本文整理汇总了C++中BN_clear_free函数的典型用法代码示例。如果您正苦于以下问题:C++ BN_clear_free函数的具体用法?C++ BN_clear_free怎么用?C++ BN_clear_free使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了BN_clear_free函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: ecdsa_sign_setup
//.........这里部分代码省略.........
do {
/* get random k */
do
if (dgst != NULL) {
if (!BN_generate_dsa_nonce
(k, order, EC_KEY_get0_private_key(eckey), dgst, dlen,
ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP,
EC_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
} else {
if (!BN_priv_rand_range(k, order)) {
ECerr(EC_F_ECDSA_SIGN_SETUP,
EC_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
}
while (BN_is_zero(k));
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
NID_X9_62_prime_field) {
if (!EC_POINT_get_affine_coordinates_GFp
(group, tmp_point, X, NULL, ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
}
#ifndef OPENSSL_NO_EC2M
else { /* NID_X9_62_characteristic_two_field */
if (!EC_POINT_get_affine_coordinates_GF2m(group,
tmp_point, X, NULL,
ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
}
#endif
if (!BN_nnmod(r, X, order, ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
goto err;
}
}
while (BN_is_zero(r));
/* Check if optimized inverse is implemented */
if (EC_GROUP_do_inverse_ord(group, k, k, ctx) == 0) {
/* compute the inverse of k */
if (group->mont_data != NULL) {
/*
* We want inverse in constant time, therefore we utilize the fact
* order must be prime and use Fermats Little Theorem instead.
*/
if (!BN_set_word(X, 2)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
goto err;
}
if (!BN_mod_sub(X, order, X, order, ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
goto err;
}
BN_set_flags(X, BN_FLG_CONSTTIME);
if (!BN_mod_exp_mont_consttime(k, k, X, order, ctx,
group->mont_data)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
goto err;
}
} else {
if (!BN_mod_inverse(k, k, order, ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
goto err;
}
}
}
/* clear old values if necessary */
BN_clear_free(*rp);
BN_clear_free(*kinvp);
/* save the pre-computed values */
*rp = r;
*kinvp = k;
ret = 1;
err:
if (!ret) {
BN_clear_free(k);
BN_clear_free(r);
}
if (ctx != ctx_in)
BN_CTX_free(ctx);
EC_POINT_free(tmp_point);
BN_clear_free(X);
return ret;
}
示例2: x9_62_test_internal
/* some tests from the X9.62 draft */
int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
{
int ret = 0;
const char message[] = "abc";
unsigned char digest[20];
unsigned int dgst_len = 0;
EVP_MD_CTX md_ctx;
EC_KEY *key = NULL;
ECDSA_SIG *signature = NULL;
BIGNUM *r = NULL, *s = NULL;
BIGNUM *kinv = NULL, *rp = NULL;
EVP_MD_CTX_init(&md_ctx);
/* get the message digest */
if (!EVP_DigestInit(&md_ctx, EVP_ecdsa())
|| !EVP_DigestUpdate(&md_ctx, (const void *)message, 3)
|| !EVP_DigestFinal(&md_ctx, digest, &dgst_len))
goto x962_int_err;
BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
/* create the key */
if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
goto x962_int_err;
use_fake = 1;
if (!EC_KEY_generate_key(key))
goto x962_int_err;
BIO_printf(out, ".");
(void)BIO_flush(out);
