > bn_len))			{			BIO_printf(out, " failed/n");			goto builtin_err;			}		buf_len = 2 * bn_len;		if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)			goto builtin_err;		/* Pad the bignums with leading zeroes. */		memset(raw_buf, 0, buf_len);		BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);		BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);		/* Modify a single byte in the buffer. */		offset = raw_buf[10] % buf_len;		dirt   = raw_buf[11] ? raw_buf[11] : 1;		raw_buf[offset] ^= dirt;		/* Now read the BIGNUMs back in from raw_buf. */		if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||			(BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))			goto builtin_err;		sig_ptr2 = signature;		sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);		if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)			{			BIO_printf(out, " failed/n");			goto builtin_err;			}		/* Sanity check: undo the modification and verify signature. */		raw_buf[offset] ^= dirt;		if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||			(BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))			goto builtin_err;		sig_ptr2 = signature;		sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);		if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)			{			BIO_printf(out, " failed/n");			goto builtin_err;			}		BIO_printf(out, ".");

int main(int argc, char *argv[]){	int bitlens[] = { 8, 16, 32, 64, 128, 256, 512, 1024, 2048 };	BIGNUM *r_hw = BN_new();	BIGNUM *r_sw = BN_new();	BIGNUM *a = BN_new();	BIGNUM *b = BN_new();	BIGNUM *n = BN_new();	BigNumber *bn_r;	BigNumber *bn_a;	BigNumber *bn_b;	BigNumber *bn_n;	int i = 0;	int j = 0;	int fail = 0;	int total = 0;	BN_CTX *ctx = BN_CTX_new();	//bn_r = cop_bn_new_sz(256);	for (j = 0; j < (sizeof(bitlens) / sizeof(int)); j++) {		for (i = 0; i < NUM_TESTS; i++) {			//printf("test %d-%d/n", i, j);			// Generate random parameters			BN_pseudo_rand(n, bitlens[j], 0, 1);			BN_pseudo_rand(b, bitlens[j], 0, 0);			BN_pseudo_rand_range(a, n);			// Setup bignumbers			size_t a_sz = BN_num_bytes(a);			if (a_sz) {				bn_a = cop_bn_new_sz(BN_num_bytes(a));				BN_bn2bin(a, bn_a->number);			} else {				bn_a = cop_bn_new_int(0);			}			bn_b = cop_bn_new_sz(BN_num_bytes(b));			bn_n = cop_bn_new_sz(BN_num_bytes(n));			BN_bn2bin(b, bn_b->number);			BN_bn2bin(n, bn_n->number);			// Perform tests			TEST_CASE_ASYM(mod_add, madd);			TEST_CASE_ASYM(mod_sub, msub);			TEST_CASE_ASYM(mod_mul, mmul);			TEST_CASE_ASYM(mod_exp, mex);			// Free memory			cop_bn_free(bn_a);			cop_bn_free(bn_b);			cop_bn_free(bn_n);		}	}	cop_bn_free(bn_r);	BN_free(r_hw);	BN_free(r_sw);	BN_free(a);	BN_free(b);	BN_free(n);	BN_CTX_free(ctx);	printf("=== %s: %d/%d failures ===/n", argv[0], fail, total);	return fail;}

/* Un petit mod_exp */static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,			const BIGNUM *m, BN_CTX *ctx)	{	/* I need somewhere to store temporary serialised values for	 * use with the CryptoSwift API calls. A neat cheat - I'll use	 * BIGNUMs from the BN_CTX but access their arrays directly as	 * byte arrays <grin>. This way I don't have to clean anything	 * up. */	BIGNUM *modulus;	BIGNUM *exponent;	BIGNUM *argument;	BIGNUM *result;	SW_STATUS sw_status;	SW_LARGENUMBER arg, res;	SW_PARAM sw_param;	SW_CONTEXT_HANDLE hac;	int to_return, acquired; 	modulus = exponent = argument = result = NULL;	to_return = 0; /* expect failure */	acquired = 0; 	if(!get_context(&hac))		{		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_UNIT_FAILURE);		goto err;		}	acquired = 1;	/* Prepare the params */	BN_CTX_start(ctx);	modulus = BN_CTX_get(ctx);	exponent = BN_CTX_get(ctx);	argument = BN_CTX_get(ctx);	result = BN_CTX_get(ctx);	if(!result)		{		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_CTX_FULL);		goto err;		}	if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||		!bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))		{		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_EXPAND_FAIL);		goto err;		}	sw_param.type = SW_ALG_EXP;	sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,		(unsigned char *)modulus->d);	sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;	sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,		(unsigned char *)exponent->d);	sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;	/* Attach the key params */	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);	switch(sw_status)		{	case SW_OK:		break;	case SW_ERR_INPUT_SIZE:		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BAD_KEY_SIZE);		goto err;	default:		{		char tmpbuf[DECIMAL_SIZE(sw_status)+1];		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);		sprintf(tmpbuf, "%ld", sw_status);		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);		}		goto err;		}	/* Prepare the argument and response */	arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);	arg.value = (unsigned char *)argument->d;	res.nbytes = BN_num_bytes(m);	memset(result->d, 0, res.nbytes);	res.value = (unsigned char *)result->d;	/* Perform the operation */	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,		&res, 1)) != SW_OK)		{		char tmpbuf[DECIMAL_SIZE(sw_status)+1];		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);		sprintf(tmpbuf, "%ld", sw_status);		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);		goto err;		}	/* Convert the response */	BN_bin2bn((unsigned char *)result->d, res.nbytes, r);	to_return = 1;err:	if(acquired)		release_context(hac);	BN_CTX_end(ctx);	return to_return;	}

/*- * This implementation is based on the following primitives in the IEEE 1363 standard: *  - ECKAS-DH1 *  - ECSVDP-DH * Finally an optional KDF is applied. */static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,                            EC_KEY *ecdh,                            void *(*KDF) (const void *in, size_t inlen,                                          void *out, size_t *outlen)){    BN_CTX *ctx;    EC_POINT *tmp = NULL;    BIGNUM *x = NULL, *y = NULL;    const BIGNUM *priv_key;    const EC_GROUP *group;    int ret = -1;    size_t buflen, len;    unsigned char *buf = NULL;    if (outlen > INT_MAX) {        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); /* sort of,                                                                 * anyway */        return -1;    }    if ((ctx = BN_CTX_new()) == NULL)        goto err;    BN_CTX_start(ctx);    x = BN_CTX_get(ctx);    y = BN_CTX_get(ctx);    priv_key = EC_KEY_get0_private_key(ecdh);    if (priv_key == NULL) {        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);        goto err;    }    group = EC_KEY_get0_group(ecdh);    if ((tmp = EC_POINT_new(group)) == NULL) {        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);        goto err;    }    if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) {        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);        goto err;    }    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==        NID_X9_62_prime_field) {        if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) {            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);            goto err;        }    } else {        if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) {            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);            goto err;        }    }    buflen = (EC_GROUP_get_degree(group) + 7) / 8;    len = BN_num_bytes(x);    if (len > buflen) {        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);        goto err;    }    if ((buf = OPENSSL_malloc(buflen)) == NULL) {        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);        goto err;    }    memset(buf, 0, buflen - len);    if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) {        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);        goto err;    }    if (KDF != 0) {        if (KDF(buf, buflen, out, &outlen) == NULL) {            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_KDF_FAILED);            goto err;        }        ret = outlen;    } else {        /* no KDF, just copy as much as we can */        if (outlen > buflen)            outlen = buflen;        memcpy(out, buf, outlen);        ret = outlen;    } err:    if (tmp)        EC_POINT_free(tmp);    if (ctx)        BN_CTX_end(ctx);    if (ctx)        BN_CTX_free(ctx);//.........这里部分代码省略.........

