BN_MOD_MUL_MONTGOMERY(3) | Library Functions Manual | BN_MOD_MUL_MONTGOMERY(3) |

`BN_MONT_CTX_new`

,
`BN_MONT_CTX_init`

,
`BN_MONT_CTX_free`

,
`BN_MONT_CTX_set`

,
`BN_MONT_CTX_copy`

,
`BN_mod_mul_montgomery`

,
`BN_from_montgomery`

,
`BN_to_montgomery`

—
Montgomery multiplication

```
#include
<openssl/bn.h>
```

`BN_MONT_CTX *`

`BN_MONT_CTX_new`

(`void`);

`void`

`BN_MONT_CTX_init`

(`BN_MONT_CTX
*ctx`);

`void`

`BN_MONT_CTX_free`

(`BN_MONT_CTX
*mont`);

`int`

`BN_MONT_CTX_set`

(`BN_MONT_CTX
*mont`, `const BIGNUM *m`, `BN_CTX
*ctx`);

`BN_MONT_CTX *`

`BN_MONT_CTX_copy`

(`BN_MONT_CTX
*to`, `BN_MONT_CTX *from`);

`int`

`BN_mod_mul_montgomery`

(`BIGNUM *r`,
`BIGNUM *a`, `BIGNUM *b`,
`BN_MONT_CTX *mont`, `BN_CTX
*ctx`);

`int`

`BN_from_montgomery`

(`BIGNUM *r`,
`BIGNUM *a`, `BN_MONT_CTX *mont`,
`BN_CTX *ctx`);

`int`

`BN_to_montgomery`

(`BIGNUM *r`,
`BIGNUM *a`, `BN_MONT_CTX *mont`,
`BN_CTX *ctx`);

These functions implement Montgomery multiplication. They are used automatically when BN_mod_exp(3) is called with suitable input, but they may be useful when several operations are to be performed using the same modulus.

`BN_MONT_CTX_new`

()
allocates and initializes a `BN_MONT_CTX` structure.

`BN_MONT_CTX_init`

()
initializes an existing uninitialized `BN_MONT_CTX`. It
is deprecated and dangerous: see
CAVEATS.

`BN_MONT_CTX_set`

()
sets up the `mont` structure from the modulus
`m` by precomputing its inverse and a value R.

`BN_MONT_CTX_copy`

()
copies the `BN_MONT_CTX` `from` to
`to`.

`BN_MONT_CTX_free`

()
frees the components of the `BN_MONT_CTX`, and, if it
was created by `BN_MONT_CTX_new`

(), also the structure
itself. If `mont` is a `NULL`

pointer, no action occurs.

`BN_mod_mul_montgomery`

()
computes

Mont(`a`, `b`)
:= `a` * `b`
* R^-1

and places the result in `r`.

`BN_from_montgomery`

()
performs the Montgomery reduction

`BN_to_montgomery`

()
computes

Mont(`a`,
R^2) = `a` *
R

Note that `a` must be non-negative and smaller
than the modulus.

For all functions, `ctx` is a previously
allocated `BN_CTX` used for temporary variables.

The `BN_MONT_CTX` structure is defined as
follows:

typedef struct bn_mont_ctx_st { int ri; /* number of bits in R */ BIGNUM RR; /* R^2 (used to convert to Montgomery form) */ BIGNUM N; /* The modulus */ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 * (Ni is only stored for bignum algorithm) */ BN_ULONG n0; /* least significant word of Ni */ int flags; } BN_MONT_CTX;

`BN_to_montgomery`

()
is a macro.

**Warning**:
The inputs must be reduced modulo `m`, otherwise the
result will be outside the expected range.

`BN_MONT_CTX_new`

() returns the newly
allocated `BN_MONT_CTX` or `NULL`

on error.

For the other functions, 1 is returned for success or 0 on error. The error codes can be obtained by ERR_get_error(3).

`BN_MONT_CTX_new`

(),
`BN_MONT_CTX_free`

(),
`BN_MONT_CTX_set`

(),
`BN_mod_mul_montgomery`

(),
`BN_from_montgomery`

(), and
`BN_to_montgomery`

() first appeared in SSLeay 0.6.1
and have been available since OpenBSD 2.4.

`BN_MONT_CTX_init`

() and
`BN_MONT_CTX_copy`

() first appeared in SSLeay 0.9.1
and have been available since OpenBSD 2.6.

`BN_MONT_CTX_init`

() must not be called on a
context that was used previously, or memory used by the embedded
`BIGNUM` structures is leaked immediately. Besides, it
must not be called on a context created with
`BN_MONT_CTX_new`

(), or the context itself will likely
be leaked later. It can only be used on a static
`BN_MONT_CTX` structure, on one located on the stack, or
on one malloc(3)'ed manually, but all
these options are discouraged because they will no longer work once
`BN_MONT_CTX` is made opaque.

March 27, 2018 | OpenBSD-current |