1 .\" $NetBSD: openssl_bn_internal.3,v 1.14 2015/06/12 17:01:14 christos Exp $
3 .\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
6 .\" ========================================================================
7 .de Sp \" Vertical space (when we can't use .PP)
11 .de Vb \" Begin verbatim text
16 .de Ve \" End verbatim text
20 .\" Set up some character translations and predefined strings. \*(-- will
21 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
22 .\" double quote, and \*(R" will give a right double quote. \*(C+ will
23 .\" give a nicer C++. Capital omega is used to do unbreakable dashes and
24 .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
25 .\" nothing in troff, for use with C<>.
27 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
31 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
32 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
47 .\" Escape single quotes in literal strings from groff's Unicode transform.
51 .\" If the F register is turned on, we'll generate index entries on stderr for
52 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
53 .\" entries marked with X<> in POD. Of course, you'll have to process the
54 .\" output yourself in some meaningful fashion.
56 .\" Avoid warning from groff about undefined register 'F'.
60 .if \n(.g .if rF .nr rF 1
61 .if (\n(rF:(\n(.g==0)) \{
64 . tm Index:\\$1\t\\n%\t"\\$2"
74 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
75 .\" Fear. Run. Save yourself. No user-serviceable parts.
76 . \" fudge factors for nroff and troff
85 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
91 . \" simple accents for nroff and troff
101 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
102 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
103 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
104 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
105 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
106 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
108 . \" troff and (daisy-wheel) nroff accents
109 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
110 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
111 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
112 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
113 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
114 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
115 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
116 .ds ae a\h'-(\w'a'u*4/10)'e
117 .ds Ae A\h'-(\w'A'u*4/10)'E
118 . \" corrections for vroff
119 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
120 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
121 . \" for low resolution devices (crt and lpr)
122 .if \n(.H>23 .if \n(.V>19 \
135 .\" ========================================================================
137 .IX Title "bn_internal 3"
138 .TH bn_internal 3 "2009-12-26" "1.0.1n" "OpenSSL"
139 .\" For nroff, turn off justification. Always turn off hyphenation; it makes
140 .\" way too many mistakes in technical documents.
144 bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
145 bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8,
146 bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
147 bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
148 bn_mul_low_recursive, bn_mul_high, bn_sqr_normal, bn_sqr_recursive,
149 bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
150 bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low \- BIGNUM
151 library internal functions
155 .IX Header "SYNOPSIS"
157 \& #include <openssl/bn.h>
159 \& BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
160 \& BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
162 \& void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
163 \& BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
164 \& BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
166 \& BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
169 \& void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
170 \& void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
171 \& void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a);
172 \& void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a);
174 \& int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n);
176 \& void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b,
178 \& void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
179 \& void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
180 \& int dna,int dnb,BN_ULONG *tmp);
181 \& void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
182 \& int n, int tna,int tnb, BN_ULONG *tmp);
183 \& void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
184 \& int n2, BN_ULONG *tmp);
185 \& void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l,
186 \& int n2, BN_ULONG *tmp);
188 \& void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
189 \& void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
191 \& void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
192 \& void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
193 \& void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
195 \& BIGNUM *bn_expand(BIGNUM *a, int bits);
196 \& BIGNUM *bn_wexpand(BIGNUM *a, int n);
197 \& BIGNUM *bn_expand2(BIGNUM *a, int n);
198 \& void bn_fix_top(BIGNUM *a);
200 \& void bn_check_top(BIGNUM *a);
201 \& void bn_print(BIGNUM *a);
202 \& void bn_dump(BN_ULONG *d, int n);
203 \& void bn_set_max(BIGNUM *a);
204 \& void bn_set_high(BIGNUM *r, BIGNUM *a, int n);
205 \& void bn_set_low(BIGNUM *r, BIGNUM *a, int n);
208 .IX Header "DESCRIPTION"
209 This page documents the internal functions used by the OpenSSL
210 \&\fB\s-1BIGNUM\s0\fR implementation. They are described here to facilitate
211 debugging and extending the library. They are \fInot\fR to be used by
213 .SS "The \s-1BIGNUM\s0 structure"
214 .IX Subsection "The BIGNUM structure"
216 \& typedef struct bignum_st BIGNUM;
220 \& BN_ULONG *d; /* Pointer to an array of \*(AqBN_BITS2\*(Aq bit chunks. */
221 \& int top; /* Index of last used d +1. */
222 \& /* The next are internal book keeping for bn_expand. */
223 \& int dmax; /* Size of the d array. */
224 \& int neg; /* one if the number is negative */
229 The integer value is stored in \fBd\fR, a \fImalloc()\fRed array of words (\fB\s-1BN_ULONG\s0\fR),
230 least significant word first. A \fB\s-1BN_ULONG\s0\fR can be either 16, 32 or 64 bits
231 in size, depending on the 'number of bits' (\fB\s-1BITS2\s0\fR) specified in
232 \&\f(CW\*(C`openssl/bn.h\*(C'\fR.
