1 /* crypto/bn/bn.h */
2 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 
59 #ifndef HEADER_BN_H
60 #define HEADER_BN_H
61 
62 #include <openssl/e_os2.h>
63 #ifndef OPENSSL_NO_FP_API
64 #include <stdio.h> /* FILE */
65 #endif
66 
67 #ifdef  __cplusplus
68 extern "C" {
69 #endif
70 
71 #ifdef OPENSSL_SYS_VMS
72 #undef BN_LLONG /* experimental, so far... */
73 #endif
74 
75 #define BN_MUL_COMBA
76 #define BN_SQR_COMBA
77 #define BN_RECURSION
78 
79 /* This next option uses the C libraries (2 word)/(1 word) function.
80  * If it is not defined, I use my C version (which is slower).
81  * The reason for this flag is that when the particular C compiler
82  * library routine is used, and the library is linked with a different
83  * compiler, the library is missing.  This mostly happens when the
84  * library is built with gcc and then linked using normal cc.  This would
85  * be a common occurrence because gcc normally produces code that is
86  * 2 times faster than system compilers for the big number stuff.
87  * For machines with only one compiler (or shared libraries), this should
88  * be on.  Again this in only really a problem on machines
89  * using "long long's", are 32bit, and are not using my assembler code. */
90 #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
91     defined(OPENSSL_SYS_WIN32) || defined(linux)
92 # ifndef BN_DIV2W
93 #  define BN_DIV2W
94 # endif
95 #endif
96 
97 /* assuming long is 64bit - this is the DEC Alpha
98  * unsigned long long is only 64 bits :-(, don't define
99  * BN_LLONG for the DEC Alpha */
100 #ifdef SIXTY_FOUR_BIT_LONG
101 #define BN_ULLONG	unsigned long long
102 #define BN_ULONG	unsigned long
103 #define BN_LONG		long
104 #define BN_BITS		128
105 #define BN_BYTES	8
106 #define BN_BITS2	64
107 #define BN_BITS4	32
108 #define BN_MASK		(0xffffffffffffffffffffffffffffffffLL)
109 #define BN_MASK2	(0xffffffffffffffffL)
110 #define BN_MASK2l	(0xffffffffL)
111 #define BN_MASK2h	(0xffffffff00000000L)
112 #define BN_MASK2h1	(0xffffffff80000000L)
113 #define BN_TBIT		(0x8000000000000000L)
114 #define BN_DEC_CONV	(10000000000000000000UL)
115 #define BN_DEC_FMT1	"%lu"
116 #define BN_DEC_FMT2	"%019lu"
117 #define BN_DEC_NUM	19
118 #endif
119 
120 /* This is where the long long data type is 64 bits, but long is 32.
121  * For machines where there are 64bit registers, this is the mode to use.
122  * IRIX, on R4000 and above should use this mode, along with the relevant
123  * assembler code :-).  Do NOT define BN_LLONG.
124  */
125 #ifdef SIXTY_FOUR_BIT
126 #undef BN_LLONG
127 #undef BN_ULLONG
128 #define BN_ULONG	unsigned long long
129 #define BN_LONG		long long
130 #define BN_BITS		128
131 #define BN_BYTES	8
132 #define BN_BITS2	64
133 #define BN_BITS4	32
134 #define BN_MASK2	(0xffffffffffffffffLL)
135 #define BN_MASK2l	(0xffffffffL)
136 #define BN_MASK2h	(0xffffffff00000000LL)
137 #define BN_MASK2h1	(0xffffffff80000000LL)
138 #define BN_TBIT		(0x8000000000000000LL)
139 #define BN_DEC_CONV	(10000000000000000000ULL)
140 #define BN_DEC_FMT1	"%llu"
141 #define BN_DEC_FMT2	"%019llu"
142 #define BN_DEC_NUM	19
143 #endif
144 
145 #ifdef THIRTY_TWO_BIT
146 #if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
147 #define BN_ULLONG	unsigned _int64
148 #else
149 #define BN_ULLONG	unsigned long long
150 #endif
151 #define BN_ULONG	unsigned long
152 #define BN_LONG		long
153 #define BN_BITS		64
154 #define BN_BYTES	4
155 #define BN_BITS2	32
156 #define BN_BITS4	16
157 #ifdef OPENSSL_SYS_WIN32
158 /* VC++ doesn't like the LL suffix */
159 #define BN_MASK		(0xffffffffffffffffL)
160 #else
161 #define BN_MASK		(0xffffffffffffffffLL)
162 #endif
163 #define BN_MASK2	(0xffffffffL)
164 #define BN_MASK2l	(0xffff)
165 #define BN_MASK2h1	(0xffff8000L)
166 #define BN_MASK2h	(0xffff0000L)
167 #define BN_TBIT		(0x80000000L)
168 #define BN_DEC_CONV	(1000000000L)
169 #define BN_DEC_FMT1	"%lu"
170 #define BN_DEC_FMT2	"%09lu"
171 #define BN_DEC_NUM	9
172 #endif
173 
174 #ifdef SIXTEEN_BIT
175 #ifndef BN_DIV2W
176 #define BN_DIV2W
177 #endif
178 #define BN_ULLONG	unsigned long
179 #define BN_ULONG	unsigned short
