1 /* 2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 * 5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 * this file except in compliance with the License. You can obtain a copy 7 * in the file LICENSE in the source distribution or at 8 * https://www.openssl.org/source/license.html 9 */ 10 11 #ifndef OPENSSL_BN_H 12 #define OPENSSL_BN_H 13 #pragma once 14 15 #include <openssl/macros.h> 16 #ifndef OPENSSL_NO_DEPRECATED_3_0 17 #define HEADER_BN_H 18 #endif 19 20 #include <openssl/e_os2.h> 21 #ifndef OPENSSL_NO_STDIO 22 #include <stdio.h> 23 #endif 24 #include <openssl/opensslconf.h> 25 #include <openssl/types.h> 26 #include <openssl/crypto.h> 27 #include <openssl/bnerr.h> 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 /* 34 * 64-bit processor with LP64 ABI 35 */ 36 #ifdef SIXTY_FOUR_BIT_LONG 37 #define BN_ULONG unsigned long 38 #define BN_BYTES 8 39 #endif 40 41 /* 42 * 64-bit processor other than LP64 ABI 43 */ 44 #ifdef SIXTY_FOUR_BIT 45 #define BN_ULONG unsigned long long 46 #define BN_BYTES 8 47 #endif 48 49 #ifdef THIRTY_TWO_BIT 50 #define BN_ULONG unsigned int 51 #define BN_BYTES 4 52 #endif 53 54 #define BN_BITS2 (BN_BYTES * 8) 55 #define BN_BITS (BN_BITS2 * 2) 56 #define BN_TBIT ((BN_ULONG)1 << (BN_BITS2 - 1)) 57 58 #define BN_FLG_MALLOCED 0x01 59 #define BN_FLG_STATIC_DATA 0x02 60 61 /* 62 * avoid leaking exponent information through timing, 63 * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, 64 * BN_div() will call BN_div_no_branch, 65 * BN_mod_inverse() will call bn_mod_inverse_no_branch. 66 */ 67 #define BN_FLG_CONSTTIME 0x04 68 #define BN_FLG_SECURE 0x08 69 70 #ifndef OPENSSL_NO_DEPRECATED_0_9_8 71 /* deprecated name for the flag */ 72 #define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME 73 #define BN_FLG_FREE 0x8000 /* used for debugging */ 74 #endif 75 76 void BN_set_flags(BIGNUM *b, int n); 77 int BN_get_flags(const BIGNUM *b, int n); 78 79 /* Values for |top| in BN_rand() */ 80 #define BN_RAND_TOP_ANY -1 81 #define BN_RAND_TOP_ONE 0 82 #define BN_RAND_TOP_TWO 1 83 84 /* Values for |bottom| in BN_rand() */ 85 #define BN_RAND_BOTTOM_ANY 0 86 #define BN_RAND_BOTTOM_ODD 1 87 88 /* 89 * get a clone of a BIGNUM with changed flags, for *temporary* use only (the 90 * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The 91 * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that 92 * has not been otherwise initialised or used. 93 */ 94 void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); 95 96 /* Wrapper function to make using BN_GENCB easier */ 97 int BN_GENCB_call(BN_GENCB *cb, int a, int b); 98 99 BN_GENCB *BN_GENCB_new(void); 100 void BN_GENCB_free(BN_GENCB *cb); 101 102 /* Populate a BN_GENCB structure with an "old"-style callback */ 103 void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback)(int, int, void *), 104 void *cb_arg); 105 106 /* Populate a BN_GENCB structure with a "new"-style callback */ 107 void BN_GENCB_set(BN_GENCB *gencb, int (*callback)(int, int, BN_GENCB *), 108 void *cb_arg); 109 110 void *BN_GENCB_get_arg(BN_GENCB *cb); 111 112 #ifndef OPENSSL_NO_DEPRECATED_3_0 113 #define BN_prime_checks 0 /* default: select number of iterations based \ 114 * on the size of the number */ 115 116 /* 117 * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations 118 * that will be done for checking that a random number is probably prime. The 119 * error rate for accepting a composite number as prime depends on the size of 120 * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, 121 * and so the level is what you would expect for a key of double the size of the 122 * prime. 123 * 124 * This table is generated using the algorithm of FIPS PUB 186-4 125 * Digital Signature Standard (DSS), section F.1, page 117. 126 * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) 127 * 128 * The following magma script was used to generate the output: 129 * securitybits:=125; 130 * k:=1024; 131 * for t:=1 to 65 do 132 * for M:=3 to Floor(2*Sqrt(k-1)-1) do 133 * S:=0; 134 * // Sum over m 135 * for m:=3 to M do 136 * s:=0; 137 * // Sum over j 138 * for j:=2 to m do 139 * s+:=(RealField(32)!2)^-(j+(k-1)/j); 140 * end for; 141 * S+:=2^(m-(m-1)*t)*s; 142 * end for; 143 * A:=2^(k-2-M*t); 144 * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; 145 * pkt:=2.00743*Log(2)*k*2^-k*(A+B); 146 * seclevel:=Floor(-Log(2,pkt)); 147 * if seclevel ge securitybits then 148 * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; 149 * break; 150 * end if; 151 * end for; 152 * if seclevel ge securitybits then break; end if; 153 * end for; 154 * 155 * It can be run online at: 156 * http://magma.maths.usyd.edu.au/calc 157 * 158 * And will output: 159 * k: 1024, security: 129 bits (t: 6, M: 23) 160 * 161 * k is the number of bits of the prime, securitybits is the level we want to 162 * reach. 