diff options
author | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2015-02-23 17:43:25 +0000 |
---|---|---|
committer | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2015-02-23 17:43:25 +0000 |
commit | 47a2d5d0615cf84871f46dd70e2187128f0b2144 (patch) | |
tree | 16579f858db46e0754fd6da23b6e122dc8a9cafb /lib/libcrypto/man | |
parent | 4007f6d575d0db4aa99386ca7c0f79bd23c4e00d (diff) |
fourth batch of perlpod(1) to mdoc(7) conversion
Diffstat (limited to 'lib/libcrypto/man')
-rw-r--r-- | lib/libcrypto/man/BN_BLINDING_new.3 | 269 | ||||
-rw-r--r-- | lib/libcrypto/man/BN_CTX_new.3 | 91 | ||||
-rw-r--r-- | lib/libcrypto/man/BN_CTX_start.3 | 85 | ||||
-rw-r--r-- | lib/libcrypto/man/BN_add.3 | 352 | ||||
-rw-r--r-- | lib/libcrypto/man/BN_add_word.3 | 123 | ||||
-rw-r--r-- | lib/libcrypto/man/BN_bn2bin.3 | 237 | ||||
-rw-r--r-- | lib/libcrypto/man/BN_cmp.3 | 99 | ||||
-rw-r--r-- | lib/libcrypto/man/BN_copy.3 | 52 | ||||
-rw-r--r-- | lib/libcrypto/man/BN_generate_prime.3 | 289 | ||||
-rw-r--r-- | lib/libcrypto/man/BN_mod_inverse.3 | 59 | ||||
-rw-r--r-- | lib/libcrypto/man/BN_mod_mul_montgomery.3 | 181 | ||||
-rw-r--r-- | lib/libcrypto/man/BN_mod_mul_reciprocal.3 | 147 | ||||
-rw-r--r-- | lib/libcrypto/man/BN_new.3 | 84 | ||||
-rw-r--r-- | lib/libcrypto/man/BN_num_bytes.3 | 76 | ||||
-rw-r--r-- | lib/libcrypto/man/BN_rand.3 | 93 | ||||
-rw-r--r-- | lib/libcrypto/man/BN_set_bit.3 | 157 | ||||
-rw-r--r-- | lib/libcrypto/man/BN_swap.3 | 23 | ||||
-rw-r--r-- | lib/libcrypto/man/BN_zero.3 | 101 | ||||
-rw-r--r-- | lib/libcrypto/man/Makefile | 6 |
19 files changed, 2521 insertions, 3 deletions
diff --git a/lib/libcrypto/man/BN_BLINDING_new.3 b/lib/libcrypto/man/BN_BLINDING_new.3 new file mode 100644 index 00000000000..c65d79c3bc4 --- /dev/null +++ b/lib/libcrypto/man/BN_BLINDING_new.3 @@ -0,0 +1,269 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_BLINDING_NEW 3 +.Os +.Sh NAME +.Nm BN_BLINDING_new , +.Nm BN_BLINDING_free , +.Nm BN_BLINDING_update , +.Nm BN_BLINDING_convert , +.Nm BN_BLINDING_invert , +.Nm BN_BLINDING_convert_ex , +.Nm BN_BLINDING_invert_ex , +.Nm BN_BLINDING_get_thread_id , +.Nm BN_BLINDING_set_thread_id , +.Nm BN_BLINDING_thread_id , +.Nm BN_BLINDING_get_flags , +.Nm BN_BLINDING_set_flags , +.Nm BN_BLINDING_create_param +.Nd blinding related BIGNUM functions +.Sh SYNOPSIS +.In openssl/bn.h +.Ft BN_BLINDING * +.Fo BN_BLINDING_new +.Fa "const BIGNUM *A" +.Fa "const BIGNUM *Ai" +.Fa "BIGNUM *mod" +.Fc +.Ft void +.Fo BN_BLINDING_free +.Fa "BN_BLINDING *b" +.Fc +.Ft int +.Fo BN_BLINDING_update +.Fa "BN_BLINDING *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_BLINDING_convert +.Fa "BIGNUM *n" +.Fa "BN_BLINDING *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_BLINDING_invert +.Fa "BIGNUM *n" +.Fa "BN_BLINDING *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_BLINDING_convert_ex +.Fa "BIGNUM *n" +.Fa "BIGNUM *r" +.Fa "BN_BLINDING *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_BLINDING_invert_ex +.Fa "BIGNUM *n" +.Fa "const BIGNUM *r" +.Fa "BN_BLINDING *b" +.Fa "BN_CTX *ctx" +.Fc +.Fd #ifndef OPENSSL_NO_DEPRECATED +.Ft unsigned long +.Fo BN_BLINDING_get_thread_id +.Fa "const BN_BLINDING *" +.Fc +.Ft void +.Fo BN_BLINDING_set_thread_id +.Fa "BN_BLINDING *" +.Fa "unsigned long" +.Fc +.Fd #endif +.Ft CRYPTO_THREADID * +.Fo BN_BLINDING_thread_id +.Fa "BN_BLINDING *" +.Fc +.Ft unsigned long +.Fo BN_BLINDING_get_flags +.Fa "const BN_BLINDING *" +.Fc +.Ft void +.Fo BN_BLINDING_set_flags +.Fa "BN_BLINDING *" +.Fa "unsigned long" +.Fc +.Ft BN_BLINDING * +.Fo BN_BLINDING_create_param +.Fa "BN_BLINDING *b" +.Fa "const BIGNUM *e" +.Fa "BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fa "int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,\ + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)" +.Fa "BN_MONT_CTX *m_ctx" +.Fc +.Sh DESCRIPTION +.Fn BN_BLINDING_new +allocates a new +.Vt BN_BLINDING +structure and copies the +.Fa A +and +.Fa \&Ai +values into the newly created +.Vt BN_BLINDING +object. +.Pp +.Fn BN_BLINDING_free +frees the +.Vt BN_BLINDING +structure. +.Pp +.Fn BN_BLINDING_update +updates the +.Vt BN_BLINDING +parameters by squaring the +.Fa A +and +.Fa \&Ai +or, after specific number of uses and if the necessary parameters are +set, by re-creating the blinding parameters. +.Pp +.Fn BN_BLINDING_convert_ex +multiplies +.Fa n +with the blinding factor +.Fa A . +If +.Fa r +is not +.Dv NULL , +a copy of the inverse blinding factor +.Fa \&Ai +will be returned in +.Fa r +(this is useful if a +.Vt RSA +object is shared among several threads). +.Fn BN_BLINDING_invert_ex +multiplies +.Fa n +with the inverse blinding factor +.Fa \&Ai . +If +.Fa r +is not +.Dv NULL , +it will be used as the inverse blinding. +.Pp +.Fn BN_BLINDING_convert +and +.Fn BN_BLINDING_invert +are wrapper functions for +.Fn BN_BLINDING_convert_ex +and +.Fn BN_BLINDING_invert_ex +with +.Fa r +set to +.Dv NULL . +.Pp +.Fn BN_BLINDING_thread_id +provides access to the +.Vt CRYPTO_THREADID +object within the +.Vt BN_BLINDING +structure. +This is to help users provide proper locking if needed for +multi-threaded use. +The "thread id" object of a newly allocated +.Vt BN_BLINDING +structure is initialised to the thread id in which +.Fn BN_BLINDING_new +was called. +.Pp +.Fn BN_BLINDING_get_flags +returns the +.Dv BN_BLINDING_* +flags. +Currently there are two supported flags: +.Dv BN_BLINDING_NO_UPDATE +and +.Dv BN_BLINDING_NO_RECREATE . +.Dv BN_BLINDING_NO_UPDATE +inhibits the automatic update of the +.Vt BN_BLINDING +parameters after each use and +.Dv BN_BLINDING_NO_RECREATE +inhibits the automatic re-creation of the +.Vt BN_BLINDING +parameters after a fixed number of uses (currently 32). +In newly allocated +.Vt BN_BLINDING +objects no flags are set. +.Fn BN_BLINDING_set_flags +sets the +.Dv BN_BLINDING_* +parameters flags. +.Pp +.Fn BN_BLINDING_create_param +creates new +.Vt BN_BLINDING +parameters using the exponent +.Fa e +and the modulus +.Fa m . +.Fa bn_mod_exp +and +.Fa m_ctx +can be used to pass special functions for exponentiation (normally +.Xr BN_mod_exp_mont 3 +and +.Vt BN_MONT_CTX Ns ). +.Sh RETURN VALUES +.Fn BN_BLINDING_new +returns the newly allocated +.Vt BN_BLINDING +structure or +.Dv NULL +in case of an error. +.Pp +.Fn BN_BLINDING_update , +.Fn BN_BLINDING_convert , +.Fn BN_BLINDING_invert , +.Fn BN_BLINDING_convert_ex +and +.Fn BN_BLINDING_invert_ex +return 1 on success and 0 if an error occured. +.Pp +.Fn BN_BLINDING_thread_id +returns a pointer to the thread id object within a +.Vt BN_BLINDING +object. +.Pp +.Fn BN_BLINDING_get_flags +returns the currently set +.Dv BN_BLINDING_* +flags (an +.Vt unsigned long +value). +.Pp +.Fn BN_BLINDING_create_param +returns the newly created +.Vt BN_BLINDING +parameters or +.Dv NULL +on error. +.Sh SEE ALSO +.Xr bn 3 +.Sh HISTORY +.Fn BN_BLINDING_thread_id +was first introduced in OpenSSL 1.0.0, and it deprecates +.Fn BN_BLINDING_set_thread_id +and +.Fn BN_BLINDING_get_thread_id . +.Pp +.Fn BN_BLINDING_convert_ex , +.Fn BN_BLINDIND_invert_ex , +.Fn BN_BLINDING_get_thread_id , +.Fn BN_BLINDING_set_thread_id , +.Fn BN_BLINDING_set_flags , +.Fn BN_BLINDING_get_flags +and +.Fn BN_BLINDING_create_param +were first introduced in OpenSSL 0.9.8 +.Sh AUTHORS +.An Nils Larsch +for +.Lk http://www.openssl.org/ "the OpenSSL project" . diff --git a/lib/libcrypto/man/BN_CTX_new.3 b/lib/libcrypto/man/BN_CTX_new.3 new file mode 100644 index 00000000000..1a773148548 --- /dev/null +++ b/lib/libcrypto/man/BN_CTX_new.3 @@ -0,0 +1,91 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_CTX_NEW 3 +.Os +.Sh NAME +.Nm BN_CTX_new , +.Nm BN_CTX_init , +.Nm BN_CTX_free +.Nd allocate and free BN_CTX structures +.Sh SYNOPSIS +.In openssl/bn.h +.Ft BN_CTX * +.Fo BN_CTX_new +.Fa void +.Fc +.Ft void +.Fo BN_CTX_free +.Fa "BN_CTX *c" +.Fc +.Pp +Deprecated: +.Pp +.Ft void +.Fo BN_CTX_init +.Fa "BN_CTX *c" +.Fc +.Sh DESCRIPTION +A +.Vt BN_CTX +is a structure that holds +.Vt BIGNUM +temporary variables used by library functions. +Since dynamic memory allocation to create +.Vt BIGNUM Ns s +is rather expensive when used in conjunction with repeated subroutine +calls, the +.Vt BN_CTX +structure is used. +.Pp +.Fn BN_CTX_new +allocates and initializes a +.Vt BN_CTX +structure. +.Pp +.Fn BN_CTX_free +frees the components of the +.Vt BN_CTX , +and if it was created by +.Fn BN_CTX_new , +also the structure itself. +If +.Xr BN_CTX_start 3 +has been used on the +.Vt BN_CTX , +.Xr BN_CTX_end 3 +must be called before the +.Vt BN_CTX +may be freed by +.Fn BN_CTX_free . +.Pp +.Fn BN_CTX_init +(deprecated) initializes an existing uninitialized +.Vt BN_CTX . +This should not be used for new programs. +Use +.Fn BN_CTX_new +instead. +.Sh RETURN VALUES +.Fn BN_CTX_new +returns a pointer to the +.Vt BN_CTX . +If the allocation fails, it returns +.Dv NULL +and sets an error code that can be obtained by +.Xr ERR_get_error 3 . +.Pp +.Fn BN_CTX_init +and +.Fn BN_CTX_free +return no value. +.Sh SEE ALSO +.Xr bn 3 , +.Xr BN_add 3 , +.Xr BN_CTX_start 3 , +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn BN_CTX_new +and +.Fn BN_CTX_free +are available in all versions on SSLeay and OpenSSL. +.Fn BN_CTX_init +was added in SSLeay 0.9.1b. diff --git a/lib/libcrypto/man/BN_CTX_start.3 b/lib/libcrypto/man/BN_CTX_start.3 new file mode 100644 index 00000000000..986208ba1a2 --- /dev/null +++ b/lib/libcrypto/man/BN_CTX_start.3 @@ -0,0 +1,85 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_CTX_START 3 +.Os +.Sh NAME +.Nm BN_CTX_start , +.Nm BN_CTX_get , +.Nm BN_CTX_end +.Nd use temporary BIGNUM variables +.Sh SYNOPSIS +.In openssl/bn.h +.Ft void +.Fo BN_CTX_start +.Fa "BN_CTX *ctx" +.Fc +.Ft BIGNUM * +.Fo BN_CTX_get +.Fa "BN_CTX *ctx" +.Fc +.Ft void +.Fo BN_CTX_end +.Fa "BN_CTX *ctx" +.Fc +.Sh DESCRIPTION +These functions are used to obtain temporary +.Vt BIGNUM +variables from a +.Vt BN_CTX +(which can been created by using +.Xr BN_CTX_new 3 ) +in order to save the overhead of repeatedly creating and freeing +.Vt BIGNUM Ns s +in functions that are called from inside a loop. +.Pp +A function must call +.Fn BN_CTX_start +first. +Then, +.Fn BN_CTX_get +may be called repeatedly to obtain temporary +.Vt BIGNUM Ns s. +All +.Fn BN_CTX_get +calls must be made before calling any other functions that use the +.Fa ctx +as an argument. +.Pp +Finally, +.Fn BN_CTX_end +must be called before returning from the function. +When +.Fn BN_CTX_end +is called, the +.Vt BIGNUM +pointers obtained from +.Fn BN_CTX_get +become invalid. +.Sh RETURN VALUES +.Fn BN_CTX_start +and +.Fn BN_CTX_end +return no values. +.Pp +.Fn BN_CTX_get +returns a pointer to the +.Vt BIGNUM , +or +.Dv NULL +on error. +Once +.Fn BN_CTX_get +has failed, the subsequent calls will return +.Dv NULL +as well, so it is sufficient to check the return value of the last +.Fn BN_CTX_get +call. +In case of an error, an error code is set, which can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BN_CTX_new 3 +.Sh HISTORY +.Fn BN_CTX_start , +.Fn BN_CTX_get , +and +.Fn BN_CTX_end +were added in OpenSSL 0.9.5. diff --git a/lib/libcrypto/man/BN_add.3 b/lib/libcrypto/man/BN_add.3 new file mode 100644 index 00000000000..d41599d8b0f --- /dev/null +++ b/lib/libcrypto/man/BN_add.3 @@ -0,0 +1,352 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_ADD 3 +.Os +.Sh NAME +.Nm BN_add , +.Nm BN_sub , +.Nm BN_mul , +.Nm BN_sqr , +.Nm BN_div , +.Nm BN_mod , +.Nm BN_nnmod , +.Nm BN_mod_add , +.Nm BN_mod_sub , +.Nm BN_mod_mul , +.Nm BN_mod_sqr , +.Nm BN_exp , +.Nm BN_mod_exp , +.Nm BN_gcd +.Nd arithmetic operations on BIGNUMs +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_add +.Fa "BIGNUM *r" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" +.Fc +.Ft int +.Fo BN_sub +.Fa "BIGNUM *r" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" +.Fc +.Ft int +.Fo BN_mul +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_sqr +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_div +.Fa "BIGNUM *dv" +.Fa "BIGNUM *rem" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *d" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_mod +.Fa "BIGNUM *rem" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_nnmod +.Fa "BIGNUM *r" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_mod_add +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_mod_sub +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_mod_mul +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_mod_sqr +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_exp +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BIGNUM *p" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_mod_exp +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "const BIGNUM *p" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_gcd +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fa "BN_CTX *ctx" +.Fc +.Sh DESCRIPTION +.Fn BN_add +adds +.Fa a +and +.Fa b +and places the result in +.Fa r +.Pq Li r=a+b . +.Fa r +may be the same +.Vt BIGNUM +as +.Fa a +or +.Fa b . +.Pp +.Fn BN_sub +subtracts +.Fa b +from +.Fa a +and places the result in +.Fa r +.Pq Li r=a-b . +.Pp +.Fn BN_mul +multiplies +.Fa a +and +.Fa b +and places the result in +.Fa r +.Pq Li r=a*b . +.Fa r +may be the same +.Vt BIGNUM +as +.Fa a +or +.Fa b . +For multiplication by powers of 2, use +.Xr BN_lshift 3 . +.Pp +.Fn BN_sqr +takes the square of +.Fa a +and places the result in +.Fa r +.Pq Li r=a^2 . +.Fa r +and +.Fa a +may be the same +.Vt BIGNUM . +This function is faster than +.Fn BN_mul r a a . +.Pp +.Fn BN_div +divides +.Fa a +by +.Fa d +and places the result in +.Fa dv +and the remainder in +.Fa rem +.Pq Li dv=a/d , rem=a%d . +Either of +.Fa dv +and +.Fa rem +may be +.Dv NULL , +in which case the respective value is not returned. +The result is rounded towards zero; thus if +.Fa a +is negative, the remainder will be zero or negative. +For division by powers of 2, use +.Fn BN_rshift 3 . +.Pp +.Fn BN_mod +corresponds to +.Fn BN_div +with +.Fa dv +set to +.Dv NULL . +.Pp +.Fn BN_nnmod +reduces +.Fa a +modulo +.Fa m +and places the non-negative remainder in +.Fa r . +.Pp +.Fn BN_mod_add +adds +.Fa a +to +.Fa b +modulo +.Fa m +and places the non-negative result in +.Fa r . +.Pp +.Fn BN_mod_sub +subtracts +.Fa b +from +.Fa a +modulo +.Fa m +and places the non-negative result in +.Fa r . +.Pp +.Fn BN_mod_mul +multiplies +.Fa a +by +.Fa b +and finds the non-negative remainder respective to modulus +.Fa m +.Pq Li r=(a*b)%m . +.Fa r +may be the same +.Vt BIGNUM +as +.Fa a +or +.Fa b . +For more efficient algorithms for repeated computations using the same +modulus, see +.Xr BN_mod_mul_montgomery 3 +and +.Xr BN_mod_mul_reciprocal 3 . +.Pp +.Fn BN_mod_sqr +takes the square of +.Fa a +modulo +.Fa m +and places the result in +.Fa r . +.Pp +.Fn BN_exp +raises +.Fa a +to the +.Fa p Ns -th +power and places the result in +.Fa r +.Pq Li r=a^p . +This function is faster than repeated applications of +.Fn BN_mul . +.Pp +.Fn BN_mod_exp +computes +.Fa a +to the +.Fa p Ns -th +power modulo +.Fa m +.Pq Li r=(a^p)%m . +This function uses less time and space than +.Fn BN_exp . +.Pp +.Fn BN_gcd +computes the greatest common divisor of +.Fa a +and +.Fa b +and places the result in +.Fa r . +.Fa r +may be the same +.Vt BIGNUM +as +.Fa a +or +.Fa b . +.Pp +For all functions, +.Fa ctx +is a previously allocated +.Vt BN_CTX +used for temporary variables; see +.Xr BN_CTX_new 3 . +.Pp +Unless noted otherwise, the result +.Vt BIGNUM +must be different from the arguments. +.Sh RETURN VALUES +For all functions, 1 is returned for success, 0 on error. +The return value should always be checked, for example: +.Pp +.Dl if (!BN_add(r,a,b)) goto err; +.Pp +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr bn 3 , +.Xr BN_add_word 3 , +.Xr BN_CTX_new 3 , +.Xr BN_set_bit 3 , +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn BN_add , +.Fn BN_sub , +.Fn BN_sqr , +.Fn BN_div , +.Fn BN_mod , +.Fn BN_mod_mul , +.Fn BN_mod_exp , +and +.Fn BN_gcd +are available in all versions of SSLeay and OpenSSL. +The +.Fa ctx +argument to +.Fn BN_mul +was added in SSLeay 0.9.1b. +.Fn BN_exp +appeared in SSLeay 0.9.0. +.Fn BN_nnmod , +.Fn BN_mod_add , +.Fn BN_mod_sub , +and +.Fn BN_mod_sqr +were added in OpenSSL 0.9.7. diff --git a/lib/libcrypto/man/BN_add_word.3 b/lib/libcrypto/man/BN_add_word.3 new file mode 100644 index 00000000000..930aae4d320 --- /dev/null +++ b/lib/libcrypto/man/BN_add_word.3 @@ -0,0 +1,123 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_ADD_WORD 3 +.Os +.Sh NAME +.Nm BN_add_word , +.Nm BN_sub_word , +.Nm BN_mul_word , +.Nm BN_div_word , +.Nm BN_mod_word +.Nd arithmetic functions on BIGNUMs with integers +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_add_word +.Fa "BIGNUM *a" +.Fa "BN_ULONG w" +.Fc +.Ft int +.Fo BN_sub_word +.Fa "BIGNUM *a" +.Fa "BN_ULONG w" +.Fc +.Ft int +.Fo BN_mul_word +.Fa "BIGNUM *a" +.Fa "BN_ULONG w" +.Fc +.Ft BN_ULONG +.Fo BN_div_word +.Fa "BIGNUM *a" +.Fa "BN_ULONG w" +.Fc +.Ft BN_ULONG +.Fo BN_mod_word +.Fa "const BIGNUM *a" +.Fa "BN_ULONG w" +.Fc +.Sh DESCRIPTION +These functions perform arithmetic operations on BIGNUMs with unsigned +integers. +They are much more efficient than the normal BIGNUM arithmetic +operations. +.Pp +.Fn BN_add_word +adds +.Fa w +to +.Fa a +.Pq Li a+=w . +.Pp +.Fn BN_sub_word +subtracts +.Fa w +from +.Fa a +.Pq Li a-=w . +.Pp +.Fn BN_mul_word +multiplies +.Fa a +and +.Fa w +.Pq Li a*=w . +.Pp +.Fn BN_div_word +divides +.Fa a +by +.Fa w +.Pq Li a/=w +and returns the remainder. +.Pp +.Fn BN_mod_word +returns the remainder of +.Fa a +divided by +.Fa w +.Pq Li a%w . +.Pp +For +.Fn BN_div_word +and +.Fn BN_mod_word , +.Fa w +must not be 0. +.Sh RETURN VALUES +.Fn BN_add_word , +.Fn BN_sub_word , +and +.Fn BN_mul_word +return 1 for success, 0 on error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Pp +.Fn BN_mod_word +and +.Fn BN_div_word +return +.Fa a Ns % Ns Fa w +on success and +.Pq Vt BN_ULONG Ns -1 +if an error occurred. +.Sh SEE ALSO +.Xr bn 3 , +.Xr BN_add 3 , +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn BN_add_word +and +.Fn BN_mod_word +are available in all versions of SSLeay and OpenSSL. +.Fn BN_div_word +was added in SSLeay 0.8, and +.Fn BN_sub_word +and +.Fn BN_mul_word +in SSLeay 0.9.0. +.Pp +Before 0.9.8a, the return value for +.Fn BN_div_word +and +.Fn BN_mod_word +in case of an error was 0. diff --git a/lib/libcrypto/man/BN_bn2bin.3 b/lib/libcrypto/man/BN_bn2bin.3 new file mode 100644 index 00000000000..02d6b2c8b83 --- /dev/null +++ b/lib/libcrypto/man/BN_bn2bin.3 @@ -0,0 +1,237 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_BN2BIN 3 +.Os +.Sh NAME +.Nm BN_bn2bin , +.Nm BN_bin2bn , +.Nm BN_bn2hex , +.Nm BN_bn2dec , +.Nm BN_hex2bn , +.Nm BN_dec2bn , +.Nm BN_print , +.Nm BN_print_fp , +.Nm BN_bn2mpi , +.Nm BN_mpi2bn +.Nd format conversions +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_bn2bin +.Fa "const BIGNUM *a" +.Fa "unsigned char *to" +.Fc +.Ft BIGNUM * +.Fo BN_bin2bn +.Fa "const unsigned char *s" +.Fa "int len" +.Fa "BIGNUM *ret" +.Fc +.Ft char * +.Fo BN_bn2hex +.Fa "const BIGNUM *a" +.Fc +.Ft char * +.Fo BN_bn2dec +.Fa "const BIGNUM *a" +.Fc +.Ft int +.Fo BN_hex2bn +.Fa "BIGNUM **a" +.Fa "const char *str" +.Fc +.Ft int +.Fo BN_dec2bn +.Fa "BIGNUM **a" +.Fa "const char *str" +.Fc +.Ft int +.Fo BN_print +.Fa "BIO *fp" +.Fa "const BIGNUM *a" +.Fc +.Ft int +.Fo BN_print_fp +.Fa "FILE *fp" +.Fa "const BIGNUM *a" +.Fc +.Ft int +.Fo BN_bn2mpi +.Fa "const BIGNUM *a" +.Fa "unsigned char *to" +.Fc +.Ft BIGNUM * +.Fo BN_mpi2bn +.Fa "unsigned char *s" +.Fa "int len" +.Fa "BIGNUM *ret" +.Fc +.Sh DESCRIPTION +.Fn BN_bn2bin +converts the absolute value of +.Fa a +into big-endian form and stores it at +.Fa to . +.Fa to +must point to +.Fn BN_num_bytes a +bytes of memory. +.Pp +.Fn BN_bin2bn +converts the positive integer in big-endian form of length +.Fa len +at +.Fa s +into a +.Vt BIGNUM +and places it in +.Fa ret . +If +.Fa ret +is +.Dv NULL , +a new +.Vt BIGNUM +is created. +.Pp +.Fn BN_bn2hex +and +.Fn BN_bn2dec +return printable strings containing the hexadecimal and decimal encoding of +.Fa a +respectively. +For negative numbers, the string is prefaced with a leading minus sign. +The string must be freed later using +.Xr free 3 . +.Pp +.Fn BN_hex2bn +converts the string +.Fa str +containing a hexadecimal number to a +.Vt BIGNUM +and stores it in +.Pf * Fa a . +If +.Pf * Fa a +is +.Dv NULL , +a new +.Vt BIGNUM +is created. +If +.Fa a +is +.Dv NULL , +it only computes the number's length in hexadecimal digits. +If the string starts with a minus sign, the number is negative. +.Fn BN_dec2bn +is the same using the decimal system. +.Pp +.Fn BN_print +and +.Fn BN_print_fp +write the hexadecimal encoding of +.Fa a , +with a leading minus sign for negative numbers, to the +.Vt BIO +or +.Vt FILE +.Fa fp . +.Pp +.Fn BN_bn2mpi +and +.Fn BN_mpi2bn +convert +.Vt BIGNUM Ns s +from and to a format that consists of the number's length in bytes +represented as a 4-byte big-endian number, and the number itself in +big-endian format, where the most significant bit signals a negative +number (the representation of numbers with the MSB set is prefixed with +a NUL byte). +.Pp +.Fn BN_bn2mpi +stores the representation of +.Fa a +at +.Fa to , +where +.Fa to +must be large enough to hold the result. +The size can be determined by calling +.Fn BN_bn2mpi a , NULL . +.Pp +.Fn BN_mpi2bn +converts the +.Fa len +bytes long representation at +.Fa s +to a +.Vt BIGNUM +and stores it at +.Fa ret , +or in a newly allocated +.Vt BIGNUM +if +.Fa ret +is +.Dv NULL . +.Sh RETURN VALUES +.Fn BN_bn2bin +returns the length of the big-endian number placed at +.Fa to . +.Fn BN_bin2bn +returns the +.Vt BIGNUM , +or +.Dv NULL +on error. +.Pp +.Fn BN_bn2hex +and +.Fn BN_bn2dec +return a NUL-terminated string, or +.Dv NULL +on error. +.Fn BN_hex2bn +and +.Fn BN_dec2bn +return the number's length in hexadecimal or decimal digits, and 0 on +error. +.Pp +.Fn BN_print_fp +and +.Fn BN_print +return 1 on success, 0 on write errors. +.Pp +.Fn BN_bn2mpi +returns the length of the representation. +.Fn BN_mpi2bn +returns the +.Vt BIGNUM , +or +.Dv NULL +on error. +.Pp +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ASN1_INTEGER_to_BN 3 , +.Xr bn 3 , +.Xr BN_num_bytes 3 , +.Xr BN_zero 3 , +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn BN_bn2bin , +.Fn BN_bin2bn , +.Fn BN_print_fp , +and +.Fn BN_print +are available in all versions of SSLeay and OpenSSL. +.Pp +.Fn BN_bn2hex , +.Fn BN_bn2dec , +.Fn BN_hex2bn , +.Fn BN_dec2bn , +.Fn BN_bn2mpi , +and +.Fn BN_mpi2bn +were added in SSLeay 0.9.0. diff --git a/lib/libcrypto/man/BN_cmp.3 b/lib/libcrypto/man/BN_cmp.3 new file mode 100644 index 00000000000..b0a03b25ced --- /dev/null +++ b/lib/libcrypto/man/BN_cmp.3 @@ -0,0 +1,99 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_CMP 3 +.Os +.Sh NAME +.Nm BN_cmp , +.Nm BN_ucmp , +.Nm BN_is_zero , +.Nm BN_is_one , +.Nm BN_is_word , +.Nm BN_is_odd +.Nd BIGNUM comparison and test functions +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_cmp +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fc +.Ft int +.Fo BN_ucmp +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fc +.Ft int +.Fo BN_is_zero +.Fa "BIGNUM *a" +.Fc +.Ft int +.Fo BN_is_one +.Fa "BIGNUM *a" +.Fc +.Ft int +.Fo BN_is_word +.Fa "BIGNUM *a" +.Fa "BN_ULONG w" +.Fc +.Ft int +.Fo BN_is_odd +.Fa "BIGNUM *a" +.Fc +.Sh DESCRIPTION +.Fn BN_cmp +compares the numbers +.Fa a +and +.Fa b . +.Fn BN_ucmp +compares their absolute values. +.Pp +.Fn BN_is_zero , +.Fn BN_is_one +and +.Fn BN_is_word +test if +.Fa a +equals 0, 1, or +.Fa w +respectively. +.Fn BN_is_odd +tests if a is odd. +.Pp +.Fn BN_is_zero , +.Fn BN_is_one , +.Fn BN_is_word , +and +.Fn BN_is_odd +are macros. +.Sh RETURN VALUES +.Fn BN_cmp +returns -1 if +.Fa a Ns < Ns Fa b , +0 if +.Fa a Ns == Ns Fa b , +and 1 if +.Fa a Ns > Ns Fa b . +.Fn BN_ucmp +is the same using the absolute values of +.Fa a +and +.Fa b . +.Pp +.Fn BN_is_zero , +.Fn BN_is_one , +.Fn BN_is_word , +and +.Fn BN_is_odd +return 1 if the condition is true, 0 otherwise. +.Sh SEE ALSO +.Xr bn 3 +.Sh HISTORY +.Fn BN_cmp , +.Fn BN_ucmp , +.Fn BN_is_zero , +.Fn BN_is_one +and +.Fn BN_is_word +are available in all versions of SSLeay and OpenSSL. +.Fn BN_is_odd +was added in SSLeay 0.8. diff --git a/lib/libcrypto/man/BN_copy.3 b/lib/libcrypto/man/BN_copy.3 new file mode 100644 index 00000000000..765e46c01c8 --- /dev/null +++ b/lib/libcrypto/man/BN_copy.3 @@ -0,0 +1,52 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_COPY 3 +.Os +.Sh NAME +.Nm BN_copy , +.Nm BN_dup +.Nd copy BIGNUMs +.Sh SYNOPSIS +.In openssl/bn.h +.Ft BIGNUM * +.Fo BN_copy +.Fa "BIGNUM *to" +.Fa "const BIGNUM *from" +.Fc +.Ft BIGNUM * +.Fo BN_dup +.Fa "const BIGNUM *from" +.Fc +.Sh DESCRIPTION +.Fn BN_copy +copies +.Fa from +to +.Fa to . +.Fn BN_dup +creates a new +.Vt BIGNUM +containing the value +.Fa from . +.Sh RETURN VALUES +.Fn BN_copy +returns +.Fa to +on success, +.Dv NULL +on error. +.Fn BN_dup +returns the new +.Vt BIGNUM , +or +.Dv NULL +on error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr bn 3 , +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn BN_copy +and +.Fn BN_dup +are available in all versions of SSLeay and OpenSSL. diff --git a/lib/libcrypto/man/BN_generate_prime.3 b/lib/libcrypto/man/BN_generate_prime.3 new file mode 100644 index 00000000000..e269571914a --- /dev/null +++ b/lib/libcrypto/man/BN_generate_prime.3 @@ -0,0 +1,289 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_GENERATE_PRIME 3 +.Os +.Sh NAME +.Nm BN_generate_prime_ex , +.Nm BN_is_prime_ex , +.Nm BN_is_prime_fasttest_ex , +.Nm BN_GENCB_call , +.Nm BN_GENCB_set_old , +.Nm BN_GENCB_set , +.Nm BN_generate_prime , +.Nm BN_is_prime , +.Nm BN_is_prime_fasttest +.Nd generate primes and test for primality +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_generate_prime_ex +.Fa "BIGNUM *ret" +.Fa "int bits" +.Fa "int safe" +.Fa "const BIGNUM *add" +.Fa "const BIGNUM *rem" +.Fa "BN_GENCB *cb" +.Fc +.Ft int +.Fo BN_is_prime_ex +.Fa "const BIGNUM *p" +.Fa "int nchecks" +.Fa "BN_CTX *ctx" +.Fa "BN_GENCB *cb" +.Fc +.Ft int +.Fo BN_is_prime_fasttest_ex +.Fa "const BIGNUM *p" +.Fa "int nchecks" +.Fa "BN_CTX *ctx" +.Fa "int do_trial_division" +.Fa "BN_GENCB *cb" +.Fc +.Ft int +.Fo BN_GENCB_call +.Fa "BN_GENCB *cb" +.Fa "int a" +.Fa "int b" +.Fc +.Fd #define BN_GENCB_set_old(gencb, callback, cb_arg) ... +.Fd #define BN_GENCB_set(gencb, callback, cb_arg) ... +.Pp +Deprecated: +.Pp +.Ft BIGNUM * +.Fo BN_generate_prime +.Fa "BIGNUM *ret" +.Fa "int num" +.Fa "int safe" +.Fa "BIGNUM *add" +.Fa "BIGNUM *rem" +.Fa "void (*callback)(int, int, void *)" +.Fa "void *cb_arg" +.Fc +.Ft int +.Fo BN_is_prime +.Fa "const BIGNUM *a" +.Fa "int checks" +.Fa "void (*callback)(int, int, void *)" +.Fa "BN_CTX *ctx" +.Fa "void *cb_arg" +.Fc +.Ft int +.Fo BN_is_prime_fasttest +.Fa "const BIGNUM *a" +.Fa "int checks" +.Fa "void (*callback)(int, int, void *)" +.Fa "BN_CTX *ctx" +.Fa "void *cb_arg" +.Fa "int do_trial_division" +.Fc +.Sh DESCRIPTION +.Fn BN_generate_prime_ex +generates a pseudo-random prime number of bit length +.Fa bits . +If +.Fa ret +is not +.Dv NULL , +it will be used to store the number. +.Pp +If +.Fa cb +is not +.Dv NULL , +it is used as follows: +.Bl -bullet +.It +.Fn BN_GENCB_call cb 0 i +is called after generating the i-th potential prime number. +.It +While the number is being tested for primality, +.Fn BN_GENCB_call cb 1 j +is called as described below. +.It +When a prime has been found, +.Fn BN_GENCB_call cb 2 i +is called. +.El +.Pp +The prime may have to fulfill additional requirements for use in +Diffie-Hellman key exchange: +.Pp +If +.Fa add +is not +.Dv NULL , +the prime will fulfill the condition p % +.Fa add +== +.Fa rem +(p % +.Fa add +== 1 if +.Fa rem +== +.Dv NULL ) +in order to suit a given generator. +.Pp +If +.Fa safe +is true, it will be a safe prime (i.e. a prime p so that (p-1)/2 +is also prime). +.Pp +The prime number generation has a negligible error probability. +.Pp +.Fn BN_is_prime_ex +and +.Fn BN_is_prime_fasttest_ex +test if the number +.Fa p +is prime. +The following tests are performed until one of them shows that +.Fa p +is composite; if +.Fa p +passes all these tests, it is considered prime. +.Pp +.Fn BN_is_prime_fasttest_ex , +when called with +.Fa do_trial_division +== 1, first attempts trial division by a number of small primes; +if no divisors are found by this test and +.Fa cb +is not +.Dv NULL , +.Sy BN_GENCB_call(cb, 1, -1) +is called. +If +.Fa do_trial_division +== 0, this test is skipped. +.Pp +Both +.Fn BN_is_prime_ex +and +.Fn BN_is_prime_fasttest_ex +perform a Miller-Rabin probabilistic primality test with +.Fa nchecks +iterations. +If +.Fa nchecks +== +.Dv BN_prime_checks , +a number of iterations is used that yields a false positive rate of at +most 2^-80 for random input. +.Pp +If +.Fa cb +is not +.Dv NULL , +.Fa BN_GENCB_call cb 1 j +is called after the j-th iteration (j = 0, 1, ...). +.Fa ctx +is a pre-allocated +.Vt BN_CTX +(to save the overhead of allocating and freeing the structure in a +loop), or +.Dv NULL . +.Pp +.Fn BN_GENCB_call +calls the callback function held in the +.Vt BN_GENCB +structure and passes the ints +.Fa a +and +.Fa b +as arguments. +There are two types of +.Vt BN_GENCB +structures that are supported: "new" style and "old" style. +New programs should prefer the "new" style, whilst the "old" style is +provided for backwards compatibility purposes. +.Pp +For "new" style callbacks a +.Vt BN_GENCB +structure should be initialised with a call to +.Fn BN_GENCB_set , +where +.Fa gencb +is a +.Vt BN_GENCB * , +.Fa callback +is of type +.Vt int (*callback)(int, int, BN_GENCB *) +and +.Fa cb_arg +is a +.Vt void * . +"Old" style callbacks are the same except they are initialised with a +call to +.Fn BN_GENCB_set_old +and +.Fa callback +is of type +.Vt void (*callback)(int, int, void *) . +.Pp +A callback is invoked through a call to +.Fn BN_GENCB_call . +This will check the type of the callback and will invoke +.Fn callback a b gencb +for new style callbacks or +.Fn callback a b cb_arg +for old style. +.Pp +.Fn BN_generate_prime +(deprecated) works in the same way as +.Fn BN_generate_prime_ex +but expects an old style callback function directly in the +.Fa callback +parameter, and an argument to pass to it in the +.Fa cb_arg . +Similarly +.Fn BN_is_prime +and +.Fn BN_is_prime_fasttest +are deprecated and can be compared to +.Fn BN_is_prime_ex +and +.Fn BN_is_prime_fasttest_ex +respectively. +.Sh RETURN VALUES +.Fn BN_generate_prime_ex +returns 1 on success or 0 on error. +.Pp +.Fn BN_is_prime_ex , +.Fn BN_is_prime_fasttest_ex , +.Fn BN_is_prime , +and +.Fn BN_is_prime_fasttest +return 0 if the number is composite, 1 if it is prime with an error +probability of less than +.Pf 0.25^ Fa nchecks , +and -1 on error. +.Pp +.Fn BN_generate_prime +returns the prime number on success, +.Dv NULL +otherwise. +.Pp +Callback functions should return 1 on success or 0 on error. +.Pp +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr bn 3 , +.Xr ERR_get_error 3 , +.Xr rand 3 +.Sh HISTORY +The +.Fa cb_arg +arguments to +.Fn BN_generate_prime +and to +.Fn BN_is_prime +were added in SSLeay 0.9.0. +The +.Fa ret +argument to +.Fn BN_generate_prime +was added in SSLeay 0.9.1. +.Fn BN_is_prime_fasttest +was added in OpenSSL 0.9.5. diff --git a/lib/libcrypto/man/BN_mod_inverse.3 b/lib/libcrypto/man/BN_mod_inverse.3 new file mode 100644 index 00000000000..db63269fb85 --- /dev/null +++ b/lib/libcrypto/man/BN_mod_inverse.3 @@ -0,0 +1,59 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_MOD_INVERSE 3 +.Os +.Sh NAME +.Nm BN_mod_inverse +.Nd compute inverse modulo n +.Sh SYNOPSIS +.In openssl/bn.h +.Ft BIGNUM * +.Fo BN_mod_inverse +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "const BIGNUM *n" +.Fa "BN_CTX *ctx" +.Fc +.Sh DESCRIPTION +.Fn BN_mod_inverse +computes the inverse of +.Fa a +modulo +.Fa n +add places the result in +.Fa r +.Pq Li (a*r)%n==1 . +If +.Fa r +is +.Dv NULL , +a new +.Vt BIGNUM +is created. +.Pp +.Fa ctx +is a previously allocated +.Vt BN_CTX +used for temporary variables. +.Fa r +may be the same +.Vt BIGNUM +as +.Fa a +or +.Fa n . +.Sh RETURN VALUES +.Fn BN_mod_inverse +returns the +.Vt BIGNUM +containing the inverse, or +.Dv NULL +on error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr bn 3 , +.Xr BN_add 3 , +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn BN_mod_inverse +is available in all versions of SSLeay and OpenSSL. diff --git a/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/lib/libcrypto/man/BN_mod_mul_montgomery.3 new file mode 100644 index 00000000000..ac120f3c02b --- /dev/null +++ b/lib/libcrypto/man/BN_mod_mul_montgomery.3 @@ -0,0 +1,181 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_MOD_MUL_MONTGOMERY 3 +.Os +.Sh NAME +.Nm BN_mod_mul_montgomery , +.Nm BN_MONT_CTX_new , +.Nm BN_MONT_CTX_init , +.Nm BN_MONT_CTX_free , +.Nm BN_MONT_CTX_set , +.Nm BN_MONT_CTX_copy , +.Nm BN_from_montgomery , +.Nm BN_to_montgomery +.Nd Montgomery multiplication +.Sh SYNOPSIS +.In openssl/bn.h +.Ft BN_MONT_CTX * +.Fo BN_MONT_CTX_new +.Fa void +.Fc +.Ft void +.Fo BN_MONT_CTX_init +.Fa "BN_MONT_CTX *ctx" +.Fc +.Ft void +.Fo BN_MONT_CTX_free +.Fa "BN_MONT_CTX *mont" +.Fc +.Ft int +.Fo BN_MONT_CTX_set +.Fa "BN_MONT_CTX *mont" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft BN_MONT_CTX * +.Fo BN_MONT_CTX_copy +.Fa "BN_MONT_CTX *to" +.Fa "BN_MONT_CTX *from" +.Fc +.Ft int +.Fo BN_mod_mul_montgomery +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fa "BN_MONT_CTX *mont" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_from_montgomery +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BN_MONT_CTX *mont" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_to_montgomery +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BN_MONT_CTX *mont" +.Fa "BN_CTX *ctx" +.Fc +.Sh DESCRIPTION +These functions implement Montgomery multiplication. +They are used automatically when +.Xr BN_mod_exp 3 +is called with suitable input, but they may be useful when several +operations are to be performed using the same modulus. +.Pp +.Fn BN_MONT_CTX_new +allocates and initializes a +.Vt BN_MONT_CTX +structure. +.Fn BN_MONT_CTX_init +initializes an existing uninitialized +.Vt BN_MONT_CTX . +.Pp +.Fn BN_MONT_CTX_set +sets up the +.Fa mont +structure from the modulus +.Fa m +by precomputing its inverse and a value R. +.Pp +.Fn BN_MONT_CTX_copy +copies the +.Vt BN_MONT_CTX +.Fa from +to +.Fa to . +.Pp +.Fn BN_MONT_CTX_free +frees the components of the +.Vt BN_MONT_CTX , +and, if it was created by +.Fn BN_MONT_CTX_new , +also the structure itself. +.Pp +.Fn BN_mod_mul_montgomery +computes +.Pp +.D1 Mont Ns Po Fa a , Fa b Pc := Fa a No * Fa b No * R^-1 +.Pp +and places the result in +.Fa r . +.Pp +.Fn BN_from_montgomery +performs the Montgomery reduction +.Pp +.D1 Fa r No = Fa a No * R^-1. +.Pp +.Fn BN_to_montgomery +computes +.Pp +.D1 Mont Ns Po Fa a , No R^2 Pc = Fa a No * R . +.Pp +Note that +.Fa a +must be non-negative and smaller than the modulus. +.Pp +For all functions, +.Fa ctx +is a previously allocated +.Vt BN_CTX +used for temporary variables. +.Pp +The +.Vt BN_MONT_CTX +structure is defined as follows: +.Bd -literal +typedef struct bn_mont_ctx_st { + int ri; /* number of bits in R */ + BIGNUM RR; /* R^2 (used to convert to Montgomery form) */ + BIGNUM N; /* The modulus */ + BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 + * (Ni is only stored for bignum algorithm) */ + BN_ULONG n0; /* least significant word of Ni */ + int flags; +} BN_MONT_CTX; +.Ed +.Pp +.Fn BN_to_montgomery +is a macro. +.Pp +.Sy Warning: +The inputs must be reduced modulo +.Fa m , +otherwise the result will be outside the expected range. +.Sh RETURN VALUES +.Fn BN_MONT_CTX_new +returns the newly allocated +.Vt BN_MONT_CTX , +and +.Dv NULL +on error. +.Pp +.Fn BN_MONT_CTX_init +and +.Fn BN_MONT_CTX_free +return no values. +.Pp +For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr bn 3 , +.Xr BN_add 3 , +.Xr BN_CTX_new 3 , +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn BN_MONT_CTX_new , +.Fn BN_MONT_CTX_free , +.Fn BN_MONT_CTX_set , +.Fn BN_mod_mul_montgomery , +.Fn BN_from_montgomery +and +.Fn BN_to_montgomery +are available in all versions of SSLeay and OpenSSL. +.Pp +.Fn BN_MONT_CTX_init +and +.Fn BN_MONT_CTX_copy +were added in SSLeay 0.9.1b. diff --git a/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/lib/libcrypto/man/BN_mod_mul_reciprocal.3 new file mode 100644 index 00000000000..ceb1ffae5b0 --- /dev/null +++ b/lib/libcrypto/man/BN_mod_mul_reciprocal.3 @@ -0,0 +1,147 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_MOD_MUL_RECIPROCAL 3 +.Os +.Sh NAME +.Nm BN_mod_mul_reciprocal , +.Nm BN_div_recp , +.Nm BN_RECP_CTX_new , +.Nm BN_RECP_CTX_init , +.Nm BN_RECP_CTX_free , +.Nm BN_RECP_CTX_set +.Nd modular multiplication using reciprocal +.Sh SYNOPSIS +.In openssl/bn.h +.Ft BN_RECP_CTX * +.Fo BN_RECP_CTX_new +.Fa void +.Fc +.Ft void +.Fo BN_RECP_CTX_init +.Fa "BN_RECP_CTX *recp" +.Fc +.Ft void +.Fo BN_RECP_CTX_free +.Fa "BN_RECP_CTX *recp" +.Fc +.Ft int +.Fo BN_RECP_CTX_set +.Fa "BN_RECP_CTX *recp" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_div_recp +.Fa "BIGNUM *dv" +.Fa "BIGNUM *rem" +.Fa "BIGNUM *a" +.Fa "BN_RECP_CTX *recp" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_mod_mul_reciprocal +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fa "BN_RECP_CTX *recp" +.Fa "BN_CTX *ctx" +.Fc +.Sh DESCRIPTION +.Fn BN_mod_mul_reciprocal +can be used to perform an efficient +.Xr BN_mod_mul 3 +operation when the operation will be performed repeatedly with the same +modulus. +It computes +.Fa r Ns =( Ns Fa a Ns * Ns Fa b Ns )% Ns Fa m +using +.Fa recp Ns =1/ Ns Fa m , +which is set as described below. +.Fa ctx +is a previously allocated +.Vt BN_CTX +used for temporary variables. +.Pp +.Fn BN_RECP_CTX_new +allocates and initializes a +.Vt BN_RECP_CTX +structure. +.Fn BN_RECP_CTX_init +initializes an existing uninitialized +.Vt BN_RECP_CTX . +.Pp +.Fn BN_RECP_CTX_free +frees the components of the +.Vt BN_RECP_CTX , +and, if it was created by +.Fn BN_RECP_CTX_new , +also the structure itself. +.Pp +.Fn BN_RECP_CTX_set +stores +.Fa m +in +.Fa recp +and sets it up for computing +.Pf 1/ Fa m +and shifting it left by +.Fn BN_num_bits m Ns +1 +to make it an integer. +The result and the number of bits it was shifted left will later be +stored in +.Fa recp . +.Pp +.Fn BN_div_recp +divides +.Fa a +by +.Fa m +using +.Fa recp . +It places the quotient in +.Fa dv +and the remainder in +.Fa rem . +.Pp +The +.Vt BN_RECP_CTX +structure is defined as follows: +.Bd -literal +typedef struct bn_recp_ctx_st { + BIGNUM N; /* the divisor */ + BIGNUM Nr; /* the reciprocal */ + int num_bits; + int shift; + int flags; +} BN_RECP_CTX; +.Ed +.Pp +It cannot be shared between threads. +.Sh RETURN VALUES +.Fn BN_RECP_CTX_new +returns the newly allocated +.Vt BN_RECP_CTX , +or +.Dv NULL +on error. +.Pp +.Fn BN_RECP_CTX_init +and +.Fn BN_RECP_CTX_free +return no values. +.Pp +For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr bn 3 , +.Xr BN_add 3 , +.Xr BN_CTX_new 3 , +.Xr ERR_get_error 3 +.Sh HISTORY +.Vt BN_RECP_CTX +was added in SSLeay 0.9.0. +Before that, a function +.Fn BN_reciprocal +was used instead, and the +.Fn BN_mod_mul_reciprocal +arguments were different. diff --git a/lib/libcrypto/man/BN_new.3 b/lib/libcrypto/man/BN_new.3 new file mode 100644 index 00000000000..ad8ce886d93 --- /dev/null +++ b/lib/libcrypto/man/BN_new.3 @@ -0,0 +1,84 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_NEW 3 +.Os +.Sh NAME +.Nm BN_new , +.Nm BN_init , +.Nm BN_clear , +.Nm BN_free , +.Nm BN_clear_free +.Nd allocate and free BIGNUMs +.Sh SYNOPSIS +.In openssl/bn.h +.Ft BIGNUM * +.Fo BN_new +.Fa void +.Fc +.Ft void +.Fo BN_init +.Fa "BIGNUM *" +.Fc +.Ft void +.Fo BN_clear +.Fa "BIGNUM *a" +.Fc +.Ft void +.Fo BN_free +.Fa "BIGNUM *a" +.Fc +.Ft void +.Fo BN_clear_free +.Fa "BIGNUM *a" +.Fc +.Sh DESCRIPTION +.Fn BN_new +allocates and initializes a +.Vt BIGNUM +structure. +.Fn BN_init +initializes an existing uninitialized +.Vt BIGNUM . +.Pp +.Fn BN_clear +is used to destroy sensitive data such as keys when they are no longer +needed. +It erases the memory used by +.Fa a +and sets it to the value 0. +.Pp +.Fn BN_free +frees the components of the +.Vt BIGNUM , +and if it was created by +.Fn BN_new , +also the structure itself. +.Fn BN_clear_free +additionally overwrites the data before the memory is returned to the +system. +.Sh RETURN VALUES +.Fn BN_new +returns a pointer to the +.Vt BIGNUM . +If the allocation fails, it returns +.Dv NULL +and sets an error code that can be obtained by +.Xr ERR_get_error 3 . +.Pp +.Fn BN_init , +.Fn BN_clear , +.Fn BN_free , +and +.Fn BN_clear_free +return no values. +.Sh SEE ALSO +.Xr bn 3 , +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn BN_new , +.Fn BN_clear , +.Fn BN_free , +and +.Fn BN_clear_free +are available in all versions on SSLeay and OpenSSL. +.Fn BN_init +was added in SSLeay 0.9.1b. diff --git a/lib/libcrypto/man/BN_num_bytes.3 b/lib/libcrypto/man/BN_num_bytes.3 new file mode 100644 index 00000000000..2d7be7e4438 --- /dev/null +++ b/lib/libcrypto/man/BN_num_bytes.3 @@ -0,0 +1,76 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_NUM_BYTES 3 +.Os +.Sh NAME +.Nm BN_num_bits , +.Nm BN_num_bytes , +.Nm BN_num_bits_word +.Nd get BIGNUM size +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_num_bytes +.Fa "const BIGNUM *a" +.Fc +.Ft int +.Fo BN_num_bits +.Fa "const BIGNUM *a" +.Fc +.Ft int +.Fo BN_num_bits_word +.Fa "BN_ULONG w" +.Fc +.Sh DESCRIPTION +.Fn BN_num_bytes +returns the size of a +.Sy BIGNUM +in bytes. +.Pp +.Fn BN_num_bits_word +returns the number of significant bits in a word. +If we take 0x00000432 as an example, it returns 11, not 16, not 32. +Basically, except for a zero, it returns +.Pp +.D1 floor(log2( Ns Fa w ) ) No + 1 . +.Pp +.Fn BN_num_bits +returns the number of significant bits in a +.Sy BIGNUM , +following the same principle as +.Fn BN_num_bits_word . +.Pp +.Fn BN_num_bytes +is a macro. +.Sh RETURN VALUES +The size. +.Sh NOTES +Some have tried using +.Fn BN_num_bits +on individual numbers in RSA keys, DH keys and DSA keys, and found that +they don't always come up with the number of bits they expected +(something like 512, 1024, 2048, ...). This is because generating a +number with some specific number of bits doesn't always set the highest +bits, thereby making the number of +.Em significant +bits a little lower. +If you want to know the "key size" of such a key, either use functions +like +.Xr RSA_size 3 , +.Xr DH_size 3 , +and +.Xr DSA_size 3 , +or use +.Fn BN_num_bytes +and multiply with 8 (although there's no real guarantee that will match +the "key size", just a lot more probability). +.Sh SEE ALSO +.Xr bn 3 , +.Xr DH_size 3 , +.Xr DSA_size 3 , +.Xr RSA_size 3 +.Sh HISTORY +.Fn BN_num_bytes , +.Fn BN_num_bits , +and +.Fn BN_num_bits_word +are available in all versions of SSLeay and OpenSSL. diff --git a/lib/libcrypto/man/BN_rand.3 b/lib/libcrypto/man/BN_rand.3 new file mode 100644 index 00000000000..5ae9e9d7913 --- /dev/null +++ b/lib/libcrypto/man/BN_rand.3 @@ -0,0 +1,93 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_RAND 3 +.Os +.Sh NAME +.Nm BN_rand , +.Nm BN_pseudo_rand , +.Nm BN_rand_range , +.Nm BN_pseudo_rand_range +.Nd generate pseudo-random number +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_rand +.Fa "BIGNUM *rnd" +.Fa "int bits" +.Fa "int top" +.Fa "int bottom" +.Fc +.Ft int +.Fo BN_pseudo_rand +.Fa "BIGNUM *rnd" +.Fa "int bits" +.Fa "int top" +.Fa "int bottom" +.Fc +.Ft int +.Fo BN_rand_range +.Fa "BIGNUM *rnd" +.Fa "BIGNUM *range" +.Fc +.Ft int +.Fo BN_pseudo_rand_range +.Fa "BIGNUM *rnd" +.Fa "BIGNUM *range" +.Fc +.Sh DESCRIPTION +.Fn BN_rand +generates a cryptographically strong pseudo-random number of +.Fa bits +bits in length and stores it in +.Fa rnd . +If +.Fa top +is -1, the most significant bit of the random number can be zero. +If +.Fa top +is 0, it is set to 1, and if +.Fa top +is 1, the two most significant bits of the number will be set to 1, so +that the product of two such random numbers will always have +.Pf 2* Fa bits +length. +If +.Fa bottom +is true, the number will be odd. +.Pp +.Fn BN_pseudo_rand +does the same, but pseudo-random numbers generated by this function are +not necessarily unpredictable. +They can be used for non-cryptographic purposes and for certain purposes +in