3 Purpose: Arbitrary precision integer arithmetic routines.
4 Author: M. J. Fromberger <http://www.dartmouth.edu/~sting/>
5 Info: $Id: imath.c,v 1.6 2007/01/08 10:17:31 lha Exp $
7 Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved.
9 Permission is hereby granted, free of charge, to any person
10 obtaining a copy of this software and associated documentation files
11 (the "Software"), to deal in the Software without restriction,
12 including without limitation the rights to use, copy, modify, merge,
13 publish, distribute, sublicense, and/or sell copies of the Software,
14 and to permit persons to whom the Software is furnished to do so,
15 subject to the following conditions:
17 The above copyright notice and this permission notice shall be
18 included in all copies or substantial portions of the Software.
20 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
24 BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
25 ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
26 CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
45 const mp_result MP_OK = 0; /* no error, all is well */
46 const mp_result MP_FALSE = 0; /* boolean false */
47 const mp_result MP_TRUE = -1; /* boolean true */
48 const mp_result MP_MEMORY = -2; /* out of memory */
49 const mp_result MP_RANGE = -3; /* argument out of range */
50 const mp_result MP_UNDEF = -4; /* result undefined */
51 const mp_result MP_TRUNC = -5; /* output truncated */
52 const mp_result MP_BADARG = -6; /* invalid null argument */
54 const mp_sign MP_NEG = 1; /* value is strictly negative */
55 const mp_sign MP_ZPOS = 0; /* value is non-negative */
57 static const char *s_unknown_err = "unknown result code";
58 static const char *s_error_msg[] = {
62 "argument out of range",
65 "invalid null argument",
71 /* Argument checking macros
72 Use CHECK() where a return value is required; NRCHECK() elsewhere */
73 #define CHECK(TEST) assert(TEST)
74 #define NRCHECK(TEST) assert(TEST)
76 /* {{{ Logarithm table for computing output sizes */
78 /* The ith entry of this table gives the value of log_i(2).
80 An integer value n requires ceil(log_i(n)) digits to be represented
81 in base i. Since it is easy to compute lg(n), by counting bits, we
82 can compute log_i(n) = lg(n) * log_i(2).
84 The use of this table eliminates a dependency upon linkage against
85 the standard math libraries.
87 static const double s_log2[] = {
88 0.000000000, 0.000000000, 1.000000000, 0.630929754, /* 0 1 2 3 */
89 0.500000000, 0.430676558, 0.386852807, 0.356207187, /* 4 5 6 7 */
90 0.333333333, 0.315464877, 0.301029996, 0.289064826, /* 8 9 10 11 */
91 0.278942946, 0.270238154, 0.262649535, 0.255958025, /* 12 13 14 15 */
92 0.250000000, 0.244650542, 0.239812467, 0.235408913, /* 16 17 18 19 */
93 0.231378213, 0.227670249, 0.224243824, 0.221064729, /* 20 21 22 23 */
94 0.218104292, 0.215338279, 0.212746054, 0.210309918, /* 24 25 26 27 */
95 0.208014598, 0.205846832, 0.203795047, 0.201849087, /* 28 29 30 31 */
96 0.200000000, 0.198239863, 0.196561632, 0.194959022, /* 32 33 34 35 */
97 0.193426404, 0.191958720, 0.190551412, 0.189200360, /* 36 37 38 39 */
98 0.187901825, 0.186652411, 0.185449023, 0.184288833, /* 40 41 42 43 */
99 0.183169251, 0.182087900, 0.181042597, 0.180031327, /* 44 45 46 47 */
100 0.179052232, 0.178103594, 0.177183820, 0.176291434, /* 48 49 50 51 */
101 0.175425064, 0.174583430, 0.173765343, 0.172969690, /* 52 53 54 55 */
102 0.172195434, 0.171441601, 0.170707280, 0.169991616, /* 56 57 58 59 */
103 0.169293808, 0.168613099, 0.167948779, 0.167300179, /* 60 61 62 63 */
108 /* {{{ Various macros */
110 /* Return the number of digits needed to represent a static value */
111 #define MP_VALUE_DIGITS(V) \
112 ((sizeof(V)+(sizeof(mp_digit)-1))/sizeof(mp_digit))
114 /* Round precision P to nearest word boundary */
115 #define ROUND_PREC(P) ((mp_size)(2*(((P)+1)/2)))
117 /* Set array P of S digits to zero */
119 do{mp_size i__=(S)*sizeof(mp_digit);mp_digit *p__=(P);memset(p__,0,i__);}while(0)
121 /* Copy S digits from array P to array Q */
122 #define COPY(P, Q, S) \
123 do{mp_size i__=(S)*sizeof(mp_digit);mp_digit *p__=(P),*q__=(Q);\
124 memcpy(q__,p__,i__);}while(0)
126 /* Reverse N elements of type T in array A */
127 #define REV(T, A, N) \
128 do{T *u_=(A),*v_=u_+(N)-1;while(u_<v_){T xch=*u_;*u_++=*v_;*v_--=xch;}}while(0)
131 #define CLAMP(Z) s_clamp(Z)
134 do{mp_int z_=(Z);mp_size uz_=MP_USED(z_);mp_digit *dz_=MP_DIGITS(z_)+uz_-1;\
135 while(uz_ > 1 && (*dz_-- == 0)) --uz_;MP_USED(z_)=uz_;}while(0)
138 #define MIN(A, B) ((B)<(A)?(B):(A))
139 #define MAX(A, B) ((B)>(A)?(B):(A))
140 #define SWAP(T, A, B) do{T t_=(A);A=(B);B=t_;}while(0)
142 #define TEMP(K) (temp + (K))
143 #define SETUP(E, C) \
144 do{if((res = (E)) != MP_OK) goto CLEANUP; ++(C);}while(0)
147 (((Z)->used==1&&(Z)->digits[0]==0)?0:((Z)->sign==MP_NEG)?-1:1)
149 #define UMUL(X, Y, Z) \
150 do{mp_size ua_=MP_USED(X),ub_=MP_USED(Y);mp_size o_=ua_+ub_;\
151 ZERO(MP_DIGITS(Z),o_);\
152 (void) s_kmul(MP_DIGITS(X),MP_DIGITS(Y),MP_DIGITS(Z),ua_,ub_);\
153 MP_USED(Z)=o_;CLAMP(Z);}while(0)
156 do{mp_size ua_=MP_USED(X),o_=ua_+ua_;ZERO(MP_DIGITS(Z),o_);\
157 (void) s_ksqr(MP_DIGITS(X),MP_DIGITS(Z),ua_);MP_USED(Z)=o_;CLAMP(Z);}while(0)
159 #define UPPER_HALF(W) ((mp_word)((W) >> MP_DIGIT_BIT))
160 #define LOWER_HALF(W) ((mp_digit)(W))
161 #define HIGH_BIT_SET(W) ((W) >> (MP_WORD_BIT - 1))
162 #define ADD_WILL_OVERFLOW(W, V) ((MP_WORD_MAX - (V)) < (W))
165 /* {{{ Default configuration settings */
167 /* Default number of digits allocated to a new mp_int */
169 mp_size default_precision = MP_DEFAULT_PREC;
171 static const mp_size default_precision = MP_DEFAULT_PREC;
174 /* Minimum number of digits to invoke recursive multiply */
176 mp_size multiply_threshold = MP_MULT_THRESH;
178 static const mp_size multiply_threshold = MP_MULT_THRESH;
183 /* Allocate a buffer of (at least) num digits, or return
184 NULL if that couldn't be done. */
185 static mp_digit *s_alloc(mp_size num);
187 static void s_free(void *ptr);
189 #define s_free(P) free(P)
192 /* Insure that z has at least min digits allocated, resizing if
193 necessary. Returns true if successful, false if out of memory. */
194 int s_pad(mp_int z, mp_size min);
196 /* Normalize by removing leading zeroes (except when z = 0) */
198 static void s_clamp(mp_int z);
201 /* Fill in a "fake" mp_int on the stack with a given value */
202 static void s_fake(mp_int z, int value, mp_digit vbuf[]);
204 /* Compare two runs of digits of given length, returns <0, 0, >0 */
205 static int s_cdig(mp_digit *da, mp_digit *db, mp_size len);
207 /* Pack the unsigned digits of v into array t */
208 static int s_vpack(int v, mp_digit t[]);
210 /* Compare magnitudes of a and b, returns <0, 0, >0 */
211 static int s_ucmp(mp_int a, mp_int b);
213 /* Compare magnitudes of a and v, returns <0, 0, >0 */
214 static int s_vcmp(mp_int a, int v);
216 /* Unsigned magnitude addition; assumes dc is big enough.
