Manual Page Search Parameters


BN_MONT_CTX_new, BN_MONT_CTX_init, BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, BN_mod_mul_montgomery, BN_from_montgomery, BN_to_montgomery
Montgomery multiplication

#include <openssl/bn.h>
BN_MONT_CTX_free(BN_MONT_CTX *mont);
BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx);
BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx);
BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx);

These functions implement Montgomery multiplication. They are used automatically when BN_mod_exp(3) is called with suitable input, but they may be useful when several operations are to be performed using the same modulus.
BN_MONT_CTX_new() allocates and initializes a BN_MONT_CTX structure.
BN_MONT_CTX_init() initializes an existing uninitialized BN_MONT_CTX. It is deprecated and dangerous: see CAVEATS.
BN_MONT_CTX_set() sets up the mont structure from the modulus m by precomputing its inverse and a value R.
BN_MONT_CTX_copy() copies the BN_MONT_CTX from to to.
BN_MONT_CTX_free() frees the components of the BN_MONT_CTX, and, if it was created by BN_MONT_CTX_new(), also the structure itself. If mont is a NULL pointer, no action occurs.
BN_mod_mul_montgomery() computes
Mont(a, b) := a * b * R^-1
and places the result in r.
BN_from_montgomery() performs the Montgomery reduction
r = a * R^-1
BN_to_montgomery() computes
Mont(a, R^2) = a * R
Note that a must be non-negative and smaller than the modulus.
For all functions, ctx is a previously allocated BN_CTX used for temporary variables.
The BN_MONT_CTX structure is defined as follows:
typedef struct bn_mont_ctx_st { 
	int ri;		/* number of bits in R */ 
	BIGNUM RR;	/* R^2 (used to convert to Montgomery form) */ 
	BIGNUM N;	/* The modulus */ 
	BIGNUM Ni;	/* R*(1/R mod N) - N*Ni = 1 
			 * (Ni is only stored for bignum algorithm) */ 
	BN_ULONG n0;	/* least significant word of Ni */ 
	int flags; 
BN_to_montgomery() is a macro.
Warning: The inputs must be reduced modulo m, otherwise the result will be outside the expected range.

BN_MONT_CTX_new() returns the newly allocated BN_MONT_CTX or NULL on error.
For the other functions, 1 is returned for success or 0 on error. The error codes can be obtained by ERR_get_error(3).

BN_add(3), BN_CTX_new(3), BN_new(3)

BN_MONT_CTX_new(), BN_MONT_CTX_free(), BN_MONT_CTX_set(), BN_mod_mul_montgomery(), BN_from_montgomery(), and BN_to_montgomery() first appeared in SSLeay 0.6.1 and have been available since OpenBSD 2.4.
BN_MONT_CTX_init() and BN_MONT_CTX_copy() first appeared in SSLeay 0.9.1 and have been available since OpenBSD 2.6.

BN_MONT_CTX_init() must not be called on a context that was used previously, or memory used by the embedded BIGNUM structures is leaked immediately. Besides, it must not be called on a context created with BN_MONT_CTX_new(), or the context itself will likely be leaked later. It can only be used on a static BN_MONT_CTX structure, on one located on the stack, or on one malloc(3)'ed manually, but all these options are discouraged because they will no longer work once BN_MONT_CTX is made opaque.
March 27, 2018 OpenBSD-current