/* Un petit mod_exp chinois */static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,			const BIGNUM *q, const BIGNUM *dmp1,			const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)	{	SW_STATUS sw_status;	SW_LARGENUMBER arg, res;	SW_PARAM sw_param;	SW_CONTEXT_HANDLE hac;	BIGNUM *result = NULL;	BIGNUM *argument = NULL;	int to_return = 0; /* expect failure */	int acquired = 0;	sw_param.up.crt.p.value = NULL;	sw_param.up.crt.q.value = NULL;	sw_param.up.crt.dmp1.value = NULL;	sw_param.up.crt.dmq1.value = NULL;	sw_param.up.crt.iqmp.value = NULL; 	if(!get_context(&hac))		{		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_UNIT_FAILURE);		goto err;		}	acquired = 1;	/* Prepare the params */	argument = BN_new();	result = BN_new();	if(!result || !argument)		{		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);		goto err;		}	sw_param.type = SW_ALG_CRT;	/************************************************************************/	/* 04/02/2003                                                           */	/* Modified by Frederic Giudicelli (deny-all.com) to overcome the       */	/* limitation of cswift with values not a multiple of 32                */	/************************************************************************/	if(!cswift_bn_32copy(&sw_param.up.crt.p, p))	{		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);		goto err;	}	if(!cswift_bn_32copy(&sw_param.up.crt.q, q))	{		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);		goto err;	}	if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))	{		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);		goto err;	}	if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))	{		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);		goto err;	}	if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))	{		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);		goto err;	}	if(	!bn_wexpand(argument, a->top) ||			!bn_wexpand(result, p->top + q->top))		{		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);		goto err;		}	/* Attach the key params */	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);	switch(sw_status)		{	case SW_OK:		break;	case SW_ERR_INPUT_SIZE:		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BAD_KEY_SIZE);		goto err;	default:		{		char tmpbuf[DECIMAL_SIZE(sw_status)+1];		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);		sprintf(tmpbuf, "%ld", sw_status);		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);		}		goto err;		}	/* Prepare the argument and response */	arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);	arg.value = (unsigned char *)argument->d;	res.nbytes = 2 * BN_num_bytes(p);	memset(result->d, 0, res.nbytes);	res.value = (unsigned char *)result->d;	/* Perform the operation *///.........这里部分代码省略.........

void tgl_do_send_accept_encr_chat (struct tgl_state *TLS, struct tgl_secret_chat *E, unsigned char *random, void (*callback)(struct tgl_state *TLS,void *callback_extra, int success, struct tgl_secret_chat *E), void *callback_extra) {  int i;  int ok = 0;  for (i = 0; i < 64; i++) {    if (E->key[i]) {      ok = 1;      break;    }  }  if (ok) {     if (callback) {      callback (TLS, callback_extra, 1, E);    }    return;   } // Already generated key for this chat  assert (E->g_key);  assert (TLS->BN_ctx);  unsigned char random_here[256];  tglt_secure_random (random_here, 256);  for (i = 0; i < 256; i++) {    random[i] ^= random_here[i];  }  BIGNUM *b = BN_bin2bn (random, 256, 0);  ensure_ptr (b);  BIGNUM *g_a = BN_bin2bn (E->g_key, 256, 0);  ensure_ptr (g_a);  assert (tglmp_check_g_a (TLS, TLS->encr_prime_bn, g_a) >= 0);  //if (!ctx) {  //  ctx = BN_CTX_new ();  //  ensure_ptr (ctx);  //}  BIGNUM *p = TLS->encr_prime_bn;  BIGNUM *r = BN_new ();  ensure_ptr (r);  ensure (BN_mod_exp (r, g_a, b, p, TLS->BN_ctx));  static unsigned char kk[256];  memset (kk, 0, sizeof (kk));  BN_bn2bin (r, kk + (256 - BN_num_bytes (r)));  static unsigned char