NAME

SYNOPSIS

void
BN_set_flags(BIGNUM *b, int flags);

int
BN_get_flags(const BIGNUM *b, int flags);

DESCRIPTION

BN_FLG_CONSTTIME

If this flag is set on the divident a or the divisor d in BN_div(3), on the exponent p in BN_mod_exp(3), or on the divisor a or the modulus n in BN_mod_inverse(3), these functions select algorithms with an execution time independent of the respective numbers, to avoid exposing sensitive information to timing side-channel attacks.

This flag is off by default for BIGNUM objects created with BN_new(3).

BN_FLG_MALLOCED

If this flag is set, BN_free(3) and BN_clear_free(3) will not only clear and free the components of b, but also b itself. This flag is set internally by BN_new(3). Setting it manually on an existing BIGNUM object is usually a bad idea and can cause calls to free(3) with bogus arguments.

BN_FLG_STATIC_DATA

If this flag is set, BN_clear_free(3) will neither clear nor free the memory used for storing the number. Consequently, setting it manually on an existing BIGNUM object is usually a terrible idea that can cause both disclosure of secret data and memory leaks. This flag is automatically set on the constant BIGNUM objects returned by BN_value_one(3) and by the functions documented in BN_get0_nist_prime_521(3).

BN_get_flags() interprets flags as a bitmask and returns those of the given flags that are set in b, OR'ed together, or 0 if none of the given flags is set. The flags argument has the same syntax as for BN_set_flags().

RETURN VALUES

SEE ALSO

HISTORY

CAVEATS

BUGS

Even if the BN_FLG_CONSTTIME flag is set on p, if the modulus m is even, BN_mod_exp(3) does not operate in constant time, potentially allowing timing side-channel attacks.

If BN_FLG_CONSTTIME is set on p, BN_exp() fails instead of operating in constant time.