86     MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&U, P, 2));  in dhm_check_range()
173     MBEDTLS_MPI_CHK(mbedtls_mpi_random(R, 3, M, f_rng, p_rng));  in dhm_random_below()
174     MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(R, R, 1));  in dhm_random_below()
194         MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->X, x_size, f_rng, p_rng));  in dhm_make_common()
209     MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->GX, &ctx->G, &ctx->X,  in dhm_make_common()
243         MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary((X),               \  in mbedtls_dhm_make_params()
327     MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->GX, output, olen));  in mbedtls_dhm_make_public()
356         MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&ctx->pX, &ctx->X));  in dhm_update_blinding()
357         MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vi, 1));  in dhm_update_blinding()
358         MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vf, 1));  in dhm_update_blinding()
368         MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &ctx->Vi));  in dhm_update_blinding()
369         MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->P));  in dhm_update_blinding()
371         MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &ctx->Vf));  in dhm_update_blinding()
372         MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P));  in dhm_update_blinding()
382     MBEDTLS_MPI_CHK(dhm_random_below(&ctx->Vi, &ctx->P, f_rng, p_rng));  in dhm_update_blinding()
387     MBEDTLS_MPI_CHK(dhm_random_below(&R, &ctx->P, f_rng, p_rng));  in dhm_update_blinding()
388     MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vi, &R));  in dhm_update_blinding()
389     MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P));  in dhm_update_blinding()
390     MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&ctx->Vf, &ctx->Vf, &ctx->P));  in dhm_update_blinding()
391     MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &R));  in dhm_update_blinding()
392     MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P));  in dhm_update_blinding()
394     MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP));  in dhm_update_blinding()
428     MBEDTLS_MPI_CHK(dhm_update_blinding(ctx, f_rng, p_rng));  in mbedtls_dhm_calc_secret()
429     MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&GYb, &ctx->GY, &ctx->Vi));  in mbedtls_dhm_calc_secret()
430     MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&GYb, &GYb, &ctx->P));  in mbedtls_dhm_calc_secret()
433     MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->K, &GYb, &ctx->X,  in mbedtls_dhm_calc_secret()
437     MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->K, &ctx->K, &ctx->Vf));  in mbedtls_dhm_calc_secret()
438     MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->K, &ctx->K, &ctx->P));  in mbedtls_dhm_calc_secret()
443     MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->K, output, *olen));  in mbedtls_dhm_calc_secret()