sha_buffer[20];  sha1 (kk, 256, sha_buffer);  long long fingerprint = *(long long *)(sha_buffer + 12);  //bl_do_encr_chat_set_key (TLS, E, kk, *(long long *)(sha_buffer + 12));  //bl_do_encr_chat_set_sha (TLS, E, sha_buffer);  int state = sc_ok;  bl_do_encr_chat_new (TLS, tgl_get_peer_id (E->id),     NULL, NULL, NULL, NULL,     kk, NULL, sha_buffer, &state,     NULL, NULL, NULL, NULL, NULL,     &fingerprint,     TGL_FLAGS_UNCHANGED  );  clear_packet ();  out_int (CODE_messages_accept_encryption);  out_int (CODE_input_encrypted_chat);  out_int (tgl_get_peer_id (E->id));  out_long (E->access_hash);    ensure (BN_set_word (g_a, TLS->encr_root));  ensure (BN_mod_exp (r, g_a, b, p, TLS->BN_ctx));  static unsigned char buf[256];  memset (buf, 0, sizeof (buf));  BN_bn2bin (r, buf + (256 - BN_num_bytes (r)));  out_cstring ((void *)buf, 256);  out_long (E->key_fingerprint);  BN_clear_free (b);  BN_clear_free (g_a);  BN_clear_free (r);  tglq_send_query (TLS, TLS->DC_working, packet_ptr - packet_buffer, packet_buffer, &send_encr_accept_methods, E, callback, callback_extra);}

static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)	{	SW_CONTEXT_HANDLE hac;	SW_PARAM sw_param;	SW_STATUS sw_status;	SW_LARGENUMBER arg, res;	BN_CTX *ctx;	BIGNUM *dsa_p = NULL;	BIGNUM *dsa_q = NULL;	BIGNUM *dsa_g = NULL;	BIGNUM *dsa_key = NULL;	BIGNUM *result = NULL;	DSA_SIG *to_return = NULL;	int acquired = 0;	if((ctx = BN_CTX_new()) == NULL)		goto err;	if(!get_context(&hac))		{		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_UNIT_FAILURE);		goto err;		}	acquired = 1;	/* Prepare the params */	BN_CTX_start(ctx);	dsa_p = BN_CTX_get(ctx);	dsa_q = BN_CTX_get(ctx);	dsa_g = BN_CTX_get(ctx);	dsa_key = BN_CTX_get(ctx);	result = BN_CTX_get(ctx);	if(!result)		{		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_CTX_FULL);		goto err;		}	if(!bn_wexpand(dsa_p, dsa->p->top) ||			!bn_wexpand(dsa_q, dsa->q->top) ||			!bn_wexpand(dsa_g, dsa->g->top) ||			!bn_wexpand(dsa_key, dsa->priv_key->top) ||			!bn_wexpand(result, dsa->p->top))		{		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_EXPAND_FAIL);		goto err;		}	sw_param.type = SW_ALG_DSA;	sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,				(unsigned char *)dsa_p->d);	sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;	sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,				(unsigned char *)dsa_q->d);	sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;	sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,				(unsigned char *)dsa_g->d);	sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;	sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,				(unsigned char *)dsa_key->d);	sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;	/* Attach the key params */	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);	switch(sw_status)		{	case SW_OK:		break;	case SW_ERR_INPUT_SIZE:		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BAD_KEY_SIZE);		goto err;	default:		{		char tmpbuf[DECIMAL_SIZE(sw_status)+1];		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);		sprintf(tmpbuf, "%ld", sw_status);		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);		}		goto err;		}	/* Prepare the argument and response */	arg.nbytes = dlen;	arg.value = (unsigned char *)dgst;	res.nbytes = BN_num_bytes(dsa->p);	memset(result->d, 0, res.nbytes);	res.value = (unsigned char *)result->d;	/* Perform the operation */	sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,		&res, 1);	if(sw_status != SW_OK)		{		char tmpbuf[DECIMAL_SIZE(sw_status)+1];		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);		sprintf(tmpbuf, "%ld", sw_status);		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);		goto err;		}	/* Convert the response */	if((to_return = DSA_SIG_new()) == NULL)		goto err;	to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);	to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);err:	if(acquired)//.........这里部分代码省略.........