163 * 164 * prime length | RSA key size | # MR tests | security level 165 * -------------+--------------|------------+--------------- 166 * (b) >= 6394 | >= 12788 | 3 | 256 bit 167 * (b) >= 3747 | >= 7494 | 3 | 192 bit 168 * (b) >= 1345 | >= 2690 | 4 | 128 bit 169 * (b) >= 1080 | >= 2160 | 5 | 128 bit 170 * (b) >= 852 | >= 1704 | 5 | 112 bit 171 * (b) >= 476 | >= 952 | 5 | 80 bit 172 * (b) >= 400 | >= 800 | 6 | 80 bit 173 * (b) >= 347 | >= 694 | 7 | 80 bit 174 * (b) >= 308 | >= 616 | 8 | 80 bit 175 * (b) >= 55 | >= 110 | 27 | 64 bit 176 * (b) >= 6 | >= 12 | 34 | 64 bit 177 */ 178 179 #define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : (b) >= 1345 ? 4 \ 180 : (b) >= 476 ? 5 \ 181 : (b) >= 400 ? 6 \ 182 : (b) >= 347 ? 7 \ 183 : (b) >= 308 ? 8 \ 184 : (b) >= 55 ? 27 \ 185 : /* b >= 6 */ 34) 186 #endif 187 188 #define BN_num_bytes(a) ((BN_num_bits(a) + 7) / 8) 189 190 int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); 191 int BN_is_zero(const BIGNUM *a); 192 int BN_is_one(const BIGNUM *a); 193 int BN_is_word(const BIGNUM *a, const BN_ULONG w); 194 int BN_is_odd(const BIGNUM *a); 195 196 #define BN_one(a) (BN_set_word((a), 1)) 197 198 void BN_zero_ex(BIGNUM *a); 199 200 #if OPENSSL_API_LEVEL > 908 201 #define BN_zero(a) BN_zero_ex(a) 202 #else 203 #define BN_zero(a) (BN_set_word((a), 0)) 204 #endif 205 206 const BIGNUM *BN_value_one(void); 207 char *BN_options(void); 208 BN_CTX *BN_CTX_new_ex(OSSL_LIB_CTX *ctx); 209 BN_CTX *BN_CTX_new(void); 210 BN_CTX *BN_CTX_secure_new_ex(OSSL_LIB_CTX *ctx); 211 BN_CTX *BN_CTX_secure_new(void); 212 void BN_CTX_free(BN_CTX *c); 213 void BN_CTX_start(BN_CTX *ctx); 214 BIGNUM *BN_CTX_get(BN_CTX *ctx); 215 void BN_CTX_end(BN_CTX *ctx); 216 int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, 217 unsigned int strength, BN_CTX *ctx); 218 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); 219 int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, 220 unsigned int strength, BN_CTX *ctx); 221 int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); 222 int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, unsigned int strength, 223 BN_CTX *ctx); 224 int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); 225 int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, 226 unsigned int strength, BN_CTX *ctx); 227 int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range); 228 #ifndef OPENSSL_NO_DEPRECATED_3_0 229 OSSL_DEPRECATEDIN_3_0 230 int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); 231 OSSL_DEPRECATEDIN_3_0 232 int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); 233 #endif 234 int BN_num_bits(const BIGNUM *a); 235 int BN_num_bits_word(BN_ULONG l); 236 int BN_security_bits(int L, int N); 237 BIGNUM *BN_new(void); 238 BIGNUM *BN_secure_new(void); 239 void BN_clear_free(BIGNUM *a); 240 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); 241 void BN_swap(BIGNUM *a, BIGNUM *b); 242 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); 243 BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret); 244 int BN_bn2bin(const BIGNUM *a, unsigned char *to); 245 int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); 246 int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen); 247 BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); 248 BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); 249 int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); 250 int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen); 251 BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret); 252 BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret); 253 int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen); 254 int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen); 255 BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); 256 int BN_bn2mpi(const BIGNUM *a, unsigned char *to); 257 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); 258 int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); 259 int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); 260 int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); 261 int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); 