自学教程：C++ EC_KEY_free函数代码示例

//.........这里部分代码省略.........		if (cert->dh_tmp->priv_key) {			BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);			if (!b) {				SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);				goto err;			}			ret->dh_tmp->priv_key = b;		}		if (cert->dh_tmp->pub_key) {			BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);			if (!b) {				SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);				goto err;			}			ret->dh_tmp->pub_key = b;		}	}	ret->dh_tmp_cb = cert->dh_tmp_cb;	if (cert->ecdh_tmp) {		ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);		if (ret->ecdh_tmp == NULL) {			SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);			goto err;		}	}	ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;	ret->ecdh_tmp_auto = cert->ecdh_tmp_auto;	for (i = 0; i < SSL_PKEY_NUM; i++) {		if (cert->pkeys[i].x509 != NULL) {			ret->pkeys[i].x509 = cert->pkeys[i].x509;			CRYPTO_add(&ret->pkeys[i].x509->references, 1,			CRYPTO_LOCK_X509);		}		if (cert->pkeys[i].privatekey != NULL) {			ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;			CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,			CRYPTO_LOCK_EVP_PKEY);			switch (i) {				/*				 * If there was anything special to do for				 * certain types of keys, we'd do it here.				 * (Nothing at the moment, I think.)				 */			case SSL_PKEY_RSA_ENC:			case SSL_PKEY_RSA_SIGN:				/* We have an RSA key. */				break;			case SSL_PKEY_DSA_SIGN:				/* We have a DSA key. */				break;			case SSL_PKEY_DH_RSA:			case SSL_PKEY_DH_DSA:				/* We have a DH key. */				break;			case SSL_PKEY_ECC:				/* We have an ECC key */				break;			default:				/* Can't happen. */				SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);			}		}	}	/*	 * ret->extra_certs *should* exist, but currently the own certificate	 * chain is held inside SSL_CTX	 */	ret->references = 1;	/*	 * Set digests to defaults. NB: we don't copy existing values	 * as they will be set during handshake.	 */	ssl_cert_set_default_md(ret);	return (ret);err:	RSA_free(ret->rsa_tmp);	DH_free(ret->dh_tmp);	EC_KEY_free(ret->ecdh_tmp);	for (i = 0; i < SSL_PKEY_NUM; i++) {		if (ret->pkeys[i].x509 != NULL)			X509_free(ret->pkeys[i].x509);		EVP_PKEY_free(ret->pkeys[i].privatekey);	}	free (ret);	return NULL;}

//.........这里部分代码省略.........			plen = param->value.sequence->length;			if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))			{				EVPerr(EVP_F_EVP_PKCS82PKEY,					EVP_R_DECODE_ERROR);				goto ecerr;			}		}		else		{			EC_GROUP *group;			cp = p = param->value.object->data;			plen = param->value.object->length;			/* type == V_ASN1_OBJECT => the parameters are given			 * by an asn1 OID			 */			if ((eckey = EC_KEY_new()) == NULL)			{				EVPerr(EVP_F_EVP_PKCS82PKEY,					ERR_R_MALLOC_FAILURE);				goto ecerr;			}			group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));			if (group == NULL)				goto ecerr;			EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);			if (EC_KEY_set_group(eckey, group) == 0)				goto ecerr;			EC_GROUP_free(group);		}		/* We have parameters now set private key */		if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))		{			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);			goto ecerr;		}		/* calculate public key (if necessary) */		if (EC_KEY_get0_public_key(eckey) == NULL)		{			const BIGNUM *priv_key;			const EC_GROUP *group;			EC_POINT *pub_key;			/* the public key was not included in the SEC1 private			 * key => calculate the public key */			group   = EC_KEY_get0_group(eckey);			pub_key = EC_POINT_new(group);			if (pub_key == NULL)			{				EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);				goto ecerr;			}			if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))			{				EC_POINT_free(pub_key);				EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);				goto ecerr;			}			priv_key = EC_KEY_get0_private_key(eckey);			if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))			{				EC_POINT_free(pub_key);				EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);				goto ecerr;			}			if (EC_KEY_set_public_key(eckey, pub_key) == 0)			{				EC_POINT_free(pub_key);				EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);				goto ecerr;			}			EC_POINT_free(pub_key);		}		EVP_PKEY_assign_EC_KEY(pkey, eckey);		if (ctx)			BN_CTX_free(ctx);		break;ecerr:		if (ctx)			BN_CTX_free(ctx);		if (eckey)			EC_KEY_free(eckey);		if (pkey)			EVP_PKEY_free(pkey);		return NULL;#endif		default:		EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);		if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);		else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);		ERR_add_error_data(2, "TYPE=", obj_tmp);		EVP_PKEY_free (pkey);		return NULL;	}	return pkey;}

CKey::~CKey(){    EC_KEY_free(pkey);}

elliptic_curve_key::~elliptic_curve_key(){    if (key_ != nullptr)        EC_KEY_free(key_);}

int test_builtin(BIO *out){    EC_builtin_curve *curves = NULL;    size_t crv_len = 0, n = 0;    EC_KEY *eckey = NULL, *wrong_eckey = NULL;    EC_GROUP *group;    ECDSA_SIG *ecdsa_sig = NULL;    unsigned char digest[20], wrong_digest[20];    unsigned char *signature = NULL;    const unsigned char *sig_ptr;    unsigned char *sig_ptr2;    unsigned char *raw_buf = NULL;    unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;    int nid, ret = 0;    /* fill digest values with some random data */    if (RAND_bytes(digest, 20) <= 0 || RAND_bytes(wrong_digest, 20) <= 0) {        BIO_printf(out, "ERROR: unable to get random data/n");        goto builtin_err;    }    /*     * create and verify a ecdsa signature with every availble curve (with )     */    BIO_printf(out, "/ntesting ECDSA_sign() and ECDSA_verify() "               "with some internal curves:/n");    /* get a list of all internal curves */    crv_len = EC_get_builtin_curves(NULL, 0);    curves = OPENSSL_malloc(sizeof(*curves) * crv_len);    if (curves == NULL) {        BIO_printf(out, "malloc error/n");        goto builtin_err;    }    if (!EC_get_builtin_curves(curves, crv_len)) {        BIO_printf(out, "unable to get internal curves/n");        goto builtin_err;    }    /* now create and verify a signature for every curve */    for (n = 0; n < crv_len; n++) {        unsigned char dirt, offset;        nid = curves[n].nid;        if (nid == NID_ipsec4)            continue;        /* create new ecdsa key (== EC_KEY) */        if ((eckey = EC_KEY_new()) == NULL)            goto builtin_err;        group = EC_GROUP_new_by_curve_name(nid);        if (group == NULL)            goto builtin_err;        if (EC_KEY_set_group(eckey, group) == 0)            goto builtin_err;        EC_GROUP_free(group);        degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));        if (degree < 160) {            /* drop the curve */            EC_KEY_free(eckey);            eckey = NULL;            continue;        }        BIO_printf(out, "%s: ", OBJ_nid2sn(nid));        /* create key */        if (!EC_KEY_generate_key(eckey)) {            BIO_printf(out, " failed/n");            goto builtin_err;        }        /* create second key */        if ((wrong_eckey = EC_KEY_new()) == NULL)            goto builtin_err;        group = EC_GROUP_new_by_curve_name(nid);        if (group == NULL)            goto builtin_err;        if (EC_KEY_set_group(wrong_eckey, group) == 0)            goto builtin_err;        EC_GROUP_free(group);        if (!EC_KEY_generate_key(wrong_eckey)) {            BIO_printf(out, " failed/n");            goto builtin_err;        }        BIO_printf(out, ".");        (void)BIO_flush(out);        /* check key */        if (!EC_KEY_check_key(eckey)) {            BIO_printf(out, " failed/n");            goto builtin_err;        }        BIO_printf(out, ".");        (void)BIO_flush(out);        /* create signature */        sig_len = ECDSA_size(eckey);        if ((signature = OPENSSL_malloc(sig_len)) == NULL)            goto builtin_err;        if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) {            BIO_printf(out, " failed/n");            goto builtin_err;        }//.........这里部分代码省略.........

