DragonFly On-Line Manual Pages
bn(3) OpenSSL bn(3)
NAME
bn - multiprecision integer arithmetics
SYNOPSIS
#include <openssl/bn.h>
BIGNUM *BN_new(void);
void BN_free(BIGNUM *a);
void BN_init(BIGNUM *);
void BN_clear(BIGNUM *a);
void BN_clear_free(BIGNUM *a);
BN_CTX *BN_CTX_new(void);
void BN_CTX_init(BN_CTX *c);
void BN_CTX_free(BN_CTX *c);
BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
BIGNUM *BN_dup(const BIGNUM *a);
BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b);
int BN_num_bytes(const BIGNUM *a);
int BN_num_bits(const BIGNUM *a);
int BN_num_bits_word(BN_ULONG w);
void BN_set_negative(BIGNUM *a, int n);
int BN_is_negative(const BIGNUM *a);
int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
BN_CTX *ctx);
int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
BN_CTX *ctx);
int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
BN_CTX *ctx);
int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
BN_CTX *ctx);
int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
int BN_add_word(BIGNUM *a, BN_ULONG w);
int BN_sub_word(BIGNUM *a, BN_ULONG w);
int BN_mul_word(BIGNUM *a, BN_ULONG w);
BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
int BN_cmp(BIGNUM *a, BIGNUM *b);
int BN_ucmp(BIGNUM *a, BIGNUM *b);
int BN_is_zero(BIGNUM *a);
int BN_is_one(BIGNUM *a);
int BN_is_word(BIGNUM *a, BN_ULONG w);
int BN_is_odd(BIGNUM *a);
int BN_zero(BIGNUM *a);
int BN_one(BIGNUM *a);
const BIGNUM *BN_value_one(void);
int BN_set_word(BIGNUM *a, unsigned long w);
unsigned long BN_get_word(BIGNUM *a);
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
int BN_is_prime(const BIGNUM *p, int nchecks,
void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
int BN_set_bit(BIGNUM *a, int n);
int BN_clear_bit(BIGNUM *a, int n);
int BN_is_bit_set(const BIGNUM *a, int n);
int BN_mask_bits(BIGNUM *a, int n);
int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
int BN_lshift1(BIGNUM *r, BIGNUM *a);
int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
int BN_rshift1(BIGNUM *r, BIGNUM *a);
int BN_bn2bin(const BIGNUM *a, unsigned char *to);
BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
char *BN_bn2hex(const BIGNUM *a);
char *BN_bn2dec(const BIGNUM *a);
int BN_hex2bn(BIGNUM **a, const char *str);
int BN_dec2bn(BIGNUM **a, const char *str);
int BN_print(BIO *fp, const BIGNUM *a);
int BN_print_fp(FILE *fp, const BIGNUM *a);
int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
BN_CTX *ctx);
BN_RECP_CTX *BN_RECP_CTX_new(void);
void BN_RECP_CTX_init(BN_RECP_CTX *recp);
void BN_RECP_CTX_free(BN_RECP_CTX *recp);
int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
BN_RECP_CTX *recp, BN_CTX *ctx);
BN_MONT_CTX *BN_MONT_CTX_new(void);
void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
void BN_MONT_CTX_free(BN_MONT_CTX *mont);
int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
BN_MONT_CTX *mont, BN_CTX *ctx);
int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
BN_CTX *ctx);
int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
BN_CTX *ctx);
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
BIGNUM *mod);
void BN_BLINDING_free(BN_BLINDING *b);
int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
BN_CTX *ctx);
int BN_BLINDING_invert_ex(BIGNUM *n,const BIGNUM *r,BN_BLINDING *b,
BN_CTX *ctx);
unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
BN_MONT_CTX *m_ctx);
DESCRIPTION
This library performs arithmetic operations on integers of arbitrary
size. It was written for use in public key cryptography, such as RSA
and Diffie-Hellman.
It uses dynamic memory allocation for storing its data structures.
That means that there is no limit on the size of the numbers
manipulated by these functions, but return values must always be
checked in case a memory allocation error has occurred.
The basic object in this library is a BIGNUM. It is used to hold a
single large integer. This type should be considered opaque and fields
should not be modified or accessed directly.
