1 files changed, 713 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/bn_dump.3 b/src/lib/libcrypto/man/bn_dump.3
new file mode 100644
index 0000000000..2f1bda9bb5
--- /dev/null
+++ b/src/lib/libcrypto/man/bn_dump.3
@@ -0,0 +1,713 @@
+.Dd $Mdocdate: November 12 2015 $
+.Dt BN_DUMP 3
+.Os
+.Sh NAME
+.Nm bn_mul_words ,
+.Nm bn_mul_add_words ,
+.Nm bn_sqr_words ,
+.Nm bn_div_words ,
+.Nm bn_add_words ,
+.Nm bn_sub_words ,
+.Nm bn_mul_comba4 ,
+.Nm bn_mul_comba8 ,
+.Nm bn_sqr_comba4 ,
+.Nm bn_sqr_comba8 ,
+.Nm bn_cmp_words ,
+.Nm bn_mul_normal ,
+.Nm bn_mul_low_normal ,
+.Nm bn_mul_recursive ,
+.Nm bn_mul_part_recursive ,
+.Nm bn_mul_low_recursive ,
+.Nm bn_mul_high ,
+.Nm bn_sqr_normal ,
+.Nm bn_sqr_recursive ,
+.Nm bn_expand ,
+.Nm bn_wexpand ,
+.Nm bn_expand2 ,
+.Nm bn_fix_top ,
+.Nm bn_check_top ,
+.Nm bn_print ,
+.Nm bn_dump ,
+.Nm bn_set_max ,
+.Nm bn_set_high ,
+.Nm bn_set_low ,
+.Nm sqr
+.Nd BIGNUM library internal functions
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft BN_ULONG
+.Fo bn_mul_words
+.Fa "BN_ULONG *rp"
+.Fa "BN_ULONG *ap"
+.Fa "int num"
+.Fa "BN_ULONG w"
+.Fc
+.Ft BN_ULONG
+.Fo bn_mul_add_words
+.Fa "BN_ULONG *rp"
+.Fa "BN_ULONG *ap"
+.Fa "int num"
+.Fa "BN_ULONG w"
+.Fc
+.Ft void
+.Fo bn_sqr_words
+.Fa "BN_ULONG *rp"
+.Fa "BN_ULONG *ap"
+.Fa "int num"
+.Fc
+.Ft BN_ULONG
+.Fo bn_div_words
+.Fa "BN_ULONG h"
+.Fa "BN_ULONG l"
+.Fa "BN_ULONG d"
+.Fc
+.Ft BN_ULONG
+.Fo bn_add_words
+.Fa "BN_ULONG *rp"
+.Fa "BN_ULONG *ap"
+.Fa "BN_ULONG *bp"
+.Fa "int num"
+.Fc
+.Ft BN_ULONG
+.Fo bn_sub_words
+.Fa "BN_ULONG *rp"
+.Fa "BN_ULONG *ap"
+.Fa "BN_ULONG *bp"
+.Fa "int num"
+.Fc
+.Ft void
+.Fo bn_mul_comba4
+.Fa "BN_ULONG *r"
+.Fa "BN_ULONG *a"
+.Fa "BN_ULONG *b"
+.Fc
+.Ft void
+.Fo bn_mul_comba8
+.Fa "BN_ULONG *r"
+.Fa "BN_ULONG *a"
+.Fa "BN_ULONG *b"
+.Fc
+.Ft void
+.Fo bn_sqr_comba4
+.Fa "BN_ULONG *r"
+.Fa "BN_ULONG *a"
+.Fc
+.Ft void
+.Fo bn_sqr_comba8
+.Fa "BN_ULONG *r"
+.Fa "BN_ULONG *a"
+.Fc
+.Ft int
+.Fo bn_cmp_words
+.Fa "BN_ULONG *a"
+.Fa "BN_ULONG *b"
+.Fa "int n"
+.Fc
+.Ft void
+.Fo bn_mul_normal
+.Fa "BN_ULONG *r"
+.Fa "BN_ULONG *a"
+.Fa "int na"
+.Fa "BN_ULONG *b"
+.Fa "int nb"
+.Fc
+.Ft void
+.Fo bn_mul_low_normal
+.Fa "BN_ULONG *r"
+.Fa "BN_ULONG *a"
+.Fa "BN_ULONG *b"
+.Fa "int n"
+.Fc
+.Ft void
+.Fo bn_mul_recursive
+.Fa "BN_ULONG *r"
+.Fa "BN_ULONG *a"
+.Fa "BN_ULONG *b"
+.Fa "int n2"
+.Fa "int dna"
+.Fa "int dnb"
+.Fa "BN_ULONG *tmp"
+.Fc
+.Ft void
+.Fo bn_mul_part_recursive
+.Fa "BN_ULONG *r"
+.Fa "BN_ULONG *a"
+.Fa "BN_ULONG *b"
+.Fa "int n"
+.Fa "int tna"
+.Fa "int tnb"
+.Fa "BN_ULONG *tmp"
+.Fc
+.Ft void
+.Fo bn_mul_low_recursive
+.Fa "BN_ULONG *r"
+.Fa "BN_ULONG *a"
+.Fa "BN_ULONG *b"
+.Fa "int n2"
+.Fa "BN_ULONG *tmp"
+.Fc
+.Ft void
+.Fo bn_mul_high
+.Fa "BN_ULONG *r"
+.Fa "BN_ULONG *a"
+.Fa "BN_ULONG *b"
+.Fa "BN_ULONG *l"
+.Fa "int n2"
+.Fa "BN_ULONG *tmp"
+.Fc
+.Ft void
+.Fo bn_sqr_normal
+.Fa "BN_ULONG *r"
+.Fa "BN_ULONG *a"
+.Fa "int n"
+.Fa "BN_ULONG *tmp"
+.Fc
+.Ft void
+.Fo bn_sqr_recursive
+.Fa "BN_ULONG *r"
+.Fa "BN_ULONG *a"
