自学教程：C++ BN_new函数代码示例

static int extract_dsa_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param){	int ret = 0;	DSA *dsa = NULL;	BIGNUM *pri = BN_new();	BIGNUM *pub = BN_new();	BN_CTX *ctx = BN_CTX_new();	int i, pri_size, pub_size, num_factors;	const unsigned char *pri_ptr;	unsigned char *pub_ptr;		if (!pri || !pub || !ctx) {		goto err;	}		if (!(dsa = (DSA *)X509_ALGOR_get1_DSA(master->pkey_algor))) {		goto err;	}	pri_size = BN_num_bytes(dsa->q);	pub_size = BN_num_bytes(dsa->p);		if ((num_factors = CPK_MAP_num_factors(master->map_algor)) <= 0) {		goto err;	}	if (M_ASN1_STRING_length(master->secret_factors) != pri_size * num_factors) {		goto err;	}		ASN1_STRING_free(param->public_factors);	if (!ASN1_STRING_set(param->public_factors, NULL, pub_size * num_factors)) {		goto err;	}		pri_ptr = M_ASN1_STRING_data(master->secret_factors);	pub_ptr = M_ASN1_STRING_data(param->public_factors);	memset(pub_ptr, 0, M_ASN1_STRING_length(param->public_factors));		for (i = 0; i < num_factors; i++) {			if (!BN_bin2bn(pri_ptr, pri_size, pri)) {			goto err;		}		if (BN_is_zero(pri) || BN_cmp(pri, dsa->q) >= 0) {			goto err;		}				if (!BN_mod_exp(pub, dsa->g, pri, dsa->p, ctx)) {			goto err;		}		if (!BN_bn2bin(pub, pub_ptr + pub_size - BN_num_bytes(pub))) {			goto err;		}				pri_ptr += pri_size;		pub_ptr += pub_size;	}		ret = 1;err:		if (dsa) DSA_free(dsa);	if (pri) BN_free(pri);	if (pub) BN_free(pub);	if (ctx) BN_CTX_free(ctx);	return ret;}

int__ops_elgamal_public_encrypt(uint8_t *g_to_k, uint8_t *encm,			const uint8_t *in,			size_t size,			const __ops_elgamal_pubkey_t *pubkey){	int	ret = 0;	int	k_bits;	BIGNUM	   *m;	BIGNUM	   *p;	BIGNUM	   *g;	BIGNUM	   *y;	BIGNUM	   *k;	BIGNUM	   *yk;	BIGNUM	   *c1;	BIGNUM	   *c2;	BN_CTX	   *tmp;	m = BN_bin2bn(in, (int)size, NULL);	p = pubkey->p;	g = pubkey->g;	y = pubkey->y;	k = BN_new();	yk = BN_new();	c1 = BN_new();	c2 = BN_new();	tmp = BN_CTX_new();	if (!m || !p || !g || !y || !k || !yk || !c1 || !c2 || !tmp) {		goto done;	}	/*	 * generate k	 */	k_bits = decide_k_bits(BN_num_bits(p));	if (!BN_rand(k, k_bits, 0, 0)) {		goto done;	}	/*	 * c1 = g^k c2 = m * y^k	 */	if (!BN_mod_exp(c1, g, k, p, tmp)) {		goto done;	}	if (!BN_mod_exp(yk, y, k, p, tmp)) {		goto done;	}	if (!BN_mod_mul(c2, m, yk, p, tmp)) {		goto done;	}	/* result */	BN_bn2bin(c1, g_to_k);	ret = BN_num_bytes(c1);	/* c1 = g^k */	BN_bn2bin(c2, encm);	ret += BN_num_bytes(c2); /* c2 = m * y^k */done:	if (tmp) {		BN_CTX_free(tmp);	}	if (c2) {		BN_clear_free(c2);	}	if (c1) {		BN_clear_free(c1);	}	if (yk) {		BN_clear_free(yk);	}	if (k) {		BN_clear_free(k);	}	if (g) {		BN_clear_free(g);	}	return ret;}

static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,                            BIGNUM **kinvp, BIGNUM **rp,                            const unsigned char *dgst, int dlen){    BN_CTX *ctx = NULL;    BIGNUM *k = NULL, *r = NULL, *X = NULL;    const BIGNUM *order;    EC_POINT *tmp_point = NULL;    const EC_GROUP *group;    int ret = 0;    int order_bits;    if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);        return 0;    }    if (!EC_KEY_can_sign(eckey)) {        ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);        return 0;    }    if (ctx_in == NULL) {        if ((ctx = BN_CTX_new()) == NULL) {            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);            return 0;        }    } else        ctx = ctx_in;    k = BN_new();               /* this value is later returned in *kinvp */    r = BN_new();               /* this value is later returned in *rp */    X = BN_new();    if (k == NULL || r == NULL || X == NULL) {        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);        goto err;    }    if ((tmp_point = EC_POINT_new(group)) == NULL) {        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);        goto err;    }    order = EC_GROUP_get0_order(group);    if (order == NULL) {        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);        goto err;    }    /* Preallocate space */    order_bits = BN_num_bits(order);    if (!BN_set_bit(k, order_bits)        || !BN_set_bit(r, order_bits)        || !BN_set_bit(X, order_bits))        goto err;    do {        /* get random k */        do            if (dgst != NULL) {                if (!BN_generate_dsa_nonce                    (k, order, EC_KEY_get0_private_key(eckey), dgst, dlen,                     ctx)) {                    ECerr(EC_F_ECDSA_SIGN_SETUP,                             EC_R_RANDOM_NUMBER_GENERATION_FAILED);                    goto err;                }            } else {                if (!BN_priv_rand_range(k, order)) {                    ECerr(EC_F_ECDSA_SIGN_SETUP,                             EC_R_RANDOM_NUMBER_GENERATION_FAILED);                    goto err;                }            }        while (BN_is_zero(k));        /* compute r the x-coordinate of generator * k */        if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);            goto err;        }        if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==            NID_X9_62_prime_field) {            if (!EC_POINT_get_affine_coordinates_GFp                (group, tmp_point, X, NULL, ctx)) {                ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);                goto err;            }        }#ifndef OPENSSL_NO_EC2M        else {                  /* NID_X9_62_characteristic_two_field */            if (!EC_POINT_get_affine_coordinates_GF2m(group,                                                      tmp_point, X, NULL,                                                      ctx)) {                ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);                goto err;            }        }#endif        if (!BN_nnmod(r, X, order, ctx)) {            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);//.........这里部分代码省略.........