/* create the signature */
use_fake = 1;
/* Use ECDSA_sign_setup to avoid use of ECDSA nonces */
if (!ECDSA_sign_setup(key, NULL, &kinv, &rp))
goto x962_int_err;
signature = ECDSA_do_sign_ex(digest, 20, kinv, rp, key);
if (signature == NULL)
goto x962_int_err;
BIO_printf(out, ".");
(void)BIO_flush(out);
/* compare the created signature with the expected signature */
if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)
goto x962_int_err;
if (!BN_dec2bn(&r, r_in) || !BN_dec2bn(&s, s_in))
goto x962_int_err;
if (BN_cmp(signature->r, r) || BN_cmp(signature->s, s))
goto x962_int_err;
BIO_printf(out, ".");
(void)BIO_flush(out);
/* verify the signature */
if (ECDSA_do_verify(digest, 20, signature, key) != 1)
goto x962_int_err;
BIO_printf(out, ".");
(void)BIO_flush(out);
BIO_printf(out, " ok\n");
ret = 1;
x962_int_err:
if (!ret)
BIO_printf(out, " failed\n");
EC_KEY_free(key);
ECDSA_SIG_free(signature);
BN_free(r);
BN_free(s);
EVP_MD_CTX_cleanup(&md_ctx);
BN_clear_free(kinv);
BN_clear_free(rp);
return ret;
}
示例3: run_srp
static int run_srp(const char *username, const char *client_pass,
const char *server_pass)
{
int ret = -1;
BIGNUM *s = NULL;
BIGNUM *v = NULL;
BIGNUM *a = NULL;
BIGNUM *b = NULL;
BIGNUM *u = NULL;
BIGNUM *x = NULL;
BIGNUM *Apub = NULL;
BIGNUM *Bpub = NULL;
BIGNUM *Kclient = NULL;
BIGNUM *Kserver = NULL;
unsigned char rand_tmp[RANDOM_SIZE];
/* use builtin 1024-bit params */
const SRP_gN *GN = SRP_get_default_gN("1024");
if (GN == NULL) {
fprintf(stderr, "Failed to get SRP parameters\n");
return -1;
}
/* Set up server's password entry */
if (!SRP_create_verifier_BN(username, server_pass, &s, &v, GN->N, GN->g)) {
fprintf(stderr, "Failed to create SRP verifier\n");
return -1;
}
showbn("N", GN->N);
showbn("g", GN->g);
showbn("Salt", s);
showbn("Verifier", v);
/* Server random */
RAND_bytes(rand_tmp, sizeof(rand_tmp));
b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL);
/* TODO - check b != 0 */
showbn("b", b);
/* Server's first message */
Bpub = SRP_Calc_B(b, GN->N, GN->g, v);
showbn("B", Bpub);
if (!SRP_Verify_B_mod_N(Bpub, GN->N)) {
fprintf(stderr, "Invalid B\n");
return -1;
}
/* Client random */
RAND_bytes(rand_tmp, sizeof(rand_tmp));
a = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL);
/* TODO - check a != 0 */
showbn("a", a);
/* Client's response */
Apub = SRP_Calc_A(a, GN->N, GN->g);
showbn("A", Apub);
if (!SRP_Verify_A_mod_N(Apub, GN->N)) {
fprintf(stderr, "Invalid A\n");
return -1;
}
/* Both sides calculate u */
u = SRP_Calc_u(Apub, Bpub, GN->N);
/* Client's key */
x = SRP_Calc_x(s, username, client_pass);
Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u);
showbn("Client's key", Kclient);
/* Server's key */
Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N);
showbn("Server's key", Kserver);
if (BN_cmp(Kclient, Kserver) == 0) {
ret = 0;
} else {
fprintf(stderr, "Keys mismatch\n");
ret = 1;
}
BN_clear_free(Kclient);
BN_clear_free(Kserver);
BN_clear_free(x);
BN_free(u);
BN_free(Apub);
BN_clear_free(a);
BN_free(Bpub);
BN_clear_free(b);
BN_free(s);
BN_clear_free(v);
return ret;
}
示例4: vg_regex_test
//.........这里部分代码省略.........