262 int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); 263 /** BN_set_negative sets sign of a BIGNUM 264 * \param b pointer to the BIGNUM object 265 * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise 266 */ 267 void BN_set_negative(BIGNUM *b, int n); 268 /** BN_is_negative returns 1 if the BIGNUM is negative 269 * \param b pointer to the BIGNUM object 270 * \return 1 if a < 0 and 0 otherwise 271 */ 272 int BN_is_negative(const BIGNUM *b); 273 274 int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, 275 BN_CTX *ctx); 276 #define BN_mod(rem, m, d, ctx) BN_div(NULL, (rem), (m), (d), (ctx)) 277 int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); 278 int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, 279 BN_CTX *ctx); 280 int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 281 const BIGNUM *m); 282 int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, 283 BN_CTX *ctx); 284 int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 285 const BIGNUM *m); 286 int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, 287 BN_CTX *ctx); 288 int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); 289 int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); 290 int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); 291 int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, 292 BN_CTX *ctx); 293 int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); 294 295 BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); 296 BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); 297 int BN_mul_word(BIGNUM *a, BN_ULONG w); 298 int BN_add_word(BIGNUM *a, BN_ULONG w); 299 int BN_sub_word(BIGNUM *a, BN_ULONG w); 300 int BN_set_word(BIGNUM *a, BN_ULONG w); 301 BN_ULONG BN_get_word(const BIGNUM *a); 302 303 int BN_cmp(const BIGNUM *a, const BIGNUM *b); 304 void BN_free(BIGNUM *a); 305 int BN_is_bit_set(const BIGNUM *a, int n); 306 int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); 307 int BN_lshift1(BIGNUM *r, const BIGNUM *a); 308 int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); 309 310 int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 311 const BIGNUM *m, BN_CTX *ctx); 312 int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 313 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 314 int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, 315 const BIGNUM *m, BN_CTX *ctx, 316 BN_MONT_CTX *in_mont); 317 int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, 318 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 319 int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, 320 const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, 321 BN_CTX *ctx, BN_MONT_CTX *m_ctx); 322 int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 323 const BIGNUM *m, BN_CTX *ctx); 324 int BN_mod_exp_mont_consttime_x2(BIGNUM *rr1, const BIGNUM *a1, const BIGNUM *p1, 325 const BIGNUM *m1, BN_MONT_CTX *in_mont1, 326 BIGNUM *rr2, const BIGNUM *a2, const BIGNUM *p2, 327 const BIGNUM *m2, BN_MONT_CTX *in_mont2, 328 BN_CTX *ctx); 329 330 int BN_mask_bits(BIGNUM *a, int n); 331 #ifndef OPENSSL_NO_STDIO 332 int BN_print_fp(FILE *fp, const BIGNUM *a); 333 #endif 334 int BN_print(BIO *bio, const BIGNUM *a); 335 int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); 336 int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); 337 int BN_rshift1(BIGNUM *r, const BIGNUM *a); 338 void BN_clear(BIGNUM *a); 339 BIGNUM *BN_dup(const BIGNUM *a); 340 int BN_ucmp(const BIGNUM *a, const BIGNUM *b); 341 int BN_set_bit(BIGNUM *a, int n); 342 int BN_clear_bit(BIGNUM *a, int n); 343 char *BN_bn2hex(const BIGNUM *a); 344 char *BN_bn2dec(const BIGNUM *a); 345 int BN_hex2bn(BIGNUM **a, const char *str); 346 int BN_dec2bn(BIGNUM **a, const char *str); 347 int BN_asc2bn(BIGNUM **a, const char *str); 348 int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); 349 int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns 350 * -2 for 351 * error */ 352 int BN_are_coprime(BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); 353 BIGNUM *BN_mod_inverse(BIGNUM *ret, 354 const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); 355 BIGNUM *BN_mod_sqrt(BIGNUM *ret, 356 const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); 357 358 void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); 359 360 /* Deprecated versions */ 361 #ifndef OPENSSL_NO_DEPRECATED_0_9_8 362 OSSL_DEPRECATEDIN_0_9_8 363 BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, 364 const