自学教程：C++ BN_rshift函数代码示例

int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,                       BN_CTX *ctx){    int retn = 0;#ifdef MONT_WORD    BIGNUM *t;    BN_CTX_start(ctx);    if ((t = BN_CTX_get(ctx)) && BN_copy(t, a))        retn = BN_from_montgomery_word(ret, t, mont);    BN_CTX_end(ctx);#else                           /* !MONT_WORD */    BIGNUM *t1, *t2;    BN_CTX_start(ctx);    t1 = BN_CTX_get(ctx);    t2 = BN_CTX_get(ctx);    if (t1 == NULL || t2 == NULL)        goto err;    if (!BN_copy(t1, a))        goto err;    BN_mask_bits(t1, mont->ri);    if (!BN_mul(t2, t1, &mont->Ni, ctx))        goto err;    BN_mask_bits(t2, mont->ri);    if (!BN_mul(t1, t2, &mont->N, ctx))        goto err;    if (!BN_add(t2, a, t1))        goto err;    if (!BN_rshift(ret, t2, mont->ri))        goto err;#if !defined(BRANCH_FREE) || BRANCH_FREE==0    if (BN_ucmp(ret, &(mont->N)) >= 0) {        if (!BN_usub(ret, ret, &(mont->N)))            goto err;    }#endif    retn = 1;    bn_check_top(ret); err:    BN_CTX_end(ctx);#endif                          /* MONT_WORD */    return (retn);}

static voidbsqrt(void){	struct number	*n;	struct number	*r;	BIGNUM		*x, *y;	u_int		scale, onecount;	BN_CTX		*ctx;	onecount = 0;	n = pop_number();	if (n == NULL) {		return;	}	if (BN_is_zero(n->number)) {		r = new_number();		push_number(r);	} else if (BN_is_negative(n->number))		warnx("square root of negative number");	else {		scale = max(bmachine.scale, n->scale);		normalize(n, 2*scale);		x = BN_dup(n->number);		bn_checkp(x);		bn_check(BN_rshift(x, x, BN_num_bits(x)/2));		y = BN_new();		bn_checkp(y);		ctx = BN_CTX_new();		bn_checkp(ctx);		for (;;) {			bn_checkp(BN_copy(y, x));			bn_check(BN_div(x, NULL, n->number, x, ctx));			bn_check(BN_add(x, x, y));			bn_check(BN_rshift1(x, x));			if (bsqrt_stop(x, y, &onecount))				break;		}		r = bmalloc(sizeof(*r));		r->scale = scale;		r->number = y;		BN_free(x);		BN_CTX_free(ctx);		push_number(r);	}	free_number(n);}

int test_rshift(BIO *bp,BN_CTX *ctx)	{	BIGNUM *a,*b,*c,*d,*e;	int i;	a=BN_new();	b=BN_new();	c=BN_new();	d=BN_new();	e=BN_new();	BN_one(c);	BN_bntest_rand(a,200,0,0); /**/	a->neg=rand_neg();	for (i=0; i<num0; i++)		{		BN_rshift(b,a,i+1);		BN_add(c,c,c);		if (bp != NULL)			{			if (!results)				{				BN_print(bp,a);				BIO_puts(bp," / ");				BN_print(bp,c);				BIO_puts(bp," - ");				}			BN_print(bp,b);			BIO_puts(bp,"/n");			}		BN_div(d,e,a,c,ctx);		BN_sub(d,d,b);		if(!BN_is_zero(d))		    {		    fprintf(stderr,"Right shift test failed!/n");		    return 0;		    }		}	BN_free(a);	BN_free(b);	BN_free(c);	BN_free(d);	BN_free(e);	return(1);	}

/* * rsa_get_exponent(): - Get the public exponent from an RSA key */static int rsa_get_exponent(RSA *key, uint64_t *e){	int ret;	BIGNUM *bn_te;	uint64_t te;	ret = -EINVAL;	bn_te = NULL;	if (!e)		goto cleanup;	if (BN_num_bits(key->e) > 64)		goto cleanup;	*e = BN_get_word(key->e);	if (BN_num_bits(key->e) < 33) {		ret = 0;		goto cleanup;	}	bn_te = BN_dup(key->e);	if (!bn_te)		goto cleanup;	if (!BN_rshift(bn_te, bn_te, 32))		goto cleanup;	if (!BN_mask_bits(bn_te, 32))		goto cleanup;	te = BN_get_word(bn_te);	te <<= 32;	*e |= te;	ret = 0;cleanup:	if (bn_te)		BN_free(bn_te);	return ret;}