217 Carry out is returned (no memory allocated). */
218 static mp_digit s_uadd(mp_digit *da, mp_digit *db, mp_digit *dc,
219 mp_size size_a, mp_size size_b);
221 /* Unsigned magnitude subtraction. Assumes dc is big enough. */
222 static void s_usub(mp_digit *da, mp_digit *db, mp_digit *dc,
223 mp_size size_a, mp_size size_b);
225 /* Unsigned recursive multiplication. Assumes dc is big enough. */
226 static int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc,
227 mp_size size_a, mp_size size_b);
229 /* Unsigned magnitude multiplication. Assumes dc is big enough. */
230 static void s_umul(mp_digit *da, mp_digit *db, mp_digit *dc,
231 mp_size size_a, mp_size size_b);
233 /* Unsigned recursive squaring. Assumes dc is big enough. */
234 static int s_ksqr(mp_digit *da, mp_digit *dc, mp_size size_a);
236 /* Unsigned magnitude squaring. Assumes dc is big enough. */
237 static void s_usqr(mp_digit *da, mp_digit *dc, mp_size size_a);
239 /* Single digit addition. Assumes a is big enough. */
240 static void s_dadd(mp_int a, mp_digit b);
242 /* Single digit multiplication. Assumes a is big enough. */
243 static void s_dmul(mp_int a, mp_digit b);
245 /* Single digit multiplication on buffers; assumes dc is big enough. */
246 static void s_dbmul(mp_digit *da, mp_digit b, mp_digit *dc,
249 /* Single digit division. Replaces a with the quotient,
250 returns the remainder. */
251 static mp_digit s_ddiv(mp_int a, mp_digit b);
253 /* Quick division by a power of 2, replaces z (no allocation) */
254 static void s_qdiv(mp_int z, mp_size p2);
256 /* Quick remainder by a power of 2, replaces z (no allocation) */
257 static void s_qmod(mp_int z, mp_size p2);
259 /* Quick multiplication by a power of 2, replaces z.
260 Allocates if necessary; returns false in case this fails. */
261 static int s_qmul(mp_int z, mp_size p2);
263 /* Quick subtraction from a power of 2, replaces z.
264 Allocates if necessary; returns false in case this fails. */
265 static int s_qsub(mp_int z, mp_size p2);
267 /* Return maximum k such that 2^k divides z. */
268 static int s_dp2k(mp_int z);
270 /* Return k >= 0 such that z = 2^k, or -1 if there is no such k. */
271 static int s_isp2(mp_int z);
273 /* Set z to 2^k. May allocate; returns false in case this fails. */
274 static int s_2expt(mp_int z, int k);
276 /* Normalize a and b for division, returns normalization constant */
277 static int s_norm(mp_int a, mp_int b);
279 /* Compute constant mu for Barrett reduction, given modulus m, result
280 replaces z, m is untouched. */
281 static mp_result s_brmu(mp_int z, mp_int m);
283 /* Reduce a modulo m, using Barrett's algorithm. */
284 static int s_reduce(mp_int x, mp_int m, mp_int mu, mp_int q1, mp_int q2);
286 /* Modular exponentiation, using Barrett reduction */
287 mp_result s_embar(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c);
289 /* Unsigned magnitude division. Assumes |a| > |b|. Allocates
290 temporaries; overwrites a with quotient, b with remainder. */
291 static mp_result s_udiv(mp_int a, mp_int b);
293 /* Compute the number of digits in radix r required to represent the
294 given value. Does not account for sign flags, terminators, etc. */
295 static int s_outlen(mp_int z, mp_size r);
297 /* Guess how many digits of precision will be needed to represent a
298 radix r value of the specified number of digits. Returns a value
299 guaranteed to be no smaller than the actual number required. */
300 static mp_size s_inlen(int len, mp_size r);
302 /* Convert a character to a digit value in radix r, or
303 -1 if out of range */
304 static int s_ch2val(char c, int r);
306 /* Convert a digit value to a character */
307 static char s_val2ch(int v, int caps);
309 /* Take 2's complement of a buffer in place */
310 static void s_2comp(unsigned char *buf, int len);
312 /* Convert a value to binary, ignoring sign. On input, *limpos is the
313 bound on how many bytes should be written to buf; on output, *limpos
314 is set to the number of bytes actually written. */
315 static mp_result s_tobin(mp_int z, unsigned char *buf, int *limpos, int pad);
318 /* Dump a representation of the mp_int to standard output */
319 void s_print(char *tag, mp_int z);
320 void s_print_buf(char *tag, mp_digit *buf, mp_size num);
323 /* {{{ mp_int_init(z) */
325 mp_result mp_int_init(mp_int z)
331 z->digits = &(z->single);
341 /* {{{ mp_int_alloc() */
343 mp_int mp_int_alloc(void)
345 mp_int out = malloc(sizeof(mpz_t));
355 /* {{{ mp_int_init_size(z, prec) */
357 mp_result mp_int_init_size(mp_int z, mp_size prec)
362 prec = default_precision;
364 return mp_int_init(z);
366 prec = (mp_size) ROUND_PREC(prec);
368 if((MP_DIGITS(z) = s_alloc(prec)) == NULL)
374 MP_SIGN(z) = MP_ZPOS;
381 /* {{{ mp_int_init_copy(z, old) */
383 mp_result mp_int_init_copy(mp_int z, mp_int old)
388 CHECK(z != NULL && old != NULL);
395 mp_size target = MAX(uold, default_precision);
397 if((res = mp_int_init_size(z, target)) != MP_OK)
402 MP_SIGN(z) = MP_SIGN(old);
403 COPY(MP_DIGITS(old), MP_DIGITS(z), uold);
410 /* {{{ mp_int_init_value(z, value) */
412 mp_result mp_int_init_value(mp_int z, int value)
415 mp_digit vbuf[MP_VALUE_DIGITS(value)];
417 s_fake(&vtmp, value, vbuf);
418 return mp_int_init_copy(z, &vtmp);
423 /* {{{ mp_int_set_value(z, value) */
425 mp_result mp_int_set_value(mp_int z, int value)
428 mp_digit vbuf[MP_VALUE_DIGITS(value)];
430 s_fake(&vtmp, value, vbuf);
431 return mp_int_copy(&vtmp, z);
436 /* {{{ mp_int_clear(z) */
438 void mp_int_clear(mp_int z)
443 if(MP_DIGITS(z) != NULL) {
444 if((void *) MP_DIGITS(z) != (void *) z)
445 s_free(MP_DIGITS(z));
453 /* {{{ mp_int_free(z) */
455 void mp_int_free(mp_int z)
465 /* {{{ mp_int_copy(a, c) */
467 mp_result mp_int_copy(mp_int a, mp_int c)
469 CHECK(a != NULL && c != NULL);
472 mp_size ua = MP_USED(a);
478 da = MP_DIGITS(a); dc = MP_DIGITS(c);
482 MP_SIGN(c) = MP_SIGN(a);
490 /* {{{ mp_int_swap(a, c) */
492 void mp_int_swap(mp_int a, mp_int c)
504 /* {{{ mp_int_zero(z) */
506 void mp_int_zero(mp_int z)
512 MP_SIGN(z) = MP_ZPOS;
517 /* {{{ mp_int_abs(a, c) */
519 mp_result mp_int_abs(mp_int a, mp_int c)
523 CHECK(a != NULL && c != NULL);
525 if((res = mp_int_copy(a, c)) != MP_OK)
528 MP_SIGN(c) = MP_ZPOS;
534 /* {{{ mp_int_neg(a, c) */
536 mp_result mp_int_neg(mp_int a, mp_int c)
540 CHECK(a != NULL && c != NULL);
542 if((res = mp_int_copy(a, c)) != MP_OK)
546 MP_SIGN(c) = 1 - MP_SIGN(a);
553 /* {{{ mp_int_add(a, b, c) */
555 mp_result mp_int_add(mp_int a, mp_int b, mp_int c)
557 mp_size ua, ub, uc, max;
559 CHECK(a != NULL && b != NULL && c != NULL);
561 ua = MP_USED(a); ub = MP_USED(b); uc = MP_USED(c);
564 if(MP_SIGN(a) == MP_SIGN(b)) {
565 /* Same sign -- add magnitudes, preserve sign of addends */
571 carry = s_uadd(MP_DIGITS(a), MP_DIGITS(b), MP_DIGITS(c), ua, ub);
575 if(!s_pad(c, max + 1))
578 c->digits[max] = carry;
583 MP_SIGN(c) = MP_SIGN(a);
587 /* Different signs -- subtract magnitudes, preserve sign of greater */
589 int cmp = s_ucmp(a, b); /* magnitude comparision, sign ignored */
591 /* Set x to max(a, b), y to min(a, b) to simplify later code */
599 if(!s_pad(c, MP_USED(x)))
602 /* Subtract smaller from larger */
603 s_usub(MP_DIGITS(x), MP_DIGITS(y), MP_DIGITS(c), MP_USED(x), MP_USED(y));
604 MP_USED(c) = MP_USED(x);
607 /* Give result the sign of the larger */
608 MP_SIGN(c) = MP_SIGN(x);
616 /* {{{ mp_int_add_value(a, value, c) */
618 mp_result mp_int_add_value(mp_int a, int value, mp_int c)
621 mp_digit vbuf[MP_VALUE_DIGITS(value)];
623 s_fake(&vtmp, value, vbuf);
625 return mp_int_add(a, &vtmp, c);
630 /* {{{ mp_int_sub(a, b, c) */
632 mp_result mp_int_sub(mp_int a, mp_int b, mp_int c)
634 mp_size ua, ub, uc, max;
636 CHECK(a != NULL && b != NULL && c != NULL);
638 ua = MP_USED(a); ub = MP_USED(b); uc = MP_USED(c);
641 if(MP_SIGN(a) != MP_SIGN(b)) {
642 /* Different signs -- add magnitudes and keep sign of a */
648 carry = s_uadd(MP_DIGITS(a), MP_DIGITS(b), MP_DIGITS(c), ua, ub);
652 if(!s_pad(c, max + 1))
655 c->digits[max] = carry;
660 MP_SIGN(c) = MP_SIGN(a);
664 /* Same signs -- subtract magnitudes */
667 int cmp = s_ucmp(a, b);
673 x = a; y = b; osign = MP_ZPOS;
676 x = b; y = a; osign = MP_NEG;
679 if(MP_SIGN(a) == MP_NEG && cmp != 0)
682 s_usub(MP_DIGITS(x), MP_DIGITS(y), MP_DIGITS(c), MP_USED(x), MP_USED(y));
683 MP_USED(c) = MP_USED(x);
694 /* {{{ mp_int_sub_value(a, value, c) */
696 mp_result mp_int_sub_value(mp_int a, int value, mp_int c)
699 mp_digit vbuf[MP_VALUE_DIGITS(value)];
701 s_fake(&vtmp, value, vbuf);
703 return mp_int_sub(a, &vtmp, c);
708 /* {{{ mp_int_mul(a, b, c) */
710 mp_result mp_int_mul(mp_int a, mp_int b, mp_int c)
713 mp_size osize, ua, ub, p = 0;
716 CHECK(a != NULL && b != NULL && c != NULL);
718 /* If either input is zero, we can shortcut multiplication */
719 if(mp_int_compare_zero(a) == 0 || mp_int_compare_zero(b) == 0) {
724 /* Output is positive if inputs have same sign, otherwise negative */
725 osign = (MP_SIGN(a) == MP_SIGN(b)) ? MP_ZPOS : MP_NEG;
727 /* If the output is not equal to any of the inputs, we'll write the
728 results there directly; otherwise, allocate a temporary space. */
729 ua = MP_USED(a); ub = MP_USED(b);
732 if(c == a || c == b) {
733 p = ROUND_PREC(osize);
734 p = MAX(p, default_precision);
736 if((out = s_alloc(p)) == NULL)
747 if(!s_kmul(MP_DIGITS(a), MP_DIGITS(b), out, ua, ub))
750 /* If we allocated a new buffer, get rid of whatever memory c was
751 already using, and fix up its fields to reflect that.