180 #define BN_LONG		short
181 #define BN_BITS		32
182 #define BN_BYTES	2
183 #define BN_BITS2	16
184 #define BN_BITS4	8
185 #define BN_MASK		(0xffffffff)
186 #define BN_MASK2	(0xffff)
187 #define BN_MASK2l	(0xff)
188 #define BN_MASK2h1	(0xff80)
189 #define BN_MASK2h	(0xff00)
190 #define BN_TBIT		(0x8000)
191 #define BN_DEC_CONV	(100000)
192 #define BN_DEC_FMT1	"%u"
193 #define BN_DEC_FMT2	"%05u"
194 #define BN_DEC_NUM	5
195 #endif
196 
197 #ifdef EIGHT_BIT
198 #ifndef BN_DIV2W
199 #define BN_DIV2W
200 #endif
201 #define BN_ULLONG	unsigned short
202 #define BN_ULONG	unsigned char
203 #define BN_LONG		char
204 #define BN_BITS		16
205 #define BN_BYTES	1
206 #define BN_BITS2	8
207 #define BN_BITS4	4
208 #define BN_MASK		(0xffff)
209 #define BN_MASK2	(0xff)
210 #define BN_MASK2l	(0xf)
211 #define BN_MASK2h1	(0xf8)
212 #define BN_MASK2h	(0xf0)
213 #define BN_TBIT		(0x80)
214 #define BN_DEC_CONV	(100)
215 #define BN_DEC_FMT1	"%u"
216 #define BN_DEC_FMT2	"%02u"
217 #define BN_DEC_NUM	2
218 #endif
219 
220 #define BN_DEFAULT_BITS	1280
221 
222 #ifdef BIGNUM
223 #undef BIGNUM
224 #endif
225 
226 #define BN_FLG_MALLOCED		0x01
227 #define BN_FLG_STATIC_DATA	0x02
228 #define BN_FLG_EXP_CONSTTIME	0x04 /* avoid leaking exponent information through timings
229                             	      * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
230 #define BN_FLG_FREE		0x8000	/* used for debuging */
231 #define BN_set_flags(b,n)	((b)->flags|=(n))
232 #define BN_get_flags(b,n)	((b)->flags&(n))
233 
234 /* get a clone of a BIGNUM with changed flags, for *temporary* use only
235  * (the two BIGNUMs cannot not be used in parallel!) */
236 #define BN_with_flags(dest,b,n)  ((dest)->d=(b)->d, \
237                                   (dest)->top=(b)->top, \
238                                   (dest)->dmax=(b)->dmax, \
239                                   (dest)->neg=(b)->neg, \
240                                   (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \
241                                                  |  ((b)->flags & ~BN_FLG_MALLOCED) \
242                                                  |  BN_FLG_STATIC_DATA \
243                                                  |  (n)))
244 
245 typedef struct bignum_st
246 	{
247 	BN_ULONG *d;	/* Pointer to an array of 'BN_BITS2' bit chunks. */
248 	int top;	/* Index of last used d +1. */
249 	/* The next are internal book keeping for bn_expand. */
250 	int dmax;	/* Size of the d array. */
251 	int neg;	/* one if the number is negative */
252 	int flags;
253 	} BIGNUM;
254 
255 /* Used for temp variables (declaration hidden in bn_lcl.h) */
256 typedef struct bignum_ctx BN_CTX;
257 
258 typedef struct bn_blinding_st
259 	{
260 	int init;
261 	BIGNUM *A;
262 	BIGNUM *Ai;
263 	BIGNUM *mod; /* just a reference */
264 	unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
265 				  * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
266 	} BN_BLINDING;
267 
268 /* Used for montgomery multiplication */
269 typedef struct bn_mont_ctx_st
270 	{
271 	int ri;        /* number of bits in R */
272 	BIGNUM RR;     /* used to convert to montgomery form */
273 	BIGNUM N;      /* The modulus */
274 	BIGNUM Ni;     /* R*(1/R mod N) - N*Ni = 1
275 	                * (Ni is only stored for bignum algorithm) */
276 	BN_ULONG n0;   /* least significant word of Ni */
277 	int flags;
278 	} BN_MONT_CTX;
279 
280 /* Used for reciprocal division/mod functions
281  * It cannot be shared between threads
282  */
283 typedef struct bn_recp_ctx_st
284 	{
285 	BIGNUM N;	/* the divisor */
286 	BIGNUM Nr;	/* the reciprocal */
287 	int num_bits;
288 	int shift;
289 	int flags;
290 	} BN_RECP_CTX;
291 
292 #define BN_prime_checks 0 /* default: select number of iterations
293 			     based on the size of the number */
294 
295 /* number of Miller-Rabin iterations for an error rate  of less than 2^-80
296  * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook
297  * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
298  * original paper: Damgaard, Landrock, Pomerance: Average case error estimates