// digest_to_bn interprets |digest_len| bytes from |digest| as a big-endian// number and sets |out| to that value. It then truncates |out| so that it's,// at most, as long as |order|. It returns one on success and zero otherwise.static int digest_to_bn(BIGNUM *out, const uint8_t *digest, size_t digest_len,                        const BIGNUM *order) {  size_t num_bits;  num_bits = BN_num_bits(order);  // Need to truncate digest if it is too long: first truncate whole  // bytes.  if (8 * digest_len > num_bits) {    digest_len = (num_bits + 7) / 8;  }  if (!BN_bin2bn(digest, digest_len, out)) {    OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);    return 0;  }  // If still too long truncate remaining bits with a shift  if ((8 * digest_len > num_bits) &&      !BN_rshift(out, out, 8 - (num_bits & 0x7))) {    OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);    return 0;  }  return 1;}

static int get_key_bignum(BIGNUM *num, int num_bits, uint32_t *key_mod){	BIGNUM *tmp, *big2, *big32, *big2_32;	BN_CTX *ctx;	int ret;	tmp = BN_new();	big2 = BN_new();	big32 = BN_new();	big2_32 = BN_new();	if (!tmp || !big2 || !big32 || !big2_32) {		fprintf(stderr, "Out of memory (bignum)/n");		return -1;	}	ctx = BN_CTX_new();	if (!tmp) {		fprintf(stderr, "Out of memory (bignum context)/n");		return -1;	}	BN_set_word(big2, 2L);	BN_set_word(big32, 32L);	BN_exp(big2_32, big2, big32, ctx); /* B = 2^32 */	for (ret = 0; ret <= 63; ret++) {		BN_mod(tmp, num, big2_32, ctx); /* n = N mod B */		key_mod[ret] = htonl(BN_get_word(tmp));		BN_rshift(num, num, 32); /*  N = N/B */	}	BN_free(tmp);	BN_free(big2);	BN_free(big32);	BN_free(big2_32);	return 0;}

int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,                            int do_trial_division, BN_GENCB *cb){    int i, j, ret = -1;    int k;    BN_CTX *ctx = NULL;    BIGNUM *A1, *A1_odd, *check; /* taken from ctx */    BN_MONT_CTX *mont = NULL;    if (BN_cmp(a, BN_value_one()) <= 0)        return 0;    if (checks == BN_prime_checks)        checks = BN_prime_checks_for_size(BN_num_bits(a));    /* first look for small factors */    if (!BN_is_odd(a))        /* a is even => a is prime if and only if a == 2 */        return BN_is_word(a, 2);    if (do_trial_division) {        for (i = 1; i < NUMPRIMES; i++) {            BN_ULONG mod = BN_mod_word(a, primes[i]);            if (mod == (BN_ULONG)-1)                goto err;            if (mod == 0)                return BN_is_word(a, primes[i]);        }        if (!BN_GENCB_call(cb, 1, -1))            goto err;    }    if (ctx_passed != NULL)        ctx = ctx_passed;    else if ((ctx = BN_CTX_new()) == NULL)        goto err;    BN_CTX_start(ctx);    A1 = BN_CTX_get(ctx);    A1_odd = BN_CTX_get(ctx);    check = BN_CTX_get(ctx);    if (check == NULL)        goto err;    /* compute A1 := a - 1 */    if (!BN_copy(A1, a))        goto err;    if (!BN_sub_word(A1, 1))        goto err;    if (BN_is_zero(A1)) {        ret = 0;        goto err;    }    /* write  A1  as  A1_odd * 2^k */    k = 1;    while (!BN_is_bit_set(A1, k))        k++;    if (!BN_rshift(A1_odd, A1, k))        goto err;    /* Montgomery setup for computations mod a */    mont = BN_MONT_CTX_new();    if (mont == NULL)        goto err;    if (!BN_MONT_CTX_set(mont, a, ctx))        goto err;    for (i = 0; i < checks; i++) {        if (!BN_priv_rand_range(check, A1))            goto err;        if (!BN_add_word(check, 1))            goto err;        /* now 1 <= check < a */        j = witness(check, a, A1, A1_odd, k, ctx, mont);        if (j == -1)            goto err;        if (j) {            ret = 0;            goto err;        }        if (!BN_GENCB_call(cb, 1, i))            goto err;    }    ret = 1; err:    if (ctx != NULL) {        BN_CTX_end(ctx);        if (ctx_passed == NULL)            BN_CTX_free(ctx);    }    BN_MONT_CTX_free(mont);    return ret;}

