changeset 1692:1051e4eea25a

Update LibTomMath to 1.2.0 (#84) * update C files * update other files * update headers * update makefiles * remove mp_set/get_double() * use ltm 1.2.0 API * update ltm_desc * use bundled tommath if system-tommath is too old * XMALLOC etc. were changed to MP_MALLOC etc.
author Steffen Jaeckel <s@jaeckel.eu>
date Tue, 26 May 2020 17:36:47 +0200
parents 2d3745d58843
children f9ad4d39e388
files bignum.c buffer.c common-kex.c configure.ac dbmalloc.c dss.c ecc.c fuzz-common.c genrsa.c keyimport.c libtomcrypt/src/math/ltm_desc.c libtommath/Makefile.in libtommath/README.md libtommath/astylerc libtommath/bn.tex libtommath/bn_cutoffs.c libtommath/bn_deprecated.c libtommath/bn_error.c libtommath/bn_fast_mp_invmod.c libtommath/bn_fast_mp_montgomery_reduce.c libtommath/bn_fast_s_mp_mul_digs.c libtommath/bn_fast_s_mp_mul_high_digs.c libtommath/bn_fast_s_mp_sqr.c libtommath/bn_mp_2expt.c libtommath/bn_mp_abs.c libtommath/bn_mp_add.c libtommath/bn_mp_add_d.c libtommath/bn_mp_addmod.c libtommath/bn_mp_and.c libtommath/bn_mp_clamp.c libtommath/bn_mp_clear.c libtommath/bn_mp_clear_multi.c libtommath/bn_mp_cmp.c libtommath/bn_mp_cmp_d.c libtommath/bn_mp_cmp_mag.c libtommath/bn_mp_cnt_lsb.c libtommath/bn_mp_complement.c libtommath/bn_mp_copy.c libtommath/bn_mp_count_bits.c libtommath/bn_mp_decr.c libtommath/bn_mp_div.c libtommath/bn_mp_div_2.c libtommath/bn_mp_div_2d.c libtommath/bn_mp_div_3.c libtommath/bn_mp_div_d.c libtommath/bn_mp_dr_is_modulus.c libtommath/bn_mp_dr_reduce.c libtommath/bn_mp_dr_setup.c libtommath/bn_mp_error_to_string.c libtommath/bn_mp_exch.c libtommath/bn_mp_export.c libtommath/bn_mp_expt_d.c libtommath/bn_mp_expt_d_ex.c libtommath/bn_mp_expt_u32.c libtommath/bn_mp_exptmod.c libtommath/bn_mp_exptmod_fast.c libtommath/bn_mp_exteuclid.c libtommath/bn_mp_fread.c libtommath/bn_mp_from_sbin.c libtommath/bn_mp_from_ubin.c libtommath/bn_mp_fwrite.c libtommath/bn_mp_gcd.c libtommath/bn_mp_get_bit.c libtommath/bn_mp_get_i32.c libtommath/bn_mp_get_i64.c libtommath/bn_mp_get_int.c libtommath/bn_mp_get_l.c libtommath/bn_mp_get_ll.c libtommath/bn_mp_get_long.c libtommath/bn_mp_get_long_long.c libtommath/bn_mp_get_mag_u32.c libtommath/bn_mp_get_mag_u64.c libtommath/bn_mp_get_mag_ul.c libtommath/bn_mp_get_mag_ull.c libtommath/bn_mp_grow.c libtommath/bn_mp_import.c libtommath/bn_mp_incr.c libtommath/bn_mp_init.c libtommath/bn_mp_init_copy.c libtommath/bn_mp_init_i32.c libtommath/bn_mp_init_i64.c libtommath/bn_mp_init_l.c libtommath/bn_mp_init_ll.c libtommath/bn_mp_init_multi.c libtommath/bn_mp_init_set.c libtommath/bn_mp_init_set_int.c libtommath/bn_mp_init_size.c libtommath/bn_mp_init_u32.c libtommath/bn_mp_init_u64.c libtommath/bn_mp_init_ul.c libtommath/bn_mp_init_ull.c libtommath/bn_mp_invmod.c libtommath/bn_mp_invmod_slow.c libtommath/bn_mp_is_square.c libtommath/bn_mp_iseven.c libtommath/bn_mp_isodd.c libtommath/bn_mp_jacobi.c libtommath/bn_mp_karatsuba_mul.c libtommath/bn_mp_karatsuba_sqr.c libtommath/bn_mp_kronecker.c libtommath/bn_mp_lcm.c libtommath/bn_mp_log_u32.c libtommath/bn_mp_lshd.c libtommath/bn_mp_mod.c libtommath/bn_mp_mod_2d.c libtommath/bn_mp_mod_d.c libtommath/bn_mp_montgomery_calc_normalization.c libtommath/bn_mp_montgomery_reduce.c libtommath/bn_mp_montgomery_setup.c libtommath/bn_mp_mul.c libtommath/bn_mp_mul_2.c libtommath/bn_mp_mul_2d.c libtommath/bn_mp_mul_d.c libtommath/bn_mp_mulmod.c libtommath/bn_mp_n_root.c libtommath/bn_mp_n_root_ex.c libtommath/bn_mp_neg.c libtommath/bn_mp_or.c libtommath/bn_mp_pack.c libtommath/bn_mp_pack_count.c libtommath/bn_mp_prime_fermat.c libtommath/bn_mp_prime_frobenius_underwood.c libtommath/bn_mp_prime_is_divisible.c libtommath/bn_mp_prime_is_prime.c libtommath/bn_mp_prime_miller_rabin.c libtommath/bn_mp_prime_next_prime.c libtommath/bn_mp_prime_rabin_miller_trials.c libtommath/bn_mp_prime_rand.c libtommath/bn_mp_prime_random_ex.c libtommath/bn_mp_prime_strong_lucas_selfridge.c libtommath/bn_mp_radix_size.c libtommath/bn_mp_radix_smap.c libtommath/bn_mp_rand.c libtommath/bn_mp_read_radix.c libtommath/bn_mp_read_signed_bin.c libtommath/bn_mp_read_unsigned_bin.c libtommath/bn_mp_reduce.c libtommath/bn_mp_reduce_2k.c libtommath/bn_mp_reduce_2k_l.c libtommath/bn_mp_reduce_2k_setup.c libtommath/bn_mp_reduce_2k_setup_l.c libtommath/bn_mp_reduce_is_2k.c libtommath/bn_mp_reduce_is_2k_l.c libtommath/bn_mp_reduce_setup.c libtommath/bn_mp_root_u32.c libtommath/bn_mp_rshd.c libtommath/bn_mp_sbin_size.c libtommath/bn_mp_set.c libtommath/bn_mp_set_i32.c libtommath/bn_mp_set_i64.c libtommath/bn_mp_set_int.c libtommath/bn_mp_set_l.c libtommath/bn_mp_set_ll.c libtommath/bn_mp_set_long.c libtommath/bn_mp_set_long_long.c libtommath/bn_mp_set_u32.c libtommath/bn_mp_set_u64.c libtommath/bn_mp_set_ul.c libtommath/bn_mp_set_ull.c libtommath/bn_mp_shrink.c libtommath/bn_mp_signed_bin_size.c libtommath/bn_mp_signed_rsh.c libtommath/bn_mp_sqr.c libtommath/bn_mp_sqrmod.c libtommath/bn_mp_sqrt.c libtommath/bn_mp_sqrtmod_prime.c libtommath/bn_mp_sub.c libtommath/bn_mp_sub_d.c libtommath/bn_mp_submod.c libtommath/bn_mp_tc_and.c libtommath/bn_mp_tc_div_2d.c libtommath/bn_mp_tc_or.c libtommath/bn_mp_tc_xor.c libtommath/bn_mp_to_radix.c libtommath/bn_mp_to_sbin.c libtommath/bn_mp_to_signed_bin.c libtommath/bn_mp_to_signed_bin_n.c libtommath/bn_mp_to_ubin.c libtommath/bn_mp_to_unsigned_bin.c libtommath/bn_mp_to_unsigned_bin_n.c libtommath/bn_mp_toom_mul.c libtommath/bn_mp_toom_sqr.c libtommath/bn_mp_toradix.c libtommath/bn_mp_toradix_n.c libtommath/bn_mp_ubin_size.c libtommath/bn_mp_unpack.c libtommath/bn_mp_unsigned_bin_size.c libtommath/bn_mp_xor.c libtommath/bn_mp_zero.c libtommath/bn_prime_tab.c libtommath/bn_reverse.c libtommath/bn_s_mp_add.c libtommath/bn_s_mp_balance_mul.c libtommath/bn_s_mp_exptmod.c libtommath/bn_s_mp_exptmod_fast.c libtommath/bn_s_mp_get_bit.c libtommath/bn_s_mp_invmod_fast.c libtommath/bn_s_mp_invmod_slow.c libtommath/bn_s_mp_karatsuba_mul.c libtommath/bn_s_mp_karatsuba_sqr.c libtommath/bn_s_mp_montgomery_reduce_fast.c libtommath/bn_s_mp_mul_digs.c libtommath/bn_s_mp_mul_digs_fast.c libtommath/bn_s_mp_mul_high_digs.c libtommath/bn_s_mp_mul_high_digs_fast.c libtommath/bn_s_mp_prime_is_divisible.c libtommath/bn_s_mp_rand_jenkins.c libtommath/bn_s_mp_rand_platform.c libtommath/bn_s_mp_reverse.c libtommath/bn_s_mp_sqr.c libtommath/bn_s_mp_sqr_fast.c libtommath/bn_s_mp_sub.c libtommath/bn_s_mp_toom_mul.c libtommath/bn_s_mp_toom_sqr.c libtommath/bncore.c libtommath/booker.pl libtommath/callgraph.txt libtommath/changes.txt libtommath/dep.pl libtommath/filter.pl libtommath/genlist.sh libtommath/helper.pl libtommath/makefile_include.mk libtommath/mess.sh libtommath/parsenames.pl libtommath/poster.out libtommath/poster.tex libtommath/pretty.build libtommath/testme.sh libtommath/tommath.h libtommath/tommath.out libtommath/tommath_class.h libtommath/tommath_cutoffs.h libtommath/tommath_private.h libtommath/tommath_superclass.h libtommath/updatemakes.sh rsa.c
diffstat 236 files changed, 6950 insertions(+), 32214 deletions(-) [+]
line wrap: on
line diff
--- a/bignum.c	Tue May 26 23:27:26 2020 +0800
+++ b/bignum.c	Tue May 26 17:36:47 2020 +0200
@@ -86,7 +86,7 @@
 
 void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len) {
 
-	if (mp_read_unsigned_bin(mp, (unsigned char*)bytes, len) != MP_OKAY) {
+	if (mp_from_ubin(mp, (unsigned char*)bytes, len) != MP_OKAY) {
 		dropbear_exit("Mem alloc error");
 	}
 }
--- a/buffer.c	Tue May 26 23:27:26 2020 +0800
+++ b/buffer.c	Tue May 26 17:36:47 2020 +0200
@@ -307,18 +307,18 @@
 /* for our purposes we only need positive (or 0) numbers, so will
  * fail if we get negative numbers */
 void buf_putmpint(buffer* buf, mp_int * mp) {
-
+	size_t written;
 	unsigned int len, pad = 0;
 	TRACE2(("enter buf_putmpint"))
 
 	dropbear_assert(mp != NULL);
 
-	if (SIGN(mp) == MP_NEG) {
+	if (mp_isneg(mp)) {
 		dropbear_exit("negative bignum");
 	}
 
 	/* zero check */
-	if (USED(mp) == 1 && DIGIT(mp, 0) == 0) {
+	if (mp_iszero(mp)) {
 		len = 0;
 	} else {
 		/* SSH spec requires padding for mpints with the MSB set, this code
@@ -339,10 +339,10 @@
 		if (pad) {
 			buf_putbyte(buf, 0x00);
 		}
-		if (mp_to_unsigned_bin(mp, buf_getwriteptr(buf, len-pad)) != MP_OKAY) {
+		if (mp_to_ubin(mp, buf_getwriteptr(buf, len-pad), len-pad, &written) != MP_OKAY) {
 			dropbear_exit("mpint error");
 		}
-		buf_incrwritepos(buf, len-pad);
+		buf_incrwritepos(buf, written);
 	}
 
 	TRACE2(("leave buf_putmpint"))
@@ -370,7 +370,7 @@
 		return DROPBEAR_FAILURE;
 	}
 
-	if (mp_read_unsigned_bin(mp, buf_getptr(buf, len), len) != MP_OKAY) {
+	if (mp_from_ubin(mp, buf_getptr(buf, len), len) != MP_OKAY) {
 		return DROPBEAR_FAILURE;
 	}
 
--- a/common-kex.c	Tue May 26 23:27:26 2020 +0800
+++ b/common-kex.c	Tue May 26 17:36:47 2020 +0200
@@ -570,9 +570,7 @@
 	/* read the prime and generator*/
 	load_dh_p(&dh_p);
 	
-	if (mp_set_int(&dh_g, DH_G_VAL) != MP_OKAY) {
-		dropbear_exit("Diffie-Hellman error");
-	}
+	mp_set_ul(&dh_g, DH_G_VAL);
 
 	/* calculate q = (p-1)/2 */
 	/* dh_priv is just a temp var here */
--- a/configure.ac	Tue May 26 23:27:26 2020 +0800
+++ b/configure.ac	Tue May 26 17:36:47 2020 +0200
@@ -538,7 +538,7 @@
 			AC_MSG_NOTICE(Forcing bundled libtom*)
 		else
 			BUNDLED_LIBTOM=0
-			AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS",
+			AC_CHECK_LIB(tommath, mp_to_ubin, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS",
 				[AC_MSG_ERROR([Missing system libtommath and --disable-bundled-libtom was specified])] )
 			AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS",
 				[AC_MSG_ERROR([Missing system libtomcrypt and --disable-bundled-libtom was specified])] )
@@ -546,7 +546,7 @@
 	],
 	[
 		BUNDLED_LIBTOM=0
-		AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS", BUNDLED_LIBTOM=1)
+		AC_CHECK_LIB(tommath, mp_to_ubin, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS", BUNDLED_LIBTOM=1)
 		AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS", BUNDLED_LIBTOM=1)
 	]
 )
--- a/dbmalloc.c	Tue May 26 23:27:26 2020 +0800
+++ b/dbmalloc.c	Tue May 26 17:36:47 2020 +0200
@@ -180,3 +180,13 @@
 }
 
 #endif /* DROPBEAR_TRACKING_MALLOC */
+
+void * m_realloc_ltm(void* ptr, size_t oldsize, size_t newsize) {
+   (void)oldsize;
+   return m_realloc(ptr, newsize);
+}
+
+void m_free_ltm(void *mem, size_t size) {
+   (void)size;
+   m_free_direct(mem);
+}
--- a/dss.c	Tue May 26 23:27:26 2020 +0800
+++ b/dss.c	Tue May 26 17:36:47 2020 +0200
@@ -284,6 +284,7 @@
 	unsigned char msghash[SHA1_HASH_SIZE];
 	unsigned int writelen;
 	unsigned int i;
+	size_t written;
 	DEF_MP_INT(dss_k);
 	DEF_MP_INT(dss_m);
 	DEF_MP_INT(dss_temp1);
@@ -340,31 +341,31 @@
 	buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN);
 	buf_putint(buf, 2*SHA1_HASH_SIZE);
 
-	writelen = mp_unsigned_bin_size(&dss_r);
+	writelen = mp_ubin_size(&dss_r);
 	dropbear_assert(writelen <= SHA1_HASH_SIZE);
 	/* need to pad to 160 bits with leading zeros */
 	for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) {
 		buf_putbyte(buf, 0);
 	}
-	if (mp_to_unsigned_bin(&dss_r, buf_getwriteptr(buf, writelen)) 
+	if (mp_to_ubin(&dss_r, buf_getwriteptr(buf, writelen), writelen, &written)
 			!= MP_OKAY) {
 		dropbear_exit("DSS error");
 	}
 	mp_clear(&dss_r);
-	buf_incrwritepos(buf, writelen);
+	buf_incrwritepos(buf, written);
 
-	writelen = mp_unsigned_bin_size(&dss_s);
+	writelen = mp_ubin_size(&dss_s);
 	dropbear_assert(writelen <= SHA1_HASH_SIZE);
 	/* need to pad to 160 bits with leading zeros */
 	for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) {
 		buf_putbyte(buf, 0);
 	}
-	if (mp_to_unsigned_bin(&dss_s, buf_getwriteptr(buf, writelen)) 
+	if (mp_to_ubin(&dss_s, buf_getwriteptr(buf, writelen), writelen, &written)
 			!= MP_OKAY) {
 		dropbear_exit("DSS error");
 	}
 	mp_clear(&dss_s);
-	buf_incrwritepos(buf, writelen);
+	buf_incrwritepos(buf, written);
 
 	mp_clear_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s,
 			&dss_m, NULL);
--- a/ecc.c	Tue May 26 23:27:26 2020 +0800
+++ b/ecc.c	Tue May 26 17:36:47 2020 +0200
@@ -166,13 +166,13 @@
 	key = new_ecc_key();
 	key->dp = curve->dp;
 
-	if (mp_read_unsigned_bin(key->pubkey.x, buf_getptr(buf, size), size) != MP_OKAY) {
+	if (mp_from_ubin(key->pubkey.x, buf_getptr(buf, size), size) != MP_OKAY) {
 		TRACE(("failed to read x"))
 		goto out;
 	}
 	buf_incrpos(buf, size);
 
-	if (mp_read_unsigned_bin(key->pubkey.y, buf_getptr(buf, size), size) != MP_OKAY) {
+	if (mp_from_ubin(key->pubkey.y, buf_getptr(buf, size), size) != MP_OKAY) {
 		TRACE(("failed to read y"))
 		goto out;
 	}
--- a/fuzz-common.c	Tue May 26 23:27:26 2020 +0800
+++ b/fuzz-common.c	Tue May 26 17:36:47 2020 +0200
@@ -147,7 +147,7 @@
 void fuzz_fake_send_kexdh_reply(void) {
     assert(!ses.dh_K);
     m_mp_alloc_init_multi(&ses.dh_K, NULL);
-    mp_set_int(ses.dh_K, 12345678);
+    mp_set_ul(ses.dh_K, 12345678uL);
     finish_kexhashbuf();
 }
 
--- a/genrsa.c	Tue May 26 23:27:26 2020 +0800
+++ b/genrsa.c	Tue May 26 17:36:47 2020 +0200
@@ -53,10 +53,7 @@
 	m_mp_alloc_init_multi(&key->e, &key->n, &key->d, &key->p, &key->q, NULL);
 	m_mp_init_multi(&pminus, &lcm, &qminus, NULL);
 
-	if (mp_set_int(key->e, RSA_E) != MP_OKAY) {
-		fprintf(stderr, "RSA generation failed\n");
-		exit(1);
-	}
+	mp_set_ul(key->e, RSA_E);
 
 	while (1) {
 		getrsaprime(key->p, &pminus, key->e, size/16);
--- a/keyimport.c	Tue May 26 23:27:26 2020 +0800
+++ b/keyimport.c	Tue May 26 17:36:47 2020 +0200
@@ -867,7 +867,7 @@
 			goto error;
 		}
 		m_mp_alloc_init_multi((mp_int**)&ecc->k, NULL);
-		if (mp_read_unsigned_bin(ecc->k, private_key_bytes, private_key_len)
+		if (mp_from_ubin(ecc->k, private_key_bytes, private_key_len)
 			!= MP_OKAY) {
 			errmsg = "Error parsing ECC key";
 			goto error;
@@ -1142,6 +1142,7 @@
 		unsigned long pubkey_size = 2*curve_size+1;
 		int k_size;
 		int err = 0;
+		size_t written;
 
 		/* version. less than 10 bytes */
 		buf_incrwritepos(seq_buf,
@@ -1149,12 +1150,14 @@
 		buf_putbyte(seq_buf, 1);
 
 		/* privateKey */
-		k_size = mp_unsigned_bin_size((*eck)->k);
+		k_size = mp_ubin_size((*eck)->k);
 		dropbear_assert(k_size <= curve_size);
 		buf_incrwritepos(seq_buf,
 			ber_write_id_len(buf_getwriteptr(seq_buf, 10), 4, k_size, 0));
-		mp_to_unsigned_bin((*eck)->k, buf_getwriteptr(seq_buf, k_size));
-		buf_incrwritepos(seq_buf, k_size);
+		if (mp_to_ubin((*eck)->k, buf_getwriteptr(seq_buf, k_size), k_size, &written) != MP_OKAY) {
+			dropbear_exit("ECC error");
+		}
+		buf_incrwritepos(seq_buf, written);
 
 		/* SECGCurveNames */
 		switch (key->type)
--- a/libtomcrypt/src/math/ltm_desc.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtomcrypt/src/math/ltm_desc.c	Tue May 26 17:36:47 2020 +0200
@@ -15,11 +15,14 @@
 #include <tommath.h>
 
 static const struct {
-    int mpi_code, ltc_code;
+    mp_err mpi_code;
+    int ltc_code;
 } mpi_to_ltc_codes[] = {
    { MP_OKAY ,  CRYPT_OK},
    { MP_MEM  ,  CRYPT_MEM},
    { MP_VAL  ,  CRYPT_INVALID_ARG},
+   { MP_ITER ,  CRYPT_INVALID_PACKET},
+   { MP_BUF  ,  CRYPT_BUFFER_OVERFLOW},
 };
 
 /**
@@ -27,11 +30,11 @@
    @param err    The error to convert
    @return The equivalent LTC error code or CRYPT_ERROR if none found
 */
-static int mpi_to_ltc_error(int err)
+static int mpi_to_ltc_error(mp_err err)
 {
-   int x;
+   size_t x;
 
-   for (x = 0; x < (int)(sizeof(mpi_to_ltc_codes)/sizeof(mpi_to_ltc_codes[0])); x++) {
+   for (x = 0; x < sizeof(mpi_to_ltc_codes)/sizeof(mpi_to_ltc_codes[0]); x++) {
        if (err == mpi_to_ltc_codes[x].mpi_code) {
           return mpi_to_ltc_codes[x].ltc_code;
        }
@@ -39,17 +42,27 @@
    return CRYPT_ERROR;
 }
 
+static int init_mpi(void **a)
+{
+   LTC_ARGCHK(a != NULL);
+
+   *a = XCALLOC(1, sizeof(mp_int));
+   if (*a == NULL) {
+      return CRYPT_MEM;
+   } else {
+      return CRYPT_OK;
+   }
+}
+
 static int init(void **a)
 {
    int err;
 
    LTC_ARGCHK(a != NULL);
 
-   *a = XCALLOC(1, sizeof(mp_int));
-   if (*a == NULL) {
-      return CRYPT_MEM;
+   if ((err = init_mpi(a)) != CRYPT_OK) {
+      return err;
    }
-
    if ((err = mpi_to_ltc_error(mp_init(*a))) != CRYPT_OK) {
       XFREE(*a);
    }
@@ -79,23 +92,25 @@
 
 static int init_copy(void **a, void *b)
 {
-   if (init(a) != CRYPT_OK) {
-      return CRYPT_MEM;
-   }
-   return copy(b, *a);
+   int err;
+   LTC_ARGCHK(a  != NULL);
+   LTC_ARGCHK(b  != NULL);
+   if ((err = init_mpi(a)) != CRYPT_OK) return err;
+   return mpi_to_ltc_error(mp_init_copy(*a, b));
 }
 
 /* ---- trivial ---- */
 static int set_int(void *a, ltc_mp_digit b)
 {
    LTC_ARGCHK(a != NULL);
-   return mpi_to_ltc_error(mp_set_int(a, b));
+   mp_set_u32(a, b);
+   return CRYPT_OK;
 }
 
 static unsigned long get_int(void *a)
 {
    LTC_ARGCHK(a != NULL);
-   return mp_get_int(a);
+   return mp_get_ul(a);
 }
 
 static ltc_mp_digit get_digit(void *a, int n)
@@ -116,11 +131,9 @@
 
 static int compare(void *a, void *b)
 {
-   int ret;
    LTC_ARGCHK(a != NULL);
    LTC_ARGCHK(b != NULL);
-   ret = mp_cmp(a, b);
-   switch (ret) {
+   switch (mp_cmp(a, b)) {
       case MP_LT: return LTC_MP_LT;
       case MP_EQ: return LTC_MP_EQ;
       case MP_GT: return LTC_MP_GT;
@@ -130,10 +143,8 @@
 
 static int compare_d(void *a, ltc_mp_digit b)
 {
-   int ret;
    LTC_ARGCHK(a != NULL);
-   ret = mp_cmp_d(a, b);
-   switch (ret) {
+   switch (mp_cmp_d(a, b)) {
       case MP_LT: return LTC_MP_LT;
       case MP_EQ: return LTC_MP_EQ;
       case MP_GT: return LTC_MP_GT;
@@ -175,14 +186,14 @@
 {
    LTC_ARGCHK(a != NULL);
    LTC_ARGCHK(b != NULL);
-   return mpi_to_ltc_error(mp_toradix(a, b, radix));
+   return mpi_to_ltc_error(mp_to_radix(a, b, SIZE_MAX, NULL, radix));
 }
 
 /* get size as unsigned char string */
 static unsigned long unsigned_size(void *a)
 {
    LTC_ARGCHK(a != NULL);
-   return mp_unsigned_bin_size(a);
+   return (unsigned long)mp_ubin_size(a);
 }
 
 /* store */
@@ -190,7 +201,7 @@
 {
    LTC_ARGCHK(a != NULL);
    LTC_ARGCHK(b != NULL);
-   return mpi_to_ltc_error(mp_to_unsigned_bin(a, b));
+   return mpi_to_ltc_error(mp_to_ubin(a, b, SIZE_MAX, NULL));
 }
 
 /* read */
@@ -198,7 +209,7 @@
 {
    LTC_ARGCHK(a != NULL);
    LTC_ARGCHK(b != NULL);
-   return mpi_to_ltc_error(mp_read_unsigned_bin(a, b, len));
+   return mpi_to_ltc_error(mp_from_ubin(a, b, (size_t)len));
 }
 
 /* add */
@@ -403,9 +414,7 @@
    int err;
    LTC_ARGCHK(a != NULL);
    LTC_ARGCHK(c != NULL);
-   if (b == 0) {
-       b = LTC_MILLER_RABIN_REPS;
-   } /* if */
+   b = mp_prime_rabin_miller_trials(mp_count_bits(a));
    err = mpi_to_ltc_error(mp_prime_is_prime(a, b, c));
    *c = (*c == MP_YES) ? LTC_MP_YES : LTC_MP_NO;
    return err;
@@ -420,7 +429,7 @@
 const ltc_math_descriptor ltm_desc = {
 
    "LibTomMath",
-   (int)DIGIT_BIT,
+   (int)MP_DIGIT_BIT,
 
    &init,
    &init_copy,
--- a/libtommath/Makefile.in	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/Makefile.in	Tue May 26 17:36:47 2020 +0200
@@ -7,6 +7,9 @@
 
 # So that libtommath can include Dropbear headers for options and m_burn()
 CFLAGS += -I$(srcdir) -I../libtomcrypt/src/headers/ -I$(srcdir)/../libtomcrypt/src/headers/ -I../ -I$(srcdir)/../
+CFLAGS += -Wno-deprecated
+
+V = 1
 
 ifeq ($V,1)
 silent=
@@ -23,46 +26,46 @@
 
 include $(srcdir)/makefile_include.mk
 
-%.o: %.c
+%.o: %.c $(HEADERS)
 ifneq ($V,1)
 	@echo "   * ${CC} [email protected]"
 endif
-	${silent} ${CC} -c ${CFLAGS} $< -o [email protected]
+	${silent} ${CC} -c ${LTM_CFLAGS} $< -o [email protected]
 
 LCOV_ARGS=--directory .
 
 #START_INS
-OBJECTS=bn_error.o bn_fast_mp_invmod.o bn_fast_mp_montgomery_reduce.o bn_fast_s_mp_mul_digs.o \
-bn_fast_s_mp_mul_high_digs.o bn_fast_s_mp_sqr.o bn_mp_2expt.o bn_mp_abs.o bn_mp_add.o bn_mp_add_d.o \
-bn_mp_addmod.o bn_mp_and.o bn_mp_clamp.o bn_mp_clear.o bn_mp_clear_multi.o bn_mp_cmp.o bn_mp_cmp_d.o \
-bn_mp_cmp_mag.o bn_mp_cnt_lsb.o bn_mp_complement.o bn_mp_copy.o bn_mp_count_bits.o bn_mp_div.o \
-bn_mp_div_2.o bn_mp_div_2d.o bn_mp_div_3.o bn_mp_div_d.o bn_mp_dr_is_modulus.o bn_mp_dr_reduce.o \
-bn_mp_dr_setup.o bn_mp_exch.o bn_mp_export.o bn_mp_expt_d.o bn_mp_expt_d_ex.o bn_mp_exptmod.o \
-bn_mp_exptmod_fast.o bn_mp_exteuclid.o bn_mp_fread.o bn_mp_fwrite.o bn_mp_gcd.o bn_mp_get_bit.o \
-bn_mp_get_int.o bn_mp_get_long.o bn_mp_get_long_long.o bn_mp_grow.o bn_mp_import.o bn_mp_init.o \
-bn_mp_init_copy.o bn_mp_init_multi.o bn_mp_init_set.o bn_mp_init_set_int.o bn_mp_init_size.o \
-bn_mp_invmod.o bn_mp_invmod_slow.o bn_mp_is_square.o bn_mp_jacobi.o bn_mp_karatsuba_mul.o \
-bn_mp_karatsuba_sqr.o bn_mp_kronecker.o bn_mp_lcm.o bn_mp_lshd.o bn_mp_mod.o bn_mp_mod_2d.o bn_mp_mod_d.o \
-bn_mp_montgomery_calc_normalization.o bn_mp_montgomery_reduce.o bn_mp_montgomery_setup.o bn_mp_mul.o \
-bn_mp_mul_2.o bn_mp_mul_2d.o bn_mp_mul_d.o bn_mp_mulmod.o bn_mp_n_root.o bn_mp_n_root_ex.o bn_mp_neg.o \
-bn_mp_or.o bn_mp_prime_fermat.o bn_mp_prime_frobenius_underwood.o bn_mp_prime_is_divisible.o \
+OBJECTS=bn_cutoffs.o bn_deprecated.o bn_mp_2expt.o bn_mp_abs.o bn_mp_add.o bn_mp_add_d.o bn_mp_addmod.o \
+bn_mp_and.o bn_mp_clamp.o bn_mp_clear.o bn_mp_clear_multi.o bn_mp_cmp.o bn_mp_cmp_d.o bn_mp_cmp_mag.o \
+bn_mp_cnt_lsb.o bn_mp_complement.o bn_mp_copy.o bn_mp_count_bits.o bn_mp_decr.o bn_mp_div.o bn_mp_div_2.o \
+bn_mp_div_2d.o bn_mp_div_3.o bn_mp_div_d.o bn_mp_dr_is_modulus.o bn_mp_dr_reduce.o bn_mp_dr_setup.o \
+bn_mp_error_to_string.o bn_mp_exch.o bn_mp_expt_u32.o bn_mp_exptmod.o bn_mp_exteuclid.o bn_mp_fread.o \
+bn_mp_from_sbin.o bn_mp_from_ubin.o bn_mp_fwrite.o bn_mp_gcd.o bn_mp_get_i32.o bn_mp_get_i64.o \
+bn_mp_get_l.o bn_mp_get_ll.o bn_mp_get_mag_u32.o bn_mp_get_mag_u64.o bn_mp_get_mag_ul.o \
+bn_mp_get_mag_ull.o bn_mp_grow.o bn_mp_incr.o bn_mp_init.o bn_mp_init_copy.o bn_mp_init_i32.o \
+bn_mp_init_i64.o bn_mp_init_l.o bn_mp_init_ll.o bn_mp_init_multi.o bn_mp_init_set.o bn_mp_init_size.o \
+bn_mp_init_u32.o bn_mp_init_u64.o bn_mp_init_ul.o bn_mp_init_ull.o bn_mp_invmod.o bn_mp_is_square.o \
+bn_mp_iseven.o bn_mp_isodd.o bn_mp_kronecker.o bn_mp_lcm.o bn_mp_log_u32.o bn_mp_lshd.o bn_mp_mod.o \
+bn_mp_mod_2d.o bn_mp_mod_d.o bn_mp_montgomery_calc_normalization.o bn_mp_montgomery_reduce.o \
+bn_mp_montgomery_setup.o bn_mp_mul.o bn_mp_mul_2.o bn_mp_mul_2d.o bn_mp_mul_d.o bn_mp_mulmod.o bn_mp_neg.o \
+bn_mp_or.o bn_mp_pack.o bn_mp_pack_count.o bn_mp_prime_fermat.o bn_mp_prime_frobenius_underwood.o \
 bn_mp_prime_is_prime.o bn_mp_prime_miller_rabin.o bn_mp_prime_next_prime.o \
-bn_mp_prime_rabin_miller_trials.o bn_mp_prime_random_ex.o bn_mp_prime_strong_lucas_selfridge.o \
-bn_mp_radix_size.o bn_mp_radix_smap.o bn_mp_rand.o bn_mp_read_radix.o bn_mp_read_signed_bin.o \
-bn_mp_read_unsigned_bin.o bn_mp_reduce.o bn_mp_reduce_2k.o bn_mp_reduce_2k_l.o bn_mp_reduce_2k_setup.o \
-bn_mp_reduce_2k_setup_l.o bn_mp_reduce_is_2k.o bn_mp_reduce_is_2k_l.o bn_mp_reduce_setup.o bn_mp_rshd.o \
-bn_mp_set.o bn_mp_set_int.o bn_mp_set_long.o bn_mp_set_long_long.o bn_mp_shrink.o bn_mp_signed_bin_size.o \
-bn_mp_sqr.o bn_mp_sqrmod.o bn_mp_sqrt.o bn_mp_sqrtmod_prime.o bn_mp_sub.o bn_mp_sub_d.o bn_mp_submod.o \
-bn_mp_tc_and.o bn_mp_tc_div_2d.o bn_mp_tc_or.o bn_mp_tc_xor.o bn_mp_to_signed_bin.o \
-bn_mp_to_signed_bin_n.o bn_mp_to_unsigned_bin.o bn_mp_to_unsigned_bin_n.o bn_mp_toom_mul.o \
-bn_mp_toom_sqr.o bn_mp_toradix.o bn_mp_toradix_n.o bn_mp_unsigned_bin_size.o bn_mp_xor.o bn_mp_zero.o \
-bn_prime_tab.o bn_reverse.o bn_s_mp_add.o bn_s_mp_exptmod.o bn_s_mp_mul_digs.o bn_s_mp_mul_high_digs.o \
-bn_s_mp_sqr.o bn_s_mp_sub.o bncore.o
+bn_mp_prime_rabin_miller_trials.o bn_mp_prime_rand.o bn_mp_prime_strong_lucas_selfridge.o \
+bn_mp_radix_size.o bn_mp_radix_smap.o bn_mp_rand.o bn_mp_read_radix.o bn_mp_reduce.o bn_mp_reduce_2k.o \
+bn_mp_reduce_2k_l.o bn_mp_reduce_2k_setup.o bn_mp_reduce_2k_setup_l.o bn_mp_reduce_is_2k.o \
+bn_mp_reduce_is_2k_l.o bn_mp_reduce_setup.o bn_mp_root_u32.o bn_mp_rshd.o bn_mp_sbin_size.o bn_mp_set.o \
+bn_mp_set_i32.o bn_mp_set_i64.o bn_mp_set_l.o bn_mp_set_ll.o bn_mp_set_u32.o bn_mp_set_u64.o \
+bn_mp_set_ul.o bn_mp_set_ull.o bn_mp_shrink.o bn_mp_signed_rsh.o bn_mp_sqr.o bn_mp_sqrmod.o bn_mp_sqrt.o \
+bn_mp_sqrtmod_prime.o bn_mp_sub.o bn_mp_sub_d.o bn_mp_submod.o bn_mp_to_radix.o bn_mp_to_sbin.o \
+bn_mp_to_ubin.o bn_mp_ubin_size.o bn_mp_unpack.o bn_mp_xor.o bn_mp_zero.o bn_prime_tab.o bn_s_mp_add.o \
+bn_s_mp_balance_mul.o bn_s_mp_exptmod.o bn_s_mp_exptmod_fast.o bn_s_mp_get_bit.o bn_s_mp_invmod_fast.o \
+bn_s_mp_invmod_slow.o bn_s_mp_karatsuba_mul.o bn_s_mp_karatsuba_sqr.o bn_s_mp_montgomery_reduce_fast.o \
+bn_s_mp_mul_digs.o bn_s_mp_mul_digs_fast.o bn_s_mp_mul_high_digs.o bn_s_mp_mul_high_digs_fast.o \
+bn_s_mp_prime_is_divisible.o bn_s_mp_rand_jenkins.o bn_s_mp_rand_platform.o bn_s_mp_reverse.o \
+bn_s_mp_sqr.o bn_s_mp_sqr_fast.o bn_s_mp_sub.o bn_s_mp_toom_mul.o bn_s_mp_toom_sqr.o
 
 #END_INS
 
-$(OBJECTS): $(HEADERS)
-
 $(LIBNAME):  $(OBJECTS)
 	$(AR) $(ARFLAGS) [email protected] $(OBJECTS)
 	$(RANLIB) [email protected]
@@ -82,11 +85,11 @@
 #make a single object profiled library
 profiled_single:
 	perl gen.pl
-	$(CC) $(CFLAGS) -fprofile-arcs -DTESTING -c mpi.c -o mpi.o
-	$(CC) $(CFLAGS) -DTESTING -DTIMER demo/timing.c mpi.o -lgcov -o timing
+	$(CC) $(LTM_CFLAGS) -fprofile-arcs -DTESTING -c mpi.c -o mpi.o
+	$(CC) $(LTM_CFLAGS) -DTESTING -DTIMER demo/timing.c mpi.o -lgcov -o timing
 	./timing
 	rm -f *.o timing
-	$(CC) $(CFLAGS) -fbranch-probabilities -DTESTING -c mpi.c -o mpi.o
+	$(CC) $(LTM_CFLAGS) -fbranch-probabilities -DTESTING -c mpi.c -o mpi.o
 	$(AR) $(ARFLAGS) $(LIBNAME) mpi.o
 	ranlib $(LIBNAME)
 
@@ -100,30 +103,37 @@
 	rm $(DESTDIR)$(LIBPATH)/$(LIBNAME)
 	rm $(HEADERS_PUB:%=$(DESTDIR)$(INCPATH)/%)
 
-test: $(LIBNAME) demo/demo.o
-	$(CC) $(CFLAGS) demo/demo.o $(LIBNAME) $(LFLAGS) -o test
+test_standalone: test
+	@echo "test_standalone is deprecated, please use make-target 'test'"
+
+DEMOS=test mtest_opponent
 
-test_standalone: $(LIBNAME) demo/demo.o
-	$(CC) $(CFLAGS) demo/demo.o $(LIBNAME) $(LFLAGS) -o test
+define DEMO_template
+$(1): demo/$(1).o demo/shared.o $$(LIBNAME)
+	$$(CC) $$(LTM_CFLAGS) $$(LTM_LFLAGS) $$^ -o [email protected]
+endef
+
+$(foreach demo, $(strip $(DEMOS)), $(eval $(call DEMO_template,$(demo))))
 
 .PHONY: mtest
 mtest:
-	cd mtest ; $(CC) $(CFLAGS) -O0 mtest.c $(LFLAGS) -o mtest
+	cd mtest ; $(CC) $(LTM_CFLAGS) -O0 mtest.c $(LTM_LFLAGS) -o mtest
 
 timing: $(LIBNAME) demo/timing.c
-	$(CC) $(CFLAGS) -DTIMER demo/timing.c $(LIBNAME) $(LFLAGS) -o timing
+	$(CC) $(LTM_CFLAGS) -DTIMER demo/timing.c $(LIBNAME) $(LTM_LFLAGS) -o timing
+
+tune: $(LIBNAME)
+	$(MAKE) -C etc tune CFLAGS="$(LTM_CFLAGS)"
+	$(MAKE)
 
 # You have to create a file .coveralls.yml with the content "repo_token: <the token>"
 # in the base folder to be able to submit to coveralls
 coveralls: lcov
 	coveralls-lcov
 
-docdvi poster docs mandvi manual:
+docs manual:
 	$(MAKE) -C doc/ [email protected] V=$(V)
 
-pretty:
-	perl pretty.build
-
 .PHONY: pre_gen
 pre_gen:
 	mkdir -p pre_gen
@@ -131,7 +141,7 @@
 	sed -e 's/[[:blank:]]*$$//' mpi.c > pre_gen/mpi.c
 	rm mpi.c
 
-zipup: clean astyle new_file manual poster docs
+zipup: clean astyle new_file docs
 	@# Update the index, so diff-index won't fail in case the pdf has been created.
 	@#   As the pdf creation modifies the tex files, git sometimes detects the
 	@#   modified files, but misses that it's put back to its original version.
@@ -143,22 +153,21 @@
 	@echo 'fixme check'
 	[email protected](find libtommath-$(VERSION)/ -type f | xargs grep 'FIXM[E]') && echo '############## BEWARE: the "fixme" marker was found !!! ##############' || true
 	mkdir -p libtommath-$(VERSION)/doc
-	cp doc/bn.pdf doc/tommath.pdf doc/poster.pdf libtommath-$(VERSION)/doc/
+	cp doc/bn.pdf libtommath-$(VERSION)/doc/
 	$(MAKE) -C libtommath-$(VERSION)/ pre_gen
 	tar -c libtommath-$(VERSION)/ | xz -6e -c - > ltm-$(VERSION).tar.xz
 	zip -9rq ltm-$(VERSION).zip libtommath-$(VERSION)
 	cp doc/bn.pdf bn-$(VERSION).pdf
-	cp doc/tommath.pdf tommath-$(VERSION).pdf
 	rm -rf libtommath-$(VERSION)
 	gpg -b -a ltm-$(VERSION).tar.xz
 	gpg -b -a ltm-$(VERSION).zip
 
 new_file:
-	bash updatemakes.sh
-	perl dep.pl
+	perl helper.pl --update-files
 
 perlcritic:
 	perlcritic *.pl doc/*.pl
 
 astyle:
-	astyle --options=astylerc $(OBJECTS:.o=.c) tommath*.h demo/*.c etc/*.c mtest/mtest.c
+	@echo "   * run astyle on all sources"
+	@astyle --options=astylerc --formatted $(OBJECTS:.o=.c) tommath*.h demo/*.c etc/*.c mtest/mtest.c
--- a/libtommath/README.md	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/README.md	Tue May 26 17:36:47 2020 +0200
@@ -4,22 +4,41 @@
 
 ## Build Status
 
+### Travis CI
+
 master: [![Build Status](https://api.travis-ci.org/libtom/libtommath.png?branch=master)](https://travis-ci.org/libtom/libtommath)
 
 develop: [![Build Status](https://api.travis-ci.org/libtom/libtommath.png?branch=develop)](https://travis-ci.org/libtom/libtommath)
 
+### AppVeyor
+
+master: [![Build status](https://ci.appveyor.com/api/projects/status/b80lpolw3i8m6hsh/branch/master?svg=true)](https://ci.appveyor.com/project/libtom/libtommath/branch/master)
+
+develop: [![Build status](https://ci.appveyor.com/api/projects/status/b80lpolw3i8m6hsh/branch/develop?svg=true)](https://ci.appveyor.com/project/libtom/libtommath/branch/develop)
+
+### ABI Laboratory
+
 API/ABI changes: [check here](https://abi-laboratory.pro/tracker/timeline/libtommath/)
 
 ## Summary
 
 The `develop` branch contains the in-development version. Stable releases are tagged.
 