BIGNUM bnrem;
BIGNUM *bn, *bndiv, *bnptmp;
int res = 0;
pcre *re;
BN_init(&bnrem);
/* Hash the hash and write the four byte check code */
SHA256(vxcp->vxc_binres, 21, hash1);
SHA256(hash1, sizeof(hash1), hash2);
memcpy(&vxcp->vxc_binres[21], hash2, 4);
bn = &vxcp->vxc_bntmp;
bndiv = &vxcp->vxc_bntmp2;
BN_bin2bn(vxcp->vxc_binres, 25, bn);
/* Compute the complete encoded address */
for (zpfx = 0; zpfx < 25 && vxcp->vxc_binres[zpfx] == 0; zpfx++);
p = sizeof(b58) - 1;
b58[p] = '\0';
while (!BN_is_zero(bn)) {
BN_div(bndiv, &bnrem, bn, &vxcp->vxc_bnbase, vxcp->vxc_bnctx);
bnptmp = bn;
bn = bndiv;
bndiv = bnptmp;
d = BN_get_word(&bnrem);
b58[--p] = vg_b58_alphabet[d];
}
while (zpfx--) {
b58[--p] = vg_b58_alphabet[0];
}
/*
* Run the regular expressions on it
* SLOW, runs in linear time with the number of REs
*/
restart_loop:
nres = vcrp->base.vc_npatterns;
if (!nres) {
res = 2;
goto out;
}
for (i = 0; i < nres; i++) {
d = pcre_exec(vcrp->vcr_regex[i],
vcrp->vcr_regex_extra[i],
&b58[p], (sizeof(b58) - 1) - p, 0,
0,
re_vec, sizeof(re_vec)/sizeof(re_vec[0]));
if (d <= 0) {
if (d != PCRE_ERROR_NOMATCH) {
fprintf(stderr, "PCRE error: %d\n", d);
res = 2;
goto out;
}
continue;
}
re = vcrp->vcr_regex[i];
if (vg_exec_context_upgrade_lock(vxcp) &&
((i >= vcrp->base.vc_npatterns) ||
(vcrp->vcr_regex[i] != re)))
goto restart_loop;
vg_exec_context_consolidate_key(vxcp);
vcrp->base.vc_output_match(&vcrp->base, vxcp->vxc_key,
vcrp->vcr_regex_pat[i]);
vcrp->base.vc_found++;
if (vcrp->base.vc_only_one) {
res = 2;
goto out;
}
if (vcrp->base.vc_remove_on_match) {
pcre_free(vcrp->vcr_regex[i]);
if (vcrp->vcr_regex_extra[i])
pcre_free(vcrp->vcr_regex_extra[i]);
nres -= 1;
vcrp->base.vc_npatterns = nres;
if (!nres) {
res = 2;
goto out;
}
vcrp->vcr_regex[i] = vcrp->vcr_regex[nres];
vcrp->vcr_regex_extra[i] =
vcrp->vcr_regex_extra[nres];
vcrp->vcr_regex_pat[i] = vcrp->vcr_regex_pat[nres];
vcrp->base.vc_npatterns = nres;
vcrp->base.vc_pattern_generation++;
}
res = 1;
}
out:
BN_clear_free(&bnrem);
return res;
}
示例5: FIPSerr
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA *dsa)
{
BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
BIGNUM m;
BIGNUM xr;
BN_CTX *ctx=NULL;
int i,reason=ERR_R_BN_LIB;
DSA_SIG *ret=NULL;
if(FIPS_selftest_failed())
{
FIPSerr(FIPS_F_DSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
return NULL;
}
if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
{
DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);
return NULL;
}
BN_init(&m);
BN_init(&xr);
if (!dsa->p || !dsa->q || !dsa->g)
{
reason=DSA_R_MISSING_PARAMETERS;
goto err;
}
s=BN_new();
if (s == NULL) goto err;
i=BN_num_bytes(dsa->q); /* should be 20 */
if ((dlen > i) || (dlen > 50))
{
reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
goto err;
}
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
if (!dsa->meth->dsa_sign_setup(dsa,ctx,&kinv,&r)) goto err;
if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
/* Compute s = inv(k) (m + xr) mod q */
if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
if (BN_cmp(s,dsa->q) > 0)
BN_sub(s,s,dsa->q);
if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
ret= DSA_SIG_new();
if (ret == NULL) goto err;
ret->r = r;
ret->s = s;
err:
if (!ret)
{
DSAerr(DSA_F_DSA_DO_SIGN,reason);
BN_free(r);
BN_free(s);
}
if (ctx != NULL) BN_CTX_free(ctx);
BN_clear_free(&m);
BN_clear_free(&xr);
if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
BN_clear_free(kinv);
return(ret);
}
示例6: ecdsa_sign_setup
static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
BIGNUM **rp, const uint8_t *digest,
size_t digest_len) {
BN_CTX *ctx = NULL;
BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL;
EC_POINT *tmp_point = NULL;
const EC_GROUP *group;
int ret = 0;
