NAME
BN_set_flags
,
BN_get_flags
—
enable and inspect flags on BIGNUM
objects
SYNOPSIS
#include
<openssl/bn.h>
void
BN_set_flags
(BIGNUM *b,
int flags);
int
BN_get_flags
(const BIGNUM *b,
int flags);
DESCRIPTION
BN_set_flags
()
enables the given flags on b. The
flags argument can contain zero or more of the following
constants OR'ed together:
BN_FLG_CONSTTIME
- If this flag is set on the divident a or the divisor
d in
BN_div(3), on the exponent p in
BN_mod_exp(3), or on the divisor a or
the modulus n in
BN_mod_inverse(3), these functions select algorithms with
an execution time independent of the respective numbers, to avoid exposing
sensitive information to timing side-channel attacks.
This flag is off by default for BIGNUM objects created with BN_new(3).
BN_FLG_MALLOCED
- If this flag is set, BN_free(3) and BN_clear_free(3) will not only clear and free the components of b, but also b itself. This flag is set internally by BN_new(3). Setting it manually on an existing BIGNUM object is usually a bad idea and can cause calls to free(3) with bogus arguments.
BN_FLG_STATIC_DATA
- If this flag is set, BN_clear_free(3) will neither clear nor free the memory used for storing the number. Consequently, setting it manually on an existing BIGNUM object is usually a terrible idea that can cause both disclosure of secret data and memory leaks. This flag is automatically set on the constant BIGNUM objects returned by BN_value_one(3) and by the functions documented in BN_get0_nist_prime_521(3).
BN_get_flags
()
interpretes flags as a bitmask and returns those of
the given flags that are set in b, OR'ed together, or
0 if none of the given flags is set. The
flags argument has the same syntax as for
BN_set_flags
().
These functions are currently implemented as macros, but they are likely to become real functions in the future when the BIGNUM data type will be made opaque.
RETURN VALUES
BN_get_flags
() returns zero or more of the
above constants, OR'ed together.
SEE ALSO
BN_mod_exp(3), BN_mod_inverse(3), BN_new(3), BN_with_flags(3)
HISTORY
BN_set_flags
() and
BN_get_flags
() first appeared in SSLeay 0.9.1 and
have been available since OpenBSD 2.6.
CAVEATS
No public interface exists to clear a flag once it is set. So
think twice before using BN_set_flags
().
BUGS
Even if the BN_FLG_CONSTTIME
flag is set
on a or b,
BN_gcd
() neither fails nor operates in constant
time, potentially allowing timing side-channel attacks.
Even if the BN_FLG_CONSTTIME
flag is set
on p, if the modulus m is even,
BN_mod_exp(3) does not operate in constant time, potentially
allowing timing side-channel attacks.
If BN_FLG_CONSTTIME
is set on
p, BN_exp
() fails instead of
operating in constant time.