OpenBSD manual page server

Manual Page Search Parameters
BN_MOD_MUL_MONTGOMERY(3) Library Functions Manual BN_MOD_MUL_MONTGOMERY(3)

BN_MONT_CTX_new, BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_set_locked, BN_MONT_CTX_copy, BN_mod_mul_montgomery, BN_from_montgomery, BN_to_montgomeryMontgomery multiplication

#include <openssl/bn.h>

BN_MONT_CTX *
BN_MONT_CTX_new(void);

void
BN_MONT_CTX_free(BN_MONT_CTX *mont);

int
BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);

BN_MONT_CTX *
BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, const BIGNUM *m, BN_CTX *ctx);

BN_MONT_CTX *
BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);

int
BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx);

int
BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx);

int
BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx);

These functions implement Montgomery multiplication. They are used automatically when BN_mod_exp(3) is called with suitable input, but they may be useful when several operations are to be performed using the same modulus.

() allocates and initializes a BN_MONT_CTX structure.

() sets up the mont structure from the modulus m by precomputing its inverse and a value R.

() is a wrapper around BN_MONT_CTX_new() and BN_MONT_CTX_set() that is useful if more than one thread intends to use the same BN_MONT_CTX and none of these threads is exclusively responsible for creating and initializing the context. BN_MONT_CTX_set_locked() first acquires the specified lock using CRYPTO_lock(3). If *pmont already differs from NULL, no action occurs. Otherwise, a new BN_MONT_CTX is allocated with BN_MONT_CTX_new(), set up with BN_MONT_CTX_set(), and a pointer to it is stored in *pmont. Finally, the lock is released.

() copies the BN_MONT_CTX from to to.

() frees the components of the BN_MONT_CTX, and, if it was created by BN_MONT_CTX_new(), also the structure itself. If mont is a NULL pointer, no action occurs.

() computes

Mont(a, b) := a * b * R^-1

and places the result in r.

() performs the Montgomery reduction

r = a * R^-1

() computes

Mont(a, R^2) = a * R

Note that a must be non-negative and smaller than the modulus.

For all functions, ctx is a previously allocated BN_CTX used for temporary variables.

: The inputs must be reduced modulo m, otherwise the result will be outside the expected range.

BN_MONT_CTX_new() returns the newly allocated BN_MONT_CTX or NULL on error.

BN_MONT_CTX_set_locked() returns a pointer to the existing or newly created context or NULL on error.

For the other functions, 1 is returned for success or 0 on error. The error codes can be obtained by ERR_get_error(3).

BN_add(3), BN_CTX_new(3), BN_new(3), CRYPTO_lock(3)

BN_MONT_CTX_new(), BN_MONT_CTX_free(), BN_MONT_CTX_set(), BN_mod_mul_montgomery(), BN_from_montgomery(), and BN_to_montgomery() first appeared in SSLeay 0.6.1 and have been available since OpenBSD 2.4.

BN_MONT_CTX_copy() first appeared in SSLeay 0.9.1 and has been available since OpenBSD 2.6.

BN_MONT_CTX_set_locked() first appeared in OpenSSL 0.9.8 and has been available since OpenBSD 4.0.

April 21, 2023 OpenBSD-current