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (ctx_in == NULL) {
if ((ctx = BN_CTX_new()) == NULL) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
ctx = ctx_in;
}
k = BN_new(); /* this value is later returned in *kinvp */
r = BN_new(); /* this value is later returned in *rp */
order = BN_new();
X = BN_new();
if (!k || !r || !order || !X) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
goto err;
}
tmp_point = EC_POINT_new(group);
if (tmp_point == NULL) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
goto err;
}
if (!EC_GROUP_get_order(group, order, ctx)) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
goto err;
}
do {
/* If possible, we'll include the private key and message digest in the k
* generation. The |digest| argument is only empty if |ECDSA_sign_setup| is
* being used. */
do {
int ok;
if (digest_len > 0) {
ok = BN_generate_dsa_nonce(k, order, EC_KEY_get0_private_key(eckey),
digest, digest_len, ctx);
} else {
ok = BN_rand_range(k, order);
}
if (!ok) {
OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
} while (BN_is_zero(k));
/* We do not want timing information to leak the length of k,
* so we compute G*k using an equivalent scalar of fixed
* bit-length. */
if (!BN_add(k, k, order)) {
goto err;
}
if (BN_num_bits(k) <= BN_num_bits(order)) {
if (!BN_add(k, k, order)) {
goto err;
}
}
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
goto err;
}
if (!EC_POINT_get_affine_coordinates_GFp(group, tmp_point, X, NULL, ctx)) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
goto err;
}
if (!BN_nnmod(r, X, order, ctx)) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
goto err;
}
} while (BN_is_zero(r));
/* compute the inverse of k */
if (!BN_mod_inverse(k, k, order, ctx)) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB);
goto err;
}
/* clear old values if necessary */
BN_clear_free(*rp);
BN_clear_free(*kinvp);
/* save the pre-computed values */
*rp = r;
//.........这里部分代码省略.........
示例7: bp_script_eval
//.........这里部分代码省略.........
BN_set_word(&bn, BN_is_zero(&bn) ? 0 : 1);
break;
default:
// impossible
goto out;
}
popstack(stack);
stack_push_str(stack, bn_getvch(&bn));
break;
}
case OP_ADD:
case OP_SUB:
case OP_BOOLAND:
case OP_BOOLOR:
case OP_NUMEQUAL:
case OP_NUMEQUALVERIFY:
case OP_NUMNOTEQUAL:
case OP_LESSTHAN:
case OP_GREATERTHAN:
case OP_LESSTHANOREQUAL:
case OP_GREATERTHANOREQUAL:
case OP_MIN:
case OP_MAX: {
// (x1 x2 -- out)
if (stack->len < 2)
goto out;
BIGNUM bn1, bn2;
BN_init(&bn1);
BN_init(&bn2);
if (!CastToBigNum(&bn1, stacktop(stack, -2)) ||
!CastToBigNum(&bn2, stacktop(stack, -1))) {
BN_clear_free(&bn1);
BN_clear_free(&bn2);
goto out;
}
switch (opcode)
{
case OP_ADD:
BN_add(&bn, &bn1, &bn2);
break;
case OP_SUB:
BN_sub(&bn, &bn1, &bn2);
break;
case OP_BOOLAND:
BN_set_word(&bn,
(!BN_is_zero(&bn1) && !BN_is_zero(&bn2)) ?
1 : 0);
break;
case OP_BOOLOR:
BN_set_word(&bn,
(!BN_is_zero(&bn1) || !BN_is_zero(&bn2)) ?
1 : 0);
break;
case OP_NUMEQUAL:
case OP_NUMEQUALVERIFY:
BN_set_word(&bn,
(BN_cmp(&bn1, &bn2) == 0) ? 1 : 0);
break;
case OP_NUMNOTEQUAL:
BN_set_word(&bn,
(BN_cmp(&bn1, &bn2) != 0) ? 1 : 0);
break;
case OP_LESSTHAN:
示例8: ecdsa_check
//.........这里部分代码省略.........
priv_key = EC_KEY_get0_private_key(eckey);
if (group == NULL || priv_key == NULL || ecdsa == NULL) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
ret = ECDSA_SIG_new();
if (!ret) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
return NULL;
}
s = ret->s;
if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
(tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EC_GROUP_get_order(group, order, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
goto err;
}
i = BN_num_bits(order);
/*
* Need to truncate digest if it is too long: first truncate whole bytes.
