Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
BN_SET_FLAGS(3)	       FreeBSD Library Functions Manual	       BN_SET_FLAGS(3)

NAME
     BN_set_flags, BN_get_flags	-- enable and inspect flags on BIGNUM objects

SYNOPSIS
     #include <openssl/bn.h>

     void
     BN_set_flags(BIGNUM *b, int flags);

     int
     BN_get_flags(const	BIGNUM *b, int flags);

DESCRIPTION
     BN_set_flags() enables the	given flags on b.  The flags argument can con-
     tain zero or more of the following	constants OR'ed	together:

     BN_FLG_CONSTTIME
	     If	this flag is set on the	divident a or the divisor d in
	     BN_div(3),	on the exponent	p in BN_mod_exp(3), or on the divisor
	     a or the modulus n	in BN_mod_inverse(3), these functions select
	     algorithms	with an	execution time independent of the respective
	     numbers, to avoid exposing	sensitive information to timing	side-
	     channel attacks.

	     This flag is off by default for BIGNUM objects created with
	     BN_new(3).

     BN_FLG_MALLOCED
	     If	this flag is set, BN_free(3) and BN_clear_free(3) will not
	     only clear	and free the components	of b, but also b itself.  This
	     flag is set internally by BN_new(3).  Setting it manually on an
	     existing BIGNUM object is usually a bad idea and can cause	calls
	     to	free(3)	with bogus arguments.

     BN_FLG_STATIC_DATA
	     If	this flag is set, BN_clear_free(3) will	neither	clear nor free
	     the memory	used for storing the number.  Consequently, setting it
	     manually on an existing BIGNUM object is usually a	terrible idea
	     that can cause both disclosure of secret data and memory leaks.
	     This flag is automatically	set on the constant BIGNUM objects re-
	     turned by BN_value_one(3) and by the functions documented in
	     BN_get0_nist_prime_521(3).

     BN_get_flags() interpretes	flags as a bitmask and returns those of	the
     given flags that are set in b, OR'ed together, or 0 if none of the	given
     flags is set.  The	flags argument has the same syntax as for
     BN_set_flags().

     These functions are currently implemented as macros, but they are likely
     to	become real functions in the future when the BIGNUM data type will be
     made opaque.

RETURN VALUES
     BN_get_flags() returns zero or more of the	above constants, OR'ed to-
     gether.

SEE ALSO
     BN_mod_exp(3), BN_mod_inverse(3), BN_new(3), BN_with_flags(3)

HISTORY
     BN_set_flags() and	BN_get_flags() first appeared in SSLeay	0.9.1 and have
     been available since OpenBSD 2.6.

CAVEATS
     No	public interface exists	to clear a flag	once it	is set.	 So think
     twice before using	BN_set_flags().

BUGS
     Even if the BN_FLG_CONSTTIME flag is set on a or b, BN_gcd() neither
     fails nor operates	in constant time, potentially allowing timing side-
     channel attacks.

     Even if the BN_FLG_CONSTTIME flag is set on p, if the modulus m is	even,
     BN_mod_exp(3) does	not operate in constant	time, potentially allowing
     timing side-channel attacks.

     If	BN_FLG_CONSTTIME is set	on p, BN_exp() fails instead of	operating in
     constant time.

FreeBSD	13.0			April 29, 2018			  FreeBSD 13.0

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | SEE ALSO | HISTORY | CAVEATS | BUGS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=BN_set_flags&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help