753 if(out != MP_DIGITS(c)) {
754 if((void *) MP_DIGITS(c) != (void *) c)
755 s_free(MP_DIGITS(c));
760 MP_USED(c) = osize; /* might not be true, but we'll fix it ... */
761 CLAMP(c); /* ... right here */
769 /* {{{ mp_int_mul_value(a, value, c) */
771 mp_result mp_int_mul_value(mp_int a, int value, mp_int c)
774 mp_digit vbuf[MP_VALUE_DIGITS(value)];
776 s_fake(&vtmp, value, vbuf);
778 return mp_int_mul(a, &vtmp, c);
783 /* {{{ mp_int_mul_pow2(a, p2, c) */
785 mp_result mp_int_mul_pow2(mp_int a, int p2, mp_int c)
788 CHECK(a != NULL && c != NULL && p2 >= 0);
790 if((res = mp_int_copy(a, c)) != MP_OK)
793 if(s_qmul(c, (mp_size) p2))
801 /* {{{ mp_int_sqr(a, c) */
803 mp_result mp_int_sqr(mp_int a, mp_int c)
806 mp_size osize, p = 0;
808 CHECK(a != NULL && c != NULL);
810 /* Get a temporary buffer big enough to hold the result */
811 osize = (mp_size) 2 * MP_USED(a);
813 p = ROUND_PREC(osize);
814 p = MAX(p, default_precision);
816 if((out = s_alloc(p)) == NULL)
827 s_ksqr(MP_DIGITS(a), out, MP_USED(a));
829 /* Get rid of whatever memory c was already using, and fix up its
830 fields to reflect the new digit array it's using
832 if(out != MP_DIGITS(c)) {
833 if((void *) MP_DIGITS(c) != (void *) c)
834 s_free(MP_DIGITS(c));
839 MP_USED(c) = osize; /* might not be true, but we'll fix it ... */
840 CLAMP(c); /* ... right here */
841 MP_SIGN(c) = MP_ZPOS;
848 /* {{{ mp_int_div(a, b, q, r) */
850 mp_result mp_int_div(mp_int a, mp_int b, mp_int q, mp_int r)
852 int cmp, last = 0, lg;
853 mp_result res = MP_OK;
856 mp_sign sa = MP_SIGN(a), sb = MP_SIGN(b);
858 CHECK(a != NULL && b != NULL && q != r);
862 else if((cmp = s_ucmp(a, b)) < 0) {
863 /* If |a| < |b|, no division is required:
866 if(r && (res = mp_int_copy(a, r)) != MP_OK)
875 /* If |a| = |b|, no division is required:
892 /* When |a| > |b|, real division is required. We need someplace to
893 store quotient and remainder, but q and r are allowed to be NULL
894 or to overlap with the inputs.
896 if((lg = s_isp2(b)) < 0) {
897 if(q && b != q && (res = mp_int_copy(a, q)) == MP_OK) {
902 SETUP(mp_int_init_copy(TEMP(last), a), last);
905 if(r && a != r && (res = mp_int_copy(b, r)) == MP_OK) {
910 SETUP(mp_int_init_copy(TEMP(last), b), last);
913 if((res = s_udiv(qout, rout)) != MP_OK) goto CLEANUP;
916 if(q && (res = mp_int_copy(a, q)) != MP_OK) goto CLEANUP;
917 if(r && (res = mp_int_copy(a, r)) != MP_OK) goto CLEANUP;
919 if(q) s_qdiv(q, (mp_size) lg); qout = q;
920 if(r) s_qmod(r, (mp_size) lg); rout = r;
923 /* Recompute signs for output */
927 MP_SIGN(rout) = MP_ZPOS;
930 MP_SIGN(qout) = (sa == sb) ? MP_ZPOS : MP_NEG;
932 MP_SIGN(qout) = MP_ZPOS;
935 if(q && (res = mp_int_copy(qout, q)) != MP_OK) goto CLEANUP;
936 if(r && (res = mp_int_copy(rout, r)) != MP_OK) goto CLEANUP;
940 mp_int_clear(TEMP(last));
947 /* {{{ mp_int_mod(a, m, c) */
949 mp_result mp_int_mod(mp_int a, mp_int m, mp_int c)
963 if((res = mp_int_div(a, m, NULL, out)) != MP_OK)
967 res = mp_int_add(out, m, c);
969 res = mp_int_copy(out, c);
981 /* {{{ mp_int_div_value(a, value, q, r) */
983 mp_result mp_int_div_value(mp_int a, int value, mp_int q, int *r)
986 mp_digit vbuf[MP_VALUE_DIGITS(value)];
990 s_fake(&vtmp, value, vbuf);
992 if((res = mp_int_div(a, &vtmp, q, &rtmp)) != MP_OK)
996 (void) mp_int_to_int(&rtmp, r); /* can't fail */
1005 /* {{{ mp_int_div_pow2(a, p2, q, r) */
1007 mp_result mp_int_div_pow2(mp_int a, int p2, mp_int q, mp_int r)
1009 mp_result res = MP_OK;
1011 CHECK(a != NULL && p2 >= 0 && q != r);
1013 if(q != NULL && (res = mp_int_copy(a, q)) == MP_OK)
1014 s_qdiv(q, (mp_size) p2);
1016 if(res == MP_OK && r != NULL && (res = mp_int_copy(a, r)) == MP_OK)
1017 s_qmod(r, (mp_size) p2);
1024 /* {{{ mp_int_expt(a, b, c) */
1026 mp_result mp_int_expt(mp_int a, int b, mp_int c)
1030 unsigned int v = abs(b);
1032 CHECK(b >= 0 && c != NULL);
1034 if((res = mp_int_init_copy(&t, a)) != MP_OK)
1037 (void) mp_int_set_value(c, 1);
1040 if((res = mp_int_mul(c, &t, c)) != MP_OK)
1047 if((res = mp_int_sqr(&t, &t)) != MP_OK)
1058 /* {{{ mp_int_expt_value(a, b, c) */
1060 mp_result mp_int_expt_value(int a, int b, mp_int c)
1064 unsigned int v = abs(b);
1066 CHECK(b >= 0 && c != NULL);
1068 if((res = mp_int_init_value(&t, a)) != MP_OK)
1071 (void) mp_int_set_value(c, 1);
1074 if((res = mp_int_mul(c, &t, c)) != MP_OK)
1081 if((res = mp_int_sqr(&t, &t)) != MP_OK)
1092 /* {{{ mp_int_compare(a, b) */
1094 int mp_int_compare(mp_int a, mp_int b)
1098 CHECK(a != NULL && b != NULL);
1101 if(sa == MP_SIGN(b)) {
1102 int cmp = s_ucmp(a, b);
1104 /* If they're both zero or positive, the normal comparison
1105 applies; if both negative, the sense is reversed. */
1122 /* {{{ mp_int_compare_unsigned(a, b) */
1124 int mp_int_compare_unsigned(mp_int a, mp_int b)
1126 NRCHECK(a != NULL && b != NULL);
1128 return s_ucmp(a, b);
1133 /* {{{ mp_int_compare_zero(z) */
1135 int mp_int_compare_zero(mp_int z)
1139 if(MP_USED(z) == 1 && z->digits[0] == 0)
1141 else if(MP_SIGN(z) == MP_ZPOS)
1149 /* {{{ mp_int_compare_value(z, value) */
1151 int mp_int_compare_value(mp_int z, int value)
1153 mp_sign vsign = (value < 0) ? MP_NEG : MP_ZPOS;
1158 if(vsign == MP_SIGN(z)) {
1159 cmp = s_vcmp(z, value);
1161 if(vsign == MP_ZPOS)
1176 /* {{{ mp_int_exptmod(a, b, m, c) */
1178 mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m, mp_int c)
1186 CHECK(a != NULL && b != NULL && c != NULL && m != NULL);
1188 /* Zero moduli and negative exponents are not considered. */
1195 SETUP(mp_int_init_size(TEMP(0), 2 * um), last);
1196 SETUP(mp_int_init_size(TEMP(1), 2 * um), last);
1198 if(c == b || c == m) {
1199 SETUP(mp_int_init_size(TEMP(2), 2 * um), last);
1206 if((res = mp_int_mod(a, m, TEMP(0))) != MP_OK) goto CLEANUP;
1208 if((res = s_brmu(TEMP(1), m)) != MP_OK) goto CLEANUP;