*/
if (8 * dgst_len > i)
dgst_len = (i + 7) / 8;
if (!BN_bin2bn(dgst, dgst_len, m)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
/* If still too long truncate remaining bits with a shift */
if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
do {
if (in_kinv == NULL || in_r == NULL) {
if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_ECDSA_LIB);
goto err;
}
ckinv = kinv;
} else {
ckinv = in_kinv;
if (BN_copy(ret->r, in_r) == NULL) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
}
if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
if (!BN_mod_add_quick(s, tmp, m, order)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
if (BN_is_zero(s)) {
/*
* if kinv and r have been supplied by the caller don't to
* generate new kinv and r values
*/
if (in_kinv != NULL && in_r != NULL) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
ECDSA_R_NEED_NEW_SETUP_VALUES);
goto err;
}
} else
/* s != 0 => we have a valid signature */
break;
}
while (1);
ok = 1;
err:
if (!ok) {
ECDSA_SIG_free(ret);
ret = NULL;
}
if (ctx)
BN_CTX_free(ctx);
if (m)
BN_clear_free(m);
if (tmp)
BN_clear_free(tmp);
if (order)
BN_free(order);
if (kinv)
BN_clear_free(kinv);
return ret;
}
示例9: ecdsa_sign_setup
//.........这里部分代码省略.........
ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
}
while (BN_is_zero(k));
/*
* We do not want timing information to leak the length of k, so we
* compute G*k using an equivalent scalar of fixed bit-length.
*/
if (!BN_add(k, k, order))
goto err;
if (BN_num_bits(k) <= BN_num_bits(order))
if (!BN_add(k, k, order))
goto err;
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
NID_X9_62_prime_field) {
if (!EC_POINT_get_affine_coordinates_GFp
(group, tmp_point, X, NULL, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
}
#ifndef OPENSSL_NO_EC2M
else { /* NID_X9_62_characteristic_two_field */
if (!EC_POINT_get_affine_coordinates_GF2m(group,
tmp_point, X, NULL,
ctx)) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
}
#endif
if (!BN_nnmod(r, X, order, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
goto err;
}
}
while (BN_is_zero(r));
/* compute the inverse of k */
if (EC_GROUP_get_mont_data(group) != NULL) {
/*
* We want inverse in constant time, therefore we utilize the fact
* order must be prime and use Fermats Little Theorem instead.
*/
if (!BN_set_word(X, 2)) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
goto err;
}
if (!BN_mod_sub(X, order, X, order, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
goto err;
}
BN_set_flags(X, BN_FLG_CONSTTIME);
if (!BN_mod_exp_mont_consttime
(k, k, X, order, ctx, EC_GROUP_get_mont_data(group))) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
goto err;
}
} else {
if (!BN_mod_inverse(k, k, order, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
goto err;
}
}
/* clear old values if necessary */
if (*rp != NULL)
BN_clear_free(*rp);
if (*kinvp != NULL)
BN_clear_free(*kinvp);
/* save the pre-computed values */
*rp = r;
*kinvp = k;
ret = 1;
err:
if (!ret) {
if (k != NULL)
BN_clear_free(k);
if (r != NULL)
BN_clear_free(r);
}
if (ctx_in == NULL)