//.........这里部分代码省略.........	alen = KDF1_SHA1_len; ///it is a static constant integer.	abuf = (unsigned char *) OPENSSL_malloc(alen);	aout = ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(b), a,			KDF1_SHA1); //generating session key	//      BN_print(out, abuf);	//BIO_puts(out,"/n");#ifdef NOISY	BIO_puts(out,"  key1 =");	for (i=0; i<aout; i++)	{		sprintf(buf,"%02X",abuf[i]);		BIO_puts(out,buf);	}	BIO_puts(out,"/n");#else	BIO_printf(out, ".");	BIO_flush(out);#endif	blen = KDF1_SHA1_len;	bbuf = (unsigned char *) OPENSSL_malloc(blen);	bout = ECDH_compute_key(bbuf, blen, EC_KEY_get0_public_key(a), b,			KDF1_SHA1);//	BN_print(out, bbuf);//	BIO_puts(out,"/n");#ifdef NOISY	BIO_puts(out,"  key2 =");	for (i=0; i<bout; i++)	{		sprintf(buf,"%02X",bbuf[i]);		BIO_puts(out,buf);	}	BIO_puts(out,"/n");#else	BIO_printf(out, ".");	BIO_flush(out);#endif	if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) {#ifndef NOISY		BIO_printf(out, " failed/n/n");		BIO_printf(out, "key a:/n");		BIO_printf(out, "private key: ");		BN_print(out, EC_KEY_get0_private_key(a));		BIO_printf(out, "/n");		BIO_printf(out, "public key (x,y): ");		BN_print(out, x_a);		BIO_printf(out, ",");		BN_print(out, y_a);		BIO_printf(out, "/nkey b:/n");		BIO_printf(out, "private key: ");		BN_print(out, EC_KEY_get0_private_key(b));		BIO_printf(out, "/n");		BIO_printf(out, "public key (x,y): ");		BN_print(out, x_b);		BIO_printf(out, ",");		BN_print(out, y_b);		BIO_printf(out, "/n");		BIO_printf(out, "generated key a: ");		for (i = 0; i < bout; i++) {			sprintf(buf, "%02X", bbuf[i]);			BIO_puts(out, buf);		}		BIO_printf(out, "/n");		BIO_printf(out, "generated key b: ");		for (i = 0; i < aout; i++) {			sprintf(buf, "%02X", abuf[i]);			BIO_puts(out, buf);		}		BIO_printf(out, "/n");#endif		fprintf(stderr, "Error in ECDH routines/n");		ret = 0;	} else {#ifndef NOISY		BIO_printf(out, " ok/n");#endif		ret = 1;	}	err: ERR_print_errors_fp(stderr);	if (abuf != NULL)		OPENSSL_free(abuf);	if (bbuf != NULL)		OPENSSL_free(bbuf);	if (x_a)		BN_free(x_a);	if (y_a)		BN_free(y_a);	if (x_b)		BN_free(x_b);	if (y_b)		BN_free(y_b);	if (b)		EC_KEY_free(b);	if (a)		EC_KEY_free(a);	return (ret);}

int main(){	printf("OpenSSL version: %s/n", OPENSSL_VERSION_TEXT);	printf("Enter the number of keys: ");	fflush(stdout);	char stringMatch[31];	getLine(stringMatch);	unsigned long int i = strtol(stringMatch, NULL, 0);	printf("Enter a string of text for the key (30 max): ");	fflush(stdout);	getLine(stringMatch);	printf("Waiting for entropy... Move the cursor around.../n");	fflush(stdout);	char entropy[32];	FILE * f = fopen("/dev/random", "r");	if (fread(entropy, 32, 1, f) != 1){		printf("FAILURING GETTING ENTROPY!");		return 1;	}	RAND_add(entropy, 32, 32);	fclose(f);	printf("Making %lu addresses for /"%s/"/n/n", i, stringMatch);	EC_KEY * key = EC_KEY_new_by_curve_name(NID_secp256k1);	uint8_t * pubKey = NULL;	int pubSize = 0;	uint8_t * privKey = NULL;	int privSize = 0;	uint8_t * shaHash = malloc(32);	uint8_t * ripemdHash = malloc(20);	for (unsigned int x = 0; x < i;) {		if(! EC_KEY_generate_key(key)){			printf("GENERATE KEY FAIL/n"); 			return 1;		}		int pubSizeNew = i2o_ECPublicKey(key, NULL);		if(! pubSizeNew){			printf("PUB KEY TO DATA ZERO/n"); 			return 1;		}		if (pubSizeNew != pubSize) {			pubSize = pubSizeNew;			pubKey = realloc(pubKey, pubSize);		}		uint8_t * pubKey2 = pubKey;		if(i2o_ECPublicKey(key, &pubKey2) != pubSize){			printf("PUB KEY TO DATA FAIL/n");			return 1;		}		SHA256(pubKey, pubSize, shaHash);		RIPEMD160(shaHash, 32, ripemdHash);		CBAddress * address = CBNewAddressFromRIPEMD160Hash(ripemdHash, CB_PRODUCTION_NETWORK_BYTE, false, err);		CBByteArray * string = CBChecksumBytesGetString(CBGetChecksumBytes(address));		CBReleaseObject(address);		bool match = true;		uint8_t offset = 1;		size_t matchSize = strlen(stringMatch);		for (uint8_t y = 0; y < matchSize;) {			char other = islower(stringMatch[y]) ? toupper(stringMatch[y]) : (isupper(stringMatch[y])? tolower(stringMatch[y]) : '/0');			if (CBByteArrayGetByte(string, y+offset) != stringMatch[y] && CBByteArrayGetByte(string, y+offset) != other) {				offset++;				y = 0;				if (string->length < matchSize + offset) {					match = false;					break;				}			}else y++;		}		if (match) {			// Get private key			const BIGNUM * privKeyNum = EC_KEY_get0_private_key(key);			if (! privKeyNum) {				printf("PRIV KEY TO BN FAIL/n");			}			int privSizeNew = BN_num_bytes(privKeyNum);			if (privSizeNew != privSize) {				privSize = privSizeNew;				privKey = realloc(privKey, privSize);			}			int res = BN_bn2bin(privKeyNum, privKey);			if (res != privSize) {				printf("PRIV KEY TO DATA FAIL/n");			}			// Print data to stdout			printf("Private key (hex): ");			for (int x = 0; x < privSize; x++) {				printf(" %.2X", privKey[x]);			}			printf("/nPublic key (hex): ");			for (int x = 0; x < pubSize; x++) {				printf(" %.2X", pubKey[x]);			}			printf("/nAddress (base-58): %s/n/n", CBByteArrayGetData(string));			x++; // Move to next		}		CBReleaseObject(string);	}	free(shaHash);	free(ripemdHash);	EC_KEY_free(key);	return 0;}

//.........这里部分代码省略.........		if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_RSA) {			lwsl_err("%s: RSA jwk, non-RSA privkey/n", __func__);			goto bail;		}		rsapriv = EVP_PKEY_get1_RSA(pkey);		if (!rsapriv) {			lwsl_notice("%s: missing RSA key/n", __func__);			goto bail;		}#if defined(LWS_HAVE_RSA_SET0_KEY)		RSA_get0_key(rsapriv, (const BIGNUM **)&dummy[0], /* n */				      (const BIGNUM **)&dummy[1], /* e */				      (const BIGNUM **)&mpi);	  /* d */		RSA_get0_factors(rsapriv, (const BIGNUM **)&dummy[4],  /* p */					  (const BIGNUM **)&dummy[5]); /* q */#else		dummy[0] = rsapriv->n;		dummy[1] = rsapriv->e;		dummy[4] = rsapriv->p;		dummy[5] = rsapriv->q;		mpi = rsapriv->d;#endif		/* quick size check first */		n = BN_num_bytes(mpi);		if (jwk->e[LWS_GENCRYPTO_RSA_KEYEL_N].len != (uint32_t)n) {			lwsl_err("%s: jwk key size doesn't match/n", __func__);			goto bail1;		}		/* then check that n & e match what we got from the cert */		dummy[2] = BN_bin2bn(jwk->e[LWS_GENCRYPTO_RSA_KEYEL_N].buf,				     jwk->e[LWS_GENCRYPTO_RSA_KEYEL_N].len,				     NULL);		dummy[3] = BN_bin2bn(jwk->e[LWS_GENCRYPTO_RSA_KEYEL_E].buf,				     jwk->e[LWS_GENCRYPTO_RSA_KEYEL_E].len,				     NULL);		m = BN_cmp(dummy[2], dummy[0]) | BN_cmp(dummy[3], dummy[1]);		BN_clear_free(dummy[2]);		BN_clear_free(dummy[3]);		if (m) {			lwsl_err("%s: privkey doesn't match jwk pubkey/n",				 __func__);			goto bail1;		}		/* accept d from the PEM privkey into the JWK */		jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].len = n;		jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf = lws_malloc(n, "privjk");		if (!jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf)			goto bail1;		BN_bn2bin(mpi, jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf);		/* accept p and q from the PEM privkey into the JWK */		jwk->e[LWS_GENCRYPTO_RSA_KEYEL_P].len = BN_num_bytes(dummy[4]);		jwk->e[LWS_GENCRYPTO_RSA_KEYEL_P].buf = lws_malloc(n, "privjk");		if (!jwk->e[LWS_GENCRYPTO_RSA_KEYEL_P].buf) {			lws_free_set_NULL(jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf);			goto bail1;		}		BN_bn2bin(dummy[4], jwk->e[LWS_GENCRYPTO_RSA_KEYEL_P].buf);		jwk->e[LWS_GENCRYPTO_RSA_KEYEL_Q].len = BN_num_bytes(dummy[5]);		jwk->e[LWS_GENCRYPTO_RSA_KEYEL_Q].buf = lws_malloc(n, "privjk");		if (!jwk->e[LWS_GENCRYPTO_RSA_KEYEL_Q].buf) {			lws_free_set_NULL(jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf);			lws_free_set_NULL(jwk->e[LWS_GENCRYPTO_RSA_KEYEL_P].buf);			goto bail1;		}		BN_bn2bin(dummy[5], jwk->e[LWS_GENCRYPTO_RSA_KEYEL_Q].buf);		break;	default:		lwsl_err("%s: JWK has unknown kty %d/n", __func__, jwk->kty);		return -1;	}	ret = 0;bail1:	if (jwk->kty == LWS_GENCRYPTO_KTY_EC)		EC_KEY_free(ecpriv);	else		RSA_free(rsapriv);bail:	EVP_PKEY_free(pkey);	return ret;}