234 \&\fBdmax\fR is the size of the \fBd\fR array that has been allocated. \fBtop\fR
235 is the number of words being used, so for a value of 4, bn.d[0]=4 and
236 bn.top=1. \fBneg\fR is 1 if the number is negative. When a \fB\s-1BIGNUM\s0\fR is
237 \&\fB0\fR, the \fBd\fR field can be \fB\s-1NULL\s0\fR and \fBtop\fR == \fB0\fR.
239 \&\fBflags\fR is a bit field of flags which are defined in \f(CW\*(C`openssl/bn.h\*(C'\fR. The
240 flags begin with \fB\s-1BN_FLG_\s0\fR. The macros BN_set_flags(b,n) and
241 BN_get_flags(b,n) exist to enable or fetch flag(s) \fBn\fR from \fB\s-1BIGNUM\s0\fR
244 Various routines in this library require the use of temporary
245 \&\fB\s-1BIGNUM\s0\fR variables during their execution. Since dynamic memory
246 allocation to create \fB\s-1BIGNUM\s0\fRs is rather expensive when used in
247 conjunction with repeated subroutine calls, the \fB\s-1BN_CTX\s0\fR structure is
248 used. This structure contains \fB\s-1BN_CTX_NUM\s0\fR \fB\s-1BIGNUM\s0\fRs, see
249 \&\fIBN_CTX_start\fR\|(3).
250 .SS "Low-level arithmetic operations"
251 .IX Subsection "Low-level arithmetic operations"
252 These functions are implemented in C and for several platforms in
255 bn_mul_words(\fBrp\fR, \fBap\fR, \fBnum\fR, \fBw\fR) operates on the \fBnum\fR word
256 arrays \fBrp\fR and \fBap\fR. It computes \fBap\fR * \fBw\fR, places the result
257 in \fBrp\fR, and returns the high word (carry).
259 bn_mul_add_words(\fBrp\fR, \fBap\fR, \fBnum\fR, \fBw\fR) operates on the \fBnum\fR
260 word arrays \fBrp\fR and \fBap\fR. It computes \fBap\fR * \fBw\fR + \fBrp\fR, places
261 the result in \fBrp\fR, and returns the high word (carry).
263 bn_sqr_words(\fBrp\fR, \fBap\fR, \fBn\fR) operates on the \fBnum\fR word array
264 \&\fBap\fR and the 2*\fBnum\fR word array \fBap\fR. It computes \fBap\fR * \fBap\fR
265 word-wise, and places the low and high bytes of the result in \fBrp\fR.
267 bn_div_words(\fBh\fR, \fBl\fR, \fBd\fR) divides the two word number (\fBh\fR,\fBl\fR)
268 by \fBd\fR and returns the result.
