自学教程：C++ EC_POINT_copy函数代码示例

int ec_group_copy(EC_GROUP *dest, const EC_GROUP *src) {  if (dest->meth->group_copy == 0) {    OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);    return 0;  }  if (dest->meth != src->meth) {    OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);    return 0;  }  if (dest == src) {    return 1;  }  ec_pre_comp_free(dest->pre_comp);  dest->pre_comp = ec_pre_comp_dup(src->pre_comp);  if (src->generator != NULL) {    if (dest->generator == NULL) {      dest->generator = EC_POINT_new(dest);      if (dest->generator == NULL) {        return 0;      }    }    if (!EC_POINT_copy(dest->generator, src->generator)) {      return 0;    }  } else {    /* src->generator == NULL */    if (dest->generator != NULL) {      EC_POINT_clear_free(dest->generator);      dest->generator = NULL;    }  }  if (!BN_copy(&dest->order, &src->order) ||      !BN_copy(&dest->cofactor, &src->cofactor)) {    return 0;  }  dest->curve_name = src->curve_name;  return dest->meth->group_copy(dest, src);}

EC_POINT *EC_POINT_dup(const EC_POINT * a, const EC_GROUP * group){	EC_POINT *t;	int r;	if (a == NULL)		return NULL;	t = EC_POINT_new(group);	if (t == NULL)		return (NULL);	r = EC_POINT_copy(t, a);	if (!r) {		EC_POINT_free(t);		return NULL;	} else		return t;}

int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,                           const BIGNUM *order, const BIGNUM *cofactor) {  if (group->curve_name != NID_undef || group->generator != NULL) {    // |EC_GROUP_set_generator| may only be used with |EC_GROUP|s returned by    // |EC_GROUP_new_curve_GFp| and may only used once on each group.    return 0;  }  // Require a cofactor of one for custom curves, which implies prime order.  if (!BN_is_one(cofactor)) {    OPENSSL_PUT_ERROR(EC, EC_R_INVALID_COFACTOR);    return 0;  }  group->generator = EC_POINT_new(group);  return group->generator != NULL &&         EC_POINT_copy(group->generator, generator) &&         BN_copy(&group->order, order);}

int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,                           const BIGNUM *order, const BIGNUM *cofactor){    if (generator == NULL) {        ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);        return 0;    }    if (group->generator == NULL) {        group->generator = EC_POINT_new(group);        if (group->generator == NULL)            return 0;    }    if (!EC_POINT_copy(group->generator, generator))        return 0;    if (order != NULL) {        if (!BN_copy(group->order, order))            return 0;    } else        BN_zero(group->order);    if (cofactor != NULL) {        if (!BN_copy(group->cofactor, cofactor))            return 0;    } else        BN_zero(group->cofactor);    /*     * Some groups have an order with     * factors of two, which makes the Montgomery setup fail.     * |group->mont_data| will be NULL in this case.     */    if (BN_is_odd(group->order)) {        return ec_precompute_mont_data(group);    }    BN_MONT_CTX_free(group->mont_data);    group->mont_data = NULL;    return 1;}

EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) {  EC_POINT *t;  int r;  if (a == NULL) {    return NULL;  }  t = EC_POINT_new(group);  if (t == NULL) {    OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);    return NULL;  }  r = EC_POINT_copy(t, a);  if (!r) {    EC_POINT_free(t);    return NULL;  } else {    return t;  }}

int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,                           const BIGNUM *order, const BIGNUM *cofactor) {  if (group->curve_name != NID_undef) {    /* |EC_GROUP_set_generator| should only be used with |EC_GROUP|s returned     * by |EC_GROUP_new_curve_GFp|. */    return 0;  }  if (group->generator == NULL) {    group->generator = EC_POINT_new(group);    if (group->generator == NULL) {      return 0;    }  }  if (!EC_POINT_copy(group->generator, generator)) {    return 0;  }  if (order != NULL) {    if (!BN_copy(&group->order, order)) {      return 0;    }  } else {    BN_zero(&group->order);  }  if (cofactor != NULL) {    if (!BN_copy(&group->cofactor, cofactor)) {      return 0;    }  } else {    BN_zero(&group->cofactor);  }  return 1;}

static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)	{	const unsigned char *p = NULL;	void *pval;	int ptype, pklen;	EC_KEY *eckey = NULL;	X509_ALGOR *palg;	if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))		return 0;	X509_ALGOR_get0(NULL, &ptype, &pval, palg);	eckey = eckey_type2param(ptype, pval);	if (!eckey)		goto ecliberr;	/* We have parameters now set private key */	if (!d2i_ECPrivateKey(&eckey, &p, pklen))		{		ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR);		goto ecerr;		}	/* calculate public key (if necessary) */	if (EC_KEY_get0_public_key(eckey) == NULL)		{		const BIGNUM *priv_key;		const EC_GROUP *group;		EC_POINT *pub_key;		/* the public key was not included in the SEC1 private		 * key => calculate the public key */		group   = EC_KEY_get0_group(eckey);		pub_key = EC_POINT_new(group);		if (pub_key == NULL)			{			ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);			goto ecliberr;			}		if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))			{			EC_POINT_free(pub_key);			ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);			goto ecliberr;			}		priv_key = EC_KEY_get0_private_key(eckey);		if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL))			{			EC_POINT_free(pub_key);			ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);			goto ecliberr;			}		if (EC_KEY_set_public_key(eckey, pub_key) == 0)			{			EC_POINT_free(pub_key);			ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);			goto ecliberr;			}		EC_POINT_free(pub_key);		}	EVP_PKEY_assign_EC_KEY(pkey, eckey);	return 1;	ecliberr:	ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);	ecerr:	if (eckey)		EC_KEY_free(eckey);	return 0;	}