BIGNUM *add, const BIGNUM *rem, 365 void (*callback)(int, int, void *), 366 void *cb_arg); 367 OSSL_DEPRECATEDIN_0_9_8 368 int BN_is_prime(const BIGNUM *p, int nchecks, 369 void (*callback)(int, int, void *), 370 BN_CTX *ctx, void *cb_arg); 371 OSSL_DEPRECATEDIN_0_9_8 372 int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, 373 void (*callback)(int, int, void *), 374 BN_CTX *ctx, void *cb_arg, 375 int do_trial_division); 376 #endif 377 #ifndef OPENSSL_NO_DEPRECATED_3_0 378 OSSL_DEPRECATEDIN_3_0 379 int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); 380 OSSL_DEPRECATEDIN_3_0 381 int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, 382 int do_trial_division, BN_GENCB *cb); 383 #endif 384 /* Newer versions */ 385 int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe, 386 const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb, 387 BN_CTX *ctx); 388 int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, 389 const BIGNUM *rem, BN_GENCB *cb); 390 int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb); 391 392 #ifndef OPENSSL_NO_DEPRECATED_3_0 393 OSSL_DEPRECATEDIN_3_0 394 int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); 395 396 OSSL_DEPRECATEDIN_3_0 397 int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, 398 const BIGNUM *Xp, const BIGNUM *Xp1, 399 const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, 400 BN_GENCB *cb); 401 OSSL_DEPRECATEDIN_3_0 402 int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, 403 BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, 404 BN_CTX *ctx, BN_GENCB *cb); 405 #endif 406 407 BN_MONT_CTX *BN_MONT_CTX_new(void); 408 int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 409 BN_MONT_CTX *mont, BN_CTX *ctx); 410 int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, 411 BN_CTX *ctx); 412 int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, 413 BN_CTX *ctx); 414 void BN_MONT_CTX_free(BN_MONT_CTX *mont); 415 int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); 416 BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); 417 BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, 418 const BIGNUM *mod, BN_CTX *ctx); 419 420 /* BN_BLINDING flags */ 421 #define BN_BLINDING_NO_UPDATE 0x00000001 422 #define BN_BLINDING_NO_RECREATE 0x00000002 423 424 BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); 425 void BN_BLINDING_free(BN_BLINDING *b); 426 int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); 427 int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); 428 int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); 429 int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); 430 int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, 431 BN_CTX *); 432 433 int BN_BLINDING_is_current_thread(BN_BLINDING *b); 434 void BN_BLINDING_set_current_thread(BN_BLINDING *b); 435 int BN_BLINDING_lock(BN_BLINDING *b); 436 int BN_BLINDING_unlock(BN_BLINDING *b); 437 438 unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); 439 void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); 440 BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, 441 const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, 442 int (*bn_mod_exp)(BIGNUM *r, 443 const BIGNUM *a, 444 const BIGNUM *p, 445 const BIGNUM *m, 446 BN_CTX *ctx, 447 BN_MONT_CTX *m_ctx), 448 BN_MONT_CTX *m_ctx); 449 #ifndef OPENSSL_NO_DEPRECATED_0_9_8 450 OSSL_DEPRECATEDIN_0_9_8 451 void BN_set_params(int mul, int high, int low, int mont); 452 OSSL_DEPRECATEDIN_0_9_8 453 int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ 454 #endif 455 456 BN_RECP_CTX *BN_RECP_CTX_new(void); 457 void BN_RECP_CTX_free(BN_RECP_CTX *recp); 458 int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); 459 int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, 460 BN_RECP_CTX *recp, BN_CTX *ctx); 461 int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 462 const BIGNUM *m, BN_CTX *ctx); 463 int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, 464 BN_RECP_CTX *recp, BN_CTX *ctx); 465 466 #ifndef OPENSSL_NO_EC2M 467 468 /* 469 * Functions for arithmetic over binary polynomials represented by BIGNUMs. 470 * The BIGNUM::neg property of BIGNUMs representing binary polynomials is 471 * ignored. Note that input arguments are not const so that their bit arrays 472 * can be expanded to the appropriate size if needed. 