-Documentation is built from the LaTeX file `bn.tex`. There is also limited documentation in `tommath.h`. There is also a document, `tommath.pdf`, which describes the goals of the project and many of the algorithms used.
+Documentation is built from the LaTeX file `bn.tex`. There is also limited documentation in `tommath.h`.
+There is also a document, `tommath.pdf`, which describes the goals of the project and many of the algorithms used.
 
-The project can be build by using `make`. Along with the usual `make`, `make clean` and `make install`, there are several other build targets, see the makefile for details. There are also makefiles for certain specific platforms.
+The project can be build by using `make`. Along with the usual `make`, `make clean` and `make install`,
+there are several other build targets, see the makefile for details.
+There are also makefiles for certain specific platforms.
 
 ## Testing
 
 Tests are located in `demo/` and can be built in two flavors.
-* `make test` creates a test binary that is intended to be run against `mtest`. `mtest` can be built with `make mtest` and test execution is done like `./mtest/mtest | ./test`. `mtest` is creating test vectors using an alternative MPI library and `test` is consuming these vectors to verify correct behavior of ltm
-* `make test_standalone` creates a stand-alone test binary that executes several test routines.
+* `make test` creates a stand-alone test binary that executes several test routines.
+* `make mtest_opponent` creates a test binary that is intended to be run against `mtest`.
+  `mtest` can be built with `make mtest` and test execution is done like `./mtest/mtest | ./mtest_opponent`.
+  `mtest` is creating test vectors using an alternative MPI library and `test` is consuming these vectors to verify correct behavior of ltm
+
+## Building and Installing
+
+Building is straightforward for GNU Linux only, the section "Building LibTomMath" in the documentation in `doc/bn.pdf` has the details.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/astylerc	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,30 @@
+# Artistic Style, see http://astyle.sourceforge.net/
+# full documentation, see: http://astyle.sourceforge.net/astyle.html
+#
+# usage:
+#       astyle --options=astylerc *.[ch]
+
+# Do not create backup, annonying in the times of git
+suffix=none
+
+## Bracket Style Options
+style=kr
+
+## Tab Options
+indent=spaces=3
+
+## Bracket Modify Options
+
+## Indentation Options
+min-conditional-indent=0
+
+## Padding Options
+pad-header
+unpad-paren
+align-pointer=name
+
+## Formatting Options
+break-after-logical
+max-code-length=120
+convert-tabs
+mode=c
--- a/libtommath/bn.tex	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1913 +0,0 @@
-\documentclass[synpaper]{book}
-\usepackage{hyperref}
-\usepackage{makeidx}
-\usepackage{amssymb}
-\usepackage{color}
-\usepackage{alltt}
-\usepackage{graphicx}
-\usepackage{layout}
-\def\union{\cup}
-\def\intersect{\cap}
-\def\getsrandom{\stackrel{\rm R}{\gets}}
-\def\cross{\times}
-\def\cat{\hspace{0.5em} \| \hspace{0.5em}}
-\def\catn{$\|$}
-\def\divides{\hspace{0.3em} | \hspace{0.3em}}
-\def\nequiv{\not\equiv}
-\def\approx{\raisebox{0.2ex}{\mbox{\small $\sim$}}}
-\def\lcm{{\rm lcm}}
-\def\gcd{{\rm gcd}}
-\def\log{{\rm log}}
-\def\ord{{\rm ord}}
-\def\abs{{\mathit abs}}
-\def\rep{{\mathit rep}}
-\def\mod{{\mathit\ mod\ }}
-\renewcommand{\pmod}[1]{\ ({\rm mod\ }{#1})}
-\newcommand{\floor}[1]{\left\lfloor{#1}\right\rfloor}
-\newcommand{\ceil}[1]{\left\lceil{#1}\right\rceil}
-\def\Or{{\rm\ or\ }}
-\def\And{{\rm\ and\ }}
-\def\iff{\hspace{1em}\Longleftrightarrow\hspace{1em}}
-\def\implies{\Rightarrow}
-\def\undefined{{\rm ``undefined"}}
-\def\Proof{\vspace{1ex}\noindent {\bf Proof:}\hspace{1em}}
-\let\oldphi\phi
-\def\phi{\varphi}
-\def\Pr{{\rm Pr}}
-\newcommand{\str}[1]{{\mathbf{#1}}}
-\def\F{{\mathbb F}}
-\def\N{{\mathbb N}}
-\def\Z{{\mathbb Z}}
-\def\R{{\mathbb R}}
-\def\C{{\mathbb C}}
-\def\Q{{\mathbb Q}}
-\definecolor{DGray}{gray}{0.5}
-\newcommand{\emailaddr}[1]{\mbox{$<${#1}$>$}}
-\def\twiddle{\raisebox{0.3ex}{\mbox{\tiny $\sim$}}}
-\def\gap{\vspace{0.5ex}}
-\makeindex
-\begin{document}
-\frontmatter
-\pagestyle{empty}
-\title{LibTomMath User Manual \\ v1.0}
-\author{Tom St Denis \\ [email protected]}
-\maketitle
-This text, the library and the accompanying textbook are all hereby placed in the public domain.  This book has been
-formatted for B5 [176x250] paper using the \LaTeX{} {\em book} macro package.
-
-\vspace{10cm}
-
-\begin{flushright}Open Source.  Open Academia.  Open Minds.
-
-\mbox{ }
-
-Tom St Denis,
-
-Ontario, Canada
-\end{flushright}
-
-\tableofcontents
-\listoffigures
-\mainmatter
-\pagestyle{headings}
-\chapter{Introduction}
-\section{What is LibTomMath?}
-LibTomMath is a library of source code which provides a series of efficient and carefully written functions for manipulating
-large integer numbers.  It was written in portable ISO C source code so that it will build on any platform with a conforming
-C compiler.
-
-In a nutshell the library was written from scratch with verbose comments to help instruct computer science students how
-to implement ``bignum'' math.  However, the resulting code has proven to be very useful.  It has been used by numerous
-universities, commercial and open source software developers.  It has been used on a variety of platforms ranging from
-Linux and Windows based x86 to ARM based Gameboys and PPC based MacOS machines.
-
-\section{License}
-As of the v0.25 the library source code has been placed in the public domain with every new release.  As of the v0.28
-release the textbook ``Implementing Multiple Precision Arithmetic'' has been placed in the public domain with every new
-release as well.  This textbook is meant to compliment the project by providing a more solid walkthrough of the development
-algorithms used in the library.
-
-Since both\footnote{Note that the MPI files under mtest/ are copyrighted by Michael Fromberger.  They are not required to use LibTomMath.} are in the
-public domain everyone is entitled to do with them as they see fit.
-
-\section{Building LibTomMath}
-
-LibTomMath is meant to be very ``GCC friendly'' as it comes with a makefile well suited for GCC.  However, the library will
-also build in MSVC, Borland C out of the box.  For any other ISO C compiler a makefile will have to be made by the end
-developer.
-
-\subsection{Static Libraries}
-To build as a static library for GCC issue the following
-\begin{alltt}
-make
-\end{alltt}
-
-command.  This will build the library and archive the object files in ``libtommath.a''.  Now you link against
-that and include ``tommath.h'' within your programs.  Alternatively to build with MSVC issue the following
-\begin{alltt}
-nmake -f makefile.msvc
-\end{alltt}
-
-This will build the library and archive the object files in ``tommath.lib''.  This has been tested with MSVC
-version 6.00 with service pack 5.
-
-\subsection{Shared Libraries}
-To build as a shared library for GCC issue the following
-\begin{alltt}
-make -f makefile.shared
-\end{alltt}
-This requires the ``libtool'' package (common on most Linux/BSD systems).  It will build LibTomMath as both shared
-and static then install (by default) into /usr/lib as well as install the header files in /usr/include.  The shared
-library (resource) will be called ``libtommath.la'' while the static library called ``libtommath.a''.  Generally
-you use libtool to link your application against the shared object.
-
-There is limited support for making a ``DLL'' in windows via the ``makefile.cygwin\_dll'' makefile.  It requires
-Cygwin to work with since it requires the auto-export/import functionality.  The resulting DLL and import library
-``libtommath.dll.a'' can be used to link LibTomMath dynamically to any Windows program using Cygwin.
-
-\subsection{Testing}
-To build the library and the test harness type
-
-\begin{alltt}
-make test
-\end{alltt}
-
-This will build the library, ``test'' and ``mtest/mtest''.  The ``test'' program will accept test vectors and verify the
-results.  ``mtest/mtest'' will generate test vectors using the MPI library by Michael Fromberger\footnote{A copy of MPI
-is included in the package}.  Simply pipe mtest into test using
-
-\begin{alltt}
-mtest/mtest | test
-\end{alltt}
-
-If you do not have a ``/dev/urandom'' style RNG source you will have to write your own PRNG and simply pipe that into
-mtest.  For example, if your PRNG program is called ``myprng'' simply invoke
-
-\begin{alltt}
-myprng | mtest/mtest | test
-\end{alltt}
-
-This will output a row of numbers that are increasing.  Each column is a different test (such as addition, multiplication, etc)
-that is being performed.  The numbers represent how many times the test was invoked.  If an error is detected the program
-will exit with a dump of the relevent numbers it was working with.
-
-\section{Build Configuration}
-LibTomMath can configured at build time in three phases we shall call ``depends'', ``tweaks'' and ``trims''.
-Each phase changes how the library is built and they are applied one after another respectively.
-
-To make the system more powerful you can tweak the build process.  Classes are defined in the file
-``tommath\_superclass.h''.  By default, the symbol ``LTM\_ALL'' shall be defined which simply
-instructs the system to build all of the functions.  This is how LibTomMath used to be packaged.  This will give you
-access to every function LibTomMath offers.
-
-However, there are cases where such a build is not optional.  For instance, you want to perform RSA operations.  You
-don't need the vast majority of the library to perform these operations.  Aside from LTM\_ALL there is
-another pre--defined class ``SC\_RSA\_1'' which works in conjunction with the RSA from LibTomCrypt.  Additional
-classes can be defined base on the need of the user.
-
-\subsection{Build Depends}
-In the file tommath\_class.h you will see a large list of C ``defines'' followed by a series of ``ifdefs''
-which further define symbols.  All of the symbols (technically they're macros $\ldots$) represent a given C source
-file.  For instance, BN\_MP\_ADD\_C represents the file ``bn\_mp\_add.c''.  When a define has been enabled the
-function in the respective file will be compiled and linked into the library.  Accordingly when the define
-is absent the file will not be compiled and not contribute any size to the library.
-
-You will also note that the header tommath\_class.h is actually recursively included (it includes itself twice).
-This is to help resolve as many dependencies as possible.  In the last pass the symbol LTM\_LAST will be defined.
-This is useful for ``trims''.
-
-\subsection{Build Tweaks}
-A tweak is an algorithm ``alternative''.  For example, to provide tradeoffs (usually between size and space).
-They can be enabled at any pass of the configuration phase.
-
-\begin{small}
-\begin{center}
-\begin{tabular}{|l|l|}
-\hline \textbf{Define} & \textbf{Purpose} \\
-\hline BN\_MP\_DIV\_SMALL & Enables a slower, smaller and equally \\
-                          & functional mp\_div() function \\
-\hline
-\end{tabular}
-\end{center}
-\end{small}
-
-\subsection{Build Trims}
-A trim is a manner of removing functionality from a function that is not required.  For instance, to perform
-RSA cryptography you only require exponentiation with odd moduli so even moduli support can be safely removed.
-Build trims are meant to be defined on the last pass of the configuration which means they are to be defined
-only if LTM\_LAST has been defined.
-
-\subsubsection{Moduli Related}
-\begin{small}
-\begin{center}
-\begin{tabular}{|l|l|}
-\hline \textbf{Restriction} & \textbf{Undefine} \\
-\hline Exponentiation with odd moduli only & BN\_S\_MP\_EXPTMOD\_C \\
-                                           & BN\_MP\_REDUCE\_C \\
-                                           & BN\_MP\_REDUCE\_SETUP\_C \\
-                                           & BN\_S\_MP\_MUL\_HIGH\_DIGS\_C \\
-                                           & BN\_FAST\_S\_MP\_MUL\_HIGH\_DIGS\_C \\
-\hline Exponentiation with random odd moduli & (The above plus the following) \\
-                                           & BN\_MP\_REDUCE\_2K\_C \\
-                                           & BN\_MP\_REDUCE\_2K\_SETUP\_C \\
-                                           & BN\_MP\_REDUCE\_IS\_2K\_C \\
-                                           & BN\_MP\_DR\_IS\_MODULUS\_C \\
-                                           & BN\_MP\_DR\_REDUCE\_C \\
-                                           & BN\_MP\_DR\_SETUP\_C \\
-\hline Modular inverse odd moduli only     & BN\_MP\_INVMOD\_SLOW\_C \\
-\hline Modular inverse (both, smaller/slower) & BN\_FAST\_MP\_INVMOD\_C \\
-\hline
-\end{tabular}
-\end{center}
-\end{small}
-
-\subsubsection{Operand Size Related}
-\begin{small}
-\begin{center}
-\begin{tabular}{|l|l|}
-\hline \textbf{Restriction} & \textbf{Undefine} \\
-\hline Moduli $\le 2560$ bits              & BN\_MP\_MONTGOMERY\_REDUCE\_C \\
-                                           & BN\_S\_MP\_MUL\_DIGS\_C \\
-                                           & BN\_S\_MP\_MUL\_HIGH\_DIGS\_C \\
-                                           & BN\_S\_MP\_SQR\_C \\
-\hline Polynomial Schmolynomial            & BN\_MP\_KARATSUBA\_MUL\_C \\
-                                           & BN\_MP\_KARATSUBA\_SQR\_C \\
-                                           & BN\_MP\_TOOM\_MUL\_C \\
-                                           & BN\_MP\_TOOM\_SQR\_C \\
-
-\hline
-\end{tabular}
-\end{center}
-\end{small}
-
-
-\section{Purpose of LibTomMath}
-Unlike  GNU MP (GMP) Library, LIP, OpenSSL or various other commercial kits (Miracl), LibTomMath was not written with
-bleeding edge performance in mind.  First and foremost LibTomMath was written to be entirely open.  Not only is the
-source code public domain (unlike various other GPL/etc licensed code), not only is the code freely downloadable but the
-source code is also accessible for computer science students attempting to learn ``BigNum'' or multiple precision
-arithmetic techniques.
-
-LibTomMath was written to be an instructive collection of source code.  This is why there are many comments, only one
-function per source file and often I use a ``middle-road'' approach where I don't cut corners for an extra 2\% speed
-increase.
-
-Source code alone cannot really teach how the algorithms work which is why I also wrote a textbook that accompanies
-the library (beat that!).
-
-So you may be thinking ``should I use LibTomMath?'' and the answer is a definite maybe.  Let me tabulate what I think
-are the pros and cons of LibTomMath by comparing it to the math routines from GnuPG\footnote{GnuPG v1.2.3 versus LibTomMath v0.28}.
-
-\newpage\begin{figure}[here]
-\begin{small}
-\begin{center}
-\begin{tabular}{|l|c|c|l|}
-\hline \textbf{Criteria} & \textbf{Pro} & \textbf{Con} & \textbf{Notes} \\
-\hline Few lines of code per file & X & & GnuPG $ = 300.9$, LibTomMath  $ = 71.97$ \\
-\hline Commented function prototypes & X && GnuPG function names are cryptic. \\
-\hline Speed && X & LibTomMath is slower.  \\
-\hline Totally free & X & & GPL has unfavourable restrictions.\\
-\hline Large function base & X & & GnuPG is barebones. \\
-\hline Five modular reduction algorithms & X & & Faster modular exponentiation for a variety of moduli. \\
-\hline Portable & X & & GnuPG requires configuration to build. \\
-\hline
-\end{tabular}
-\end{center}
-\end{small}
-\caption{LibTomMath Valuation}
-\end{figure}
-
-It may seem odd to compare LibTomMath to GnuPG since the math in GnuPG is only a small portion of the entire application.
-However, LibTomMath was written with cryptography in mind.  It provides essentially all of the functions a cryptosystem
-would require when working with large integers.
-
-So it may feel tempting to just rip the math code out of GnuPG (or GnuMP where it was taken from originally) in your
-own application but I think there are reasons not to.  While LibTomMath is slower than libraries such as GnuMP it is
-not normally significantly slower.  On x86 machines the difference is normally a factor of two when performing modular
-exponentiations.  It depends largely on the processor, compiler and the moduli being used.
-
-Essentially the only time you wouldn't use LibTomMath is when blazing speed is the primary concern.  However,
-on the other side of the coin LibTomMath offers you a totally free (public domain) well structured math library
-that is very flexible, complete and performs well in resource contrained environments.  Fast RSA for example can
-be performed with as little as 8KB of ram for data (again depending on build options).
-
-\chapter{Getting Started with LibTomMath}
-\section{Building Programs}
-In order to use LibTomMath you must include ``tommath.h'' and link against the appropriate library file (typically
-libtommath.a).  There is no library initialization required and the entire library is thread safe.
-
-\section{Return Codes}
-There are three possible return codes a function may return.
-
-\index{MP\_OKAY}\index{MP\_YES}\index{MP\_NO}\index{MP\_VAL}\index{MP\_MEM}
-\begin{figure}[here!]
-\begin{center}
-\begin{small}
-\begin{tabular}{|l|l|}
-\hline \textbf{Code} & \textbf{Meaning} \\
-\hline MP\_OKAY & The function succeeded. \\
-\hline MP\_VAL  & The function input was invalid. \\
-\hline MP\_MEM  & Heap memory exhausted. \\
-\hline &\\
-\hline MP\_YES  & Response is yes. \\
-\hline MP\_NO   & Response is no. \\
-\hline
-\end{tabular}
-\end{small}
-\end{center}
-\caption{Return Codes}
-\end{figure}
-
-The last two codes listed are not actually ``return'ed'' by a function.  They are placed in an integer (the caller must
-provide the address of an integer it can store to) which the caller can access.  To convert one of the three return codes
-to a string use the following function.
-
-\index{mp\_error\_to\_string}
-\begin{alltt}
-char *mp_error_to_string(int code);
-\end{alltt}
-
-This will return a pointer to a string which describes the given error code.  It will not work for the return codes
-MP\_YES and MP\_NO.
-
-\section{Data Types}
-The basic ``multiple precision integer'' type is known as the ``mp\_int'' within LibTomMath.  This data type is used to
-organize all of the data required to manipulate the integer it represents.  Within LibTomMath it has been prototyped
-as the following.
-
-\index{mp\_int}
-\begin{alltt}
-typedef struct  \{
-    int used, alloc, sign;
-    mp_digit *dp;
-\} mp_int;
-\end{alltt}
-
-Where ``mp\_digit'' is a data type that represents individual digits of the integer.  By default, an mp\_digit is the
-ISO C ``unsigned long'' data type and each digit is $28-$bits long.  The mp\_digit type can be configured to suit other
-platforms by defining the appropriate macros.
-
-All LTM functions that use the mp\_int type will expect a pointer to mp\_int structure.  You must allocate memory to
-hold the structure itself by yourself (whether off stack or heap it doesn't matter).  The very first thing that must be
-done to use an mp\_int is that it must be initialized.
-
-\section{Function Organization}
-
-The arithmetic functions of the library are all organized to have the same style prototype.  That is source operands
-are passed on the left and the destination is on the right.  For instance,
-
-\begin{alltt}
-mp_add(&a, &b, &c);       /* c = a + b */
-mp_mul(&a, &a, &c);       /* c = a * a */
-mp_div(&a, &b, &c, &d);   /* c = [a/b], d = a mod b */
-\end{alltt}
-
-Another feature of the way the functions have been implemented is that source operands can be destination operands as well.
-For instance,
-
-\begin{alltt}
-mp_add(&a, &b, &b);       /* b = a + b */
-mp_div(&a, &b, &a, &c);   /* a = [a/b], c = a mod b */
-\end{alltt}
-
-This allows operands to be re-used which can make programming simpler.
-
-\section{Initialization}
-\subsection{Single Initialization}
-A single mp\_int can be initialized with the ``mp\_init'' function.
-
-\index{mp\_init}
-\begin{alltt}
-int mp_init (mp_int * a);
-\end{alltt}
-
-This function expects a pointer to an mp\_int structure and will initialize the members of the structure so the mp\_int
-represents the default integer which is zero.  If the functions returns MP\_OKAY then the mp\_int is ready to be used
-by the other LibTomMath functions.
-
-\begin{small} \begin{alltt}
-int main(void)
-\{
-   mp_int number;
-   int result;
-
-   if ((result = mp_init(&number)) != MP_OKAY) \{
-      printf("Error initializing the number.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* use the number */
-
-   return EXIT_SUCCESS;
-\}
-\end{alltt} \end{small}
-
-\subsection{Single Free}
-When you are finished with an mp\_int it is ideal to return the heap it used back to the system.  The following function
-provides this functionality.
-
-\index{mp\_clear}
-\begin{alltt}
-void mp_clear (mp_int * a);
-\end{alltt}
-
-The function expects a pointer to a previously initialized mp\_int structure and frees the heap it uses.  It sets the
-pointer\footnote{The ``dp'' member.} within the mp\_int to \textbf{NULL} which is used to prevent double free situations.
-Is is legal to call mp\_clear() twice on the same mp\_int in a row.
-
-\begin{small} \begin{alltt}
-int main(void)
-\{
-   mp_int number;
-   int result;
-
-   if ((result = mp_init(&number)) != MP_OKAY) \{
-      printf("Error initializing the number.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* use the number */
-
-   /* We're done with it. */
-   mp_clear(&number);
-
-   return EXIT_SUCCESS;
-\}
-\end{alltt} \end{small}
-
-\subsection{Multiple Initializations}
-Certain algorithms require more than one large integer.  In these instances it is ideal to initialize all of the mp\_int
-variables in an ``all or nothing'' fashion.  That is, they are either all initialized successfully or they are all
-not initialized.
-
-The  mp\_init\_multi() function provides this functionality.
-
-\index{mp\_init\_multi} \index{mp\_clear\_multi}
-\begin{alltt}
-int mp_init_multi(mp_int *mp, ...);
-\end{alltt}
-
-It accepts a \textbf{NULL} terminated list of pointers to mp\_int structures.  It will attempt to initialize them all
-at once.  If the function returns MP\_OKAY then all of the mp\_int variables are ready to use, otherwise none of them
-are available for use.  A complementary mp\_clear\_multi() function allows multiple mp\_int variables to be free'd
-from the heap at the same time.
-
-\begin{small} \begin{alltt}
-int main(void)
-\{
-   mp_int num1, num2, num3;
-   int result;
-
-   if ((result = mp_init_multi(&num1,
-                               &num2,
-                               &num3, NULL)) != MP\_OKAY) \{
-      printf("Error initializing the numbers.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* use the numbers */
-
-   /* We're done with them. */
-   mp_clear_multi(&num1, &num2, &num3, NULL);
-
-   return EXIT_SUCCESS;
-\}
-\end{alltt} \end{small}
-
-\subsection{Other Initializers}
-To initialized and make a copy of an mp\_int the mp\_init\_copy() function has been provided.
-
-\index{mp\_init\_copy}
-\begin{alltt}
-int mp_init_copy (mp_int * a, mp_int * b);
-\end{alltt}
-
-This function will initialize $a$ and make it a copy of $b$ if all goes well.
-
-\begin{small} \begin{alltt}
-int main(void)
-\{
-   mp_int num1, num2;
-   int result;
-
-   /* initialize and do work on num1 ... */
-
-   /* We want a copy of num1 in num2 now */
-   if ((result = mp_init_copy(&num2, &num1)) != MP_OKAY) \{
-     printf("Error initializing the copy.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* now num2 is ready and contains a copy of num1 */
-
-   /* We're done with them. */
-   mp_clear_multi(&num1, &num2, NULL);
-
-   return EXIT_SUCCESS;
-\}
-\end{alltt} \end{small}
-
-Another less common initializer is mp\_init\_size() which allows the user to initialize an mp\_int with a given
-default number of digits.  By default, all initializers allocate \textbf{MP\_PREC} digits.  This function lets
-you override this behaviour.
-
-\index{mp\_init\_size}
-\begin{alltt}
-int mp_init_size (mp_int * a, int size);
-\end{alltt}
-
-The $size$ parameter must be greater than zero.  If the function succeeds the mp\_int $a$ will be initialized
-to have $size$ digits (which are all initially zero).
-
-\begin{small} \begin{alltt}
-int main(void)
-\{
-   mp_int number;
-   int result;
-
-   /* we need a 60-digit number */
-   if ((result = mp_init_size(&number, 60)) != MP_OKAY) \{
-      printf("Error initializing the number.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* use the number */
-
-   return EXIT_SUCCESS;
-\}
-\end{alltt} \end{small}
-
-\section{Maintenance Functions}
-
-\subsection{Reducing Memory Usage}
-When an mp\_int is in a state where it won't be changed again\footnote{A Diffie-Hellman modulus for instance.} excess
-digits can be removed to return memory to the heap with the mp\_shrink() function.
-
-\index{mp\_shrink}
-\begin{alltt}
-int mp_shrink (mp_int * a);
-\end{alltt}
-
-This will remove excess digits of the mp\_int $a$.  If the operation fails the mp\_int should be intact without the
-excess digits being removed.  Note that you can use a shrunk mp\_int in further computations, however, such operations
-will require heap operations which can be slow.  It is not ideal to shrink mp\_int variables that you will further
-modify in the system (unless you are seriously low on memory).
-
-\begin{small} \begin{alltt}
-int main(void)
-\{
-   mp_int number;
-   int result;
-
-   if ((result = mp_init(&number)) != MP_OKAY) \{
-      printf("Error initializing the number.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* use the number [e.g. pre-computation]  */
-
-   /* We're done with it for now. */
-   if ((result = mp_shrink(&number)) != MP_OKAY) \{
-      printf("Error shrinking the number.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* use it .... */
-
-
-   /* we're done with it. */
-   mp_clear(&number);
-
-   return EXIT_SUCCESS;
-\}
-\end{alltt} \end{small}
-
-\subsection{Adding additional digits}
-
-Within the mp\_int structure are two parameters which control the limitations of the array of digits that represent
-the integer the mp\_int is meant to equal.   The \textit{used} parameter dictates how many digits are significant, that is,
-contribute to the value of the mp\_int.  The \textit{alloc} parameter dictates how many digits are currently available in
-the array.  If you need to perform an operation that requires more digits you will have to mp\_grow() the mp\_int to
-your desired size.
-
-\index{mp\_grow}
-\begin{alltt}
-int mp_grow (mp_int * a, int size);
-\end{alltt}
-
-This will grow the array of digits of $a$ to $size$.  If the \textit{alloc} parameter is already bigger than
-$size$ the function will not do anything.
-
-\begin{small} \begin{alltt}
-int main(void)
-\{
-   mp_int number;
-   int result;
-
-   if ((result = mp_init(&number)) != MP_OKAY) \{
-      printf("Error initializing the number.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* use the number */
-
-   /* We need to add 20 digits to the number  */
-   if ((result = mp_grow(&number, number.alloc + 20)) != MP_OKAY) \{
-      printf("Error growing the number.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-
-   /* use the number */
-
-   /* we're done with it. */
-   mp_clear(&number);
-
-   return EXIT_SUCCESS;
-\}
-\end{alltt} \end{small}
-
-\chapter{Basic Operations}
-\section{Small Constants}
-Setting mp\_ints to small constants is a relatively common operation.  To accomodate these instances there are two
-small constant assignment functions.  The first function is used to set a single digit constant while the second sets
-an ISO C style ``unsigned long'' constant.  The reason for both functions is efficiency.  Setting a single digit is quick but the
-domain of a digit can change (it's always at least $0 \ldots 127$).
-
-\subsection{Single Digit}
-
-Setting a single digit can be accomplished with the following function.
-
-\index{mp\_set}
-\begin{alltt}
-void mp_set (mp_int * a, mp_digit b);
-\end{alltt}
-
-This will zero the contents of $a$ and make it represent an integer equal to the value of $b$.  Note that this
-function has a return type of \textbf{void}.  It cannot cause an error so it is safe to assume the function
-succeeded.
-
-\begin{small} \begin{alltt}
-int main(void)
-\{
-   mp_int number;
-   int result;
-
-   if ((result = mp_init(&number)) != MP_OKAY) \{
-      printf("Error initializing the number.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* set the number to 5 */
-   mp_set(&number, 5);
-
-   /* we're done with it. */
-   mp_clear(&number);
-
-   return EXIT_SUCCESS;
-\}
-\end{alltt} \end{small}
-
-\subsection{Long Constants}
-
-To set a constant that is the size of an ISO C ``unsigned long'' and larger than a single digit the following function
-can be used.
-
-\index{mp\_set\_int}
-\begin{alltt}
-int mp_set_int (mp_int * a, unsigned long b);
-\end{alltt}
-
-This will assign the value of the 32-bit variable $b$ to the mp\_int $a$.  Unlike mp\_set() this function will always
-accept a 32-bit input regardless of the size of a single digit.  However, since the value may span several digits
-this function can fail if it runs out of heap memory.
-
-To get the ``unsigned long'' copy of an mp\_int the following function can be used.
-
-\index{mp\_get\_int}
-\begin{alltt}
-unsigned long mp_get_int (mp_int * a);
-\end{alltt}
-
-This will return the 32 least significant bits of the mp\_int $a$.
-
-\begin{small} \begin{alltt}
-int main(void)
-\{
-   mp_int number;
-   int result;
-
-   if ((result = mp_init(&number)) != MP_OKAY) \{
-      printf("Error initializing the number.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* set the number to 654321 (note this is bigger than 127) */
-   if ((result = mp_set_int(&number, 654321)) != MP_OKAY) \{
-      printf("Error setting the value of the number.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   printf("number == \%lu", mp_get_int(&number));
-
-   /* we're done with it. */
-   mp_clear(&number);
-
-   return EXIT_SUCCESS;
-\}
-\end{alltt} \end{small}
-
-This should output the following if the program succeeds.
-
-\begin{alltt}
-number == 654321
-\end{alltt}
-
-\subsection{Long Constants - platform dependant}
-
-\index{mp\_set\_long}
-\begin{alltt}
-int mp_set_long (mp_int * a, unsigned long b);
-\end{alltt}
-
-This will assign the value of the platform-dependant sized variable $b$ to the mp\_int $a$.
-
-To get the ``unsigned long'' copy of an mp\_int the following function can be used.
-
-\index{mp\_get\_long}
-\begin{alltt}
-unsigned long mp_get_long (mp_int * a);
-\end{alltt}
-
-This will return the least significant bits of the mp\_int $a$ that fit into an ``unsigned long''.
-
-\subsection{Long Long Constants}
-
-\index{mp\_set\_long\_long}
-\begin{alltt}
-int mp_set_long_long (mp_int * a, unsigned long long b);
-\end{alltt}
-
-This will assign the value of the 64-bit variable $b$ to the mp\_int $a$.
-
-To get the ``unsigned long long'' copy of an mp\_int the following function can be used.
-
-\index{mp\_get\_long\_long}
-\begin{alltt}
-unsigned long long mp_get_long_long (mp_int * a);
-\end{alltt}
-
-This will return the 64 least significant bits of the mp\_int $a$.
-
-\subsection{Initialize and Setting Constants}
-To both initialize and set small constants the following two functions are available.
-\index{mp\_init\_set} \index{mp\_init\_set\_int}
-\begin{alltt}
-int mp_init_set (mp_int * a, mp_digit b);
-int mp_init_set_int (mp_int * a, unsigned long b);
-\end{alltt}
-
-Both functions work like the previous counterparts except they first mp\_init $a$ before setting the values.
-
-\begin{alltt}
-int main(void)
-\{
-   mp_int number1, number2;
-   int    result;
-
-   /* initialize and set a single digit */
-   if ((result = mp_init_set(&number1, 100)) != MP_OKAY) \{
-      printf("Error setting number1: \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* initialize and set a long */
-   if ((result = mp_init_set_int(&number2, 1023)) != MP_OKAY) \{
-      printf("Error setting number2: \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* display */
-   printf("Number1, Number2 == \%lu, \%lu",
-          mp_get_int(&number1), mp_get_int(&number2));
-
-   /* clear */
-   mp_clear_multi(&number1, &number2, NULL);
-
-   return EXIT_SUCCESS;
-\}
-\end{alltt}
-
-If this program succeeds it shall output.
-\begin{alltt}
-Number1, Number2 == 100, 1023
-\end{alltt}
-
-\section{Comparisons}
-
-Comparisons in LibTomMath are always performed in a ``left to right'' fashion.  There are three possible return codes
-for any comparison.
-
-\index{MP\_GT} \index{MP\_EQ} \index{MP\_LT}
-\begin{figure}[here]
-\begin{center}
-\begin{tabular}{|c|c|}
-\hline \textbf{Result Code} & \textbf{Meaning} \\
-\hline MP\_GT & $a > b$ \\
-\hline MP\_EQ & $a = b$ \\
-\hline MP\_LT & $a < b$ \\
-\hline
-\end{tabular}
-\end{center}
-\caption{Comparison Codes for $a, b$}
-\label{fig:CMP}
-\end{figure}
-
-In figure \ref{fig:CMP} two integers $a$ and $b$ are being compared.  In this case $a$ is said to be ``to the left'' of
-$b$.
-
-\subsection{Unsigned comparison}
-
-An unsigned comparison considers only the digits themselves and not the associated \textit{sign} flag of the
-mp\_int structures.  This is analogous to an absolute comparison.  The function mp\_cmp\_mag() will compare two
-mp\_int variables based on their digits only.
-
-\index{mp\_cmp\_mag}
-\begin{alltt}
-int mp_cmp_mag(mp_int * a, mp_int * b);
-\end{alltt}
-This will compare $a$ to $b$ placing $a$ to the left of $b$.  This function cannot fail and will return one of the
-three compare codes listed in figure \ref{fig:CMP}.
-
-\begin{small} \begin{alltt}
-int main(void)
-\{
-   mp_int number1, number2;
-   int result;
-
-   if ((result = mp_init_multi(&number1, &number2, NULL)) != MP_OKAY) \{
-      printf("Error initializing the numbers.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* set the number1 to 5 */
-   mp_set(&number1, 5);
-
-   /* set the number2 to -6 */
-   mp_set(&number2, 6);
-   if ((result = mp_neg(&number2, &number2)) != MP_OKAY) \{
-      printf("Error negating number2.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   switch(mp_cmp_mag(&number1, &number2)) \{
-       case MP_GT:  printf("|number1| > |number2|"); break;
-       case MP_EQ:  printf("|number1| = |number2|"); break;
-       case MP_LT:  printf("|number1| < |number2|"); break;
-   \}
-
-   /* we're done with it. */
-   mp_clear_multi(&number1, &number2, NULL);
-
-   return EXIT_SUCCESS;
-\}
-\end{alltt} \end{small}
-
-If this program\footnote{This function uses the mp\_neg() function which is discussed in section \ref{sec:NEG}.} completes
-successfully it should print the following.
-
-\begin{alltt}
-|number1| < |number2|
-\end{alltt}
-
-This is because $\vert -6 \vert = 6$ and obviously $5 < 6$.
-
-\subsection{Signed comparison}
-
-To compare two mp\_int variables based on their signed value the mp\_cmp() function is provided.
-
-\index{mp\_cmp}
-\begin{alltt}
-int mp_cmp(mp_int * a, mp_int * b);
-\end{alltt}
-
-This will compare $a$ to the left of $b$.  It will first compare the signs of the two mp\_int variables.  If they
-differ it will return immediately based on their signs.  If the signs are equal then it will compare the digits
-individually.  This function will return one of the compare conditions codes listed in figure \ref{fig:CMP}.
-
-\begin{small} \begin{alltt}
-int main(void)
-\{
-   mp_int number1, number2;
-   int result;
-
-   if ((result = mp_init_multi(&number1, &number2, NULL)) != MP_OKAY) \{
-      printf("Error initializing the numbers.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* set the number1 to 5 */
-   mp_set(&number1, 5);
-
-   /* set the number2 to -6 */
-   mp_set(&number2, 6);
-   if ((result = mp_neg(&number2, &number2)) != MP_OKAY) \{
-      printf("Error negating number2.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   switch(mp_cmp(&number1, &number2)) \{
-       case MP_GT:  printf("number1 > number2"); break;
-       case MP_EQ:  printf("number1 = number2"); break;
-       case MP_LT:  printf("number1 < number2"); break;
-   \}
-
-   /* we're done with it. */
-   mp_clear_multi(&number1, &number2, NULL);
-
-   return EXIT_SUCCESS;
-\}
-\end{alltt} \end{small}
-
-If this program\footnote{This function uses the mp\_neg() function which is discussed in section \ref{sec:NEG}.} completes
-successfully it should print the following.
-
-\begin{alltt}
-number1 > number2
-\end{alltt}
-
-\subsection{Single Digit}
-
-To compare a single digit against an mp\_int the following function has been provided.
-
-\index{mp\_cmp\_d}
-\begin{alltt}
-int mp_cmp_d(mp_int * a, mp_digit b);
-\end{alltt}
-
-This will compare $a$ to the left of $b$ using a signed comparison.  Note that it will always treat $b$ as
-positive.  This function is rather handy when you have to compare against small values such as $1$ (which often
-comes up in cryptography).  The function cannot fail and will return one of the tree compare condition codes
-listed in figure \ref{fig:CMP}.
-
-
-\begin{small} \begin{alltt}
-int main(void)
-\{
-   mp_int number;
-   int result;
-
-   if ((result = mp_init(&number)) != MP_OKAY) \{
-      printf("Error initializing the number.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* set the number to 5 */
-   mp_set(&number, 5);
-
-   switch(mp_cmp_d(&number, 7)) \{
-       case MP_GT:  printf("number > 7"); break;
-       case MP_EQ:  printf("number = 7"); break;
-       case MP_LT:  printf("number < 7"); break;
-   \}
-
-   /* we're done with it. */
-   mp_clear(&number);
-
-   return EXIT_SUCCESS;
-\}
-\end{alltt} \end{small}
-
-If this program functions properly it will print out the following.
-
-\begin{alltt}
-number < 7
-\end{alltt}
-
-\section{Logical Operations}
-
-Logical operations are operations that can be performed either with simple shifts or boolean operators such as
-AND, XOR and OR directly.  These operations are very quick.
-
-\subsection{Multiplication by two}
-
-Multiplications and divisions by any power of two can be performed with quick logical shifts either left or
-right depending on the operation.
-
-When multiplying or dividing by two a special case routine can be used which are as follows.
-\index{mp\_mul\_2} \index{mp\_div\_2}
-\begin{alltt}
-int mp_mul_2(mp_int * a, mp_int * b);
-int mp_div_2(mp_int * a, mp_int * b);
-\end{alltt}
-
-The former will assign twice $a$ to $b$ while the latter will assign half $a$ to $b$.  These functions are fast
-since the shift counts and maskes are hardcoded into the routines.
-
-\begin{small} \begin{alltt}
-int main(void)
-\{
-   mp_int number;
-   int result;
-
-   if ((result = mp_init(&number)) != MP_OKAY) \{
-      printf("Error initializing the number.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* set the number to 5 */
-   mp_set(&number, 5);
-
-   /* multiply by two */
-   if ((result = mp\_mul\_2(&number, &number)) != MP_OKAY) \{
-      printf("Error multiplying the number.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-   switch(mp_cmp_d(&number, 7)) \{
-       case MP_GT:  printf("2*number > 7"); break;
-       case MP_EQ:  printf("2*number = 7"); break;
-       case MP_LT:  printf("2*number < 7"); break;
-   \}
-
-   /* now divide by two */
-   if ((result = mp\_div\_2(&number, &number)) != MP_OKAY) \{
-      printf("Error dividing the number.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-   switch(mp_cmp_d(&number, 7)) \{
-       case MP_GT:  printf("2*number/2 > 7"); break;
-       case MP_EQ:  printf("2*number/2 = 7"); break;
-       case MP_LT:  printf("2*number/2 < 7"); break;
-   \}
-
-   /* we're done with it. */
-   mp_clear(&number);
-
-   return EXIT_SUCCESS;
-\}
-\end{alltt} \end{small}
-
-If this program is successful it will print out the following text.
-
-\begin{alltt}
-2*number > 7
-2*number/2 < 7
-\end{alltt}
-
-Since $10 > 7$ and $5 < 7$.
-
-To multiply by a power of two the following function can be used.
-
-\index{mp\_mul\_2d}
-\begin{alltt}
-int mp_mul_2d(mp_int * a, int b, mp_int * c);
-\end{alltt}
-
-This will multiply $a$ by $2^b$ and store the result in ``c''.  If the value of $b$ is less than or equal to
-zero the function will copy $a$ to ``c'' without performing any further actions.  The multiplication itself
-is implemented as a right-shift operation of $a$ by $b$ bits.
-
-To divide by a power of two use the following.
-
-\index{mp\_div\_2d}
-\begin{alltt}
-int mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d);
-\end{alltt}
-Which will divide $a$ by $2^b$, store the quotient in ``c'' and the remainder in ``d'.  If $b \le 0$ then the
-function simply copies $a$ over to ``c'' and zeroes $d$.  The variable $d$ may be passed as a \textbf{NULL}
-value to signal that the remainder is not desired.  The division itself is implemented as a left-shift
-operation of $a$ by $b$ bits.
-
-\subsection{Polynomial Basis Operations}
-
-Strictly speaking the organization of the integers within the mp\_int structures is what is known as a
-``polynomial basis''.  This simply means a field element is stored by divisions of a radix.  For example, if
-$f(x) = \sum_{i=0}^{k} y_ix^k$ for any vector $\vec y$ then the array of digits in $\vec y$ are said to be
-the polynomial basis representation of $z$ if $f(\beta) = z$ for a given radix $\beta$.
-
-To multiply by the polynomial $g(x) = x$ all you have todo is shift the digits of the basis left one place.  The
-following function provides this operation.
-
-\index{mp\_lshd}
-\begin{alltt}
-int mp_lshd (mp_int * a, int b);
-\end{alltt}
-
-This will multiply $a$ in place by $x^b$ which is equivalent to shifting the digits left $b$ places and inserting zeroes
-in the least significant digits.  Similarly to divide by a power of $x$ the following function is provided.
-
-\index{mp\_rshd}
-\begin{alltt}
-void mp_rshd (mp_int * a, int b)
-\end{alltt}
-This will divide $a$ in place by $x^b$ and discard the remainder.  This function cannot fail as it performs the operations
-in place and no new digits are required to complete it.
-
-\subsection{AND, OR and XOR Operations}
-
-While AND, OR and XOR operations are not typical ``bignum functions'' they can be useful in several instances.  The
-three functions are prototyped as follows.
-
-\index{mp\_or} \index{mp\_and} \index{mp\_xor}
-\begin{alltt}
-int mp_or  (mp_int * a, mp_int * b, mp_int * c);
-int mp_and (mp_int * a, mp_int * b, mp_int * c);
-int mp_xor (mp_int * a, mp_int * b, mp_int * c);
-\end{alltt}
-
-Which compute $c = a \odot b$ where $\odot$ is one of OR, AND or XOR.
-
-\section{Addition and Subtraction}
-
-To compute an addition or subtraction the following two functions can be used.
-
-\index{mp\_add} \index{mp\_sub}
-\begin{alltt}
-int mp_add (mp_int * a, mp_int * b, mp_int * c);
-int mp_sub (mp_int * a, mp_int * b, mp_int * c)
-\end{alltt}
-
-Which perform $c = a \odot b$ where $\odot$ is one of signed addition or subtraction.  The operations are fully sign
-aware.
-
-\section{Sign Manipulation}
-\subsection{Negation}
-\label{sec:NEG}
-Simple integer negation can be performed with the following.
-
-\index{mp\_neg}
-\begin{alltt}
-int mp_neg (mp_int * a, mp_int * b);
-\end{alltt}
-
-Which assigns $-a$ to $b$.
-
-\subsection{Absolute}
-Simple integer absolutes can be performed with the following.
-
-\index{mp\_neg}
-\begin{alltt}
-int mp_abs (mp_int * a, mp_int * b);
-\end{alltt}
-
-Which assigns $\vert a \vert$ to $b$.
-
-\section{Integer Division and Remainder}
-To perform a complete and general integer division with remainder use the following function.
-
-\index{mp\_div}
-\begin{alltt}
-int mp_div (mp_int * a, mp_int * b, mp_int * c, mp_int * d);
-\end{alltt}
-
-This divides $a$ by $b$ and stores the quotient in $c$ and $d$.  The signed quotient is computed such that
-$bc + d = a$.  Note that either of $c$ or $d$ can be set to \textbf{NULL} if their value is not required.  If
-$b$ is zero the function returns \textbf{MP\_VAL}.
-
-
-\chapter{Multiplication and Squaring}
-\section{Multiplication}
-A full signed integer multiplication can be performed with the following.
-\index{mp\_mul}
-\begin{alltt}
-int mp_mul (mp_int * a, mp_int * b, mp_int * c);
-\end{alltt}
-Which assigns the full signed product $ab$ to $c$.  This function actually breaks into one of four cases which are
-specific multiplication routines optimized for given parameters.  First there are the Toom-Cook multiplications which
-should only be used with very large inputs.  This is followed by the Karatsuba multiplications which are for moderate
-sized inputs.  Then followed by the Comba and baseline multipliers.
-
-Fortunately for the developer you don't really need to know this unless you really want to fine tune the system.  mp\_mul()
-will determine on its own\footnote{Some tweaking may be required.} what routine to use automatically when it is called.
-
-\begin{alltt}
-int main(void)
-\{
-   mp_int number1, number2;
-   int result;
-
-   /* Initialize the numbers */
-   if ((result = mp_init_multi(&number1,
-                               &number2, NULL)) != MP_OKAY) \{
-      printf("Error initializing the numbers.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* set the terms */
-   if ((result = mp_set_int(&number, 257)) != MP_OKAY) \{
-      printf("Error setting number1.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   if ((result = mp_set_int(&number2, 1023)) != MP_OKAY) \{
-      printf("Error setting number2.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* multiply them */
-   if ((result = mp_mul(&number1, &number2,
-                        &number1)) != MP_OKAY) \{
-      printf("Error multiplying terms.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* display */
-   printf("number1 * number2 == \%lu", mp_get_int(&number1));
-
-   /* free terms and return */
-   mp_clear_multi(&number1, &number2, NULL);
-
-   return EXIT_SUCCESS;
-\}
-\end{alltt}
-
-If this program succeeds it shall output the following.
-
-\begin{alltt}
-number1 * number2 == 262911
-\end{alltt}
-
-\section{Squaring}
-Since squaring can be performed faster than multiplication it is performed it's own function instead of just using
-mp\_mul().
-
-\index{mp\_sqr}
-\begin{alltt}
-int mp_sqr (mp_int * a, mp_int * b);
-\end{alltt}
-
-Will square $a$ and store it in $b$.  Like the case of multiplication there are four different squaring
-algorithms all which can be called from mp\_sqr().  It is ideal to use mp\_sqr over mp\_mul when squaring terms because
-of the speed difference.
-
-\section{Tuning Polynomial Basis Routines}
-
-Both of the Toom-Cook and Karatsuba multiplication algorithms are faster than the traditional $O(n^2)$ approach that
-the Comba and baseline algorithms use.  At $O(n^{1.464973})$ and $O(n^{1.584962})$ running times respectively they require
-considerably less work.  For example, a 10000-digit multiplication would take roughly 724,000 single precision
-multiplications with Toom-Cook or 100,000,000 single precision multiplications with the standard Comba (a factor
-of 138).
-
-So why not always use Karatsuba or Toom-Cook?   The simple answer is that they have so much overhead that they're not
-actually faster than Comba until you hit distinct  ``cutoff'' points.  For Karatsuba with the default configuration,
-GCC 3.3.1 and an Athlon XP processor the cutoff point is roughly 110 digits (about 70 for the Intel P4).  That is, at
-110 digits Karatsuba and Comba multiplications just about break even and for 110+ digits Karatsuba is faster.
-
-Toom-Cook has incredible overhead and is probably only useful for very large inputs.  So far no known cutoff points
-exist and for the most part I just set the cutoff points very high to make sure they're not called.
-
-A demo program in the ``etc/'' directory of the project called ``tune.c'' can be used to find the cutoff points.  This
-can be built with GCC as follows
-
-\begin{alltt}
-make XXX
-\end{alltt}
-Where ``XXX'' is one of the following entries from the table \ref{fig:tuning}.
-
-\begin{figure}[here]
-\begin{center}
-\begin{small}
-\begin{tabular}{|l|l|}
-\hline \textbf{Value of XXX} & \textbf{Meaning} \\
-\hline tune & Builds portable tuning application \\
-\hline tune86 & Builds x86 (pentium and up) program for COFF \\
-\hline tune86c & Builds x86 program for Cygwin \\
-\hline tune86l & Builds x86 program for Linux (ELF format) \\
-\hline
-\end{tabular}
-\end{small}
-\end{center}
-\caption{Build Names for Tuning Programs}
-\label{fig:tuning}
-\end{figure}
-
-When the program is running it will output a series of measurements for different cutoff points.  It will first find
-good Karatsuba squaring and multiplication points.  Then it proceeds to find Toom-Cook points.  Note that the Toom-Cook
-tuning takes a very long time as the cutoff points are likely to be very high.
-
-\chapter{Modular Reduction}
-
-Modular reduction is process of taking the remainder of one quantity divided by another.  Expressed
-as (\ref{eqn:mod}) the modular reduction is equivalent to the remainder of $b$ divided by $c$.
-
-\begin{equation}
-a \equiv b \mbox{ (mod }c\mbox{)}
-\label{eqn:mod}
-\end{equation}
-