size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,                               unsigned char *buf, size_t len, BN_CTX *ctx){    size_t ret;    BN_CTX *new_ctx = NULL;    int used_ctx = 0;    BIGNUM *x, *y;    size_t field_len, i, skip;    if ((form != POINT_CONVERSION_COMPRESSED)            && (form != POINT_CONVERSION_UNCOMPRESSED)            && (form != POINT_CONVERSION_HYBRID))    {        ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);        goto err;    }    if (EC_POINT_is_at_infinity(group, point))    {        /* encodes to a single 0 octet */        if (buf != NULL)        {            if (len < 1)            {                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);                return 0;            }            buf[0] = 0;        }        return 1;    }    /* ret := required output buffer length */    field_len = BN_num_bytes(&group->field);    ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;    /* if 'buf' is NULL, just return required length */    if (buf != NULL)    {        if (len < ret)        {            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);            goto err;        }        if (ctx == NULL)        {            ctx = new_ctx = BN_CTX_new();            if (ctx == NULL)                return 0;        }        BN_CTX_start(ctx);        used_ctx = 1;        x = BN_CTX_get(ctx);        y = BN_CTX_get(ctx);        if (y == NULL) goto err;        if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;        if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))            buf[0] = form + 1;        else            buf[0] = form;        i = 1;        skip = field_len - BN_num_bytes(x);        if (skip > field_len)        {            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);            goto err;        }        while (skip > 0)        {            buf[i++] = 0;            skip--;        }        skip = BN_bn2bin(x, buf + i);        i += skip;        if (i != 1 + field_len)        {            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);            goto err;        }        if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID)        {            skip = field_len - BN_num_bytes(y);            if (skip > field_len)            {                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);                goto err;            }            while (skip > 0)            {                buf[i++] = 0;                skip--;            }//.........这里部分代码省略.........

static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,				DSA_SIG *sig, DSA *dsa)	{	SW_CONTEXT_HANDLE hac;	SW_PARAM sw_param;	SW_STATUS sw_status;	SW_LARGENUMBER arg[2], res;	unsigned long sig_result;	BN_CTX *ctx;	BIGNUM *dsa_p = NULL;	BIGNUM *dsa_q = NULL;	BIGNUM *dsa_g = NULL;	BIGNUM *dsa_key = NULL;	BIGNUM *argument = NULL;	int to_return = -1;	int acquired = 0;	if((ctx = BN_CTX_new()) == NULL)		goto err;	if(!get_context(&hac))		{		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_UNIT_FAILURE);		goto err;		}	acquired = 1;	/* Prepare the params */	BN_CTX_start(ctx);	dsa_p = BN_CTX_get(ctx);	dsa_q = BN_CTX_get(ctx);	dsa_g = BN_CTX_get(ctx);	dsa_key = BN_CTX_get(ctx);	argument = BN_CTX_get(ctx);	if(!argument)		{		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_CTX_FULL);		goto err;		}	if(!bn_wexpand(dsa_p, dsa->p->top) ||			!bn_wexpand(dsa_q, dsa->q->top) ||			!bn_wexpand(dsa_g, dsa->g->top) ||			!bn_wexpand(dsa_key, dsa->pub_key->top) ||			!bn_wexpand(argument, 40))		{		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_EXPAND_FAIL);		goto err;		}	sw_param.type = SW_ALG_DSA;	sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,				(unsigned char *)dsa_p->d);	sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;	sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,				(unsigned char *)dsa_q->d);	sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;	sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,				(unsigned char *)dsa_g->d);	sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;	sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,				(unsigned char *)dsa_key->d);	sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;	/* Attach the key params */	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);	switch(sw_status)		{	case SW_OK:		break;	case SW_ERR_INPUT_SIZE:		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BAD_KEY_SIZE);		goto err;	default:		{		char tmpbuf[DECIMAL_SIZE(sw_status)+1];		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);		sprintf(tmpbuf, "%ld", sw_status);		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);		}		goto err;		}	/* Prepare the argument and response */	arg[0].nbytes = dgst_len;	arg[0].value = (unsigned char *)dgst;	arg[1].nbytes = 40;	arg[1].value = (unsigned char *)argument->d;	memset(arg[1].value, 0, 40);	BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));	BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));	res.nbytes = 4; /* unsigned long */	res.value = (unsigned char *)(&sig_result);	/* Perform the operation */	sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,		&res, 1);	if(sw_status != SW_OK)		{		char tmpbuf[DECIMAL_SIZE(sw_status)+1];		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);		sprintf(tmpbuf, "%ld", sw_status);		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);		goto err;		}	/* Convert the response */	to_return = ((sig_result == 0) ? 0 : 1);//.........这里部分代码省略.........