//.........这里部分代码省略.........		fatal("%s: EC_KEY_new_by_curve_name failed", __func__);	if (EC_KEY_generate_key(server_key) != 1)		fatal("%s: EC_KEY_generate_key failed", __func__);	group = EC_KEY_get0_group(server_key);#ifdef DEBUG_KEXECDH	fputs("server private key:/n", stderr);	key_dump_ec_key(server_key);#endif	if (kex->load_host_public_key == NULL ||	    kex->load_host_private_key == NULL)		fatal("Cannot load hostkey");	server_host_public = kex->load_host_public_key(kex->hostkey_type);	if (server_host_public == NULL)		fatal("Unsupported hostkey type %d", kex->hostkey_type);	server_host_private = kex->load_host_private_key(kex->hostkey_type);	if (server_host_private == NULL)		fatal("Missing private key for hostkey type %d",		    kex->hostkey_type);	debug("expecting SSH2_MSG_KEX_ECDH_INIT");	packet_read_expect(SSH2_MSG_KEX_ECDH_INIT);	if ((client_public = EC_POINT_new(group)) == NULL)		fatal("%s: EC_POINT_new failed", __func__);	packet_get_ecpoint(group, client_public);	packet_check_eom();	if (key_ec_validate_public(group, client_public) != 0)		fatal("%s: invalid client public key", __func__);#ifdef DEBUG_KEXECDH	fputs("client public key:/n", stderr);	key_dump_ec_point(group, client_public);#endif	/* Calculate shared_secret */	klen = (EC_GROUP_get_degree(group) + 7) / 8;	kbuf = xmalloc(klen);	if (ECDH_compute_key(kbuf, klen, client_public,	    server_key, NULL) != (int)klen)		fatal("%s: ECDH_compute_key failed", __func__);#ifdef DEBUG_KEXDH	dump_digest("shared secret", kbuf, klen);#endif	if ((shared_secret = BN_new()) == NULL)		fatal("%s: BN_new failed", __func__);	if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)		fatal("%s: BN_bin2bn failed", __func__);	memset(kbuf, 0, klen);	free(kbuf);	/* calc H */	key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);	kex_ecdh_hash(	    kex->evp_md,	    group,	    kex->client_version_string,	    kex->server_version_string,	    buffer_ptr(&kex->peer), buffer_len(&kex->peer),	    buffer_ptr(&kex->my), buffer_len(&kex->my),	    server_host_key_blob, sbloblen,	    client_public,	    EC_KEY_get0_public_key(server_key),	    shared_secret,	    &hash, &hashlen	);	EC_POINT_clear_free(client_public);	/* save session id := H */	if (kex->session_id == NULL) {		kex->session_id_len = hashlen;		kex->session_id = xmalloc(kex->session_id_len);		memcpy(kex->session_id, hash, kex->session_id_len);	}	/* sign H */	if (PRIVSEP(key_sign(server_host_private, &signature, &slen,	    hash, hashlen)) < 0)		fatal("kexdh_server: key_sign failed");	/* destroy_sensitive_data(); */	/* send server hostkey, ECDH pubkey 'Q_S' and signed H */	packet_start(SSH2_MSG_KEX_ECDH_REPLY);	packet_put_string(server_host_key_blob, sbloblen);	packet_put_ecpoint(group, EC_KEY_get0_public_key(server_key));	packet_put_string(signature, slen);	packet_send();	free(signature);	free(server_host_key_blob);	/* have keys, free server key */	EC_KEY_free(server_key);	kex_derive_keys(kex, hash, hashlen, shared_secret);	BN_clear_free(shared_secret);	kex_finish(kex);}

//.........这里部分代码省略.........    /* Fetch the curve parameters */    if (!EC_GROUP_get_curve_GFp(EC_KEY_get0_group(static_key), p, a, b, bn_ctx))        goto err;    /* Assign constants */    if (    !BN_set_word(two,2)||            !BN_set_word(three,3)||            !BN_set_word(four,4)||            !BN_set_word(six,6)||            !BN_set_word(twentyseven,27)            ) goto err;    /* Check prerequisites for curve parameters */    check(            /* p > 3;*/           (BN_cmp(p, three) == 1) &&           /* p mod 3 = 2; (p has the form p=q^n, q prime) */           BN_nnmod(tmp, p, three, bn_ctx) &&           (BN_cmp(tmp, two) == 0),        "Unsuited curve");    /* Convert encrypted nonce to BIGNUM */    u = BN_bin2bn((unsigned char *) x_mem->data, x_mem->length, u);    if (!u)        goto err;    if ( /* v = (3a - u^4) / 6u mod p */            !BN_mod_mul(tmp, three, a, p, bn_ctx) ||            !BN_mod_exp(tmp2, u, four, p, bn_ctx) ||            !BN_mod_sub(v, tmp, tmp2, p, bn_ctx) ||            !BN_mod_mul(tmp, u, six, p, bn_ctx) ||            /* For division within a galois field we need to compute             * the multiplicative inverse of a number */            !BN_mod_inverse(bn_inv, tmp, p, bn_ctx) ||            !BN_mod_mul(v, v, bn_inv, p, bn_ctx) ||            /* x = (v^2 - b - ((u^6)/27)) */            !BN_mod_sqr(tmp, v, p, bn_ctx) ||            !BN_mod_sub(tmp2, tmp, b, p, bn_ctx) ||            !BN_mod_exp(tmp, u, six, p, bn_ctx) ||            !BN_mod_inverse(bn_inv, twentyseven, p, bn_ctx) ||            !BN_mod_mul(tmp, tmp, bn_inv, p, bn_ctx) ||            !BN_mod_sub(x, tmp2, tmp, p, bn_ctx) ||            /* x -> x^(1/3) = x^((2p^n -1)/3) */            !BN_mul(tmp, two, p, bn_ctx) ||            !BN_sub(tmp, tmp, BN_value_one()) ||            /* Division is defined, because p^n = 2 mod 3 */            !BN_div(tmp, y, tmp, three, bn_ctx) ||            !BN_mod_exp(tmp2, x, tmp, p, bn_ctx) ||            !BN_copy(x, tmp2) ||            /* x += (u^2)/3 */            !BN_mod_sqr(tmp, u, p, bn_ctx) ||            !BN_mod_inverse(bn_inv, three, p, bn_ctx) ||            !BN_mod_mul(tmp2, tmp, bn_inv, p, bn_ctx) ||            !BN_mod_add(tmp, x, tmp2, p, bn_ctx) ||            !BN_copy(x, tmp) ||            /* y = ux + v */            !BN_mod_mul(y, u, x, p, bn_ctx) ||            !BN_mod_add(tmp, y, v, p, bn_ctx) ||            !BN_copy(y, tmp)            )        goto err;    /* Initialize ephemeral parameters with parameters from the static key */    ephemeral_key = EC_KEY_dup(static_key);    if (!ephemeral_key)        goto err;    EVP_PKEY_set1_EC_KEY(ctx->ka_ctx->key, ephemeral_key);    /* configure the new EC_KEY */    g = EC_POINT_new(EC_KEY_get0_group(ephemeral_key));    if (!g)        goto err;    if (!EC_POINT_set_affine_coordinates_GFp(EC_KEY_get0_group(ephemeral_key), g,            x, y, bn_ctx))        goto err;    ret = 1;err:    if (x_mem)        BUF_MEM_free(x_mem);    if (u)        BN_free(u);    BN_CTX_end(bn_ctx);    if (g)        EC_POINT_clear_free(g);    /* Decrement reference count, keys are still available via PACE_CTX */    if (static_key)        EC_KEY_free(static_key);    if (ephemeral_key)        EC_KEY_free(ephemeral_key);    return ret;}