void *vg_thread_loop(void *arg){	unsigned char hash_buf[128];	unsigned char *eckey_buf;	unsigned char hash1[32];	int i, c, len, output_interval;	int hash_len;	const BN_ULONG rekey_max = 10000000;	BN_ULONG npoints, rekey_at, nbatch;	vg_context_t *vcp = (vg_context_t *) arg;	EC_KEY *pkey = NULL;	const EC_GROUP *pgroup;	const EC_POINT *pgen;	const int ptarraysize = 256;	EC_POINT *ppnt[ptarraysize];	EC_POINT *pbatchinc;	vg_test_func_t test_func = vcp->vc_test;	vg_exec_context_t ctx;	vg_exec_context_t *vxcp;	struct timeval tvstart;	memset(&ctx, 0, sizeof(ctx));	vxcp = &ctx;	vg_exec_context_init(vcp, &ctx);	pkey = vxcp->vxc_key;	pgroup = EC_KEY_get0_group(pkey);	pgen = EC_GROUP_get0_generator(pgroup);	for (i = 0; i < ptarraysize; i++) {		ppnt[i] = EC_POINT_new(pgroup);		if (!ppnt[i]) {			fprintf(stderr, "ERROR: out of memory?/n");			exit(1);		}	}	pbatchinc = EC_POINT_new(pgroup);	if (!pbatchinc) {		fprintf(stderr, "ERROR: out of memory?/n");		exit(1);	}	BN_set_word(&vxcp->vxc_bntmp, ptarraysize);	EC_POINT_mul(pgroup, pbatchinc, &vxcp->vxc_bntmp, NULL, NULL,		     vxcp->vxc_bnctx);	EC_POINT_make_affine(pgroup, pbatchinc, vxcp->vxc_bnctx);	npoints = 0;	rekey_at = 0;	nbatch = 0;	vxcp->vxc_key = pkey;	vxcp->vxc_binres[0] = vcp->vc_addrtype;	c = 0;	output_interval = 1000;	gettimeofday(&tvstart, NULL);	if (vcp->vc_format == VCF_SCRIPT) {		hash_buf[ 0] = 0x51;  // OP_1		hash_buf[ 1] = 0x41;  // pubkey length		// gap for pubkey		hash_buf[67] = 0x51;  // OP_1		hash_buf[68] = 0xae;  // OP_CHECKMULTISIG		eckey_buf = hash_buf + 2;		hash_len = 69;	} else {		eckey_buf = hash_buf;		hash_len = 65;	}	while (!vcp->vc_halt) {		if (++npoints >= rekey_at) {			vg_exec_context_upgrade_lock(vxcp);			/* Generate a new random private key */			EC_KEY_generate_key(pkey);			npoints = 0;			/* Determine rekey interval */			EC_GROUP_get_order(pgroup, &vxcp->vxc_bntmp,					   vxcp->vxc_bnctx);			BN_sub(&vxcp->vxc_bntmp2,			       &vxcp->vxc_bntmp,			       EC_KEY_get0_private_key(pkey));			rekey_at = BN_get_word(&vxcp->vxc_bntmp2);			if ((rekey_at == BN_MASK2) || (rekey_at > rekey_max))				rekey_at = rekey_max;			assert(rekey_at > 0);			EC_POINT_copy(ppnt[0], EC_KEY_get0_public_key(pkey));			vg_exec_context_downgrade_lock(vxcp);			npoints++;//.........这里部分代码省略.........

//.........这里部分代码省略.........	if (!BN_hex2bn(&x, "D")) ABORT;	if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT;	if (!EC_POINT_is_on_curve(group, Q, ctx))		{		if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT;		fprintf(stderr, "Point is not on curve: x = 0x");		BN_print_fp(stderr, x);		fprintf(stderr, ", y = 0x");		BN_print_fp(stderr, y);		fprintf(stderr, "/n");		ABORT;		}	fprintf(stdout, "A cyclic subgroup:/n");	k = 100;	do		{		if (k-- == 0) ABORT;		if (EC_POINT_is_at_infinity(group, P))			fprintf(stdout, "     point at infinity/n");		else			{			if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;			fprintf(stdout, "     x = 0x");			BN_print_fp(stdout, x);			fprintf(stdout, ", y = 0x");			BN_print_fp(stdout, y);			fprintf(stdout, "/n");			}				if (!EC_POINT_copy(R, P)) ABORT;		if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;#if 0 /* optional */		{			EC_POINT *points[3];					points[0] = R;			points[1] = Q;			points[2] = P;			if (!EC_POINTs_make_affine(group, 2, points, ctx)) ABORT;		}#endif		}	while (!EC_POINT_is_at_infinity(group, P));	if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;	if (!EC_POINT_is_at_infinity(group, P)) ABORT;	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);	if (len == 0) ABORT;	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;	fprintf(stdout, "Generator as octect string, compressed form:/n     ");	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);		len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);	if (len == 0) ABORT;	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;	fprintf(stdout, "/nGenerator as octect string, uncompressed form:/n     ");	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);

