document BN_consttime_swap(3); this will probably require more work,

but what i have so far is already better than nothing
author: schwarze <> 2021-12-19 22:06:35 +0000
committer: schwarze <> 2021-12-19 22:06:35 +0000
commit: 441c99b87b2c1b279a582436aafe0a064d1bc709 (patch)
tree: 4ae084ef0a8a6f46fba8ab3a08073ff4be0025c0
parent: 1d2f595156001c309492b0d34aa50576351b7ed8 (diff)
download: openbsd-441c99b87b2c1b279a582436aafe0a064d1bc709.tar.gz
openbsd-441c99b87b2c1b279a582436aafe0a064d1bc709.tar.bz2
openbsd-441c99b87b2c1b279a582436aafe0a064d1bc709.zip
1 files changed, 80 insertions, 7 deletions
diff --git a/src/lib/libcrypto/man/BN_swap.3 b/src/lib/libcrypto/man/BN_swap.3
index db9082d7ef..218ca1cf02 100644
--- a/src/lib/libcrypto/man/BN_swap.3
+++ b/src/lib/libcrypto/man/BN_swap.3
@@ -1,7 +1,24 @@
-.\"     $OpenBSD: BN_swap.3,v 1.5 2018/03/22 21:08:22 schwarze Exp $
+.\" $OpenBSD: BN_swap.3,v 1.6 2021/12/19 22:06:35 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
+.\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
 .\"
-.\" This file was written by Bodo Moeller <bodo@openssl.org>.
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Bodo Moeller <bodo@openssl.org>.
 .\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -48,11 +65,12 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 22 2018 $
+.Dd $Mdocdate: December 19 2021 $
 .Dt BN_SWAP 3
 .Os
 .Sh NAME
-.Nm BN_swap
+.Nm BN_swap ,
+.Nm BN_consttime_swap
 .Nd exchange BIGNUMs
 .Sh SYNOPSIS
 .In openssl/bn.h
@@ -61,15 +79,70 @@
 .Fa "BIGNUM *a"
 .Fa "BIGNUM *b"
 .Fc
+.Ft void
+.Fo BN_consttime_swap
+.Fa "BN_ULONG condition"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fa "int nwords"
+.Fc
 .Sh DESCRIPTION
 .Fn BN_swap
-exchanges the values of
+and
+.Fn BN_consttime_swap
+exchange the values of
 .Fa a
 and
 .Fa b .
+.Pp
+.Fn BN_swap
+implements this by exchanging the pointers to the data buffers of
+.Fa a
+and
+.Fa b
+and also exchanging the values of the
+.Dv BN_FLG_STATIC_DATA
+bits.
+Consequently, the operation is fast and execution time does not depend
+on any properties of the two numbers.
+However, execution time obviously differs between swapping (by calling
+this function) and not swapping (by not calling this function).
+.Pp
+.Fn BN_consttime_swap
+only performs the exchange if the
+.Fa condition
+is non-zero; otherwise, it has no effect.
+It implements the exchange by exchanging the contents of the data
+buffers rather than the pointers to the data buffers.
+This is slower, but implemented in such a way that the execution time
+is not only independent of the properties of the two numbers, but also
+independent of the
+.Fa condition
+argument, i.e. the same for swapping or not swapping.
+Execution time does however grow in an approximately linear manner with the
+.Fa nwords
+argument.
+.Pp
+.Fn BN_consttime_swap
+calls
+.Xr abort 3
+if at least one of
+.Fa a
+or
+.Fa b
+has fewer than
+.Fa nwords
+data words allocated or more than
+.Fa nwords
+data words are currently in use in at least one of them.
 .Sh SEE ALSO
-.Xr BN_new 3
+.Xr BN_new 3 ,
+.Xr BN_set_flags 3
 .Sh HISTORY
 .Fn BN_swap
 first appeared in OpenSSL 0.9.7 and has been available since
 .Ox 3.2 .
