"Fossies" - the Fresh Open Source Software Archive

Member "libressl-2.9.2/man/BN_set_flags.3" (4 Dec 2018, 3946 Bytes) of package /linux/misc/libressl-2.9.2.tar.gz:

Caution: As a special service "Fossies" has tried to format the requested manual source page into HTML format but links to other man pages may be missing or even errorneous. Alternatively you can here view or download the uninterpreted manual source code. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.

BN_SET_FLAGS(3) BSD Library Functions Manual BN_SET_FLAGS(3)


BN_set_flags, BN_get_flags — enable and inspect flags on BIGNUM objects


#include <openssl/bn.h>


BN_set_flags(BIGNUM *b, int flags);


BN_get_flags(const BIGNUM *b, int flags);


BN_set_flags() enables the given flags on b. The flags argument can contain zero or more of the following constants OR’ed together:


If this flag is set on the divident a or the divisor d in BN_div(3), on the exponent p in BN_mod_exp(3), or on the divisor a or the modulus n in BN_mod_inverse(3), these functions select algorithms with an execution time independent of the respective numbers, to avoid exposing sensitive information to timing side-channel attacks.

This flag is off by default for BIGNUM objects created with BN_new(3).


If this flag is set, BN_free(3) and BN_clear_free(3) will not only clear and free the components of b, but also b itself. This flag is set internally by BN_new(3). Setting it manually on an existing BIGNUM object is usually a bad idea and can cause calls to free(3) with bogus arguments.


If this flag is set, BN_clear_free(3) will neither clear nor free the memory used for storing the number. Consequently, setting it manually on an existing BIGNUM object is usually a terrible idea that can cause both disclosure of secret data and memory leaks. This flag is automatically set on the constant BIGNUM objects returned by BN_value_one(3) and by the functions documented in BN_get0_nist_prime_521(3).

BN_get_flags() interpretes flags as a bitmask and returns those of the given flags that are set in b, OR’ed together, or 0 if none of the given flags is set. The flags argument has the same syntax as for BN_set_flags().

These functions are currently implemented as macros, but they are likely to become real functions in the future when the BIGNUM data type will be made opaque.


BN_get_flags() returns zero or more of the above constants, OR’ed together.


BN_mod_exp(3), BN_mod_inverse(3), BN_new(3), BN_with_flags(3)


BN_set_flags() and BN_get_flags() first appeared in SSLeay 0.9.1 and have been available since OpenBSD 2.6.


No public interface exists to clear a flag once it is set. So think twice before using BN_set_flags().


Even if the BN_FLG_CONSTTIME flag is set on a or b, BN_gcd() neither fails nor operates in constant time, potentially allowing timing side-channel attacks.

Even if the BN_FLG_CONSTTIME flag is set on p, if the modulus m is even, BN_mod_exp(3) does not operate in constant time, potentially allowing timing side-channel attacks.

If BN_FLG_CONSTTIME is set on p, BN_exp() fails instead of operating in constant time.

BSD April 29, 2018 BSD