-Of particular interest to cryptography are reductions where $b$ is limited to the range $0 \le b < c^2$ since particularly
-fast reduction algorithms can be written for the limited range.
-
-Note that one of the four optimized reduction algorithms are automatically chosen in the modular exponentiation
-algorithm mp\_exptmod when an appropriate modulus is detected.
-
-\section{Straight Division}
-In order to effect an arbitrary modular reduction the following algorithm is provided.
-
-\index{mp\_mod}
-\begin{alltt}
-int mp_mod(mp_int *a, mp_int *b, mp_int *c);
-\end{alltt}
-
-This reduces $a$ modulo $b$ and stores the result in $c$.  The sign of $c$ shall agree with the sign
-of $b$.  This algorithm accepts an input $a$ of any range and is not limited by $0 \le a < b^2$.
-
-\section{Barrett Reduction}
-
-Barrett reduction is a generic optimized reduction algorithm that requires pre--computation to achieve
-a decent speedup over straight division.  First a $\mu$ value must be precomputed with the following function.
-
-\index{mp\_reduce\_setup}
-\begin{alltt}
-int mp_reduce_setup(mp_int *a, mp_int *b);
-\end{alltt}
-
-Given a modulus in $b$ this produces the required $\mu$ value in $a$.  For any given modulus this only has to
-be computed once.  Modular reduction can now be performed with the following.
-
-\index{mp\_reduce}
-\begin{alltt}
-int mp_reduce(mp_int *a, mp_int *b, mp_int *c);
-\end{alltt}
-
-This will reduce $a$ in place modulo $b$ with the precomputed $\mu$ value in $c$.  $a$ must be in the range
-$0 \le a < b^2$.
-
-\begin{alltt}
-int main(void)
-\{
-   mp_int   a, b, c, mu;
-   int      result;
-
-   /* initialize a,b to desired values, mp_init mu,
-    * c and set c to 1...we want to compute a^3 mod b
-    */
-
-   /* get mu value */
-   if ((result = mp_reduce_setup(&mu, b)) != MP_OKAY) \{
-      printf("Error getting mu.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* square a to get c = a^2 */
-   if ((result = mp_sqr(&a, &c)) != MP_OKAY) \{
-      printf("Error squaring.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* now reduce `c' modulo b */
-   if ((result = mp_reduce(&c, &b, &mu)) != MP_OKAY) \{
-      printf("Error reducing.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* multiply a to get c = a^3 */
-   if ((result = mp_mul(&a, &c, &c)) != MP_OKAY) \{
-      printf("Error reducing.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* now reduce `c' modulo b  */
-   if ((result = mp_reduce(&c, &b, &mu)) != MP_OKAY) \{
-      printf("Error reducing.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* c now equals a^3 mod b */
-
-   return EXIT_SUCCESS;
-\}
-\end{alltt}
-
-This program will calculate $a^3 \mbox{ mod }b$ if all the functions succeed.
-
-\section{Montgomery Reduction}
-
-Montgomery is a specialized reduction algorithm for any odd moduli.  Like Barrett reduction a pre--computation
-step is required.  This is accomplished with the following.
-
-\index{mp\_montgomery\_setup}
-\begin{alltt}
-int mp_montgomery_setup(mp_int *a, mp_digit *mp);
-\end{alltt}
-
-For the given odd moduli $a$ the precomputation value is placed in $mp$.  The reduction is computed with the
-following.
-
-\index{mp\_montgomery\_reduce}
-\begin{alltt}
-int mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp);
-\end{alltt}
-This reduces $a$ in place modulo $m$ with the pre--computed value $mp$.   $a$ must be in the range
-$0 \le a < b^2$.
-
-Montgomery reduction is faster than Barrett reduction for moduli smaller than the ``comba'' limit.  With the default
-setup for instance, the limit is $127$ digits ($3556$--bits).   Note that this function is not limited to
-$127$ digits just that it falls back to a baseline algorithm after that point.
-
-An important observation is that this reduction does not return $a \mbox{ mod }m$ but $aR^{-1} \mbox{ mod }m$
-where $R = \beta^n$, $n$ is the n number of digits in $m$ and $\beta$ is radix used (default is $2^{28}$).
-
-To quickly calculate $R$ the following function was provided.
-
-\index{mp\_montgomery\_calc\_normalization}
-\begin{alltt}
-int mp_montgomery_calc_normalization(mp_int *a, mp_int *b);
-\end{alltt}
-Which calculates $a = R$ for the odd moduli $b$ without using multiplication or division.
-
-The normal modus operandi for Montgomery reductions is to normalize the integers before entering the system.  For
-example, to calculate $a^3 \mbox { mod }b$ using Montgomery reduction the value of $a$ can be normalized by
-multiplying it by $R$.  Consider the following code snippet.
-
-\begin{alltt}
-int main(void)
-\{
-   mp_int   a, b, c, R;
-   mp_digit mp;
-   int      result;
-
-   /* initialize a,b to desired values,
-    * mp_init R, c and set c to 1....
-    */
-
-   /* get normalization */
-   if ((result = mp_montgomery_calc_normalization(&R, b)) != MP_OKAY) \{
-      printf("Error getting norm.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* get mp value */
-   if ((result = mp_montgomery_setup(&c, &mp)) != MP_OKAY) \{
-      printf("Error setting up montgomery.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* normalize `a' so now a is equal to aR */
-   if ((result = mp_mulmod(&a, &R, &b, &a)) != MP_OKAY) \{
-      printf("Error computing aR.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* square a to get c = a^2R^2 */
-   if ((result = mp_sqr(&a, &c)) != MP_OKAY) \{
-      printf("Error squaring.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* now reduce `c' back down to c = a^2R^2 * R^-1 == a^2R */
-   if ((result = mp_montgomery_reduce(&c, &b, mp)) != MP_OKAY) \{
-      printf("Error reducing.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* multiply a to get c = a^3R^2 */
-   if ((result = mp_mul(&a, &c, &c)) != MP_OKAY) \{
-      printf("Error reducing.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* now reduce `c' back down to c = a^3R^2 * R^-1 == a^3R */
-   if ((result = mp_montgomery_reduce(&c, &b, mp)) != MP_OKAY) \{
-      printf("Error reducing.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* now reduce (again) `c' back down to c = a^3R * R^-1 == a^3 */
-   if ((result = mp_montgomery_reduce(&c, &b, mp)) != MP_OKAY) \{
-      printf("Error reducing.  \%s",
-             mp_error_to_string(result));
-      return EXIT_FAILURE;
-   \}
-
-   /* c now equals a^3 mod b */
-
-   return EXIT_SUCCESS;
-\}
-\end{alltt}
-
-This particular example does not look too efficient but it demonstrates the point of the algorithm.  By
-normalizing the inputs the reduced results are always of the form $aR$ for some variable $a$.  This allows
-a single final reduction to correct for the normalization and the fast reduction used within the algorithm.
-
-For more details consider examining the file \textit{bn\_mp\_exptmod\_fast.c}.
-
-\section{Restricted Dimminished Radix}
-
-``Dimminished Radix'' reduction refers to reduction with respect to moduli that are ameniable to simple
-digit shifting and small multiplications.  In this case the ``restricted'' variant refers to moduli of the
-form $\beta^k - p$ for some $k \ge 0$ and $0 < p < \beta$ where $\beta$ is the radix (default to $2^{28}$).
-
-As in the case of Montgomery reduction there is a pre--computation phase required for a given modulus.
-
-\index{mp\_dr\_setup}
-\begin{alltt}
-void mp_dr_setup(mp_int *a, mp_digit *d);
-\end{alltt}
-
-This computes the value required for the modulus $a$ and stores it in $d$.  This function cannot fail
-and does not return any error codes.  After the pre--computation a reduction can be performed with the
-following.
-
-\index{mp\_dr\_reduce}
-\begin{alltt}
-int mp_dr_reduce(mp_int *a, mp_int *b, mp_digit mp);
-\end{alltt}
-
-This reduces $a$ in place modulo $b$ with the pre--computed value $mp$.  $b$ must be of a restricted
-dimminished radix form and $a$ must be in the range $0 \le a < b^2$.  Dimminished radix reductions are
-much faster than both Barrett and Montgomery reductions as they have a much lower asymtotic running time.
-
-Since the moduli are restricted this algorithm is not particularly useful for something like Rabin, RSA or
-BBS cryptographic purposes.  This reduction algorithm is useful for Diffie-Hellman and ECC where fixed
-primes are acceptable.
-
-Note that unlike Montgomery reduction there is no normalization process.  The result of this function is
-equal to the correct residue.
-
-\section{Unrestricted Dimminshed Radix}
-
-Unrestricted reductions work much like the restricted counterparts except in this case the moduli is of the
-form $2^k - p$ for $0 < p < \beta$.  In this sense the unrestricted reductions are more flexible as they
-can be applied to a wider range of numbers.
-
-\index{mp\_reduce\_2k\_setup}
-\begin{alltt}
-int mp_reduce_2k_setup(mp_int *a, mp_digit *d);
-\end{alltt}
-
-This will compute the required $d$ value for the given moduli $a$.
-
-\index{mp\_reduce\_2k}
-\begin{alltt}
-int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d);
-\end{alltt}
-
-This will reduce $a$ in place modulo $n$ with the pre--computed value $d$.  From my experience this routine is
-slower than mp\_dr\_reduce but faster for most moduli sizes than the Montgomery reduction.
-
-\chapter{Exponentiation}
-\section{Single Digit Exponentiation}
-\index{mp\_expt\_d\_ex}
-\begin{alltt}
-int mp_expt_d_ex (mp_int * a, mp_digit b, mp_int * c, int fast)
-\end{alltt}
-This function computes $c = a^b$.
-
-With parameter \textit{fast} set to $0$ the old version of the algorithm is used,
-when \textit{fast} is $1$, a faster but not statically timed version of the algorithm is used.
-
-The old version uses a simple binary left-to-right algorithm.
-It is faster than repeated multiplications by $a$ for all values of $b$ greater than three.
-
-The new version uses a binary right-to-left algorithm.
-
-The difference between the old and the new version is that the old version always
-executes $DIGIT\_BIT$ iterations. The new algorithm executes only $n$ iterations
-where $n$ is equal to the position of the highest bit that is set in $b$.
-
-\index{mp\_expt\_d}
-\begin{alltt}
-int mp_expt_d (mp_int * a, mp_digit b, mp_int * c)
-\end{alltt}
-mp\_expt\_d(a, b, c) is a wrapper function to mp\_expt\_d\_ex(a, b, c, 0).
-
-\section{Modular Exponentiation}
-\index{mp\_exptmod}
-\begin{alltt}
-int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
-\end{alltt}
-This computes $Y \equiv G^X \mbox{ (mod }P\mbox{)}$ using a variable width sliding window algorithm.  This function
-will automatically detect the fastest modular reduction technique to use during the operation.  For negative values of
-$X$ the operation is performed as $Y \equiv (G^{-1} \mbox{ mod }P)^{\vert X \vert} \mbox{ (mod }P\mbox{)}$ provided that
-$gcd(G, P) = 1$.
-
-This function is actually a shell around the two internal exponentiation functions.  This routine will automatically
-detect when Barrett, Montgomery, Restricted and Unrestricted Dimminished Radix based exponentiation can be used.  Generally
-moduli of the a ``restricted dimminished radix'' form lead to the fastest modular exponentiations.  Followed by Montgomery
-and the other two algorithms.
-
-\section{Root Finding}
-\index{mp\_n\_root}
-\begin{alltt}
-int mp_n_root (mp_int * a, mp_digit b, mp_int * c)
-\end{alltt}
-This computes $c = a^{1/b}$ such that $c^b \le a$ and $(c+1)^b > a$.  The implementation of this function is not
-ideal for values of $b$ greater than three.  It will work but become very slow.  So unless you are working with very small
-numbers (less than 1000 bits) I'd avoid $b > 3$ situations.  Will return a positive root only for even roots and return
-a root with the sign of the input for odd roots.  For example, performing $4^{1/2}$ will return $2$ whereas $(-8)^{1/3}$
-will return $-2$.
-
-This algorithm uses the ``Newton Approximation'' method and will converge on the correct root fairly quickly.  Since
-the algorithm requires raising $a$ to the power of $b$ it is not ideal to attempt to find roots for large
-values of $b$.  If particularly large roots are required then a factor method could be used instead.  For example,
-$a^{1/16}$ is equivalent to $\left (a^{1/4} \right)^{1/4}$ or simply
-$\left ( \left ( \left ( a^{1/2} \right )^{1/2} \right )^{1/2} \right )^{1/2}$
-
-\chapter{Prime Numbers}
-\section{Trial Division}
-\index{mp\_prime\_is\_divisible}
-\begin{alltt}
-int mp_prime_is_divisible (mp_int * a, int *result)
-\end{alltt}
-This will attempt to evenly divide $a$ by a list of primes\footnote{Default is the first 256 primes.} and store the
-outcome in ``result''.  That is if $result = 0$ then $a$ is not divisible by the primes, otherwise it is.  Note that
-if the function does not return \textbf{MP\_OKAY} the value in ``result'' should be considered undefined\footnote{Currently
-the default is to set it to zero first.}.
-
-\section{Fermat Test}
-\index{mp\_prime\_fermat}
-\begin{alltt}
-int mp_prime_fermat (mp_int * a, mp_int * b, int *result)
-\end{alltt}
-Performs a Fermat primality test to the base $b$.  That is it computes $b^a \mbox{ mod }a$ and tests whether the value is
-equal to $b$ or not.  If the values are equal then $a$ is probably prime and $result$ is set to one.  Otherwise $result$
-is set to zero.
-
-\section{Miller-Rabin Test}
-\index{mp\_prime\_miller\_rabin}
-\begin{alltt}
-int mp_prime_miller_rabin (mp_int * a, mp_int * b, int *result)
-\end{alltt}
-Performs a Miller-Rabin test to the base $b$ of $a$.  This test is much stronger than the Fermat test and is very hard to
-fool (besides with Carmichael numbers).  If $a$ passes the test (therefore is probably prime) $result$ is set to one.
-Otherwise $result$ is set to zero.
-
-Note that is suggested that you use the Miller-Rabin test instead of the Fermat test since all of the failures of
-Miller-Rabin are a subset of the failures of the Fermat test.
-
-\subsection{Required Number of Tests}
-Generally to ensure a number is very likely to be prime you have to perform the Miller-Rabin with at least a half-dozen
-or so unique bases.  However, it has been proven that the probability of failure goes down as the size of the input goes up.
-This is why a simple function has been provided to help out.
-
-\index{mp\_prime\_rabin\_miller\_trials}
-\begin{alltt}
-int mp_prime_rabin_miller_trials(int size)
-\end{alltt}
-This returns the number of trials required for a $2^{-96}$ (or lower) probability of failure for a given ``size'' expressed
-in bits.  This comes in handy specially since larger numbers are slower to test.  For example, a 512-bit number would
-require ten tests whereas a 1024-bit number would only require four tests.
-
-You should always still perform a trial division before a Miller-Rabin test though.
-
-\section{Primality Testing}
-\index{mp\_prime\_is\_prime}
-\begin{alltt}
-int mp_prime_is_prime (mp_int * a, int t, int *result)
-\end{alltt}
-This will perform a trial division followed by $t$ rounds of Miller-Rabin tests on $a$ and store the result in $result$.
-If $a$ passes all of the tests $result$ is set to one, otherwise it is set to zero.  Note that $t$ is bounded by
-$1 \le t < PRIME\_SIZE$ where $PRIME\_SIZE$ is the number of primes in the prime number table (by default this is $256$).
-
-\section{Next Prime}
-\index{mp\_prime\_next\_prime}
-\begin{alltt}
-int mp_prime_next_prime(mp_int *a, int t, int bbs_style)
-\end{alltt}
-This finds the next prime after $a$ that passes mp\_prime\_is\_prime() with $t$ tests.  Set $bbs\_style$ to one if you
-want only the next prime congruent to $3 \mbox{ mod } 4$, otherwise set it to zero to find any next prime.
-
-\section{Random Primes}
-\index{mp\_prime\_random}
-\begin{alltt}
-int mp_prime_random(mp_int *a, int t, int size, int bbs,
-                    ltm_prime_callback cb, void *dat)
-\end{alltt}
-This will find a prime greater than $256^{size}$ which can be ``bbs\_style'' or not depending on $bbs$ and must pass
-$t$ rounds of tests.  The ``ltm\_prime\_callback'' is a typedef for
-
-\begin{alltt}
-typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat);
-\end{alltt}
-
-Which is a function that must read $len$ bytes (and return the amount stored) into $dst$.  The $dat$ variable is simply
-copied from the original input.  It can be used to pass RNG context data to the callback.  The function
-mp\_prime\_random() is more suitable for generating primes which must be secret (as in the case of RSA) since there
-is no skew on the least significant bits.
-
-\textit{Note:}  As of v0.30 of the LibTomMath library this function has been deprecated.  It is still available
-but users are encouraged to use the new mp\_prime\_random\_ex() function instead.
-
-\subsection{Extended Generation}
-\index{mp\_prime\_random\_ex}
-\begin{alltt}
-int mp_prime_random_ex(mp_int *a,    int t,
-                       int     size, int flags,
-                       ltm_prime_callback cb, void *dat);
-\end{alltt}
-This will generate a prime in $a$ using $t$ tests of the primality testing algorithms.  The variable $size$
-specifies the bit length of the prime desired.  The variable $flags$ specifies one of several options available
-(see fig. \ref{fig:primeopts}) which can be OR'ed together.  The callback parameters are used as in
-mp\_prime\_random().
-
-\begin{figure}[here]
-\begin{center}
-\begin{small}
-\begin{tabular}{|r|l|}
-\hline \textbf{Flag}         & \textbf{Meaning} \\
-\hline LTM\_PRIME\_BBS       & Make the prime congruent to $3$ modulo $4$ \\
-\hline LTM\_PRIME\_SAFE      & Make a prime $p$ such that $(p - 1)/2$ is also prime. \\
-                             & This option implies LTM\_PRIME\_BBS as well. \\
-\hline LTM\_PRIME\_2MSB\_OFF & Makes sure that the bit adjacent to the most significant bit \\
-                             & Is forced to zero.  \\
-\hline LTM\_PRIME\_2MSB\_ON  & Makes sure that the bit adjacent to the most significant bit \\
-                             & Is forced to one. \\
-\hline
-\end{tabular}
-\end{small}
-\end{center}
-\caption{Primality Generation Options}
-\label{fig:primeopts}
-\end{figure}
-
-\chapter{Input and Output}
-\section{ASCII Conversions}
-\subsection{To ASCII}
-\index{mp\_toradix}
-\begin{alltt}
-int mp_toradix (mp_int * a, char *str, int radix);
-\end{alltt}
-This still store $a$ in ``str'' as a base-``radix'' string of ASCII chars.  This function appends a NUL character
-to terminate the string.  Valid values of ``radix'' line in the range $[2, 64]$.  To determine the size (exact) required
-by the conversion before storing any data use the following function.
-
-\index{mp\_radix\_size}
-\begin{alltt}
-int mp_radix_size (mp_int * a, int radix, int *size)
-\end{alltt}
-This stores in ``size'' the number of characters (including space for the NUL terminator) required.  Upon error this
-function returns an error code and ``size'' will be zero.
-
-\subsection{From ASCII}
-\index{mp\_read\_radix}
-\begin{alltt}
-int mp_read_radix (mp_int * a, char *str, int radix);
-\end{alltt}
-This will read the base-``radix'' NUL terminated string from ``str'' into $a$.  It will stop reading when it reads a
-character it does not recognize (which happens to include th NUL char... imagine that...).  A single leading $-$ sign
-can be used to denote a negative number.
-
-\section{Binary Conversions}
-
-Converting an mp\_int to and from binary is another keen idea.
-
-\index{mp\_unsigned\_bin\_size}
-\begin{alltt}
-int mp_unsigned_bin_size(mp_int *a);
-\end{alltt}
-
-This will return the number of bytes (octets) required to store the unsigned copy of the integer $a$.
-
-\index{mp\_to\_unsigned\_bin}
-\begin{alltt}
-int mp_to_unsigned_bin(mp_int *a, unsigned char *b);
-\end{alltt}
-This will store $a$ into the buffer $b$ in big--endian format.  Fortunately this is exactly what DER (or is it ASN?)
-requires.  It does not store the sign of the integer.
-
-\index{mp\_read\_unsigned\_bin}
-\begin{alltt}
-int mp_read_unsigned_bin(mp_int *a, unsigned char *b, int c);
-\end{alltt}
-This will read in an unsigned big--endian array of bytes (octets) from $b$ of length $c$ into $a$.  The resulting
-integer $a$ will always be positive.
-
-For those who acknowledge the existence of negative numbers (heretic!) there are ``signed'' versions of the
-previous functions.
-
-\begin{alltt}
-int mp_signed_bin_size(mp_int *a);
-int mp_read_signed_bin(mp_int *a, unsigned char *b, int c);
-int mp_to_signed_bin(mp_int *a, unsigned char *b);
-\end{alltt}
-They operate essentially the same as the unsigned copies except they prefix the data with zero or non--zero
-byte depending on the sign.  If the sign is zpos (e.g. not negative) the prefix is zero, otherwise the prefix
-is non--zero.
-
-\chapter{Algebraic Functions}
-\section{Extended Euclidean Algorithm}
-\index{mp\_exteuclid}
-\begin{alltt}
-int mp_exteuclid(mp_int *a, mp_int *b,
-                 mp_int *U1, mp_int *U2, mp_int *U3);
-\end{alltt}
-
-This finds the triple U1/U2/U3 using the Extended Euclidean algorithm such that the following equation holds.
-
-\begin{equation}
-a \cdot U1 + b \cdot U2 = U3
-\end{equation}
-
-Any of the U1/U2/U3 paramters can be set to \textbf{NULL} if they are not desired.
-
-\section{Greatest Common Divisor}
-\index{mp\_gcd}
-\begin{alltt}
-int mp_gcd (mp_int * a, mp_int * b, mp_int * c)
-\end{alltt}
-This will compute the greatest common divisor of $a$ and $b$ and store it in $c$.
-
-\section{Least Common Multiple}
-\index{mp\_lcm}
-\begin{alltt}
-int mp_lcm (mp_int * a, mp_int * b, mp_int * c)
-\end{alltt}
-This will compute the least common multiple of $a$ and $b$ and store it in $c$.
-
-\section{Jacobi Symbol}
-\index{mp\_jacobi}
-\begin{alltt}
-int mp_jacobi (mp_int * a, mp_int * p, int *c)
-\end{alltt}
-This will compute the Jacobi symbol for $a$ with respect to $p$.  If $p$ is prime this essentially computes the Legendre
-symbol.  The result is stored in $c$ and can take on one of three values $\lbrace -1, 0, 1 \rbrace$.  If $p$ is prime
-then the result will be $-1$ when $a$ is not a quadratic residue modulo $p$.  The result will be $0$ if $a$ divides $p$
-and the result will be $1$ if $a$ is a quadratic residue modulo $p$.
-
-\section{Modular square root}
-\index{mp\_sqrtmod\_prime}
-\begin{alltt}
-int mp_sqrtmod_prime(mp_int *n, mp_int *p, mp_int *r)
-\end{alltt}
-
-This will solve the modular equatioon $r^2 = n \mod p$ where $p$ is a prime number greater than 2 (odd prime).
-The result is returned in the third argument $r$, the function returns \textbf{MP\_OKAY} on success,
-other return values indicate failure.
-
-The implementation is split for two different cases:
-
-1. if $p \mod 4 == 3$ we apply \href{http://cacr.uwaterloo.ca/hac/}{Handbook of Applied Cryptography algorithm 3.36} and compute $r$ directly as
-$r = n^{(p+1)/4} \mod p$
-
-2. otherwise we use \href{https://en.wikipedia.org/wiki/Tonelli-Shanks_algorithm}{Tonelli-Shanks algorithm}
-
-The function does not check the primality of parameter $p$ thus it is up to the caller to assure that this parameter
-is a prime number. When $p$ is a composite the function behaviour is undefined, it may even return a false-positive
-\textbf{MP\_OKAY}.
-
-\section{Modular Inverse}
-\index{mp\_invmod}
-\begin{alltt}
-int mp_invmod (mp_int * a, mp_int * b, mp_int * c)
-\end{alltt}
-Computes the multiplicative inverse of $a$ modulo $b$ and stores the result in $c$ such that $ac \equiv 1 \mbox{ (mod }b\mbox{)}$.
-
-\section{Single Digit Functions}
-
-For those using small numbers (\textit{snicker snicker}) there are several ``helper'' functions
-
-\index{mp\_add\_d} \index{mp\_sub\_d} \index{mp\_mul\_d} \index{mp\_div\_d} \index{mp\_mod\_d}
-\begin{alltt}
-int mp_add_d(mp_int *a, mp_digit b, mp_int *c);
-int mp_sub_d(mp_int *a, mp_digit b, mp_int *c);
-int mp_mul_d(mp_int *a, mp_digit b, mp_int *c);
-int mp_div_d(mp_int *a, mp_digit b, mp_int *c, mp_digit *d);
-int mp_mod_d(mp_int *a, mp_digit b, mp_digit *c);
-\end{alltt}
-
-These work like the full mp\_int capable variants except the second parameter $b$ is a mp\_digit.  These
-functions fairly handy if you have to work with relatively small numbers since you will not have to allocate
-an entire mp\_int to store a number like $1$ or $2$.
-
-\input{bn.ind}
-
-\end{document}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_cutoffs.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,14 @@
+#include "tommath_private.h"
+#ifdef BN_CUTOFFS_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+#ifndef MP_FIXED_CUTOFFS
+#include "tommath_cutoffs.h"
+int KARATSUBA_MUL_CUTOFF = MP_DEFAULT_KARATSUBA_MUL_CUTOFF,
+    KARATSUBA_SQR_CUTOFF = MP_DEFAULT_KARATSUBA_SQR_CUTOFF,
+    TOOM_MUL_CUTOFF = MP_DEFAULT_TOOM_MUL_CUTOFF,
+    TOOM_SQR_CUTOFF = MP_DEFAULT_TOOM_SQR_CUTOFF;
+#endif
+
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_deprecated.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,321 @@
+#include "tommath_private.h"
+#ifdef BN_DEPRECATED_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+#ifdef BN_MP_GET_BIT_C
+int mp_get_bit(const mp_int *a, int b)
+{
+   if (b < 0) {
+      return MP_VAL;
+   }
+   return (s_mp_get_bit(a, (unsigned int)b) == MP_YES) ? MP_YES : MP_NO;
+}
+#endif
+#ifdef BN_MP_JACOBI_C
+mp_err mp_jacobi(const mp_int *a, const mp_int *n, int *c)
+{
+   if (a->sign == MP_NEG) {
+      return MP_VAL;
+   }
+   if (mp_cmp_d(n, 0uL) != MP_GT) {
+      return MP_VAL;
+   }
+   return mp_kronecker(a, n, c);
+}
+#endif
+#ifdef BN_MP_PRIME_RANDOM_EX_C
+mp_err mp_prime_random_ex(mp_int *a, int t, int size, int flags, private_mp_prime_callback cb, void *dat)
+{
+   return s_mp_prime_random_ex(a, t, size, flags, cb, dat);
+}
+#endif
+#ifdef BN_MP_RAND_DIGIT_C
+mp_err mp_rand_digit(mp_digit *r)
+{
+   mp_err err = s_mp_rand_source(r, sizeof(mp_digit));
+   *r &= MP_MASK;
+   return err;
+}
+#endif
+#ifdef BN_FAST_MP_INVMOD_C
+mp_err fast_mp_invmod(const mp_int *a, const mp_int *b, mp_int *c)
+{
+   return s_mp_invmod_fast(a, b, c);
+}
+#endif
+#ifdef BN_FAST_MP_MONTGOMERY_REDUCE_C
+mp_err fast_mp_montgomery_reduce(mp_int *x, const mp_int *n, mp_digit rho)
+{
+   return s_mp_montgomery_reduce_fast(x, n, rho);
+}
+#endif
+#ifdef BN_FAST_S_MP_MUL_DIGS_C
+mp_err fast_s_mp_mul_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
+{
+   return s_mp_mul_digs_fast(a, b, c, digs);
+}
+#endif
+#ifdef BN_FAST_S_MP_MUL_HIGH_DIGS_C
+mp_err fast_s_mp_mul_high_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
+{
+   return s_mp_mul_high_digs_fast(a, b, c, digs);
+}
+#endif
+#ifdef BN_FAST_S_MP_SQR_C
+mp_err fast_s_mp_sqr(const mp_int *a, mp_int *b)
+{
+   return s_mp_sqr_fast(a, b);
+}
+#endif
+#ifdef BN_MP_BALANCE_MUL_C
+mp_err mp_balance_mul(const mp_int *a, const mp_int *b, mp_int *c)
+{
+   return s_mp_balance_mul(a, b, c);
+}
+#endif
+#ifdef BN_MP_EXPTMOD_FAST_C
+mp_err mp_exptmod_fast(const mp_int *G, const mp_int *X, const mp_int *P, mp_int *Y, int redmode)
+{
+   return s_mp_exptmod_fast(G, X, P, Y, redmode);
+}
+#endif
+#ifdef BN_MP_INVMOD_SLOW_C
+mp_err mp_invmod_slow(const mp_int *a, const mp_int *b, mp_int *c)
+{
+   return s_mp_invmod_slow(a, b, c);
+}
+#endif
+#ifdef BN_MP_KARATSUBA_MUL_C
+mp_err mp_karatsuba_mul(const mp_int *a, const mp_int *b, mp_int *c)
+{
+   return s_mp_karatsuba_mul(a, b, c);
+}
+#endif
+#ifdef BN_MP_KARATSUBA_SQR_C
+mp_err mp_karatsuba_sqr(const mp_int *a, mp_int *b)
+{
+   return s_mp_karatsuba_sqr(a, b);
+}
+#endif
+#ifdef BN_MP_TOOM_MUL_C
+mp_err mp_toom_mul(const mp_int *a, const mp_int *b, mp_int *c)
+{
+   return s_mp_toom_mul(a, b, c);
+}
+#endif
+#ifdef BN_MP_TOOM_SQR_C
+mp_err mp_toom_sqr(const mp_int *a, mp_int *b)
+{
+   return s_mp_toom_sqr(a, b);
+}
+#endif
+#ifdef S_MP_REVERSE_C
+void bn_reverse(unsigned char *s, int len)
+{
+   if (len > 0) {
+      s_mp_reverse(s, (size_t)len);
+   }
+}
+#endif
+#ifdef BN_MP_TC_AND_C
+mp_err mp_tc_and(const mp_int *a, const mp_int *b, mp_int *c)
+{
+   return mp_and(a, b, c);
+}
+#endif
+#ifdef BN_MP_TC_OR_C
+mp_err mp_tc_or(const mp_int *a, const mp_int *b, mp_int *c)
+{
+   return mp_or(a, b, c);
+}
+#endif
+#ifdef BN_MP_TC_XOR_C
+mp_err mp_tc_xor(const mp_int *a, const mp_int *b, mp_int *c)
+{
+   return mp_xor(a, b, c);
+}
+#endif
+#ifdef BN_MP_TC_DIV_2D_C
+mp_err mp_tc_div_2d(const mp_int *a, int b, mp_int *c)
+{
+   return mp_signed_rsh(a, b, c);
+}
+#endif
+#ifdef BN_MP_INIT_SET_INT_C
+mp_err mp_init_set_int(mp_int *a, unsigned long b)
+{
+   return mp_init_u32(a, (uint32_t)b);
+}
+#endif
+#ifdef BN_MP_SET_INT_C
+mp_err mp_set_int(mp_int *a, unsigned long b)
+{
+   mp_set_u32(a, (uint32_t)b);
+   return MP_OKAY;
+}
+#endif
+#ifdef BN_MP_SET_LONG_C
+mp_err mp_set_long(mp_int *a, unsigned long b)
+{
+   mp_set_u64(a, b);
+   return MP_OKAY;
+}
+#endif
+#ifdef BN_MP_SET_LONG_LONG_C
+mp_err mp_set_long_long(mp_int *a, unsigned long long b)
+{
+   mp_set_u64(a, b);
+   return MP_OKAY;
+}
+#endif
+#ifdef BN_MP_GET_INT_C
+unsigned long mp_get_int(const mp_int *a)
+{
+   return (unsigned long)mp_get_mag_u32(a);
+}
+#endif
+#ifdef BN_MP_GET_LONG_C
+unsigned long mp_get_long(const mp_int *a)
+{
+   return (unsigned long)mp_get_mag_ul(a);
+}
+#endif
+#ifdef BN_MP_GET_LONG_LONG_C
+unsigned long long mp_get_long_long(const mp_int *a)
+{
+   return mp_get_mag_ull(a);
+}
+#endif
+#ifdef BN_MP_PRIME_IS_DIVISIBLE_C
+mp_err mp_prime_is_divisible(const mp_int *a, mp_bool *result)
+{
+   return s_mp_prime_is_divisible(a, result);
+}
+#endif
+#ifdef BN_MP_EXPT_D_EX_C
+mp_err mp_expt_d_ex(const mp_int *a, mp_digit b, mp_int *c, int fast)
+{
+   (void)fast;
+   if (b > MP_MIN(MP_DIGIT_MAX, UINT32_MAX)) {
+      return MP_VAL;
+   }
+   return mp_expt_u32(a, (uint32_t)b, c);
+}
+#endif
+#ifdef BN_MP_EXPT_D_C
+mp_err mp_expt_d(const mp_int *a, mp_digit b, mp_int *c)
+{
+   if (b > MP_MIN(MP_DIGIT_MAX, UINT32_MAX)) {
+      return MP_VAL;
+   }
+   return mp_expt_u32(a, (uint32_t)b, c);
+}
+#endif
+#ifdef BN_MP_N_ROOT_EX_C
+mp_err mp_n_root_ex(const mp_int *a, mp_digit b, mp_int *c, int fast)
+{
+   (void)fast;
+   if (b > MP_MIN(MP_DIGIT_MAX, UINT32_MAX)) {
+      return MP_VAL;
+   }
+   return mp_root_u32(a, (uint32_t)b, c);
+}
+#endif
+#ifdef BN_MP_N_ROOT_C
+mp_err mp_n_root(const mp_int *a, mp_digit b, mp_int *c)
+{
+   if (b > MP_MIN(MP_DIGIT_MAX, UINT32_MAX)) {
+      return MP_VAL;
+   }
+   return mp_root_u32(a, (uint32_t)b, c);
+}
+#endif
+#ifdef BN_MP_UNSIGNED_BIN_SIZE_C
+int mp_unsigned_bin_size(const mp_int *a)
+{
+   return (int)mp_ubin_size(a);
+}
+#endif
+#ifdef BN_MP_READ_UNSIGNED_BIN_C
+mp_err mp_read_unsigned_bin(mp_int *a, const unsigned char *b, int c)
+{
+   return mp_from_ubin(a, b, (size_t) c);
+}
+#endif
+#ifdef BN_MP_TO_UNSIGNED_BIN_C
+mp_err mp_to_unsigned_bin(const mp_int *a, unsigned char *b)
+{
+   return mp_to_ubin(a, b, SIZE_MAX, NULL);
+}
+#endif
+#ifdef BN_MP_TO_UNSIGNED_BIN_N_C
+mp_err mp_to_unsigned_bin_n(const mp_int *a, unsigned char *b, unsigned long *outlen)
+{
+   size_t n = mp_ubin_size(a);
+   if (*outlen < (unsigned long)n) {
+      return MP_VAL;
+   }
+   *outlen = (unsigned long)n;
+   return mp_to_ubin(a, b, n, NULL);
+}
+#endif
+#ifdef BN_MP_SIGNED_BIN_SIZE_C
+int mp_signed_bin_size(const mp_int *a)
+{
+   return (int)mp_sbin_size(a);
+}
+#endif
+#ifdef BN_MP_READ_SIGNED_BIN_C
+mp_err mp_read_signed_bin(mp_int *a, const unsigned char *b, int c)
+{
+   return mp_from_sbin(a, b, (size_t) c);
+}
+#endif
+#ifdef BN_MP_TO_SIGNED_BIN_C
+mp_err mp_to_signed_bin(const mp_int *a, unsigned char *b)
+{
+   return mp_to_sbin(a, b, SIZE_MAX, NULL);
+}
+#endif
+#ifdef BN_MP_TO_SIGNED_BIN_N_C
+mp_err mp_to_signed_bin_n(const mp_int *a, unsigned char *b, unsigned long *outlen)
+{
+   size_t n = mp_sbin_size(a);
+   if (*outlen < (unsigned long)n) {
+      return MP_VAL;
+   }
+   *outlen = (unsigned long)n;
+   return mp_to_sbin(a, b, n, NULL);
+}
+#endif
+#ifdef BN_MP_TORADIX_N_C
+mp_err mp_toradix_n(const mp_int *a, char *str, int radix, int maxlen)
+{
+   if (maxlen < 0) {
+      return MP_VAL;
+   }
+   return mp_to_radix(a, str, (size_t)maxlen, NULL, radix);
+}
+#endif
+#ifdef BN_MP_TORADIX_C
+mp_err mp_toradix(const mp_int *a, char *str, int radix)
+{
+   return mp_to_radix(a, str, SIZE_MAX, NULL, radix);
+}
+#endif
+#ifdef BN_MP_IMPORT_C
+mp_err mp_import(mp_int *rop, size_t count, int order, size_t size, int endian, size_t nails,
+                 const void *op)
+{
+   return mp_unpack(rop, count, order, size, endian, nails, op);
+}
+#endif
+#ifdef BN_MP_EXPORT_C
+mp_err mp_export(void *rop, size_t *countp, int order, size_t size,
+                 int endian, size_t nails, const mp_int *op)
+{
+   return mp_pack(rop, SIZE_MAX, countp, order, size, endian, nails, op);
+}
+#endif
+#endif
--- a/libtommath/bn_error.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,44 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_ERROR_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-static const struct {
-   int code;
-   const char *msg;
-} msgs[] = {
-   { MP_OKAY, "Successful" },
-   { MP_MEM,  "Out of heap" },
-   { MP_VAL,  "Value out of range" }
-};
-
-/* return a char * string for a given code */
-const char *mp_error_to_string(int code)
-{
-   size_t x;
-
-   /* scan the lookup table for the given message */
-   for (x = 0; x < (sizeof(msgs) / sizeof(msgs[0])); x++) {
-      if (msgs[x].code == code) {
-         return msgs[x].msg;
-      }
-   }
-
-   /* generic reply for invalid code */
-   return "Invalid error code";
-}
-
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_fast_mp_invmod.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,160 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_FAST_MP_INVMOD_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* computes the modular inverse via binary extended euclidean algorithm,
- * that is c = 1/a mod b
- *
- * Based on slow invmod except this is optimized for the case where b is
- * odd as per HAC Note 14.64 on pp. 610
- */
-int fast_mp_invmod(const mp_int *a, const mp_int *b, mp_int *c)
-{
-   mp_int  x, y, u, v, B, D;
-   int     res, neg;
-
-   /* 2. [modified] b must be odd   */
-   if (mp_iseven(b) == MP_YES) {
-      return MP_VAL;
-   }
-
-   /* init all our temps */
-   if ((res = mp_init_multi(&x, &y, &u, &v, &B, &D, NULL)) != MP_OKAY) {
-      return res;
-   }
-
-   /* x == modulus, y == value to invert */
-   if ((res = mp_copy(b, &x)) != MP_OKAY) {
-      goto LBL_ERR;
-   }
-
-   /* we need y = |a| */
-   if ((res = mp_mod(a, b, &y)) != MP_OKAY) {
-      goto LBL_ERR;
-   }
-
-   /* if one of x,y is zero return an error! */
-   if ((mp_iszero(&x) == MP_YES) || (mp_iszero(&y) == MP_YES)) {
-      res = MP_VAL;
-      goto LBL_ERR;
-   }
-
-   /* 3. u=x, v=y, A=1, B=0, C=0,D=1 */
-   if ((res = mp_copy(&x, &u)) != MP_OKAY) {
-      goto LBL_ERR;
-   }
-   if ((res = mp_copy(&y, &v)) != MP_OKAY) {
-      goto LBL_ERR;
-   }
-   mp_set(&D, 1uL);
-
-top:
-   /* 4.  while u is even do */
-   while (mp_iseven(&u) == MP_YES) {
-      /* 4.1 u = u/2 */
-      if ((res = mp_div_2(&u, &u)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-      /* 4.2 if B is odd then */
-      if (mp_isodd(&B) == MP_YES) {
-         if ((res = mp_sub(&B, &x, &B)) != MP_OKAY) {
-            goto LBL_ERR;
-         }
-      }
-      /* B = B/2 */
-      if ((res = mp_div_2(&B, &B)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-   }
-
-   /* 5.  while v is even do */
-   while (mp_iseven(&v) == MP_YES) {
-      /* 5.1 v = v/2 */
-      if ((res = mp_div_2(&v, &v)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-      /* 5.2 if D is odd then */
-      if (mp_isodd(&D) == MP_YES) {
-         /* D = (D-x)/2 */
-         if ((res = mp_sub(&D, &x, &D)) != MP_OKAY) {
-            goto LBL_ERR;
-         }
-      }
-      /* D = D/2 */
-      if ((res = mp_div_2(&D, &D)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-   }
-
-   /* 6.  if u >= v then */
-   if (mp_cmp(&u, &v) != MP_LT) {
-      /* u = u - v, B = B - D */
-      if ((res = mp_sub(&u, &v, &u)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-
-      if ((res = mp_sub(&B, &D, &B)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-   } else {
-      /* v - v - u, D = D - B */
-      if ((res = mp_sub(&v, &u, &v)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-
-      if ((res = mp_sub(&D, &B, &D)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-   }
-
-   /* if not zero goto step 4 */
-   if (mp_iszero(&u) == MP_NO) {
-      goto top;
-   }
-
-   /* now a = C, b = D, gcd == g*v */
-
-   /* if v != 1 then there is no inverse */
-   if (mp_cmp_d(&v, 1uL) != MP_EQ) {
-      res = MP_VAL;
-      goto LBL_ERR;
-   }
-
-   /* b is now the inverse */
-   neg = a->sign;
-   while (D.sign == MP_NEG) {
-      if ((res = mp_add(&D, b, &D)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-   }
-
-   /* too big */
-   while (mp_cmp_mag(&D, b) != MP_LT) {
-      if ((res = mp_sub(&D, b, &D)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-   }
-
-   mp_exch(&D, c);
-   c->sign = neg;
-   res = MP_OKAY;
-
-LBL_ERR:
-   mp_clear_multi(&x, &y, &u, &v, &B, &D, NULL);
-   return res;
-}
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_fast_mp_montgomery_reduce.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,173 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_FAST_MP_MONTGOMERY_REDUCE_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* computes xR**-1 == x (mod N) via Montgomery Reduction
- *
- * This is an optimized implementation of montgomery_reduce
- * which uses the comba method to quickly calculate the columns of the
- * reduction.
- *
- * Based on Algorithm 14.32 on pp.601 of HAC.
-*/
-int fast_mp_montgomery_reduce(mp_int *x, const mp_int *n, mp_digit rho)
-{
-   int     ix, res, olduse;
-   mp_word W[MP_WARRAY];
-
-   if (x->used > (int)MP_WARRAY) {
-      return MP_VAL;
-   }
-
-   /* get old used count */
-   olduse = x->used;
-
-   /* grow a as required */
-   if (x->alloc < (n->used + 1)) {
-      if ((res = mp_grow(x, n->used + 1)) != MP_OKAY) {
-         return res;
-      }
-   }
-
-   /* first we have to get the digits of the input into
-    * an array of double precision words W[...]
-    */
-   {
-      mp_word *_W;
-      mp_digit *tmpx;
-
-      /* alias for the W[] array */
-      _W   = W;
-
-      /* alias for the digits of  x*/
-      tmpx = x->dp;
-
-      /* copy the digits of a into W[0..a->used-1] */
-      for (ix = 0; ix < x->used; ix++) {
-         *_W++ = *tmpx++;
-      }
-
-      /* zero the high words of W[a->used..m->used*2] */
-      for (; ix < ((n->used * 2) + 1); ix++) {
-         *_W++ = 0;
-      }
-   }
-
-   /* now we proceed to zero successive digits
-    * from the least significant upwards
-    */
-   for (ix = 0; ix < n->used; ix++) {
-      /* mu = ai * m' mod b
-       *
-       * We avoid a double precision multiplication (which isn't required)
-       * by casting the value down to a mp_digit.  Note this requires
-       * that W[ix-1] have  the carry cleared (see after the inner loop)
-       */
-      mp_digit mu;
-      mu = ((W[ix] & MP_MASK) * rho) & MP_MASK;
-
-      /* a = a + mu * m * b**i
-       *
-       * This is computed in place and on the fly.  The multiplication
-       * by b**i is handled by offseting which columns the results
-       * are added to.
-       *
-       * Note the comba method normally doesn't handle carries in the
-       * inner loop In this case we fix the carry from the previous
-       * column since the Montgomery reduction requires digits of the
-       * result (so far) [see above] to work.  This is
-       * handled by fixing up one carry after the inner loop.  The
-       * carry fixups are done in order so after these loops the
-       * first m->used words of W[] have the carries fixed
-       */
-      {
-         int iy;
-         mp_digit *tmpn;
-         mp_word *_W;
-
-         /* alias for the digits of the modulus */
-         tmpn = n->dp;
-
-         /* Alias for the columns set by an offset of ix */
-         _W = W + ix;
-
-         /* inner loop */
-         for (iy = 0; iy < n->used; iy++) {
-            *_W++ += (mp_word)mu * (mp_word)*tmpn++;
-         }
-      }
-
-      /* now fix carry for next digit, W[ix+1] */
-      W[ix + 1] += W[ix] >> (mp_word)DIGIT_BIT;
-   }
-
-   /* now we have to propagate the carries and
-    * shift the words downward [all those least
-    * significant digits we zeroed].
-    */
-   {
-      mp_digit *tmpx;
-      mp_word *_W, *_W1;
-
-      /* nox fix rest of carries */
-
-      /* alias for current word */
-      _W1 = W + ix;
-
-      /* alias for next word, where the carry goes */
-      _W = W + ++ix;
-
-      for (; ix <= ((n->used * 2) + 1); ix++) {
-         *_W++ += *_W1++ >> (mp_word)DIGIT_BIT;
-      }
-
-      /* copy out, A = A/b**n
-       *
-       * The result is A/b**n but instead of converting from an
-       * array of mp_word to mp_digit than calling mp_rshd
-       * we just copy them in the right order
-       */
-
-      /* alias for destination word */
-      tmpx = x->dp;
-
-      /* alias for shifted double precision result */
-      _W = W + n->used;
-
-      for (ix = 0; ix < (n->used + 1); ix++) {
-         *tmpx++ = *_W++ & (mp_word)MP_MASK;
-      }
-
-      /* zero oldused digits, if the input a was larger than
-       * m->used+1 we'll have to clear the digits
-       */
-      for (; ix < olduse; ix++) {
-         *tmpx++ = 0;
-      }
-   }
-
-   /* set the max used and clamp */
-   x->used = n->used + 1;
-   mp_clamp(x);
-
-   /* if A >= m then A = A - m */
-   if (mp_cmp_mag(x, n) != MP_LT) {
-      return s_mp_sub(x, n, x);
-   }
-   return MP_OKAY;
-}
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_fast_s_mp_mul_digs.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,104 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_FAST_S_MP_MUL_DIGS_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* Fast (comba) multiplier
- *
- * This is the fast column-array [comba] multiplier.  It is
- * designed to compute the columns of the product first
- * then handle the carries afterwards.  This has the effect
- * of making the nested loops that compute the columns very
- * simple and schedulable on super-scalar processors.
- *
- * This has been modified to produce a variable number of
- * digits of output so if say only a half-product is required
- * you don't have to compute the upper half (a feature
- * required for fast Barrett reduction).
- *
- * Based on Algorithm 14.12 on pp.595 of HAC.
- *
- */
-int fast_s_mp_mul_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
-{
-   int     olduse, res, pa, ix, iz;
-   mp_digit W[MP_WARRAY];
-   mp_word  _W;
-
-   /* grow the destination as required */
-   if (c->alloc < digs) {
-      if ((res = mp_grow(c, digs)) != MP_OKAY) {
-         return res;
-      }
-   }
-
-   /* number of output digits to produce */
-   pa = MIN(digs, a->used + b->used);
-
-   /* clear the carry */
-   _W = 0;
-   for (ix = 0; ix < pa; ix++) {
-      int      tx, ty;
-      int      iy;
-      mp_digit *tmpx, *tmpy;
-
-      /* get offsets into the two bignums */
-      ty = MIN(b->used-1, ix);
-      tx = ix - ty;
-
-      /* setup temp aliases */
-      tmpx = a->dp + tx;
-      tmpy = b->dp + ty;
-
-      /* this is the number of times the loop will iterrate, essentially
-         while (tx++ < a->used && ty-- >= 0) { ... }
-       */
-      iy = MIN(a->used-tx, ty+1);
-
-      /* execute loop */
-      for (iz = 0; iz < iy; ++iz) {
-         _W += (mp_word)*tmpx++ * (mp_word)*tmpy--;
-
-      }
-
-      /* store term */
-      W[ix] = (mp_digit)_W & MP_MASK;
-
-      /* make next carry */
-      _W = _W >> (mp_word)DIGIT_BIT;
-   }
-
-   /* setup dest */
-   olduse  = c->used;
-   c->used = pa;
-
-   {
-      mp_digit *tmpc;
-      tmpc = c->dp;
-      for (ix = 0; ix < pa; ix++) {
-         /* now extract the previous digit [below the carry] */
-         *tmpc++ = W[ix];
-      }
-
-      /* clear unused digits [that existed in the old copy of c] */
-      for (; ix < olduse; ix++) {
-         *tmpc++ = 0;
-      }
-   }
-   mp_clamp(c);
-   return MP_OKAY;
-}
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_fast_s_mp_mul_high_digs.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,95 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_FAST_S_MP_MUL_HIGH_DIGS_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* this is a modified version of fast_s_mul_digs that only produces
- * output digits *above* digs.  See the comments for fast_s_mul_digs
- * to see how it works.
- *
- * This is used in the Barrett reduction since for one of the multiplications
- * only the higher digits were needed.  This essentially halves the work.
- *
- * Based on Algorithm 14.12 on pp.595 of HAC.
- */
-int fast_s_mp_mul_high_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
-{
-   int     olduse, res, pa, ix, iz;
-   mp_digit W[MP_WARRAY];
-   mp_word  _W;
-
-   /* grow the destination as required */
-   pa = a->used + b->used;
-   if (c->alloc < pa) {
-      if ((res = mp_grow(c, pa)) != MP_OKAY) {
-         return res;
-      }
-   }
-
-   /* number of output digits to produce */
-   pa = a->used + b->used;
-   _W = 0;
-   for (ix = digs; ix < pa; ix++) {
-      int      tx, ty, iy;
-      mp_digit *tmpx, *tmpy;
-
-      /* get offsets into the two bignums */
-      ty = MIN(b->used-1, ix);
-      tx = ix - ty;
-
-      /* setup temp aliases */
-      tmpx = a->dp + tx;
-      tmpy = b->dp + ty;
-
-      /* this is the number of times the loop will iterrate, essentially its
-         while (tx++ < a->used && ty-- >= 0) { ... }
-       */
-      iy = MIN(a->used-tx, ty+1);
-
-      /* execute loop */
-      for (iz = 0; iz < iy; iz++) {
-         _W += (mp_word)*tmpx++ * (mp_word)*tmpy--;
-      }
-
-      /* store term */
-      W[ix] = (mp_digit)_W & MP_MASK;
-
-      /* make next carry */
-      _W = _W >> (mp_word)DIGIT_BIT;
-   }
-
-   /* setup dest */
-   olduse  = c->used;
-   c->used = pa;
-
-   {
-      mp_digit *tmpc;
-
-      tmpc = c->dp + digs;
-      for (ix = digs; ix < pa; ix++) {
-         /* now extract the previous digit [below the carry] */
-         *tmpc++ = W[ix];
-      }
-
-      /* clear unused digits [that existed in the old copy of c] */
-      for (; ix < olduse; ix++) {
-         *tmpc++ = 0;
-      }
-   }
-   mp_clamp(c);
-   return MP_OKAY;
-}
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_fast_s_mp_sqr.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,111 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_FAST_S_MP_SQR_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* the jist of squaring...
- * you do like mult except the offset of the tmpx [one that
- * starts closer to zero] can't equal the offset of tmpy.
- * So basically you set up iy like before then you min it with
- * (ty-tx) so that it never happens.  You double all those
- * you add in the inner loop
-
-After that loop you do the squares and add them in.
-*/
-
-int fast_s_mp_sqr(const mp_int *a, mp_int *b)
-{
-   int       olduse, res, pa, ix, iz;
-   mp_digit   W[MP_WARRAY], *tmpx;
-   mp_word   W1;
-
-   /* grow the destination as required */
-   pa = a->used + a->used;
-   if (b->alloc < pa) {
-      if ((res = mp_grow(b, pa)) != MP_OKAY) {
-         return res;
-      }
-   }
-
-   /* number of output digits to produce */
-   W1 = 0;
-   for (ix = 0; ix < pa; ix++) {
-      int      tx, ty, iy;
-      mp_word  _W;
-      mp_digit *tmpy;
-
-      /* clear counter */
-      _W = 0;
-
-      /* get offsets into the two bignums */
-      ty = MIN(a->used-1, ix);
-      tx = ix - ty;
-
-      /* setup temp aliases */
-      tmpx = a->dp + tx;
-      tmpy = a->dp + ty;
-
-      /* this is the number of times the loop will iterrate, essentially
-         while (tx++ < a->used && ty-- >= 0) { ... }
-       */
-      iy = MIN(a->used-tx, ty+1);
-
-      /* now for squaring tx can never equal ty
-       * we halve the distance since they approach at a rate of 2x
-       * and we have to round because odd cases need to be executed
-       */
-      iy = MIN(iy, ((ty-tx)+1)>>1);
-
-      /* execute loop */
-      for (iz = 0; iz < iy; iz++) {
-         _W += (mp_word)*tmpx++ * (mp_word)*tmpy--;
-      }
-
-      /* double the inner product and add carry */
-      _W = _W + _W + W1;
-
-      /* even columns have the square term in them */
-      if (((unsigned)ix & 1u) == 0u) {
-         _W += (mp_word)a->dp[ix>>1] * (mp_word)a->dp[ix>>1];
-      }
-
-      /* store it */
-      W[ix] = _W & MP_MASK;
-
-      /* make next carry */
-      W1 = _W >> (mp_word)DIGIT_BIT;
-   }
-
-   /* setup dest */
-   olduse  = b->used;
-   b->used = a->used+a->used;
-
-   {
-      mp_digit *tmpb;
-      tmpb = b->dp;
-      for (ix = 0; ix < pa; ix++) {
-         *tmpb++ = W[ix] & MP_MASK;
-      }
-
-      /* clear unused digits [that existed in the old copy of c] */
-      for (; ix < olduse; ix++) {
-         *tmpb++ = 0;
-      }
-   }
-   mp_clamp(b);
-   return MP_OKAY;
-}
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_2expt.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_2expt.c	Tue May 26 17:36:47 2020 +0200
@@ -1,44 +1,31 @@
 #include "tommath_private.h"
 #ifdef BN_MP_2EXPT_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* computes a = 2**b
  *
  * Simple algorithm which zeroes the int, grows it then just sets one bit
  * as required.
  */
-int mp_2expt(mp_int *a, int b)
+mp_err mp_2expt(mp_int *a, int b)
 {
-   int     res;
+   mp_err    err;
 