//.........这里部分代码省略.........		n1 = wnump[-1];		if(n0 == d0)			{ q = BN_MASK2; }		else            /* n0 < d0 */		{#ifdef BN_LLONG			BN_ULLONG t2;#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)			q = (BN_ULONG)(((((BN_ULLONG)n0) << BN_BITS2) | n1) / d0);#else			q = bn_div_words(n0, n1, d0);#endif#ifndef REMAINDER_IS_ALREADY_CALCULATED			/*			 * rem doesn't have to be BN_ULLONG. The least we			 * know it's less that d0, isn't it?			 */			rem = (n1 - q * d0)&BN_MASK2;#endif			t2 = (BN_ULLONG)d1 * q;			for(;;)			{				if(t2 <= ((((BN_ULLONG)rem) << BN_BITS2) | wnump[-2]))					{ break; }				q--;				rem += d0;				if(rem < d0) { break; }  /* don't let rem overflow */				t2 -= d1;			}#else /* !BN_LLONG */			BN_ULONG t2l, t2h, ql, qh;			q = bn_div_words(n0, n1, d0);#ifndef REMAINDER_IS_ALREADY_CALCULATED			rem = (n1 - q * d0)&BN_MASK2;#endif#ifdef BN_UMULT_HIGH			t2l = d1 * q;			t2h = BN_UMULT_HIGH(d1, q);#else			t2l = LBITS(d1);			t2h = HBITS(d1);			ql = LBITS(q);			qh = HBITS(q);			mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */#endif			for(;;)			{				if((t2h < rem) ||						((t2h == rem) && (t2l <= wnump[-2])))					{ break; }				q--;				rem += d0;				if(rem < d0) { break; }  /* don't let rem overflow */				if(t2l < d1) { t2h--; }				t2l -= d1;			}#endif /* !BN_LLONG */		}#endif /* !BN_DIV3W */		l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q);		wnum.d--;		wnum.top++;		tmp->d[div_n] = l0;		for(j = div_n + 1; j > 0; j--)			if(tmp->d[j - 1]) { break; }		tmp->top = j;		j = wnum.top;		BN_sub(&wnum, &wnum, tmp);		snum->top = snum->top + wnum.top - j;		if(wnum.neg)		{			q--;			j = wnum.top;			BN_add(&wnum, &wnum, sdiv);			snum->top += wnum.top - j;		}		*(resp--) = q;		wnump--;	}	if(rm != NULL)	{		BN_rshift(rm, snum, norm_shift);		rm->neg = num->neg;	}	BN_CTX_end(ctx);	return (1);err:	BN_CTX_end(ctx);	return (0);}