1210 if((res = s_embar(TEMP(0), b, m, TEMP(1), s)) != MP_OK)
1213 res = mp_int_copy(s, c);
1217 mp_int_clear(TEMP(last));
1224 /* {{{ mp_int_exptmod_evalue(a, value, m, c) */
1226 mp_result mp_int_exptmod_evalue(mp_int a, int value, mp_int m, mp_int c)
1229 mp_digit vbuf[MP_VALUE_DIGITS(value)];
1231 s_fake(&vtmp, value, vbuf);
1233 return mp_int_exptmod(a, &vtmp, m, c);
1238 /* {{{ mp_int_exptmod_bvalue(v, b, m, c) */
1240 mp_result mp_int_exptmod_bvalue(int value, mp_int b,
1244 mp_digit vbuf[MP_VALUE_DIGITS(value)];
1246 s_fake(&vtmp, value, vbuf);
1248 return mp_int_exptmod(&vtmp, b, m, c);
1253 /* {{{ mp_int_exptmod_known(a, b, m, mu, c) */
1255 mp_result mp_int_exptmod_known(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c)
1263 CHECK(a && b && m && c);
1265 /* Zero moduli and negative exponents are not considered. */
1272 SETUP(mp_int_init_size(TEMP(0), 2 * um), last);
1274 if(c == b || c == m) {
1275 SETUP(mp_int_init_size(TEMP(1), 2 * um), last);
1282 if((res = mp_int_mod(a, m, TEMP(0))) != MP_OK) goto CLEANUP;
1284 if((res = s_embar(TEMP(0), b, m, mu, s)) != MP_OK)
1287 res = mp_int_copy(s, c);
1291 mp_int_clear(TEMP(last));
1298 /* {{{ mp_int_redux_const(m, c) */
1300 mp_result mp_int_redux_const(mp_int m, mp_int c)
1302 CHECK(m != NULL && c != NULL && m != c);
1304 return s_brmu(c, m);
1309 /* {{{ mp_int_invmod(a, m, c) */
1311 mp_result mp_int_invmod(mp_int a, mp_int m, mp_int c)
1318 CHECK(a != NULL && m != NULL && c != NULL);
1320 if(CMPZ(a) == 0 || CMPZ(m) <= 0)
1323 sa = MP_SIGN(a); /* need this for the result later */
1325 for(last = 0; last < 2; ++last)
1326 mp_int_init(TEMP(last));
1328 if((res = mp_int_egcd(a, m, TEMP(0), TEMP(1), NULL)) != MP_OK)
1331 if(mp_int_compare_value(TEMP(0), 1) != 0) {
1336 /* It is first necessary to constrain the value to the proper range */
1337 if((res = mp_int_mod(TEMP(1), m, TEMP(1))) != MP_OK)
1340 /* Now, if 'a' was originally negative, the value we have is
1341 actually the magnitude of the negative representative; to get the
1342 positive value we have to subtract from the modulus. Otherwise,
1343 the value is okay as it stands.
1346 res = mp_int_sub(m, TEMP(1), c);
1348 res = mp_int_copy(TEMP(1), c);
1352 mp_int_clear(TEMP(last));
1359 /* {{{ mp_int_gcd(a, b, c) */
1361 /* Binary GCD algorithm due to Josef Stein, 1961 */
1362 mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c)
1368 CHECK(a != NULL && b != NULL && c != NULL);
1372 if(ca == 0 && cb == 0)
1375 return mp_int_abs(b, c);
1377 return mp_int_abs(a, c);
1380 if((res = mp_int_init_copy(&u, a)) != MP_OK)
1382 if((res = mp_int_init_copy(&v, b)) != MP_OK)
1385 MP_SIGN(&u) = MP_ZPOS; MP_SIGN(&v) = MP_ZPOS;
1387 { /* Divide out common factors of 2 from u and v */
1388 int div2_u = s_dp2k(&u), div2_v = s_dp2k(&v);
1390 k = MIN(div2_u, div2_v);
1391 s_qdiv(&u, (mp_size) k);
1392 s_qdiv(&v, (mp_size) k);
1395 if(mp_int_is_odd(&u)) {
1396 if((res = mp_int_neg(&v, &t)) != MP_OK)
1400 if((res = mp_int_copy(&u, &t)) != MP_OK)
1405 s_qdiv(&t, s_dp2k(&t));
1408 if((res = mp_int_copy(&t, &u)) != MP_OK)
1412 if((res = mp_int_neg(&t, &v)) != MP_OK)
1416 if((res = mp_int_sub(&u, &v, &t)) != MP_OK)
1423 if((res = mp_int_abs(&u, c)) != MP_OK)
1425 if(!s_qmul(c, (mp_size) k))
1430 V: mp_int_clear(&u);
1431 U: mp_int_clear(&t);
1438 /* {{{ mp_int_egcd(a, b, c, x, y) */
1440 /* This is the binary GCD algorithm again, but this time we keep track
1441 of the elementary matrix operations as we go, so we can get values
1442 x and y satisfying c = ax + by.
1444 mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c,
1447 int k, last = 0, ca, cb;
1451 CHECK(a != NULL && b != NULL && c != NULL &&
1452 (x != NULL || y != NULL));
1456 if(ca == 0 && cb == 0)
1459 if((res = mp_int_abs(b, c)) != MP_OK) return res;
1460 mp_int_zero(x); (void) mp_int_set_value(y, 1); return MP_OK;
1463 if((res = mp_int_abs(a, c)) != MP_OK) return res;
1464 (void) mp_int_set_value(x, 1); mp_int_zero(y); return MP_OK;
1467 /* Initialize temporaries:
1468 A:0, B:1, C:2, D:3, u:4, v:5, ou:6, ov:7 */
1469 for(last = 0; last < 4; ++last)
1470 mp_int_init(TEMP(last));
1471 TEMP(0)->digits[0] = 1;
1472 TEMP(3)->digits[0] = 1;
1474 SETUP(mp_int_init_copy(TEMP(4), a), last);
1475 SETUP(mp_int_init_copy(TEMP(5), b), last);
1477 /* We will work with absolute values here */
1478 MP_SIGN(TEMP(4)) = MP_ZPOS;
1479 MP_SIGN(TEMP(5)) = MP_ZPOS;
1481 { /* Divide out common factors of 2 from u and v */
1482 int div2_u = s_dp2k(TEMP(4)), div2_v = s_dp2k(TEMP(5));
1484 k = MIN(div2_u, div2_v);
1489 SETUP(mp_int_init_copy(TEMP(6), TEMP(4)), last);
1490 SETUP(mp_int_init_copy(TEMP(7), TEMP(5)), last);
1493 while(mp_int_is_even(TEMP(4))) {
1496 if(mp_int_is_odd(TEMP(0)) || mp_int_is_odd(TEMP(1))) {
1497 if((res = mp_int_add(TEMP(0), TEMP(7), TEMP(0))) != MP_OK)
1499 if((res = mp_int_sub(TEMP(1), TEMP(6), TEMP(1))) != MP_OK)
1507 while(mp_int_is_even(TEMP(5))) {
1510 if(mp_int_is_odd(TEMP(2)) || mp_int_is_odd(TEMP(3))) {
1511 if((res = mp_int_add(TEMP(2), TEMP(7), TEMP(2))) != MP_OK)
1513 if((res = mp_int_sub(TEMP(3), TEMP(6), TEMP(3))) != MP_OK)
1521 if(mp_int_compare(TEMP(4), TEMP(5)) >= 0) {
1522 if((res = mp_int_sub(TEMP(4), TEMP(5), TEMP(4))) != MP_OK) goto CLEANUP;
1523 if((res = mp_int_sub(TEMP(0), TEMP(2), TEMP(0))) != MP_OK) goto CLEANUP;
1524 if((res = mp_int_sub(TEMP(1), TEMP(3), TEMP(1))) != MP_OK) goto CLEANUP;
1527 if((res = mp_int_sub(TEMP(5), TEMP(4), TEMP(5))) != MP_OK) goto CLEANUP;
1528 if((res = mp_int_sub(TEMP(2), TEMP(0), TEMP(2))) != MP_OK) goto CLEANUP;
1529 if((res = mp_int_sub(TEMP(3), TEMP(1), TEMP(3))) != MP_OK) goto CLEANUP;
1532 if(CMPZ(TEMP(4)) == 0) {
1533 if(x && (res = mp_int_copy(TEMP(2), x)) != MP_OK) goto CLEANUP;
1534 if(y && (res = mp_int_copy(TEMP(3), y)) != MP_OK) goto CLEANUP;