/* solves ax == 1 (mod n) */BIGNUM *BN_mod_inverse(BIGNUM *in,	const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)	{	BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;	BIGNUM *ret=NULL;	int sign;	bn_check_top(a);	bn_check_top(n);	BN_CTX_start(ctx);	A = BN_CTX_get(ctx);	B = BN_CTX_get(ctx);	X = BN_CTX_get(ctx);	D = BN_CTX_get(ctx);	M = BN_CTX_get(ctx);	Y = BN_CTX_get(ctx);	T = BN_CTX_get(ctx);	if (T == NULL) goto err;	if (in == NULL)		R=BN_new();	else		R=in;	if (R == NULL) goto err;	BN_one(X);	BN_zero(Y);	if (BN_copy(B,a) == NULL) goto err;	if (BN_copy(A,n) == NULL) goto err;	A->neg = 0;	if (B->neg || (BN_ucmp(B, A) >= 0))		{		if (!BN_nnmod(B, B, A, ctx)) goto err;		}	sign = -1;	/* From  B = a mod |n|,  A = |n|  it follows that	 *	 *      0 <= B < A,	 *     -sign*X*a  ==  B   (mod |n|),	 *      sign*Y*a  ==  A   (mod |n|).	 */	if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048)))		{		/* Binary inversion algorithm; requires odd modulus.		 * This is faster than the general algorithm if the modulus		 * is sufficiently small (about 400 .. 500 bits on 32-bit		 * sytems, but much more on 64-bit systems) */		int shift;		while (!BN_is_zero(B))			{			/*			 *      0 < B < |n|,			 *      0 < A <= |n|,			 * (1) -sign*X*a  ==  B   (mod |n|),			 * (2)  sign*Y*a  ==  A   (mod |n|)			 */			/* Now divide  B  by the maximum possible power of two in the integers,			 * and divide  X  by the same value mod |n|.			 * When we're done, (1) still holds. */			shift = 0;			while (!BN_is_bit_set(B, shift)) /* note that 0 < B */				{				shift++;				if (BN_is_odd(X))					{					if (!BN_uadd(X, X, n)) goto err;					}				/* now X is even, so we can easily divide it by two */				if (!BN_rshift1(X, X)) goto err;				}			if (shift > 0)				{				if (!BN_rshift(B, B, shift)) goto err;				}			/* Same for  A  and  Y.  Afterwards, (2) still holds. */			shift = 0;			while (!BN_is_bit_set(A, shift)) /* note that 0 < A */				{				shift++;				if (BN_is_odd(Y))					{					if (!BN_uadd(Y, Y, n)) goto err;					}				/* now Y is even */				if (!BN_rshift1(Y, Y)) goto err;				}			if (shift > 0)				{				if (!BN_rshift(A, A, shift)) goto err;				}//.........这里部分代码省略.........

/* * compute a "random" secret point on an elliptic curve based * on the password and identities. */int compute_password_element(EAP_PWD_group *grp, u16 num,			     u8 *password, int password_len,			     u8 *id_server, int id_server_len,			     u8 *id_peer, int id_peer_len, u8 *token){	BIGNUM *x_candidate = NULL, *rnd = NULL, *cofactor = NULL;	HMAC_CTX ctx;	unsigned char pwe_digest[SHA256_DIGEST_LENGTH], *prfbuf = NULL, ctr;	int nid, is_odd, primebitlen, primebytelen, ret = 0;	switch (num) { /* from IANA registry for IKE D-H groups */        case 19:		nid = NID_X9_62_prime256v1;		break;        case 20:		nid = NID_secp384r1;		break;        case 21:		nid = NID_secp521r1;		break;        case 25:		nid = NID_X9_62_prime192v1;		break;        case 26:		nid = NID_secp224r1;		break;        default:		wpa_printf(MSG_INFO, "EAP-pwd: unsupported group %d", num);		return -1;	}	grp->pwe = NULL;	grp->order = NULL;	grp->prime = NULL;	if ((grp->group = EC_GROUP_new_by_curve_name(nid)) == NULL) {		wpa_printf(MSG_INFO, "EAP-pwd: unable to create EC_GROUP");		goto fail;	}	if (((rnd = BN_new()) == NULL) ||	    ((cofactor = BN_new()) == NULL) ||	    ((grp->pwe = EC_POINT_new(grp->group)) == NULL) ||	    ((grp->order = BN_new()) == NULL) ||	    ((grp->prime = BN_new()) == NULL) ||	    ((x_candidate = BN_new()) == NULL)) {		wpa_printf(MSG_INFO, "EAP-pwd: unable to create bignums");		goto fail;	}	if (!EC_GROUP_get_curve_GFp(grp->group, grp->prime, NULL, NULL, NULL))	{		wpa_printf(MSG_INFO, "EAP-pwd: unable to get prime for GFp "			   "curve");		goto fail;	}	if (!EC_GROUP_get_order(grp->group, grp->order, NULL)) {		wpa_printf(MSG_INFO, "EAP-pwd: unable to get order for curve");		goto fail;	}	if (!EC_GROUP_get_cofactor(grp->group, cofactor, NULL)) {		wpa_printf(MSG_INFO, "EAP-pwd: unable to get cofactor for "			   "curve");		goto fail;	}	primebitlen = BN_num_bits(grp->prime);	primebytelen = BN_num_bytes(grp->prime);	if ((prfbuf = os_malloc(primebytelen)) == NULL) {		wpa_printf(MSG_INFO, "EAP-pwd: unable to malloc space for prf "			   "buffer");		goto fail;	}	os_memset(prfbuf, 0, primebytelen);	ctr = 0;	while (1) {		if (ctr > 30) {			wpa_printf(MSG_INFO, "EAP-pwd: unable to find random "				   "point on curve for group %d, something's "				   "fishy", num);			goto fail;		}		ctr++;		/*		 * compute counter-mode password value and stretch to prime		 *    pwd-seed = H(token | peer-id | server-id | password |		 *		   counter)		 */		H_Init(&ctx);		H_Update(&ctx, token, sizeof(u32));		H_Update(&ctx, id_peer, id_peer_len);		H_Update(&ctx, id_server, id_server_len);		H_Update(&ctx, password, password_len);		H_Update(&ctx, &ctr, sizeof(ctr));		H_Final(&ctx, pwe_digest);//.........这里部分代码省略.........

