1 | =pod
|
---|
2 |
|
---|
3 | =head1 NAME
|
---|
4 |
|
---|
5 | BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
|
---|
6 | BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd -
|
---|
7 | arithmetic operations on BIGNUMs
|
---|
8 |
|
---|
9 | =head1 SYNOPSIS
|
---|
10 |
|
---|
11 | #include <openssl/bn.h>
|
---|
12 |
|
---|
13 | int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
|
---|
14 |
|
---|
15 | int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
|
---|
16 |
|
---|
17 | int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
|
---|
18 |
|
---|
19 | int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
|
---|
20 |
|
---|
21 | int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
|
---|
22 | BN_CTX *ctx);
|
---|
23 |
|
---|
24 | int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
|
---|
25 |
|
---|
26 | int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
|
---|
27 |
|
---|
28 | int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
|
---|
29 | BN_CTX *ctx);
|
---|
30 |
|
---|
31 | int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
|
---|
32 | BN_CTX *ctx);
|
---|
33 |
|
---|
34 | int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
|
---|
35 | BN_CTX *ctx);
|
---|
36 |
|
---|
37 | int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
|
---|
38 |
|
---|
39 | BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
|
---|
40 |
|
---|
41 | int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
|
---|
42 |
|
---|
43 | int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
|
---|
44 | const BIGNUM *m, BN_CTX *ctx);
|
---|
45 |
|
---|
46 | int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
|
---|
47 |
|
---|
48 | =head1 DESCRIPTION
|
---|
49 |
|
---|
50 | BN_add() adds I<a> and I<b> and places the result in I<r> (C<r=a+b>).
|
---|
51 | I<r> may be the same B<BIGNUM> as I<a> or I<b>.
|
---|
52 |
|
---|
53 | BN_sub() subtracts I<b> from I<a> and places the result in I<r> (C<r=a-b>).
|
---|
54 | I<r> may be the same B<BIGNUM> as I<a> or I<b>.
|
---|
55 |
|
---|
56 | BN_mul() multiplies I<a> and I<b> and places the result in I<r> (C<r=a*b>).
|
---|
57 | I<r> may be the same B<BIGNUM> as I<a> or I<b>.
|
---|
58 | For multiplication by powers of 2, use L<BN_lshift(3)>.
|
---|
59 |
|
---|
60 | BN_sqr() takes the square of I<a> and places the result in I<r>
|
---|
61 | (C<r=a^2>). I<r> and I<a> may be the same B<BIGNUM>.
|
---|
62 | This function is faster than BN_mul(r,a,a).
|
---|
63 |
|
---|
64 | BN_div() divides I<a> by I<d> and places the result in I<dv> and the
|
---|
65 | remainder in I<rem> (C<dv=a/d, rem=a%d>). Either of I<dv> and I<rem> may
|
---|
66 | be B<NULL>, in which case the respective value is not returned.
|
---|
67 | The result is rounded towards zero; thus if I<a> is negative, the
|
---|
68 | remainder will be zero or negative.
|
---|
69 | For division by powers of 2, use BN_rshift(3).
|
---|
70 |
|
---|
71 | BN_mod() corresponds to BN_div() with I<dv> set to B<NULL>.
|
---|
72 |
|
---|
73 | BN_nnmod() reduces I<a> modulo I<m> and places the nonnegative
|
---|
74 | remainder in I<r>.
|
---|
75 |
|
---|
76 | BN_mod_add() adds I<a> to I<b> modulo I<m> and places the nonnegative
|
---|
77 | result in I<r>.
|
---|
78 |
|
---|
79 | BN_mod_sub() subtracts I<b> from I<a> modulo I<m> and places the
|
---|
80 | nonnegative result in I<r>.
|
---|
81 |
|
---|
82 | BN_mod_mul() multiplies I<a> by I<b> and finds the nonnegative
|
---|
83 | remainder respective to modulus I<m> (C<r=(a*b) mod m>). I<r> may be
|
---|
84 | the same B<BIGNUM> as I<a> or I<b>. For more efficient algorithms for
|
---|
85 | repeated computations using the same modulus, see
|
---|
86 | L<BN_mod_mul_montgomery(3)> and
|
---|
87 | L<BN_mod_mul_reciprocal(3)>.
|
---|
88 |
|
---|
89 | BN_mod_sqr() takes the square of I<a> modulo B<m> and places the
|
---|
90 | result in I<r>.
|
---|
91 |
|
---|
92 | BN_mod_sqrt() returns the modular square root of I<a> such that
|
---|
93 | C<in^2 = a (mod p)>. The modulus I<p> must be a
|
---|
94 | prime, otherwise an error or an incorrect "result" will be returned.
|
---|
95 | The result is stored into I<in> which can be NULL. The result will be
|
---|
96 | newly allocated in that case.
|
---|
97 |
|
---|
98 | BN_exp() raises I<a> to the I<p>-th power and places the result in I<r>
|
---|
99 | (C<r=a^p>). This function is faster than repeated applications of
|
---|
100 | BN_mul().
|
---|
101 |
|
---|
102 | BN_mod_exp() computes I<a> to the I<p>-th power modulo I<m> (C<r=a^p %
|
---|
103 | m>). This function uses less time and space than BN_exp(). Do not call this
|
---|
104 | function when B<m> is even and any of the parameters have the
|
---|
105 | B<BN_FLG_CONSTTIME> flag set.
|
---|
106 |
|
---|
107 | BN_gcd() computes the greatest common divisor of I<a> and I<b> and
|
---|
108 | places the result in I<r>. I<r> may be the same B<BIGNUM> as I<a> or
|
---|
109 | I<b>.
|
---|
110 |
|
---|
111 | For all functions, I<ctx> is a previously allocated B<BN_CTX> used for
|
---|
112 | temporary variables; see L<BN_CTX_new(3)>.
|
---|
113 |
|
---|
114 | Unless noted otherwise, the result B<BIGNUM> must be different from
|
---|
115 | the arguments.
|
---|
116 |
|
---|
117 | =head1 RETURN VALUES
|
---|
118 |
|
---|
119 | The BN_mod_sqrt() returns the result (possibly incorrect if I<p> is
|
---|
120 | not a prime), or NULL.
|
---|
121 |
|
---|
122 | For all remaining functions, 1 is returned for success, 0 on error. The return
|
---|
123 | value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>).
|
---|
124 | The error codes can be obtained by L<ERR_get_error(3)>.
|
---|
125 |
|
---|
126 | =head1 SEE ALSO
|
---|
127 |
|
---|
128 | L<ERR_get_error(3)>, L<BN_CTX_new(3)>,
|
---|
129 | L<BN_add_word(3)>, L<BN_set_bit(3)>
|
---|
130 |
|
---|
131 | =head1 COPYRIGHT
|
---|
132 |
|
---|
133 | Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
|
---|
134 |
|
---|
135 | Licensed under the Apache License 2.0 (the "License"). You may not use
|
---|
136 | this file except in compliance with the License. You can obtain a copy
|
---|
137 | in the file LICENSE in the source distribution or at
|
---|
138 | L<https://www.openssl.org/source/license.html>.
|
---|
139 |
|
---|
140 | =cut
|
---|