1 .\" $OpenBSD: BN_set_flags.3,v 1.1 2017/01/30 01:29:31 schwarze Exp $
3 .\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
5 .\" Permission to use, copy, modify, and distribute this software for any
6 .\" purpose with or without fee is hereby granted, provided that the above
7 .\" copyright notice and this permission notice appear in all copies.
9 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 .Dd $Mdocdate: January 30 2017 $
23 .Nd enable and inspect flags on BIGNUM objects
44 argument can contain zero or more of the following constants OR'ed
47 .It Dv BN_FLG_CONSTTIME
48 If this flag is set on the divident
61 .Xr BN_mod_inverse 3 ,
62 these functions prefer algorithms with an execution time independent
63 of the respective numbers, to avoid exposing sensitive information
66 If this flag is set on the exponent
76 Various functions automatically set this flag on sensitive data.
77 For example, the default implementations of
78 .Xr DH_generate_key 3 ,
79 .Xr DSA_generate_key 3 ,
81 .Xr RSA_generate_key_ex 3
82 set it on the generated private key.
83 .It Dv BN_FLG_MALLOCED
88 will not only clear and free the components of
93 This flag is set internally by
95 Setting it manually on an existing
97 object is usually a bad idea and can cause calls to
100 .It Dv BN_FLG_STATIC_DATA
103 will neither clear nor free the memory used for storing the number.
104 Consequently, setting it manually on an existing
106 object is usually a terrible idea that can cause both disclosure
107 of secret data and memory leaks.
108 This flag is automatically set on the constant
112 and by the functions documented in
113 .Xr BN_get0_nist_prime_521 3 .
119 as a bitmask and returns those of the given flags that are set in
121 OR'ed together, or 0 if none of the given
126 argument has the same syntax as for
129 These functions are currently implemented as macros, but they are
130 likely to become real functions in the future when the
132 data type will be made opaque.
135 returns zero or more of the above constants, OR'ed together.
138 .Xr BN_mod_inverse 3 ,
142 No public interface exists to clear a flag once it is set.
143 So think twice before using