int RSA_check_key(const RSA *key)	{	BIGNUM *i, *j, *k, *l, *m;	BN_CTX *ctx;	int r;	int ret=1;	if (!key->p || !key->q || !key->n || !key->e || !key->d)		{		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);		return 0;		}		i = BN_new();	j = BN_new();	k = BN_new();	l = BN_new();	m = BN_new();	ctx = BN_CTX_new();	if (i == NULL || j == NULL || k == NULL || l == NULL ||		m == NULL || ctx == NULL)		{		ret = -1;		RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);		goto err;		}		/* p prime? */	r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);	if (r != 1)		{		ret = r;		if (r != 0)			goto err;		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);		}		/* q prime? */	r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);	if (r != 1)		{		ret = r;		if (r != 0)			goto err;		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);		}		/* n = p*q? */	r = BN_mul(i, key->p, key->q, ctx);	if (!r) { ret = -1; goto err; }		if (BN_cmp(i, key->n) != 0)		{		ret = 0;		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);		}		/* d*e = 1  mod lcm(p-1,q-1)? */	r = BN_sub(i, key->p, BN_value_one());	if (!r) { ret = -1; goto err; }	r = BN_sub(j, key->q, BN_value_one());	if (!r) { ret = -1; goto err; }	/* now compute k = lcm(i,j) */	r = BN_mul(l, i, j, ctx);	if (!r) { ret = -1; goto err; }	r = BN_gcd(m, i, j, ctx);	if (!r) { ret = -1; goto err; }	r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */	if (!r) { ret = -1; goto err; }	r = BN_mod_mul(i, key->d, key->e, k, ctx);	if (!r) { ret = -1; goto err; }	if (!BN_is_one(i))		{		ret = 0;		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);		}		if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL)		{		/* dmp1 = d mod (p-1)? */		r = BN_sub(i, key->p, BN_value_one());		if (!r) { ret = -1; goto err; }		r = BN_mod(j, key->d, i, ctx);		if (!r) { ret = -1; goto err; }		if (BN_cmp(j, key->dmp1) != 0)			{			ret = 0;			RSAerr(RSA_F_RSA_CHECK_KEY,				RSA_R_DMP1_NOT_CONGRUENT_TO_D);			}			/* dmq1 = d mod (q-1)? */    		r = BN_sub(i, key->q, BN_value_one());		if (!r) { ret = -1; goto err; }//.........这里部分代码省略.........

RSA* readRSA(){  nfc_device *device = NULL;  MifareTag *tag = NULL;  MifareDESFireAID aid;  RSA *rsa = NULL;  uint8_t key_data_null[8] = { 0,0,0,0,0,0,0,0};  MifareDESFireKey defaultKey = mifare_desfire_des_key_new_with_version (key_data_null);  device = getRfidDevice();  if (!device)    return NULL;  tag = freefare_get_tags(device);  mifare_desfire_connect (tag[0]);  aid = mifare_desfire_aid_new(AID_NUMBER);  mifare_desfire_select_application (tag[0], aid);  if (authApplication(tag[0], defaultKeyNumber) < 0)  {    fprintf(stderr,"Falscher Key/n");    nfc_close(device);    return NULL;  }  if (!rsa)    rsa = RSA_new();  if (!rsa->n)    rsa->n = BN_new();  if (!rsa->d)    rsa->d = BN_new();  if (!rsa->e)    rsa->e = BN_new();  if (readBignum(tag[0],aid,rsa->n,0) < 0)  {    fprintf(stderr,"readBignum %d failed/n",0);    nfc_close(device);    return NULL;  }  if (readBignum(tag[0],aid,rsa->d,5) < 0)  {    fprintf(stderr,"readBignum %d failed/n",0);    nfc_close(device);    return NULL;  }  if (readBignum(tag[0],aid,rsa->e,10) < 0)  {    fprintf(stderr,"readBignum %d failed/n",0);    nfc_close(device);    return NULL;  }  nfc_close(device);  return rsa;}