    /* zero a as per default */
    mp_zero(a);
 
    /* grow a to accomodate the single bit */
-   if ((res = mp_grow(a, (b / DIGIT_BIT) + 1)) != MP_OKAY) {
-      return res;
+   if ((err = mp_grow(a, (b / MP_DIGIT_BIT) + 1)) != MP_OKAY) {
+      return err;
    }
 
    /* set the used count of where the bit will go */
-   a->used = (b / DIGIT_BIT) + 1;
+   a->used = (b / MP_DIGIT_BIT) + 1;
 
    /* put the single bit in its place */
-   a->dp[b / DIGIT_BIT] = (mp_digit)1 << (mp_digit)(b % DIGIT_BIT);
+   a->dp[b / MP_DIGIT_BIT] = (mp_digit)1 << (mp_digit)(b % MP_DIGIT_BIT);
 
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_abs.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_abs.c	Tue May 26 17:36:47 2020 +0200
@@ -1,29 +1,20 @@
 #include "tommath_private.h"
 #ifdef BN_MP_ABS_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* b = |a|
  *
  * Simple function copies the input and fixes the sign to positive
  */
-int mp_abs(const mp_int *a, mp_int *b)
+mp_err mp_abs(const mp_int *a, mp_int *b)
 {
-   int     res;
+   mp_err     err;
 
    /* copy a to b */
    if (a != b) {
-      if ((res = mp_copy(a, b)) != MP_OKAY) {
-         return res;
+      if ((err = mp_copy(a, b)) != MP_OKAY) {
+         return err;
       }
    }
 
@@ -33,7 +24,3 @@
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_add.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_add.c	Tue May 26 17:36:47 2020 +0200
@@ -1,21 +1,13 @@
 #include "tommath_private.h"
 #ifdef BN_MP_ADD_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* high level addition (handles signs) */
-int mp_add(const mp_int *a, const mp_int *b, mp_int *c)
+mp_err mp_add(const mp_int *a, const mp_int *b, mp_int *c)
 {
-   int     sa, sb, res;
+   mp_sign sa, sb;
+   mp_err err;
 
    /* get sign of both inputs */
    sa = a->sign;
@@ -26,7 +18,7 @@
       /* both positive or both negative */
       /* add their magnitudes, copy the sign */
       c->sign = sa;
-      res = s_mp_add(a, b, c);
+      err = s_mp_add(a, b, c);
    } else {
       /* one positive, the other negative */
       /* subtract the one with the greater magnitude from */
@@ -34,17 +26,13 @@
       /* the sign of the one with the greater magnitude. */
       if (mp_cmp_mag(a, b) == MP_LT) {
          c->sign = sb;
-         res = s_mp_sub(b, a, c);
+         err = s_mp_sub(b, a, c);
       } else {
          c->sign = sa;
-         res = s_mp_sub(a, b, c);
+         err = s_mp_sub(a, b, c);
       }
    }
-   return res;
+   return err;
 }
 
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_add_d.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_add_d.c	Tue May 26 17:36:47 2020 +0200
@@ -1,27 +1,19 @@
 #include "tommath_private.h"
 #ifdef BN_MP_ADD_D_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* single digit addition */
-int mp_add_d(const mp_int *a, mp_digit b, mp_int *c)
+mp_err mp_add_d(const mp_int *a, mp_digit b, mp_int *c)
 {
-   int     res, ix, oldused;
-   mp_digit *tmpa, *tmpc, mu;
+   mp_err     err;
+   int ix, oldused;
+   mp_digit *tmpa, *tmpc;
 
    /* grow c as required */
    if (c->alloc < (a->used + 1)) {
-      if ((res = mp_grow(c, a->used + 1)) != MP_OKAY) {
-         return res;
+      if ((err = mp_grow(c, a->used + 1)) != MP_OKAY) {
+         return err;
       }
    }
 
@@ -32,7 +24,7 @@
       a_.sign = MP_ZPOS;
 
       /* c = |a| - b */
-      res = mp_sub_d(&a_, b, c);
+      err = mp_sub_d(&a_, b, c);
 
       /* fix sign  */
       c->sign = MP_NEG;
@@ -40,7 +32,7 @@
       /* clamp */
       mp_clamp(c);
 
-      return res;
+      return err;
    }
 
    /* old number of used digits in c */
@@ -54,17 +46,11 @@
 
    /* if a is positive */
    if (a->sign == MP_ZPOS) {
-      /* add digit, after this we're propagating
-       * the carry.
-       */
-      *tmpc   = *tmpa++ + b;
-      mu      = *tmpc >> DIGIT_BIT;
-      *tmpc++ &= MP_MASK;
-
-      /* now handle rest of the digits */
-      for (ix = 1; ix < a->used; ix++) {
+      /* add digits, mu is carry */
+      mp_digit mu = b;
+      for (ix = 0; ix < a->used; ix++) {
          *tmpc   = *tmpa++ + mu;
-         mu      = *tmpc >> DIGIT_BIT;
+         mu      = *tmpc >> MP_DIGIT_BIT;
          *tmpc++ &= MP_MASK;
       }
       /* set final carry */
@@ -94,16 +80,10 @@
    c->sign = MP_ZPOS;
 
    /* now zero to oldused */
-   while (ix++ < oldused) {
-      *tmpc++ = 0;
-   }
+   MP_ZERO_DIGITS(tmpc, oldused - ix);
    mp_clamp(c);
 
    return MP_OKAY;
 }
 
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_addmod.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_addmod.c	Tue May 26 17:36:47 2020 +0200
@@ -1,37 +1,25 @@
 #include "tommath_private.h"
 #ifdef BN_MP_ADDMOD_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* d = a + b (mod c) */
-int mp_addmod(const mp_int *a, const mp_int *b, const mp_int *c, mp_int *d)
+mp_err mp_addmod(const mp_int *a, const mp_int *b, const mp_int *c, mp_int *d)
 {
-   int     res;
+   mp_err  err;
    mp_int  t;
 
-   if ((res = mp_init(&t)) != MP_OKAY) {
-      return res;
+   if ((err = mp_init(&t)) != MP_OKAY) {
+      return err;
    }
 
-   if ((res = mp_add(a, b, &t)) != MP_OKAY) {
-      mp_clear(&t);
-      return res;
+   if ((err = mp_add(a, b, &t)) != MP_OKAY) {
+      goto LBL_ERR;
    }
-   res = mp_mod(&t, c, d);
+   err = mp_mod(&t, c, d);
+
+LBL_ERR:
    mp_clear(&t);
-   return res;
+   return err;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_and.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_and.c	Tue May 26 17:36:47 2020 +0200
@@ -1,54 +1,56 @@
 #include "tommath_private.h"
 #ifdef BN_MP_AND_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
-/* AND two ints together */
-int mp_and(const mp_int *a, const mp_int *b, mp_int *c)
+/* two complement and */
+mp_err mp_and(const mp_int *a, const mp_int *b, mp_int *c)
 {
-   int     res, ix, px;
-   mp_int  t;
-   const mp_int *x;
+   int used = MP_MAX(a->used, b->used) + 1, i;
+   mp_err err;
+   mp_digit ac = 1, bc = 1, cc = 1;
+   mp_sign csign = ((a->sign == MP_NEG) && (b->sign == MP_NEG)) ? MP_NEG : MP_ZPOS;
 
-   if (a->used > b->used) {
-      if ((res = mp_init_copy(&t, a)) != MP_OKAY) {
-         return res;
+   if (c->alloc < used) {
+      if ((err = mp_grow(c, used)) != MP_OKAY) {
+         return err;
       }
-      px = b->used;
-      x = b;
-   } else {
-      if ((res = mp_init_copy(&t, b)) != MP_OKAY) {
-         return res;
-      }
-      px = a->used;
-      x = a;
    }
 