voidvg_output_match_console(vg_context_t *vcp, EC_KEY *pkey, const char *pattern){	unsigned char key_buf[512], *pend;	char addr_buf[64], addr2_buf[64];	char privkey_buf[VG_PROTKEY_MAX_B58];	const char *keytype = "Privkey";	int len;	int isscript = (vcp->vc_format == VCF_SCRIPT);	EC_POINT *ppnt;	int free_ppnt = 0;	if (vcp->vc_pubkey_base) {		ppnt = EC_POINT_new(EC_KEY_get0_group(pkey));		EC_POINT_copy(ppnt, EC_KEY_get0_public_key(pkey));		EC_POINT_add(EC_KEY_get0_group(pkey),			     ppnt,			     ppnt,			     vcp->vc_pubkey_base,			     NULL);		free_ppnt = 1;		keytype = "PrivkeyPart";	} else {		ppnt = (EC_POINT *) EC_KEY_get0_public_key(pkey);	}	assert(EC_KEY_check_key(pkey));	vg_encode_address(ppnt,			  EC_KEY_get0_group(pkey),			  vcp->vc_pubkeytype, addr_buf);	if (isscript)		vg_encode_script_address(ppnt,					 EC_KEY_get0_group(pkey),					 vcp->vc_addrtype, addr2_buf);	if (vcp->vc_key_protect_pass) {		len = vg_protect_encode_privkey(privkey_buf,						pkey, vcp->vc_privtype,						VG_PROTKEY_DEFAULT,						vcp->vc_key_protect_pass);		if (len) {			keytype = "Protkey";		} else {			fprintf(stderr,				"ERROR: could not password-protect key/n");			vcp->vc_key_protect_pass = NULL;		}	}	if (!vcp->vc_key_protect_pass) {		vg_encode_privkey(pkey, vcp->vc_privtype, privkey_buf);	}	if (!vcp->vc_result_file || (vcp->vc_verbose > 0)) {		printf("/r%79s/r/nPattern: %s/n", "", pattern);	}	if (vcp->vc_verbose > 0) {		if (vcp->vc_verbose > 1) {			pend = key_buf;			len = i2o_ECPublicKey(pkey, &pend);			printf("Pubkey (hex): ");			dumphex(key_buf, len);			printf("Privkey (hex): ");			dumpbn(EC_KEY_get0_private_key(pkey));			pend = key_buf;			len = i2d_ECPrivateKey(pkey, &pend);			printf("Privkey (ASN1): ");			dumphex(key_buf, len);		}	}	if (!vcp->vc_result_file || (vcp->vc_verbose > 0)) {		if (isscript)			printf("P2SHAddress: %s/n", addr2_buf);		printf("Address: %s/n"		       "%s: %s/n",		       addr_buf, keytype, privkey_buf);	}	if (vcp->vc_result_file) {		FILE *fp = fopen(vcp->vc_result_file, "a");		if (!fp) {			fprintf(stderr,				"ERROR: could not open result file: %s/n",				strerror(errno));		} else {			fprintf(fp,				"Pattern: %s/n"				, pattern);			if (isscript)				fprintf(fp, "P2SHAddress: %s/n", addr2_buf);			fprintf(fp,				"Address: %s/n"				"%s: %s/n",				addr_buf, keytype, privkey_buf);			fclose(fp);		}	}	if (free_ppnt)//.........这里部分代码省略.........

EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)	{	EC_EXTRA_DATA *d;	if (dest == NULL || src == NULL)		{		ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);		return NULL;		}	/* copy the parameters */	if (src->group)		{		const EC_METHOD *meth = EC_GROUP_method_of(src->group);		/* clear the old group */		if (dest->group)			EC_GROUP_free(dest->group);		dest->group = EC_GROUP_new(meth);		if (dest->group == NULL)			return NULL;		if (!EC_GROUP_copy(dest->group, src->group))			return NULL;		}	/*  copy the public key */	if (src->pub_key && src->group)		{		if (dest->pub_key)			EC_POINT_free(dest->pub_key);		dest->pub_key = EC_POINT_new(src->group);		if (dest->pub_key == NULL)			return NULL;		if (!EC_POINT_copy(dest->pub_key, src->pub_key))			return NULL;		}	/* copy the private key */	if (src->priv_key)		{		if (dest->priv_key == NULL)			{			dest->priv_key = BN_new();			if (dest->priv_key == NULL)				return NULL;			}		if (!BN_copy(dest->priv_key, src->priv_key))			return NULL;		}	/* copy method/extra data */	EC_EX_DATA_free_all_data(&dest->method_data);	for (d = src->method_data; d != NULL; d = d->next)		{		void *t = d->dup_func(d->data);				if (t == NULL)			return 0;		if (!EC_EX_DATA_set_data(&dest->method_data, t, d->dup_func, d->free_func, d->clear_free_func))			return 0;		}	/* copy the rest */	dest->enc_flag  = src->enc_flag;	dest->conv_form = src->conv_form;	dest->version   = src->version;	return dest;	}

//.........这里部分代码省略.........      plen = param->value.sequence->length;      if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))      {        EVPerr(EVP_F_EVP_PKCS82PKEY,          EVP_R_DECODE_ERROR);        goto ecerr;      }    }    else    {      EC_GROUP *group;      cp = p = param->value.object->data;      plen = param->value.object->length;      /* type == V_ASN1_OBJECT => the parameters are given       * by an asn1 OID       */      if ((eckey = EC_KEY_new()) == NULL)      {        EVPerr(EVP_F_EVP_PKCS82PKEY,          ERR_R_MALLOC_FAILURE);        goto ecerr;      }      group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));      if (group == NULL)        goto ecerr;      EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);      if (EC_KEY_set_group(eckey, group) == 0)        goto ecerr;      EC_GROUP_free(group);    }    /* We have parameters now set private key */    if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))    {      EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);      goto ecerr;    }    /* calculate public key (if necessary) */    if (EC_KEY_get0_public_key(eckey) == NULL)    {      const BIGNUM *priv_key;      const EC_GROUP *group;      EC_POINT *pub_key;      /* the public key was not included in the SEC1 private       * key => calculate the public key */      group   = EC_KEY_get0_group(eckey);      pub_key = EC_POINT_new(group);      if (pub_key == NULL)      {        EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);        goto ecerr;      }      if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))      {        EC_POINT_free(pub_key);        EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);        goto ecerr;      }      priv_key = EC_KEY_get0_private_key(eckey);      if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))      {        EC_POINT_free(pub_key);        EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);        goto ecerr;      }      if (EC_KEY_set_public_key(eckey, pub_key) == 0)      {        EC_POINT_free(pub_key);        EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);        goto ecerr;      }      EC_POINT_free(pub_key);    }    EVP_PKEY_assign_EC_KEY(pkey, eckey);    if (ctx)      BN_CTX_free(ctx);    break;ecerr:    if (ctx)      BN_CTX_free(ctx);    if (eckey)      EC_KEY_free(eckey);    if (pkey)      EVP_PKEY_free(pkey);    return NULL;#endif    default:    EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);    if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);    else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);    ERR_add_error_data(2, "TYPE=", obj_tmp);    EVP_PKEY_free (pkey);    return NULL;  }  return pkey;}