BigNumber::BigNumber(){    _bn = BN_new();    _array = NULL;}

static EC_KEY *extract_ec_priv_key(CPK_MASTER_SECRET *master, const char *id){	int e = 1;	EC_KEY *ec_key = NULL;	const EC_GROUP *ec_group;	EC_POINT *pub_key = NULL;	BIGNUM *priv_key = BN_new();	BIGNUM *order = BN_new();	BIGNUM *bn = BN_new();	BN_CTX *ctx = BN_CTX_new();	int *index = NULL;	int i, num_indexes, bn_size;		if (!priv_key || !bn || !order || !ctx) {		goto err;	}		if (!(ec_key = X509_ALGOR_get1_EC_KEY(master->pkey_algor))) {		goto err;	}	ec_group = EC_KEY_get0_group(ec_key);	if (!(pub_key = EC_POINT_new(ec_group))) {		goto err;	}	if ((num_indexes = CPK_MAP_num_indexes(master->map_algor)) <= 0) {		goto err;	}	if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) {		goto err;	}			if (!CPK_MAP_str2index(master->map_algor, id, index)) {		goto err;	}		BN_zero(priv_key);	if (!(EC_GROUP_get_order(EC_KEY_get0_group(ec_key), order, ctx))) {		goto err;	}	bn_size = BN_num_bytes(order);		for (i = 0; i < num_indexes; i++) {		const unsigned char *p = 			M_ASN1_STRING_data(master->secret_factors) + 			bn_size * index[i];				if (!BN_bin2bn(p, bn_size, bn)) {			goto err;		}		if (BN_is_zero(bn) || BN_cmp(bn, order) >= 0) {			goto err;		}				if (!BN_mod_add(priv_key, priv_key, bn, order, ctx)) {			goto err;		}	}	if (!EC_KEY_set_private_key(ec_key, priv_key)) {		goto err;	}	if (!EC_POINT_mul(ec_group, pub_key, priv_key, NULL, NULL, ctx)) {		goto err;	}	if (!EC_KEY_set_public_key(ec_key, pub_key)) {		goto err;	}	e = 0;	err:	if (e && ec_key) {		EC_KEY_free(ec_key);		ec_key = NULL;	}	if (priv_key) BN_free(priv_key);	if (pub_key) EC_POINT_free(pub_key);	if (order) BN_free(order);	if (bn) BN_free(bn);	if (ctx) BN_CTX_free(ctx);	if (index) OPENSSL_free(index);	return ec_key;}

static int extract_ec_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param){	int ret = 0;	EC_KEY *ec_key = NULL;	const EC_GROUP *ec_group;	BIGNUM *bn = BN_new();	BIGNUM *order = BN_new();	BN_CTX *ctx = BN_CTX_new();	EC_POINT *pt = NULL;	int i, bn_size, pt_size, num_factors;	const unsigned char *bn_ptr;	unsigned char *pt_ptr;		if (!bn || !order || !ctx) {		goto err;	}		if (!(ec_key = X509_ALGOR_get1_EC_KEY(master->pkey_algor))) {		goto err;	}	ec_group = EC_KEY_get0_group(ec_key);	if (!(EC_GROUP_get_order(ec_group, order, ctx))) {		goto err;	}	bn_size = BN_num_bytes(order);	pt_size = bn_size + 1;		if ((num_factors = CPK_MAP_num_factors(master->map_algor)) <= 0) {		goto err;	}	if (M_ASN1_STRING_length(master->secret_factors) != bn_size * num_factors) {		goto err;	}	if (!ASN1_STRING_set(param->public_factors, NULL, pt_size * num_factors)) {		goto err;	}		bn_ptr = M_ASN1_STRING_data(master->secret_factors);	pt_ptr = M_ASN1_STRING_data(param->public_factors);	memset(pt_ptr, 0, M_ASN1_STRING_length(param->public_factors));		if (!(pt = EC_POINT_new(ec_group))) {		goto err;				}	for (i = 0; i < num_factors; i++) {		if (!BN_bin2bn(bn_ptr, bn_size, bn)) {			goto err;		}		if (BN_is_zero(bn) || BN_cmp(bn, order) >= 0) {			goto err;		}		if (!EC_POINT_mul(ec_group, pt, bn, NULL, NULL, ctx)) {			goto err;		}				if (!EC_POINT_point2oct(ec_group, pt, 			POINT_CONVERSION_COMPRESSED, pt_ptr, pt_size, ctx)) {			goto err;		}		bn_ptr += bn_size;		pt_ptr += pt_size;	}		ret = 1;err:		if (ec_key) EC_KEY_free(ec_key);	if (bn) BN_free(bn);	if (order) BN_free(order);	if (ctx) BN_CTX_free(ctx);	if (pt) EC_POINT_free(pt);	return ret;}