-   for (ix = 0; ix < px; ix++) {
-      t.dp[ix] &= x->dp[ix];
+   for (i = 0; i < used; i++) {
+      mp_digit x, y;
+
+      /* convert to two complement if negative */
+      if (a->sign == MP_NEG) {
+         ac += (i >= a->used) ? MP_MASK : (~a->dp[i] & MP_MASK);
+         x = ac & MP_MASK;
+         ac >>= MP_DIGIT_BIT;
+      } else {
+         x = (i >= a->used) ? 0uL : a->dp[i];
+      }
+
+      /* convert to two complement if negative */
+      if (b->sign == MP_NEG) {
+         bc += (i >= b->used) ? MP_MASK : (~b->dp[i] & MP_MASK);
+         y = bc & MP_MASK;
+         bc >>= MP_DIGIT_BIT;
+      } else {
+         y = (i >= b->used) ? 0uL : b->dp[i];
+      }
+
+      c->dp[i] = x & y;
+
+      /* convert to to sign-magnitude if negative */
+      if (csign == MP_NEG) {
+         cc += ~c->dp[i] & MP_MASK;
+         c->dp[i] = cc & MP_MASK;
+         cc >>= MP_DIGIT_BIT;
+      }
    }
 
-   /* zero digits above the last from the smallest mp_int */
-   for (; ix < t.used; ix++) {
-      t.dp[ix] = 0;
-   }
-
-   mp_clamp(&t);
-   mp_exch(c, &t);
-   mp_clear(&t);
+   c->used = used;
+   c->sign = csign;
+   mp_clamp(c);
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_clamp.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_clamp.c	Tue May 26 17:36:47 2020 +0200
@@ -1,16 +1,7 @@
 #include "tommath_private.h"
 #ifdef BN_MP_CLAMP_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* trim unused digits
  *
@@ -34,7 +25,3 @@
    }
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_clear.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_clear.c	Tue May 26 17:36:47 2020 +0200
@@ -1,28 +1,15 @@
 #include "tommath_private.h"
-#include "dbhelpers.h"
 #ifdef BN_MP_CLEAR_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* clear one (frees)  */
 void mp_clear(mp_int *a)
 {
    /* only do anything if a hasn't been freed previously */
    if (a->dp != NULL) {
-      /* first zero the digits */
-      m_burn(a->dp, (size_t)a->alloc * sizeof(*a->dp));
-
       /* free ram */
-      XFREE(a->dp);
+      MP_FREE_DIGITS(a->dp, a->alloc);
 
       /* reset members to make debugging easier */
       a->dp    = NULL;
@@ -31,7 +18,3 @@
    }
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_clear_multi.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_clear_multi.c	Tue May 26 17:36:47 2020 +0200
@@ -1,16 +1,7 @@
 #include "tommath_private.h"
 #ifdef BN_MP_CLEAR_MULTI_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 #include <stdarg.h>
 
@@ -26,7 +17,3 @@
    va_end(args);
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_cmp.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_cmp.c	Tue May 26 17:36:47 2020 +0200
@@ -1,19 +1,10 @@
 #include "tommath_private.h"
 #ifdef BN_MP_CMP_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* compare two ints (signed)*/
-int mp_cmp(const mp_int *a, const mp_int *b)
+mp_ord mp_cmp(const mp_int *a, const mp_int *b)
 {
    /* compare based on sign */
    if (a->sign != b->sign) {
@@ -33,7 +24,3 @@
    }
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_cmp_d.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_cmp_d.c	Tue May 26 17:36:47 2020 +0200
@@ -1,19 +1,10 @@
 #include "tommath_private.h"
 #ifdef BN_MP_CMP_D_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* compare a digit */
-int mp_cmp_d(const mp_int *a, mp_digit b)
+mp_ord mp_cmp_d(const mp_int *a, mp_digit b)
 {
    /* compare based on sign */
    if (a->sign == MP_NEG) {
@@ -35,7 +26,3 @@
    }
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_cmp_mag.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_cmp_mag.c	Tue May 26 17:36:47 2020 +0200
@@ -1,22 +1,13 @@
 #include "tommath_private.h"
 #ifdef BN_MP_CMP_MAG_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* compare maginitude of two ints (unsigned) */
-int mp_cmp_mag(const mp_int *a, const mp_int *b)
+mp_ord mp_cmp_mag(const mp_int *a, const mp_int *b)
 {
    int     n;
-   mp_digit *tmpa, *tmpb;
+   const mp_digit *tmpa, *tmpb;
 
    /* compare based on # of non-zero digits */
    if (a->used > b->used) {
@@ -46,7 +37,3 @@
    return MP_EQ;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_cnt_lsb.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_cnt_lsb.c	Tue May 26 17:36:47 2020 +0200
@@ -1,16 +1,7 @@
 #include "tommath_private.h"
 #ifdef BN_MP_CNT_LSB_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 static const int lnz[16] = {
    4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0
@@ -23,14 +14,14 @@
    mp_digit q, qq;
 
    /* easy out */
-   if (mp_iszero(a) == MP_YES) {
+   if (MP_IS_ZERO(a)) {
       return 0;
    }
 
    /* scan lower digits until non-zero */
    for (x = 0; (x < a->used) && (a->dp[x] == 0u); x++) {}
    q = a->dp[x];
-   x *= DIGIT_BIT;
+   x *= MP_DIGIT_BIT;
 
    /* now scan this digit until a 1 is found */
    if ((q & 1u) == 0u) {
@@ -44,7 +35,3 @@
 }
 
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_complement.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_complement.c	Tue May 26 17:36:47 2020 +0200
@@ -1,25 +1,12 @@
 #include "tommath_private.h"
 #ifdef BN_MP_COMPLEMENT_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* b = ~a */
-int mp_complement(const mp_int *a, mp_int *b)
+mp_err mp_complement(const mp_int *a, mp_int *b)
 {
-   int res = mp_neg(a, b);
-   return (res == MP_OKAY) ? mp_sub_d(b, 1uL, b) : res;
+   mp_err err = mp_neg(a, b);
+   return (err == MP_OKAY) ? mp_sub_d(b, 1uL, b) : err;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_copy.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_copy.c	Tue May 26 17:36:47 2020 +0200
@@ -1,21 +1,14 @@
 #include "tommath_private.h"
 #ifdef BN_MP_COPY_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* copy, b = a */
-int mp_copy(const mp_int *a, mp_int *b)
+mp_err mp_copy(const mp_int *a, mp_int *b)
 {
-   int     res, n;
+   int n;
+   mp_digit *tmpa, *tmpb;
+   mp_err err;
 
    /* if dst == src do nothing */
    if (a == b) {
@@ -24,33 +17,27 @@
 
    /* grow dest */
    if (b->alloc < a->used) {
-      if ((res = mp_grow(b, a->used)) != MP_OKAY) {
-         return res;
+      if ((err = mp_grow(b, a->used)) != MP_OKAY) {
+         return err;
       }
    }
 
    /* zero b and copy the parameters over */
-   {
-      mp_digit *tmpa, *tmpb;
-
-      /* pointer aliases */
+   /* pointer aliases */
 
-      /* source */
-      tmpa = a->dp;
+   /* source */
+   tmpa = a->dp;
 
-      /* destination */
-      tmpb = b->dp;
+   /* destination */
+   tmpb = b->dp;
 
-      /* copy all the digits */
-      for (n = 0; n < a->used; n++) {
-         *tmpb++ = *tmpa++;
-      }
+   /* copy all the digits */
+   for (n = 0; n < a->used; n++) {
+      *tmpb++ = *tmpa++;
+   }
 
-      /* clear high digits */
-      for (; n < b->used; n++) {
-         *tmpb++ = 0;
-      }
-   }
+   /* clear high digits */
+   MP_ZERO_DIGITS(tmpb, b->used - n);
 
    /* copy used count and sign */
    b->used = a->used;
@@ -58,7 +45,3 @@
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_count_bits.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_count_bits.c	Tue May 26 17:36:47 2020 +0200
@@ -1,16 +1,7 @@
 #include "tommath_private.h"
 #ifdef BN_MP_COUNT_BITS_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* returns the number of bits in an int */
 int mp_count_bits(const mp_int *a)
@@ -19,23 +10,19 @@
    mp_digit q;
 
    /* shortcut */
-   if (a->used == 0) {
+   if (MP_IS_ZERO(a)) {
       return 0;
    }
 
    /* get number of digits and add that */
-   r = (a->used - 1) * DIGIT_BIT;
+   r = (a->used - 1) * MP_DIGIT_BIT;
 
    /* take the last digit and count the bits in it */
    q = a->dp[a->used - 1];
-   while (q > (mp_digit)0) {
+   while (q > 0u) {
       ++r;
-      q >>= (mp_digit)1;
+      q >>= 1u;
    }
    return r;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_decr.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,34 @@
+#include "tommath_private.h"
+#ifdef BN_MP_DECR_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+/* Decrement "a" by one like "a--". Changes input! */
+mp_err mp_decr(mp_int *a)
+{
+   if (MP_IS_ZERO(a)) {
+      mp_set(a,1uL);
+      a->sign = MP_NEG;
+      return MP_OKAY;
+   } else if (a->sign == MP_NEG) {
+      mp_err err;
+      a->sign = MP_ZPOS;
+      if ((err = mp_incr(a)) != MP_OKAY) {
+         return err;
+      }
+      /* There is no -0 in LTM */
+      if (!MP_IS_ZERO(a)) {
+         a->sign = MP_NEG;
+      }
+      return MP_OKAY;
+   } else if (a->dp[0] > 1uL) {
+      a->dp[0]--;
+      if (a->dp[0] == 0u) {
+         mp_zero(a);
+      }
+      return MP_OKAY;
+   } else {
+      return mp_sub_d(a, 1uL,a);
+   }
+}
+#endif
--- a/libtommath/bn_mp_div.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_div.c	Tue May 26 17:36:47 2020 +0200
@@ -1,69 +1,55 @@
 #include "tommath_private.h"
 #ifdef BN_MP_DIV_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 #ifdef BN_MP_DIV_SMALL
 
 /* slower bit-bang division... also smaller */
-int mp_div(const mp_int *a, const mp_int *b, mp_int *c, mp_int *d)
+mp_err mp_div(const mp_int *a, const mp_int *b, mp_int *c, mp_int *d)
 {
    mp_int ta, tb, tq, q;
-   int    res, n, n2;
+   int     n, n2;
+   mp_err err;
 
    /* is divisor zero ? */
-   if (mp_iszero(b) == MP_YES) {
+   if (MP_IS_ZERO(b)) {
       return MP_VAL;
    }
 
    /* if a < b then q=0, r = a */
    if (mp_cmp_mag(a, b) == MP_LT) {
       if (d != NULL) {
-         res = mp_copy(a, d);
+         err = mp_copy(a, d);
       } else {
-         res = MP_OKAY;
+         err = MP_OKAY;
       }
       if (c != NULL) {
          mp_zero(c);
       }
-      return res;
+      return err;
    }
 
    /* init our temps */
-   if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL)) != MP_OKAY) {
-      return res;
+   if ((err = mp_init_multi(&ta, &tb, &tq, &q, NULL)) != MP_OKAY) {
+      return err;
    }
 
 
    mp_set(&tq, 1uL);
    n = mp_count_bits(a) - mp_count_bits(b);
-   if (((res = mp_abs(a, &ta)) != MP_OKAY) ||
-       ((res = mp_abs(b, &tb)) != MP_OKAY) ||
-       ((res = mp_mul_2d(&tb, n, &tb)) != MP_OKAY) ||
-       ((res = mp_mul_2d(&tq, n, &tq)) != MP_OKAY)) {
-      goto LBL_ERR;
-   }
+   if ((err = mp_abs(a, &ta)) != MP_OKAY)                         goto LBL_ERR;
+   if ((err = mp_abs(b, &tb)) != MP_OKAY)                         goto LBL_ERR;
+   if ((err = mp_mul_2d(&tb, n, &tb)) != MP_OKAY)                 goto LBL_ERR;
+   if ((err = mp_mul_2d(&tq, n, &tq)) != MP_OKAY)                 goto LBL_ERR;
 
    while (n-- >= 0) {
       if (mp_cmp(&tb, &ta) != MP_GT) {
-         if (((res = mp_sub(&ta, &tb, &ta)) != MP_OKAY) ||
-             ((res = mp_add(&q, &tq, &q)) != MP_OKAY)) {
-            goto LBL_ERR;
-         }
+         if ((err = mp_sub(&ta, &tb, &ta)) != MP_OKAY)            goto LBL_ERR;
+         if ((err = mp_add(&q, &tq, &q)) != MP_OKAY)              goto LBL_ERR;
       }
-      if (((res = mp_div_2d(&tb, 1, &tb, NULL)) != MP_OKAY) ||
-          ((res = mp_div_2d(&tq, 1, &tq, NULL)) != MP_OKAY)) {
-         goto LBL_ERR;
-      }
+      if ((err = mp_div_2d(&tb, 1, &tb, NULL)) != MP_OKAY)        goto LBL_ERR;
+      if ((err = mp_div_2d(&tq, 1, &tq, NULL)) != MP_OKAY)        goto LBL_ERR;
    }
 
    /* now q == quotient and ta == remainder */
@@ -71,15 +57,15 @@
    n2 = (a->sign == b->sign) ? MP_ZPOS : MP_NEG;
    if (c != NULL) {
       mp_exch(c, &q);
-      c->sign  = (mp_iszero(c) == MP_YES) ? MP_ZPOS : n2;
+      c->sign  = MP_IS_ZERO(c) ? MP_ZPOS : n2;
    }
    if (d != NULL) {
       mp_exch(d, &ta);
-      d->sign = (mp_iszero(d) == MP_YES) ? MP_ZPOS : n;
+      d->sign = MP_IS_ZERO(d) ? MP_ZPOS : n;
    }
 LBL_ERR:
    mp_clear_multi(&ta, &tb, &tq, &q, NULL);
-   return res;
+   return err;
 }
 
 #else
@@ -97,64 +83,54 @@
  * The overall algorithm is as described as
  * 14.20 from HAC but fixed to treat these cases.
 */
-int mp_div(const mp_int *a, const mp_int *b, mp_int *c, mp_int *d)
+mp_err mp_div(const mp_int *a, const mp_int *b, mp_int *c, mp_int *d)
 {
    mp_int  q, x, y, t1, t2;
-   int     res, n, t, i, norm, neg;
+   int     n, t, i, norm;
+   mp_sign neg;
+   mp_err  err;
 
    /* is divisor zero ? */
-   if (mp_iszero(b) == MP_YES) {
+   if (MP_IS_ZERO(b)) {
       return MP_VAL;
    }
 
    /* if a < b then q=0, r = a */
    if (mp_cmp_mag(a, b) == MP_LT) {
       if (d != NULL) {
-         res = mp_copy(a, d);
+         err = mp_copy(a, d);
       } else {
-         res = MP_OKAY;
+         err = MP_OKAY;
       }
       if (c != NULL) {
          mp_zero(c);
       }
-      return res;
+      return err;
    }
 
-   if ((res = mp_init_size(&q, a->used + 2)) != MP_OKAY) {
-      return res;
+   if ((err = mp_init_size(&q, a->used + 2)) != MP_OKAY) {
+      return err;
    }
    q.used = a->used + 2;
 
-   if ((res = mp_init(&t1)) != MP_OKAY) {
-      goto LBL_Q;
-   }
+   if ((err = mp_init(&t1)) != MP_OKAY)                           goto LBL_Q;
 
-   if ((res = mp_init(&t2)) != MP_OKAY) {
-      goto LBL_T1;
-   }
+   if ((err = mp_init(&t2)) != MP_OKAY)                           goto LBL_T1;
 
-   if ((res = mp_init_copy(&x, a)) != MP_OKAY) {
-      goto LBL_T2;
-   }
+   if ((err = mp_init_copy(&x, a)) != MP_OKAY)                    goto LBL_T2;
 
-   if ((res = mp_init_copy(&y, b)) != MP_OKAY) {
-      goto LBL_X;
-   }
+   if ((err = mp_init_copy(&y, b)) != MP_OKAY)                    goto LBL_X;
 
    /* fix the sign */
    neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG;
    x.sign = y.sign = MP_ZPOS;
 
-   /* normalize both x and y, ensure that y >= b/2, [b == 2**DIGIT_BIT] */
-   norm = mp_count_bits(&y) % DIGIT_BIT;
-   if (norm < (DIGIT_BIT - 1)) {
-      norm = (DIGIT_BIT - 1) - norm;
-      if ((res = mp_mul_2d(&x, norm, &x)) != MP_OKAY) {
-         goto LBL_Y;
-      }
-      if ((res = mp_mul_2d(&y, norm, &y)) != MP_OKAY) {
-         goto LBL_Y;
-      }
+   /* normalize both x and y, ensure that y >= b/2, [b == 2**MP_DIGIT_BIT] */
+   norm = mp_count_bits(&y) % MP_DIGIT_BIT;
+   if (norm < (MP_DIGIT_BIT - 1)) {
+      norm = (MP_DIGIT_BIT - 1) - norm;
+      if ((err = mp_mul_2d(&x, norm, &x)) != MP_OKAY)             goto LBL_Y;
+      if ((err = mp_mul_2d(&y, norm, &y)) != MP_OKAY)             goto LBL_Y;
    } else {
       norm = 0;
    }
@@ -164,15 +140,12 @@
    t = y.used - 1;
 
    /* while (x >= y*b**n-t) do { q[n-t] += 1; x -= y*b**{n-t} } */
-   if ((res = mp_lshd(&y, n - t)) != MP_OKAY) { /* y = y*b**{n-t} */
-      goto LBL_Y;
-   }
+   /* y = y*b**{n-t} */
+   if ((err = mp_lshd(&y, n - t)) != MP_OKAY)                     goto LBL_Y;
 
    while (mp_cmp(&x, &y) != MP_LT) {
       ++(q.dp[n - t]);
-      if ((res = mp_sub(&x, &y, &x)) != MP_OKAY) {
-         goto LBL_Y;
-      }
+      if ((err = mp_sub(&x, &y, &x)) != MP_OKAY)                  goto LBL_Y;
    }
 
    /* reset y by shifting it back down */
@@ -187,10 +160,10 @@
       /* step 3.1 if xi == yt then set q{i-t-1} to b-1,
        * otherwise set q{i-t-1} to (xi*b + x{i-1})/yt */
       if (x.dp[i] == y.dp[t]) {
-         q.dp[(i - t) - 1] = ((mp_digit)1 << (mp_digit)DIGIT_BIT) - (mp_digit)1;
+         q.dp[(i - t) - 1] = ((mp_digit)1 << (mp_digit)MP_DIGIT_BIT) - (mp_digit)1;
       } else {
          mp_word tmp;
-         tmp = (mp_word)x.dp[i] << (mp_word)DIGIT_BIT;
+         tmp = (mp_word)x.dp[i] << (mp_word)MP_DIGIT_BIT;
          tmp |= (mp_word)x.dp[i - 1];
          tmp /= (mp_word)y.dp[t];
          if (tmp > (mp_word)MP_MASK) {
@@ -213,41 +186,27 @@
          t1.dp[0] = ((t - 1) < 0) ? 0u : y.dp[t - 1];
          t1.dp[1] = y.dp[t];
          t1.used = 2;
-         if ((res = mp_mul_d(&t1, q.dp[(i - t) - 1], &t1)) != MP_OKAY) {
-            goto LBL_Y;
-         }
+         if ((err = mp_mul_d(&t1, q.dp[(i - t) - 1], &t1)) != MP_OKAY) goto LBL_Y;
 
          /* find right hand */
          t2.dp[0] = ((i - 2) < 0) ? 0u : x.dp[i - 2];
-         t2.dp[1] = ((i - 1) < 0) ? 0u : x.dp[i - 1];
+         t2.dp[1] = x.dp[i - 1]; /* i >= 1 always holds */
          t2.dp[2] = x.dp[i];
          t2.used = 3;
       } while (mp_cmp_mag(&t1, &t2) == MP_GT);
 
       /* step 3.3 x = x - q{i-t-1} * y * b**{i-t-1} */
-      if ((res = mp_mul_d(&y, q.dp[(i - t) - 1], &t1)) != MP_OKAY) {
-         goto LBL_Y;
-      }
+      if ((err = mp_mul_d(&y, q.dp[(i - t) - 1], &t1)) != MP_OKAY) goto LBL_Y;
 
-      if ((res = mp_lshd(&t1, (i - t) - 1)) != MP_OKAY) {
-         goto LBL_Y;
-      }
+      if ((err = mp_lshd(&t1, (i - t) - 1)) != MP_OKAY)           goto LBL_Y;
 
-      if ((res = mp_sub(&x, &t1, &x)) != MP_OKAY) {
-         goto LBL_Y;
-      }
+      if ((err = mp_sub(&x, &t1, &x)) != MP_OKAY)                 goto LBL_Y;
 
       /* if x < 0 then { x = x + y*b**{i-t-1}; q{i-t-1} -= 1; } */
       if (x.sign == MP_NEG) {
-         if ((res = mp_copy(&y, &t1)) != MP_OKAY) {
-            goto LBL_Y;
-         }
-         if ((res = mp_lshd(&t1, (i - t) - 1)) != MP_OKAY) {
-            goto LBL_Y;
-         }
-         if ((res = mp_add(&x, &t1, &x)) != MP_OKAY) {
-            goto LBL_Y;
-         }
+         if ((err = mp_copy(&y, &t1)) != MP_OKAY)                 goto LBL_Y;
+         if ((err = mp_lshd(&t1, (i - t) - 1)) != MP_OKAY)        goto LBL_Y;
+         if ((err = mp_add(&x, &t1, &x)) != MP_OKAY)              goto LBL_Y;
 
          q.dp[(i - t) - 1] = (q.dp[(i - t) - 1] - 1uL) & MP_MASK;
       }
@@ -267,13 +226,11 @@
    }
 
    if (d != NULL) {
-      if ((res = mp_div_2d(&x, norm, &x, NULL)) != MP_OKAY) {
-         goto LBL_Y;
-      }
+      if ((err = mp_div_2d(&x, norm, &x, NULL)) != MP_OKAY)       goto LBL_Y;
       mp_exch(&x, d);
    }
 
-   res = MP_OKAY;
+   err = MP_OKAY;
 
 LBL_Y:
    mp_clear(&y);
@@ -285,13 +242,9 @@
    mp_clear(&t1);
 LBL_Q:
    mp_clear(&q);
-   return res;
+   return err;
 }
 
 #endif
 
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_div_2.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_div_2.c	Tue May 26 17:36:47 2020 +0200
@@ -1,65 +1,49 @@
 #include "tommath_private.h"
 #ifdef BN_MP_DIV_2_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* b = a/2 */
-int mp_div_2(const mp_int *a, mp_int *b)
+mp_err mp_div_2(const mp_int *a, mp_int *b)
 {
-   int     x, res, oldused;
+   int     x, oldused;
+   mp_digit r, rr, *tmpa, *tmpb;
+   mp_err err;
 
    /* copy */
    if (b->alloc < a->used) {
-      if ((res = mp_grow(b, a->used)) != MP_OKAY) {
-         return res;
+      if ((err = mp_grow(b, a->used)) != MP_OKAY) {
+         return err;
       }
    }
 
    oldused = b->used;
    b->used = a->used;
-   {
-      mp_digit r, rr, *tmpa, *tmpb;
 
-      /* source alias */
-      tmpa = a->dp + b->used - 1;
+   /* source alias */
+   tmpa = a->dp + b->used - 1;
 
-      /* dest alias */
-      tmpb = b->dp + b->used - 1;
+   /* dest alias */
+   tmpb = b->dp + b->used - 1;
 
-      /* carry */
-      r = 0;
-      for (x = b->used - 1; x >= 0; x--) {
-         /* get the carry for the next iteration */
-         rr = *tmpa & 1u;
-
-         /* shift the current digit, add in carry and store */
-         *tmpb-- = (*tmpa-- >> 1) | (r << (DIGIT_BIT - 1));
+   /* carry */
+   r = 0;
+   for (x = b->used - 1; x >= 0; x--) {
+      /* get the carry for the next iteration */
+      rr = *tmpa & 1u;
 
-         /* forward carry to next iteration */
-         r = rr;
-      }
+      /* shift the current digit, add in carry and store */
+      *tmpb-- = (*tmpa-- >> 1) | (r << (MP_DIGIT_BIT - 1));
 
-      /* zero excess digits */
-      tmpb = b->dp + b->used;
-      for (x = b->used; x < oldused; x++) {
-         *tmpb++ = 0;
-      }
+      /* forward carry to next iteration */
+      r = rr;
    }
+
+   /* zero excess digits */
+   MP_ZERO_DIGITS(b->dp + b->used, oldused - b->used);
+
    b->sign = a->sign;
    mp_clamp(b);
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_div_2d.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_div_2d.c	Tue May 26 17:36:47 2020 +0200
@@ -1,52 +1,44 @@
 #include "tommath_private.h"
 #ifdef BN_MP_DIV_2D_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* shift right by a certain bit count (store quotient in c, optional remainder in d) */
-int mp_div_2d(const mp_int *a, int b, mp_int *c, mp_int *d)
+mp_err mp_div_2d(const mp_int *a, int b, mp_int *c, mp_int *d)
 {
    mp_digit D, r, rr;
-   int     x, res;
+   int     x;
+   mp_err err;
 
    /* if the shift count is <= 0 then we do no work */
    if (b <= 0) {
-      res = mp_copy(a, c);
+      err = mp_copy(a, c);
       if (d != NULL) {
          mp_zero(d);
       }
-      return res;
+      return err;
    }
 
    /* copy */
-   if ((res = mp_copy(a, c)) != MP_OKAY) {
-      return res;
+   if ((err = mp_copy(a, c)) != MP_OKAY) {
+      return err;
    }
    /* 'a' should not be used after here - it might be the same as d */
 
    /* get the remainder */
    if (d != NULL) {
-      if ((res = mp_mod_2d(a, b, d)) != MP_OKAY) {
-         return res;
+      if ((err = mp_mod_2d(a, b, d)) != MP_OKAY) {
+         return err;
       }
    }
 
    /* shift by as many digits in the bit count */
-   if (b >= DIGIT_BIT) {
-      mp_rshd(c, b / DIGIT_BIT);
+   if (b >= MP_DIGIT_BIT) {
+      mp_rshd(c, b / MP_DIGIT_BIT);
    }
 
-   /* shift any bit count < DIGIT_BIT */
-   D = (mp_digit)(b % DIGIT_BIT);
+   /* shift any bit count < MP_DIGIT_BIT */
+   D = (mp_digit)(b % MP_DIGIT_BIT);
    if (D != 0u) {
       mp_digit *tmpc, mask, shift;
 
@@ -54,7 +46,7 @@
       mask = ((mp_digit)1 << D) - 1uL;
 
       /* shift for lsb */
-      shift = (mp_digit)DIGIT_BIT - D;
+      shift = (mp_digit)MP_DIGIT_BIT - D;
 
       /* alias */
       tmpc = c->dp + (c->used - 1);
@@ -77,7 +69,3 @@
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_div_3.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_div_3.c	Tue May 26 17:36:47 2020 +0200
@@ -1,41 +1,33 @@
 #include "tommath_private.h"
 #ifdef BN_MP_DIV_3_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* divide by three (based on routine from MPI and the GMP manual) */
-int mp_div_3(const mp_int *a, mp_int *c, mp_digit *d)
+mp_err mp_div_3(const mp_int *a, mp_int *c, mp_digit *d)
 {
    mp_int   q;
    mp_word  w, t;
    mp_digit b;
-   int      res, ix;
+   mp_err   err;
+   int      ix;
 
-   /* b = 2**DIGIT_BIT / 3 */
-   b = ((mp_word)1 << (mp_word)DIGIT_BIT) / (mp_word)3;
+   /* b = 2**MP_DIGIT_BIT / 3 */
+   b = ((mp_word)1 << (mp_word)MP_DIGIT_BIT) / (mp_word)3;
 
-   if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
-      return res;
+   if ((err = mp_init_size(&q, a->used)) != MP_OKAY) {
+      return err;
    }
 
    q.used = a->used;
    q.sign = a->sign;
    w = 0;
    for (ix = a->used - 1; ix >= 0; ix--) {
-      w = (w << (mp_word)DIGIT_BIT) | (mp_word)a->dp[ix];
+      w = (w << (mp_word)MP_DIGIT_BIT) | (mp_word)a->dp[ix];
 
       if (w >= 3u) {
          /* multiply w by [1/3] */
-         t = (w * (mp_word)b) >> (mp_word)DIGIT_BIT;
+         t = (w * (mp_word)b) >> (mp_word)MP_DIGIT_BIT;
 
          /* now subtract 3 * [w/3] from w, to get the remainder */
          w -= t+t+t;
@@ -65,11 +57,7 @@
    }
    mp_clear(&q);
 
-   return res;
+   return err;
 }
 
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_div_d.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_div_d.c	Tue May 26 17:36:47 2020 +0200
@@ -1,42 +1,16 @@
 #include "tommath_private.h"
 #ifdef BN_MP_DIV_D_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-static int s_is_power_of_two(mp_digit b, int *p)
-{
-   int x;
-
-   /* fast return if no power of two */
-   if ((b == 0u) || ((b & (b-1u)) != 0u)) {
-      return 0;
-   }
-
-   for (x = 0; x < DIGIT_BIT; x++) {
-      if (b == ((mp_digit)1<<(mp_digit)x)) {
-         *p = x;
-         return 1;
-      }
-   }
-   return 0;
-}
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* single digit division (based on routine from MPI) */
-int mp_div_d(const mp_int *a, mp_digit b, mp_int *c, mp_digit *d)
+mp_err mp_div_d(const mp_int *a, mp_digit b, mp_int *c, mp_digit *d)
 {
    mp_int  q;
    mp_word w;
    mp_digit t;
-   int     res, ix;
+   mp_err err;
+   int ix;
 
    /* cannot divide by zero */
    if (b == 0u) {
@@ -44,7 +18,7 @@
    }
 
    /* quick outs */
-   if ((b == 1u) || (mp_iszero(a) == MP_YES)) {
+   if ((b == 1u) || MP_IS_ZERO(a)) {
       if (d != NULL) {
          *d = 0;
       }
@@ -55,7 +29,11 @@
    }
 
    /* power of two ? */
-   if (s_is_power_of_two(b, &ix) == 1) {
+   if ((b & (b - 1u)) == 0u) {
+      ix = 1;
+      while ((ix < MP_DIGIT_BIT) && (b != (((mp_digit)1)<<ix))) {
+         ix++;
+      }
       if (d != NULL) {
          *d = a->dp[0] & (((mp_digit)1<<(mp_digit)ix) - 1uL);
       }
@@ -65,23 +43,21 @@
       return MP_OKAY;
    }
 
-#ifdef BN_MP_DIV_3_C
    /* three? */
-   if (b == 3u) {
+   if (MP_HAS(MP_DIV_3) && (b == 3u)) {
       return mp_div_3(a, c, d);
    }
-#endif
 
    /* no easy answer [c'est la vie].  Just division */
-   if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
-      return res;
+   if ((err = mp_init_size(&q, a->used)) != MP_OKAY) {
+      return err;
    }
 
    q.used = a->used;
    q.sign = a->sign;
    w = 0;
    for (ix = a->used - 1; ix >= 0; ix--) {
-      w = (w << (mp_word)DIGIT_BIT) | (mp_word)a->dp[ix];
+      w = (w << (mp_word)MP_DIGIT_BIT) | (mp_word)a->dp[ix];
 
       if (w >= b) {
          t = (mp_digit)(w / b);
@@ -102,11 +78,7 @@
    }
    mp_clear(&q);
 
-   return res;
+   return err;
 }
 
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_dr_is_modulus.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_dr_is_modulus.c	Tue May 26 17:36:47 2020 +0200
@@ -1,25 +1,16 @@
 #include "tommath_private.h"
 #ifdef BN_MP_DR_IS_MODULUS_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* determines if a number is a valid DR modulus */
-int mp_dr_is_modulus(const mp_int *a)
+mp_bool mp_dr_is_modulus(const mp_int *a)
 {
    int ix;
 
    /* must be at least two digits */
    if (a->used < 2) {
-      return 0;
+      return MP_NO;
    }
 
    /* must be of the form b**k - a [a <= b] so all
@@ -27,14 +18,10 @@
     */
    for (ix = 1; ix < a->used; ix++) {
       if (a->dp[ix] != MP_MASK) {
-         return 0;
+         return MP_NO;
       }
    }
-   return 1;
+   return MP_YES;
 }
 
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_dr_reduce.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_dr_reduce.c	Tue May 26 17:36:47 2020 +0200
@@ -1,16 +1,7 @@
 #include "tommath_private.h"
 #ifdef BN_MP_DR_REDUCE_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* reduce "x" in place modulo "n" using the Diminished Radix algorithm.
  *
@@ -26,9 +17,10 @@
  *
  * Input x must be in the range 0 <= x <= (n-1)**2
  */
-int mp_dr_reduce(mp_int *x, const mp_int *n, mp_digit k)
+mp_err mp_dr_reduce(mp_int *x, const mp_int *n, mp_digit k)
 {
-   int      err, i, m;
+   mp_err      err;
+   int i, m;
    mp_word  r;
    mp_digit mu, *tmpx1, *tmpx2;
 
@@ -60,16 +52,14 @@
    for (i = 0; i < m; i++) {
       r         = ((mp_word)*tmpx2++ * (mp_word)k) + *tmpx1 + mu;
       *tmpx1++  = (mp_digit)(r & MP_MASK);
-      mu        = (mp_digit)(r >> ((mp_word)DIGIT_BIT));
+      mu        = (mp_digit)(r >> ((mp_word)MP_DIGIT_BIT));
    }
 
    /* set final carry */
    *tmpx1++ = mu;
 
    /* zero words above m */
-   for (i = m + 1; i < x->used; i++) {
-      *tmpx1++ = 0;
-   }
+   MP_ZERO_DIGITS(tmpx1, (x->used - m) - 1);
 
    /* clamp, sub and return */
    mp_clamp(x);
@@ -86,7 +76,3 @@
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_dr_setup.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_dr_setup.c	Tue May 26 17:36:47 2020 +0200
@@ -1,28 +1,15 @@
 #include "tommath_private.h"
 #ifdef BN_MP_DR_SETUP_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* determines the setup value */
 void mp_dr_setup(const mp_int *a, mp_digit *d)
 {
-   /* the casts are required if DIGIT_BIT is one less than
-    * the number of bits in a mp_digit [e.g. DIGIT_BIT==31]
+   /* the casts are required if MP_DIGIT_BIT is one less than
+    * the number of bits in a mp_digit [e.g. MP_DIGIT_BIT==31]
     */
-   *d = (mp_digit)(((mp_word)1 << (mp_word)DIGIT_BIT) - (mp_word)a->dp[0]);
+   *d = (mp_digit)(((mp_word)1 << (mp_word)MP_DIGIT_BIT) - (mp_word)a->dp[0]);
 }
 
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_error_to_string.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,27 @@
+#include "tommath_private.h"
+#ifdef BN_MP_ERROR_TO_STRING_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+/* return a char * string for a given code */
+const char *mp_error_to_string(mp_err code)
+{
+   switch (code) {
+   case MP_OKAY:
+      return "Successful";
+   case MP_ERR:
+      return "Unknown error";
+   case MP_MEM:
+      return "Out of heap";
+   case MP_VAL:
+      return "Value out of range";
+   case MP_ITER:
+      return "Max. iterations reached";
+   case MP_BUF:
+      return "Buffer overflow";
+   default:
+      return "Invalid error code";
+   }
+}
+
+#endif
--- a/libtommath/bn_mp_exch.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_exch.c	Tue May 26 17:36:47 2020 +0200
@@ -1,16 +1,7 @@
 #include "tommath_private.h"
 #ifdef BN_MP_EXCH_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* swap the elements of two integers, for cases where you can't simply swap the
  * mp_int pointers around
@@ -24,7 +15,3 @@
    *b = t;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_export.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,84 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_MP_EXPORT_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* based on gmp's mpz_export.
- * see http://gmplib.org/manual/Integer-Import-and-Export.html
- */
-int mp_export(void *rop, size_t *countp, int order, size_t size,
-              int endian, size_t nails, const mp_int *op)
-{
-   int result;
-   size_t odd_nails, nail_bytes, i, j, bits, count;
-   unsigned char odd_nail_mask;
-
-   mp_int t;
-
-   if ((result = mp_init_copy(&t, op)) != MP_OKAY) {
-      return result;
-   }
-
-   if (endian == 0) {
-      union {
-         unsigned int i;
-         char c[4];
-      } lint;
-      lint.i = 0x01020304;
-
-      endian = (lint.c[0] == '\x04') ? -1 : 1;
-   }
-
-   odd_nails = (nails % 8u);
-   odd_nail_mask = 0xff;
-   for (i = 0; i < odd_nails; ++i) {
-      odd_nail_mask ^= (unsigned char)(1u << (7u - i));
-   }
-   nail_bytes = nails / 8u;
-
-   bits = (size_t)mp_count_bits(&t);
-   count = (bits / ((size * 8u) - nails)) + (((bits % ((size * 8u) - nails)) != 0u) ? 1u : 0u);
-
-   for (i = 0; i < count; ++i) {
-      for (j = 0; j < size; ++j) {
-         unsigned char *byte = (unsigned char *)rop +
-                               (((order == -1) ? i : ((count - 1u) - i)) * size) +
-                               ((endian == -1) ? j : ((size - 1u) - j));
-
-         if (j >= (size - nail_bytes)) {
-            *byte = 0;
-            continue;
-         }
-
-         *byte = (unsigned char)((j == ((size - nail_bytes) - 1u)) ? (t.dp[0] & odd_nail_mask) : (t.dp[0] & 0xFFuL));
-
-         if ((result = mp_div_2d(&t, (j == ((size - nail_bytes) - 1u)) ? (int)(8u - odd_nails) : 8, &t, NULL)) != MP_OKAY) {
-            mp_clear(&t);
-            return result;
-         }
-      }
-   }
-
-   mp_clear(&t);
-
-   if (countp != NULL) {
-      *countp = count;
-   }
-
-   return MP_OKAY;
-}
-
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_expt_d.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_MP_EXPT_D_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* wrapper function for mp_expt_d_ex() */
-int mp_expt_d(const mp_int *a, mp_digit b, mp_int *c)
-{
-   return mp_expt_d_ex(a, b, c, 0);
-}
-
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_expt_d_ex.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,79 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_MP_EXPT_D_EX_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* calculate c = a**b  using a square-multiply algorithm */
-int mp_expt_d_ex(const mp_int *a, mp_digit b, mp_int *c, int fast)
-{
-   int     res;
-   unsigned int x;
-
-   mp_int  g;
-
-   if ((res = mp_init_copy(&g, a)) != MP_OKAY) {
-      return res;
-   }
-
-   /* set initial result */
-   mp_set(c, 1uL);
-
-   if (fast != 0) {
-      while (b > 0u) {
-         /* if the bit is set multiply */
-         if ((b & 1u) != 0u) {
-            if ((res = mp_mul(c, &g, c)) != MP_OKAY) {
-               mp_clear(&g);
-               return res;
-            }
-         }
-
-         /* square */
-         if (b > 1u) {
-            if ((res = mp_sqr(&g, &g)) != MP_OKAY) {
-               mp_clear(&g);
-               return res;
-            }
-         }
-
-         /* shift to next bit */
-         b >>= 1;
-      }
-   } else {
-      for (x = 0; x < (unsigned)DIGIT_BIT; x++) {
-         /* square */
-         if ((res = mp_sqr(c, c)) != MP_OKAY) {
-            mp_clear(&g);
-            return res;
-         }
-
-         /* if the bit is set multiply */
-         if ((b & ((mp_digit)1 << (DIGIT_BIT - 1))) != 0u) {
-            if ((res = mp_mul(c, &g, c)) != MP_OKAY) {
-               mp_clear(&g);
-               return res;
-            }
-         }
-
-         /* shift to next bit */
-         b <<= 1;
-      }
-   } /* if ... else */
-
-   mp_clear(&g);
-   return MP_OKAY;
-}
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_expt_u32.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,46 @@
+#include "tommath_private.h"
+#ifdef BN_MP_EXPT_U32_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+/* calculate c = a**b  using a square-multiply algorithm */
+mp_err mp_expt_u32(const mp_int *a, uint32_t b, mp_int *c)
+{
+   mp_err err;
+
+   mp_int  g;
+
+   if ((err = mp_init_copy(&g, a)) != MP_OKAY) {
+      return err;
+   }
+
+   /* set initial result */
+   mp_set(c, 1uL);
+
+   while (b > 0u) {
+      /* if the bit is set multiply */
+      if ((b & 1u) != 0u) {
+         if ((err = mp_mul(c, &g, c)) != MP_OKAY) {
+            goto LBL_ERR;
+         }
+      }
+
+      /* square */
+      if (b > 1u) {
+         if ((err = mp_sqr(&g, &g)) != MP_OKAY) {
+            goto LBL_ERR;
+         }
+      }
+
+      /* shift to next bit */
+      b >>= 1;
+   }
+
+   err = MP_OKAY;
+
+LBL_ERR:
+   mp_clear(&g);
+   return err;
+}
+
+#endif
--- a/libtommath/bn_mp_exptmod.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_exptmod.c	Tue May 26 17:36:47 2020 +0200
@@ -1,24 +1,14 @@
 #include "tommath_private.h"
 #ifdef BN_MP_EXPTMOD_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* this is a shell function that calls either the normal or Montgomery
  * exptmod functions.  Originally the call to the montgomery code was
  * embedded in the normal function but that wasted alot of stack space
  * for nothing (since 99% of the time the Montgomery code would be called)
  */
-int mp_exptmod(const mp_int *G, const mp_int *X, const mp_int *P, mp_int *Y)
+mp_err mp_exptmod(const mp_int *G, const mp_int *X, const mp_int *P, mp_int *Y)
 {
    int dr;
 