+.Fa "int n2"
+.Fa "BN_ULONG *tmp"
+.Fc
+.Ft void
+.Fo mul
+.Fa "BN_ULONG r"
+.Fa "BN_ULONG a"
+.Fa "BN_ULONG w"
+.Fa "BN_ULONG c"
+.Fc
+.Ft void
+.Fo mul_add
+.Fa "BN_ULONG r"
+.Fa "BN_ULONG a"
+.Fa "BN_ULONG w"
+.Fa "BN_ULONG c"
+.Fc
+.Ft void
+.Fo sqr
+.Fa "BN_ULONG r0"
+.Fa "BN_ULONG r1"
+.Fa "BN_ULONG a"
+.Fc
+.Ft BIGNUM *
+.Fo bn_expand
+.Fa "BIGNUM *a"
+.Fa "int bits"
+.Fc
+.Ft BIGNUM *
+.Fo bn_wexpand
+.Fa "BIGNUM *a"
+.Fa "int n"
+.Fc
+.Ft BIGNUM *
+.Fo bn_expand2
+.Fa "BIGNUM *a"
+.Fa "int n"
+.Fc
+.Ft void
+.Fo bn_fix_top
+.Fa "BIGNUM *a"
+.Fc
+.Ft void
+.Fo bn_check_top
+.Fa "BIGNUM *a"
+.Fc
+.Ft void
+.Fo bn_print
+.Fa "BIGNUM *a"
+.Fc
+.Ft void
+.Fo bn_dump
+.Fa "BN_ULONG *d"
+.Fa "int n"
+.Fc
+.Ft void
+.Fo bn_set_max
+.Fa "BIGNUM *a"
+.Fc
+.Ft void
+.Fo bn_set_high
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "int n"
+.Fc
+.Ft void
+.Fo bn_set_low
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "int n"
+.Fc
+.Sh DESCRIPTION
+This page documents the internal functions used by the OpenSSL
+.Vt BIGNUM
+implementation.
+They are described here to facilitate debugging and extending the
+library.
+They are
+.Em not
+to be used by applications.
+.Ss The BIGNUM structure
+.Bd -literal
+typedef struct bignum_st BIGNUM;
+struct bignum_st {
+        BN_ULONG *d;    /* Pointer to an array of 'BN_BITS2' bit chunks. */
+        int top;        /* Index of last used d +1. */
+        /* The next are internal book keeping for bn_expand. */
+        int dmax;       /* Size of the d array. */
+        int neg;        /* one if the number is negative */
+        int flags;
+};
+.Ed
+.Pp
+The integer value is stored in
+.Fa d ,
+a
+.Xr malloc 3 Ap ed
+array of words
+.Pq Vt BN_ULONG ,
+least significant word first.
+A
+.Vt BN_ULONG
+can be either 16, 32 or 64 bits in size, depending on the 'number of
+bits'
+.Pq Dv BITS2
+specified in
+.In openssl/bn.h .
+.Pp
+.Fa dmax
+is the size of the
+.Fa d
+array that has been allocated.
+.Fa top
+is the number of words being used, so for a value of 4, bn.d[0]=4 and
+bn.top=1.
+.Fa neg
+is 1 if the number is negative.
+When a
+.Vt BIGNUM
+is 0, the
+.Fa d
+field can be
+.Dv NULL
+and
+.Fa top
+== 0.
+.Pp
+.Fa flags
+is a bit field of flags which are defined in
+.In openssl/bn.h .
+The flags begin with
+.Dv BN_FLG_ .
+The macros
+.Fn BN_set_flags b n
+and
+.Fn BN_get_flags b n
+exist to enable or fetch flag(s)
+.Fa n
+from a
+.Vt BIGNUM
+structure
+.Fa b .
+.Pp
+Various routines in this library require the use of temporary
+.Vt BIGNUM
+variables during their execution.
+Since dynamic memory allocation to create
+.Vt BIGNUM Ns s
+is rather expensive when used in conjunction with repeated subroutine
+calls, the
+.Vt BN_CTX
+structure is used.
+This structure contains BN_CTX_NUM
+.Vt BIGNUM Ns s,
+see
+.Xr BN_CTX_start 3 .
+.Ss Low-level arithmetic operations
+These functions are implemented in C and for several platforms in
+assembly language:
+.Pp
+.Fn bn_mul_words rp ap num w
+operates on the
+.Fa num
+word arrays
+.Fa rp
+and
+.Fa ap .