CPK_MASTER_SECRET *CPK_MASTER_SECRET_create(const char *domain_id,	EVP_PKEY *pkey, X509_ALGOR *map_algor){	int e = 1;	CPK_MASTER_SECRET *master = NULL;	BIGNUM *bn = NULL, *order = NULL;	X509_PUBKEY *pubkey = NULL;	int pkey_type;	int i, bn_size, num_factors;	unsigned char *bn_ptr;		if (strlen(domain_id) <= 0 || strlen(domain_id) > CPK_MAX_ID_LENGTH) {		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_ID_LENGTH);		goto err;	}		pkey_type = EVP_PKEY_id(pkey);	if (pkey_type == EVP_PKEY_DSA) {		if (!(order = ((DSA *)EVP_PKEY_get0(pkey))->q)) {			CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_BAD_ARGUMENT);			goto err;		}	} else if (pkey_type == EVP_PKEY_EC) {		const EC_GROUP *ec_group;		if (!(order = BN_new())) {			CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);			goto err;		}		ec_group = EC_KEY_get0_group((EC_KEY *)EVP_PKEY_get0(pkey));		if (!EC_GROUP_get_order(ec_group, order, NULL)) {			CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);			goto err;		}		//FIXME OPENSSL_assert		assert(EC_KEY_get0_public_key((EC_KEY *)EVP_PKEY_get0(pkey)) != NULL);	} else {		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_PKEY_TYPE);		goto err;			}	if (!(master = CPK_MASTER_SECRET_new())) {		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);		goto err;	}		master->version = 1;	if (!X509_NAME_add_entry_by_NID(master->id, NID_organizationName,		MBSTRING_UTF8, (unsigned char *)domain_id, -1, -1, 0)) {		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);		goto err;	}		/* 	 * convert EVP_PKEY to X509_ALGOR through X509_PUBKEY_set	 * X509_ALGOR_set0() is another choice but require more code	 */	// FIXME: X509_PUBKEY require pkey has a public key	if (!X509_PUBKEY_set(&pubkey, pkey)) {		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);		goto err;	}	X509_ALGOR_free(master->pkey_algor);	if (!(master->pkey_algor = X509_ALGOR_dup(pubkey->algor))) {		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);		goto err;	}			//FIXME: check the validity of CPK_MAP	X509_ALGOR_free(master->map_algor);	if (!(master->map_algor = X509_ALGOR_dup(map_algor))) {		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);		goto err;	}	if ((num_factors = CPK_MAP_num_factors(map_algor)) <= 0) {		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_MAP_ALGOR);		goto err;	}		/*	 * create secret factors, for both DSA and EC,	 * the private keys are both big integers, 	 */	bn_size = BN_num_bytes(order);	if (!ASN1_STRING_set(master->secret_factors, NULL, bn_size * num_factors)) {		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_ASN1_LIB);		goto err;	}	bn_ptr = M_ASN1_STRING_data(master->secret_factors);	memset(bn_ptr, 0, M_ASN1_STRING_length(master->secret_factors));		if (!(bn = BN_new())) {		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);		goto err;	}	for (i = 0; i < num_factors; i++) {		do {			if (!BN_rand_range(bn, order)) {				CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE,					ERR_R_RAND_LIB);				goto err;//.........这里部分代码省略.........

BigNumber::BigNumber()    : _bn(BN_new())    , _array(NULL){ }

static void JPAKE_ZKP_init(JPAKE_ZKP *zkp)    {    zkp->gr = BN_new();    zkp->b = BN_new();    }

static BIGNUM* NativeBN_BN_new(JNIEnv*, jclass) {    return BN_new();}

void JPAKE_STEP_PART_init(JPAKE_STEP_PART *p)    {    p->gx = BN_new();    JPAKE_ZKP_init(&p->zkpx);    }

ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,                               const BIGNUM *in_kinv, const BIGNUM *in_r,                               EC_KEY *eckey){    int ok = 0, i;    BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL;    const BIGNUM *order, *ckinv;    BN_CTX *ctx = NULL;    const EC_GROUP *group;    ECDSA_SIG *ret;    const BIGNUM *priv_key;    group = EC_KEY_get0_group(eckey);    priv_key = EC_KEY_get0_private_key(eckey);    if (group == NULL || priv_key == NULL) {        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);        return NULL;    }    if (!EC_KEY_can_sign(eckey)) {        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);        return NULL;    }    ret = ECDSA_SIG_new();    if (ret == NULL) {        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);        return NULL;    }    ret->r = BN_new();    ret->s = BN_new();    if (ret->r == NULL || ret->s == NULL) {        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);        goto err;    }    s = ret->s;    if ((ctx = BN_CTX_new()) == NULL ||        (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);        goto err;    }    order = EC_GROUP_get0_order(group);    if (order == NULL) {        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_EC_LIB);        goto err;    }    i = BN_num_bits(order);    /*     * Need to truncate digest if it is too long: first truncate whole bytes.     */    if (8 * dgst_len > i)        dgst_len = (i + 7) / 8;    if (!BN_bin2bn(dgst, dgst_len, m)) {        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);        goto err;    }    /* If still too long truncate remaining bits with a shift */    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);        goto err;    }    do {        if (in_kinv == NULL || in_r == NULL) {            if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len)) {                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_ECDSA_LIB);                goto err;            }            ckinv = kinv;        } else {            ckinv = in_kinv;            if (BN_copy(ret->r, in_r) == NULL) {                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);                goto err;            }        }        if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);            goto err;        }        if (!BN_mod_add_quick(s, tmp, m, order)) {            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);            goto err;        }        if (!BN_mod_mul(s, s, ckinv, order, ctx)) {            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);            goto err;        }        if (BN_is_zero(s)) {            /*             * if kinv and r have been supplied by the caller, don't             * generate new kinv and r values             */            if (in_kinv != NULL && in_r != NULL) {                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);                goto err;            }//.........这里部分代码省略.........

      extern_socket = -1;      ret = -1;      return ret;    }    fail = 0;    return ret;  }  return ret;}#ifdef LIBOPENSSLRSA *ssl_temp_rsa_cb(SSL * ssl, int export, int keylength) {  if (rsa == NULL) {#ifdef NO_RSA_LEGACY    RSA *private = RSA_new();    BIGNUM *f4 = BN_new();    BN_set_word(f4, RSA_F4);    RSA_generate_key_ex(rsa, 1024, f4, NULL);#else    rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL);#endif  }  return rsa;}int internal__hydra_connect_to_ssl(int socket) {  int err;  if (ssl_first) {