//.........这里部分代码省略.........				EC_GROUP_get_curve_name(ecgroup), jwk))			/* already logged */			goto bail2;		mpi[LWS_GENCRYPTO_EC_KEYEL_CRV] = NULL;		mpi[LWS_GENCRYPTO_EC_KEYEL_X] = BN_new(); /* X */		mpi[LWS_GENCRYPTO_EC_KEYEL_D] = NULL;		mpi[LWS_GENCRYPTO_EC_KEYEL_Y] = BN_new(); /* Y */#if defined(LWS_HAVE_EC_POINT_get_affine_coordinates)		if (EC_POINT_get_affine_coordinates(ecgroup, ecpoint,#else		if (EC_POINT_get_affine_coordinates_GFp(ecgroup, ecpoint,#endif						  mpi[LWS_GENCRYPTO_EC_KEYEL_X],						  mpi[LWS_GENCRYPTO_EC_KEYEL_Y],							  NULL) != 1) {			BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_X]);			BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_Y]);			lwsl_err("%s: EC_POINT_get_aff failed/n", __func__);			goto bail2;		}		count = LWS_GENCRYPTO_EC_KEYEL_COUNT;		n = LWS_GENCRYPTO_EC_KEYEL_X;		break;	case NID_rsaEncryption:		lwsl_debug("%s: rsa key/n", __func__);		jwk->kty = LWS_GENCRYPTO_KTY_RSA;		rsapub = EVP_PKEY_get1_RSA(pkey);		if (!rsapub) {			lwsl_notice("%s: missing RSA pubkey/n", __func__);			goto bail1;		}		if (RSA_size(rsapub) * 8 < rsa_min_bits) {			lwsl_err("%s: key bits %d less than minimum %d/n",				 __func__, RSA_size(rsapub) * 8, rsa_min_bits);			goto bail2;		}#if defined(LWS_HAVE_RSA_SET0_KEY)		/* we don't need d... but the api wants to write it */		RSA_get0_key(rsapub,			    (const BIGNUM **)&mpi[LWS_GENCRYPTO_RSA_KEYEL_N],			    (const BIGNUM **)&mpi[LWS_GENCRYPTO_RSA_KEYEL_E],			    (const BIGNUM **)&mpi[LWS_GENCRYPTO_RSA_KEYEL_D]);#else		mpi[LWS_GENCRYPTO_RSA_KEYEL_E] = rsapub->e;		mpi[LWS_GENCRYPTO_RSA_KEYEL_N] = rsapub->n;		mpi[LWS_GENCRYPTO_RSA_KEYEL_D] = NULL;#endif		count = LWS_GENCRYPTO_RSA_KEYEL_D;		n = LWS_GENCRYPTO_RSA_KEYEL_E;		break;	default:		lwsl_err("%s: unknown NID/n", __func__);		goto bail2;	}	for (; n < count; n++) {		if (!mpi[n])			continue;		jwk->e[n].len = BN_num_bytes(mpi[n]);		jwk->e[n].buf = lws_malloc(jwk->e[n].len, "certkeyimp");		if (!jwk->e[n].buf) {			if (id == NID_X9_62_id_ecPublicKey) {				BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_X]);				BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_Y]);			}			goto bail2;		}		BN_bn2bin(mpi[n], jwk->e[n].buf);	}	if (id == NID_X9_62_id_ecPublicKey) {		BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_X]);		BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_Y]);	}	ret = 0;bail2:	if (id == NID_X9_62_id_ecPublicKey)		EC_KEY_free(ecpub);	else		RSA_free(rsapub);bail1:	EVP_PKEY_free(pkey);bail:	/* jwk destroy will clean any partial state */	if (ret)		lws_jwk_destroy(jwk);	return ret;}

intecdh_gm_compute_key(PACE_CTX * ctx, const BUF_MEM * s, const BUF_MEM * in,        BN_CTX *bn_ctx){    int ret = 0;    BUF_MEM * mem_h = NULL;    BIGNUM * bn_s = NULL, *order = NULL, *cofactor = NULL;    EC_POINT * ecp_h = NULL, *ecp_g = NULL;    const ECDH_METHOD *default_method;    EC_GROUP *group = NULL;    EC_KEY *static_key = NULL, *ephemeral_key = NULL;    BN_CTX_start(bn_ctx);    check((ctx && ctx->static_key && s && ctx->ka_ctx), "Invalid arguments");    static_key = EVP_PKEY_get1_EC_KEY(ctx->static_key);    check(static_key, "could not get key object");    /* Extract group parameters */    group = EC_GROUP_dup(EC_KEY_get0_group(static_key));    order = BN_CTX_get(bn_ctx);    cofactor = BN_CTX_get(bn_ctx);    check(group && cofactor, "internal error");    if (!EC_GROUP_get_order(group, order, bn_ctx)            || !EC_GROUP_get_cofactor(group, cofactor, bn_ctx))        goto err;    /* Convert nonce to BIGNUM */    bn_s = BN_bin2bn((unsigned char *) s->data, s->length, bn_s);    if (!bn_s)        goto err;    default_method = ECDH_get_default_method();    ECDH_set_default_method(ECDH_OpenSSL_Point());    /* complete the ECDH and get the resulting point h */    mem_h = ecdh_compute_key(ctx->static_key, in, bn_ctx);    ECDH_set_default_method(default_method);    ecp_h = EC_POINT_new(group);    if (!mem_h || !ecp_h || !EC_POINT_oct2point(group, ecp_h,            (unsigned char *) mem_h->data, mem_h->length, bn_ctx))        goto err;    /* map to new generator */    ecp_g = EC_POINT_new(group);    /* g' = g*s + h*1 */    if (!EC_POINT_mul(group, ecp_g, bn_s, ecp_h, BN_value_one(), bn_ctx))        goto err;    /* Initialize ephemeral parameters with parameters from the static key */    ephemeral_key = EC_KEY_dup(static_key);    if (!ephemeral_key)        goto err;    EVP_PKEY_set1_EC_KEY(ctx->ka_ctx->key, ephemeral_key);    /* configure the new EC_KEY */    if (!EC_GROUP_set_generator(group, ecp_g, order, cofactor)            || !EC_GROUP_check(group, bn_ctx)            || !EC_KEY_set_group(ephemeral_key, group))        goto err;    ret = 1;err:    if (ecp_g)        EC_POINT_clear_free(ecp_g);    if (ecp_h)        EC_POINT_clear_free(ecp_h);    if (mem_h)        BUF_MEM_free(mem_h);    if (bn_s)        BN_clear_free(bn_s);    BN_CTX_end(bn_ctx);    /* Decrement reference count, keys are still available via PACE_CTX */    if (static_key)        EC_KEY_free(static_key);    if (ephemeral_key)        EC_KEY_free(ephemeral_key);    if (group)        EC_GROUP_clear_free(group);    return ret;}