int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,                      const EC_POINT *b, BN_CTX *ctx) {  int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *,                   BN_CTX *);  int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);  const BIGNUM *p;  BN_CTX *new_ctx = NULL;  BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;  int ret = 0;  if (a == b) {    return EC_POINT_dbl(group, r, a, ctx);  }  if (EC_POINT_is_at_infinity(group, a)) {    return EC_POINT_copy(r, b);  }  if (EC_POINT_is_at_infinity(group, b)) {    return EC_POINT_copy(r, a);  }  field_mul = group->meth->field_mul;  field_sqr = group->meth->field_sqr;  p = &group->field;  if (ctx == NULL) {    ctx = new_ctx = BN_CTX_new();    if (ctx == NULL) {      return 0;    }  }  BN_CTX_start(ctx);  n0 = BN_CTX_get(ctx);  n1 = BN_CTX_get(ctx);  n2 = BN_CTX_get(ctx);  n3 = BN_CTX_get(ctx);  n4 = BN_CTX_get(ctx);  n5 = BN_CTX_get(ctx);  n6 = BN_CTX_get(ctx);  if (n6 == NULL) {    goto end;  }  // Note that in this function we must not read components of 'a' or 'b'  // once we have written the corresponding components of 'r'.  // ('r' might be one of 'a' or 'b'.)  // n1, n2  int b_Z_is_one = BN_cmp(&b->Z, &group->one) == 0;  if (b_Z_is_one) {    if (!BN_copy(n1, &a->X) || !BN_copy(n2, &a->Y)) {      goto end;    }    // n1 = X_a    // n2 = Y_a  } else {    if (!field_sqr(group, n0, &b->Z, ctx) ||        !field_mul(group, n1, &a->X, n0, ctx)) {      goto end;    }    // n1 = X_a * Z_b^2    if (!field_mul(group, n0, n0, &b->Z, ctx) ||        !field_mul(group, n2, &a->Y, n0, ctx)) {      goto end;    }    // n2 = Y_a * Z_b^3  }  // n3, n4  int a_Z_is_one = BN_cmp(&a->Z, &group->one) == 0;  if (a_Z_is_one) {    if (!BN_copy(n3, &b->X) || !BN_copy(n4, &b->Y)) {      goto end;    }    // n3 = X_b    // n4 = Y_b  } else {    if (!field_sqr(group, n0, &a->Z, ctx) ||        !field_mul(group, n3, &b->X, n0, ctx)) {      goto end;    }    // n3 = X_b * Z_a^2    if (!field_mul(group, n0, n0, &a->Z, ctx) ||        !field_mul(group, n4, &b->Y, n0, ctx)) {      goto end;    }    // n4 = Y_b * Z_a^3  }  // n5, n6  if (!bn_mod_sub_consttime(n5, n1, n3, p, ctx) ||      !bn_mod_sub_consttime(n6, n2, n4, p, ctx)) {    goto end;  }  // n5 = n1 - n3  // n6 = n2 - n4//.........这里部分代码省略.........

int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src){    if (dest->meth->group_copy == 0) {        ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);        return 0;    }    if (dest->meth != src->meth) {        ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);        return 0;    }    if (dest == src)        return 1;    /* Copy precomputed */    dest->pre_comp_type = src->pre_comp_type;    switch (src->pre_comp_type) {    case PCT_none:        dest->pre_comp.ec = NULL;        break;    case PCT_nistz256:#ifdef ECP_NISTZ256_ASM        dest->pre_comp.nistz256 = EC_nistz256_pre_comp_dup(src->pre_comp.nistz256);#endif        break;#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128    case PCT_nistp224:        dest->pre_comp.nistp224 = EC_nistp224_pre_comp_dup(src->pre_comp.nistp224);        break;    case PCT_nistp256:        dest->pre_comp.nistp256 = EC_nistp256_pre_comp_dup(src->pre_comp.nistp256);        break;    case PCT_nistp521:        dest->pre_comp.nistp521 = EC_nistp521_pre_comp_dup(src->pre_comp.nistp521);        break;#else    case PCT_nistp224:    case PCT_nistp256:    case PCT_nistp521:        break;#endif    case PCT_ec:        dest->pre_comp.ec = EC_ec_pre_comp_dup(src->pre_comp.ec);        break;    }    if (src->mont_data != NULL) {        if (dest->mont_data == NULL) {            dest->mont_data = BN_MONT_CTX_new();            if (dest->mont_data == NULL)                return 0;        }        if (!BN_MONT_CTX_copy(dest->mont_data, src->mont_data))            return 0;    } else {        /* src->generator == NULL */        BN_MONT_CTX_free(dest->mont_data);        dest->mont_data = NULL;    }    if (src->generator != NULL) {        if (dest->generator == NULL) {            dest->generator = EC_POINT_new(dest);            if (dest->generator == NULL)                return 0;        }        if (!EC_POINT_copy(dest->generator, src->generator))            return 0;    } else {        /* src->generator == NULL */        EC_POINT_clear_free(dest->generator);        dest->generator = NULL;    }    if ((src->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) {        if (!BN_copy(dest->order, src->order))            return 0;        if (!BN_copy(dest->cofactor, src->cofactor))            return 0;    }    dest->curve_name = src->curve_name;    dest->asn1_flag = src->asn1_flag;    dest->asn1_form = src->asn1_form;    if (src->seed) {        OPENSSL_free(dest->seed);        dest->seed = OPENSSL_malloc(src->seed_len);        if (dest->seed == NULL)            return 0;        if (!memcpy(dest->seed, src->seed, src->seed_len))            return 0;        dest->seed_len = src->seed_len;    } else {        OPENSSL_free(dest->seed);        dest->seed = NULL;        dest->seed_len = 0;    }    return dest->meth->group_copy(dest, src);}