static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) {	printf("in ecdh test/n");	EC_KEY *a = NULL;    //EC_KEY is a structure	EC_KEY *b = NULL;	BIGNUM *x_a = NULL, *y_a = NULL, *x_b = NULL, *y_b = NULL;	char buf[12];	unsigned char *abuf = NULL, *bbuf = NULL;	int i, alen, blen, aout, bout, ret = 0;	const EC_GROUP *group;	a = EC_KEY_new_by_curve_name(nid);// creates a new key according to the curve specified//it fills in the EC_KEY structure // use function called EC_KEY *EC_KEY_new(void)//also use a function called EC_GROUP_new_by_curve_name() creates a EC_GROUP structure specified by a curve name (in form of a NID) */// the group returned is set in the EC_KEY structure.	b = EC_KEY_new_by_curve_name(nid);	if (a == NULL || b == NULL)		goto err;	group = EC_KEY_get0_group(a); //returns the EC_GROUP structure created by the EC_KEY structure//EC_GROUP structure is present in the EC_KEY structure.	if ((x_a = BN_new()) == NULL)		goto err;	//BN_new returns a pointer to the bignum	if ((y_a = BN_new()) == NULL)		goto err;	if ((x_b = BN_new()) == NULL)		goto err;	if ((y_b = BN_new()) == NULL)		goto err;	BIO_puts(out, "Testing key generation with ");	BIO_puts(out, text);#ifdef NOISY	printf ("noisy");	BIO_puts(out,"/n");	BIO_puts(out,"/n");	BIO_puts(out,"/n");#else	BIO_flush(out);#endif//public key number one is created here	if (!EC_KEY_generate_key(a))		goto err;	//pass the filled EC_KEY structure and it will create a public or private ec key.//it places the key in a->priv_key a->pub_key   /// PUBLIC AND PVT KEYS ARE GENERATED BY THE SCALAR MULTIPLICATION	printf("/n1 ) generating keys/n");	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))			== NID_X9_62_prime_field) {		if (!EC_POINT_get_affine_coordinates_GFp(group,				EC_KEY_get0_public_key(a), x_a, y_a, ctx))			goto err;	}	//returns the public key	else {		if (!EC_POINT_get_affine_coordinates_GF2m(group,				EC_KEY_get0_public_key(a), x_a, y_a, ctx))			goto err;	}	//BN_print_fp(stdout, a->pub_key);	printf("private key is : ");	BN_print_fp(stdout, EC_KEY_get0_private_key(a));	printf("/nAffine cordinates x:");	BN_print_fp(stdout, x_a);	printf("/nAffine cordinates y:");	BN_print_fp(stdout, y_a);	printf(			"/n2 ) generated keys , generated affine points x and y , and also determided the primse brinary case/n");#ifdef NOISY	printf("no generation");	BIO_puts(out,"  pri 1=");	BN_print(out,a->priv_key);	BIO_puts(out,"/n  pub 1=");	BN_print(out,x_a);	BIO_puts(out,",");	BN_print(out,y_a);	BIO_puts(out,"/n");#else	BIO_printf(out, " .");	BIO_flush(out);#endif//public key number two is created here	if (!EC_KEY_generate_key(b))		goto err;	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))			== NID_X9_62_prime_field) {		if (!EC_POINT_get_affine_coordinates_GFp(group,//.........这里部分代码省略.........

int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,	     int saltlen, int id, int iter, int n, unsigned char *out,	     const EVP_MD *md_type){	unsigned char *B, *D, *I, *p, *Ai;	int Slen, Plen, Ilen, Ijlen;	int i, j, u, v;	BIGNUM *Ij, *Bpl1;	/* These hold Ij and B + 1 */	EVP_MD_CTX ctx;#ifdef  DEBUG_KEYGEN	unsigned char *tmpout = out;	int tmpn = n;#endif#if 0	if (!pass) {		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);		return 0;	}#endif	EVP_MD_CTX_init(&ctx);#ifdef  DEBUG_KEYGEN	TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR, "KEYGEN DEBUG/n");	TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR, "ID %d, ITER %d/n", id, iter);	TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR, "Password (length %d):/n", passlen);	h__dump(pass, passlen);	TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR, "Salt (length %d):/n", saltlen);	h__dump(salt, saltlen);#endif	v = EVP_MD_block_size (md_type);	u = EVP_MD_size (md_type);	if (u < 0)	    return 0;	D = (unsigned char*)OPENSSL_malloc (v);	Ai = (unsigned char*)OPENSSL_malloc (u);	B = (unsigned char*)OPENSSL_malloc (v + 1);	Slen = v * ((saltlen+v-1)/v);	if(passlen) Plen = v * ((passlen+v-1)/v);	else Plen = 0;	Ilen = Slen + Plen;	I = (unsigned char*)OPENSSL_malloc (Ilen);	Ij = BN_new();	Bpl1 = BN_new();	if (!D || !Ai || !B || !I || !Ij || !Bpl1) {		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);		return 0;	}	for (i = 0; i < v; i++) D[i] = id;	p = I;	for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];	for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];	for (;;) {		EVP_DigestInit_ex(&ctx, md_type, NULL);		EVP_DigestUpdate(&ctx, D, v);		EVP_DigestUpdate(&ctx, I, Ilen);		EVP_DigestFinal_ex(&ctx, Ai, NULL);		for (j = 1; j < iter; j++) {			EVP_DigestInit_ex(&ctx, md_type, NULL);			EVP_DigestUpdate(&ctx, Ai, u);			EVP_DigestFinal_ex(&ctx, Ai, NULL);		}		TINYCLR_SSL_MEMCPY (out, Ai, min (n, u));		if (u >= n) {			OPENSSL_free (Ai);			OPENSSL_free (B);			OPENSSL_free (D);			OPENSSL_free (I);			BN_free (Ij);			BN_free (Bpl1);			EVP_MD_CTX_cleanup(&ctx);#ifdef DEBUG_KEYGEN			TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR, "Output KEY (length %d)/n", tmpn);			h__dump(tmpout, tmpn);#endif			return 1;			}		n -= u;		out += u;		for (j = 0; j < v; j++) B[j] = Ai[j % u];		/* Work out B + 1 first then can use B as tmp space */		BN_bin2bn (B, v, Bpl1);		BN_add_word (Bpl1, 1);		for (j = 0; j < Ilen ; j+=v) {			BN_bin2bn (I + j, v, Ij);			BN_add (Ij, Ij, Bpl1);			BN_bn2bin (Ij, B);			Ijlen = BN_num_bytes (Ij);			/* If more than 2^(v*8) - 1 cut off MSB */			if (Ijlen > v) {				BN_bn2bin (Ij, B);				TINYCLR_SSL_MEMCPY (I + j, B + 1, v);#ifndef PKCS12_BROKEN_KEYGEN			/* If less than v bytes pad with zeroes */			} else if (Ijlen < v) {				TINYCLR_SSL_MEMSET(I + j, 0, v - Ijlen);				BN_bn2bin(Ij, I + j + v - Ijlen); #endif			} else BN_bn2bin (Ij, I + j);		}//.........这里部分代码省略.........