cryptographic protocols, but usually not for key generation etc. +.Pp +.Fn BN_rand_range +generates a cryptographically strong pseudo-random number +.Fa rnd +in the range 0 <= +.Fa rnd No < Fa range . +.Fn BN_pseudo_rand_range +does the same, but is based on +.Fn BN_pseudo_rand , +and hence numbers generated by it are not necessarily unpredictable. +.Sh RETURN VALUES +The functions return 1 on success, 0 on error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr bn 3 , +.Xr ERR_get_error 3 , +.Xr rand 3 , +.Xr RAND_add 3 , +.Xr RAND_bytes 3 +.Sh HISTORY +.Fn BN_rand +is available in all versions of SSLeay and OpenSSL. +.Fn BN_pseudo_rand +was added in OpenSSL 0.9.5. +The +.Fa top +== -1 case and the function +.Fn BN_rand_range +were added in OpenSSL 0.9.6a. +.Fn BN_pseudo_rand_range +was added in OpenSSL 0.9.6c. diff --git a/lib/libcrypto/man/BN_set_bit.3 b/lib/libcrypto/man/BN_set_bit.3 new file mode 100644 index 00000000000..4a199cd0d06 --- /dev/null +++ b/lib/libcrypto/man/BN_set_bit.3 @@ -0,0 +1,157 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_SET_BIT 3 +.Os +.Sh NAME +.Nm BN_set_bit , +.Nm BN_clear_bit , +.Nm BN_is_bit_set , +.Nm BN_mask_bits , +.Nm BN_lshift , +.Nm BN_lshift1 , +.Nm BN_rshift , +.Nm BN_rshift1 +.Nd bit operations on BIGNUMs +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_set_bit +.Fa "BIGNUM *a" +.Fa "int n" +.Fc +.Ft int +.Fo BN_clear_bit +.Fa "BIGNUM *a" +.Fa "int n" +.Fc +.Ft int +.Fo BN_is_bit_set +.Fa "const BIGNUM *a" +.Fa "int n" +.Fc +.Ft int +.Fo BN_mask_bits +.Fa "BIGNUM *a" +.Fa "int n" +.Fc +.Ft int +.Fo BN_lshift +.Fa "BIGNUM *r" +.Fa "const BIGNUM *a" +.Fa "int n" +.Fc +.Ft int +.Fo BN_lshift1 +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fc +.Ft int +.Fo BN_rshift +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "int n" +.Fc +.Ft int +.Fo BN_rshift1 +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fc +.Sh DESCRIPTION +.Fn BN_set_bit +sets bit +.Fa n +in +.Fa a +to 1 +.Pq Li a|=(1<<n) . +The number is expanded if necessary. +.Pp +.Fn BN_clear_bit +sets bit +.Fa n +in +.Fa a +to 0 +.Pq Li a&=~(1<<n) . +An error occurs if +.Fa a +is shorter than +.Fa n +bits. +.Pp +.Fn BN_is_bit_set +tests if bit +.Fa n +in +.Fa a +is set. +.Pp +.Fn BN_mask_bits +truncates +.Fa a +to an +.Fa n +bit number +.Pq Li a&=~((~0)>>n) . +An error occurs if +.Fa a +already is shorter than +.Fa n +bits. +.Pp +.Fn BN_lshift +shifts +.Fa a +left by +.Fa n +bits and places the result in +.Fa r +.Pq Li r=a*2^n . +.Fn BN_lshift1 +shifts +.Fa a +left by one and places the result in +.Fa r +.Pq Li r=2*a . +.Pp +.Fn BN_rshift +shifts +.Fa a +right by +.Fa n +bits and places the result in +.Fa r +.Pq Li r=a/2^n . +.Fn BN_rshift1 +shifts +.Fa a +right by one and places the result in +.Fa r +.Pq Li r=a/2 . +.Pp +For the shift functions, +.Fa r +and +.Fa a +may be the same variable. +.Sh RETURN VALUES +.Fn BN_is_bit_set +returns 1 if the bit is set, 0 otherwise. +.Pp +All other functions return 1 for success, 0 on error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr bn 3 , +.Xr BN_add 3 , +.Xr BN_num_bytes 3 +.Sh HISTORY +.Fn BN_set_bit , +.Fn BN_clear_bit , +.Fn BN_is_bit_set , +.Fn BN_mask_bits , +.Fn BN_lshift , +.Fn BN_lshift1 , +.Fn BN_rshift , +and +.Fn BN_rshift1 +are available in all versions of SSLeay and OpenSSL. diff --git a/lib/libcrypto/man/BN_swap.3 b/lib/libcrypto/man/BN_swap.3 new file mode 100644 index 00000000000..b252261067a --- /dev/null +++ b/lib/libcrypto/man/BN_swap.3 @@ -0,0 +1,23 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_SWAP 3 +.Os +.Sh NAME +.Nm BN_swap +.Nd exchange BIGNUMs +.Sh SYNOPSIS +.In openssl/bn.h +.Ft void +.Fo BN_swap +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fc +.Sh DESCRIPTION +.Fn BN_swap +exchanges the values of +.Fa a +and +.Fa b . +.Sh SEE ALSO +.Xr bn 3 +.Sh HISTORY +BN_swap was added in OpenSSL 0.9.7. diff --git a/lib/libcrypto/man/BN_zero.3 b/lib/libcrypto/man/BN_zero.3 new file mode 100644 index 00000000000..adfd6a0c652 --- /dev/null +++ b/lib/libcrypto/man/BN_zero.3 @@ -0,0 +1,101 @@ +.Dd $Mdocdate: February 23 2015 $ +.Dt BN_ZERO 3 +.Os +.Sh NAME +.Nm BN_zero , +.Nm BN_one , +.Nm BN_value_one , +.Nm BN_set_word , +.Nm BN_get_word +.Nd BIGNUM assignment operations +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_zero +.Fa "BIGNUM *a" +.Fc +.Ft int +.Fo BN_one +.Fa "BIGNUM *a" +.Fc +.Ft const BIGNUM * +.Fo BN_value_one +.Fa void +.Fc +.Ft int +.Fo BN_set_word +.Fa "BIGNUM *a" +.Fa "unsigned long w" +.Fc +.Ft unsigned long +.Fo BN_get_word +.Fa "BIGNUM *a" +.Fc +.Sh DESCRIPTION +.Fn BN_zero , +.Fn BN_one , +and +.Fn BN_set_word +set +.Fa a +to the values 0, 1 and +.Fa w +respectively. +.Fn BN_zero +and +.Fn BN_one +are macros. +.Pp +.Fn BN_value_one +returns a +.Vt BIGNUM +constant of value 1. +This constant is useful for use in comparisons and assignment. +.Pp +.Fn BN_get_word +returns +.Fa a +if it can be represented as an +.Vt unsigned long . +.Sh RETURN VALUES +.Fn BN_get_word +returns the value +.Fa a , +or 0xffffffffL if +.Fa a +cannot be represented as an +.Vt unsigned long . +.Pp +.Fn BN_zero , +.Fn BN_one , +and +.Fn BN_set_word +return 1 on success, 0 otherwise. +.Fn BN_value_one +returns the constant. +.Sh SEE ALSO +.Xr bn 3 , +.Xr BN_bn2bin 3 +.Sh HISTORY +.Fn BN_zero , +.Fn BN_one , +and +.Fn BN_set_word +are available in all versions of SSLeay and OpenSSL. +.Fn BN_value_one +and +.Fn BN_get_word +were added in SSLeay 0.8. +.Pp +.Fn BN_value_one +was changed to return a true +.Vt const BIGNUM * +in OpenSSL 0.9.7. +.Sh BUGS +Someone might change the constant. +.Pp +If a +.Vt BIGNUM +is equal to 0xffffffffL it can be represented as an +.Vt unsigned long +but this value is also returned on error. diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile index 2ac6e5b6f67..bce02f647f4 100644 --- a/lib/libcrypto/man/Makefile +++ b/lib/libcrypto/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.18 2015/02/16 16:42:14 schwarze Exp $ +# $OpenBSD: Makefile,v 1.19 2015/02/23 17:43:24 schwarze Exp $ .include <bsd.own.mk> # for NOMAN @@ -33,8 +33,6 @@ MAN= \ BIO_s_socket.3 \ BIO_set_callback.3 \ BIO_should_retry.3 \ - -GENMAN= \ BN_BLINDING_new.3 \ BN_CTX_new.3 \ BN_CTX_start.3 \ @@ -53,6 +51,8 @@ GENMAN= \ BN_set_bit.3 \ BN_swap.3 \ BN_zero.3 \ + +GENMAN= \ BUF_MEM_new.3 \ CONF_modules_free.3 \ CONF_modules_load_file.3 \ |