intMKEM_export_public_key_pt(const MKEM *kp, EC_POINT *p0, EC_POINT *p1){  return (EC_POINT_copy(p0, kp->p0) && EC_POINT_copy(p1, kp->p1)) ? 0 : -1;}

/*- * Computes the sum *     scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1] * gracefully ignoring NULL scalar values. */int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,                       const BIGNUM *scalar, size_t num,                       const EC_POINT *points[], const BIGNUM *scalars[],                       BN_CTX *ctx){    BN_CTX *new_ctx = NULL;    int ret = 0;    size_t i;    EC_POINT *p = NULL;    EC_POINT *acc = NULL;    if (ctx == NULL) {        ctx = new_ctx = BN_CTX_new();        if (ctx == NULL)            return 0;    }    /*     * This implementation is more efficient than the wNAF implementation for     * 2 or fewer points.  Use the ec_wNAF_mul implementation for 3 or more     * points, or if we can perform a fast multiplication based on     * precomputation.     */    if ((scalar && (num > 1)) || (num > 2)        || (num == 0 && EC_GROUP_have_precompute_mult(group))) {        ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);        goto err;    }    if ((p = EC_POINT_new(group)) == NULL)        goto err;    if ((acc = EC_POINT_new(group)) == NULL)        goto err;    if (!EC_POINT_set_to_infinity(group, acc))        goto err;    if (scalar) {        if (!ec_GF2m_montgomery_point_multiply            (group, p, scalar, group->generator, ctx))            goto err;        if (BN_is_negative(scalar))            if (!group->meth->invert(group, p, ctx))                goto err;        if (!group->meth->add(group, acc, acc, p, ctx))            goto err;    }    for (i = 0; i < num; i++) {        if (!ec_GF2m_montgomery_point_multiply            (group, p, scalars[i], points[i], ctx))            goto err;        if (BN_is_negative(scalars[i]))            if (!group->meth->invert(group, p, ctx))                goto err;        if (!group->meth->add(group, acc, acc, p, ctx))            goto err;    }    if (!EC_POINT_copy(r, acc))        goto err;    ret = 1; err:    if (p)        EC_POINT_free(p);    if (acc)        EC_POINT_free(acc);    if (new_ctx != NULL)        BN_CTX_free(new_ctx);    return ret;}

//.........这里部分代码省略.........	if (!EC_POINT_is_on_curve(group, Q, ctx))		{/* Change test based on whether binary point compression is enabled or not. */#ifdef OPENSSL_EC_BIN_PT_COMP		if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;#endif		fprintf(stderr, "Point is not on curve: x = 0x");		BN_print_fp(stderr, x);		fprintf(stderr, ", y = 0x");		BN_print_fp(stderr, y);		fprintf(stderr, "/n");		ABORT;		}	fprintf(stdout, "A cyclic subgroup:/n");	k = 100;	do		{		if (k-- == 0) ABORT;		if (EC_POINT_is_at_infinity(group, P))			fprintf(stdout, "     point at infinity/n");		else			{			if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT;			fprintf(stdout, "     x = 0x");			BN_print_fp(stdout, x);			fprintf(stdout, ", y = 0x");			BN_print_fp(stdout, y);			fprintf(stdout, "/n");			}				if (!EC_POINT_copy(R, P)) ABORT;		if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;		}	while (!EC_POINT_is_at_infinity(group, P));	if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;	if (!EC_POINT_is_at_infinity(group, P)) ABORT;/* Change test based on whether binary point compression is enabled or not. */#ifdef OPENSSL_EC_BIN_PT_COMP	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);	if (len == 0) ABORT;	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;	fprintf(stdout, "Generator as octet string, compressed form:/n     ");	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);#endif		len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);	if (len == 0) ABORT;	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;	fprintf(stdout, "/nGenerator as octet string, uncompressed form:/n     ");	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);	/* Change test based on whether binary point compression is enabled or not. */#ifdef OPENSSL_EC_BIN_PT_COMP	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);	if (len == 0) ABORT;	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;	fprintf(stdout, "/nGenerator as octet string, hybrid form:/n     ");	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);

EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src){    if (dest == NULL || src == NULL) {        ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);        return NULL;    }    if (src->meth != dest->meth) {        if (dest->meth->finish != NULL)            dest->meth->finish(dest);        if (dest->group && dest->group->meth->keyfinish)            dest->group->meth->keyfinish(dest);#ifndef OPENSSL_NO_ENGINE        if (ENGINE_finish(dest->engine) == 0)            return 0;        dest->engine = NULL;#endif    }    /* copy the parameters */    if (src->group != NULL) {        const EC_METHOD *meth = EC_GROUP_method_of(src->group);        /* clear the old group */        EC_GROUP_free(dest->group);        dest->group = EC_GROUP_new(meth);        if (dest->group == NULL)            return NULL;        if (!EC_GROUP_copy(dest->group, src->group))            return NULL;        /*  copy the public key */        if (src->pub_key != NULL) {            EC_POINT_free(dest->pub_key);            dest->pub_key = EC_POINT_new(src->group);            if (dest->pub_key == NULL)                return NULL;            if (!EC_POINT_copy(dest->pub_key, src->pub_key))                return NULL;        }        /* copy the private key */        if (src->priv_key != NULL) {            if (dest->priv_key == NULL) {                dest->priv_key = BN_new();                if (dest->priv_key == NULL)                    return NULL;            }            if (!BN_copy(dest->priv_key, src->priv_key))                return NULL;            if (src->group->meth->keycopy                && src->group->meth->keycopy(dest, src) == 0)                return NULL;        }    }    /* copy the rest */    dest->enc_flag = src->enc_flag;    dest->conv_form = src->conv_form;    dest->version = src->version;    dest->flags = src->flags;    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY,                            &dest->ex_data, &src->ex_data))        return NULL;    if (src->meth != dest->meth) {#ifndef OPENSSL_NO_ENGINE        if (src->engine != NULL && ENGINE_init(src->engine) == 0)            return NULL;        dest->engine = src->engine;#endif        dest->meth = src->meth;    }    if (src->meth->copy != NULL && src->meth->copy(dest, src) == 0)        return NULL;    return dest;}

static void timings(EC_GROUP *group, int multi, BN_CTX *ctx)	{	clock_t clck;	int i, j;	BIGNUM *s, *s0;	EC_POINT *P;			s = BN_new();	s0 = BN_new();	if (s == NULL || s0 == NULL) ABORT;	if (!EC_GROUP_get_curve_GFp(group, s, NULL, NULL, ctx)) ABORT;	fprintf(stdout, "Timings for %d bit prime, ", (int)BN_num_bits(s));	if (!EC_GROUP_get_order(group, s, ctx)) ABORT;	fprintf(stdout, "%d bit scalars ", (int)BN_num_bits(s));	fflush(stdout);	P = EC_POINT_new(group);	if (P == NULL) ABORT;	EC_POINT_copy(P, EC_GROUP_get0_generator(group));	clck = clock();	for (i = 0; i < 10; i++)		{		if (!BN_pseudo_rand(s, BN_num_bits(s), 0, 0)) ABORT;		if (multi)			{			if (!BN_pseudo_rand(s0, BN_num_bits(s), 0, 0)) ABORT;			}		for (j = 0; j < 10; j++)			{			if (!EC_POINT_mul(group, P, s, multi ? P : NULL, multi ? s0 : NULL, ctx)) ABORT;			}		fprintf(stdout, ".");		fflush(stdout);		}	fprintf(stdout, "/n");		clck = clock() - clck;#ifdef CLOCKS_PER_SEC	/* "To determine the time in seconds, the value returned	 * by the clock function should be divided by the value	 * of the macro CLOCKS_PER_SEC."	 *                                       -- ISO/IEC 9899 */#	define UNIT "s"#else	/* "`CLOCKS_PER_SEC' undeclared (first use this function)"	 *                            -- cc on NeXTstep/OpenStep */#	define UNIT "units"#	define CLOCKS_PER_SEC 1#endif	fprintf(stdout, "%i %s in %.2f " UNIT "/n", i*j,		multi ? "s*P+t*Q operations" : "point multiplications",		(double)clck/CLOCKS_PER_SEC);	fprintf(stdout, "average: %.4f " UNIT "/n", (double)clck/(CLOCKS_PER_SEC*i*j));	EC_POINT_free(P);	BN_free(s);	BN_free(s0);	}

/* * Computes a + b and stores the result in r.  r could be a or b, a could be * b. Uses algorithm A.10.2 of IEEE P1363. */int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,                       const EC_POINT *b, BN_CTX *ctx){    BN_CTX *new_ctx = NULL;    BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t;    int ret = 0;    if (EC_POINT_is_at_infinity(group, a)) {        if (!EC_POINT_copy(r, b))            return 0;        return 1;    }    if (EC_POINT_is_at_infinity(group, b)) {        if (!EC_POINT_copy(r, a))            return 0;        return 1;    }    if (ctx == NULL) {        ctx = new_ctx = BN_CTX_new();        if (ctx == NULL)            return 0;    }    BN_CTX_start(ctx);    x0 = BN_CTX_get(ctx);    y0 = BN_CTX_get(ctx);    x1 = BN_CTX_get(ctx);    y1 = BN_CTX_get(ctx);    x2 = BN_CTX_get(ctx);    y2 = BN_CTX_get(ctx);    s = BN_CTX_get(ctx);    t = BN_CTX_get(ctx);    if (t == NULL)        goto err;    if (a->Z_is_one) {        if (!BN_copy(x0, &a->X))            goto err;        if (!BN_copy(y0, &a->Y))            goto err;    } else {        if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx))            goto err;    }    if (b->Z_is_one) {        if (!BN_copy(x1, &b->X))            goto err;        if (!BN_copy(y1, &b->Y))            goto err;    } else {        if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx))            goto err;    }    if (BN_GF2m_cmp(x0, x1)) {        if (!BN_GF2m_add(t, x0, x1))            goto err;        if (!BN_GF2m_add(s, y0, y1))            goto err;        if (!group->meth->field_div(group, s, s, t, ctx))            goto err;        if (!group->meth->field_sqr(group, x2, s, ctx))            goto err;        if (!BN_GF2m_add(x2, x2, &group->a))            goto err;        if (!BN_GF2m_add(x2, x2, s))            goto err;        if (!BN_GF2m_add(x2, x2, t))            goto err;    } else {        if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1)) {            if (!EC_POINT_set_to_infinity(group, r))                goto err;            ret = 1;            goto err;        }        if (!group->meth->field_div(group, s, y1, x1, ctx))            goto err;        if (!BN_GF2m_add(s, s, x1))            goto err;        if (!group->meth->field_sqr(group, x2, s, ctx))            goto err;        if (!BN_GF2m_add(x2, x2, s))            goto err;        if (!BN_GF2m_add(x2, x2, &group->a))            goto err;    }    if (!BN_GF2m_add(y2, x1, x2))        goto err;    if (!group->meth->field_mul(group, y2, y2, s, ctx))        goto err;    if (!BN_GF2m_add(y2, y2, x2))//.........这里部分代码省略.........

EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src){    EC_EXTRA_DATA *d;    if (dest == NULL || src == NULL) {        ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);        return NULL;    }    if (src->meth != dest->meth) {        if (dest->meth->finish != NULL)            dest->meth->finish(dest);#ifndef OPENSSL_NO_ENGINE        if (dest->engine != NULL && ENGINE_finish(dest->engine) == 0)            return 0;        dest->engine = NULL;#endif    }    /* copy the parameters */    if (src->group != NULL) {        const EC_METHOD *meth = EC_GROUP_method_of(src->group);        /* clear the old group */        EC_GROUP_free(dest->group);        dest->group = EC_GROUP_new(meth);        if (dest->group == NULL)            return NULL;        if (!EC_GROUP_copy(dest->group, src->group))            return NULL;    }    /*  copy the public key */    if (src->pub_key != NULL && src->group != NULL) {        EC_POINT_free(dest->pub_key);        dest->pub_key = EC_POINT_new(src->group);        if (dest->pub_key == NULL)            return NULL;        if (!EC_POINT_copy(dest->pub_key, src->pub_key))            return NULL;    }    /* copy the private key */    if (src->priv_key != NULL) {        if (dest->priv_key == NULL) {            dest->priv_key = BN_new();            if (dest->priv_key == NULL)                return NULL;        }        if (!BN_copy(dest->priv_key, src->priv_key))            return NULL;    }    /* copy method/extra data */    EC_EX_DATA_free_all_data(&dest->method_data);    for (d = src->method_data; d != NULL; d = d->next) {        void *t = d->dup_func(d->data);        if (t == NULL)            return 0;        if (!EC_EX_DATA_set_data            (&dest->method_data, t, d->dup_func, d->free_func,             d->clear_free_func))            return NULL;    }    /* copy the rest */    dest->enc_flag = src->enc_flag;    dest->conv_form = src->conv_form;    dest->version = src->version;    dest->flags = src->flags;    if (src->meth != dest->meth) {#ifndef OPENSSL_NO_ENGINE        if (src->engine != NULL && ENGINE_init(src->engine) == 0)            return NULL;        dest->engine = src->engine;#endif        dest->meth = src->meth;    }    if (src->meth->copy != NULL && src->meth->copy(dest, src) == 0)        return NULL;    return dest;}

int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)	{	EC_EXTRA_DATA *d;	if (dest->meth->group_copy == 0)		{		ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);		return 0;		}	if (dest->meth != src->meth)		{		ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);		return 0;		}	if (dest == src)		return 1;		EC_EX_DATA_free_all_data(&dest->extra_data);	for (d = src->extra_data; d != NULL; d = d->next)		{		void *t = d->dup_func(d->data);				if (t == NULL)			return 0;		if (!EC_EX_DATA_set_data(&dest->extra_data, t, d->dup_func, d->free_func, d->clear_free_func))			return 0;		}	if (src->generator != NULL)		{		if (dest->generator == NULL)			{			dest->generator = EC_POINT_new(dest);			if (dest->generator == NULL) return 0;			}		if (!EC_POINT_copy(dest->generator, src->generator)) return 0;		}	else		{		/* src->generator == NULL */		if (dest->generator != NULL)			{			EC_POINT_clear_free(dest->generator);			dest->generator = NULL;			}		}	if (!BN_copy(&dest->order, &src->order)) return 0;	if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0;	dest->curve_name = src->curve_name;	dest->asn1_flag  = src->asn1_flag;	dest->asn1_form  = src->asn1_form;	if (src->seed)		{		if (dest->seed)			OPENSSL_free(dest->seed);		dest->seed = OPENSSL_malloc(src->seed_len);		if (dest->seed == NULL)			return 0;		if (!memcpy(dest->seed, src->seed, src->seed_len))			return 0;		dest->seed_len = src->seed_len;		}	else		{		if (dest->seed)			OPENSSL_free(dest->seed);		dest->seed = NULL;		dest->seed_len = 0;		}		return dest->meth->group_copy(dest, src);	}

static void timings(EC_GROUP *group, int type, BN_CTX *ctx)	{	clock_t clck;	int i, j;	BIGNUM *s;	BIGNUM *r[10], *r0[10];	EC_POINT *P;			s = BN_new();	if (s == NULL) ABORT;	fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group));	if (!EC_GROUP_get_order(group, s, ctx)) ABORT;	fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s));	fflush(stdout);	P = EC_POINT_new(group);	if (P == NULL) ABORT;	EC_POINT_copy(P, EC_GROUP_get0_generator(group));	for (i = 0; i < 10; i++)		{		if ((r[i] = BN_new()) == NULL) ABORT;		if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0)) ABORT;		if (type != TIMING_BASE_PT)			{			if ((r0[i] = BN_new()) == NULL) ABORT;			if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0)) ABORT;			}		}	clck = clock();	for (i = 0; i < 10; i++)		{		for (j = 0; j < 10; j++)			{			if (!EC_POINT_mul(group, P, (type != TIMING_RAND_PT) ? r[i] : NULL, 				(type != TIMING_BASE_PT) ? P : NULL, (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx)) ABORT;			}		}	clck = clock() - clck;	fprintf(stdout, "/n");#ifdef CLOCKS_PER_SEC	/* "To determine the time in seconds, the value returned	 * by the clock function should be divided by the value	 * of the macro CLOCKS_PER_SEC."	 *                                       -- ISO/IEC 9899 */#	define UNIT "s"#else	/* "`CLOCKS_PER_SEC' undeclared (first use this function)"	 *                            -- cc on NeXTstep/OpenStep */#	define UNIT "units"#	define CLOCKS_PER_SEC 1#endif	if (type == TIMING_BASE_PT) {		fprintf(stdout, "%i %s in %.2f " UNIT "/n", i*j,			"base point multiplications", (double)clck/CLOCKS_PER_SEC);	} else if (type == TIMING_RAND_PT) {		fprintf(stdout, "%i %s in %.2f " UNIT "/n", i*j,			"random point multiplications", (double)clck/CLOCKS_PER_SEC);	} else if (type == TIMING_SIMUL) {		fprintf(stdout, "%i %s in %.2f " UNIT "/n", i*j,			"s*P+t*Q operations", (double)clck/CLOCKS_PER_SEC);	}	fprintf(stdout, "average: %.4f " UNIT "/n", (double)clck/(CLOCKS_PER_SEC*i*j));	EC_POINT_free(P);	BN_free(s);	for (i = 0; i < 10; i++)		{		BN_free(r[i]);		if (type != TIMING_BASE_PT) BN_free(r0[i]);		}	}

