## NAME

`BN_MONT_CTX_new`

,
`BN_MONT_CTX_init`

,
`BN_MONT_CTX_free`

,
`BN_MONT_CTX_set`

,
`BN_MONT_CTX_set_locked`

,
`BN_MONT_CTX_copy`

,
`BN_mod_mul_montgomery`

,
`BN_from_montgomery`

,
`BN_to_montgomery`

—
Montgomery multiplication

## SYNOPSIS

```
#include
<openssl/bn.h>
```

`BN_MONT_CTX *`

`BN_MONT_CTX_new`

(`void`);

`void`

`BN_MONT_CTX_init`

(`BN_MONT_CTX
*ctx`);

`void`

`BN_MONT_CTX_free`

(`BN_MONT_CTX
*mont`);

`int`

`BN_MONT_CTX_set`

(`BN_MONT_CTX
*mont`, `const BIGNUM *m`, `BN_CTX
*ctx`);

`BN_MONT_CTX *`

`BN_MONT_CTX_set_locked`

(`BN_MONT_CTX
**pmont`, `int lock`, `const BIGNUM
*m`, `BN_CTX *ctx`);

`BN_MONT_CTX *`

`BN_MONT_CTX_copy`

(`BN_MONT_CTX
*to`, `BN_MONT_CTX *from`);

`int`

`BN_mod_mul_montgomery`

(`BIGNUM *r`,
`const BIGNUM *a`, `const BIGNUM
*b`, `BN_MONT_CTX *mont`, `BN_CTX
*ctx`);

`int`

`BN_from_montgomery`

(`BIGNUM *r`,
`const BIGNUM *a`, `BN_MONT_CTX
*mont`, `BN_CTX *ctx`);

`int`

`BN_to_montgomery`

(`BIGNUM *r`,
`const BIGNUM *a`, `BN_MONT_CTX
*mont`, `BN_CTX *ctx`);

## DESCRIPTION

These functions implement Montgomery multiplication. They are used automatically when BN_mod_exp(3) is called with suitable input, but they may be useful when several operations are to be performed using the same modulus.

`BN_MONT_CTX_new`

()
allocates and initializes a `BN_MONT_CTX` structure.

`BN_MONT_CTX_init`

()
initializes an existing uninitialized `BN_MONT_CTX`. It
is deprecated and dangerous: see
CAVEATS.

`BN_MONT_CTX_set`

()
sets up the `mont` structure from the modulus
`m` by precomputing its inverse and a value R.

`BN_MONT_CTX_set_locked`

()
is a wrapper around `BN_MONT_CTX_new`

() and
`BN_MONT_CTX_set`

() that is useful if more than one
thread intends to use the same `BN_MONT_CTX` and none of
these threads is exclusively responsible for creating and initializing the
context. `BN_MONT_CTX_set_locked`

() first acquires the
specified `lock` using
CRYPTO_lock(3). If *`pmont` already differs from
`NULL`

, no action occurs. Otherwise, a new
`BN_MONT_CTX` is allocated with
`BN_MONT_CTX_new`

(), set up with
`BN_MONT_CTX_set`

(), and a pointer to it is stored in
*`pmont`. Finally, the `lock` is
released.

`BN_MONT_CTX_copy`

()
copies the `BN_MONT_CTX` `from` to
`to`.

`BN_MONT_CTX_free`

()
frees the components of the `BN_MONT_CTX`, and, if it
was created by `BN_MONT_CTX_new`

(), also the structure
itself. If `mont` is a `NULL`

pointer, no action occurs.

`BN_mod_mul_montgomery`

()
computes

`a`,

`b`) :=

`a`*

`b`* R^-1

and places the result in `r`.

`BN_from_montgomery`

()
performs the Montgomery reduction

`r`=

`a`* R^-1

`BN_to_montgomery`

()
computes

`a`, R^2) =

`a`* R

Note that `a` must be non-negative and smaller
than the modulus.

For all functions, `ctx` is a previously
allocated `BN_CTX` used for temporary variables.

The `BN_MONT_CTX` structure is defined as
follows:

typedef struct bn_mont_ctx_st { int ri; /* number of bits in R */ BIGNUM RR; /* R^2 (used to convert to Montgomery form) */ BIGNUM N; /* The modulus */ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 * (Ni is only stored for bignum algorithm) */ BN_ULONG n0; /* least significant word of Ni */ int flags; } BN_MONT_CTX;

**Warning**:
The inputs must be reduced modulo `m`, otherwise the
result will be outside the expected range.

## RETURN VALUES

`BN_MONT_CTX_new`

() returns the newly
allocated `BN_MONT_CTX` or `NULL`

on error.

`BN_MONT_CTX_set_locked`

() returns a pointer
to the existing or newly created context or `NULL`

on
error.

For the other functions, 1 is returned for success or 0 on error. The error codes can be obtained by ERR_get_error(3).

## SEE ALSO

## HISTORY

`BN_MONT_CTX_new`

(),
`BN_MONT_CTX_free`

(),
`BN_MONT_CTX_set`

(),
`BN_mod_mul_montgomery`

(),
`BN_from_montgomery`

(), and
`BN_to_montgomery`

() first appeared in SSLeay 0.6.1
and have been available since OpenBSD 2.4.

`BN_MONT_CTX_init`

() and
`BN_MONT_CTX_copy`

() first appeared in SSLeay 0.9.1
and have been available since OpenBSD 2.6.

`BN_MONT_CTX_set_locked`

() first appeared in
OpenSSL 0.9.8 and has been available since OpenBSD
4.0.

## CAVEATS

`BN_MONT_CTX_init`

() must not be called on a
context that was used previously, or memory used by the embedded
`BIGNUM` structures is leaked immediately. Besides, it
must not be called on a context created with
`BN_MONT_CTX_new`

(), or the context itself will likely
be leaked later. It can only be used on a static
`BN_MONT_CTX` structure, on one located on the stack, or
on one malloc(3)'ed manually, but all these options are discouraged because
they will no longer work once `BN_MONT_CTX` is made
opaque.