1536 if(!s_qmul(TEMP(5), k)) {
1541 res = mp_int_copy(TEMP(5), c);
1550 mp_int_clear(TEMP(last));
1557 /* {{{ mp_int_divisible_value(a, v) */
1559 int mp_int_divisible_value(mp_int a, int v)
1563 if(mp_int_div_value(a, v, NULL, &rem) != MP_OK)
1571 /* {{{ mp_int_is_pow2(z) */
1573 int mp_int_is_pow2(mp_int z)
1582 /* {{{ mp_int_sqrt(a, c) */
1584 mp_result mp_int_sqrt(mp_int a, mp_int c)
1586 mp_result res = MP_OK;
1590 CHECK(a != NULL && c != NULL);
1592 /* The square root of a negative value does not exist in the integers. */
1593 if(MP_SIGN(a) == MP_NEG)
1596 SETUP(mp_int_init_copy(TEMP(last), a), last);
1597 SETUP(mp_int_init(TEMP(last)), last);
1600 if((res = mp_int_sqr(TEMP(0), TEMP(1))) != MP_OK)
1603 if(mp_int_compare_unsigned(a, TEMP(1)) == 0) break;
1605 if((res = mp_int_copy(a, TEMP(1))) != MP_OK)
1607 if((res = mp_int_div(TEMP(1), TEMP(0), TEMP(1), NULL)) != MP_OK)
1609 if((res = mp_int_add(TEMP(0), TEMP(1), TEMP(1))) != MP_OK)
1611 if((res = mp_int_div_pow2(TEMP(1), 1, TEMP(1), NULL)) != MP_OK)
1614 if(mp_int_compare_unsigned(TEMP(0), TEMP(1)) == 0) break;
1615 if((res = mp_int_sub_value(TEMP(0), 1, TEMP(0))) != MP_OK) goto CLEANUP;
1616 if(mp_int_compare_unsigned(TEMP(0), TEMP(1)) == 0) break;
1618 if((res = mp_int_copy(TEMP(1), TEMP(0))) != MP_OK) goto CLEANUP;
1621 res = mp_int_copy(TEMP(0), c);
1625 mp_int_clear(TEMP(last));
1632 /* {{{ mp_int_to_int(z, out) */
1634 mp_result mp_int_to_int(mp_int z, int *out)
1636 unsigned int uv = 0;
1643 /* Make sure the value is representable as an int */
1645 if((sz == MP_ZPOS && mp_int_compare_value(z, INT_MAX) > 0) ||
1646 mp_int_compare_value(z, INT_MIN) < 0)
1650 dz = MP_DIGITS(z) + uz - 1;
1653 uv <<= MP_DIGIT_BIT/2;
1654 uv = (uv << (MP_DIGIT_BIT/2)) | *dz--;
1659 *out = (sz == MP_NEG) ? -(int)uv : (int)uv;
1666 /* {{{ mp_int_to_string(z, radix, str, limit) */
1668 mp_result mp_int_to_string(mp_int z, mp_size radix,
1669 char *str, int limit)
1674 CHECK(z != NULL && str != NULL && limit >= 2);
1676 if(radix < MP_MIN_RADIX || radix > MP_MAX_RADIX)
1680 *str++ = s_val2ch(0, 1);
1686 if((res = mp_int_init_copy(&tmp, z)) != MP_OK)
1689 if(MP_SIGN(z) == MP_NEG) {
1695 /* Generate digits in reverse order until finished or limit reached */
1696 for(/* */; limit > 0; --limit) {
1699 if((cmp = CMPZ(&tmp)) == 0)
1702 d = s_ddiv(&tmp, (mp_digit)radix);
1703 *str++ = s_val2ch(d, 1);
1707 /* Put digits back in correct output order */
1726 /* {{{ mp_int_string_len(z, radix) */
1728 mp_result mp_int_string_len(mp_int z, mp_size radix)
1734 if(radix < MP_MIN_RADIX || radix > MP_MAX_RADIX)
1737 len = s_outlen(z, radix) + 1; /* for terminator */
1739 /* Allow for sign marker on negatives */
1740 if(MP_SIGN(z) == MP_NEG)
1748 /* {{{ mp_int_read_string(z, radix, *str) */
1750 /* Read zero-terminated string into z */
1751 mp_result mp_int_read_string(mp_int z, mp_size radix, const char *str)
1753 return mp_int_read_cstring(z, radix, str, NULL);
1759 /* {{{ mp_int_read_cstring(z, radix, *str, **end) */
1761 mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str, char **end)
1765 CHECK(z != NULL && str != NULL);
1767 if(radix < MP_MIN_RADIX || radix > MP_MAX_RADIX)
1770 /* Skip leading whitespace */
1771 while(isspace((int)*str))
1774 /* Handle leading sign tag (+/-, positive default) */
1777 MP_SIGN(z) = MP_NEG;
1781 ++str; /* fallthrough */
1783 MP_SIGN(z) = MP_ZPOS;
1787 /* Skip leading zeroes */
1788 while((ch = s_ch2val(*str, radix)) == 0)
1791 /* Make sure there is enough space for the value */
1792 if(!s_pad(z, s_inlen(strlen(str), radix)))
1795 MP_USED(z) = 1; z->digits[0] = 0;
1797 while(*str != '\0' && ((ch = s_ch2val(*str, radix)) >= 0)) {
1798 s_dmul(z, (mp_digit)radix);
1799 s_dadd(z, (mp_digit)ch);
1805 /* Override sign for zero, even if negative specified. */
1807 MP_SIGN(z) = MP_ZPOS;
1812 /* Return a truncation error if the string has unprocessed
1813 characters remaining, so the caller can tell if the whole string
1823 /* {{{ mp_int_count_bits(z) */
1825 mp_result mp_int_count_bits(mp_int z)
1827 mp_size nbits = 0, uz;
1833 if(uz == 1 && z->digits[0] == 0)
1837 nbits = uz * MP_DIGIT_BIT;
1850 /* {{{ mp_int_to_binary(z, buf, limit) */
1852 mp_result mp_int_to_binary(mp_int z, unsigned char *buf, int limit)
1854 static const int PAD_FOR_2C = 1;
1859 CHECK(z != NULL && buf != NULL);
1861 res = s_tobin(z, buf, &limpos, PAD_FOR_2C);
1863 if(MP_SIGN(z) == MP_NEG)
1864 s_2comp(buf, limpos);
1871 /* {{{ mp_int_read_binary(z, buf, len) */
1873 mp_result mp_int_read_binary(mp_int z, unsigned char *buf, int len)
1879 CHECK(z != NULL && buf != NULL && len > 0);
1881 /* Figure out how many digits are needed to represent this value */
1882 need = ((len * CHAR_BIT) + (MP_DIGIT_BIT - 1)) / MP_DIGIT_BIT;
1888 /* If the high-order bit is set, take the 2's complement before
1889 reading the value (it will be restored afterward) */
1890 if(buf[0] >> (CHAR_BIT - 1)) {
1891 MP_SIGN(z) = MP_NEG;
1896 for(tmp = buf, i = len; i > 0; --i, ++tmp) {
1897 s_qmul(z, (mp_size) CHAR_BIT);
1901 /* Restore 2's complement if we took it before */
1902 if(MP_SIGN(z) == MP_NEG)
1910 /* {{{ mp_int_binary_len(z) */
1912 mp_result mp_int_binary_len(mp_int z)
1914 mp_result res = mp_int_count_bits(z);
1915 int bytes = mp_int_unsigned_len(z);
1920 bytes = (res + (CHAR_BIT - 1)) / CHAR_BIT;
1922 /* If the highest-order bit falls exactly on a byte boundary, we
1923 need to pad with an extra byte so that the sign will be read
1924 correctly when reading it back in. */
1925 if(bytes * CHAR_BIT == res)
1933 /* {{{ mp_int_to_unsigned(z, buf, limit) */
1935 mp_result mp_int_to_unsigned(mp_int z, unsigned char *buf, int limit)
1937 static const int NO_PADDING = 0;
1939 CHECK(z != NULL && buf != NULL);