+It computes
+.Fa ap
+*
+.Fa w ,
+places the result in
+.Fa rp ,
+and returns the high word (carry).
+.Pp
+.Fn bn_mul_add_words rp ap num w
+operates on the
+.Fa num
+word arrays
+.Fa rp
+and
+.Fa ap .
+It computes
+.Fa ap
+*
+.Fa w
+
+.Fa rp ,
+places the result in
+.Fa rp ,
+and returns the high word (carry).
+.Pp
+.Fn bn_sqr_words rp ap num
+operates on the
+.Fa num
+word array
+.Fa ap
+and the
+.Pf 2* Fa num
+word array
+.Fa ap .
+It computes
+.Fa ap
+*
+.Fa ap
+word-wise, and places the low and high bytes of the result in
+.Fa rp .
+.Pp
+.Fn bn_div_words h l d
+divides the two word number
+.Pq Fa h , Fa l
+by
+.Fa d
+and returns the result.
+.Pp
+.Fn bn_add_words rp ap bp num
+operates on the
+.Fa num
+word arrays
+.Fa ap ,
+.Fa bp
+and
+.Fa rp .
+It computes
+.Fa ap
+
+.Fa bp ,
+places the result in
+.Fa rp ,
+and returns the high word (carry).
+.Pp
+.Fn bn_sub_words rp ap bp num
+operates on the
+.Fa num
+word arrays
+.Fa ap ,
+.Fa bp
+and
+.Fa rp .
+It computes
+.Fa ap
+-
+.Fa bp ,
+places the result in
+.Fa rp ,
+and returns the carry (1 if
+.Fa bp
+\(ra
+.Fa ap ,
+0 otherwise).
+.Pp
+.Fn bn_mul_comba4 r a b
+operates on the 4 word arrays
+.Fa a
+and
+.Fa b
+and the 8 word array
+.Fa r .
+It computes
+.Fa a Ns * Ns Fa b
+and places the result in
+.Fa r .
+.Pp
+.Fn bn_mul_comba8 r a b
+operates on the 8 word arrays
+.Fa a
+and
+.Fa b
+and the 16 word array
+.Fa r .
+It computes
+.Fa a Ns * Ns Fa b
+and places the result in
+.Fa r .
+.Pp
+.Fn bn_sqr_comba4 r a b
+operates on the 4 word arrays
+.Fa a
+and
+.Fa b
+and the 8 word array
+.Fa r .
+.Pp
+.Fn bn_sqr_comba8 r a b
+operates on the 8 word arrays
+.Fa a
+and
+.Fa b
+and the 16 word array
+.Fa r .
+.Pp
+The following functions are implemented in C:
+.Pp
+.Fn bn_cmp_words a b n
+operates on the
+.Fa n
+word arrays
+.Fa a
+and
+.Fa b .
+It returns 1, 0 and -1 if
+.Fa a
+is greater than, equal and less than
+.Fa b .
+.Pp
+.Fn bn_mul_normal r a na b nb
+operates on the
+.Fa na
+word array
+.Fa a ,
+the
+.Fa nb
+word array
+.Fa b
+and the
+.Fa na Ns + Ns Fa nb
+word array
+.Fa r .
+It computes
+.Fa a Ns * Ns Fa b
+and places the result in
+.Fa r .
+.Pp
+.Fn bn_mul_low_normal r a b n
+operates on the
+.Fa n
+word arrays
+.Fa r ,
+.Fa a
+and
+.Fa b .
+It computes the
+.Fa n
+low words of
+.Fa a Ns * Ns Fa b
+and places the result in
+.Fa r .
+.Pp
+.Fn bn_mul_recursive r a b n2 dna dnb t
+operates on the word arrays
+.Fa a
+and
+.Fa b
+of length
+.Fa n2 Ns + Ns Fa dna
+and
+.Fa n2 Ns + Ns Fa dnb
+.Pf ( Fa dna
+and
+.Fa dnb
+are currently allowed to be 0 or negative) and the
+.Pf 2* Fa n2
+word arrays
+.Fa r
+and
+.Sy t .
+.Fa n2
+must be a power of 2.
+It computes
+.Fa a Ns * Ns Fa b
+and places the result in
+.Fa r .
+.Pp
+.Fn bn_mul_part_recursive r a b n tna tnb tmp
+operates on the word arrays
+.Fa a
+and
+.Fa b
+of length
+.Fa n Ns + Ns Fa tna
+and
+.Fa n Ns + Ns Fa tnb
+and the
+.Pf 4* Fa n
+word arrays
+.Fa r
+and
+.Fa tmp .
+.Pp
+.Fn bn_mul_low_recursive r a b n2 tmp
+operates on the
+.Fa n2
+word arrays
+.Fa r
+and
+.Fa tmp
+and the
+.Fa n2 Ns /2
+word arrays
+.Fa a
+and
+.Fa b .
+.Pp
+.Fn bn_mul_high r a b l n2 tmp
+operates on the
+.Fa n2
+word arrays
+.Fa r ,
+.Fa a ,
+.Fa b
+and
+.Fa l
+(?) and the
+.Pf 3* Fa n2
+word array
+.Fa tmp .