299  * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */
300 #define BN_prime_checks_for_size(b) ((b) >= 1300 ?  2 : \
301                                 (b) >=  850 ?  3 : \
302                                 (b) >=  650 ?  4 : \
303                                 (b) >=  550 ?  5 : \
304                                 (b) >=  450 ?  6 : \
305                                 (b) >=  400 ?  7 : \
306                                 (b) >=  350 ?  8 : \
307                                 (b) >=  300 ?  9 : \
308                                 (b) >=  250 ? 12 : \
309                                 (b) >=  200 ? 15 : \
310                                 (b) >=  150 ? 18 : \
311                                 /* b >= 100 */ 27)
312 
313 #define BN_num_bytes(a)	((BN_num_bits(a)+7)/8)
314 
315 /* Note that BN_abs_is_word does not work reliably for w == 0 */
316 #define BN_abs_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w)))
317 #define BN_is_zero(a)       (((a)->top == 0) || BN_abs_is_word(a,0))
318 #define BN_is_one(a)        (BN_abs_is_word((a),1) && !(a)->neg)
319 #define BN_is_word(a,w)     ((w) ? BN_abs_is_word((a),(w)) && !(a)->neg : \
320                                    BN_is_zero((a)))
321 #define BN_is_odd(a)	    (((a)->top > 0) && ((a)->d[0] & 1))
322 
323 #define BN_one(a)	(BN_set_word((a),1))
324 #define BN_zero(a)	(BN_set_word((a),0))
325 
326 /*#define BN_ascii2bn(a)	BN_hex2bn(a) */
327 /*#define BN_bn2ascii(a)	BN_bn2hex(a) */
328 
329 const BIGNUM *BN_value_one(void);
330 char *	BN_options(void);
331 BN_CTX *BN_CTX_new(void);
332 void	BN_CTX_init(BN_CTX *c);
333 void	BN_CTX_free(BN_CTX *c);
334 void	BN_CTX_start(BN_CTX *ctx);
335 BIGNUM *BN_CTX_get(BN_CTX *ctx);
336 void	BN_CTX_end(BN_CTX *ctx);
337 int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
338 int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
339 int	BN_rand_range(BIGNUM *rnd, BIGNUM *range);
340 int	BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
341 int	BN_num_bits(const BIGNUM *a);
342 int	BN_num_bits_word(BN_ULONG);
343 BIGNUM *BN_new(void);
344 void	BN_init(BIGNUM *);
345 void	BN_clear_free(BIGNUM *a);
346 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
347 void	BN_swap(BIGNUM *a, BIGNUM *b);
348 BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);
349 int	BN_bn2bin(const BIGNUM *a, unsigned char *to);
350 BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret);
351 int	BN_bn2mpi(const BIGNUM *a, unsigned char *to);
352 int	BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
353 int	BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
354 int	BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
355 int	BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
356 int	BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
357 int	BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
358 
359 int	BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
360 	BN_CTX *ctx);
361 #define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
362 int	BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
363 int	BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
364 int	BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
365 int	BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
366 int	BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
367 int	BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
368 	const BIGNUM *m, BN_CTX *ctx);
369 int	BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
370 int	BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
371 int	BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
372 int	BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx);
373 int	BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
374 
375 BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
376 BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
377 int	BN_mul_word(BIGNUM *a, BN_ULONG w);
378 int	BN_add_word(BIGNUM *a, BN_ULONG w);
379 int	BN_sub_word(BIGNUM *a, BN_ULONG w);
380 int	BN_set_word(BIGNUM *a, BN_ULONG w);
381 BN_ULONG BN_get_word(const BIGNUM *a);
382 