//.........这里部分代码省略.........	/*	PKI_log_debug("HSM_PKCS11_KEYPAIR_new()::Logging in" );	rv = lib->callbacks->C_Login(lib->session, CKU_USER, 		(CK_UTF8CHAR *) cred->password, 			cred->password ? strlen(cred->password) : 0);	*/	/*	if ( rv == CKR_USER_ALREADY_LOGGED_IN ) {		PKI_log_debug( "HSM_PKCS11_SLOT_select()::User Already logged "								"in!");	} else if( rv == CKR_PIN_INCORRECT ) {		PKI_log_err ( "HSM_PKCS11_SLOT_select()::Can not login "			"- Pin Incorrect (0X%8.8X) [%s]", rv, cred->password);		return ( PKI_ERR );	} else if ( rv != CKR_OK ) {		PKI_log_err ( "HSM_PKCS11_SLOT_select()::Can not login "			"- General Error (0X%8.8X)", rv);		return ( PKI_ERR );	}	*/	/* Generate the EVP_PKEY that will allow it to make use of it */	if((val = (PKI_X509_KEYPAIR_VALUE *) EVP_PKEY_new()) == NULL ) {		HSM_PKCS11_session_close ( &lib->session, lib );		PKI_ERROR(PKI_ERR_OBJECT_CREATE, "KeyPair value");		return NULL;	}	switch( type ) {		case PKI_SCHEME_RSA:			if ((rsa = _pki_pkcs11_rsakey_new ( kp, url, 					lib, driver)) == NULL ) {				HSM_PKCS11_session_close ( &lib->session, lib );				return ( NULL );			};			if(!EVP_PKEY_assign_RSA( (EVP_PKEY *) val, rsa)) {					PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not assign RSA key");				if( rsa ) RSA_free ( rsa );				if( val ) EVP_PKEY_free( (EVP_PKEY *) val );				HSM_PKCS11_session_close ( &lib->session, lib );				return ( NULL );			}			break;		case PKI_SCHEME_DSA:			if ((dsa = _pki_pkcs11_dsakey_new ( kp, url, 					lib, driver)) == NULL ) {				HSM_PKCS11_session_close ( &lib->session, lib );				return ( NULL );			};			if(!EVP_PKEY_assign_DSA( (EVP_PKEY *) val, dsa)) {					PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not assign DSA key");				if( dsa ) DSA_free ( dsa );				if( val ) EVP_PKEY_free( (EVP_PKEY *) val );				HSM_PKCS11_session_close ( &lib->session, lib );				return ( NULL );			}			break;#ifdef ENABLE_ECDSA		case PKI_SCHEME_ECDSA:			if ((ecdsa = _pki_pkcs11_ecdsakey_new ( kp, url, 					lib, driver)) == NULL ) {				HSM_PKCS11_session_close ( &lib->session, lib );				return ( NULL );			};			if(!EVP_PKEY_assign_EC_KEY( (EVP_PKEY *) val, ecdsa)) {					PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not assign ECDSA key");				if( ecdsa ) EC_KEY_free ( ecdsa );				if( val ) EVP_PKEY_free( (EVP_PKEY *) val );				HSM_PKCS11_session_close ( &lib->session, lib );				return ( NULL );			}			break;#endif		default:			PKI_ERROR(PKI_ERR_HSM_SCHEME_UNSUPPORTED, "%d", type);			if ( val ) EVP_PKEY_free ( (EVP_PKEY *) val );			HSM_PKCS11_session_close ( &lib->session, lib );			return ( NULL );	}	HSM_PKCS11_session_close ( &lib->session, lib );	if (( ret = PKI_X509_new ( PKI_DATATYPE_X509_KEYPAIR, driver)) == NULL){			PKI_ERROR(PKI_ERR_OBJECT_CREATE, NULL );			if ( val ) EVP_PKEY_free ( (EVP_PKEY *) val );		if ( val ) EVP_PKEY_free ( val );		return NULL;	}	ret->value = val;	/* Let's return the PKI_X509_KEYPAIR infrastructure */	return ( ret );}

//.........这里部分代码省略.........	rv = lib->callbacks->C_GenerateKeyPair (			lib->session, EC_MECH_PTR, 			pubTemp, n,			privTemp, i,			handler_pubkey, 			handler_privkey);	if( rv != CKR_OK ) {		if ( rv == CKR_MECHANISM_INVALID ) {			PKI_ERROR(PKI_ERR_HSM_SET_ALGOR, 				"EC Algorithm is not supported by the Token");		} else {			PKI_log_debug ("Failed with code 0x%8.8X", rv );		}		if ( bn ) BN_free ( bn );		if ( esp ) PKI_Free ( esp );		return ( NULL );	}	/* Clean up the Memory we are not using anymore */	if ( bn ) BN_free ( bn );	if ( esp ) PKI_Free ( esp );	/* Generate a new RSA container */	if((ret = EC_KEY_new()) == NULL ) goto err;		if( HSM_PKCS11_get_attribute(handler_pubkey,                                 &lib->session,                                 CKA_PUBLIC_EXPONENT,                                 (void **) &data, 						         &size,						         lib) != PKI_OK ) {		goto err;	}	EC_KEY_set_private_key(ret, BN_bin2bn( data, (int) size, NULL));	PKI_Free(data);	data = NULL;	if( HSM_PKCS11_get_attribute(handler_pubkey,                                 &lib->session,                                 CKA_MODULUS,                                 (void **) &data,                                 &size,                                 lib) != PKI_OK ) {		goto err;	}	EC_KEY_set_public_key(ret, (const EC_POINT *) NULL);	PKI_Free ( data );	data = NULL;/*	ECDSA_set_method(ret, HSM_PKCS11_get_ecdsa_method());#ifdef RSA_FLAG_SIGN_VER# if OPENSSL_VERSION_NUMBER >= 0x1010000fL 	RSA_set_flags( ret, RSA_FLAG_SIGN_VER);# else	ret->flags |= RSA_FLAG_SIGN_VER;# endif#endif	// Push the priv and pub key handlers to the rsa->ex_data	EC_KEY_set_ex_data( ret, KEYPAIR_DRIVER_HANDLER_IDX, driver );	EC_KEY_set_ex_data( ret, KEYPAIR_PRIVKEY_HANDLER_IDX, handler_privkey );	EC_KEY_set_ex_data( ret, KEYPAIR_PUBKEY_HANDLER_IDX, handler_pubkey );	// Cleanup the memory for Templates	HSM_PKCS11_clean_template ( pubTemp, (int) n );	HSM_PKCS11_clean_template ( privTemp, (int) i );*/	// Let's return the RSA_KEY infrastructure	return (ret);err:	if (ret) EC_KEY_free(ret);	if ( handler_pubkey ) {		if((rv = lib->callbacks->C_DestroyObject( lib->session, 					*handler_pubkey )) != CKR_OK ) {			PKI_log_debug ("Failed to delete pubkey object");		}		PKI_Free(handler_pubkey);	}	if( handler_privkey ) {		if((rv = lib->callbacks->C_DestroyObject(lib->session, 					                             *handler_privkey)) != CKR_OK) {			PKI_log_debug ("Failed to delete privkey object");		}		PKI_Free(handler_privkey);	}	return NULL;}

EVP_PKEY *CPK_MASTER_SECRET_extract_private_key(	CPK_MASTER_SECRET *master, const char *id){	EVP_PKEY *pkey = NULL;	int pkey_type;		if (!(pkey = EVP_PKEY_new())) {		CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,			ERR_R_MALLOC_FAILURE);		goto err;	}			pkey_type = OBJ_obj2nid(master->pkey_algor->algorithm);		if (pkey_type == EVP_PKEY_DSA) {		DSA *dsa;		if (!(dsa = extract_dsa_priv_key(master, id))) {			CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,				ERR_R_CPK_LIB);			goto err;		}		if (!EVP_PKEY_assign_DSA(pkey, dsa)) {			DSA_free(dsa);			CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,				ERR_R_EVP_LIB);			goto err;		}		} else if (pkey_type == EVP_PKEY_EC) {		EC_KEY *ec_key;		if (!(ec_key = extract_ec_priv_key(master, id))) {			CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,				ERR_R_CPK_LIB);			goto err;		}		if (!EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {			EC_KEY_free(ec_key);			CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,				ERR_R_EVP_LIB);			goto err;		}		} else {		CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,			CPK_R_INVALID_PKEY_TYPE);		goto err;	}		/*	 * add id to EVP_PKEY attributes	 */	/*	if(!X509_NAME_get_text_by_NID(master->id, NID_organizationName,		domain_id, sizeof(domain_id))) {		CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,			ERR_R_X509_LIB);		goto err;	}	if (!EVP_PKEY_add1_attr_by_NID(pkey, NID_organizationName, V_ASN1_PRINTABLESTRING,		(const unsigned char *)domain_id, strlen(domain_id))) {		CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY, ERR_R_EVP_LIB);		goto err;	}	if (!EVP_PKEY_add1_attr_by_NID(pkey, NID_commonName, V_ASN1_PRINTABLESTRING,		(const unsigned char *)id, strlen(id))) {		CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,			ERR_R_EVP_LIB);		goto err;	}	*/	return pkey;err:	if (pkey) EVP_PKEY_free(pkey);	return NULL;}