int EC_KEY_check_key(const EC_KEY *eckey)	{	int	ok   = 0;	BN_CTX	*ctx = NULL;	BIGNUM	*order  = NULL;	EC_POINT *point = NULL;	if (!eckey || !eckey->group || !eckey->pub_key)		{		ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);		return 0;		}		if ((ctx = BN_CTX_new()) == NULL)		goto err;	if ((order = BN_new()) == NULL)		goto err;	if ((point = EC_POINT_new(eckey->group)) == NULL)		goto err;	/* testing whether the pub_key is on the elliptic curve */	if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx))		{		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);		goto err;		}	/* testing whether pub_key * order is the point at infinity */	if (!EC_GROUP_get_order(eckey->group, order, ctx))		{		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);		goto err;		}	if (!EC_POINT_copy(point, eckey->pub_key))		{		ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);		goto err;		}	if (!EC_POINT_mul(eckey->group, point, order, NULL, NULL, ctx))		{		ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);		goto err;		}	if (!EC_POINT_is_at_infinity(eckey->group, point))		{		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);		goto err;		}	/* in case the priv_key is present : 	 * check if generator * priv_key == pub_key 	 */	if (eckey->priv_key)		{		if (BN_cmp(eckey->priv_key, order) >= 0)			{			ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);			goto err;			}		if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,			NULL, NULL, ctx))			{			ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);			goto err;			}		if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, 			ctx) != 0)			{			ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);			goto err;			}		}	ok = 1;err:	if (ctx   != NULL)		BN_CTX_free(ctx);	if (order != NULL)		BN_free(order);	if (point != NULL)		EC_POINT_free(point);	return(ok);	}

int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,                      const EC_POINT *b, BN_CTX *ctx){    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,                      const BIGNUM *, BN_CTX *);    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);    const BIGNUM *p;    BN_CTX *new_ctx = NULL;    BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;    int ret = 0;    if (a == b)        return EC_POINT_dbl(group, r, a, ctx);    if (EC_POINT_is_at_infinity(group, a))        return EC_POINT_copy(r, b);    if (EC_POINT_is_at_infinity(group, b))        return EC_POINT_copy(r, a);    field_mul = group->meth->field_mul;    field_sqr = group->meth->field_sqr;    p = group->field;    if (ctx == NULL) {        ctx = new_ctx = BN_CTX_new();        if (ctx == NULL)            return 0;    }    BN_CTX_start(ctx);    n0 = BN_CTX_get(ctx);    n1 = BN_CTX_get(ctx);    n2 = BN_CTX_get(ctx);    n3 = BN_CTX_get(ctx);    n4 = BN_CTX_get(ctx);    n5 = BN_CTX_get(ctx);    n6 = BN_CTX_get(ctx);    if (n6 == NULL)        goto end;    /*     * Note that in this function we must not read components of 'a' or 'b'     * once we have written the corresponding components of 'r'. ('r' might     * be one of 'a' or 'b'.)     */    /* n1, n2 */    if (b->Z_is_one) {        if (!BN_copy(n1, a->X))            goto end;        if (!BN_copy(n2, a->Y))            goto end;        /* n1 = X_a */        /* n2 = Y_a */    } else {        if (!field_sqr(group, n0, b->Z, ctx))            goto end;        if (!field_mul(group, n1, a->X, n0, ctx))            goto end;        /* n1 = X_a * Z_b^2 */        if (!field_mul(group, n0, n0, b->Z, ctx))            goto end;        if (!field_mul(group, n2, a->Y, n0, ctx))            goto end;        /* n2 = Y_a * Z_b^3 */    }    /* n3, n4 */    if (a->Z_is_one) {        if (!BN_copy(n3, b->X))            goto end;        if (!BN_copy(n4, b->Y))            goto end;        /* n3 = X_b */        /* n4 = Y_b */    } else {        if (!field_sqr(group, n0, a->Z, ctx))            goto end;        if (!field_mul(group, n3, b->X, n0, ctx))            goto end;        /* n3 = X_b * Z_a^2 */        if (!field_mul(group, n0, n0, a->Z, ctx))            goto end;        if (!field_mul(group, n4, b->Y, n0, ctx))            goto end;        /* n4 = Y_b * Z_a^3 */    }    /* n5, n6 */    if (!BN_mod_sub_quick(n5, n1, n3, p))        goto end;    if (!BN_mod_sub_quick(n6, n2, n4, p))        goto end;    /* n5 = n1 - n3 */    /* n6 = n2 - n4 */    if (BN_is_zero(n5)) {        if (BN_is_zero(n6)) {            /* a is the same point as b *///.........这里部分代码省略.........