NAME

BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd — arithmetic operations on BIGNUMs

SYNOPSIS

#include <openssl/bn.h> int
BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int
BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int
BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); int
BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); int
BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, BN_CTX *ctx); int
BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); int
BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); int
BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); int
BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); int
BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); int
BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); int
BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); int
BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); int
BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);

DESCRIPTION

BN_add() adds a and b and places the result in r (r=a+b). r may be the same BIGNUM as a or b. BN_sub() subtracts b from a and places the result in r (r=a-b). r may be the same BIGNUM as a or b. BN_mul() multiplies a and b and places the result in r (r=a*b). r may be the same BIGNUM as a or b. For multiplication by powers of 2, use BN_lshift(3). BN_sqr() takes the square of a and places the result in r (r=a^2). r and a may be the same BIGNUM. This function is faster than BN_mul(r, a, a). BN_div() divides a by d and places the result in dv and the remainder in rem (dv=a/d, rem=a%d). If the flag BN_FLG_CONSTTIME is set on a or d, it operates in constant time. Either of dv and rem may be NULL, in which case the respective value is not returned. The result is rounded towards zero; thus if a is negative, the remainder will be zero or negative. For division by powers of 2, use BN_rshift(3). BN_mod() corresponds to BN_div() with dv set to NULL. It is implemented as a macro. BN_nnmod() reduces a modulo m and places the non-negative remainder in r. BN_mod_add() adds a to b modulo m and places the non-negative result in r. BN_mod_sub() subtracts b from a modulo m and places the non-negative result in r. BN_mod_mul() multiplies a by b and finds the non-negative remainder respective to modulus m (r=(a*b)%m). r may be the same BIGNUM as a or b. For more efficient algorithms for repeated computations using the same modulus, see BN_mod_mul_montgomery(3) and BN_mod_mul_reciprocal(3). BN_mod_sqr() takes the square of a modulo m and places the result in r. BN_exp() raises a to the p-th power and places the result in r (r=a^p). This function is faster than repeated applications of BN_mul(). BN_mod_exp() computes a to the p-th power modulo m (r=(a^p)%m). If the flag BN_FLG_CONSTTIME is set on p, it operates in constant time. This function uses less time and space than BN_exp(). BN_gcd() computes the greatest common divisor of a and b and places the result in r. r may be the same BIGNUM as a or b. For all functions, ctx is a previously allocated BN_CTX used for temporary variables; see BN_CTX_new(3). Unless noted otherwise, the result BIGNUM must be different from the arguments.

RETURN VALUES

For all functions, 1 is returned for success, 0 on error. The return value should always be checked, for example: The error codes can be obtained by ERR_get_error(3).

SEE ALSO

BN_add_word(3), BN_CTX_new(3), BN_new(3), BN_set_bit(3), BN_set_flags(3), BN_set_negative(3)

HISTORY

BN_add(), BN_sub(), BN_mul(), BN_sqr(), BN_div(), BN_mod(), BN_mod_mul(), BN_mod_exp(), and BN_gcd() first appeared in SSLeay 0.5.1. BN_exp() first appeared in SSLeay 0.9.0. All these functions have been available since OpenBSD 2.4. The ctx argument to BN_mul() was added in SSLeay 0.9.1 and OpenBSD 2.6. BN_nnmod(), BN_mod_add(), BN_mod_sub(), and BN_mod_sqr() first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.

BUGS

Even if the BN_FLG_CONSTTIME flag is set on a or b, BN_gcd() neither fails nor operates in constant time, potentially allowing timing side-channel attacks. Even if the BN_FLG_CONSTTIME flag is set on p, if the modulus m is even, BN_mod_exp() does not operate in constant time, potentially allowing timing side-channel attacks. If BN_FLG_CONSTTIME is set on p, BN_exp() fails instead of operating in constant time.