int GOST_KEY_check_key(const GOST_KEY *key){    int ok = 0;    BN_CTX *ctx = NULL;    BIGNUM *order = NULL;    EC_POINT *point = NULL;    if (!key || !key->group || !key->pub_key) {        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);        return 0;    }    if (EC_POINT_is_at_infinity(key->group, key->pub_key)) {        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);        goto err;    }    if ((ctx = BN_CTX_new()) == NULL)        goto err;    if ((point = EC_POINT_new(key->group)) == NULL)        goto err;    /* testing whether the pub_key is on the elliptic curve */    if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) <= 0) {        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);        goto err;    }    /* testing whether pub_key * order is the point at infinity */    if ((order = BN_new()) == NULL)        goto err;    if (!EC_GROUP_get_order(key->group, order, ctx)) {        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);        goto err;    }    if (!EC_POINT_mul(key->group, point, NULL, key->pub_key, order, ctx)) {        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);        goto err;    }    if (!EC_POINT_is_at_infinity(key->group, point)) {        GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);        goto err;    }    /*     * in case the priv_key is present : check if generator * priv_key ==     * pub_key     */    if (key->priv_key) {        if (BN_cmp(key->priv_key, order) >= 0) {            GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);            goto err;        }        if (!EC_POINT_mul(key->group, point, key->priv_key, NULL, NULL, ctx)) {            GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);            goto err;        }        if (EC_POINT_cmp(key->group, point, key->pub_key, ctx) != 0) {            GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);            goto err;        }    }    ok = 1;err:    BN_free(order);    BN_CTX_free(ctx);    EC_POINT_free(point);    return (ok);}

int ssl_test_exp(int argc, char *argv[])	{	BN_CTX *ctx;	BIO *out=NULL;	int i,ret;	unsigned char c;	BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't	                                       * even check its return value	                                       * (which we should) */	ERR_load_BN_strings();	ctx=BN_CTX_new();	if (ctx == NULL) return(1);	r_mont=BN_new();	r_mont_const=BN_new();	r_recp=BN_new();	r_simple=BN_new();	a=BN_new();	b=BN_new();	m=BN_new();	if (	(r_mont == NULL) || (r_recp == NULL) ||		(a == NULL) || (b == NULL))		goto err;#ifndef OPENSSL_SYS_WINDOWS	out = BIO_new(BIO_s_mem());	if (out == NULL) return(1);	#else	out=BIO_new(BIO_s_file());	if (out == NULL) return(1);	BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE);#endif	for (i=0; i<200; i++)		{		RAND_bytes(&c,1);		c=(c%BN_BITS)-BN_BITS2;		BN_rand(a,NUM_BITS+c,0,0);		RAND_bytes(&c,1);		c=(c%BN_BITS)-BN_BITS2;		BN_rand(b,NUM_BITS+c,0,0);		RAND_bytes(&c,1);		c=(c%BN_BITS)-BN_BITS2;		BN_rand(m,NUM_BITS+c,0,1);		BN_mod(a,a,m,ctx);		BN_mod(b,b,m,ctx);		ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);		if (ret <= 0)			{			TINYCLR_SSL_PRINTF("BN_mod_exp_mont() problems/n");			ERR_print_errors(out);			return(1);			}		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);		if (ret <= 0)			{			TINYCLR_SSL_PRINTF("BN_mod_exp_recp() problems/n");			ERR_print_errors(out);			return(1);			}		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);		if (ret <= 0)			{			TINYCLR_SSL_PRINTF("BN_mod_exp_simple() problems/n");			ERR_print_errors(out);			return(1);			}		ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);		if (ret <= 0)			{			TINYCLR_SSL_PRINTF("BN_mod_exp_mont_consttime() problems/n");			ERR_print_errors(out);			return(1);			}		if (BN_cmp(r_simple, r_mont) == 0		    && BN_cmp(r_simple,r_recp) == 0			&& BN_cmp(r_simple,r_mont_const) == 0)			{			TINYCLR_SSL_PRINTF(".");			}		else		  	{			if (BN_cmp(r_simple,r_mont) != 0)				TINYCLR_SSL_PRINTF("/nsimple and mont results differ/n");			if (BN_cmp(r_simple,r_mont_const) != 0)				TINYCLR_SSL_PRINTF("/nsimple and mont const time results differ/n");			if (BN_cmp(r_simple,r_recp) != 0)//.........这里部分代码省略.........