+.Pp
+.Xr BN_mul 3
+calls
+.Fn bn_mul_normal ,
+or an optimized implementation if the factors have the same size:
+.Fn bn_mul_comba8
+is used if they are 8 words long,
+.Fn bn_mul_recursive
+if they are larger than
+.Dv BN_MULL_SIZE_NORMAL
+and the size is an exact multiple of the word size, and
+.Fn bn_mul_part_recursive
+for others that are larger than
+.Dv BN_MULL_SIZE_NORMAL .
+.Pp
+.Fn bn_sqr_normal r a n tmp
+operates on the
+.Fa n
+word array
+.Fa a
+and the
+.Pf 2* Fa n
+word arrays
+.Fa tmp
+and
+.Fa r .
+.Pp
+The implementations use the following macros which, depending on the
+architecture, may use
+.Vt long long
+C operations or inline assembler.
+They are defined in
+.Pa bn_lcl.h .
+.Pp
+.Fn mul r a w c
+computes
+.Fa w Ns * Ns Fa a Ns + Ns Fa c
+and places the low word of the result in
+.Fa r
+and the high word in
+.Fa c .
+.Pp
+.Fn mul_add r a w c
+computes
+.Fa w Ns * Ns Fa a Ns + Ns Fa r Ns + Ns Fa c
+and places the low word of the result in
+.Fa r
+and the high word in
+.Fa c .
+.Pp
+.Fn sqr r0 r1 a
+computes
+.Fa a Ns * Ns Fa a
+and places the low word of the result in
+.Fa r0
+and the high word in
+.Fa r1 .
+.Ss Size changes
+.Fn bn_expand
+ensures that
+.Fa b
+has enough space for a
+.Fa bits
+bit number.
+.Fn bn_wexpand
+ensures that
+.Fa b
+has enough space for an
+.Fa n
+word number.
+If the number has to be expanded, both macros call
+.Fn bn_expand2 ,
+which allocates a new
+.Fa d
+array and copies the data.
+They return
+.Dv NULL
+on error,
+.Fa b
+otherwise.
+.Pp
+The
+.Fn bn_fix_top
+macro reduces
+.Fa a Ns -> Ns Fa top
+to point to the most significant non-zero word plus one when
+.Fa a
+has shrunk.
+.Ss Debugging
+.Fn bn_check_top
+verifies that
+.Ql ((a)-\(ratop \(ra= 0 && (a)-\(ratop \(la= (a)-\(radmax) .
+A violation will cause the program to abort.
+.Pp
+.Fn bn_print
+prints
+.Fa a
+to
+.Dv stderr .
+.Fn bn_dump
+prints
+.Fa n
+words at
+.Fa d
+(in reverse order, i.e.
+most significant word first) to
+.Dv stderr .
+.Pp
+.Fn bn_set_max
+makes
+.Fa a
+a static number with a
+.Fa dmax
+of its current size.
+This is used by
+.Fn bn_set_low
+and
+.Fn bn_set_high
+to make
+.Fa r
+a read-only
+.Vt BIGNUM
+that contains the
+.Fa n
+low or high words of
+.Fa a .
+.Pp
+If
+.Dv BN_DEBUG
+is not defined,
+.Fn bn_check_top ,
+.Fn bn_print ,
+.Fn bn_dump
+and
+.Fn bn_set_max
+are defined as empty macros.
+.Sh SEE ALSO
+.Xr bn 3

diff --git a/src/lib/libcrypto/man/bn_dump.3 b/src/lib/libcrypto/man/bn_dump.3 new file mode 100644 index 0000000000..2f1bda9bb5 --- /dev/null +++ b/src/lib/libcrypto/man/bn_dump.3
@@ -0,0 +1,713 @@
	1	.Dd $Mdocdate: November 12 2015 $
	2	.Dt BN_DUMP 3
	3	.Os
	4	.Sh NAME
	5	.Nm bn_mul_words ,
	6	.Nm bn_mul_add_words ,
	7	.Nm bn_sqr_words ,
	8	.Nm bn_div_words ,
	9	.Nm bn_add_words ,
	10	.Nm bn_sub_words ,
	11	.Nm bn_mul_comba4 ,
	12	.Nm bn_mul_comba8 ,
	13	.Nm bn_sqr_comba4 ,
	14	.Nm bn_sqr_comba8 ,
	15	.Nm bn_cmp_words ,
	16	.Nm bn_mul_normal ,
	17	.Nm bn_mul_low_normal ,
	18	.Nm bn_mul_recursive ,
	19	.Nm bn_mul_part_recursive ,
	20	.Nm bn_mul_low_recursive ,
	21	.Nm bn_mul_high ,
	22	.Nm bn_sqr_normal ,
	23	.Nm bn_sqr_recursive ,
	24	.Nm bn_expand ,
	25	.Nm bn_wexpand ,