1941 return s_tobin(z, buf, &limit, NO_PADDING);
1946 /* {{{ mp_int_read_unsigned(z, buf, len) */
1948 mp_result mp_int_read_unsigned(mp_int z, unsigned char *buf, int len)
1954 CHECK(z != NULL && buf != NULL && len > 0);
1956 /* Figure out how many digits are needed to represent this value */
1957 need = ((len * CHAR_BIT) + (MP_DIGIT_BIT - 1)) / MP_DIGIT_BIT;
1964 for(tmp = buf, i = len; i > 0; --i, ++tmp) {
1965 (void) s_qmul(z, CHAR_BIT);
1974 /* {{{ mp_int_unsigned_len(z) */
1976 mp_result mp_int_unsigned_len(mp_int z)
1978 mp_result res = mp_int_count_bits(z);
1984 bytes = (res + (CHAR_BIT - 1)) / CHAR_BIT;
1991 /* {{{ mp_error_string(res) */
1993 const char *mp_error_string(mp_result res)
1997 return s_unknown_err;
2000 for(ix = 0; ix < res && s_error_msg[ix] != NULL; ++ix)
2003 if(s_error_msg[ix] != NULL)
2004 return s_error_msg[ix];
2006 return s_unknown_err;
2011 /*------------------------------------------------------------------------*/
2012 /* Private functions for internal use. These make assumptions. */
2014 /* {{{ s_alloc(num) */
2016 static mp_digit *s_alloc(mp_size num)
2018 mp_digit *out = malloc(num * sizeof(mp_digit));
2020 assert(out != NULL); /* for debugging */
2027 /* {{{ s_realloc(old, num) */
2029 static mp_digit *s_realloc(mp_digit *old, mp_size num)
2031 mp_digit *new = realloc(old, num * sizeof(mp_digit));
2033 assert(new != NULL); /* for debugging */
2040 /* {{{ s_free(ptr) */
2043 static void s_free(void *ptr)
2051 /* {{{ s_pad(z, min) */
2053 int s_pad(mp_int z, mp_size min)
2055 if(MP_ALLOC(z) < min) {
2056 mp_size nsize = ROUND_PREC(min);
2059 if((void *)z->digits == (void *)z) {
2060 if((tmp = s_alloc(nsize)) == NULL)
2063 COPY(MP_DIGITS(z), tmp, MP_USED(z));
2065 else if((tmp = s_realloc(MP_DIGITS(z), nsize)) == NULL)
2069 MP_ALLOC(z) = nsize;
2077 /* {{{ s_clamp(z) */
2080 static void s_clamp(mp_int z)
2082 mp_size uz = MP_USED(z);
2083 mp_digit *zd = MP_DIGITS(z) + uz - 1;
2085 while(uz > 1 && (*zd-- == 0))
2094 /* {{{ s_fake(z, value, vbuf) */
2096 static void s_fake(mp_int z, int value, mp_digit vbuf[])
2098 mp_size uv = (mp_size) s_vpack(value, vbuf);
2101 z->alloc = MP_VALUE_DIGITS(value);
2102 z->sign = (value < 0) ? MP_NEG : MP_ZPOS;
2108 /* {{{ s_cdig(da, db, len) */
2110 static int s_cdig(mp_digit *da, mp_digit *db, mp_size len)
2112 mp_digit *dat = da + len - 1, *dbt = db + len - 1;
2114 for(/* */; len != 0; --len, --dat, --dbt) {
2117 else if(*dat < *dbt)
2126 /* {{{ s_vpack(v, t[]) */
2128 static int s_vpack(int v, mp_digit t[])
2130 unsigned int uv = (unsigned int)((v < 0) ? -v : v);
2137 t[ndig++] = (mp_digit) uv;
2138 uv >>= MP_DIGIT_BIT/2;
2139 uv >>= MP_DIGIT_BIT/2;
2148 /* {{{ s_ucmp(a, b) */
2150 static int s_ucmp(mp_int a, mp_int b)
2152 mp_size ua = MP_USED(a), ub = MP_USED(b);
2159 return s_cdig(MP_DIGITS(a), MP_DIGITS(b), ua);
2164 /* {{{ s_vcmp(a, v) */
2166 static int s_vcmp(mp_int a, int v)
2168 mp_digit vdig[MP_VALUE_DIGITS(v)];
2170 mp_size ua = MP_USED(a);
2172 ndig = s_vpack(v, vdig);
2179 return s_cdig(MP_DIGITS(a), vdig, ndig);
2184 /* {{{ s_uadd(da, db, dc, size_a, size_b) */
2186 static mp_digit s_uadd(mp_digit *da, mp_digit *db, mp_digit *dc,
2187 mp_size size_a, mp_size size_b)
2192 /* Insure that da is the longer of the two to simplify later code */
2193 if(size_b > size_a) {
2194 SWAP(mp_digit *, da, db);
2195 SWAP(mp_size, size_a, size_b);
2198 /* Add corresponding digits until the shorter number runs out */
2199 for(pos = 0; pos < size_b; ++pos, ++da, ++db, ++dc) {
2200 w = w + (mp_word) *da + (mp_word) *db;
2201 *dc = LOWER_HALF(w);
2205 /* Propagate carries as far as necessary */
2206 for(/* */; pos < size_a; ++pos, ++da, ++dc) {
2209 *dc = LOWER_HALF(w);
2213 /* Return carry out */
2219 /* {{{ s_usub(da, db, dc, size_a, size_b) */
2221 static void s_usub(mp_digit *da, mp_digit *db, mp_digit *dc,
2222 mp_size size_a, mp_size size_b)
2227 /* We assume that |a| >= |b| so this should definitely hold */
2228 assert(size_a >= size_b);
2230 /* Subtract corresponding digits and propagate borrow */
2231 for(pos = 0; pos < size_b; ++pos, ++da, ++db, ++dc) {
2232 w = ((mp_word)MP_DIGIT_MAX + 1 + /* MP_RADIX */
2233 (mp_word)*da) - w - (mp_word)*db;
2235 *dc = LOWER_HALF(w);
2236 w = (UPPER_HALF(w) == 0);
2239 /* Finish the subtraction for remaining upper digits of da */
2240 for(/* */; pos < size_a; ++pos, ++da, ++dc) {
2241 w = ((mp_word)MP_DIGIT_MAX + 1 + /* MP_RADIX */
2244 *dc = LOWER_HALF(w);
2245 w = (UPPER_HALF(w) == 0);
2248 /* If there is a borrow out at the end, it violates the precondition */
2254 /* {{{ s_kmul(da, db, dc, size_a, size_b) */
2256 static int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc,
2257 mp_size size_a, mp_size size_b)
2261 /* Make sure b is the smaller of the two input values */
2262 if(size_b > size_a) {
2263 SWAP(mp_digit *, da, db);
2264 SWAP(mp_size, size_a, size_b);
2267 /* Insure that the bottom is the larger half in an odd-length split;
2268 the code below relies on this being true.
2270 bot_size = (size_a + 1) / 2;
2272 /* If the values are big enough to bother with recursion, use the
2273 Karatsuba algorithm to compute the product; otherwise use the
2274 normal multiplication algorithm
2276 if(multiply_threshold &&
2277 size_a >= multiply_threshold &&
2278 size_b > bot_size) {
2280 mp_digit *t1, *t2, *t3, carry;
2282 mp_digit *a_top = da + bot_size;
2283 mp_digit *b_top = db + bot_size;
2285 mp_size at_size = size_a - bot_size;
2286 mp_size bt_size = size_b - bot_size;
2287 mp_size buf_size = 2 * bot_size;
2289 /* Do a single allocation for all three temporary buffers needed;
2290 each buffer must be big enough to hold the product of two
2291 bottom halves, and one buffer needs space for the completed
2292 product; twice the space is plenty.