The creation of BIGNUM objects is described in BN_new(3); BN_add(3)
describes most of the arithmetic operations. Comparison is described
in BN_cmp(3); BN_zero(3) describes certain assignments, BN_rand(3) the
generation of random numbers, BN_generate_prime(3) deals with prime
numbers and BN_set_bit(3) with bit operations. The conversion of
BIGNUMs to external formats is described in BN_bn2bin(3).
SEE ALSO
bn_internal(3), dh(3), err(3), rand(3), rsa(3), BN_new(3),
BN_CTX_new(3), BN_copy(3), BN_swap(3), BN_num_bytes(3), BN_add(3),
BN_add_word(3), BN_cmp(3), BN_zero(3), BN_rand(3),
BN_generate_prime(3), BN_set_bit(3), BN_bn2bin(3), BN_mod_inverse(3),
BN_mod_mul_reciprocal(3), BN_mod_mul_montgomery(3), BN_BLINDING_new(3)
1.0.2h 2016-05-03 bn(3)
bn_internal(3) OpenSSL bn_internal(3)
NAME
bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8,
bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
bn_mul_low_recursive, bn_mul_high, bn_sqr_normal, bn_sqr_recursive,
bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top, bn_print,
bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM library internal
functions
SYNOPSIS
#include <openssl/bn.h>
BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
BN_ULONG w);
void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
int num);
BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
int num);
void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a);
void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a);
int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n);
void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b,
int nb);
void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
int dna,int dnb,BN_ULONG *tmp);
void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
int n, int tna,int tnb, BN_ULONG *tmp);
void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
int n2, BN_ULONG *tmp);
void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l,
int n2, BN_ULONG *tmp);
void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
BIGNUM *bn_expand(BIGNUM *a, int bits);
BIGNUM *bn_wexpand(BIGNUM *a, int n);
BIGNUM *bn_expand2(BIGNUM *a, int n);
void bn_fix_top(BIGNUM *a);
void bn_check_top(BIGNUM *a);
void bn_print(BIGNUM *a);
void bn_dump(BN_ULONG *d, int n);
void bn_set_max(BIGNUM *a);
void bn_set_high(BIGNUM *r, BIGNUM *a, int n);
void bn_set_low(BIGNUM *r, BIGNUM *a, int n);
DESCRIPTION
This page documents the internal functions used by the OpenSSL BIGNUM
implementation. They are described here to facilitate debugging and
extending the library. They are not to be used by applications.
The BIGNUM structure
typedef struct bignum_st BIGNUM;
struct bignum_st
{
BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
int top; /* Index of last used d +1. */
/* The next are internal book keeping for bn_expand. */
int dmax; /* Size of the d array. */
int neg; /* one if the number is negative */
int flags;
};
The integer value is stored in d, a malloc()ed array of words
(BN_ULONG), least significant word first. A BN_ULONG can be either 16,
32 or 64 bits in size, depending on the 'number of bits' (BITS2)
specified in "openssl/bn.h".
dmax is the size of the d array that has been allocated. top is the
number of words being used, so for a value of 4, bn.d[0]=4 and
bn.top=1. neg is 1 if the number is negative. When a BIGNUM is 0, the
d field can be NULL and top == 0.
flags is a bit field of flags which are defined in "openssl/bn.h". The
flags begin with BN_FLG_. The macros BN_set_flags(b,n) and
BN_get_flags(b,n) exist to enable or fetch flag(s) n from BIGNUM
structure b.
Various routines in this library require the use of temporary BIGNUM
variables during their execution. Since dynamic memory allocation to
create BIGNUMs is rather expensive when used in conjunction with
repeated subroutine calls, the BN_CTX structure is used. This
structure contains BN_CTX_NUM BIGNUMs, see BN_CTX_start(3).
Low-level arithmetic operations
These functions are implemented in C and for several platforms in
assembly language:
bn_mul_words(rp, ap, num, w) operates on the num word arrays rp and ap.