	26	.Nm bn_expand2 ,
	27	.Nm bn_fix_top ,
	28	.Nm bn_check_top ,
	29	.Nm bn_print ,
	30	.Nm bn_dump ,
	31	.Nm bn_set_max ,
	32	.Nm bn_set_high ,
	33	.Nm bn_set_low ,
	34	.Nm sqr
	35	.Nd BIGNUM library internal functions
	36	.Sh SYNOPSIS
	37	.In openssl/bn.h
	38	.Ft BN_ULONG
	39	.Fo bn_mul_words
	40	.Fa "BN_ULONG *rp"
	41	.Fa "BN_ULONG *ap"
	42	.Fa "int num"
	43	.Fa "BN_ULONG w"
	44	.Fc
	45	.Ft BN_ULONG
	46	.Fo bn_mul_add_words
	47	.Fa "BN_ULONG *rp"
	48	.Fa "BN_ULONG *ap"
	49	.Fa "int num"
	50	.Fa "BN_ULONG w"
	51	.Fc
	52	.Ft void
	53	.Fo bn_sqr_words
	54	.Fa "BN_ULONG *rp"
	55	.Fa "BN_ULONG *ap"
	56	.Fa "int num"
	57	.Fc
	58	.Ft BN_ULONG
	59	.Fo bn_div_words
	60	.Fa "BN_ULONG h"
	61	.Fa "BN_ULONG l"
	62	.Fa "BN_ULONG d"
	63	.Fc
	64	.Ft BN_ULONG
	65	.Fo bn_add_words
	66	.Fa "BN_ULONG *rp"
	67	.Fa "BN_ULONG *ap"
	68	.Fa "BN_ULONG *bp"
	69	.Fa "int num"
	70	.Fc
	71	.Ft BN_ULONG
	72	.Fo bn_sub_words
	73	.Fa "BN_ULONG *rp"
	74	.Fa "BN_ULONG *ap"
	75	.Fa "BN_ULONG *bp"
	76	.Fa "int num"
	77	.Fc
	78	.Ft void
	79	.Fo bn_mul_comba4
	80	.Fa "BN_ULONG *r"
	81	.Fa "BN_ULONG *a"
	82	.Fa "BN_ULONG *b"
	83	.Fc
	84	.Ft void
	85	.Fo bn_mul_comba8
	86	.Fa "BN_ULONG *r"
	87	.Fa "BN_ULONG *a"
	88	.Fa "BN_ULONG *b"
	89	.Fc
	90	.Ft void
	91	.Fo bn_sqr_comba4
	92	.Fa "BN_ULONG *r"
	93	.Fa "BN_ULONG *a"
	94	.Fc
	95	.Ft void
	96	.Fo bn_sqr_comba8
	97	.Fa "BN_ULONG *r"
	98	.Fa "BN_ULONG *a"
	99	.Fc
	100	.Ft int
	101	.Fo bn_cmp_words
	102	.Fa "BN_ULONG *a"
	103	.Fa "BN_ULONG *b"
	104	.Fa "int n"
	105	.Fc
	106	.Ft void
	107	.Fo bn_mul_normal
	108	.Fa "BN_ULONG *r"
	109	.Fa "BN_ULONG *a"
	110	.Fa "int na"
	111	.Fa "BN_ULONG *b"
	112	.Fa "int nb"
	113	.Fc
	114	.Ft void
	115	.Fo bn_mul_low_normal
	116	.Fa "BN_ULONG *r"
	117	.Fa "BN_ULONG *a"
	118	.Fa "BN_ULONG *b"
	119	.Fa "int n"
	120	.Fc
	121	.Ft void
	122	.Fo bn_mul_recursive
	123	.Fa "BN_ULONG *r"
	124	.Fa "BN_ULONG *a"
	125	.Fa "BN_ULONG *b"
	126	.Fa "int n2"
	127	.Fa "int dna"
	128	.Fa "int dnb"
	129	.Fa "BN_ULONG *tmp"
	130	.Fc
	131	.Ft void
	132	.Fo bn_mul_part_recursive
	133	.Fa "BN_ULONG *r"
	134	.Fa "BN_ULONG *a"
	135	.Fa "BN_ULONG *b"
	136	.Fa "int n"
	137	.Fa "int tna"
	138	.Fa "int tnb"
	139	.Fa "BN_ULONG *tmp"
	140	.Fc
	141	.Ft void
	142	.Fo bn_mul_low_recursive
	143	.Fa "BN_ULONG *r"
	144	.Fa "BN_ULONG *a"
	145	.Fa "BN_ULONG *b"
	146	.Fa "int n2"
	147	.Fa "BN_ULONG *tmp"
	148	.Fc
	149	.Ft void
	150	.Fo bn_mul_high
	151	.Fa "BN_ULONG *r"
	152	.Fa "BN_ULONG *a"
	153	.Fa "BN_ULONG *b"
	154	.Fa "BN_ULONG *l"
	155	.Fa "int n2"
	156	.Fa "BN_ULONG *tmp"
	157	.Fc
	158	.Ft void
	159	.Fo bn_sqr_normal
	160	.Fa "BN_ULONG *r"
	161	.Fa "BN_ULONG *a"
	162	.Fa "int n"
	163	.Fa "BN_ULONG *tmp"
	164	.Fc
	165	.Ft void
	166	.Fo bn_sqr_recursive
	167	.Fa "BN_ULONG *r"
	168	.Fa "BN_ULONG *a"
	169	.Fa "int n2"
	170	.Fa "BN_ULONG *tmp"
	171	.Fc
	172	.Ft void
	173	.Fo mul
	174	.Fa "BN_ULONG r"
	175	.Fa "BN_ULONG a"
	176	.Fa "BN_ULONG w"
	177	.Fa "BN_ULONG c"
	178	.Fc
	179	.Ft void
	180	.Fo mul_add
	181	.Fa "BN_ULONG r"
	182	.Fa "BN_ULONG a"
	183	.Fa "BN_ULONG w"
	184	.Fa "BN_ULONG c"
	185	.Fc
	186	.Ft void
	187	.Fo sqr
	188	.Fa "BN_ULONG r0"
	189	.Fa "BN_ULONG r1"
	190	.Fa "BN_ULONG a"
	191	.Fc
	192	.Ft BIGNUM *
