BN_MOD_MUL_MONTGOMERY(3) | Library Functions Manual | BN_MOD_MUL_MONTGOMERY(3) |

`BN_MONT_CTX_new`

,
`BN_MONT_CTX_init`

,
`BN_MONT_CTX_free`

,
`BN_MONT_CTX_set`

,
`BN_MONT_CTX_copy`

,
`BN_mod_mul_montgomery`

,
`BN_from_montgomery`

,
`BN_to_montgomery`

—
Montgomery multiplication

```
#include
<openssl/bn.h>
```

`BN_MONT_CTX *`

`BN_MONT_CTX_new`

(`void`);

`void`

`BN_MONT_CTX_init`

(`BN_MONT_CTX
*ctx`);

`void`

`BN_MONT_CTX_free`

(`BN_MONT_CTX
*mont`);

`int`

`BN_MONT_CTX_set`

(`BN_MONT_CTX
*mont`, `const BIGNUM *m`, `BN_CTX
*ctx`);

`BN_MONT_CTX *`

`BN_MONT_CTX_copy`

(`BN_MONT_CTX
*to`, `BN_MONT_CTX *from`);

`int`

`BN_mod_mul_montgomery`

(`BIGNUM *r`,
`BIGNUM *a`, `BIGNUM *b`,
`BN_MONT_CTX *mont`, `BN_CTX
*ctx`);

`int`

`BN_from_montgomery`

(`BIGNUM *r`,
`BIGNUM *a`, `BN_MONT_CTX *mont`,
`BN_CTX *ctx`);

`int`

`BN_to_montgomery`

(`BIGNUM *r`,
`BIGNUM *a`, `BN_MONT_CTX *mont`,
`BN_CTX *ctx`);

These functions implement Montgomery multiplication. They are used automatically when BN_mod_exp(3) is called with suitable input, but they may be useful when several operations are to be performed using the same modulus.

`BN_MONT_CTX_new`

() allocates and
initializes a `BN_MONT_CTX` structure.

`BN_MONT_CTX_init`

() initializes an existing
uninitialized `BN_MONT_CTX`. It is deprecated and
dangerous: see CAVEATS.

`BN_MONT_CTX_set`

() sets up the
`mont` structure from the modulus
`m` by precomputing its inverse and a value R.

`BN_MONT_CTX_copy`

() copies the
`BN_MONT_CTX` `from` to
`to`.

`BN_MONT_CTX_free`

() frees the components of
the `BN_MONT_CTX`, and, if it was created by
`BN_MONT_CTX_new`

(), also the structure itself. If
`mont` is a `NULL`

pointer, no
action occurs.

`BN_mod_mul_montgomery`

() computes

Mont(`a`, `b`)
:= `a` * `b`
* R^-1

and places the result in `r`.

`BN_from_montgomery`

() performs the
Montgomery reduction

`BN_to_montgomery`

() computes

Mont(`a`,
R^2) = `a` *
R

Note that `a` must be non-negative and smaller
than the modulus.

For all functions, `ctx` is a previously
allocated `BN_CTX` used for temporary variables.

The `BN_MONT_CTX` structure is defined as
follows:

typedef struct bn_mont_ctx_st { int ri; /* number of bits in R */ BIGNUM RR; /* R^2 (used to convert to Montgomery form) */ BIGNUM N; /* The modulus */ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 * (Ni is only stored for bignum algorithm) */ BN_ULONG n0; /* least significant word of Ni */ int flags; } BN_MONT_CTX;

`BN_to_montgomery`

() is a macro.

**Warning**: The inputs must be reduced modulo
`m`, otherwise the result will be outside the expected
range.

`BN_MONT_CTX_new`

() returns the newly
allocated `BN_MONT_CTX` or `NULL`

on error.

For the other functions, 1 is returned for success or 0 on error. The error codes can be obtained by ERR_get_error(3).

`BN_MONT_CTX_new`

(),
`BN_MONT_CTX_free`

(),
`BN_MONT_CTX_set`

(),
`BN_mod_mul_montgomery`

(),
`BN_from_montgomery`

(), and
`BN_to_montgomery`

() first appeared in SSLeay 0.6.1
and have been available since OpenBSD 2.4.

`BN_MONT_CTX_init`

() and
`BN_MONT_CTX_copy`

() first appeared in SSLeay 0.9.1
and have been available since OpenBSD 2.6.

`BN_MONT_CTX_init`

() must not be called on a
context that was used previously, or memory used by the embedded
`BIGNUM` structures is leaked immediately. Besides, it
must not be called on a context created with
`BN_MONT_CTX_new`

(), or the context itself will likely
be leaked later. It can only be used on a static
`BN_MONT_CTX` structure, on one located on the stack, or
on one malloc(3)'ed manually, but all
these options are discouraged because they will no longer work once
`BN_MONT_CTX` is made opaque.

March 27, 2018 | OpenBSD-current |