270 bn_add_words(\fBrp\fR, \fBap\fR, \fBbp\fR, \fBnum\fR) operates on the \fBnum\fR word
271 arrays \fBap\fR, \fBbp\fR and \fBrp\fR. It computes \fBap\fR + \fBbp\fR, places the
272 result in \fBrp\fR, and returns the high word (carry).
274 bn_sub_words(\fBrp\fR, \fBap\fR, \fBbp\fR, \fBnum\fR) operates on the \fBnum\fR word
275 arrays \fBap\fR, \fBbp\fR and \fBrp\fR. It computes \fBap\fR \- \fBbp\fR, places the
276 result in \fBrp\fR, and returns the carry (1 if \fBbp\fR > \fBap\fR, 0
279 bn_mul_comba4(\fBr\fR, \fBa\fR, \fBb\fR) operates on the 4 word arrays \fBa\fR and
280 \&\fBb\fR and the 8 word array \fBr\fR. It computes \fBa\fR*\fBb\fR and places the
283 bn_mul_comba8(\fBr\fR, \fBa\fR, \fBb\fR) operates on the 8 word arrays \fBa\fR and
284 \&\fBb\fR and the 16 word array \fBr\fR. It computes \fBa\fR*\fBb\fR and places the
287 bn_sqr_comba4(\fBr\fR, \fBa\fR, \fBb\fR) operates on the 4 word arrays \fBa\fR and
288 \&\fBb\fR and the 8 word array \fBr\fR.
290 bn_sqr_comba8(\fBr\fR, \fBa\fR, \fBb\fR) operates on the 8 word arrays \fBa\fR and
291 \&\fBb\fR and the 16 word array \fBr\fR.
293 The following functions are implemented in C:
295 bn_cmp_words(\fBa\fR, \fBb\fR, \fBn\fR) operates on the \fBn\fR word arrays \fBa\fR
296 and \fBb\fR. It returns 1, 0 and \-1 if \fBa\fR is greater than, equal and
299 bn_mul_normal(\fBr\fR, \fBa\fR, \fBna\fR, \fBb\fR, \fBnb\fR) operates on the \fBna\fR
300 word array \fBa\fR, the \fBnb\fR word array \fBb\fR and the \fBna\fR+\fBnb\fR word
301 array \fBr\fR. It computes \fBa\fR*\fBb\fR and places the result in \fBr\fR.
303 bn_mul_low_normal(\fBr\fR, \fBa\fR, \fBb\fR, \fBn\fR) operates on the \fBn\fR word
304 arrays \fBr\fR, \fBa\fR and \fBb\fR. It computes the \fBn\fR low words of
305 \&\fBa\fR*\fBb\fR and places the result in \fBr\fR.
307 bn_mul_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn2\fR, \fBdna\fR, \fBdnb\fR, \fBt\fR) operates
308 on the word arrays \fBa\fR and \fBb\fR of length \fBn2\fR+\fBdna\fR and \fBn2\fR+\fBdnb\fR
309 (\fBdna\fR and \fBdnb\fR are currently allowed to be 0 or negative) and the 2*\fBn2\fR
310 word arrays \fBr\fR and \fBt\fR. \fBn2\fR must be a power of 2. It computes
311 \&\fBa\fR*\fBb\fR and places the result in \fBr\fR.
313 bn_mul_part_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn\fR, \fBtna\fR, \fBtnb\fR, \fBtmp\fR)
314 operates on the word arrays \fBa\fR and \fBb\fR of length \fBn\fR+\fBtna\fR and
315 \&\fBn\fR+\fBtnb\fR and the 4*\fBn\fR word arrays \fBr\fR and \fBtmp\fR.