/* Returns -2 for errors because both -1 and 0 are valid results. */int BN_kronecker (const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx){    int i;    int ret = -2;                /* avoid 'uninitialized' warning */    int err = 0;    BIGNUM *A, *B, *tmp;    /* In 'tab', only odd-indexed entries are relevant:     * For any odd BIGNUM n,     *     tab[BN_lsw(n) & 7]     * is $(-1)^{(n^2-1)/8}$ (using TeX notation).     * Note that the sign of n does not matter.     */    static const int tab[8] = { 0, 1, 0, -1, 0, -1, 0, 1 };    bn_check_top (a);    bn_check_top (b);    BN_CTX_start (ctx);    A = BN_CTX_get (ctx);    B = BN_CTX_get (ctx);    if (B == NULL)        goto end;    err = !BN_copy (A, a);    if (err)        goto end;    err = !BN_copy (B, b);    if (err)        goto end;    /*     * Kronecker symbol, imlemented according to Henri Cohen,     * "A Course in Computational Algebraic Number Theory"     * (algorithm 1.4.10).     */    /* Cohen's step 1: */    if (BN_is_zero (B))    {        ret = BN_abs_is_word (A, 1);        goto end;    }    /* Cohen's step 2: */    if (!BN_is_odd (A) && !BN_is_odd (B))    {        ret = 0;        goto end;    }    /* now  B  is non-zero */    i = 0;    while (!BN_is_bit_set (B, i))        i++;    err = !BN_rshift (B, B, i);    if (err)        goto end;    if (i & 1)    {        /* i is odd */        /* (thus  B  was even, thus  A  must be odd!)  */        /* set 'ret' to $(-1)^{(A^2-1)/8}$ */        ret = tab[BN_lsw (A) & 7];    }    else    {        /* i is even */        ret = 1;    }    if (B->neg)    {        B->neg = 0;        if (A->neg)            ret = -ret;    }    /* now  B  is positive and odd, so what remains to be done is     * to compute the Jacobi symbol  (A/B)  and multiply it by 'ret' */    while (1)    {        /* Cohen's step 3: */        /*  B  is positive and odd */        if (BN_is_zero (A))        {            ret = BN_is_one (B) ? ret : 0;            goto end;        }//.........这里部分代码省略.........

int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) {  // See FIPS 186-4 appendix B.3. This function implements a generalized version  // of the FIPS algorithm. |RSA_generate_key_fips| performs additional checks  // for FIPS-compliant key generation.  // Always generate RSA keys which are a multiple of 128 bits. Round |bits|  // down as needed.  bits &= ~127;  // Reject excessively small keys.  if (bits < 256) {    OPENSSL_PUT_ERROR(RSA, RSA_R_KEY_SIZE_TOO_SMALL);    return 0;  }  // Reject excessively large public exponents. Windows CryptoAPI and Go don't  // support values larger than 32 bits, so match their limits for generating  // keys. (|check_modulus_and_exponent_sizes| uses a slightly more conservative  // value, but we don't need to support generating such keys.)  // https://github.com/golang/go/issues/3161  // https://msdn.microsoft.com/en-us/library/aa387685(VS.85).aspx  if (BN_num_bits(e_value) > 32) {    OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_E_VALUE);    return 0;  }  int ret = 0;  int prime_bits = bits / 2;  BN_CTX *ctx = BN_CTX_new();  if (ctx == NULL) {    goto bn_err;  }  BN_CTX_start(ctx);  BIGNUM *totient = BN_CTX_get(ctx);  BIGNUM *pm1 = BN_CTX_get(ctx);  BIGNUM *qm1 = BN_CTX_get(ctx);  BIGNUM *sqrt2 = BN_CTX_get(ctx);  BIGNUM *pow2_prime_bits_100 = BN_CTX_get(ctx);  BIGNUM *pow2_prime_bits = BN_CTX_get(ctx);  if (totient == NULL || pm1 == NULL || qm1 == NULL || sqrt2 == NULL ||      pow2_prime_bits_100 == NULL || pow2_prime_bits == NULL ||      !BN_set_bit(pow2_prime_bits_100, prime_bits - 100) ||      !BN_set_bit(pow2_prime_bits, prime_bits)) {    goto bn_err;  }  // We need the RSA components non-NULL.  if (!ensure_bignum(&rsa->n) ||      !ensure_bignum(&rsa->d) ||      !ensure_bignum(&rsa->e) ||      !ensure_bignum(&rsa->p) ||      !ensure_bignum(&rsa->q) ||      !ensure_bignum(&rsa->dmp1) ||      !ensure_bignum(&rsa->dmq1)) {    goto bn_err;  }  if (!BN_copy(rsa->e, e_value)) {    goto bn_err;  }  // Compute sqrt2 >= 
C++ BN_rshift1函数代码示例
C++ BN_rand_range函数代码示例