//.........这里部分代码省略.........		EVP_PKEY_free( pkey );	} else	if ( lo->ldo_tls_keyfile &&		!SSL_CTX_use_PrivateKey_file( ctx,			lt->lt_keyfile, SSL_FILETYPE_PEM ) )	{		Debug( LDAP_DEBUG_ANY,			"TLS: could not use key file `%s'./n",			lo->ldo_tls_keyfile,0,0);		tlso_report_error();		return -1;	}	if ( is_server && lo->ldo_tls_dhfile ) {		DH *dh;		BIO *bio;		if (( bio=BIO_new_file( lt->lt_dhfile,"r" )) == NULL ) {			Debug( LDAP_DEBUG_ANY,				"TLS: could not use DH parameters file `%s'./n",				lo->ldo_tls_dhfile,0,0);			tlso_report_error();			return -1;		}		if (!( dh=PEM_read_bio_DHparams( bio, NULL, NULL, NULL ))) {			Debug( LDAP_DEBUG_ANY,				"TLS: could not read DH parameters file `%s'./n",				lo->ldo_tls_dhfile,0,0);			tlso_report_error();			BIO_free( bio );			return -1;		}		BIO_free( bio );		SSL_CTX_set_tmp_dh( ctx, dh );		SSL_CTX_set_options( ctx, SSL_OP_SINGLE_DH_USE );		DH_free( dh );	}	if ( is_server && lo->ldo_tls_ecname ) {#ifdef OPENSSL_NO_EC		Debug( LDAP_DEBUG_ANY,			"TLS: Elliptic Curves not supported./n", 0,0,0 );		return -1;#else		EC_KEY *ecdh;		int nid = OBJ_sn2nid( lt->lt_ecname );		if ( nid == NID_undef ) {			Debug( LDAP_DEBUG_ANY,				"TLS: could not use EC name `%s'./n",				lo->ldo_tls_ecname,0,0);			tlso_report_error();			return -1;		}		ecdh = EC_KEY_new_by_curve_name( nid );		if ( ecdh == NULL ) {			Debug( LDAP_DEBUG_ANY,				"TLS: could not generate key for EC name `%s'./n",				lo->ldo_tls_ecname,0,0);			tlso_report_error();			return -1;		}		SSL_CTX_set_tmp_ecdh( ctx, ecdh );		SSL_CTX_set_options( ctx, SSL_OP_SINGLE_ECDH_USE );		EC_KEY_free( ecdh );#endif	}	if ( tlso_opt_trace ) {		SSL_CTX_set_info_callback( ctx, tlso_info_cb );	}	i = SSL_VERIFY_NONE;	if ( lo->ldo_tls_require_cert ) {		i = SSL_VERIFY_PEER;		if ( lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_DEMAND ||			 lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_HARD ) {			i |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;		}	}	SSL_CTX_set_verify( ctx, i,		lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_ALLOW ?		tlso_verify_ok : tlso_verify_cb );#if OPENSSL_VERSION_NUMBER < 0x10100000	SSL_CTX_set_tmp_rsa_callback( ctx, tlso_tmp_rsa_cb );#endif#ifdef HAVE_OPENSSL_CRL	if ( lo->ldo_tls_crlcheck ) {		X509_STORE *x509_s = SSL_CTX_get_cert_store( ctx );		if ( lo->ldo_tls_crlcheck == LDAP_OPT_X_TLS_CRL_PEER ) {			X509_STORE_set_flags( x509_s, X509_V_FLAG_CRL_CHECK );		} else if ( lo->ldo_tls_crlcheck == LDAP_OPT_X_TLS_CRL_ALL ) {			X509_STORE_set_flags( x509_s, 					X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL  );		}	}#endif	return 0;}

static int extract_ec_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param){	int ret = 0;	EC_KEY *ec_key = NULL;	const EC_GROUP *ec_group;	BIGNUM *bn = BN_new();	BIGNUM *order = BN_new();	BN_CTX *ctx = BN_CTX_new();	EC_POINT *pt = NULL;	int i, bn_size, pt_size, num_factors;	const unsigned char *bn_ptr;	unsigned char *pt_ptr;		if (!bn || !order || !ctx) {		goto err;	}		if (!(ec_key = X509_ALGOR_get1_EC_KEY(master->pkey_algor))) {		goto err;	}	ec_group = EC_KEY_get0_group(ec_key);	if (!(EC_GROUP_get_order(ec_group, order, ctx))) {		goto err;	}	bn_size = BN_num_bytes(order);	pt_size = bn_size + 1;		if ((num_factors = CPK_MAP_num_factors(master->map_algor)) <= 0) {		goto err;	}	if (M_ASN1_STRING_length(master->secret_factors) != bn_size * num_factors) {		goto err;	}	if (!ASN1_STRING_set(param->public_factors, NULL, pt_size * num_factors)) {		goto err;	}		bn_ptr = M_ASN1_STRING_data(master->secret_factors);	pt_ptr = M_ASN1_STRING_data(param->public_factors);	memset(pt_ptr, 0, M_ASN1_STRING_length(param->public_factors));		if (!(pt = EC_POINT_new(ec_group))) {		goto err;				}	for (i = 0; i < num_factors; i++) {		if (!BN_bin2bn(bn_ptr, bn_size, bn)) {			goto err;		}		if (BN_is_zero(bn) || BN_cmp(bn, order) >= 0) {			goto err;		}		if (!EC_POINT_mul(ec_group, pt, bn, NULL, NULL, ctx)) {			goto err;		}				if (!EC_POINT_point2oct(ec_group, pt, 			POINT_CONVERSION_COMPRESSED, pt_ptr, pt_size, ctx)) {			goto err;		}		bn_ptr += bn_size;		pt_ptr += pt_size;	}		ret = 1;err:		if (ec_key) EC_KEY_free(ec_key);	if (bn) BN_free(bn);	if (order) BN_free(order);	if (ctx) BN_CTX_free(ctx);	if (pt) EC_POINT_free(pt);	return ret;}

intmain(int argc, char **argv){	int addrtype = 0;	int scriptaddrtype = 5;	int privtype = 128;	int pubkeytype;	enum vg_format format = VCF_PUBKEY;	int regex = 0;	int caseinsensitive = 0;	int verbose = 1;	int simulate = 0;	int remove_on_match = 1;	int only_one = 0;	int prompt_password = 0;	int opt;	char *seedfile = NULL;	char pwbuf[128];	const char *result_file = NULL;	const char *key_password = NULL;	char **patterns;	int npatterns = 0;	int nthreads = 0;	vg_context_t *vcp = NULL;	EC_POINT *pubkey_base = NULL;	FILE *pattfp[MAX_FILE], *fp;	int pattfpi[MAX_FILE];	int npattfp = 0;	int pattstdin = 0;	int i;	while ((opt = getopt(argc, argv, "vqnrik1eE:P:NTX:F:t:h?f:o:s:")) != -1) {		switch (opt) {		case 'v':			verbose = 2;			break;		case 'q':			verbose = 0;			break;		case 'n':			simulate = 1;			break;		case 'r':			regex = 1;			break;		case 'i':			caseinsensitive = 1;			break;		case 'k':			remove_on_match = 0;			break;		case '1':			only_one = 1;			break;		case 'N':			addrtype = 52;			privtype = 180;			scriptaddrtype = -1;			break;		case 'T':			addrtype = 111;			privtype = 239;			scriptaddrtype = 196;			break;		case 'X':			addrtype = atoi(optarg);			privtype = 128 + addrtype;			scriptaddrtype = addrtype;			break;		case 'F':			if (!strcmp(optarg, "script"))				format = VCF_SCRIPT;			else			if (strcmp(optarg, "pubkey")) {				fprintf(stderr,					"Invalid format '%s'/n", optarg);				return 1;			}			break;		case 'P': {			if (pubkey_base != NULL) {				fprintf(stderr,					"Multiple base pubkeys specified/n");				return 1;			}			EC_KEY *pkey = vg_exec_context_new_key();			pubkey_base = EC_POINT_hex2point(				EC_KEY_get0_group(pkey),				optarg, NULL, NULL);			EC_KEY_free(pkey);			if (pubkey_base == NULL) {				fprintf(stderr,					"Invalid base pubkey/n");				return 1;			}			break;		}			//.........这里部分代码省略.........

static EC_KEY *extract_ec_priv_key(CPK_MASTER_SECRET *master, const char *id){	int e = 1;	EC_KEY *ec_key = NULL;	const EC_GROUP *ec_group;	EC_POINT *pub_key = NULL;	BIGNUM *priv_key = BN_new();	BIGNUM *order = BN_new();	BIGNUM *bn = BN_new();	BN_CTX *ctx = BN_CTX_new();	int *index = NULL;	int i, num_indexes, bn_size;		if (!priv_key || !bn || !order || !ctx) {		goto err;	}		if (!(ec_key = X509_ALGOR_get1_EC_KEY(master->pkey_algor))) {		goto err;	}	ec_group = EC_KEY_get0_group(ec_key);	if (!(pub_key = EC_POINT_new(ec_group))) {		goto err;	}	if ((num_indexes = CPK_MAP_num_indexes(master->map_algor)) <= 0) {		goto err;	}	if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) {		goto err;	}			if (!CPK_MAP_str2index(master->map_algor, id, index)) {		goto err;	}		BN_zero(priv_key);	if (!(EC_GROUP_get_order(EC_KEY_get0_group(ec_key), order, ctx))) {		goto err;	}	bn_size = BN_num_bytes(order);		for (i = 0; i < num_indexes; i++) {		const unsigned char *p = 			M_ASN1_STRING_data(master->secret_factors) + 			bn_size * index[i];				if (!BN_bin2bn(p, bn_size, bn)) {			goto err;		}		if (BN_is_zero(bn) || BN_cmp(bn, order) >= 0) {			goto err;		}				if (!BN_mod_add(priv_key, priv_key, bn, order, ctx)) {			goto err;		}	}	if (!EC_KEY_set_private_key(ec_key, priv_key)) {		goto err;	}	if (!EC_POINT_mul(ec_group, pub_key, priv_key, NULL, NULL, ctx)) {		goto err;	}	if (!EC_KEY_set_public_key(ec_key, pub_key)) {		goto err;	}	e = 0;	err:	if (e && ec_key) {		EC_KEY_free(ec_key);		ec_key = NULL;	}	if (priv_key) BN_free(priv_key);	if (pub_key) EC_POINT_free(pub_key);	if (order) BN_free(order);	if (bn) BN_free(bn);	if (ctx) BN_CTX_free(ctx);	if (index) OPENSSL_free(index);	return ec_key;}