BN_CTX_free(ctx);
if (order != NULL)
BN_free(order);
EC_POINT_free(tmp_point);
if (X)
BN_clear_free(X);
return (ret);
}
示例10: __ops_elgamal_private_decrypt
int
__ops_elgamal_private_decrypt(uint8_t *out,
const uint8_t *g_to_k,
const uint8_t *in,
size_t length,
const __ops_elgamal_seckey_t *seckey,
const __ops_elgamal_pubkey_t *pubkey)
{
BIGNUM *bndiv;
BIGNUM *c1x;
BN_CTX *tmp;
BIGNUM *c1;
BIGNUM *c2;
BIGNUM *p;
BIGNUM *x;
BIGNUM *m;
int ret;
ret = 0;
/* c1 and c2 are in g_to_k and in, respectively*/
c1 = BN_bin2bn(g_to_k, (int)length, NULL);
c2 = BN_bin2bn(in, (int)length, NULL);
/* other bits */
p = pubkey->p;
x = seckey->x;
c1x = BN_new();
bndiv = BN_new();
m = BN_new();
tmp = BN_CTX_new();
if (!c1 || !c2 || !p || !x || !c1x || !bndiv || !m || !tmp) {
goto done;
}
/*
* m = c2 / (c1^x)
*/
if (!BN_mod_exp(c1x, c1, x, p, tmp)) {
goto done;
}
if (!BN_mod_inverse(bndiv, c1x, p, tmp)) {
goto done;
}
if (!BN_mod_mul(m, c2, bndiv, p, tmp)) {
goto done;
}
/* result */
ret = BN_bn2bin(m, out);
done:
if (tmp) {
BN_CTX_free(tmp);
}
if (m) {
BN_clear_free(m);
}
if (bndiv) {
BN_clear_free(bndiv);
}
if (c1x) {
BN_clear_free(c1x);
}
if (x) {
BN_clear_free(x);
}
if (p) {
BN_clear_free(p);
}
if (c1) {
BN_clear_free(c1);
}
if (c2) {
BN_clear_free(c2);
}
return ret;
}
示例11: __ops_elgamal_public_encrypt
int
__ops_elgamal_public_encrypt(uint8_t *g_to_k, uint8_t *encm,
const uint8_t *in,
size_t size,
const __ops_elgamal_pubkey_t *pubkey)
{
int ret = 0;
int k_bits;
BIGNUM *m;
BIGNUM *p;
BIGNUM *g;
BIGNUM *y;
BIGNUM *k;
BIGNUM *yk;
BIGNUM *c1;
BIGNUM *c2;
BN_CTX *tmp;
m = BN_bin2bn(in, (int)size, NULL);
p = pubkey->p;
g = pubkey->g;
y = pubkey->y;
k = BN_new();
yk = BN_new();
c1 = BN_new();
c2 = BN_new();
tmp = BN_CTX_new();
if (!m || !p || !g || !y || !k || !yk || !c1 || !c2 || !tmp) {
goto done;
}
/*
* generate k
*/
k_bits = decide_k_bits(BN_num_bits(p));
if (!BN_rand(k, k_bits, 0, 0)) {
goto done;
}
/*
* c1 = g^k c2 = m * y^k
*/
if (!BN_mod_exp(c1, g, k, p, tmp)) {
goto done;
}
if (!BN_mod_exp(yk, y, k, p, tmp)) {
goto done;
}
if (!BN_mod_mul(c2, m, yk, p, tmp)) {
goto done;
}
/* result */
BN_bn2bin(c1, g_to_k);
ret = BN_num_bytes(c1); /* c1 = g^k */
BN_bn2bin(c2, encm);
ret += BN_num_bytes(c2); /* c2 = m * y^k */
done:
if (tmp) {
BN_CTX_free(tmp);
}
if (c2) {
BN_clear_free(c2);
}
if (c1) {
BN_clear_free(c1);
}
if (yk) {
BN_clear_free(yk);
}
if (k) {
BN_clear_free(k);
}
if (g) {
BN_clear_free(g);
}
return ret;
}
示例12: ssl_ec_point_cleanup
static void ssl_ec_point_cleanup(SSL_ECDH_CTX *ctx) {
BIGNUM *private_key = (BIGNUM *)ctx->data;
BN_clear_free(private_key);
}
示例13: GOST_KEY_set_private_key
int GOST_KEY_set_private_key(GOST_KEY *key, const BIGNUM *priv_key)
{
BN_clear_free(key->priv_key);
key->priv_key = BN_dup(priv_key);
return (key->priv_key == NULL) ? 0 : 1;
}
示例14: BN_init
static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen,
DSA *dsa)
{
DSA_SIG *to_return = NULL;
int s_len = 160, r_len = 160, d_len, fd;
BIGNUM m, *r = NULL, *s = NULL;
BN_init(&m);
s = BN_new();
r = BN_new();
if ((s == NULL) || (r == NULL))
goto err;