void Decode_RSA(unsigned char *encData, int fd ,char *getData){	RSA *r;	BIGNUM *bne,*bnn,*bnd;	int bits = 1024, ret, len, flen, padding, i;	unsigned char *key, *p;	BIO *b;	/*unsigned char *encData;*/	unsigned char *decData,*tmpData;//加密后的数据/解密后的数据/临时指针       /* Key data */	unsigned long e = 75011;  	/* 构建RSA数据结构   */	bne = BN_new();  	bnd = BN_new();  	bnn = BN_new();  	ret = BN_set_word(bne, e);  	BN_hex2bn(&bnd, PRIVATE);  	BN_hex2bn(&bnn, MODULUS);  	r = RSA_new();  	r->e=bne;  	r->d=bnd;  	r->n=bnn;	/* output key */	/*RSA_print_fp(stdout, r, 5);*/	flen =  RSA_size(r);// - 11;   	/*encData =  (unsigned char *)malloc(flen);  */	/*bzero(encData, flen);//memset(encData, 0, flen);   */	//JCG("Begin RSA_private_decrypt /n");  	if(ret < 0){		JCG("Encrypt failed!/n");  		return;  	}  #if 0	tmpData=encData;	for  (i=0; i<ret; i++)	{		JDG("0x%02x, ", *tmpData);		if(i%16 == 7)			JDG("/t");		else if(i%16 == 15)			JDG("/n");		tmpData++;  	}	JDG("/n");#endif	flen =  RSA_size(r);// - 11;   	decData =  (unsigned char *)malloc(flen);  	bzero(decData, flen);//memset(encData, 0, flen);   	ret =  RSA_public_decrypt(flen, encData, decData, r,  RSA_NO_PADDING);  	if(ret < 0){  		JCG("RSA_public_decrypt failed!");  		return;	}  	sprintf(getData,"%s",decData);	free(decData);  	RSA_free(r);  }  

int__ops_elgamal_private_decrypt(uint8_t *out,				const uint8_t *g_to_k,				const uint8_t *in,				size_t length,				const __ops_elgamal_seckey_t *seckey,				const __ops_elgamal_pubkey_t *pubkey){	BIGNUM	*bndiv;	BIGNUM	*c1x;	BN_CTX	*tmp;	BIGNUM	*c1;	BIGNUM	*c2;	BIGNUM	*p;	BIGNUM	*x;	BIGNUM	*m;	int	 ret;	ret = 0;	/* c1 and c2 are in g_to_k and in, respectively*/	c1 = BN_bin2bn(g_to_k, (int)length, NULL);	c2 = BN_bin2bn(in, (int)length, NULL);	/* other bits */	p = pubkey->p;	x = seckey->x;	c1x = BN_new();	bndiv = BN_new();	m = BN_new();	tmp = BN_CTX_new();	if (!c1 || !c2 || !p || !x || !c1x || !bndiv || !m || !tmp) {		goto done;	}	/*	 * m = c2 / (c1^x)	 */	if (!BN_mod_exp(c1x, c1, x, p, tmp)) {		goto done;	}	if (!BN_mod_inverse(bndiv, c1x, p, tmp)) {		goto done;	}	if (!BN_mod_mul(m, c2, bndiv, p, tmp)) {		goto done;	}	/* result */	ret = BN_bn2bin(m, out);done:	if (tmp) {		BN_CTX_free(tmp);	}	if (m) {		BN_clear_free(m);	}	if (bndiv) {		BN_clear_free(bndiv);	}	if (c1x) {		BN_clear_free(c1x);	}	if (x) {		BN_clear_free(x);	}	if (p) {		BN_clear_free(p);	}	if (c1) {		BN_clear_free(c1);	}	if (c2) {		BN_clear_free(c2);	}	return ret;}

intssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,    const u_char *data, u_int datalen){	DSA_SIG *sig;	const EVP_MD *evp_md = EVP_sha1();	EVP_MD_CTX md;	u_char digest[EVP_MAX_MD_SIZE], *sigblob;	u_int len, dlen;	int rlen, ret;	Buffer b;	if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA &&	    key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) {		error("ssh_dss_verify: no DSA key");		return -1;	}	/* fetch signature */	if (datafellows & SSH_BUG_SIGBLOB) {		sigblob = xmalloc(signaturelen);		memcpy(sigblob, signature, signaturelen);		len = signaturelen;	} else {		/* ietf-drafts */		char *ktype;		buffer_init(&b);		buffer_append(&b, signature, signaturelen);		ktype = buffer_get_cstring(&b, NULL);		if (strcmp("ssh-dss", ktype) != 0) {			error("ssh_dss_verify: cannot handle type %s", ktype);			buffer_free(&b);			free(ktype);			return -1;		}		free(ktype);		sigblob = buffer_get_string(&b, &len);		rlen = buffer_len(&b);		buffer_free(&b);		if (rlen != 0) {			error("ssh_dss_verify: "			    "remaining bytes in signature %d", rlen);			free(sigblob);			return -1;		}	}	if (len != SIGBLOB_LEN) {		fatal("bad sigbloblen %u != SIGBLOB_LEN", len);	}	/* parse signature */	if ((sig = DSA_SIG_new()) == NULL)		fatal("ssh_dss_verify: DSA_SIG_new failed");	if ((sig->r = BN_new()) == NULL)		fatal("ssh_dss_verify: BN_new failed");	if ((sig->s = BN_new()) == NULL)		fatal("ssh_dss_verify: BN_new failed");	if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) ||	    (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL))		fatal("ssh_dss_verify: BN_bin2bn failed");	/* clean up */	memset(sigblob, 0, len);	free(sigblob);	/* sha1 the data */	EVP_DigestInit(&md, evp_md);	EVP_DigestUpdate(&md, data, datalen);	EVP_DigestFinal(&md, digest, &dlen);	ret = DSA_do_verify(digest, dlen, sig, key->dsa);	memset(digest, 'd', sizeof(digest));	DSA_SIG_free(sig);	debug("ssh_dss_verify: signature %s",	    ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error");	return ret;}