/* some tests from the X9.62 draft */int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in){    int ret = 0;    const char message[] = "abc";    unsigned char digest[20];    unsigned int dgst_len = 0;    EVP_MD_CTX md_ctx;    EC_KEY *key = NULL;    ECDSA_SIG *signature = NULL;    BIGNUM *r = NULL, *s = NULL;    BIGNUM *kinv = NULL, *rp = NULL;    EVP_MD_CTX_init(&md_ctx);    /* get the message digest */    if (!EVP_DigestInit(&md_ctx, EVP_ecdsa())        || !EVP_DigestUpdate(&md_ctx, (const void *)message, 3)        || !EVP_DigestFinal(&md_ctx, digest, &dgst_len))        goto x962_int_err;    BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));    /* create the key */    if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)        goto x962_int_err;    use_fake = 1;    if (!EC_KEY_generate_key(key))        goto x962_int_err;    BIO_printf(out, ".");    (void)BIO_flush(out);    /* create the signature */    use_fake = 1;    /* Use ECDSA_sign_setup to avoid use of ECDSA nonces */    if (!ECDSA_sign_setup(key, NULL, &kinv, &rp))        goto x962_int_err;    signature = ECDSA_do_sign_ex(digest, 20, kinv, rp, key);    if (signature == NULL)        goto x962_int_err;    BIO_printf(out, ".");    (void)BIO_flush(out);    /* compare the created signature with the expected signature */    if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)        goto x962_int_err;    if (!BN_dec2bn(&r, r_in) || !BN_dec2bn(&s, s_in))        goto x962_int_err;    if (BN_cmp(signature->r, r) || BN_cmp(signature->s, s))        goto x962_int_err;    BIO_printf(out, ".");    (void)BIO_flush(out);    /* verify the signature */    if (ECDSA_do_verify(digest, 20, signature, key) != 1)        goto x962_int_err;    BIO_printf(out, ".");    (void)BIO_flush(out);    BIO_printf(out, " ok/n");    ret = 1; x962_int_err:    if (!ret)        BIO_printf(out, " failed/n");    EC_KEY_free(key);    ECDSA_SIG_free(signature);    BN_free(r);    BN_free(s);    EVP_MD_CTX_cleanup(&md_ctx);    BN_clear_free(kinv);    BN_clear_free(rp);    return ret;}

//.........这里部分代码省略.........	BN_print(out,y_b);	BIO_puts(out,"/n");#else	BIO_printf(out,".");	(void)BIO_flush(out);#endif	alen=KDF1_SHA1_len;	abuf=(unsigned char *)OPENSSL_malloc(alen);	aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1);#ifdef NOISY	BIO_puts(out,"  key1 =");	for (i=0; i<aout; i++)		{		sprintf(buf,"%02X",abuf[i]);		BIO_puts(out,buf);		}	BIO_puts(out,"/n");#else	BIO_printf(out,".");	(void)BIO_flush(out);#endif	blen=KDF1_SHA1_len;	bbuf=(unsigned char *)OPENSSL_malloc(blen);	bout=ECDH_compute_key(bbuf,blen,EC_KEY_get0_public_key(a),b,KDF1_SHA1);#ifdef NOISY	BIO_puts(out,"  key2 =");	for (i=0; i<bout; i++)		{		sprintf(buf,"%02X",bbuf[i]);		BIO_puts(out,buf);		}	BIO_puts(out,"/n");#else	BIO_printf(out,".");	(void)BIO_flush(out);#endif	if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))		{#ifndef NOISY		BIO_printf(out, " failed/n/n");		BIO_printf(out, "key a:/n");		BIO_printf(out, "private key: ");		BN_print(out, EC_KEY_get0_private_key(a));		BIO_printf(out, "/n");		BIO_printf(out, "public key (x,y): ");		BN_print(out, x_a);		BIO_printf(out, ",");		BN_print(out, y_a);		BIO_printf(out, "/nkey b:/n");		BIO_printf(out, "private key: ");		BN_print(out, EC_KEY_get0_private_key(b));		BIO_printf(out, "/n");		BIO_printf(out, "public key (x,y): ");		BN_print(out, x_b);		BIO_printf(out, ",");		BN_print(out, y_b);		BIO_printf(out, "/n");		BIO_printf(out, "generated key a: ");		for (i=0; i<bout; i++)			{			sprintf(buf, "%02X", bbuf[i]);			BIO_puts(out, buf);			}		BIO_printf(out, "/n");		BIO_printf(out, "generated key b: ");		for (i=0; i<aout; i++)			{			sprintf(buf, "%02X", abuf[i]);			BIO_puts(out,buf);			}		BIO_printf(out, "/n");#endif		fprintf(stderr,"Error in ECDH routines/n");		ret=0;		}	else		{#ifndef NOISY		BIO_printf(out, " ok/n");#endif		ret=1;		}err:	ERR_print_errors_fp(stderr);	if (abuf != NULL) OPENSSL_free(abuf);	if (bbuf != NULL) OPENSSL_free(bbuf);	if (x_a) BN_free(x_a);	if (y_a) BN_free(y_a);	if (x_b) BN_free(x_b);	if (y_b) BN_free(y_b);	if (b) EC_KEY_free(b);	if (a) EC_KEY_free(a);	return(ret);	}

intrb_init_ssl(void){	int ret = 1;	char libratbox_data[] = "libratbox data";	const char libratbox_ciphers[] = "kEECDH+HIGH:kEDH+HIGH:HIGH:!RC4:!aNULL";	SSL_load_error_strings();	SSL_library_init();	libratbox_index = SSL_get_ex_new_index(0, libratbox_data, NULL, NULL, NULL);#if (OPENSSL_VERSION_NUMBER < 0x10100000L)	ssl_server_ctx = SSL_CTX_new(SSLv23_server_method());#else	ssl_server_ctx = SSL_CTX_new(TLS_server_method());#endif	if(ssl_server_ctx == NULL)	{		rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL server context: %s",			   get_ssl_error(ERR_get_error()));		ret = 0;	}	long server_options = SSL_CTX_get_options(ssl_server_ctx);#if (OPENSSL_VERSION_NUMBER < 0x10100000L)	server_options |= SSL_OP_NO_SSLv2;	server_options |= SSL_OP_NO_SSLv3;#endif#ifdef SSL_OP_SINGLE_DH_USE	server_options |= SSL_OP_SINGLE_DH_USE;#endif#ifdef SSL_OP_SINGLE_ECDH_USE	server_options |= SSL_OP_SINGLE_ECDH_USE;#endif#ifdef SSL_OP_NO_TICKET	server_options |= SSL_OP_NO_TICKET;#endif	server_options |= SSL_OP_CIPHER_SERVER_PREFERENCE;	SSL_CTX_set_options(ssl_server_ctx, server_options);	SSL_CTX_set_verify(ssl_server_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, verify_accept_all_cb);	SSL_CTX_set_session_cache_mode(ssl_server_ctx, SSL_SESS_CACHE_OFF);	SSL_CTX_set_cipher_list(ssl_server_ctx, libratbox_ciphers);	/* Set ECDHE on OpenSSL 1.00+, but make sure it's actually available because redhat are dicks	   and bastardise their OpenSSL for stupid reasons... */	#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) && defined(NID_secp384r1)		EC_KEY *key = EC_KEY_new_by_curve_name(NID_secp384r1);		if (key) {			SSL_CTX_set_tmp_ecdh(ssl_server_ctx, key);			EC_KEY_free(key);		}	#endif#if (OPENSSL_VERSION_NUMBER < 0x10100000L)	ssl_client_ctx = SSL_CTX_new(TLSv1_client_method());#else	ssl_client_ctx = SSL_CTX_new(TLS_client_method());#endif	if(ssl_client_ctx == NULL)	{		rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL client context: %s",			   get_ssl_error(ERR_get_error()));		ret = 0;	}#ifdef SSL_OP_NO_TICKET	SSL_CTX_set_options(ssl_client_ctx, SSL_OP_NO_TICKET);#endif	SSL_CTX_set_cipher_list(ssl_client_ctx, libratbox_ciphers);	return ret;}

 private_key::private_key( EC_KEY* k ) {    my->_key = get_secret( k );    EC_KEY_free(k); }