383 int	BN_cmp(const BIGNUM *a, const BIGNUM *b);
384 void	BN_free(BIGNUM *a);
385 int	BN_is_bit_set(const BIGNUM *a, int n);
386 int	BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
387 int	BN_lshift1(BIGNUM *r, const BIGNUM *a);
388 int	BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx);
389 
390 int	BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
391 	const BIGNUM *m,BN_CTX *ctx);
392 int	BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
393 	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
394 int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
395 	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
396 int	BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
397 	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
398 int	BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
399 	const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m,
400 	BN_CTX *ctx,BN_MONT_CTX *m_ctx);
401 int	BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
402 	const BIGNUM *m,BN_CTX *ctx);
403 
404 int	BN_mask_bits(BIGNUM *a,int n);
405 #ifndef OPENSSL_NO_FP_API
406 int	BN_print_fp(FILE *fp, const BIGNUM *a);
407 #endif
408 #ifdef HEADER_BIO_H
409 int	BN_print(BIO *fp, const BIGNUM *a);
410 #else
411 int	BN_print(void *fp, const BIGNUM *a);
412 #endif
413 int	BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
414 int	BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
415 int	BN_rshift1(BIGNUM *r, const BIGNUM *a);
416 void	BN_clear(BIGNUM *a);
417 BIGNUM *BN_dup(const BIGNUM *a);
418 int	BN_ucmp(const BIGNUM *a, const BIGNUM *b);
419 int	BN_set_bit(BIGNUM *a, int n);
420 int	BN_clear_bit(BIGNUM *a, int n);
421 char *	BN_bn2hex(const BIGNUM *a);
422 char *	BN_bn2dec(const BIGNUM *a);
423 int 	BN_hex2bn(BIGNUM **a, const char *str);
424 int 	BN_dec2bn(BIGNUM **a, const char *str);
425 int	BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx);
426 int	BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */
427 BIGNUM *BN_mod_inverse(BIGNUM *ret,
428 	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
429 BIGNUM *BN_mod_sqrt(BIGNUM *ret,
430 	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
431 BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
432 	const BIGNUM *add, const BIGNUM *rem,
433 	void (*callback)(int,int,void *),void *cb_arg);
434 int	BN_is_prime(const BIGNUM *p,int nchecks,
435 	void (*callback)(int,int,void *),
436 	BN_CTX *ctx,void *cb_arg);
437 int	BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
438 	void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
439 	int do_trial_division);
440 
441 #ifdef OPENSSL_FIPS
442 int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
443 			void (*cb)(int, int, void *), void *cb_arg,
444 			const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
445 			const BIGNUM *e, BN_CTX *ctx);
446 int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
447 int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
448 			BIGNUM *Xp1, BIGNUM *Xp2,
449 			const BIGNUM *Xp,
450 			const BIGNUM *e, BN_CTX *ctx,
451 			void (*cb)(int, int, void *), void *cb_arg);
452 #endif
453 
454 BN_MONT_CTX *BN_MONT_CTX_new(void );
455 void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
456 int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
457 	BN_MONT_CTX *mont, BN_CTX *ctx);
458 #define BN_to_montgomery(r,a,mont,ctx)	BN_mod_mul_montgomery(\
459 	(r),(a),&((mont)->RR),(mont),(ctx))
460 int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
461 	BN_MONT_CTX *mont, BN_CTX *ctx);
462 void BN_MONT_CTX_free(BN_MONT_CTX *mont);
463 int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
464 BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
465 BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
466 					const BIGNUM *mod, BN_CTX *ctx);
467 
468 BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
469 void BN_BLINDING_free(BN_BLINDING *b);
470 int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
471 int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *r, BN_CTX *ctx);
472 int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