//.........这里部分代码省略.........		}	if (i <= 0) goto err;	if (BN_bin2bn(buf,num,f) == NULL) goto err;		if (BN_ucmp(f, rsa->n) >= 0)		{			/* usually the padding functions would catch this */		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);		goto err;		}	if (!(rsa->flags & RSA_FLAG_NO_BLINDING))		{		blinding = rsa_get_blinding(rsa, &local_blinding, ctx);		if (blinding == NULL)			{			RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);			goto err;			}		}		if (blinding != NULL)		{		if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))			{			RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);			goto err;			}		if (!rsa_blinding_convert(blinding, f, unblind, ctx))			goto err;		}	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||		((rsa->p != NULL) &&		(rsa->q != NULL) &&		(rsa->dmp1 != NULL) &&		(rsa->dmq1 != NULL) &&		(rsa->iqmp != NULL)) )		{ 		if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;		}	else		{		BIGNUM local_d;		BIGNUM *d = NULL;				if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))			{			BN_init(&local_d);			d = &local_d;			BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);			}		else			d= rsa->d;		if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)			if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))				goto err;		if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,				rsa->_method_mod_n)) goto err;		}	if (blinding)		if (!rsa_blinding_invert(blinding, ret, unblind, ctx))			goto err;	if (padding == RSA_X931_PADDING)		{		BN_sub(f, rsa->n, ret);		if (BN_cmp(ret, f))			res = f;		else			res = ret;		}	else		res = ret;	/* put in leading 0 bytes if the number is less than the	 * length of the modulus */	j=BN_num_bytes(res);	i=BN_bn2bin(res,&(to[num-j]));	for (k=0; k<(num-i); k++)		to[k]=0;	r=num;err:	if (ctx != NULL)		{		BN_CTX_end(ctx);		BN_CTX_free(ctx);		}	if (buf != NULL)		{		OPENSSL_cleanse(buf,num);		OPENSSL_free(buf);		}	return(r);	}

int encrypt_and_send(byte * msg , const int length){			if(encType == PLAIN)	//send plain text	{		if(writeInPipe(outputChannel, (byte *) msg , length) < 0)		{			fprintf(stderr , " **** Communication phase write error **** /n/n");			return -1;			}			return 0;	}		if(encType == RSA512){		BIGNUM *message = BN_new();					byte fullMsg[RSA512_BYTE_LENGTH];				memset(fullMsg , 0 , sizeof(byte) * RSA512_BYTE_LENGTH);		memcpy(fullMsg , msg , sizeof(byte) * length);				message = BN_bin2bn((const unsigned char *) fullMsg, RSA512_BYTE_LENGTH , NULL);				rsaEXP(message , &client512Rsa);	//Encrypt with server RSA public key				BN_bn2bin(message , fullMsg);		if(writeInPipe(outputChannel, (byte *) fullMsg , RSA512_BYTE_LENGTH) < 0)		{			fprintf(stderr , " **** Communication phase write error **** /n/n");			return -1;			}				printf("RSA512 : %s/n", BN_bn2hex(message));		BN_free(message);				return 0;	}		if(encType == RSA64){		BIGNUM *message = BN_new();				byte fullMsg[RSA64_BYTE_LENGTH];				memset(fullMsg , 0 , sizeof(byte) * RSA64_BYTE_LENGTH);		memcpy(fullMsg , msg , sizeof(byte) * length);				message = BN_bin2bn((const unsigned char *) fullMsg, RSA64_BYTE_LENGTH , NULL);				rsaEXP(message , &client64Rsa);	//Encrypt with server RSA public key						BN_bn2bin(message , fullMsg);		if(writeInPipe(outputChannel, (byte *) fullMsg , RSA64_BYTE_LENGTH) < 0)		{			fprintf(stderr , " **** Communication phase write error **** /n/n");			return -1;			}				printf("RSA64 : %s/n", BN_bn2hex(message));		BN_free(message);				return 0;	}	}