	193	.Fo bn_expand
	194	.Fa "BIGNUM *a"
	195	.Fa "int bits"
	196	.Fc
	197	.Ft BIGNUM *
	198	.Fo bn_wexpand
	199	.Fa "BIGNUM *a"
	200	.Fa "int n"
	201	.Fc
	202	.Ft BIGNUM *
	203	.Fo bn_expand2
	204	.Fa "BIGNUM *a"
	205	.Fa "int n"
	206	.Fc
	207	.Ft void
	208	.Fo bn_fix_top
	209	.Fa "BIGNUM *a"
	210	.Fc
	211	.Ft void
	212	.Fo bn_check_top
	213	.Fa "BIGNUM *a"
	214	.Fc
	215	.Ft void
	216	.Fo bn_print
	217	.Fa "BIGNUM *a"
	218	.Fc
	219	.Ft void
	220	.Fo bn_dump
	221	.Fa "BN_ULONG *d"
	222	.Fa "int n"
	223	.Fc
	224	.Ft void
	225	.Fo bn_set_max
	226	.Fa "BIGNUM *a"
	227	.Fc
	228	.Ft void
	229	.Fo bn_set_high
	230	.Fa "BIGNUM *r"
	231	.Fa "BIGNUM *a"
	232	.Fa "int n"
	233	.Fc
	234	.Ft void
	235	.Fo bn_set_low
	236	.Fa "BIGNUM *r"
	237	.Fa "BIGNUM *a"
	238	.Fa "int n"
	239	.Fc
	240	.Sh DESCRIPTION
	241	This page documents the internal functions used by the OpenSSL
	242	.Vt BIGNUM
	243	implementation.
	244	They are described here to facilitate debugging and extending the
	245	library.
	246	They are
	247	.Em not
	248	to be used by applications.
	249	.Ss The BIGNUM structure
	250	.Bd -literal
	251	typedef struct bignum_st BIGNUM;
	252
	253	struct bignum_st {
	254	BN_ULONG d; / Pointer to an array of 'BN_BITS2' bit chunks. */
	255	int top; /* Index of last used d +1. */
	256	/* The next are internal book keeping for bn_expand. */
	257	int dmax; /* Size of the d array. */
	258	int neg; /* one if the number is negative */
	259	int flags;
	260	};
	261	.Ed
	262	.Pp
	263	The integer value is stored in
	264	.Fa d ,
	265	a
	266	.Xr malloc 3 Ap ed
	267	array of words
	268	.Pq Vt BN_ULONG ,
	269	least significant word first.
	270	A
	271	.Vt BN_ULONG
	272	can be either 16, 32 or 64 bits in size, depending on the 'number of
	273	bits'
	274	.Pq Dv BITS2
	275	specified in
	276	.In openssl/bn.h .
	277	.Pp
	278	.Fa dmax
	279	is the size of the
	280	.Fa d
	281	array that has been allocated.
	282	.Fa top
	283	is the number of words being used, so for a value of 4, bn.d[0]=4 and
	284	bn.top=1.
	285	.Fa neg
	286	is 1 if the number is negative.
	287	When a
	288	.Vt BIGNUM
	289	is 0, the
	290	.Fa d
	291	field can be
	292	.Dv NULL
	293	and
	294	.Fa top
	295	== 0.
	296	.Pp
	297	.Fa flags
	298	is a bit field of flags which are defined in
	299	.In openssl/bn.h .
	300	The flags begin with
	301	.Dv BN_FLG_ .
	302	The macros
	303	.Fn BN_set_flags b n
	304	and
	305	.Fn BN_get_flags b n
	306	exist to enable or fetch flag(s)
	307	.Fa n
	308	from a
	309	.Vt BIGNUM
	310	structure
	311	.Fa b .
	312	.Pp
	313	Various routines in this library require the use of temporary
	314	.Vt BIGNUM
	315	variables during their execution.
	316	Since dynamic memory allocation to create
	317	.Vt BIGNUM Ns s
	318	is rather expensive when used in conjunction with repeated subroutine
	319	calls, the
	320	.Vt BN_CTX
	321	structure is used.
	322	This structure contains BN_CTX_NUM
	323	.Vt BIGNUM Ns s,
	324	see
	325	.Xr BN_CTX_start 3 .
	326	.Ss Low-level arithmetic operations
	327	These functions are implemented in C and for several platforms in
	328	assembly language:
	329	.Pp
	330	.Fn bn_mul_words rp ap num w
	331	operates on the
	332	.Fa num
	333	word arrays
	334	.Fa rp
	335	and
	336	.Fa ap .