d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);
if (!bn_wexpand(r, (160 + BN_BITS2 - 1) / BN_BITS2) ||
(!bn_wexpand(s, (160 + BN_BITS2 - 1) / BN_BITS2))) {
UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
goto err;
}
if (BN_bin2bn(dgst, dlen, &m) == NULL) {
UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
goto err;
}
if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
const DSA_METHOD *meth;
fd = 0;
UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_UNIT_FAILURE);
meth = DSA_OpenSSL();
to_return = meth->dsa_do_sign(dgst, dlen, dsa);
goto err;
}
if (p_UBSEC_dsa_sign_ioctl(fd,
/* compute hash before signing */
0, (unsigned char *)dgst, d_len, NULL,
/* compute random value */
0,
(unsigned char *)dsa->p->d,
BN_num_bits(dsa->p),
(unsigned char *)dsa->q->d,
BN_num_bits(dsa->q),
(unsigned char *)dsa->g->d,
BN_num_bits(dsa->g),
(unsigned char *)dsa->priv_key->d,
BN_num_bits(dsa->priv_key),
(unsigned char *)r->d, &r_len,
(unsigned char *)s->d, &s_len) != 0) {
const DSA_METHOD *meth;
UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_REQUEST_FAILED);
p_UBSEC_ubsec_close(fd);
meth = DSA_OpenSSL();
to_return = meth->dsa_do_sign(dgst, dlen, dsa);
goto err;
}
p_UBSEC_ubsec_close(fd);
r->top = (160 + BN_BITS2 - 1) / BN_BITS2;
s->top = (160 + BN_BITS2 - 1) / BN_BITS2;
to_return = DSA_SIG_new();
if (to_return == NULL) {
UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
goto err;
}
to_return->r = r;
to_return->s = s;
err:
if (!to_return) {
if (r)
BN_free(r);
if (s)
BN_free(s);
}
BN_clear_free(&m);
return to_return;
}
示例15: BN_new
//.........这里部分代码省略.........
} else {
if (!BN_mod_exp_mont(x, A, t, p, ctx, NULL)) {
goto end;
}
if (BN_is_zero(x)) {
// special case: a == 0 (mod p)
BN_zero(ret);
err = 0;
goto end;
}
}
// b := a*x^2 (= a^q)
if (!BN_mod_sqr(b, x, p, ctx) ||
!BN_mod_mul(b, b, A, p, ctx)) {
goto end;
}
// x := a*x (= a^((q+1)/2))
if (!BN_mod_mul(x, x, A, p, ctx)) {
goto end;
}
while (1) {
// Now b is a^q * y^k for some even k (0 <= k < 2^E
// where E refers to the original value of e, which we
// don't keep in a variable), and x is a^((q+1)/2) * y^(k/2).
//
// We have a*b = x^2,
// y^2^(e-1) = -1,
// b^2^(e-1) = 1.
if (BN_is_one(b)) {
if (!BN_copy(ret, x)) {
goto end;
}
err = 0;
goto vrfy;
}
// find smallest i such that b^(2^i) = 1
i = 1;
if (!BN_mod_sqr(t, b, p, ctx)) {
goto end;
}
while (!BN_is_one(t)) {
i++;
if (i == e) {
OPENSSL_PUT_ERROR(BN, BN_R_NOT_A_SQUARE);
goto end;
}
if (!BN_mod_mul(t, t, t, p, ctx)) {
goto end;
}
}
// t := y^2^(e - i - 1)
if (!BN_copy(t, y)) {
goto end;
}
for (j = e - i - 1; j > 0; j--) {
if (!BN_mod_sqr(t, t, p, ctx)) {
goto end;
}
}
if (!BN_mod_mul(y, t, t, p, ctx) ||
!BN_mod_mul(x, x, t, p, ctx) ||
!BN_mod_mul(b, b, y, p, ctx)) {
goto end;
}
e = i;
}
vrfy:
if (!err) {
// verify the result -- the input might have been not a square
// (test added in 0.9.8)
if (!BN_mod_sqr(x, ret, p, ctx)) {
err = 1;
}
if (!err && 0 != BN_cmp(x, A)) {
OPENSSL_PUT_ERROR(BN, BN_R_NOT_A_SQUARE);
err = 1;
}
}
end:
if (err) {
if (ret != in) {
BN_clear_free(ret);
}
ret = NULL;
}
BN_CTX_end(ctx);
return ret;
}