473 */ 474 475 /* 476 * r = a + b 477 */ 478 int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); 479 #define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) 480 /* 481 * r=a mod p 482 */ 483 int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); 484 /* r = (a * b) mod p */ 485 int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 486 const BIGNUM *p, BN_CTX *ctx); 487 /* r = (a * a) mod p */ 488 int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); 489 /* r = (1 / b) mod p */ 490 int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); 491 /* r = (a / b) mod p */ 492 int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 493 const BIGNUM *p, BN_CTX *ctx); 494 /* r = (a ^ b) mod p */ 495 int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 496 const BIGNUM *p, BN_CTX *ctx); 497 /* r = sqrt(a) mod p */ 498 int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 499 BN_CTX *ctx); 500 /* r^2 + r = a mod p */ 501 int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 502 BN_CTX *ctx); 503 #define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) 504 /*- 505 * Some functions allow for representation of the irreducible polynomials 506 * as an unsigned int[], say p. The irreducible f(t) is then of the form: 507 * t^p[0] + t^p[1] + ... + t^p[k] 508 * where m = p[0] > p[1] > ... > p[k] = 0. 509 */ 510 /* r = a mod p */ 511 int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); 512 /* r = (a * b) mod p */ 513 int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 514 const int p[], BN_CTX *ctx); 515 /* r = (a * a) mod p */ 516 int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], 517 BN_CTX *ctx); 518 /* r = (1 / b) mod p */ 519 int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], 520 BN_CTX *ctx); 521 /* r = (a / b) mod p */ 522 int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 523 const int p[], BN_CTX *ctx); 524 /* r = (a ^ b) mod p */ 525 int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, 526 const int p[], BN_CTX *ctx); 527 /* r = sqrt(a) mod p */ 528 int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, 529 const int p[], BN_CTX *ctx); 530 /* r^2 + r = a mod p */ 531 int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, 532 const int p[], BN_CTX *ctx); 533 int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); 534 int BN_GF2m_arr2poly(const int p[], BIGNUM *a); 535 536 #endif 537 538 /* 539 * faster mod functions for the 'NIST primes' 0 <= a < p^2 540 */ 541 int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); 542 int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); 543 int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); 544 int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); 545 int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); 546 547 const BIGNUM *BN_get0_nist_prime_192(void); 548 const BIGNUM *BN_get0_nist_prime_224(void); 549 const BIGNUM *BN_get0_nist_prime_256(void); 550 const BIGNUM *BN_get0_nist_prime_384(void); 551 const BIGNUM *BN_get0_nist_prime_521(void); 552 553 int (*BN_nist_mod_func(const BIGNUM *p))(BIGNUM *r, const BIGNUM *a, 554 const BIGNUM *field, BN_CTX *ctx); 555 556 int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, 557 const BIGNUM *priv, const unsigned char *message, 558 size_t message_len, BN_CTX *ctx); 559 560 /* Primes from RFC 2409 */ 561 BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); 562 BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); 563 564 /* Primes from RFC 3526 */ 565 BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn); 566 BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn); 567 BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn); 568 BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); 569 BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); 570 BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); 571 572 #ifndef OPENSSL_NO_DEPRECATED_1_1_0 573 #define get_rfc2409_prime_768 BN_get_rfc2409_prime_768 574 #define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024 575 #define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536 576 #define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048 577 #define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072 578 #define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096 579 #define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144 580 #define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192 581 #endif 582 583 int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); 584 585 #ifdef __cplusplus 586 } 587 #endif 588 #endif 589
Indexes created Sat Feb 28 05:31:39 UTC 2026