	337	It computes
	338	.Fa ap
	339	*
	340	.Fa w ,
	341	places the result in
	342	.Fa rp ,
	343	and returns the high word (carry).
	344	.Pp
	345	.Fn bn_mul_add_words rp ap num w
	346	operates on the
	347	.Fa num
	348	word arrays
	349	.Fa rp
	350	and
	351	.Fa ap .
	352	It computes
	353	.Fa ap
	354	*
	355	.Fa w
	356	+
	357	.Fa rp ,
	358	places the result in
	359	.Fa rp ,
	360	and returns the high word (carry).
	361	.Pp
	362	.Fn bn_sqr_words rp ap num
	363	operates on the
	364	.Fa num
	365	word array
	366	.Fa ap
	367	and the
	368	.Pf 2* Fa num
	369	word array
	370	.Fa ap .
	371	It computes
	372	.Fa ap
	373	*
	374	.Fa ap
	375	word-wise, and places the low and high bytes of the result in
	376	.Fa rp .
	377	.Pp
	378	.Fn bn_div_words h l d
	379	divides the two word number
	380	.Pq Fa h , Fa l
	381	by
	382	.Fa d
	383	and returns the result.
	384	.Pp
	385	.Fn bn_add_words rp ap bp num
	386	operates on the
	387	.Fa num
	388	word arrays
	389	.Fa ap ,
	390	.Fa bp
	391	and
	392	.Fa rp .
	393	It computes
	394	.Fa ap
	395	+
	396	.Fa bp ,
	397	places the result in
	398	.Fa rp ,
	399	and returns the high word (carry).
	400	.Pp
	401	.Fn bn_sub_words rp ap bp num
	402	operates on the
	403	.Fa num
	404	word arrays
	405	.Fa ap ,
	406	.Fa bp
	407	and
	408	.Fa rp .
	409	It computes
	410	.Fa ap
	411	-
	412	.Fa bp ,
	413	places the result in
	414	.Fa rp ,
	415	and returns the carry (1 if
	416	.Fa bp
	417	\(ra
	418	.Fa ap ,
	419	0 otherwise).
	420	.Pp
	421	.Fn bn_mul_comba4 r a b
	422	operates on the 4 word arrays
	423	.Fa a
	424	and
	425	.Fa b
	426	and the 8 word array
	427	.Fa r .
	428	It computes
	429	.Fa a Ns * Ns Fa b
	430	and places the result in
	431	.Fa r .
	432	.Pp
	433	.Fn bn_mul_comba8 r a b
	434	operates on the 8 word arrays
	435	.Fa a
	436	and
	437	.Fa b
	438	and the 16 word array
	439	.Fa r .
	440	It computes
	441	.Fa a Ns * Ns Fa b
	442	and places the result in
	443	.Fa r .
	444	.Pp
	445	.Fn bn_sqr_comba4 r a b
	446	operates on the 4 word arrays
	447	.Fa a
	448	and
	449	.Fa b
	450	and the 8 word array
	451	.Fa r .
	452	.Pp
	453	.Fn bn_sqr_comba8 r a b
	454	operates on the 8 word arrays
	455	.Fa a
	456	and
	457	.Fa b
	458	and the 16 word array
	459	.Fa r .
	460	.Pp
	461	The following functions are implemented in C:
	462	.Pp
	463	.Fn bn_cmp_words a b n
	464	operates on the
	465	.Fa n
	466	word arrays
	467	.Fa a
	468	and
	469	.Fa b .
	470	It returns 1, 0 and -1 if
	471	.Fa a
	472	is greater than, equal and less than
	473	.Fa b .
	474	.Pp
	475	.Fn bn_mul_normal r a na b nb
	476	operates on the
	477	.Fa na
	478	word array
	479	.Fa a ,
	480	the
	481	.Fa nb
	482	word array
	483	.Fa b
	484	and the
	485	.Fa na Ns + Ns Fa nb
	486	word array
	487	.Fa r .
	488	It computes
	489	.Fa a Ns * Ns Fa b
	490	and places the result in
	491	.Fa r .
	492	.Pp
	493	.Fn bn_mul_low_normal r a b n
	494	operates on the
	495	.Fa n
	496	word arrays
	497	.Fa r ,
	498	.Fa a
	499	and
	500	.Fa b .
	501	It computes the
	502	.Fa n
	503	low words of
	504	.Fa a Ns * Ns Fa b
	505	and places the result in
	506	.Fa r .
	507	.Pp
	508	.Fn bn_mul_recursive r a b n2 dna dnb t
	509	operates on the word arrays
	510	.Fa a
	511	and
	512	.Fa b
	513	of length
	514	.Fa n2 Ns + Ns Fa dna
	515	and
	516	.Fa n2 Ns + Ns Fa dnb
	517	.Pf ( Fa dna
	518	and
	519	.Fa dnb
	520	are currently allowed to be 0 or negative) and the
	521	.Pf 2* Fa n2
	522	word arrays
	523	.Fa r
	524	and
	525	.Sy t .
	526	.Fa n2
	527	must be a power of 2.
	528	It computes
	529	.Fa a Ns * Ns Fa b
	530	and places the result in
	531	.Fa r .