It computes ap * w, places the result in rp, and returns the high word
(carry).
bn_mul_add_words(rp, ap, num, w) operates on the num word arrays rp and
ap. It computes ap * w + rp, places the result in rp, and returns the
high word (carry).
bn_sqr_words(rp, ap, n) operates on the num word array ap and the 2*num
word array ap. It computes ap * ap word-wise, and places the low and
high bytes of the result in rp.
bn_div_words(h, l, d) divides the two word number (h,l) by d and
returns the result.
bn_add_words(rp, ap, bp, num) operates on the num word arrays ap, bp
and rp. It computes ap + bp, places the result in rp, and returns the
high word (carry).
bn_sub_words(rp, ap, bp, num) operates on the num word arrays ap, bp
and rp. It computes ap - bp, places the result in rp, and returns the
carry (1 if bp > ap, 0 otherwise).
bn_mul_comba4(r, a, b) operates on the 4 word arrays a and b and the 8
word array r. It computes a*b and places the result in r.
bn_mul_comba8(r, a, b) operates on the 8 word arrays a and b and the 16
word array r. It computes a*b and places the result in r.
bn_sqr_comba4(r, a, b) operates on the 4 word arrays a and b and the 8
word array r.
bn_sqr_comba8(r, a, b) operates on the 8 word arrays a and b and the 16
word array r.
The following functions are implemented in C:
bn_cmp_words(a, b, n) operates on the n word arrays a and b. It
returns 1, 0 and -1 if a is greater than, equal and less than b.
bn_mul_normal(r, a, na, b, nb) operates on the na word array a, the nb
word array b and the na+nb word array r. It computes a*b and places
the result in r.
bn_mul_low_normal(r, a, b, n) operates on the n word arrays r, a and b.
It computes the n low words of a*b and places the result in r.
bn_mul_recursive(r, a, b, n2, dna, dnb, t) operates on the word arrays
a and b of length n2+dna and n2+dnb (dna and dnb are currently allowed
to be 0 or negative) and the 2*n2 word arrays r and t. n2 must be a
power of 2. It computes a*b and places the result in r.
bn_mul_part_recursive(r, a, b, n, tna, tnb, tmp) operates on the word
arrays a and b of length n+tna and n+tnb and the 4*n word arrays r and
tmp.
bn_mul_low_recursive(r, a, b, n2, tmp) operates on the n2 word arrays r
and tmp and the n2/2 word arrays a and b.
bn_mul_high(r, a, b, l, n2, tmp) operates on the n2 word arrays r, a, b
and l (?) and the 3*n2 word array tmp.
BN_mul() calls bn_mul_normal(), or an optimized implementation if the
factors have the same size: bn_mul_comba8() is used if they are 8 words
long, bn_mul_recursive() if they are larger than BN_MULL_SIZE_NORMAL
and the size is an exact multiple of the word size, and
bn_mul_part_recursive() for others that are larger than
BN_MULL_SIZE_NORMAL.
bn_sqr_normal(r, a, n, tmp) operates on the n word array a and the 2*n
word arrays tmp and r.
The implementations use the following macros which, depending on the
architecture, may use "long long" C operations or inline assembler.
They are defined in "bn_lcl.h".
mul(r, a, w, c) computes w*a+c and places the low word of the result in
r and the high word in c.
mul_add(r, a, w, c) computes w*a+r+c and places the low word of the
result in r and the high word in c.
sqr(r0, r1, a) computes a*a and places the low word of the result in r0
and the high word in r1.
Size changes
bn_expand() ensures that b has enough space for a bits bit number.
bn_wexpand() ensures that b has enough space for an n word number. If
the number has to be expanded, both macros call bn_expand2(), which
allocates a new d array and copies the data. They return NULL on
error, b otherwise.
The bn_fix_top() macro reduces a->top to point to the most significant
non-zero word plus one when a has shrunk.
Debugging
bn_check_top() verifies that "((a)->top >= 0 && (a)->top <=
(a)->dmax)". A violation will cause the program to abort.
bn_print() prints a to stderr. bn_dump() prints n words at d (in
reverse order, i.e. most significant word first) to stderr.
bn_set_max() makes a a static number with a dmax of its current size.
This is used by bn_set_low() and bn_set_high() to make r a read-only
BIGNUM that contains the n low or high words of a.
If BN_DEBUG is not defined, bn_check_top(), bn_print(), bn_dump() and
bn_set_max() are defined as empty macros.
SEE ALSO
bn(3)
1.0.2h 2016-05-03 bn_internal(3)