OpenBSD manual page server

Manual Page Search Parameters

BN_SET_FLAGS(3) Library Functions Manual BN_SET_FLAGS(3)

BN_set_flags, BN_get_flagsenable and inspect flags on BIGNUM objects

#include <openssl/bn.h>

BN_set_flags(BIGNUM *b, int flags);

BN_get_flags(const BIGNUM *b, int flags);

() enables the given flags on b. The flags argument can contain zero or more of the following constants OR'ed together:

If this flag is set on the divident a in BN_div(3), on the exponent p in BN_mod_exp(3), or on the divisor a or the modulus n in BN_mod_inverse(3), these functions prefer algorithms with an execution time independent of the respective numbers, to avoid exposing sensitive information to timing attacks.

If this flag is set on the exponent p in BN_exp(3) or if the modulus m is even for BN_mod_exp(3), an error occurs.

Various functions automatically set this flag on sensitive data. For example, the default implementations of DH_generate_key(3), DSA_generate_key(3), and RSA_generate_key_ex(3) set it on the generated private key.

If this flag is set, BN_free(3) and BN_clear_free(3) will not only clear and free the components of b, but also b itself. This flag is set internally by BN_new(3). Setting it manually on an existing BIGNUM object is usually a bad idea and can cause calls to free(3) with bogus arguments.
If this flag is set, BN_clear_free(3) will neither clear nor free the memory used for storing the number. Consequently, setting it manually on an existing BIGNUM object is usually a terrible idea that can cause both disclosure of secret data and memory leaks. This flag is automatically set on the constant BIGNUM objects returned by BN_value_one(3) and by the functions documented in BN_get0_nist_prime_521(3).

() interpretes flags as a bitmask and returns those of the given flags that are set in b, OR'ed together, or 0 if none of the given flags is set. The flags argument has the same syntax as for BN_set_flags().

These functions are currently implemented as macros, but they are likely to become real functions in the future when the BIGNUM data type will be made opaque.

BN_get_flags() returns zero or more of the above constants, OR'ed together.

BN_mod_exp(3), BN_mod_inverse(3), BN_new(3), BN_with_flags(3)

No public interface exists to clear a flag once it is set. So think twice before using BN_set_flags().

January 30, 2017 OpenBSD-6.1