	532	.Pp
	533	.Fn bn_mul_part_recursive r a b n tna tnb tmp
	534	operates on the word arrays
	535	.Fa a
	536	and
	537	.Fa b
	538	of length
	539	.Fa n Ns + Ns Fa tna
	540	and
	541	.Fa n Ns + Ns Fa tnb
	542	and the
	543	.Pf 4* Fa n
	544	word arrays
	545	.Fa r
	546	and
	547	.Fa tmp .
	548	.Pp
	549	.Fn bn_mul_low_recursive r a b n2 tmp
	550	operates on the
	551	.Fa n2
	552	word arrays
	553	.Fa r
	554	and
	555	.Fa tmp
	556	and the
	557	.Fa n2 Ns /2
	558	word arrays
	559	.Fa a
	560	and
	561	.Fa b .
	562	.Pp
	563	.Fn bn_mul_high r a b l n2 tmp
	564	operates on the
	565	.Fa n2
	566	word arrays
	567	.Fa r ,
	568	.Fa a ,
	569	.Fa b
	570	and
	571	.Fa l
	572	(?) and the
	573	.Pf 3* Fa n2
	574	word array
	575	.Fa tmp .
	576	.Pp
	577	.Xr BN_mul 3
	578	calls
	579	.Fn bn_mul_normal ,
	580	or an optimized implementation if the factors have the same size:
	581	.Fn bn_mul_comba8
	582	is used if they are 8 words long,
	583	.Fn bn_mul_recursive
	584	if they are larger than
	585	.Dv BN_MULL_SIZE_NORMAL
	586	and the size is an exact multiple of the word size, and
	587	.Fn bn_mul_part_recursive
	588	for others that are larger than
	589	.Dv BN_MULL_SIZE_NORMAL .
	590	.Pp
	591	.Fn bn_sqr_normal r a n tmp
	592	operates on the
	593	.Fa n
	594	word array
	595	.Fa a
	596	and the
	597	.Pf 2* Fa n
	598	word arrays
	599	.Fa tmp
	600	and
	601	.Fa r .
	602	.Pp
	603	The implementations use the following macros which, depending on the
	604	architecture, may use
	605	.Vt long long
	606	C operations or inline assembler.
	607	They are defined in
	608	.Pa bn_lcl.h .
	609	.Pp
	610	.Fn mul r a w c
	611	computes
	612	.Fa w Ns * Ns Fa a Ns + Ns Fa c
	613	and places the low word of the result in
	614	.Fa r
	615	and the high word in
	616	.Fa c .
	617	.Pp
	618	.Fn mul_add r a w c
	619	computes
	620	.Fa w Ns * Ns Fa a Ns + Ns Fa r Ns + Ns Fa c
	621	and places the low word of the result in
	622	.Fa r
	623	and the high word in
	624	.Fa c .
	625	.Pp
	626	.Fn sqr r0 r1 a
	627	computes
	628	.Fa a Ns * Ns Fa a
	629	and places the low word of the result in
	630	.Fa r0
	631	and the high word in
	632	.Fa r1 .
	633	.Ss Size changes
	634	.Fn bn_expand
	635	ensures that
	636	.Fa b
	637	has enough space for a
	638	.Fa bits
	639	bit number.
	640	.Fn bn_wexpand
	641	ensures that
	642	.Fa b
	643	has enough space for an
	644	.Fa n
	645	word number.
	646	If the number has to be expanded, both macros call
	647	.Fn bn_expand2 ,
	648	which allocates a new
	649	.Fa d
	650	array and copies the data.
	651	They return
	652	.Dv NULL
	653	on error,
	654	.Fa b
	655	otherwise.
	656	.Pp
	657	The
	658	.Fn bn_fix_top
	659	macro reduces
	660	.Fa a Ns -> Ns Fa top
	661	to point to the most significant non-zero word plus one when
	662	.Fa a
	663	has shrunk.
	664	.Ss Debugging
	665	.Fn bn_check_top
	666	verifies that
	667	.Ql ((a)-\(ratop \(ra= 0 && (a)-\(ratop \(la= (a)-\(radmax) .
	668	A violation will cause the program to abort.
	669	.Pp
	670	.Fn bn_print
	671	prints
	672	.Fa a
	673	to
	674	.Dv stderr .
	675	.Fn bn_dump
	676	prints
	677	.Fa n
	678	words at
	679	.Fa d
	680	(in reverse order, i.e.
	681	most significant word first) to
	682	.Dv stderr .
	683	.Pp
	684	.Fn bn_set_max
	685	makes
	686	.Fa a
	687	a static number with a
	688	.Fa dmax
	689	of its current size.
	690	This is used by
	691	.Fn bn_set_low
	692	and
	693	.Fn bn_set_high
	694	to make
	695	.Fa r
	696	a read-only
	697	.Vt BIGNUM
	698	that contains the
	699	.Fa n
	700	low or high words of
	701	.Fa a .
	702	.Pp
	703	If
	704	.Dv BN_DEBUG
	705	is not defined,
	706	.Fn bn_check_top ,
	707	.Fn bn_print ,
	708	.Fn bn_dump
	709	and
	710	.Fn bn_set_max
	711	are defined as empty macros.
	712	.Sh SEE ALSO
	713	.Xr bn 3