@@ -29,81 +19,58 @@
 
    /* if exponent X is negative we have to recurse */
    if (X->sign == MP_NEG) {
-#ifdef BN_MP_INVMOD_C
       mp_int tmpG, tmpX;
-      int err;
+      mp_err err;
 
-      /* first compute 1/G mod P */
-      if ((err = mp_init(&tmpG)) != MP_OKAY) {
-         return err;
+      if (!MP_HAS(MP_INVMOD)) {
+         return MP_VAL;
       }
-      if ((err = mp_invmod(G, P, &tmpG)) != MP_OKAY) {
-         mp_clear(&tmpG);
+
+      if ((err = mp_init_multi(&tmpG, &tmpX, NULL)) != MP_OKAY) {
          return err;
       }
 
+      /* first compute 1/G mod P */
+      if ((err = mp_invmod(G, P, &tmpG)) != MP_OKAY) {
+         goto LBL_ERR;
+      }
+
       /* now get |X| */
-      if ((err = mp_init(&tmpX)) != MP_OKAY) {
-         mp_clear(&tmpG);
-         return err;
-      }
       if ((err = mp_abs(X, &tmpX)) != MP_OKAY) {
-         mp_clear_multi(&tmpG, &tmpX, NULL);
-         return err;
+         goto LBL_ERR;
       }
 
       /* and now compute (1/G)**|X| instead of G**X [X < 0] */
       err = mp_exptmod(&tmpG, &tmpX, P, Y);
+LBL_ERR:
       mp_clear_multi(&tmpG, &tmpX, NULL);
       return err;
-#else
-      /* no invmod */
-      return MP_VAL;
-#endif
    }
 
    /* modified diminished radix reduction */
-#if defined(BN_MP_REDUCE_IS_2K_L_C) && defined(BN_MP_REDUCE_2K_L_C) && defined(BN_S_MP_EXPTMOD_C)
-   if (mp_reduce_is_2k_l(P) == MP_YES) {
+   if (MP_HAS(MP_REDUCE_IS_2K_L) && MP_HAS(MP_REDUCE_2K_L) && MP_HAS(S_MP_EXPTMOD) &&
+       (mp_reduce_is_2k_l(P) == MP_YES)) {
       return s_mp_exptmod(G, X, P, Y, 1);
    }
-#endif
+
+   /* is it a DR modulus? default to no */
+   dr = (MP_HAS(MP_DR_IS_MODULUS) && (mp_dr_is_modulus(P) == MP_YES)) ? 1 : 0;
 
-#ifdef BN_MP_DR_IS_MODULUS_C
-   /* is it a DR modulus? */
-   dr = mp_dr_is_modulus(P);
-#else
-   /* default to no */
-   dr = 0;
-#endif
-
-#ifdef BN_MP_REDUCE_IS_2K_C
    /* if not, is it a unrestricted DR modulus? */
-   if (dr == 0) {
-      dr = mp_reduce_is_2k(P) << 1;
+   if (MP_HAS(MP_REDUCE_IS_2K) && (dr == 0)) {
+      dr = (mp_reduce_is_2k(P) == MP_YES) ? 2 : 0;
    }
-#endif
 
    /* if the modulus is odd or dr != 0 use the montgomery method */
-#ifdef BN_MP_EXPTMOD_FAST_C
-   if ((mp_isodd(P) == MP_YES) || (dr !=  0)) {
-      return mp_exptmod_fast(G, X, P, Y, dr);
-   } else {
-#endif
-#ifdef BN_S_MP_EXPTMOD_C
+   if (MP_HAS(S_MP_EXPTMOD_FAST) && (MP_IS_ODD(P) || (dr != 0))) {
+      return s_mp_exptmod_fast(G, X, P, Y, dr);
+   } else if (MP_HAS(S_MP_EXPTMOD)) {
       /* otherwise use the generic Barrett reduction technique */
       return s_mp_exptmod(G, X, P, Y, 0);
-#else
+   } else {
       /* no exptmod for evens */
       return MP_VAL;
-#endif
-#ifdef BN_MP_EXPTMOD_FAST_C
    }
-#endif
 }
 
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_exptmod_fast.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,319 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_MP_EXPTMOD_FAST_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* computes Y == G**X mod P, HAC pp.616, Algorithm 14.85
- *
- * Uses a left-to-right k-ary sliding window to compute the modular exponentiation.
- * The value of k changes based on the size of the exponent.
- *
- * Uses Montgomery or Diminished Radix reduction [whichever appropriate]
- */
-
-#ifdef MP_LOW_MEM
-#   define TAB_SIZE 32
-#else
-#   define TAB_SIZE 256
-#endif
-
-int mp_exptmod_fast(const mp_int *G, const mp_int *X, const mp_int *P, mp_int *Y, int redmode)
-{
-   mp_int  M[TAB_SIZE], res;
-   mp_digit buf, mp;
-   int     err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize;
-
-   /* use a pointer to the reduction algorithm.  This allows us to use
-    * one of many reduction algorithms without modding the guts of
-    * the code with if statements everywhere.
-    */
-   int (*redux)(mp_int *x, const mp_int *n, mp_digit rho);
-
-   /* find window size */
-   x = mp_count_bits(X);
-   if (x <= 7) {
-      winsize = 2;
-   } else if (x <= 36) {
-      winsize = 3;
-   } else if (x <= 140) {
-      winsize = 4;
-   } else if (x <= 450) {
-      winsize = 5;
-   } else if (x <= 1303) {
-      winsize = 6;
-   } else if (x <= 3529) {
-      winsize = 7;
-   } else {
-      winsize = 8;
-   }
-
-#ifdef MP_LOW_MEM
-   if (winsize > 5) {
-      winsize = 5;
-   }
-#endif
-
-   /* init M array */
-   /* init first cell */
-   if ((err = mp_init_size(&M[1], P->alloc)) != MP_OKAY) {
-      return err;
-   }
-
-   /* now init the second half of the array */
-   for (x = 1<<(winsize-1); x < (1 << winsize); x++) {
-      if ((err = mp_init_size(&M[x], P->alloc)) != MP_OKAY) {
-         for (y = 1<<(winsize-1); y < x; y++) {
-            mp_clear(&M[y]);
-         }
-         mp_clear(&M[1]);
-         return err;
-      }
-   }
-
-   /* determine and setup reduction code */
-   if (redmode == 0) {
-#ifdef BN_MP_MONTGOMERY_SETUP_C
-      /* now setup montgomery  */
-      if ((err = mp_montgomery_setup(P, &mp)) != MP_OKAY) {
-         goto LBL_M;
-      }
-#else
-      err = MP_VAL;
-      goto LBL_M;
-#endif
-
-      /* automatically pick the comba one if available (saves quite a few calls/ifs) */
-#ifdef BN_FAST_MP_MONTGOMERY_REDUCE_C
-      if ((((P->used * 2) + 1) < (int)MP_WARRAY) &&
-          (P->used < (1 << ((CHAR_BIT * sizeof(mp_word)) - (2 * DIGIT_BIT))))) {
-         redux = fast_mp_montgomery_reduce;
-      } else
-#endif
-      {
-#ifdef BN_MP_MONTGOMERY_REDUCE_C
-         /* use slower baseline Montgomery method */
-         redux = mp_montgomery_reduce;
-#else
-         err = MP_VAL;
-         goto LBL_M;
-#endif
-      }
-   } else if (redmode == 1) {
-#if defined(BN_MP_DR_SETUP_C) && defined(BN_MP_DR_REDUCE_C)
-      /* setup DR reduction for moduli of the form B**k - b */
-      mp_dr_setup(P, &mp);
-      redux = mp_dr_reduce;
-#else
-      err = MP_VAL;
-      goto LBL_M;
-#endif
-   } else {
-#if defined(BN_MP_REDUCE_2K_SETUP_C) && defined(BN_MP_REDUCE_2K_C)
-      /* setup DR reduction for moduli of the form 2**k - b */
-      if ((err = mp_reduce_2k_setup(P, &mp)) != MP_OKAY) {
-         goto LBL_M;
-      }
-      redux = mp_reduce_2k;
-#else
-      err = MP_VAL;
-      goto LBL_M;
-#endif
-   }
-
-   /* setup result */
-   if ((err = mp_init_size(&res, P->alloc)) != MP_OKAY) {
-      goto LBL_M;
-   }
-
-   /* create M table
-    *
-
-    *
-    * The first half of the table is not computed though accept for M[0] and M[1]
-    */
-
-   if (redmode == 0) {
-#ifdef BN_MP_MONTGOMERY_CALC_NORMALIZATION_C
-      /* now we need R mod m */
-      if ((err = mp_montgomery_calc_normalization(&res, P)) != MP_OKAY) {
-         goto LBL_RES;
-      }
-
-      /* now set M[1] to G * R mod m */
-      if ((err = mp_mulmod(G, &res, P, &M[1])) != MP_OKAY) {
-         goto LBL_RES;
-      }
-#else
-      err = MP_VAL;
-      goto LBL_RES;
-#endif
-   } else {
-      mp_set(&res, 1uL);
-      if ((err = mp_mod(G, P, &M[1])) != MP_OKAY) {
-         goto LBL_RES;
-      }
-   }
-
-   /* compute the value at M[1<<(winsize-1)] by squaring M[1] (winsize-1) times */
-   if ((err = mp_copy(&M[1], &M[(size_t)1 << (winsize - 1)])) != MP_OKAY) {
-      goto LBL_RES;
-   }
-
-   for (x = 0; x < (winsize - 1); x++) {
-      if ((err = mp_sqr(&M[(size_t)1 << (winsize - 1)], &M[(size_t)1 << (winsize - 1)])) != MP_OKAY) {
-         goto LBL_RES;
-      }
-      if ((err = redux(&M[(size_t)1 << (winsize - 1)], P, mp)) != MP_OKAY) {
-         goto LBL_RES;
-      }
-   }
-
-   /* create upper table */
-   for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) {
-      if ((err = mp_mul(&M[x - 1], &M[1], &M[x])) != MP_OKAY) {
-         goto LBL_RES;
-      }
-      if ((err = redux(&M[x], P, mp)) != MP_OKAY) {
-         goto LBL_RES;
-      }
-   }
-
-   /* set initial mode and bit cnt */
-   mode   = 0;
-   bitcnt = 1;
-   buf    = 0;
-   digidx = X->used - 1;
-   bitcpy = 0;
-   bitbuf = 0;
-
-   for (;;) {
-      /* grab next digit as required */
-      if (--bitcnt == 0) {
-         /* if digidx == -1 we are out of digits so break */
-         if (digidx == -1) {
-            break;
-         }
-         /* read next digit and reset bitcnt */
-         buf    = X->dp[digidx--];
-         bitcnt = (int)DIGIT_BIT;
-      }
-
-      /* grab the next msb from the exponent */
-      y     = (mp_digit)(buf >> (DIGIT_BIT - 1)) & 1;
-      buf <<= (mp_digit)1;
-
-      /* if the bit is zero and mode == 0 then we ignore it
-       * These represent the leading zero bits before the first 1 bit
-       * in the exponent.  Technically this opt is not required but it
-       * does lower the # of trivial squaring/reductions used
-       */
-      if ((mode == 0) && (y == 0)) {
-         continue;
-      }
-
-      /* if the bit is zero and mode == 1 then we square */
-      if ((mode == 1) && (y == 0)) {
-         if ((err = mp_sqr(&res, &res)) != MP_OKAY) {
-            goto LBL_RES;
-         }
-         if ((err = redux(&res, P, mp)) != MP_OKAY) {
-            goto LBL_RES;
-         }
-         continue;
-      }
-
-      /* else we add it to the window */
-      bitbuf |= (y << (winsize - ++bitcpy));
-      mode    = 2;
-
-      if (bitcpy == winsize) {
-         /* ok window is filled so square as required and multiply  */
-         /* square first */
-         for (x = 0; x < winsize; x++) {
-            if ((err = mp_sqr(&res, &res)) != MP_OKAY) {
-               goto LBL_RES;
-            }
-            if ((err = redux(&res, P, mp)) != MP_OKAY) {
-               goto LBL_RES;
-            }
-         }
-
-         /* then multiply */
-         if ((err = mp_mul(&res, &M[bitbuf], &res)) != MP_OKAY) {
-            goto LBL_RES;
-         }
-         if ((err = redux(&res, P, mp)) != MP_OKAY) {
-            goto LBL_RES;
-         }
-
-         /* empty window and reset */
-         bitcpy = 0;
-         bitbuf = 0;
-         mode   = 1;
-      }
-   }
-
-   /* if bits remain then square/multiply */
-   if ((mode == 2) && (bitcpy > 0)) {
-      /* square then multiply if the bit is set */
-      for (x = 0; x < bitcpy; x++) {
-         if ((err = mp_sqr(&res, &res)) != MP_OKAY) {
-            goto LBL_RES;
-         }
-         if ((err = redux(&res, P, mp)) != MP_OKAY) {
-            goto LBL_RES;
-         }
-
-         /* get next bit of the window */
-         bitbuf <<= 1;
-         if ((bitbuf & (1 << winsize)) != 0) {
-            /* then multiply */
-            if ((err = mp_mul(&res, &M[1], &res)) != MP_OKAY) {
-               goto LBL_RES;
-            }
-            if ((err = redux(&res, P, mp)) != MP_OKAY) {
-               goto LBL_RES;
-            }
-         }
-      }
-   }
-
-   if (redmode == 0) {
-      /* fixup result if Montgomery reduction is used
-       * recall that any value in a Montgomery system is
-       * actually multiplied by R mod n.  So we have
-       * to reduce one more time to cancel out the factor
-       * of R.
-       */
-      if ((err = redux(&res, P, mp)) != MP_OKAY) {
-         goto LBL_RES;
-      }
-   }
-
-   /* swap res with Y */
-   mp_exch(&res, Y);
-   err = MP_OKAY;
-LBL_RES:
-   mp_clear(&res);
-LBL_M:
-   mp_clear(&M[1]);
-   for (x = 1<<(winsize-1); x < (1 << winsize); x++) {
-      mp_clear(&M[x]);
-   }
-   return err;
-}
-#endif
-
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_exteuclid.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_exteuclid.c	Tue May 26 17:36:47 2020 +0200
@@ -1,24 +1,15 @@
 #include "tommath_private.h"
 #ifdef BN_MP_EXTEUCLID_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* Extended euclidean algorithm of (a, b) produces
    a*u1 + b*u2 = u3
  */
-int mp_exteuclid(const mp_int *a, const mp_int *b, mp_int *U1, mp_int *U2, mp_int *U3)
+mp_err mp_exteuclid(const mp_int *a, const mp_int *b, mp_int *U1, mp_int *U2, mp_int *U3)
 {
    mp_int u1, u2, u3, v1, v2, v3, t1, t2, t3, q, tmp;
-   int err;
+   mp_err err;
 
    if ((err = mp_init_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL)) != MP_OKAY) {
       return err;
@@ -26,77 +17,41 @@
 
    /* initialize, (u1,u2,u3) = (1,0,a) */
    mp_set(&u1, 1uL);
-   if ((err = mp_copy(a, &u3)) != MP_OKAY) {
-      goto LBL_ERR;
-   }
+   if ((err = mp_copy(a, &u3)) != MP_OKAY)                        goto LBL_ERR;
 
    /* initialize, (v1,v2,v3) = (0,1,b) */
    mp_set(&v2, 1uL);
-   if ((err = mp_copy(b, &v3)) != MP_OKAY) {
-      goto LBL_ERR;
-   }
+   if ((err = mp_copy(b, &v3)) != MP_OKAY)                        goto LBL_ERR;
 
    /* loop while v3 != 0 */
-   while (mp_iszero(&v3) == MP_NO) {
+   while (!MP_IS_ZERO(&v3)) {
       /* q = u3/v3 */
-      if ((err = mp_div(&u3, &v3, &q, NULL)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
+      if ((err = mp_div(&u3, &v3, &q, NULL)) != MP_OKAY)          goto LBL_ERR;
 
       /* (t1,t2,t3) = (u1,u2,u3) - (v1,v2,v3)q */
-      if ((err = mp_mul(&v1, &q, &tmp)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-      if ((err = mp_sub(&u1, &tmp, &t1)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-      if ((err = mp_mul(&v2, &q, &tmp)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-      if ((err = mp_sub(&u2, &tmp, &t2)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-      if ((err = mp_mul(&v3, &q, &tmp)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-      if ((err = mp_sub(&u3, &tmp, &t3)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
+      if ((err = mp_mul(&v1, &q, &tmp)) != MP_OKAY)               goto LBL_ERR;
+      if ((err = mp_sub(&u1, &tmp, &t1)) != MP_OKAY)              goto LBL_ERR;
+      if ((err = mp_mul(&v2, &q, &tmp)) != MP_OKAY)               goto LBL_ERR;
+      if ((err = mp_sub(&u2, &tmp, &t2)) != MP_OKAY)              goto LBL_ERR;
+      if ((err = mp_mul(&v3, &q, &tmp)) != MP_OKAY)               goto LBL_ERR;
+      if ((err = mp_sub(&u3, &tmp, &t3)) != MP_OKAY)              goto LBL_ERR;
 
       /* (u1,u2,u3) = (v1,v2,v3) */
-      if ((err = mp_copy(&v1, &u1)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-      if ((err = mp_copy(&v2, &u2)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-      if ((err = mp_copy(&v3, &u3)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
+      if ((err = mp_copy(&v1, &u1)) != MP_OKAY)                   goto LBL_ERR;
+      if ((err = mp_copy(&v2, &u2)) != MP_OKAY)                   goto LBL_ERR;
+      if ((err = mp_copy(&v3, &u3)) != MP_OKAY)                   goto LBL_ERR;
 
       /* (v1,v2,v3) = (t1,t2,t3) */
-      if ((err = mp_copy(&t1, &v1)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-      if ((err = mp_copy(&t2, &v2)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-      if ((err = mp_copy(&t3, &v3)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
+      if ((err = mp_copy(&t1, &v1)) != MP_OKAY)                   goto LBL_ERR;
+      if ((err = mp_copy(&t2, &v2)) != MP_OKAY)                   goto LBL_ERR;
+      if ((err = mp_copy(&t3, &v3)) != MP_OKAY)                   goto LBL_ERR;
    }
 
    /* make sure U3 >= 0 */
    if (u3.sign == MP_NEG) {
-      if ((err = mp_neg(&u1, &u1)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-      if ((err = mp_neg(&u2, &u2)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-      if ((err = mp_neg(&u3, &u3)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
+      if ((err = mp_neg(&u1, &u1)) != MP_OKAY)                    goto LBL_ERR;
+      if ((err = mp_neg(&u2, &u2)) != MP_OKAY)                    goto LBL_ERR;
+      if ((err = mp_neg(&u3, &u3)) != MP_OKAY)                    goto LBL_ERR;
    }
 
    /* copy result out */
@@ -116,7 +71,3 @@
    return err;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_fread.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_fread.c	Tue May 26 17:36:47 2020 +0200
@@ -1,29 +1,17 @@
 #include "tommath_private.h"
 #ifdef BN_MP_FREAD_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
-#ifndef LTM_NO_FILE
+#ifndef MP_NO_FILE
 /* read a bigint from a file stream in ASCII */
-int mp_fread(mp_int *a, int radix, FILE *stream)
+mp_err mp_fread(mp_int *a, int radix, FILE *stream)
 {
-   int err, ch, neg, y;
-   unsigned pos;
-
-   /* clear a */
-   mp_zero(a);
+   mp_err err;
+   mp_sign neg;
 
    /* if first digit is - then set negative */
-   ch = fgetc(stream);
+   int ch = fgetc(stream);
    if (ch == (int)'-') {
       neg = MP_NEG;
       ch = fgetc(stream);
@@ -31,8 +19,17 @@
       neg = MP_ZPOS;
    }
 
-   for (;;) {
-      pos = (unsigned)(ch - (int)'(');
+   /* no digits, return error */
+   if (ch == EOF) {
+      return MP_ERR;
+   }
+
+   /* clear a */
+   mp_zero(a);
+
+   do {
+      int y;
+      unsigned pos = (unsigned)(ch - (int)'(');
       if (mp_s_rmap_reverse_sz < pos) {
          break;
       }
@@ -50,10 +47,9 @@
       if ((err = mp_add_d(a, (mp_digit)y, a)) != MP_OKAY) {
          return err;
       }
+   } while ((ch = fgetc(stream)) != EOF);
 
-      ch = fgetc(stream);
-   }
-   if (mp_cmp_d(a, 0uL) != MP_EQ) {
+   if (a->used != 0) {
       a->sign = neg;
    }
 
@@ -62,7 +58,3 @@
 #endif
 
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_from_sbin.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,25 @@
+#include "tommath_private.h"
+#ifdef BN_MP_FROM_SBIN_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+/* read signed bin, big endian, first byte is 0==positive or 1==negative */
+mp_err mp_from_sbin(mp_int *a, const unsigned char *buf, size_t size)
+{
+   mp_err err;
+
+   /* read magnitude */
+   if ((err = mp_from_ubin(a, buf + 1, size - 1u)) != MP_OKAY) {
+      return err;
+   }
+
+   /* first byte is 0 for positive, non-zero for negative */
+   if (buf[0] == (unsigned char)0) {
+      a->sign = MP_ZPOS;
+   } else {
+      a->sign = MP_NEG;
+   }
+
+   return MP_OKAY;
+}
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_from_ubin.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,39 @@
+#include "tommath_private.h"
+#ifdef BN_MP_FROM_UBIN_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+/* reads a unsigned char array, assumes the msb is stored first [big endian] */
+mp_err mp_from_ubin(mp_int *a, const unsigned char *buf, size_t size)
+{
+   mp_err err;
+
+   /* make sure there are at least two digits */
+   if (a->alloc < 2) {
+      if ((err = mp_grow(a, 2)) != MP_OKAY) {
+         return err;
+      }
+   }
+
+   /* zero the int */
+   mp_zero(a);
+
+   /* read the bytes in */
+   while (size-- > 0u) {
+      if ((err = mp_mul_2d(a, 8, a)) != MP_OKAY) {
+         return err;
+      }
+
+#ifndef MP_8BIT
+      a->dp[0] |= *buf++;
+      a->used += 1;
+#else
+      a->dp[0] = (*buf & MP_MASK);
+      a->dp[1] |= ((*buf++ >> 7) & 1u);
+      a->used += 2;
+#endif
+   }
+   mp_clamp(a);
+   return MP_OKAY;
+}
+#endif
--- a/libtommath/bn_mp_fwrite.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_fwrite.c	Tue May 26 17:36:47 2020 +0200
@@ -1,51 +1,45 @@
 #include "tommath_private.h"
 #ifdef BN_MP_FWRITE_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
-#ifndef LTM_NO_FILE
-int mp_fwrite(const mp_int *a, int radix, FILE *stream)
+#ifndef MP_NO_FILE
+mp_err mp_fwrite(const mp_int *a, int radix, FILE *stream)
 {
    char *buf;
-   int err, len, x;
+   mp_err err;
+   int len;
+   size_t written;
 
-   if ((err = mp_radix_size(a, radix, &len)) != MP_OKAY) {
-      return err;
+   /* TODO: this function is not in this PR */
+   if (MP_HAS(MP_RADIX_SIZE_OVERESTIMATE)) {
+      /* if ((err = mp_radix_size_overestimate(&t, base, &len)) != MP_OKAY)      goto LBL_ERR; */
+   } else {
+      if ((err = mp_radix_size(a, radix, &len)) != MP_OKAY) {
+         return err;
+      }
    }
 
-   buf = OPT_CAST(char) XMALLOC((size_t)len);
+   buf = (char *) MP_MALLOC((size_t)len);
    if (buf == NULL) {
       return MP_MEM;
    }
 
-   if ((err = mp_toradix(a, buf, radix)) != MP_OKAY) {
-      XFREE(buf);
-      return err;
+   if ((err = mp_to_radix(a, buf, (size_t)len, &written, radix)) != MP_OKAY) {
+      goto LBL_ERR;
    }
 
-   for (x = 0; x < len; x++) {
-      if (fputc((int)buf[x], stream) == EOF) {
-         XFREE(buf);
-         return MP_VAL;
-      }
+   if (fwrite(buf, written, 1uL, stream) != 1uL) {
+      err = MP_ERR;
+      goto LBL_ERR;
    }
+   err = MP_OKAY;
 
-   XFREE(buf);
-   return MP_OKAY;
+
+LBL_ERR:
+   MP_FREE_BUFFER(buf, (size_t)len);
+   return err;
 }
 #endif
 
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_gcd.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_gcd.c	Tue May 26 17:36:47 2020 +0200
@@ -1,37 +1,29 @@
 #include "tommath_private.h"
 #ifdef BN_MP_GCD_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* Greatest Common Divisor using the binary method */
-int mp_gcd(const mp_int *a, const mp_int *b, mp_int *c)
+mp_err mp_gcd(const mp_int *a, const mp_int *b, mp_int *c)
 {
    mp_int  u, v;
-   int     k, u_lsb, v_lsb, res;
+   int     k, u_lsb, v_lsb;
+   mp_err err;
 
    /* either zero than gcd is the largest */
-   if (mp_iszero(a) == MP_YES) {
+   if (MP_IS_ZERO(a)) {
       return mp_abs(b, c);
    }
-   if (mp_iszero(b) == MP_YES) {
+   if (MP_IS_ZERO(b)) {
       return mp_abs(a, c);
    }
 
    /* get copies of a and b we can modify */
-   if ((res = mp_init_copy(&u, a)) != MP_OKAY) {
-      return res;
+   if ((err = mp_init_copy(&u, a)) != MP_OKAY) {
+      return err;
    }
 
-   if ((res = mp_init_copy(&v, b)) != MP_OKAY) {
+   if ((err = mp_init_copy(&v, b)) != MP_OKAY) {
       goto LBL_U;
    }
 
@@ -41,33 +33,33 @@
    /* B1.  Find the common power of two for u and v */
    u_lsb = mp_cnt_lsb(&u);
    v_lsb = mp_cnt_lsb(&v);
-   k     = MIN(u_lsb, v_lsb);
+   k     = MP_MIN(u_lsb, v_lsb);
 
    if (k > 0) {
       /* divide the power of two out */
-      if ((res = mp_div_2d(&u, k, &u, NULL)) != MP_OKAY) {
+      if ((err = mp_div_2d(&u, k, &u, NULL)) != MP_OKAY) {
          goto LBL_V;
       }
 
-      if ((res = mp_div_2d(&v, k, &v, NULL)) != MP_OKAY) {
+      if ((err = mp_div_2d(&v, k, &v, NULL)) != MP_OKAY) {
          goto LBL_V;
       }
    }
 
    /* divide any remaining factors of two out */
    if (u_lsb != k) {
-      if ((res = mp_div_2d(&u, u_lsb - k, &u, NULL)) != MP_OKAY) {
+      if ((err = mp_div_2d(&u, u_lsb - k, &u, NULL)) != MP_OKAY) {
          goto LBL_V;
       }
    }
 
    if (v_lsb != k) {
-      if ((res = mp_div_2d(&v, v_lsb - k, &v, NULL)) != MP_OKAY) {
+      if ((err = mp_div_2d(&v, v_lsb - k, &v, NULL)) != MP_OKAY) {
          goto LBL_V;
       }
    }
 
-   while (mp_iszero(&v) == MP_NO) {
+   while (!MP_IS_ZERO(&v)) {
       /* make sure v is the largest */
       if (mp_cmp_mag(&u, &v) == MP_GT) {
          /* swap u and v to make sure v is >= u */
@@ -75,30 +67,26 @@
       }
 
       /* subtract smallest from largest */
-      if ((res = s_mp_sub(&v, &u, &v)) != MP_OKAY) {
+      if ((err = s_mp_sub(&v, &u, &v)) != MP_OKAY) {
          goto LBL_V;
       }
 
       /* Divide out all factors of two */
-      if ((res = mp_div_2d(&v, mp_cnt_lsb(&v), &v, NULL)) != MP_OKAY) {
+      if ((err = mp_div_2d(&v, mp_cnt_lsb(&v), &v, NULL)) != MP_OKAY) {
          goto LBL_V;
       }
    }
 
    /* multiply by 2**k which we divided out at the beginning */
-   if ((res = mp_mul_2d(&u, k, c)) != MP_OKAY) {
+   if ((err = mp_mul_2d(&u, k, c)) != MP_OKAY) {
       goto LBL_V;
    }
    c->sign = MP_ZPOS;
-   res = MP_OKAY;
+   err = MP_OKAY;
 LBL_V:
    mp_clear(&u);
 LBL_U:
    mp_clear(&v);
-   return res;
+   return err;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_get_bit.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,54 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_MP_GET_BIT_C
-
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* Checks the bit at position b and returns MP_YES
-   if the bit is 1, MP_NO if it is 0 and MP_VAL
-   in case of error */
-int mp_get_bit(const mp_int *a, int b)
-{
-   int limb;
-   mp_digit bit, isset;
-
-   if (b < 0) {
-      return MP_VAL;
-   }
-
-   limb = b / DIGIT_BIT;
-
-   /*
-    * Zero is a special value with the member "used" set to zero.
-    * Needs to be tested before the check for the upper boundary
-    * otherwise (limb >= a->used) would be true for a = 0
-    */
-
-   if (mp_iszero(a) != MP_NO) {
-      return MP_NO;
-   }
-
-   if (limb >= a->used) {
-      return MP_VAL;
-   }
-
-   bit = (mp_digit)(1) << (b % DIGIT_BIT);
-
-   isset = a->dp[limb] & bit;
-   return (isset != 0u) ? MP_YES : MP_NO;
-}
-
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_get_i32.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,7 @@
+#include "tommath_private.h"
+#ifdef BN_MP_GET_I32_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+MP_GET_SIGNED(mp_get_i32, mp_get_mag_u32, int32_t, uint32_t)
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_get_i64.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,7 @@
+#include "tommath_private.h"
+#ifdef BN_MP_GET_I64_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+MP_GET_SIGNED(mp_get_i64, mp_get_mag_u64, int64_t, uint64_t)
+#endif
--- a/libtommath/bn_mp_get_int.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_MP_GET_INT_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* get the lower 32-bits of an mp_int */
-unsigned long mp_get_int(const mp_int *a)
-{
-   int i;
-   mp_min_u32 res;
-
-   if (a->used == 0) {
-      return 0;
-   }
-
-   /* get number of digits of the lsb we have to read */
-   i = MIN(a->used, ((((int)sizeof(unsigned long) * CHAR_BIT) + DIGIT_BIT - 1) / DIGIT_BIT)) - 1;
-
-   /* get most significant digit of result */
-   res = DIGIT(a, i);
-
-   while (--i >= 0) {
-      res = (res << DIGIT_BIT) | DIGIT(a, i);
-   }
-
-   /* force result to 32-bits always so it is consistent on non 32-bit platforms */
-   return res & 0xFFFFFFFFUL;
-}
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_get_l.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,7 @@
+#include "tommath_private.h"
+#ifdef BN_MP_GET_L_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+MP_GET_SIGNED(mp_get_l, mp_get_mag_ul, long, unsigned long)
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_get_ll.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,7 @@
+#include "tommath_private.h"
+#ifdef BN_MP_GET_LL_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+MP_GET_SIGNED(mp_get_ll, mp_get_mag_ull, long long, unsigned long long)
+#endif
--- a/libtommath/bn_mp_get_long.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_MP_GET_LONG_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* get the lower unsigned long of an mp_int, platform dependent */
-unsigned long mp_get_long(const mp_int *a)
-{
-   int i;
-   unsigned long res;
-
-   if (a->used == 0) {
-      return 0;
-   }
-
-   /* get number of digits of the lsb we have to read */
-   i = MIN(a->used, ((((int)sizeof(unsigned long) * CHAR_BIT) + DIGIT_BIT - 1) / DIGIT_BIT)) - 1;
-
-   /* get most significant digit of result */
-   res = DIGIT(a, i);
-
-#if (ULONG_MAX != 0xffffffffuL) || (DIGIT_BIT < 32)
-   while (--i >= 0) {
-      res = (res << DIGIT_BIT) | DIGIT(a, i);
-   }
-#endif
-   return res;
-}
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_get_long_long.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_MP_GET_LONG_LONG_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* get the lower unsigned long long of an mp_int, platform dependent */
-unsigned long long mp_get_long_long(const mp_int *a)
-{
-   int i;
-   unsigned long long res;
-
-   if (a->used == 0) {
-      return 0;
-   }
-
-   /* get number of digits of the lsb we have to read */
-   i = MIN(a->used, ((((int)sizeof(unsigned long long) * CHAR_BIT) + DIGIT_BIT - 1) / DIGIT_BIT)) - 1;
-
-   /* get most significant digit of result */
-   res = DIGIT(a, i);
-
-#if DIGIT_BIT < 64
-   while (--i >= 0) {
-      res = (res << DIGIT_BIT) | DIGIT(a, i);
-   }
-#endif
-   return res;
-}
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_get_mag_u32.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,7 @@
+#include "tommath_private.h"
+#ifdef BN_MP_GET_MAG_U32_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+MP_GET_MAG(mp_get_mag_u32, uint32_t)
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_get_mag_u64.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,7 @@
+#include "tommath_private.h"
+#ifdef BN_MP_GET_MAG_U64_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+MP_GET_MAG(mp_get_mag_u64, uint64_t)
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_get_mag_ul.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,7 @@
+#include "tommath_private.h"
+#ifdef BN_MP_GET_MAG_UL_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+MP_GET_MAG(mp_get_mag_ul, unsigned long)
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_get_mag_ull.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,7 @@
+#include "tommath_private.h"
+#ifdef BN_MP_GET_MAG_ULL_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+MP_GET_MAG(mp_get_mag_ull, unsigned long long)
+#endif
--- a/libtommath/bn_mp_grow.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_grow.c	Tue May 26 17:36:47 2020 +0200
@@ -1,35 +1,25 @@
 #include "tommath_private.h"
 #ifdef BN_MP_GROW_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* grow as required */
-int mp_grow(mp_int *a, int size)
+mp_err mp_grow(mp_int *a, int size)
 {
    int     i;
    mp_digit *tmp;
 
    /* if the alloc size is smaller alloc more ram */
    if (a->alloc < size) {
-      /* ensure there are always at least MP_PREC digits extra on top */
-      size += (MP_PREC * 2) - (size % MP_PREC);
-
       /* reallocate the array a->dp
        *
        * We store the return in a temporary variable
        * in case the operation failed we don't want
        * to overwrite the dp member of a.
        */
-      tmp = OPT_CAST(mp_digit) XREALLOC(a->dp, sizeof(mp_digit) * (size_t)size);
+      tmp = (mp_digit *) MP_REALLOC(a->dp,
+                                    (size_t)a->alloc * sizeof(mp_digit),
+                                    (size_t)size * sizeof(mp_digit));
       if (tmp == NULL) {
          /* reallocation failed but "a" is still valid [can be freed] */
          return MP_MEM;
@@ -41,14 +31,8 @@
       /* zero excess digits */
       i        = a->alloc;
       a->alloc = size;
-      for (; i < a->alloc; i++) {
-         a->dp[i] = 0;
-      }
+      MP_ZERO_DIGITS(a->dp + i, a->alloc - i);
    }
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_import.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,68 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_MP_IMPORT_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* based on gmp's mpz_import.
- * see http://gmplib.org/manual/Integer-Import-and-Export.html
- */
-int mp_import(mp_int *rop, size_t count, int order, size_t size,
-              int endian, size_t nails, const void *op)
-{
-   int result;
-   size_t odd_nails, nail_bytes, i, j;
-   unsigned char odd_nail_mask;
-
-   mp_zero(rop);
-
-   if (endian == 0) {
-      union {
-         unsigned int i;
-         char c[4];
-      } lint;
-      lint.i = 0x01020304;
-
-      endian = (lint.c[0] == '\x04') ? -1 : 1;
-   }
-
-   odd_nails = (nails % 8u);
-   odd_nail_mask = 0xff;
-   for (i = 0; i < odd_nails; ++i) {
-      odd_nail_mask ^= (unsigned char)(1u << (7u - i));
-   }
-   nail_bytes = nails / 8u;
-
-   for (i = 0; i < count; ++i) {
-      for (j = 0; j < (size - nail_bytes); ++j) {
-         unsigned char byte = *((unsigned char *)op +
-                                (((order == 1) ? i : ((count - 1u) - i)) * size) +
-                                ((endian == 1) ? (j + nail_bytes) : (((size - 1u) - j) - nail_bytes)));
-
-         if ((result = mp_mul_2d(rop, (j == 0u) ? (int)(8u - odd_nails) : 8, rop)) != MP_OKAY) {
-            return result;
-         }
-
-         rop->dp[0] |= (j == 0u) ? (mp_digit)(byte & odd_nail_mask) : (mp_digit)byte;
-         rop->used  += 1;
-      }
-   }
-
-   mp_clamp(rop);
-
-   return MP_OKAY;
-}
-
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_incr.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,30 @@
+#include "tommath_private.h"
+#ifdef BN_MP_INCR_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+/* Increment "a" by one like "a++". Changes input! */
+mp_err mp_incr(mp_int *a)
+{
+   if (MP_IS_ZERO(a)) {
+      mp_set(a,1uL);
+      return MP_OKAY;
+   } else if (a->sign == MP_NEG) {
+      mp_err err;
+      a->sign = MP_ZPOS;
+      if ((err = mp_decr(a)) != MP_OKAY) {
+         return err;
+      }
+      /* There is no -0 in LTM */
+      if (!MP_IS_ZERO(a)) {
+         a->sign = MP_NEG;
+      }
+      return MP_OKAY;
+   } else if (a->dp[0] < MP_DIGIT_MAX) {
+      a->dp[0]++;
+      return MP_OKAY;
+   } else {
+      return mp_add_d(a, 1uL,a);
+   }
+}
+#endif
--- a/libtommath/bn_mp_init.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_init.c	Tue May 26 17:36:47 2020 +0200
@@ -1,33 +1,17 @@
 #include "tommath_private.h"
 #ifdef BN_MP_INIT_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* init a new mp_int */
-int mp_init(mp_int *a)
+mp_err mp_init(mp_int *a)
 {
-   int i;
-
    /* allocate memory required and clear it */
-   a->dp = OPT_CAST(mp_digit) XMALLOC(sizeof(mp_digit) * (size_t)MP_PREC);
+   a->dp = (mp_digit *) MP_CALLOC((size_t)MP_PREC, sizeof(mp_digit));
    if (a->dp == NULL) {
       return MP_MEM;
    }
 