2294 if((t1 = s_alloc(4 * buf_size)) == NULL) return 0;
2297 ZERO(t1, 4 * buf_size);
2299 /* t1 and t2 are initially used as temporaries to compute the inner product
2300 (a1 + a0)(b1 + b0) = a1b1 + a1b0 + a0b1 + a0b0
2302 carry = s_uadd(da, a_top, t1, bot_size, at_size); /* t1 = a1 + a0 */
2303 t1[bot_size] = carry;
2305 carry = s_uadd(db, b_top, t2, bot_size, bt_size); /* t2 = b1 + b0 */
2306 t2[bot_size] = carry;
2308 (void) s_kmul(t1, t2, t3, bot_size + 1, bot_size + 1); /* t3 = t1 * t2 */
2310 /* Now we'll get t1 = a0b0 and t2 = a1b1, and subtract them out so that
2311 we're left with only the pieces we want: t3 = a1b0 + a0b1
2313 ZERO(t1, bot_size + 1);
2314 ZERO(t2, bot_size + 1);
2315 (void) s_kmul(da, db, t1, bot_size, bot_size); /* t1 = a0 * b0 */
2316 (void) s_kmul(a_top, b_top, t2, at_size, bt_size); /* t2 = a1 * b1 */
2318 /* Subtract out t1 and t2 to get the inner product */
2319 s_usub(t3, t1, t3, buf_size + 2, buf_size);
2320 s_usub(t3, t2, t3, buf_size + 2, buf_size);
2322 /* Assemble the output value */
2323 COPY(t1, dc, buf_size);
2324 (void) s_uadd(t3, dc + bot_size, dc + bot_size,
2325 buf_size + 1, buf_size + 1);
2327 (void) s_uadd(t2, dc + 2*bot_size, dc + 2*bot_size,
2328 buf_size, buf_size);
2330 s_free(t1); /* note t2 and t3 are just internal pointers to t1 */
2333 s_umul(da, db, dc, size_a, size_b);
2341 /* {{{ s_umul(da, db, dc, size_a, size_b) */
2343 static void s_umul(mp_digit *da, mp_digit *db, mp_digit *dc,
2344 mp_size size_a, mp_size size_b)
2349 for(a = 0; a < size_a; ++a, ++dc, ++da) {
2357 for(b = 0; b < size_b; ++b, ++dbt, ++dct) {
2358 w = (mp_word)*da * (mp_word)*dbt + w + (mp_word)*dct;
2360 *dct = LOWER_HALF(w);
2370 /* {{{ s_ksqr(da, dc, size_a) */
2372 static int s_ksqr(mp_digit *da, mp_digit *dc, mp_size size_a)
2374 if(multiply_threshold && size_a > multiply_threshold) {
2375 mp_size bot_size = (size_a + 1) / 2;
2376 mp_digit *a_top = da + bot_size;
2377 mp_digit *t1, *t2, *t3;
2378 mp_size at_size = size_a - bot_size;
2379 mp_size buf_size = 2 * bot_size;
2381 if((t1 = s_alloc(4 * buf_size)) == NULL) return 0;
2384 ZERO(t1, 4 * buf_size);
2386 (void) s_ksqr(da, t1, bot_size); /* t1 = a0 ^ 2 */
2387 (void) s_ksqr(a_top, t2, at_size); /* t2 = a1 ^ 2 */
2389 (void) s_kmul(da, a_top, t3, bot_size, at_size); /* t3 = a0 * a1 */
2391 /* Quick multiply t3 by 2, shifting left (can't overflow) */
2393 int i, top = bot_size + at_size;
2394 mp_word w, save = 0;
2396 for(i = 0; i < top; ++i) {
2398 w = (w << 1) | save;
2399 t3[i] = LOWER_HALF(w);
2400 save = UPPER_HALF(w);
2402 t3[i] = LOWER_HALF(save);
2405 /* Assemble the output value */
2406 COPY(t1, dc, 2 * bot_size);
2407 (void) s_uadd(t3, dc + bot_size, dc + bot_size,
2408 buf_size + 1, buf_size + 1);
2410 (void) s_uadd(t2, dc + 2*bot_size, dc + 2*bot_size,
2411 buf_size, buf_size);
2413 free(t1); /* note that t2 and t2 are internal pointers only */
2417 s_usqr(da, dc, size_a);
2425 /* {{{ s_usqr(da, dc, size_a) */
2427 static void s_usqr(mp_digit *da, mp_digit *dc, mp_size size_a)
2432 for(i = 0; i < size_a; ++i, dc += 2, ++da) {
2433 mp_digit *dct = dc, *dat = da;
2438 /* Take care of the first digit, no rollover */
2439 w = (mp_word)*dat * (mp_word)*dat + (mp_word)*dct;
2440 *dct = LOWER_HALF(w);
2444 for(j = i + 1; j < size_a; ++j, ++dat, ++dct) {
2445 mp_word t = (mp_word)*da * (mp_word)*dat;
2446 mp_word u = w + (mp_word)*dct, ov = 0;
2448 /* Check if doubling t will overflow a word */
2454 /* Check if adding u to w will overflow a word */
2455 if(ADD_WILL_OVERFLOW(w, u))
2460 *dct = LOWER_HALF(w);
2463 w += MP_DIGIT_MAX; /* MP_RADIX */
2470 while((w = UPPER_HALF(w)) != 0) {
2471 ++dct; w = w + *dct;
2472 *dct = LOWER_HALF(w);
2481 /* {{{ s_dadd(a, b) */
2483 static void s_dadd(mp_int a, mp_digit b)
2486 mp_digit *da = MP_DIGITS(a);
2487 mp_size ua = MP_USED(a);
2489 w = (mp_word)*da + b;
2490 *da++ = LOWER_HALF(w);
2493 for(ua -= 1; ua > 0; --ua, ++da) {
2494 w = (mp_word)*da + w;
2496 *da = LOWER_HALF(w);
2508 /* {{{ s_dmul(a, b) */
2510 static void s_dmul(mp_int a, mp_digit b)
2513 mp_digit *da = MP_DIGITS(a);
2514 mp_size ua = MP_USED(a);
2517 w = (mp_word)*da * b + w;
2518 *da++ = LOWER_HALF(w);
2531 /* {{{ s_dbmul(da, b, dc, size_a) */
2533 static void s_dbmul(mp_digit *da, mp_digit b, mp_digit *dc, mp_size size_a)
2538 w = (mp_word)*da++ * (mp_word)b + w;
2540 *dc++ = LOWER_HALF(w);
2546 *dc = LOWER_HALF(w);
2551 /* {{{ s_ddiv(da, d, dc, size_a) */
2553 static mp_digit s_ddiv(mp_int a, mp_digit b)
2555 mp_word w = 0, qdigit;
2556 mp_size ua = MP_USED(a);
2557 mp_digit *da = MP_DIGITS(a) + ua - 1;
2559 for(/* */; ua > 0; --ua, --da) {
2560 w = (w << MP_DIGIT_BIT) | *da;
2570 *da = (mp_digit)qdigit;
2579 /* {{{ s_qdiv(z, p2) */
2581 static void s_qdiv(mp_int z, mp_size p2)
2583 mp_size ndig = p2 / MP_DIGIT_BIT, nbits = p2 % MP_DIGIT_BIT;
2584 mp_size uz = MP_USED(z);
2588 mp_digit *to, *from;
2595 to = MP_DIGITS(z); from = to + ndig;
2597 for(mark = ndig; mark < uz; ++mark)
2600 MP_USED(z) = uz - ndig;
2604 mp_digit d = 0, *dz, save;
2605 mp_size up = MP_DIGIT_BIT - nbits;
2608 dz = MP_DIGITS(z) + uz - 1;
2610 for(/* */; uz > 0; --uz, --dz) {
2613 *dz = (*dz >> nbits) | (d << up);
2620 if(MP_USED(z) == 1 && z->digits[0] == 0)
2621 MP_SIGN(z) = MP_ZPOS;
2626 /* {{{ s_qmod(z, p2) */
2628 static void s_qmod(mp_int z, mp_size p2)
2630 mp_size start = p2 / MP_DIGIT_BIT + 1, rest = p2 % MP_DIGIT_BIT;
2631 mp_size uz = MP_USED(z);
2632 mp_digit mask = (1 << rest) - 1;
2636 z->digits[start - 1] &= mask;
2643 /* {{{ s_qmul(z, p2) */
2645 static int s_qmul(mp_int z, mp_size p2)
2647 mp_size uz, need, rest, extra, i;
2648 mp_digit *from, *to, d;
2654 need = p2 / MP_DIGIT_BIT; rest = p2 % MP_DIGIT_BIT;
2656 /* Figure out if we need an extra digit at the top end; this occurs
2657 if the topmost `rest' bits of the high-order digit of z are not
2658 zero, meaning they will be shifted off the end if not preserved */
2661 mp_digit *dz = MP_DIGITS(z) + uz - 1;
2663 if((*dz >> (MP_DIGIT_BIT - rest)) != 0)
2667 if(!s_pad(z, uz + need + extra))
2670 /* If we need to shift by whole digits, do that in one pass, then
2671 to back and shift by partial digits.
2674 from = MP_DIGITS(z) + uz - 1;
2677 for(i = 0; i < uz; ++i)
2680 ZERO(MP_DIGITS(z), need);
2686 for(i = need, from = MP_DIGITS(z) + need; i < uz; ++i, ++from) {
2687 mp_digit save = *from;
2689 *from = (*from << rest) | (d >> (MP_DIGIT_BIT - rest));
2693 d >>= (MP_DIGIT_BIT - rest);
2708 /* {{{ s_qsub(z, p2) */
2710 /* Subtract |z| from 2^p2, assuming 2^p2 > |z|, and set z to be positive */
2711 static int s_qsub(mp_int z, mp_size p2)
2713 mp_digit hi = (1 << (p2 % MP_DIGIT_BIT)), *zp;
2714 mp_size tdig = (p2 / MP_DIGIT_BIT), pos;
2717 if(!s_pad(z, tdig + 1))
2720 for(pos = 0, zp = MP_DIGITS(z); pos < tdig; ++pos, ++zp) {
2721 w = ((mp_word) MP_DIGIT_MAX + 1) - w - (mp_word)*zp;
2723 *zp = LOWER_HALF(w);
2724 w = UPPER_HALF(w) ? 0 : 1;
2727 w = ((mp_word) MP_DIGIT_MAX + 1 + hi) - w - (mp_word)*zp;
2728 *zp = LOWER_HALF(w);
2730 assert(UPPER_HALF(w) != 0); /* no borrow out should be possible */
2732 MP_SIGN(z) = MP_ZPOS;
2742 static int s_dp2k(mp_int z)
2745 mp_digit *dp = MP_DIGITS(z), d;
2747 if(MP_USED(z) == 1 && *dp == 0)
2756 while((d & 1) == 0) {
2768 static int s_isp2(mp_int z)
2770 mp_size uz = MP_USED(z), k = 0;
2771 mp_digit *dz = MP_DIGITS(z), d;
2792 /* {{{ s_2expt(z, k) */
2794 static int s_2expt(mp_int z, int k)
2799 ndig = (k + MP_DIGIT_BIT) / MP_DIGIT_BIT;
2800 rest = k % MP_DIGIT_BIT;
2807 *(dz + ndig - 1) = (1 << rest);
2815 /* {{{ s_norm(a, b) */
2817 static int s_norm(mp_int a, mp_int b)
2819 mp_digit d = b->digits[MP_USED(b) - 1];
2822 while(d < (mp_digit) (1 << (MP_DIGIT_BIT - 1))) { /* d < (MP_RADIX / 2) */
2827 /* These multiplications can't fail */
2829 (void) s_qmul(a, (mp_size) k);
2830 (void) s_qmul(b, (mp_size) k);
2838 /* {{{ s_brmu(z, m) */
2840 static mp_result s_brmu(mp_int z, mp_int m)
2842 mp_size um = MP_USED(m) * 2;
2847 s_2expt(z, MP_DIGIT_BIT * um);
2848 return mp_int_div(z, m, z, NULL);
2853 /* {{{ s_reduce(x, m, mu, q1, q2) */
2855 static int s_reduce(mp_int x, mp_int m, mp_int mu, mp_int q1, mp_int q2)
2857 mp_size um = MP_USED(m), umb_p1, umb_m1;
2859 umb_p1 = (um + 1) * MP_DIGIT_BIT;
2860 umb_m1 = (um - 1) * MP_DIGIT_BIT;
2862 if(mp_int_copy(x, q1) != MP_OK)
2865 /* Compute q2 = floor((floor(x / b^(k-1)) * mu) / b^(k+1)) */
2870 /* Set x = x mod b^(k+1) */
2873 /* Now, q is a guess for the quotient a / m.