//.........这里部分代码省略.........			}			if (invsize & (invsize - 1)) {				fprintf(stderr,					"Modular inverse size must be "					"a power of 2/n");				return 1;			}			break;		case 'K':			verify_mode = 1;			break;		case 'S':			safe_mode = 1;			break;		case 'D':			if (ndevstrs >= MAX_DEVS) {				fprintf(stderr,					"Too many OpenCL devices (limit %d)/n",					MAX_DEVS);				return 1;			}			devstrs[ndevstrs++] = optarg;			break;		case 'P': {			if (pubkey_base != NULL) {				fprintf(stderr,					"Multiple base pubkeys specified/n");				return 1;			}			EC_KEY *pkey = vg_exec_context_new_key();			pubkey_base = EC_POINT_hex2point(				EC_KEY_get0_group(pkey),				optarg, NULL, NULL);			EC_KEY_free(pkey);			if (pubkey_base == NULL) {				fprintf(stderr,					"Invalid base pubkey/n");				return 1;			}			break;		}		case 'f':			if (npattfp >= MAX_FILE) {				fprintf(stderr,					"Too many input files specified/n");				return 1;			}			if (!strcmp(optarg, "-")) {				if (pattstdin) {					fprintf(stderr, "ERROR: stdin "						"specified multiple times/n");					return 1;				}				fp = stdin;			} else {				fp = fopen(optarg, "r");				if (!fp) {					fprintf(stderr,						"Could not open %s: %s/n",						optarg, strerror(errno));					return 1;				}			}			pattfp[npattfp] = fp;			pattfpi[npattfp] = caseinsensitive;			npattfp++;

/*- * This function hijacks the RNG to feed it the chosen ECDSA key and nonce. * The ECDSA KATs are from: * - the X9.62 draft (4) * - NIST CAVP (720) * * It uses the low-level ECDSA_sign_setup instead of EVP to control the RNG. * NB: This is not how applications should use ECDSA; this is only for testing. * * Tests the library can successfully: * - generate public keys that matches those KATs * - create ECDSA signatures that match those KATs * - accept those signatures as valid */static int x9_62_tests(int n){    int nid, md_nid, ret = 0;    const char *r_in = NULL, *s_in = NULL, *tbs = NULL;    unsigned char *pbuf = NULL, *qbuf = NULL, *message = NULL;    unsigned char digest[EVP_MAX_MD_SIZE];    unsigned int dgst_len = 0;    long q_len, msg_len = 0;    size_t p_len;    EVP_MD_CTX *mctx = NULL;    EC_KEY *key = NULL;    ECDSA_SIG *signature = NULL;    BIGNUM *r = NULL, *s = NULL;    BIGNUM *kinv = NULL, *rp = NULL;    const BIGNUM *sig_r = NULL, *sig_s = NULL;    nid = ecdsa_cavs_kats[n].nid;    md_nid = ecdsa_cavs_kats[n].md_nid;    r_in = ecdsa_cavs_kats[n].r;    s_in = ecdsa_cavs_kats[n].s;    tbs = ecdsa_cavs_kats[n].msg;    numbers[0] = ecdsa_cavs_kats[n].d;    numbers[1] = ecdsa_cavs_kats[n].k;    TEST_info("ECDSA KATs for curve %s", OBJ_nid2sn(nid));    if (!TEST_ptr(mctx = EVP_MD_CTX_new())        /* get the message digest */        || !TEST_ptr(message = OPENSSL_hexstr2buf(tbs, &msg_len))        || !TEST_true(EVP_DigestInit_ex(mctx, EVP_get_digestbynid(md_nid), NULL))        || !TEST_true(EVP_DigestUpdate(mctx, message, msg_len))        || !TEST_true(EVP_DigestFinal_ex(mctx, digest, &dgst_len))        /* create the key */        || !TEST_ptr(key = EC_KEY_new_by_curve_name(nid))        /* load KAT variables */        || !TEST_ptr(r = BN_new())        || !TEST_ptr(s = BN_new())        || !TEST_true(BN_hex2bn(&r, r_in))        || !TEST_true(BN_hex2bn(&s, s_in))        /* swap the RNG source */        || !TEST_true(change_rand()))        goto err;    /* public key must match KAT */    use_fake = 1;    if (!TEST_true(EC_KEY_generate_key(key))        || !TEST_true(p_len = EC_KEY_key2buf(key, POINT_CONVERSION_UNCOMPRESSED,                                             &pbuf, NULL))        || !TEST_ptr(qbuf = OPENSSL_hexstr2buf(ecdsa_cavs_kats[n].Q, &q_len))        || !TEST_int_eq(q_len, p_len)        || !TEST_mem_eq(qbuf, q_len, pbuf, p_len))        goto err;    /* create the signature via ECDSA_sign_setup to avoid use of ECDSA nonces */    use_fake = 1;    if (!TEST_true(ECDSA_sign_setup(key, NULL, &kinv, &rp))        || !TEST_ptr(signature = ECDSA_do_sign_ex(digest, dgst_len,                                                  kinv, rp, key))        /* verify the signature */        || !TEST_int_eq(ECDSA_do_verify(digest, dgst_len, signature, key), 1))        goto err;    /* compare the created signature with the expected signature */    ECDSA_SIG_get0(signature, &sig_r, &sig_s);    if (!TEST_BN_eq(sig_r, r)        || !TEST_BN_eq(sig_s, s))        goto err;    ret = 1; err:    /* restore the RNG source */    if (!TEST_true(restore_rand()))        ret = 0;    OPENSSL_free(message);    OPENSSL_free(pbuf);    OPENSSL_free(qbuf);    EC_KEY_free(key);    ECDSA_SIG_free(signature);    BN_free(r);    BN_free(s);    EVP_MD_CTX_free(mctx);    BN_clear_free(kinv);    BN_clear_free(rp);    return ret;//.........这里部分代码省略.........

//.........这里部分代码省略.........    bn_ctx = BN_CTX_new();    if(bn_ctx == NULL)        return -1;    ec = EVP_PKEY_get1_EC_KEY(pk);    if(ec == NULL) {        rc = -1;        goto clean_exit;    }    public_key = EC_KEY_get0_public_key(ec);    group = EC_KEY_get0_group(ec);    type = _libssh2_ecdsa_key_get_curve_type(ec);    method_buf = LIBSSH2_ALLOC(session, 19);    if(method_buf == NULL) {        return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,            "out of memory");    }    if(type == LIBSSH2_EC_CURVE_NISTP256)        memcpy(method_buf, "ecdsa-sha2-nistp256", 19);    else if(type == LIBSSH2_EC_CURVE_NISTP384)        memcpy(method_buf, "ecdsa-sha2-nistp384", 19);    else if(type == LIBSSH2_EC_CURVE_NISTP521)        memcpy(method_buf, "ecdsa-sha2-nistp521", 19);    else {        _libssh2_debug(session,            LIBSSH2_TRACE_ERROR,            "Unsupported EC private key type");        rc = -1;        goto clean_exit;    }    /* get length */    octal_len = EC_POINT_point2oct(group, public_key, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, bn_ctx);    if(octal_len > EC_MAX_POINT_LEN) {        rc = -1;        goto clean_exit;    }    octal_value = malloc(octal_len);    if(octal_value == NULL) {        rc = -1;        goto clean_exit;    }    /* convert to octal */    if(EC_POINT_point2oct(group, public_key, POINT_CONVERSION_UNCOMPRESSED,       octal_value, octal_len, bn_ctx) != octal_len) {           rc = -1;           goto clean_exit;    }    /* Key form is: type_len(4) + type(19) + domain_len(4) + domain(8) + pub_key_len(4) + pub_key(~65). */    key_len = 4 + 19 + 4 + 8 + 4 + octal_len;    key = LIBSSH2_ALLOC(session, key_len);    if(key == NULL) {        rc = -1;        goto  clean_exit;    }    /* Process key encoding. */    p = key;    /* Key type */    _libssh2_store_str(&p, (const char *)method_buf, 19);    /* Name domain */    _libssh2_store_str(&p, (const char *)method_buf + 11, 8);    /* Public key */    _libssh2_store_str(&p, (const char *)octal_value, octal_len);    *method         = method_buf;    *method_len     = 19;    *pubkeydata     = key;    *pubkeydata_len = key_len;clean_exit:    if(ec != NULL)        EC_KEY_free(ec);    if(bn_ctx != NULL) {        BN_CTX_free(bn_ctx);    }    if(octal_value != NULL)        free(octal_value);    if(rc == 0)        return 0;    if(method_buf != NULL)        LIBSSH2_FREE(session, method_buf);    return -1;}