-   /* set the digits to zero */
-   for (i = 0; i < MP_PREC; i++) {
-      a->dp[i] = 0;
-   }
-
    /* set the used to zero, allocated digits to the default precision
     * and sign to positive */
    a->used  = 0;
@@ -37,7 +21,3 @@
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_init_copy.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_init_copy.c	Tue May 26 17:36:47 2020 +0200
@@ -1,34 +1,21 @@
 #include "tommath_private.h"
 #ifdef BN_MP_INIT_COPY_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* creates "a" then copies b into it */
-int mp_init_copy(mp_int *a, const mp_int *b)
+mp_err mp_init_copy(mp_int *a, const mp_int *b)
 {
-   int     res;
+   mp_err     err;
 
-   if ((res = mp_init_size(a, b->used)) != MP_OKAY) {
-      return res;
+   if ((err = mp_init_size(a, b->used)) != MP_OKAY) {
+      return err;
    }
 
-   if ((res = mp_copy(b, a)) != MP_OKAY) {
+   if ((err = mp_copy(b, a)) != MP_OKAY) {
       mp_clear(a);
    }
 
-   return res;
+   return err;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_init_i32.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,7 @@
+#include "tommath_private.h"
+#ifdef BN_MP_INIT_I32_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+MP_INIT_INT(mp_init_i32, mp_set_i32, int32_t)
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_init_i64.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,7 @@
+#include "tommath_private.h"
+#ifdef BN_MP_INIT_I64_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+MP_INIT_INT(mp_init_i64, mp_set_i64, int64_t)
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_init_l.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,7 @@
+#include "tommath_private.h"
+#ifdef BN_MP_INIT_L_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+MP_INIT_INT(mp_init_l, mp_set_l, long)
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_init_ll.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,7 @@
+#include "tommath_private.h"
+#ifdef BN_MP_INIT_LL_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+MP_INIT_INT(mp_init_ll, mp_set_ll, long long)
+#endif
--- a/libtommath/bn_mp_init_multi.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_init_multi.c	Tue May 26 17:36:47 2020 +0200
@@ -1,22 +1,13 @@
 #include "tommath_private.h"
 #ifdef BN_MP_INIT_MULTI_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 #include <stdarg.h>
 
-int mp_init_multi(mp_int *mp, ...)
+mp_err mp_init_multi(mp_int *mp, ...)
 {
-   mp_err res = MP_OKAY;      /* Assume ok until proven otherwise */
+   mp_err err = MP_OKAY;      /* Assume ok until proven otherwise */
    int n = 0;                 /* Number of ok inits */
    mp_int *cur_arg = mp;
    va_list args;
@@ -37,18 +28,14 @@
             cur_arg = va_arg(clean_args, mp_int *);
          }
          va_end(clean_args);
-         res = MP_MEM;
+         err = MP_MEM;
          break;
       }
       n++;
       cur_arg = va_arg(args, mp_int *);
    }
    va_end(args);
-   return res;                /* Assumed ok, if error flagged above. */
+   return err;                /* Assumed ok, if error flagged above. */
 }
 
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_init_set.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_init_set.c	Tue May 26 17:36:47 2020 +0200
@@ -1,21 +1,12 @@
 #include "tommath_private.h"
 #ifdef BN_MP_INIT_SET_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* initialize and set a digit */
-int mp_init_set(mp_int *a, mp_digit b)
+mp_err mp_init_set(mp_int *a, mp_digit b)
 {
-   int err;
+   mp_err err;
    if ((err = mp_init(a)) != MP_OKAY) {
       return err;
    }
@@ -23,7 +14,3 @@
    return err;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_init_set_int.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,28 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_MP_INIT_SET_INT_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* initialize and set a digit */
-int mp_init_set_int(mp_int *a, unsigned long b)
-{
-   int err;
-   if ((err = mp_init(a)) != MP_OKAY) {
-      return err;
-   }
-   return mp_set_int(a, b);
-}
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_init_size.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_init_size.c	Tue May 26 17:36:47 2020 +0200
@@ -1,27 +1,15 @@
 #include "tommath_private.h"
 #ifdef BN_MP_INIT_SIZE_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* init an mp_init for a given size */
-int mp_init_size(mp_int *a, int size)
+mp_err mp_init_size(mp_int *a, int size)
 {
-   int x;
-
-   /* pad size so there are always extra digits */
-   size += (MP_PREC * 2) - (size % MP_PREC);
+   size = MP_MAX(MP_MIN_PREC, size);
 
    /* alloc mem */
-   a->dp = OPT_CAST(mp_digit) XMALLOC(sizeof(mp_digit) * (size_t)size);
+   a->dp = (mp_digit *) MP_CALLOC((size_t)size, sizeof(mp_digit));
    if (a->dp == NULL) {
       return MP_MEM;
    }
@@ -31,15 +19,6 @@
    a->alloc = size;
    a->sign  = MP_ZPOS;
 
-   /* zero the digits */
-   for (x = 0; x < size; x++) {
-      a->dp[x] = 0;
-   }
-
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_init_u32.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,7 @@
+#include "tommath_private.h"
+#ifdef BN_MP_INIT_U32_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+MP_INIT_INT(mp_init_u32, mp_set_u32, uint32_t)
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_init_u64.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,7 @@
+#include "tommath_private.h"
+#ifdef BN_MP_INIT_U64_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+MP_INIT_INT(mp_init_u64, mp_set_u64, uint64_t)
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_init_ul.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,7 @@
+#include "tommath_private.h"
+#ifdef BN_MP_INIT_UL_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+MP_INIT_INT(mp_init_ul, mp_set_ul, unsigned long)
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_init_ull.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,7 @@
+#include "tommath_private.h"
+#ifdef BN_MP_INIT_ULL_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+MP_INIT_INT(mp_init_ull, mp_set_ull, unsigned long long)
+#endif
--- a/libtommath/bn_mp_invmod.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_invmod.c	Tue May 26 17:36:47 2020 +0200
@@ -1,40 +1,23 @@
 #include "tommath_private.h"
 #ifdef BN_MP_INVMOD_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* hac 14.61, pp608 */
-int mp_invmod(const mp_int *a, const mp_int *b, mp_int *c)
+mp_err mp_invmod(const mp_int *a, const mp_int *b, mp_int *c)
 {
    /* b cannot be negative and has to be >1 */
    if ((b->sign == MP_NEG) || (mp_cmp_d(b, 1uL) != MP_GT)) {
       return MP_VAL;
    }
 
-#ifdef BN_FAST_MP_INVMOD_C
    /* if the modulus is odd we can use a faster routine instead */
-   if ((mp_isodd(b) == MP_YES)) {
-      return fast_mp_invmod(a, b, c);
+   if (MP_HAS(S_MP_INVMOD_FAST) && MP_IS_ODD(b)) {
+      return s_mp_invmod_fast(a, b, c);
    }
-#endif
 
-#ifdef BN_MP_INVMOD_SLOW_C
-   return mp_invmod_slow(a, b, c);
-#else
-   return MP_VAL;
-#endif
+   return MP_HAS(S_MP_INVMOD_SLOW)
+          ? s_mp_invmod_slow(a, b, c)
+          : MP_VAL;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_invmod_slow.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,173 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_MP_INVMOD_SLOW_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* hac 14.61, pp608 */
-int mp_invmod_slow(const mp_int *a, const mp_int *b, mp_int *c)
-{
-   mp_int  x, y, u, v, A, B, C, D;
-   int     res;
-
-   /* b cannot be negative */
-   if ((b->sign == MP_NEG) || (mp_iszero(b) == MP_YES)) {
-      return MP_VAL;
-   }
-
-   /* init temps */
-   if ((res = mp_init_multi(&x, &y, &u, &v,
-                            &A, &B, &C, &D, NULL)) != MP_OKAY) {
-      return res;
-   }
-
-   /* x = a, y = b */
-   if ((res = mp_mod(a, b, &x)) != MP_OKAY) {
-      goto LBL_ERR;
-   }
-   if ((res = mp_copy(b, &y)) != MP_OKAY) {
-      goto LBL_ERR;
-   }
-
-   /* 2. [modified] if x,y are both even then return an error! */
-   if ((mp_iseven(&x) == MP_YES) && (mp_iseven(&y) == MP_YES)) {
-      res = MP_VAL;
-      goto LBL_ERR;
-   }
-
-   /* 3. u=x, v=y, A=1, B=0, C=0,D=1 */
-   if ((res = mp_copy(&x, &u)) != MP_OKAY) {
-      goto LBL_ERR;
-   }
-   if ((res = mp_copy(&y, &v)) != MP_OKAY) {
-      goto LBL_ERR;
-   }
-   mp_set(&A, 1uL);
-   mp_set(&D, 1uL);
-
-top:
-   /* 4.  while u is even do */
-   while (mp_iseven(&u) == MP_YES) {
-      /* 4.1 u = u/2 */
-      if ((res = mp_div_2(&u, &u)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-      /* 4.2 if A or B is odd then */
-      if ((mp_isodd(&A) == MP_YES) || (mp_isodd(&B) == MP_YES)) {
-         /* A = (A+y)/2, B = (B-x)/2 */
-         if ((res = mp_add(&A, &y, &A)) != MP_OKAY) {
-            goto LBL_ERR;
-         }
-         if ((res = mp_sub(&B, &x, &B)) != MP_OKAY) {
-            goto LBL_ERR;
-         }
-      }
-      /* A = A/2, B = B/2 */
-      if ((res = mp_div_2(&A, &A)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-      if ((res = mp_div_2(&B, &B)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-   }
-
-   /* 5.  while v is even do */
-   while (mp_iseven(&v) == MP_YES) {
-      /* 5.1 v = v/2 */
-      if ((res = mp_div_2(&v, &v)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-      /* 5.2 if C or D is odd then */
-      if ((mp_isodd(&C) == MP_YES) || (mp_isodd(&D) == MP_YES)) {
-         /* C = (C+y)/2, D = (D-x)/2 */
-         if ((res = mp_add(&C, &y, &C)) != MP_OKAY) {
-            goto LBL_ERR;
-         }
-         if ((res = mp_sub(&D, &x, &D)) != MP_OKAY) {
-            goto LBL_ERR;
-         }
-      }
-      /* C = C/2, D = D/2 */
-      if ((res = mp_div_2(&C, &C)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-      if ((res = mp_div_2(&D, &D)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-   }
-
-   /* 6.  if u >= v then */
-   if (mp_cmp(&u, &v) != MP_LT) {
-      /* u = u - v, A = A - C, B = B - D */
-      if ((res = mp_sub(&u, &v, &u)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-
-      if ((res = mp_sub(&A, &C, &A)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-
-      if ((res = mp_sub(&B, &D, &B)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-   } else {
-      /* v - v - u, C = C - A, D = D - B */
-      if ((res = mp_sub(&v, &u, &v)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-
-      if ((res = mp_sub(&C, &A, &C)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-
-      if ((res = mp_sub(&D, &B, &D)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-   }
-
-   /* if not zero goto step 4 */
-   if (mp_iszero(&u) == MP_NO)
-      goto top;
-
-   /* now a = C, b = D, gcd == g*v */
-
-   /* if v != 1 then there is no inverse */
-   if (mp_cmp_d(&v, 1uL) != MP_EQ) {
-      res = MP_VAL;
-      goto LBL_ERR;
-   }
-
-   /* if its too low */
-   while (mp_cmp_d(&C, 0uL) == MP_LT) {
-      if ((res = mp_add(&C, b, &C)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-   }
-
-   /* too big */
-   while (mp_cmp_mag(&C, b) != MP_LT) {
-      if ((res = mp_sub(&C, b, &C)) != MP_OKAY) {
-         goto LBL_ERR;
-      }
-   }
-
-   /* C is now the inverse */
-   mp_exch(&C, c);
-   res = MP_OKAY;
-LBL_ERR:
-   mp_clear_multi(&x, &y, &u, &v, &A, &B, &C, &D, NULL);
-   return res;
-}
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_is_square.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_is_square.c	Tue May 26 17:36:47 2020 +0200
@@ -1,16 +1,7 @@
 #include "tommath_private.h"
 #ifdef BN_MP_IS_SQUARE_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* Check if remainders are possible squares - fast exclude non-squares */
 static const char rem_128[128] = {
@@ -35,9 +26,9 @@
 };
 
 /* Store non-zero to ret if arg is square, and zero if not */
-int mp_is_square(const mp_int *arg, int *ret)
+mp_err mp_is_square(const mp_int *arg, mp_bool *ret)
 {
-   int           res;
+   mp_err        err;
    mp_digit      c;
    mp_int        t;
    unsigned long r;
@@ -49,34 +40,33 @@
       return MP_VAL;
    }
 
-   /* digits used?  (TSD) */
-   if (arg->used == 0) {
+   if (MP_IS_ZERO(arg)) {
       return MP_OKAY;
    }
 
-   /* First check mod 128 (suppose that DIGIT_BIT is at least 7) */
-   if (rem_128[127u & DIGIT(arg, 0)] == (char)1) {
+   /* First check mod 128 (suppose that MP_DIGIT_BIT is at least 7) */
+   if (rem_128[127u & arg->dp[0]] == (char)1) {
       return MP_OKAY;
    }
 
    /* Next check mod 105 (3*5*7) */
-   if ((res = mp_mod_d(arg, 105uL, &c)) != MP_OKAY) {
-      return res;
+   if ((err = mp_mod_d(arg, 105uL, &c)) != MP_OKAY) {
+      return err;
    }
    if (rem_105[c] == (char)1) {
       return MP_OKAY;
    }
 
 
-   if ((res = mp_init_set_int(&t, 11L*13L*17L*19L*23L*29L*31L)) != MP_OKAY) {
-      return res;
+   if ((err = mp_init_u32(&t, 11u*13u*17u*19u*23u*29u*31u)) != MP_OKAY) {
+      return err;
    }
-   if ((res = mp_mod(arg, &t, &t)) != MP_OKAY) {
+   if ((err = mp_mod(arg, &t, &t)) != MP_OKAY) {
       goto LBL_ERR;
    }
-   r = mp_get_int(&t);
+   r = mp_get_u32(&t);
    /* Check for other prime modules, note it's not an ERROR but we must
-    * free "t" so the easiest way is to goto LBL_ERR.  We know that res
+    * free "t" so the easiest way is to goto LBL_ERR.  We know that err
     * is already equal to MP_OKAY from the mp_mod call
     */
    if (((1uL<<(r%11uL)) & 0x5C4uL) != 0uL)         goto LBL_ERR;
@@ -88,20 +78,16 @@
    if (((1uL<<(r%31uL)) & 0x6DE2B848uL) != 0uL)    goto LBL_ERR;
 
    /* Final check - is sqr(sqrt(arg)) == arg ? */
-   if ((res = mp_sqrt(arg, &t)) != MP_OKAY) {
+   if ((err = mp_sqrt(arg, &t)) != MP_OKAY) {
       goto LBL_ERR;
    }
-   if ((res = mp_sqr(&t, &t)) != MP_OKAY) {
+   if ((err = mp_sqr(&t, &t)) != MP_OKAY) {
       goto LBL_ERR;
    }
 
    *ret = (mp_cmp_mag(&t, arg) == MP_EQ) ? MP_YES : MP_NO;
 LBL_ERR:
    mp_clear(&t);
-   return res;
+   return err;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_iseven.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,10 @@
+#include "tommath_private.h"
+#ifdef BN_MP_ISEVEN_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+mp_bool mp_iseven(const mp_int *a)
+{
+   return MP_IS_EVEN(a) ? MP_YES : MP_NO;
+}
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_isodd.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,10 @@
+#include "tommath_private.h"
+#ifdef BN_MP_ISODD_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+mp_bool mp_isodd(const mp_int *a)
+{
+   return MP_IS_ODD(a) ? MP_YES : MP_NO;
+}
+#endif
--- a/libtommath/bn_mp_jacobi.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,36 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_MP_JACOBI_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* computes the jacobi c = (a | n) (or Legendre if n is prime)
- * Kept for legacy reasons, please use mp_kronecker() instead
- */
-int mp_jacobi(const mp_int *a, const mp_int *n, int *c)
-{
-   /* if a < 0 return MP_VAL */
-   if (mp_isneg(a) == MP_YES) {
-      return MP_VAL;
-   }
-
-   /* if n <= 0 return MP_VAL */
-   if (mp_cmp_d(n, 0uL) != MP_GT) {
-      return MP_VAL;
-   }
-
-   return mp_kronecker(a, n, c);
-}
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_karatsuba_mul.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,171 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_MP_KARATSUBA_MUL_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* c = |a| * |b| using Karatsuba Multiplication using
- * three half size multiplications
- *
- * Let B represent the radix [e.g. 2**DIGIT_BIT] and
- * let n represent half of the number of digits in
- * the min(a,b)
- *
- * a = a1 * B**n + a0
- * b = b1 * B**n + b0
- *
- * Then, a * b =>
-   a1b1 * B**2n + ((a1 + a0)(b1 + b0) - (a0b0 + a1b1)) * B + a0b0
- *
- * Note that a1b1 and a0b0 are used twice and only need to be
- * computed once.  So in total three half size (half # of
- * digit) multiplications are performed, a0b0, a1b1 and
- * (a1+b1)(a0+b0)
- *
- * Note that a multiplication of half the digits requires
- * 1/4th the number of single precision multiplications so in
- * total after one call 25% of the single precision multiplications
- * are saved.  Note also that the call to mp_mul can end up back
- * in this function if the a0, a1, b0, or b1 are above the threshold.
- * This is known as divide-and-conquer and leads to the famous
- * O(N**lg(3)) or O(N**1.584) work which is asymptopically lower than
- * the standard O(N**2) that the baseline/comba methods use.
- * Generally though the overhead of this method doesn't pay off
- * until a certain size (N ~ 80) is reached.
- */
-int mp_karatsuba_mul(const mp_int *a, const mp_int *b, mp_int *c)
-{
-   mp_int  x0, x1, y0, y1, t1, x0y0, x1y1;
-   int     B, err;
-
-   /* default the return code to an error */
-   err = MP_MEM;
-
-   /* min # of digits */
-   B = MIN(a->used, b->used);
-
-   /* now divide in two */
-   B = B >> 1;
-
-   /* init copy all the temps */
-   if (mp_init_size(&x0, B) != MP_OKAY)
-      goto LBL_ERR;
-   if (mp_init_size(&x1, a->used - B) != MP_OKAY)
-      goto X0;
-   if (mp_init_size(&y0, B) != MP_OKAY)
-      goto X1;
-   if (mp_init_size(&y1, b->used - B) != MP_OKAY)
-      goto Y0;
-
-   /* init temps */
-   if (mp_init_size(&t1, B * 2) != MP_OKAY)
-      goto Y1;
-   if (mp_init_size(&x0y0, B * 2) != MP_OKAY)
-      goto T1;
-   if (mp_init_size(&x1y1, B * 2) != MP_OKAY)
-      goto X0Y0;
-
-   /* now shift the digits */
-   x0.used = y0.used = B;
-   x1.used = a->used - B;
-   y1.used = b->used - B;
-
-   {
-      int x;
-      mp_digit *tmpa, *tmpb, *tmpx, *tmpy;
-
-      /* we copy the digits directly instead of using higher level functions
-       * since we also need to shift the digits
-       */
-      tmpa = a->dp;
-      tmpb = b->dp;
-
-      tmpx = x0.dp;
-      tmpy = y0.dp;
-      for (x = 0; x < B; x++) {
-         *tmpx++ = *tmpa++;
-         *tmpy++ = *tmpb++;
-      }
-
-      tmpx = x1.dp;
-      for (x = B; x < a->used; x++) {
-         *tmpx++ = *tmpa++;
-      }
-
-      tmpy = y1.dp;
-      for (x = B; x < b->used; x++) {
-         *tmpy++ = *tmpb++;
-      }
-   }
-
-   /* only need to clamp the lower words since by definition the
-    * upper words x1/y1 must have a known number of digits
-    */
-   mp_clamp(&x0);
-   mp_clamp(&y0);
-
-   /* now calc the products x0y0 and x1y1 */
-   /* after this x0 is no longer required, free temp [x0==t2]! */
-   if (mp_mul(&x0, &y0, &x0y0) != MP_OKAY)
-      goto X1Y1;          /* x0y0 = x0*y0 */
-   if (mp_mul(&x1, &y1, &x1y1) != MP_OKAY)
-      goto X1Y1;          /* x1y1 = x1*y1 */
-
-   /* now calc x1+x0 and y1+y0 */
-   if (s_mp_add(&x1, &x0, &t1) != MP_OKAY)
-      goto X1Y1;          /* t1 = x1 - x0 */
-   if (s_mp_add(&y1, &y0, &x0) != MP_OKAY)
-      goto X1Y1;          /* t2 = y1 - y0 */
-   if (mp_mul(&t1, &x0, &t1) != MP_OKAY)
-      goto X1Y1;          /* t1 = (x1 + x0) * (y1 + y0) */
-
-   /* add x0y0 */
-   if (mp_add(&x0y0, &x1y1, &x0) != MP_OKAY)
-      goto X1Y1;          /* t2 = x0y0 + x1y1 */
-   if (s_mp_sub(&t1, &x0, &t1) != MP_OKAY)
-      goto X1Y1;          /* t1 = (x1+x0)*(y1+y0) - (x1y1 + x0y0) */
-
-   /* shift by B */
-   if (mp_lshd(&t1, B) != MP_OKAY)
-      goto X1Y1;          /* t1 = (x0y0 + x1y1 - (x1-x0)*(y1-y0))<<B */
-   if (mp_lshd(&x1y1, B * 2) != MP_OKAY)
-      goto X1Y1;          /* x1y1 = x1y1 << 2*B */
-
-   if (mp_add(&x0y0, &t1, &t1) != MP_OKAY)
-      goto X1Y1;          /* t1 = x0y0 + t1 */
-   if (mp_add(&t1, &x1y1, c) != MP_OKAY)
-      goto X1Y1;          /* t1 = x0y0 + t1 + x1y1 */
-
-   /* Algorithm succeeded set the return code to MP_OKAY */
-   err = MP_OKAY;
-
-X1Y1:
-   mp_clear(&x1y1);
-X0Y0:
-   mp_clear(&x0y0);
-T1:
-   mp_clear(&t1);
-Y1:
-   mp_clear(&y1);
-Y0:
-   mp_clear(&y0);
-X1:
-   mp_clear(&x1);
-X0:
-   mp_clear(&x0);
-LBL_ERR:
-   return err;
-}
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_karatsuba_sqr.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,124 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_MP_KARATSUBA_SQR_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* Karatsuba squaring, computes b = a*a using three
- * half size squarings
- *
- * See comments of karatsuba_mul for details.  It
- * is essentially the same algorithm but merely
- * tuned to perform recursive squarings.
- */
-int mp_karatsuba_sqr(const mp_int *a, mp_int *b)
-{
-   mp_int  x0, x1, t1, t2, x0x0, x1x1;
-   int     B, err;
-
-   err = MP_MEM;
-
-   /* min # of digits */
-   B = a->used;
-
-   /* now divide in two */
-   B = B >> 1;
-
-   /* init copy all the temps */
-   if (mp_init_size(&x0, B) != MP_OKAY)
-      goto LBL_ERR;
-   if (mp_init_size(&x1, a->used - B) != MP_OKAY)
-      goto X0;
-
-   /* init temps */
-   if (mp_init_size(&t1, a->used * 2) != MP_OKAY)
-      goto X1;
-   if (mp_init_size(&t2, a->used * 2) != MP_OKAY)
-      goto T1;
-   if (mp_init_size(&x0x0, B * 2) != MP_OKAY)
-      goto T2;
-   if (mp_init_size(&x1x1, (a->used - B) * 2) != MP_OKAY)
-      goto X0X0;
-
-   {
-      int x;
-      mp_digit *dst, *src;
-
-      src = a->dp;
-
-      /* now shift the digits */
-      dst = x0.dp;
-      for (x = 0; x < B; x++) {
-         *dst++ = *src++;
-      }
-
-      dst = x1.dp;
-      for (x = B; x < a->used; x++) {
-         *dst++ = *src++;
-      }
-   }
-
-   x0.used = B;
-   x1.used = a->used - B;
-
-   mp_clamp(&x0);
-
-   /* now calc the products x0*x0 and x1*x1 */
-   if (mp_sqr(&x0, &x0x0) != MP_OKAY)
-      goto X1X1;           /* x0x0 = x0*x0 */
-   if (mp_sqr(&x1, &x1x1) != MP_OKAY)
-      goto X1X1;           /* x1x1 = x1*x1 */
-
-   /* now calc (x1+x0)**2 */
-   if (s_mp_add(&x1, &x0, &t1) != MP_OKAY)
-      goto X1X1;           /* t1 = x1 - x0 */
-   if (mp_sqr(&t1, &t1) != MP_OKAY)
-      goto X1X1;           /* t1 = (x1 - x0) * (x1 - x0) */
-
-   /* add x0y0 */
-   if (s_mp_add(&x0x0, &x1x1, &t2) != MP_OKAY)
-      goto X1X1;           /* t2 = x0x0 + x1x1 */
-   if (s_mp_sub(&t1, &t2, &t1) != MP_OKAY)
-      goto X1X1;           /* t1 = (x1+x0)**2 - (x0x0 + x1x1) */
-
-   /* shift by B */
-   if (mp_lshd(&t1, B) != MP_OKAY)
-      goto X1X1;           /* t1 = (x0x0 + x1x1 - (x1-x0)*(x1-x0))<<B */
-   if (mp_lshd(&x1x1, B * 2) != MP_OKAY)
-      goto X1X1;           /* x1x1 = x1x1 << 2*B */
-
-   if (mp_add(&x0x0, &t1, &t1) != MP_OKAY)
-      goto X1X1;           /* t1 = x0x0 + t1 */
-   if (mp_add(&t1, &x1x1, b) != MP_OKAY)
-      goto X1X1;           /* t1 = x0x0 + t1 + x1x1 */
-
-   err = MP_OKAY;
-
-X1X1:
-   mp_clear(&x1x1);
-X0X0:
-   mp_clear(&x0x0);
-T2:
-   mp_clear(&t2);
-T1:
-   mp_clear(&t1);
-X1:
-   mp_clear(&x1);
-X0:
-   mp_clear(&x0);
-LBL_ERR:
-   return err;
-}
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_kronecker.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_kronecker.c	Tue May 26 17:36:47 2020 +0200
@@ -1,17 +1,8 @@
 #include "tommath_private.h"
 #ifdef BN_MP_KRONECKER_C
 
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /*
    Kronecker symbol (a|p)
@@ -26,43 +17,41 @@
      publisher={Springer Science \& Business Media}
     }
  */
-int mp_kronecker(const mp_int *a, const mp_int *p, int *c)
+mp_err mp_kronecker(const mp_int *a, const mp_int *p, int *c)
 {
    mp_int a1, p1, r;
-
-   int e = MP_OKAY;
+   mp_err err;
    int v, k;
 
    static const int table[8] = {0, 1, 0, -1, 0, -1, 0, 1};
 
-   if (mp_iszero(p) != MP_NO) {
+   if (MP_IS_ZERO(p)) {
       if ((a->used == 1) && (a->dp[0] == 1u)) {
          *c = 1;
-         return e;
       } else {
          *c = 0;
-         return e;
       }
+      return MP_OKAY;
    }
 
-   if ((mp_iseven(a) != MP_NO) && (mp_iseven(p) != MP_NO)) {
+   if (MP_IS_EVEN(a) && MP_IS_EVEN(p)) {
       *c = 0;
-      return e;
+      return MP_OKAY;
    }
 
-   if ((e = mp_init_copy(&a1, a)) != MP_OKAY) {
-      return e;
+   if ((err = mp_init_copy(&a1, a)) != MP_OKAY) {
+      return err;
    }
-   if ((e = mp_init_copy(&p1, p)) != MP_OKAY) {
+   if ((err = mp_init_copy(&p1, p)) != MP_OKAY) {
       goto LBL_KRON_0;
    }
 
    v = mp_cnt_lsb(&p1);
-   if ((e = mp_div_2d(&p1, v, &p1, NULL)) != MP_OKAY) {
+   if ((err = mp_div_2d(&p1, v, &p1, NULL)) != MP_OKAY) {
       goto LBL_KRON_1;
    }
 
-   if ((v & 0x1) == 0) {
+   if ((v & 1) == 0) {
       k = 1;
    } else {
       k = table[a->dp[0] & 7u];
@@ -75,12 +64,12 @@
       }
    }
 
-   if ((e = mp_init(&r)) != MP_OKAY) {
+   if ((err = mp_init(&r)) != MP_OKAY) {
       goto LBL_KRON_1;
    }
 
    for (;;) {
-      if (mp_iszero(&a1) != MP_NO) {
+      if (MP_IS_ZERO(&a1)) {
          if (mp_cmp_d(&p1, 1uL) == MP_EQ) {
             *c = k;
             goto LBL_KRON;
@@ -91,11 +80,11 @@
       }
 
       v = mp_cnt_lsb(&a1);
-      if ((e = mp_div_2d(&a1, v, &a1, NULL)) != MP_OKAY) {
+      if ((err = mp_div_2d(&a1, v, &a1, NULL)) != MP_OKAY) {
          goto LBL_KRON;
       }
 
-      if ((v & 0x1) == 1) {
+      if ((v & 1) == 1) {
          k = k * table[p1.dp[0] & 7u];
       }
 
@@ -115,14 +104,14 @@
          }
       }
 
-      if ((e = mp_copy(&a1, &r)) != MP_OKAY) {
+      if ((err = mp_copy(&a1, &r)) != MP_OKAY) {
          goto LBL_KRON;
       }
       r.sign = MP_ZPOS;
-      if ((e = mp_mod(&p1, &r, &a1)) != MP_OKAY) {
+      if ((err = mp_mod(&p1, &r, &a1)) != MP_OKAY) {
          goto LBL_KRON;
       }
-      if ((e = mp_copy(&r, &p1)) != MP_OKAY) {
+      if ((err = mp_copy(&r, &p1)) != MP_OKAY) {
          goto LBL_KRON;
       }
    }
@@ -134,11 +123,7 @@
 LBL_KRON_0:
    mp_clear(&a1);
 
-   return e;
+   return err;
 }
 
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_lcm.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_lcm.c	Tue May 26 17:36:47 2020 +0200
@@ -1,46 +1,37 @@
 #include "tommath_private.h"
 #ifdef BN_MP_LCM_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* computes least common multiple as |a*b|/(a, b) */
-int mp_lcm(const mp_int *a, const mp_int *b, mp_int *c)
+mp_err mp_lcm(const mp_int *a, const mp_int *b, mp_int *c)
 {
-   int     res;
+   mp_err  err;
    mp_int  t1, t2;
 
 
-   if ((res = mp_init_multi(&t1, &t2, NULL)) != MP_OKAY) {
-      return res;
+   if ((err = mp_init_multi(&t1, &t2, NULL)) != MP_OKAY) {
+      return err;
    }
 
    /* t1 = get the GCD of the two inputs */
-   if ((res = mp_gcd(a, b, &t1)) != MP_OKAY) {
+   if ((err = mp_gcd(a, b, &t1)) != MP_OKAY) {
       goto LBL_T;
    }
 
    /* divide the smallest by the GCD */
    if (mp_cmp_mag(a, b) == MP_LT) {
       /* store quotient in t2 such that t2 * b is the LCM */
-      if ((res = mp_div(a, &t1, &t2, NULL)) != MP_OKAY) {
+      if ((err = mp_div(a, &t1, &t2, NULL)) != MP_OKAY) {
          goto LBL_T;
       }
-      res = mp_mul(b, &t2, c);
+      err = mp_mul(b, &t2, c);
    } else {
       /* store quotient in t2 such that t2 * a is the LCM */
-      if ((res = mp_div(b, &t1, &t2, NULL)) != MP_OKAY) {
+      if ((err = mp_div(b, &t1, &t2, NULL)) != MP_OKAY) {
          goto LBL_T;
       }
-      res = mp_mul(a, &t2, c);
+      err = mp_mul(a, &t2, c);
    }
 
    /* fix the sign to positive */
@@ -48,10 +39,6 @@
 
 LBL_T:
    mp_clear_multi(&t1, &t2, NULL);
-   return res;
+   return err;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_log_u32.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,180 @@
+#include "tommath_private.h"
+#ifdef BN_MP_LOG_U32_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+/* Compute log_{base}(a) */
+static mp_word s_pow(mp_word base, mp_word exponent)
+{
+   mp_word result = 1uLL;
+   while (exponent != 0u) {
+      if ((exponent & 1u) == 1u) {
+         result *= base;
+      }
+      exponent >>= 1;
+      base *= base;
+   }
+
+   return result;
+}
+
+static mp_digit s_digit_ilogb(mp_digit base, mp_digit n)
+{
+   mp_word bracket_low = 1uLL, bracket_mid, bracket_high, N;
+   mp_digit ret, high = 1uL, low = 0uL, mid;
+
+   if (n < base) {
+      return 0uL;
+   }
+   if (n == base) {
+      return 1uL;
+   }
+
+   bracket_high = (mp_word) base ;
+   N = (mp_word) n;
+
+   while (bracket_high < N) {
+      low = high;
+      bracket_low = bracket_high;
+      high <<= 1;
+      bracket_high *= bracket_high;
+   }
+
+   while (((mp_digit)(high - low)) > 1uL) {
+      mid = (low + high) >> 1;
+      bracket_mid = bracket_low * s_pow(base, (mp_word)(mid - low));
+
+      if (N < bracket_mid) {
+         high = mid ;
+         bracket_high = bracket_mid ;
+      }
+      if (N > bracket_mid) {
+         low = mid ;
+         bracket_low = bracket_mid ;
+      }
+      if (N == bracket_mid) {
+         return (mp_digit) mid;
+      }
+   }
+
+   if (bracket_high == N) {
+      ret = high;
+   } else {
+      ret = low;
+   }
+
+   return ret;
+}
+
+/* TODO: output could be "int" because the output of mp_radix_size is int, too,
+         as is the output of mp_bitcount.
+         With the same problem: max size is INT_MAX * MP_DIGIT not INT_MAX only!
+*/
+mp_err mp_log_u32(const mp_int *a, uint32_t base, uint32_t *c)
+{
+   mp_err err;
+   mp_ord cmp;
+   uint32_t high, low, mid;
+   mp_int bracket_low, bracket_high, bracket_mid, t, bi_base;
+
+   err = MP_OKAY;
+
+   if (a->sign == MP_NEG) {
+      return MP_VAL;
+   }
+
+   if (MP_IS_ZERO(a)) {
+      return MP_VAL;
+   }
+
+   if (base < 2u) {
+      return MP_VAL;
+   }
+
+   /* A small shortcut for bases that are powers of two. */
+   if ((base & (base - 1u)) == 0u) {
+      int y, bit_count;
+      for (y=0; (y < 7) && ((base & 1u) == 0u); y++) {
+         base >>= 1;
+      }
+      bit_count = mp_count_bits(a) - 1;
+      *c = (uint32_t)(bit_count/y);
+      return MP_OKAY;
+   }
+
+   if (a->used == 1) {
+      *c = (uint32_t)s_digit_ilogb(base, a->dp[0]);
+      return err;
+   }
+
+   cmp = mp_cmp_d(a, base);
+   if ((cmp == MP_LT) || (cmp == MP_EQ)) {
+      *c = cmp == MP_EQ;
+      return err;
+   }
+
+   if ((err =
+           mp_init_multi(&bracket_low, &bracket_high,
+                         &bracket_mid, &t, &bi_base, NULL)) != MP_OKAY) {
+      return err;
+   }
+
+   low = 0u;
+   mp_set(&bracket_low, 1uL);
+   high = 1u;
+
+   mp_set(&bracket_high, base);
+
+   /*
+       A kind of Giant-step/baby-step algorithm.
+       Idea shamelessly stolen from https://programmingpraxis.com/2010/05/07/integer-logarithms/2/
+       The effect is asymptotic, hence needs benchmarks to test if the Giant-step should be skipped
+       for small n.
+    */
+   while (mp_cmp(&bracket_high, a) == MP_LT) {
+      low = high;
+      if ((err = mp_copy(&bracket_high, &bracket_low)) != MP_OKAY) {
+         goto LBL_ERR;
+      }
+      high <<= 1;
+      if ((err = mp_sqr(&bracket_high, &bracket_high)) != MP_OKAY) {
+         goto LBL_ERR;
+      }
+   }
+   mp_set(&bi_base, base);
+
+   while ((high - low) > 1u) {
+      mid = (high + low) >> 1;
+
+      if ((err = mp_expt_u32(&bi_base, (uint32_t)(mid - low), &t)) != MP_OKAY) {
+         goto LBL_ERR;
+      }
+      if ((err = mp_mul(&bracket_low, &t, &bracket_mid)) != MP_OKAY) {
+         goto LBL_ERR;
+      }
+      cmp = mp_cmp(a, &bracket_mid);
+      if (cmp == MP_LT) {
+         high = mid;
+         mp_exch(&bracket_mid, &bracket_high);
+      }
+      if (cmp == MP_GT) {
+         low = mid;
+         mp_exch(&bracket_mid, &bracket_low);
+      }
+      if (cmp == MP_EQ) {
+         *c = mid;
+         goto LBL_END;
+      }
+   }
+
+   *c = (mp_cmp(&bracket_high, a) == MP_EQ) ? high : low;
+
+LBL_END:
+LBL_ERR:
+   mp_clear_multi(&bracket_low, &bracket_high, &bracket_mid,
+                  &t, &bi_base, NULL);
+   return err;
+}
+
+
+#endif
--- a/libtommath/bn_mp_lshd.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_lshd.c	Tue May 26 17:36:47 2020 +0200
@@ -1,68 +1,51 @@
 #include "tommath_private.h"
 #ifdef BN_MP_LSHD_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* shift left a certain amount of digits */
-int mp_lshd(mp_int *a, int b)
+mp_err mp_lshd(mp_int *a, int b)
 {
-   int     x, res;
+   int x;
+   mp_err err;
+   mp_digit *top, *bottom;
 