2874 Compute x - q * m mod b^(k+1), replacing x. This may be off
2875 by a factor of 2m, but no more than that.
2879 (void) mp_int_sub(x, q1, x); /* can't fail */
2881 /* The result may be < 0; if it is, add b^(k+1) to pin it in the
2883 if((CMPZ(x) < 0) && !s_qsub(x, umb_p1))
2886 /* If x > m, we need to back it off until it is in range.
2887 This will be required at most twice. */
2888 if(mp_int_compare(x, m) >= 0)
2889 (void) mp_int_sub(x, m, x);
2890 if(mp_int_compare(x, m) >= 0)
2891 (void) mp_int_sub(x, m, x);
2893 /* At this point, x has been properly reduced. */
2899 /* {{{ s_embar(a, b, m, mu, c) */
2901 /* Perform modular exponentiation using Barrett's method, where mu is
2902 the reduction constant for m. Assumes a < m, b > 0. */
2903 mp_result s_embar(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c)
2905 mp_digit *db, *dbt, umu, d;
2910 umu = MP_USED(mu); db = MP_DIGITS(b); dbt = db + MP_USED(b) - 1;
2913 SETUP(mp_int_init_size(TEMP(last), 4 * umu), last);
2915 (void) mp_int_set_value(c, 1);
2917 /* Take care of low-order digits */
2921 for(d = *db, i = MP_DIGIT_BIT; i > 0; --i, d >>= 1) {
2923 /* The use of a second temporary avoids allocation */
2924 UMUL(c, a, TEMP(0));
2925 if(!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) {
2926 res = MP_MEMORY; goto CLEANUP;
2928 mp_int_copy(TEMP(0), c);
2933 assert(MP_SIGN(TEMP(0)) == MP_ZPOS);
2934 if(!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) {
2935 res = MP_MEMORY; goto CLEANUP;
2937 assert(MP_SIGN(TEMP(0)) == MP_ZPOS);
2938 mp_int_copy(TEMP(0), a);
2946 /* Take care of highest-order digit */
2950 UMUL(c, a, TEMP(0));
2951 if(!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) {
2952 res = MP_MEMORY; goto CLEANUP;
2954 mp_int_copy(TEMP(0), c);
2961 if(!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) {
2962 res = MP_MEMORY; goto CLEANUP;
2964 (void) mp_int_copy(TEMP(0), a);
2969 mp_int_clear(TEMP(last));
2976 /* {{{ s_udiv(a, b) */
2978 /* Precondition: a >= b and b > 0
2979 Postcondition: a' = a / b, b' = a % b
2981 static mp_result s_udiv(mp_int a, mp_int b)
2984 mp_size ua, ub, qpos = 0;
2986 mp_result res = MP_OK;
2989 /* Force signs to positive */
2990 MP_SIGN(a) = MP_ZPOS;
2991 MP_SIGN(b) = MP_ZPOS;
2993 /* Normalize, per Knuth */
2996 ua = MP_USED(a); ub = MP_USED(b); btop = b->digits[ub - 1];
2997 if((res = mp_int_init_size(&q, ua)) != MP_OK) return res;
2998 if((res = mp_int_init_size(&t, ua + 1)) != MP_OK) goto CLEANUP;
3001 r.digits = da + ua - 1; /* The contents of r are shared with a */
3004 r.alloc = MP_ALLOC(a);
3005 ZERO(t.digits, t.alloc);
3007 /* Solve for quotient digits, store in q.digits in reverse order */
3008 while(r.digits >= da) {
3009 if (qpos > q.alloc) {
3011 printf("qpos = %d q.alloc = %d da = %d ua = %d\n",
3012 (int)qpos, (int)q.alloc, (int)da, (int)ua);
3013 mp_int_to_string(a, 10, buf, sizeof(buf));
3014 printf("a = %s\n", buf);
3015 mp_int_to_string(b, 10, buf, sizeof(buf));
3016 printf("b = %s\n", buf);
3017 assert(qpos <= q.alloc);
3020 if(s_ucmp(b, &r) > 0) {
3025 q.digits[qpos++] = 0;
3030 mp_word pfx = r.digits[r.used - 1];
3033 if(r.used > 1 && (pfx < btop || r.digits[r.used - 2] == 0)) {
3034 pfx <<= MP_DIGIT_BIT / 2;
3035 pfx <<= MP_DIGIT_BIT / 2;
3036 pfx |= r.digits[r.used - 2];
3039 qdigit = pfx / btop;
3040 if(qdigit > MP_DIGIT_MAX)
3043 s_dbmul(MP_DIGITS(b), (mp_digit) qdigit, t.digits, ub);
3044 t.used = ub + 1; CLAMP(&t);
3045 while(s_ucmp(&t, &r) > 0) {
3047 (void) mp_int_sub(&t, b, &t); /* cannot fail */
3050 s_usub(r.digits, t.digits, r.digits, r.used, t.used);
3053 q.digits[qpos++] = (mp_digit) qdigit;
3054 ZERO(t.digits, t.used);
3059 /* Put quotient digits in the correct order, and discard extra zeroes */
3061 REV(mp_digit, q.digits, qpos);
3064 /* Denormalize the remainder */
3069 mp_int_copy(a, b); /* ok: 0 <= r < b */
3070 mp_int_copy(&q, a); /* ok: q <= a */
3080 /* {{{ s_outlen(z, r) */
3082 /* Precondition: 2 <= r < 64 */
3083 static int s_outlen(mp_int z, mp_size r)
3088 bits = mp_int_count_bits(z);
3089 raw = (double)bits * s_log2[r];
3091 return (int)(raw + 0.999999);
3096 /* {{{ s_inlen(len, r) */
3098 static mp_size s_inlen(int len, mp_size r)
3100 double raw = (double)len / s_log2[r];
3101 mp_size bits = (mp_size)(raw + 0.5);
3103 return (mp_size)((bits + (MP_DIGIT_BIT - 1)) / MP_DIGIT_BIT);
3108 /* {{{ s_ch2val(c, r) */
3110 static int s_ch2val(char c, int r)
3114 if(isdigit((unsigned char) c))
3116 else if(r > 10 && isalpha((unsigned char) c))
3117 out = toupper(c) - 'A' + 10;
3121 return (out >= r) ? -1 : out;
3126 /* {{{ s_val2ch(v, caps) */
3128 static char s_val2ch(int v, int caps)
3135 char out = (v - 10) + 'a';
3138 return toupper(out);
3146 /* {{{ s_2comp(buf, len) */
3148 static void s_2comp(unsigned char *buf, int len)
3151 unsigned short s = 1;
3153 for(i = len - 1; i >= 0; --i) {
3154 unsigned char c = ~buf[i];
3163 /* last carry out is ignored */
3168 /* {{{ s_tobin(z, buf, *limpos) */
3170 static mp_result s_tobin(mp_int z, unsigned char *buf, int *limpos, int pad)
3174 int pos = 0, limit = *limpos;
3176 uz = MP_USED(z); dz = MP_DIGITS(z);
3177 while(uz > 0 && pos < limit) {
3181 for(i = sizeof(mp_digit); i > 0 && pos < limit; --i) {
3182 buf[pos++] = (unsigned char)d;
3185 /* Don't write leading zeroes */
3186 if(d == 0 && uz == 1)
3187 i = 0; /* exit loop without signaling truncation */
3190 /* Detect truncation (loop exited with pos >= limit) */
3196 if(pad != 0 && (buf[pos - 1] >> (CHAR_BIT - 1))) {
3203 /* Digits are in reverse order, fix that */
3204 REV(unsigned char, buf, pos);
3206 /* Return the number of bytes actually written */
3209 return (uz == 0) ? MP_OK : MP_TRUNC;
3214 /* {{{ s_print(tag, z) */
3217 void s_print(char *tag, mp_int z)
3221 fprintf(stderr, "%s: %c ", tag,
3222 (MP_SIGN(z) == MP_NEG) ? '-' : '+');
3224 for(i = MP_USED(z) - 1; i >= 0; --i)
3225 fprintf(stderr, "%0*X", (int)(MP_DIGIT_BIT / 4), z->digits[i]);
3227 fputc('\n', stderr);
3231 void s_print_buf(char *tag, mp_digit *buf, mp_size num)
3235 fprintf(stderr, "%s: ", tag);
3237 for(i = num - 1; i >= 0; --i)
3238 fprintf(stderr, "%0*X", (int)(MP_DIGIT_BIT / 4), buf[i]);
3240 fputc('\n', stderr);
3246 /* HERE THERE BE DRAGONS */
git.samba.org / samba.git / blob