Sortix volatile manual
This manual documents Sortix volatile, a development build that has not been officially released. You can instead view this document in the latest official manual.
| BN_SET_FLAGS(3) | Library Functions Manual | BN_SET_FLAGS(3) |
NAME
BN_set_flags,
BN_get_flags — enable and
inspect flags on BIGNUM objects
SYNOPSIS
#include
<openssl/bn.h>
void
BN_set_flags(BIGNUM *b,
int flags);
int
BN_get_flags(const BIGNUM *b,
int flags);
DESCRIPTION
BN_set_flags()
enables the given flags on b.
The flags argument can contain zero or more of the
following constants OR'ed together:
BN_FLG_CONSTTIME- If this flag is set on the divident a or the divisor
d in
BN_div(3), on the exponent
p in
BN_mod_exp(3), or on
the divisor a or the modulus n
in
BN_mod_inverse(3),
these functions select algorithms with an execution time independent of
the respective numbers, to avoid exposing sensitive information to timing
side-channel attacks.
This flag is off by default for BIGNUM objects created with BN_new(3).
BN_FLG_MALLOCED- If this flag is set, BN_free(3) and BN_clear_free(3) will not only clear and free the components of b, but also b itself. This flag is set internally by BN_new(3). Setting it manually on an existing BIGNUM object is usually a bad idea and can cause calls to free(3) with bogus arguments.
BN_FLG_STATIC_DATA- If this flag is set, BN_clear_free(3) will neither clear nor free the memory used for storing the number. Consequently, setting it manually on an existing BIGNUM object is usually a terrible idea that can cause both disclosure of secret data and memory leaks. This flag is automatically set on the constant BIGNUM object returned by BN_value_one(3).
BN_get_flags()
interprets flags as a bitmask and returns those of the
given flags that are set in b, OR'ed together, or 0 if
none of the given flags is set. The
flags argument has the same syntax as for
BN_set_flags().
RETURN VALUES
BN_get_flags() returns zero or more of the
above constants, OR'ed together.
SEE ALSO
BN_mod_exp(3), BN_mod_inverse(3), BN_new(3), BN_with_flags(3)
HISTORY
BN_set_flags() and
BN_get_flags() first appeared in SSLeay 0.9.1 and
have been available since OpenBSD 2.6.
CAVEATS
No public interface exists to clear a flag once it is set. So
think twice before using BN_set_flags().
BUGS
Even if the BN_FLG_CONSTTIME flag is set
on a or b,
BN_gcd() neither fails nor operates in constant
time, potentially allowing timing side-channel attacks.
Even if the BN_FLG_CONSTTIME flag is set
on p, if the modulus m is even,
BN_mod_exp(3) does not
operate in constant time, potentially allowing timing side-channel
attacks.
If BN_FLG_CONSTTIME is set on
p, BN_exp() fails instead of
operating in constant time.
| April 27, 2023 | Sortix 1.1.0-dev |