473 
474 void BN_set_params(int mul,int high,int low,int mont);
475 int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
476 
477 void	BN_RECP_CTX_init(BN_RECP_CTX *recp);
478 BN_RECP_CTX *BN_RECP_CTX_new(void);
479 void	BN_RECP_CTX_free(BN_RECP_CTX *recp);
480 int	BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);
481 int	BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
482 	BN_RECP_CTX *recp,BN_CTX *ctx);
483 int	BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
484 	const BIGNUM *m, BN_CTX *ctx);
485 int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
486 	BN_RECP_CTX *recp, BN_CTX *ctx);
487 
488 /* library internal functions */
489 
490 #define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
491 	(a):bn_expand2((a),(bits)/BN_BITS2+1))
492 #define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
493 BIGNUM *bn_expand2(BIGNUM *a, int words);
494 BIGNUM *bn_dup_expand(const BIGNUM *a, int words);
495 
496 #define bn_fix_top(a) \
497         { \
498         BN_ULONG *ftl; \
499 	if ((a)->top > 0) \
500 		{ \
501 		for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
502 		if (*(ftl--)) break; \
503 		} \
504 	}
505 
506 BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
507 BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
508 void     bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
509 BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
510 BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
511 BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
512 
513 #ifdef BN_DEBUG
514 void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n);
515 # define bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \
516    fprintf(stderr,"\n");}
517 # define bn_dump(a,n) bn_dump1(stderr,#a,a,n);
518 #else
519 # define bn_print(a)
520 # define bn_dump(a,b)
521 #endif
522 
523 int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
524 
525 /* BEGIN ERROR CODES */
526 /* The following lines are auto generated by the script mkerr.pl. Any changes
527  * made after this point may be overwritten when the script is next run.
528  */
529 void ERR_load_BN_strings(void);
530 
531 /* Error codes for the BN functions. */
532 
533 /* Function codes. */
534 #define BN_F_BN_BLINDING_CONVERT			 100
535 #define BN_F_BN_BLINDING_INVERT				 101
536 #define BN_F_BN_BLINDING_NEW				 102
537 #define BN_F_BN_BLINDING_UPDATE				 103
538 #define BN_F_BN_BN2DEC					 104
539 #define BN_F_BN_BN2HEX					 105
540 #define BN_F_BN_CTX_GET					 116
541 #define BN_F_BN_CTX_NEW					 106
542 #define BN_F_BN_DIV					 107
543 #define BN_F_BN_EXP					 123
544 #define BN_F_BN_EXPAND2					 108
545 #define BN_F_BN_EXPAND_INTERNAL				 120
546 #define BN_F_BN_MOD_EXP2_MONT				 118
547 #define BN_F_BN_MOD_EXP_MONT				 109
548 #define BN_F_BN_MOD_EXP_MONT_CONSTTIME			 124
549 #define BN_F_BN_MOD_EXP_MONT_WORD			 117
550 #define BN_F_BN_MOD_EXP_RECP				 125
551 #define BN_F_BN_MOD_EXP_SIMPLE				 126
552 #define BN_F_BN_MOD_INVERSE				 110
553 #define BN_F_BN_MOD_LSHIFT_QUICK			 119
554 #define BN_F_BN_MOD_MUL_RECIPROCAL			 111
555 #define BN_F_BN_MOD_SQRT				 121
556 #define BN_F_BN_MPI2BN					 112
557 #define BN_F_BN_NEW					 113
558 #define BN_F_BN_RAND					 114
559 #define BN_F_BN_RAND_RANGE				 122
560 #define BN_F_BN_USUB					 115
561 
562 /* Reason codes. */
563 #define BN_R_ARG2_LT_ARG3				 100
564 #define BN_R_BAD_RECIPROCAL				 101
565 #define BN_R_BIGNUM_TOO_LONG				 114
566 #define BN_R_CALLED_WITH_EVEN_MODULUS			 102
567 #define BN_R_DIV_BY_ZERO				 103
568 #define BN_R_ENCODING_ERROR				 104
569 #define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA		 105
570 #define BN_R_INPUT_NOT_REDUCED				 110
571 #define BN_R_INVALID_LENGTH				 106
572 #define BN_R_INVALID_RANGE				 115
573 #define BN_R_NOT_A_SQUARE				 111
574 #define BN_R_NOT_INITIALIZED				 107
575 #define BN_R_NO_INVERSE					 108
576 #define BN_R_P_IS_NOT_PRIME				 112
577 #define BN_R_TOO_MANY_ITERATIONS			 113
578 #define BN_R_TOO_MANY_TEMPORARY_VARIABLES		 109
579 
580 #ifdef  __cplusplus
581 }
582 #endif
583 #endif
584