317 bn_mul_low_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn2\fR, \fBtmp\fR) operates on the
318 \&\fBn2\fR word arrays \fBr\fR and \fBtmp\fR and the \fBn2\fR/2 word arrays \fBa\fR
321 bn_mul_high(\fBr\fR, \fBa\fR, \fBb\fR, \fBl\fR, \fBn2\fR, \fBtmp\fR) operates on the
322 \&\fBn2\fR word arrays \fBr\fR, \fBa\fR, \fBb\fR and \fBl\fR (?) and the 3*\fBn2\fR word
325 \&\fIBN_mul()\fR calls \fIbn_mul_normal()\fR, or an optimized implementation if the
326 factors have the same size: \fIbn_mul_comba8()\fR is used if they are 8
327 words long, \fIbn_mul_recursive()\fR if they are larger than
328 \&\fB\s-1BN_MULL_SIZE_NORMAL\s0\fR and the size is an exact multiple of the word
329 size, and \fIbn_mul_part_recursive()\fR for others that are larger than
330 \&\fB\s-1BN_MULL_SIZE_NORMAL\s0\fR.
332 bn_sqr_normal(\fBr\fR, \fBa\fR, \fBn\fR, \fBtmp\fR) operates on the \fBn\fR word array
333 \&\fBa\fR and the 2*\fBn\fR word arrays \fBtmp\fR and \fBr\fR.
335 The implementations use the following macros which, depending on the
336 architecture, may use \*(L"long long\*(R" C operations or inline assembler.
337 They are defined in \f(CW\*(C`bn_lcl.h\*(C'\fR.
339 mul(\fBr\fR, \fBa\fR, \fBw\fR, \fBc\fR) computes \fBw\fR*\fBa\fR+\fBc\fR and places the
340 low word of the result in \fBr\fR and the high word in \fBc\fR.
342 mul_add(\fBr\fR, \fBa\fR, \fBw\fR, \fBc\fR) computes \fBw\fR*\fBa\fR+\fBr\fR+\fBc\fR and
343 places the low word of the result in \fBr\fR and the high word in \fBc\fR.
345 sqr(\fBr0\fR, \fBr1\fR, \fBa\fR) computes \fBa\fR*\fBa\fR and places the low word
346 of the result in \fBr0\fR and the high word in \fBr1\fR.
348 .IX Subsection "Size changes"
349 \&\fIbn_expand()\fR ensures that \fBb\fR has enough space for a \fBbits\fR bit
350 number. \fIbn_wexpand()\fR ensures that \fBb\fR has enough space for an
351 \&\fBn\fR word number. If the number has to be expanded, both macros
352 call \fIbn_expand2()\fR, which allocates a new \fBd\fR array and copies the
353 data. They return \fB\s-1NULL\s0\fR on error, \fBb\fR otherwise.
355 The \fIbn_fix_top()\fR macro reduces \fBa\->top\fR to point to the most
356 significant non-zero word plus one when \fBa\fR has shrunk.
358 .IX Subsection "Debugging"
359 \&\fIbn_check_top()\fR verifies that \f(CW\*(C`((a)\->top >= 0 && (a)\->top
360 <= (a)\->dmax)\*(C'\fR. A violation will cause the program to abort.
362 \&\fIbn_print()\fR prints \fBa\fR to stderr. \fIbn_dump()\fR prints \fBn\fR words at \fBd\fR
363 (in reverse order, i.e. most significant word first) to stderr.
365 \&\fIbn_set_max()\fR makes \fBa\fR a static number with a \fBdmax\fR of its current size.
366 This is used by \fIbn_set_low()\fR and \fIbn_set_high()\fR to make \fBr\fR a read-only
367 \&\fB\s-1BIGNUM\s0\fR that contains the \fBn\fR low or high words of \fBa\fR.
369 If \fB\s-1BN_DEBUG\s0\fR is not defined, \fIbn_check_top()\fR, \fIbn_print()\fR, \fIbn_dump()\fR
370 and \fIbn_set_max()\fR are defined as empty macros.
372 .IX Header "SEE ALSO"
373 \&\fIopenssl_bn\fR\|(3)