    /* if its less than zero return */
    if (b <= 0) {
       return MP_OKAY;
    }
    /* no need to shift 0 around */
-   if (mp_iszero(a) == MP_YES) {
+   if (MP_IS_ZERO(a)) {
       return MP_OKAY;
    }
 
    /* grow to fit the new digits */
    if (a->alloc < (a->used + b)) {
-      if ((res = mp_grow(a, a->used + b)) != MP_OKAY) {
-         return res;
+      if ((err = mp_grow(a, a->used + b)) != MP_OKAY) {
+         return err;
       }
    }
 
-   {
-      mp_digit *top, *bottom;
-
-      /* increment the used by the shift amount then copy upwards */
-      a->used += b;
+   /* increment the used by the shift amount then copy upwards */
+   a->used += b;
 
-      /* top */
-      top = a->dp + a->used - 1;
+   /* top */
+   top = a->dp + a->used - 1;
 
-      /* base */
-      bottom = (a->dp + a->used - 1) - b;
+   /* base */
+   bottom = (a->dp + a->used - 1) - b;
 
-      /* much like mp_rshd this is implemented using a sliding window
-       * except the window goes the otherway around.  Copying from
-       * the bottom to the top.  see bn_mp_rshd.c for more info.
-       */
-      for (x = a->used - 1; x >= b; x--) {
-         *top-- = *bottom--;
-      }
+   /* much like mp_rshd this is implemented using a sliding window
+    * except the window goes the otherway around.  Copying from
+    * the bottom to the top.  see bn_mp_rshd.c for more info.
+    */
+   for (x = a->used - 1; x >= b; x--) {
+      *top-- = *bottom--;
+   }
 
-      /* zero the lower digits */
-      top = a->dp;
-      for (x = 0; x < b; x++) {
-         *top++ = 0;
-      }
-   }
+   /* zero the lower digits */
+   MP_ZERO_DIGITS(a->dp, b);
+
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_mod.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_mod.c	Tue May 26 17:36:47 2020 +0200
@@ -1,44 +1,31 @@
 #include "tommath_private.h"
 #ifdef BN_MP_MOD_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* c = a mod b, 0 <= c < b if b > 0, b < c <= 0 if b < 0 */
-int mp_mod(const mp_int *a, const mp_int *b, mp_int *c)
+mp_err mp_mod(const mp_int *a, const mp_int *b, mp_int *c)
 {
    mp_int  t;
-   int     res;
+   mp_err  err;
 
-   if ((res = mp_init_size(&t, b->used)) != MP_OKAY) {
-      return res;
+   if ((err = mp_init_size(&t, b->used)) != MP_OKAY) {
+      return err;
    }
 
-   if ((res = mp_div(a, b, NULL, &t)) != MP_OKAY) {
-      mp_clear(&t);
-      return res;
+   if ((err = mp_div(a, b, NULL, &t)) != MP_OKAY) {
+      goto LBL_ERR;
    }
 
-   if ((mp_iszero(&t) != MP_NO) || (t.sign == b->sign)) {
-      res = MP_OKAY;
+   if (MP_IS_ZERO(&t) || (t.sign == b->sign)) {
+      err = MP_OKAY;
       mp_exch(&t, c);
    } else {
-      res = mp_add(b, &t, c);
+      err = mp_add(b, &t, c);
    }
 
+LBL_ERR:
    mp_clear(&t);
-   return res;
+   return err;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_mod_2d.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_mod_2d.c	Tue May 26 17:36:47 2020 +0200
@@ -1,21 +1,13 @@
 #include "tommath_private.h"
 #ifdef BN_MP_MOD_2D_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* calc a value mod 2**b */
-int mp_mod_2d(const mp_int *a, int b, mp_int *c)
+mp_err mp_mod_2d(const mp_int *a, int b, mp_int *c)
 {
-   int     x, res;
+   int x;
+   mp_err err;
 
    /* if b is <= 0 then zero the int */
    if (b <= 0) {
@@ -24,28 +16,23 @@
    }
 
    /* if the modulus is larger than the value than return */
-   if (b >= (a->used * DIGIT_BIT)) {
-      res = mp_copy(a, c);
-      return res;
+   if (b >= (a->used * MP_DIGIT_BIT)) {
+      return mp_copy(a, c);
    }
 
    /* copy */
-   if ((res = mp_copy(a, c)) != MP_OKAY) {
-      return res;
+   if ((err = mp_copy(a, c)) != MP_OKAY) {
+      return err;
    }
 
    /* zero digits above the last digit of the modulus */
-   for (x = (b / DIGIT_BIT) + (((b % DIGIT_BIT) == 0) ? 0 : 1); x < c->used; x++) {
-      c->dp[x] = 0;
-   }
+   x = (b / MP_DIGIT_BIT) + (((b % MP_DIGIT_BIT) == 0) ? 0 : 1);
+   MP_ZERO_DIGITS(c->dp + x, c->used - x);
+
    /* clear the digit that is not completely outside/inside the modulus */
-   c->dp[b / DIGIT_BIT] &=
-      ((mp_digit)1 << (mp_digit)(b % DIGIT_BIT)) - (mp_digit)1;
+   c->dp[b / MP_DIGIT_BIT] &=
+      ((mp_digit)1 << (mp_digit)(b % MP_DIGIT_BIT)) - (mp_digit)1;
    mp_clamp(c);
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_mod_d.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_mod_d.c	Tue May 26 17:36:47 2020 +0200
@@ -1,23 +1,10 @@
 #include "tommath_private.h"
 #ifdef BN_MP_MOD_D_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
-int mp_mod_d(const mp_int *a, mp_digit b, mp_digit *c)
+mp_err mp_mod_d(const mp_int *a, mp_digit b, mp_digit *c)
 {
    return mp_div_d(a, b, NULL, c);
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_montgomery_calc_normalization.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_montgomery_calc_normalization.c	Tue May 26 17:36:47 2020 +0200
@@ -1,16 +1,7 @@
 #include "tommath_private.h"
 #ifdef BN_MP_MONTGOMERY_CALC_NORMALIZATION_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /*
  * shifts with subtractions when the result is greater than b.
@@ -18,16 +9,17 @@
  * The method is slightly modified to shift B unconditionally upto just under
  * the leading bit of b.  This saves alot of multiple precision shifting.
  */
-int mp_montgomery_calc_normalization(mp_int *a, const mp_int *b)
+mp_err mp_montgomery_calc_normalization(mp_int *a, const mp_int *b)
 {
-   int     x, bits, res;
+   int    x, bits;
+   mp_err err;
 
    /* how many bits of last digit does b use */
-   bits = mp_count_bits(b) % DIGIT_BIT;
+   bits = mp_count_bits(b) % MP_DIGIT_BIT;
 
    if (b->used > 1) {
-      if ((res = mp_2expt(a, ((b->used - 1) * DIGIT_BIT) + bits - 1)) != MP_OKAY) {
-         return res;
+      if ((err = mp_2expt(a, ((b->used - 1) * MP_DIGIT_BIT) + bits - 1)) != MP_OKAY) {
+         return err;
       }
    } else {
       mp_set(a, 1uL);
@@ -36,13 +28,13 @@
 
 
    /* now compute C = A * B mod b */
-   for (x = bits - 1; x < (int)DIGIT_BIT; x++) {
-      if ((res = mp_mul_2(a, a)) != MP_OKAY) {
-         return res;
+   for (x = bits - 1; x < (int)MP_DIGIT_BIT; x++) {
+      if ((err = mp_mul_2(a, a)) != MP_OKAY) {
+         return err;
       }
       if (mp_cmp_mag(a, b) != MP_LT) {
-         if ((res = s_mp_sub(a, b, a)) != MP_OKAY) {
-            return res;
+         if ((err = s_mp_sub(a, b, a)) != MP_OKAY) {
+            return err;
          }
       }
    }
@@ -50,7 +42,3 @@
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_montgomery_reduce.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_montgomery_reduce.c	Tue May 26 17:36:47 2020 +0200
@@ -1,21 +1,13 @@
 #include "tommath_private.h"
 #ifdef BN_MP_MONTGOMERY_REDUCE_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* computes xR**-1 == x (mod N) via Montgomery Reduction */
-int mp_montgomery_reduce(mp_int *x, const mp_int *n, mp_digit rho)
+mp_err mp_montgomery_reduce(mp_int *x, const mp_int *n, mp_digit rho)
 {
-   int     ix, res, digs;
+   int      ix, digs;
+   mp_err   err;
    mp_digit mu;
 
    /* can the fast reduction [comba] method be used?
@@ -25,17 +17,16 @@
     * are fixed up in the inner loop.
     */
    digs = (n->used * 2) + 1;
-   if ((digs < (int)MP_WARRAY) &&
-       (x->used <= (int)MP_WARRAY) &&
-       (n->used <
-        (int)(1u << (((size_t)CHAR_BIT * sizeof(mp_word)) - (2u * (size_t)DIGIT_BIT))))) {
-      return fast_mp_montgomery_reduce(x, n, rho);
+   if ((digs < MP_WARRAY) &&
+       (x->used <= MP_WARRAY) &&
+       (n->used < MP_MAXFAST)) {
+      return s_mp_montgomery_reduce_fast(x, n, rho);
    }
 
    /* grow the input as required */
    if (x->alloc < digs) {
-      if ((res = mp_grow(x, digs)) != MP_OKAY) {
-         return res;
+      if ((err = mp_grow(x, digs)) != MP_OKAY) {
+         return err;
       }
    }
    x->used = digs;
@@ -73,7 +64,7 @@
                       (mp_word)u + (mp_word)*tmpx;
 
             /* get carry */
-            u       = (mp_digit)(r >> (mp_word)DIGIT_BIT);
+            u       = (mp_digit)(r >> (mp_word)MP_DIGIT_BIT);
 
             /* fix digit */
             *tmpx++ = (mp_digit)(r & (mp_word)MP_MASK);
@@ -84,7 +75,7 @@
          /* propagate carries upwards as required*/
          while (u != 0u) {
             *tmpx   += u;
-            u        = *tmpx >> DIGIT_BIT;
+            u        = *tmpx >> MP_DIGIT_BIT;
             *tmpx++ &= MP_MASK;
          }
       }
@@ -109,7 +100,3 @@
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_montgomery_setup.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_montgomery_setup.c	Tue May 26 17:36:47 2020 +0200
@@ -1,19 +1,10 @@
 #include "tommath_private.h"
 #ifdef BN_MP_MONTGOMERY_SETUP_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* setups the montgomery reduction stuff */
-int mp_montgomery_setup(const mp_int *n, mp_digit *rho)
+mp_err mp_montgomery_setup(const mp_int *n, mp_digit *rho)
 {
    mp_digit x, b;
 
@@ -44,12 +35,8 @@
 #endif
 
    /* rho = -1/m mod b */
-   *rho = (mp_digit)(((mp_word)1 << (mp_word)DIGIT_BIT) - x) & MP_MASK;
+   *rho = (mp_digit)(((mp_word)1 << (mp_word)MP_DIGIT_BIT) - x) & MP_MASK;
 
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_mul.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_mul.c	Tue May 26 17:36:47 2020 +0200
@@ -1,64 +1,52 @@
 #include "tommath_private.h"
 #ifdef BN_MP_MUL_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* high level multiplication (handles sign) */
-int mp_mul(const mp_int *a, const mp_int *b, mp_int *c)
+mp_err mp_mul(const mp_int *a, const mp_int *b, mp_int *c)
 {
-   int     res, neg;
-   neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG;
+   mp_err err;
+   int min_len = MP_MIN(a->used, b->used),
+       max_len = MP_MAX(a->used, b->used),
+       digs = a->used + b->used + 1;
+   mp_sign neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG;
 
-   /* use Toom-Cook? */
-#ifdef BN_MP_TOOM_MUL_C
-   if (MIN(a->used, b->used) >= TOOM_MUL_CUTOFF) {
-      res = mp_toom_mul(a, b, c);
-   } else
-#endif
-#ifdef BN_MP_KARATSUBA_MUL_C
-      /* use Karatsuba? */
-      if (MIN(a->used, b->used) >= KARATSUBA_MUL_CUTOFF) {
-         res = mp_karatsuba_mul(a, b, c);
-      } else
-#endif
-      {
-         /* can we use the fast multiplier?
-          *
-          * The fast multiplier can be used if the output will
-          * have less than MP_WARRAY digits and the number of
-          * digits won't affect carry propagation
-          */
-         int     digs = a->used + b->used + 1;
-
-#ifdef BN_FAST_S_MP_MUL_DIGS_C
-         if ((digs < (int)MP_WARRAY) &&
-             (MIN(a->used, b->used) <=
-              (int)(1u << (((size_t)CHAR_BIT * sizeof(mp_word)) - (2u * (size_t)DIGIT_BIT))))) {
-            res = fast_s_mp_mul_digs(a, b, c, digs);
-         } else
-#endif
-         {
-#ifdef BN_S_MP_MUL_DIGS_C
-            res = s_mp_mul(a, b, c); /* uses s_mp_mul_digs */
-#else
-            res = MP_VAL;
-#endif
-         }
-      }
+   if (MP_HAS(S_MP_BALANCE_MUL) &&
+       /* Check sizes. The smaller one needs to be larger than the Karatsuba cut-off.
+        * The bigger one needs to be at least about one MP_KARATSUBA_MUL_CUTOFF bigger
+        * to make some sense, but it depends on architecture, OS, position of the
+        * stars... so YMMV.
+        * Using it to cut the input into slices small enough for fast_s_mp_mul_digs
+        * was actually slower on the author's machine, but YMMV.
+        */
+       (min_len >= MP_KARATSUBA_MUL_CUTOFF) &&
+       ((max_len / 2) >= MP_KARATSUBA_MUL_CUTOFF) &&
+       /* Not much effect was observed below a ratio of 1:2, but again: YMMV. */
+       (max_len >= (2 * min_len))) {
+      err = s_mp_balance_mul(a,b,c);
+   } else if (MP_HAS(S_MP_TOOM_MUL) &&
+              (min_len >= MP_TOOM_MUL_CUTOFF)) {
+      err = s_mp_toom_mul(a, b, c);
+   } else if (MP_HAS(S_MP_KARATSUBA_MUL) &&
+              (min_len >= MP_KARATSUBA_MUL_CUTOFF)) {
+      err = s_mp_karatsuba_mul(a, b, c);
+   } else if (MP_HAS(S_MP_MUL_DIGS_FAST) &&
+              /* can we use the fast multiplier?
+               *
+               * The fast multiplier can be used if the output will
+               * have less than MP_WARRAY digits and the number of
+               * digits won't affect carry propagation
+               */
+              (digs < MP_WARRAY) &&
+              (min_len <= MP_MAXFAST)) {
+      err = s_mp_mul_digs_fast(a, b, c, digs);
+   } else if (MP_HAS(S_MP_MUL_DIGS)) {
+      err = s_mp_mul_digs(a, b, c, digs);
+   } else {
+      err = MP_VAL;
+   }
    c->sign = (c->used > 0) ? neg : MP_ZPOS;
-   return res;
+   return err;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_mul_2.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_mul_2.c	Tue May 26 17:36:47 2020 +0200
@@ -1,26 +1,18 @@
 #include "tommath_private.h"
 #ifdef BN_MP_MUL_2_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* b = a*2 */
-int mp_mul_2(const mp_int *a, mp_int *b)
+mp_err mp_mul_2(const mp_int *a, mp_int *b)
 {
-   int     x, res, oldused;
+   int     x, oldused;
+   mp_err err;
 
    /* grow to accomodate result */
    if (b->alloc < (a->used + 1)) {
-      if ((res = mp_grow(b, a->used + 1)) != MP_OKAY) {
-         return res;
+      if ((err = mp_grow(b, a->used + 1)) != MP_OKAY) {
+         return err;
       }
    }
 
@@ -43,7 +35,7 @@
          /* get what will be the *next* carry bit from the
           * MSB of the current digit
           */
-         rr = *tmpa >> (mp_digit)(DIGIT_BIT - 1);
+         rr = *tmpa >> (mp_digit)(MP_DIGIT_BIT - 1);
 
          /* now shift up this digit, add in the carry [from the previous] */
          *tmpb++ = ((*tmpa++ << 1uL) | r) & MP_MASK;
@@ -64,16 +56,9 @@
       /* now zero any excess digits on the destination
        * that we didn't write to
        */
-      tmpb = b->dp + b->used;
-      for (x = b->used; x < oldused; x++) {
-         *tmpb++ = 0;
-      }
+      MP_ZERO_DIGITS(b->dp + b->used, oldused - b->used);
    }
    b->sign = a->sign;
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_mul_2d.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_mul_2d.c	Tue May 26 17:36:47 2020 +0200
@@ -1,45 +1,36 @@
 #include "tommath_private.h"
 #ifdef BN_MP_MUL_2D_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* shift left by a certain bit count */
-int mp_mul_2d(const mp_int *a, int b, mp_int *c)
+mp_err mp_mul_2d(const mp_int *a, int b, mp_int *c)
 {
    mp_digit d;
-   int      res;
+   mp_err   err;
 
    /* copy */
    if (a != c) {
-      if ((res = mp_copy(a, c)) != MP_OKAY) {
-         return res;
+      if ((err = mp_copy(a, c)) != MP_OKAY) {
+         return err;
       }
    }
 
-   if (c->alloc < (c->used + (b / DIGIT_BIT) + 1)) {
-      if ((res = mp_grow(c, c->used + (b / DIGIT_BIT) + 1)) != MP_OKAY) {
-         return res;
+   if (c->alloc < (c->used + (b / MP_DIGIT_BIT) + 1)) {
+      if ((err = mp_grow(c, c->used + (b / MP_DIGIT_BIT) + 1)) != MP_OKAY) {
+         return err;
       }
    }
 
    /* shift by as many digits in the bit count */
-   if (b >= DIGIT_BIT) {
-      if ((res = mp_lshd(c, b / DIGIT_BIT)) != MP_OKAY) {
-         return res;
+   if (b >= MP_DIGIT_BIT) {
+      if ((err = mp_lshd(c, b / MP_DIGIT_BIT)) != MP_OKAY) {
+         return err;
       }
    }
 
-   /* shift any bit count < DIGIT_BIT */
-   d = (mp_digit)(b % DIGIT_BIT);
+   /* shift any bit count < MP_DIGIT_BIT */
+   d = (mp_digit)(b % MP_DIGIT_BIT);
    if (d != 0u) {
       mp_digit *tmpc, shift, mask, r, rr;
       int x;
@@ -48,7 +39,7 @@
       mask = ((mp_digit)1 << d) - (mp_digit)1;
 
       /* shift for msbs */
-      shift = (mp_digit)DIGIT_BIT - d;
+      shift = (mp_digit)MP_DIGIT_BIT - d;
 
       /* alias */
       tmpc = c->dp;
@@ -76,7 +67,3 @@
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_mul_d.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_mul_d.c	Tue May 26 17:36:47 2020 +0200
@@ -1,28 +1,20 @@
 #include "tommath_private.h"
 #ifdef BN_MP_MUL_D_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* multiply by a digit */
-int mp_mul_d(const mp_int *a, mp_digit b, mp_int *c)
+mp_err mp_mul_d(const mp_int *a, mp_digit b, mp_int *c)
 {
    mp_digit u, *tmpa, *tmpc;
    mp_word  r;
-   int      ix, res, olduse;
+   mp_err   err;
+   int      ix, olduse;
 
    /* make sure c is big enough to hold a*b */
    if (c->alloc < (a->used + 1)) {
-      if ((res = mp_grow(c, a->used + 1)) != MP_OKAY) {
-         return res;
+      if ((err = mp_grow(c, a->used + 1)) != MP_OKAY) {
+         return err;
       }
    }
 
@@ -50,7 +42,7 @@
       *tmpc++ = (mp_digit)(r & (mp_word)MP_MASK);
 
       /* send carry into next iteration */
-      u       = (mp_digit)(r >> (mp_word)DIGIT_BIT);
+      u       = (mp_digit)(r >> (mp_word)MP_DIGIT_BIT);
    }
 
    /* store final carry [if any] and increment ix offset  */
@@ -58,9 +50,7 @@
    ++ix;
 
    /* now zero digits above the top */
-   while (ix++ < olduse) {
-      *tmpc++ = 0;
-   }
+   MP_ZERO_DIGITS(tmpc, olduse - ix);
 
    /* set used count */
    c->used = a->used + 1;
@@ -69,7 +59,3 @@
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_mulmod.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_mulmod.c	Tue May 26 17:36:47 2020 +0200
@@ -1,37 +1,25 @@
 #include "tommath_private.h"
 #ifdef BN_MP_MULMOD_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* d = a * b (mod c) */
-int mp_mulmod(const mp_int *a, const mp_int *b, const mp_int *c, mp_int *d)
+mp_err mp_mulmod(const mp_int *a, const mp_int *b, const mp_int *c, mp_int *d)
 {
-   int     res;
-   mp_int  t;
+   mp_err err;
+   mp_int t;
 
-   if ((res = mp_init_size(&t, c->used)) != MP_OKAY) {
-      return res;
+   if ((err = mp_init_size(&t, c->used)) != MP_OKAY) {
+      return err;
    }
 
-   if ((res = mp_mul(a, b, &t)) != MP_OKAY) {
-      mp_clear(&t);
-      return res;
+   if ((err = mp_mul(a, b, &t)) != MP_OKAY) {
+      goto LBL_ERR;
    }
-   res = mp_mod(&t, c, d);
+   err = mp_mod(&t, c, d);
+
+LBL_ERR:
    mp_clear(&t);
-   return res;
+   return err;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_n_root.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_MP_N_ROOT_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* wrapper function for mp_n_root_ex()
- * computes c = (a)**(1/b) such that (c)**b <= a and (c+1)**b > a
- */
-int mp_n_root(const mp_int *a, mp_digit b, mp_int *c)
-{
-   return mp_n_root_ex(a, b, c, 0);
-}
-
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_n_root_ex.c	Tue May 26 23:27:26 2020 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,129 +0,0 @@
-#include "tommath_private.h"
-#ifdef BN_MP_N_ROOT_EX_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
-
-/* find the n'th root of an integer
- *
- * Result found such that (c)**b <= a and (c+1)**b > a
- *
- * This algorithm uses Newton's approximation
- * x[i+1] = x[i] - f(x[i])/f'(x[i])
- * which will find the root in log(N) time where
- * each step involves a fair bit.  This is not meant to
- * find huge roots [square and cube, etc].
- */
-int mp_n_root_ex(const mp_int *a, mp_digit b, mp_int *c, int fast)
-{
-   mp_int  t1, t2, t3, a_;
-   int     res;
-
-   /* input must be positive if b is even */
-   if (((b & 1u) == 0u) && (a->sign == MP_NEG)) {
-      return MP_VAL;
-   }
-
-   if ((res = mp_init(&t1)) != MP_OKAY) {
-      return res;
-   }
-
-   if ((res = mp_init(&t2)) != MP_OKAY) {
-      goto LBL_T1;
-   }
-
-   if ((res = mp_init(&t3)) != MP_OKAY) {
-      goto LBL_T2;
-   }
-
-   /* if a is negative fudge the sign but keep track */
-   a_ = *a;
-   a_.sign = MP_ZPOS;
-
-   /* t2 = 2 */
-   mp_set(&t2, 2uL);
-
-   do {
-      /* t1 = t2 */
-      if ((res = mp_copy(&t2, &t1)) != MP_OKAY) {
-         goto LBL_T3;
-      }
-
-      /* t2 = t1 - ((t1**b - a) / (b * t1**(b-1))) */
-
-      /* t3 = t1**(b-1) */
-      if ((res = mp_expt_d_ex(&t1, b - 1u, &t3, fast)) != MP_OKAY) {
-         goto LBL_T3;
-      }
-
-      /* numerator */
-      /* t2 = t1**b */
-      if ((res = mp_mul(&t3, &t1, &t2)) != MP_OKAY) {
-         goto LBL_T3;
-      }
-
-      /* t2 = t1**b - a */
-      if ((res = mp_sub(&t2, &a_, &t2)) != MP_OKAY) {
-         goto LBL_T3;
-      }
-
-      /* denominator */
-      /* t3 = t1**(b-1) * b  */
-      if ((res = mp_mul_d(&t3, b, &t3)) != MP_OKAY) {
-         goto LBL_T3;
-      }
-
-      /* t3 = (t1**b - a)/(b * t1**(b-1)) */
-      if ((res = mp_div(&t2, &t3, &t3, NULL)) != MP_OKAY) {
-         goto LBL_T3;
-      }
-
-      if ((res = mp_sub(&t1, &t3, &t2)) != MP_OKAY) {
-         goto LBL_T3;
-      }
-   }  while (mp_cmp(&t1, &t2) != MP_EQ);
-
-   /* result can be off by a few so check */
-   for (;;) {
-      if ((res = mp_expt_d_ex(&t1, b, &t2, fast)) != MP_OKAY) {
-         goto LBL_T3;
-      }
-
-      if (mp_cmp(&t2, &a_) == MP_GT) {
-         if ((res = mp_sub_d(&t1, 1uL, &t1)) != MP_OKAY) {
-            goto LBL_T3;
-         }
-      } else {
-         break;
-      }
-   }
-
-   /* set the result */
-   mp_exch(&t1, c);
-
-   /* set the sign of the result */
-   c->sign = a->sign;
-
-   res = MP_OKAY;
-
-LBL_T3:
-   mp_clear(&t3);
-LBL_T2:
-   mp_clear(&t2);
-LBL_T1:
-   mp_clear(&t1);
-   return res;
-}
-#endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_neg.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_neg.c	Tue May 26 17:36:47 2020 +0200
@@ -1,28 +1,19 @@
 #include "tommath_private.h"
 #ifdef BN_MP_NEG_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* b = -a */
-int mp_neg(const mp_int *a, mp_int *b)
+mp_err mp_neg(const mp_int *a, mp_int *b)
 {
-   int     res;
+   mp_err err;
    if (a != b) {
-      if ((res = mp_copy(a, b)) != MP_OKAY) {
-         return res;
+      if ((err = mp_copy(a, b)) != MP_OKAY) {
+         return err;
       }
    }
 
-   if (mp_iszero(b) != MP_YES) {
+   if (!MP_IS_ZERO(b)) {
       b->sign = (a->sign == MP_ZPOS) ? MP_NEG : MP_ZPOS;
    } else {
       b->sign = MP_ZPOS;
@@ -31,7 +22,3 @@
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_or.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_or.c	Tue May 26 17:36:47 2020 +0200
@@ -1,48 +1,56 @@
 #include "tommath_private.h"
 #ifdef BN_MP_OR_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
-/* OR two ints together */
-int mp_or(const mp_int *a, const mp_int *b, mp_int *c)
+/* two complement or */
+mp_err mp_or(const mp_int *a, const mp_int *b, mp_int *c)
 {
-   int     res, ix, px;
-   mp_int  t;
-   const mp_int *x;
+   int used = MP_MAX(a->used, b->used) + 1, i;
+   mp_err err;
+   mp_digit ac = 1, bc = 1, cc = 1;
+   mp_sign csign = ((a->sign == MP_NEG) || (b->sign == MP_NEG)) ? MP_NEG : MP_ZPOS;
 
-   if (a->used > b->used) {
-      if ((res = mp_init_copy(&t, a)) != MP_OKAY) {
-         return res;
+   if (c->alloc < used) {
+      if ((err = mp_grow(c, used)) != MP_OKAY) {
+         return err;
       }
-      px = b->used;
-      x = b;
-   } else {
-      if ((res = mp_init_copy(&t, b)) != MP_OKAY) {
-         return res;
-      }
-      px = a->used;
-      x = a;
    }
 
-   for (ix = 0; ix < px; ix++) {
-      t.dp[ix] |= x->dp[ix];
+   for (i = 0; i < used; i++) {
+      mp_digit x, y;
+
+      /* convert to two complement if negative */
+      if (a->sign == MP_NEG) {
+         ac += (i >= a->used) ? MP_MASK : (~a->dp[i] & MP_MASK);
+         x = ac & MP_MASK;
+         ac >>= MP_DIGIT_BIT;
+      } else {
+         x = (i >= a->used) ? 0uL : a->dp[i];
+      }
+
+      /* convert to two complement if negative */
+      if (b->sign == MP_NEG) {
+         bc += (i >= b->used) ? MP_MASK : (~b->dp[i] & MP_MASK);
+         y = bc & MP_MASK;
+         bc >>= MP_DIGIT_BIT;
+      } else {
+         y = (i >= b->used) ? 0uL : b->dp[i];
+      }
+
+      c->dp[i] = x | y;
+
+      /* convert to to sign-magnitude if negative */
+      if (csign == MP_NEG) {
+         cc += ~c->dp[i] & MP_MASK;
+         c->dp[i] = cc & MP_MASK;
+         cc >>= MP_DIGIT_BIT;
+      }
    }
-   mp_clamp(&t);
-   mp_exch(c, &t);
-   mp_clear(&t);
+
+   c->used = used;
+   c->sign = csign;
+   mp_clamp(c);
    return MP_OKAY;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_pack.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,69 @@
+#include "tommath_private.h"
+#ifdef BN_MP_PACK_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+/* based on gmp's mpz_export.
+ * see http://gmplib.org/manual/Integer-Import-and-Export.html
+ */
+mp_err mp_pack(void *rop, size_t maxcount, size_t *written, mp_order order, size_t size,
+               mp_endian endian, size_t nails, const mp_int *op)
+{
+   mp_err err;
+   size_t odd_nails, nail_bytes, i, j, count;
+   unsigned char odd_nail_mask;
+
+   mp_int t;
+
+   count = mp_pack_count(op, nails, size);
+
+   if (count > maxcount) {
+      return MP_BUF;
+   }
+
+   if ((err = mp_init_copy(&t, op)) != MP_OKAY) {
+      return err;
+   }
+
+   if (endian == MP_NATIVE_ENDIAN) {
+      MP_GET_ENDIANNESS(endian);
+   }
+
+   odd_nails = (nails % 8u);
+   odd_nail_mask = 0xff;
+   for (i = 0u; i < odd_nails; ++i) {
+      odd_nail_mask ^= (unsigned char)(1u << (7u - i));
+   }
+   nail_bytes = nails / 8u;
+
+   for (i = 0u; i < count; ++i) {
+      for (j = 0u; j < size; ++j) {
+         unsigned char *byte = (unsigned char *)rop +
+                               (((order == MP_LSB_FIRST) ? i : ((count - 1u) - i)) * size) +
+                               ((endian == MP_LITTLE_ENDIAN) ? j : ((size - 1u) - j));
+
+         if (j >= (size - nail_bytes)) {
+            *byte = 0;
+            continue;
+         }
+
+         *byte = (unsigned char)((j == ((size - nail_bytes) - 1u)) ? (t.dp[0] & odd_nail_mask) : (t.dp[0] & 0xFFuL));
+
+         if ((err = mp_div_2d(&t, (j == ((size - nail_bytes) - 1u)) ? (int)(8u - odd_nails) : 8, &t, NULL)) != MP_OKAY) {
+            goto LBL_ERR;
+         }
+
+      }
+   }
+
+   if (written != NULL) {
+      *written = count;
+   }
+   err = MP_OKAY;
+
+LBL_ERR:
+   mp_clear(&t);
+   return err;
+}
+
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libtommath/bn_mp_pack_count.c	Tue May 26 17:36:47 2020 +0200
@@ -0,0 +1,12 @@
+#include "tommath_private.h"
+#ifdef BN_MP_PACK_COUNT_C
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+
+size_t mp_pack_count(const mp_int *a, size_t nails, size_t size)
+{
+   size_t bits = (size_t)mp_count_bits(a);
+   return ((bits / ((size * 8u) - nails)) + (((bits % ((size * 8u) - nails)) != 0u) ? 1u : 0u));
+}
+
+#endif
--- a/libtommath/bn_mp_prime_fermat.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_prime_fermat.c	Tue May 26 17:36:47 2020 +0200
@@ -1,16 +1,7 @@
 #include "tommath_private.h"
 #ifdef BN_MP_PRIME_FERMAT_C
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /* performs one Fermat test.
  *
@@ -20,10 +11,10 @@
  *
  * Sets result to 1 if the congruence holds, or zero otherwise.
  */
-int mp_prime_fermat(const mp_int *a, const mp_int *b, int *result)
+mp_err mp_prime_fermat(const mp_int *a, const mp_int *b, mp_bool *result)
 {
    mp_int  t;
-   int     err;
+   mp_err  err;
 
    /* default to composite  */
    *result = MP_NO;
@@ -54,7 +45,3 @@
    return err;
 }
 #endif
-
-/* ref:         HEAD -> master, tag: v1.1.0 */
-/* git commit:  08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */
-/* commit time: 2019-01-28 20:32:32 +0100 */
--- a/libtommath/bn_mp_prime_frobenius_underwood.c	Tue May 26 23:27:26 2020 +0800
+++ b/libtommath/bn_mp_prime_frobenius_underwood.c	Tue May 26 17:36:47 2020 +0200
@@ -1,22 +1,13 @@
 #include "tommath_private.h"
 #ifdef BN_MP_PRIME_FROBENIUS_UNDERWOOD_C
 
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * SPDX-License-Identifier: Unlicense
- */
+/* LibTomMath, multiple-precision integer library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
 
 /*
  *  See file bn_mp_prime_is_prime.c or the documentation in doc/bn.tex for the details
  */
-#ifndef LTM_USE_FIPS_ONLY
+#ifndef LTM_USE_ONLY_MR
 
 #ifdef MP_8BIT
 /*
@@ -32,17 +23,17 @@
 #else
 #define LTM_FROBENIUS_UNDERWOOD_A 32764
 #endif
-int mp_prime_frobenius_underwood(const mp_int *N, int *result)
+mp_err mp_prime_frobenius_underwood(const mp_int *N, mp_bool *result)
 {
    mp_int T1z, T2z, Np1z, sz, tz;
 
-   int a, ap2, length, i, j, isset;
-   int e;
+   int a, ap2, length, i, j;
+   mp_err err;
 
    *result = MP_NO;
 
-   if ((e = mp_init_multi(&T1z, &T2z, &Np1z, &sz, &tz, NULL)) != MP_OKAY) {
-      return e;
+   if ((err = mp_init_multi(&T1z, &T2z, &Np1z, &sz, &tz, NULL)) != MP_OKAY) {
+      return err;
    }
 
    for (a = 0; a < LTM_FROBENIUS_UNDERWOOD_A; a++) {
@@ -52,21 +43,13 @@
          continue;
       }
       /* (32764^2 - 4) < 2^31, no bigint for >MP_8BIT needed) */
-      if ((e = mp_set_long(&T1z, (unsigned long)a)) != MP_OKAY) {
-         goto LBL_FU_ERR;
-      }
+      mp_set_u32(&T1z, (uint32_t)a);
 
-      if ((e = mp_sqr(&T1z, &T1z)) != MP_OKAY) {
-         goto LBL_FU_ERR;
-      }
+      if ((err = mp_sqr(&T1z, &T1z)) != MP_OKAY)                  goto LBL_FU_ERR;
 
-      if ((e = mp_sub_d(&T1z, 4uL, &T1z)) != MP_OKAY) {
-         goto LBL_FU_ERR;
-      }
+      if ((err = mp_sub_d(&T1z, 4uL, &T1z)) != MP_OKAY)           goto LBL_FU_ERR;
 
-      if ((e = mp_kronecker(&T1z, N, &j)) != MP_OKAY) {
-         goto LBL_FU_ERR;
-      }
+      if ((err = mp_kronecker(&T1z, N, &j)) != MP_OKAY)           goto LBL_FU_ERR;
 
       if (j == -1) {
          break;
@@ -79,26 +62,18 @@
    }
    /* Tell it a composite and set return value accordingly */
    if (a >= LTM_FROBENIUS_UNDERWOOD_A) {
-      e = MP_ITER;
+      err = MP_ITER;
       goto LBL_FU_ERR;
    }
    /* Composite if N and (a+4)*(2*a+5) are not coprime */
-   if ((e = mp_set_long(&T1z, (unsigned long)((a+4)*((2*a)+5)))) != MP_OKAY) {
-      goto LBL_FU_ERR;
-   }
+   mp_set_u32(&T1z, (uint32_t)((a+4)*((2*a)+5)));
 
-   if ((e = mp_gcd(N, &T1z, &T1z)) != MP_OKAY) {
-      goto LBL_FU_ERR;
-   }
+   if ((err = mp_gcd(N, &T1z, &T1z)) != MP_OKAY)                  goto LBL_FU_ERR;
 
-   if (!((T1z.used == 1) && (T1z.dp[0] == 1u))) {
-      goto LBL_FU_ERR;
-   }
+   if (!((T1z.used == 1) && (T1z.dp[0] == 1u)))                   goto LBL_FU_ERR;
 
    ap2 = a + 2;
-   if ((e = mp_add_d(N, 1uL, &Np1z)) != MP_OKAY) {
-      goto LBL_FU_ERR;
-   }
+   if ((err = mp_add_d(N, 1uL, &Np1z)) != MP_OKAY)                goto LBL_FU_ERR;
 
    mp_set(&sz, 1uL);
    mp_set(&tz, 2uL);
@@ -110,89 +85,48 @@
        * tz   = ((tz-sz)*(tz+sz))%N;
        * sz   = temp;
        */
-      if ((e = mp_mul_2(&tz, &T2z)) != MP_OKAY) {
-         goto LBL_FU_ERR;
-      }
+      if ((err = mp_mul_2(&tz, &T2z)) != MP_OKAY)                 goto LBL_FU_ERR;
 
       /* a = 0 at about 50% of the cases (non-square and odd input) */
       if (a != 0) {
-         if ((e = mp_mul_d(&sz, (mp_digit)a, &T1z)) != MP_OKAY) {
-            goto LBL_FU_ERR;
-         }
-         if ((e = mp_add(&T1z, &T2z, &T2z)) != MP_OKAY) {
-            goto LBL_FU_ERR;
-         }
+         if ((err = mp_mul_d(&sz, (mp_digit)a, &T1z)) != MP_OKAY) goto LBL_FU_ERR;
+         if ((err = mp_add(&T1z, &T2z, &T2z)) != MP_OKAY)         goto LBL_FU_ERR;
       }
 
-      if ((e = mp_mul(&T2z, &sz, &T1z)) != MP_OKAY) {
-         goto LBL_FU_ERR;
-      }
-      if ((e = mp_sub(&tz, &sz, &T2z)) != MP_OKAY) {
-         goto LBL_FU_ERR;
-      }
-      if ((e = mp_add(&sz, &tz, &sz)) != MP_OKAY) {
-         goto LBL_FU_ERR;
-      }
-      if ((e = mp_mul(&sz, &T2z, &tz)) != MP_OKAY) {
-         goto LBL_FU_ERR;
-      }
-      if ((e = mp_mod(&tz, N, &tz)) != MP_OKAY) {
-         goto LBL_FU_ERR;
-      }
-      if ((e = mp_mod(&T1z, N, &sz)) != MP_OKAY) {
-         goto LBL_FU_ERR;
-      }
-      if ((isset = mp_get_bit(&Np1z, i)) == MP_VAL) {
-