+.Pp
+.Fn BN_consttime_swap
+first appeared in OpenSSL 1.0.1g and has been available since
+.Ox 5.6 .
author	schwarze <>	2021-12-19 22:06:35 +0000
committer	schwarze <>	2021-12-19 22:06:35 +0000
commit	441c99b87b2c1b279a582436aafe0a064d1bc709 (patch)
tree	4ae084ef0a8a6f46fba8ab3a08073ff4be0025c0
parent	1d2f595156001c309492b0d34aa50576351b7ed8 (diff)
download	openbsd-441c99b87b2c1b279a582436aafe0a064d1bc709.tar.gz openbsd-441c99b87b2c1b279a582436aafe0a064d1bc709.tar.bz2 openbsd-441c99b87b2c1b279a582436aafe0a064d1bc709.zip

diff --git a/src/lib/libcrypto/man/BN_swap.3 b/src/lib/libcrypto/man/BN_swap.3 index db9082d7ef..218ca1cf02 100644 --- a/src/lib/libcrypto/man/BN_swap.3 +++ b/src/lib/libcrypto/man/BN_swap.3
@@ -1,7 +1,24 @@
1	.\" $OpenBSD: BN_swap.3,v 1.5 2018/03/22 21:08:22 schwarze Exp $	1	.\" $OpenBSD: BN_swap.3,v 1.6 2021/12/19 22:06:35 schwarze Exp $
2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100	2	.\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
3	.\"	3	.\"
4	.\" This file was written by Bodo Moeller <bodo@openssl.org>.	4	.\" This file is a derived work.
		5	.\" The changes are covered by the following Copyright and license:
		6	.\"
		7	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
		8	.\"
		9	.\" Permission to use, copy, modify, and distribute this software for any
		10	.\" purpose with or without fee is hereby granted, provided that the above
		11	.\" copyright notice and this permission notice appear in all copies.
		12	.\"
		13	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		14	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		15	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		16	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		17	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		18	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		19	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		20	.\"
		21	.\" The original file was written by Bodo Moeller <bodo@openssl.org>.
5	.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved.	22	.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved.
6	.\"	23	.\"
7	.\" Redistribution and use in source and binary forms, with or without	24	.\" Redistribution and use in source and binary forms, with or without
@@ -48,11 +65,12 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	65	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	66	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	67	.\"
51	.Dd $Mdocdate: March 22 2018 $	68	.Dd $Mdocdate: December 19 2021 $
52	.Dt BN_SWAP 3	69	.Dt BN_SWAP 3
53	.Os	70	.Os
54	.Sh NAME	71	.Sh NAME
55	.Nm BN_swap	72	.Nm BN_swap ,
		73	.Nm BN_consttime_swap
56	.Nd exchange BIGNUMs	74	.Nd exchange BIGNUMs
57	.Sh SYNOPSIS	75	.Sh SYNOPSIS
58	.In openssl/bn.h	76	.In openssl/bn.h
@@ -61,15 +79,70 @@
61	.Fa "BIGNUM *a"	79	.Fa "BIGNUM *a"
62	.Fa "BIGNUM *b"	80	.Fa "BIGNUM *b"
63	.Fc	81	.Fc
		82	.Ft void
		83	.Fo BN_consttime_swap
		84	.Fa "BN_ULONG condition"
		85	.Fa "BIGNUM *a"
		86	.Fa "BIGNUM *b"
		87	.Fa "int nwords"
		88	.Fc
64	.Sh DESCRIPTION	89	.Sh DESCRIPTION
65	.Fn BN_swap	90	.Fn BN_swap
66	exchanges the values of	91	and
		92	.Fn BN_consttime_swap
		93	exchange the values of
67	.Fa a	94	.Fa a
68	and	95	and
69	.Fa b .	96	.Fa b .
		97	.Pp
		98	.Fn BN_swap
		99	implements this by exchanging the pointers to the data buffers of
		100	.Fa a
		101	and
		102	.Fa b
		103	and also exchanging the values of the
		104	.Dv BN_FLG_STATIC_DATA
		105	bits.
		106	Consequently, the operation is fast and execution time does not depend
		107	on any properties of the two numbers.
		108	However, execution time obviously differs between swapping (by calling
		109	this function) and not swapping (by not calling this function).
		110	.Pp
		111	.Fn BN_consttime_swap
		112	only performs the exchange if the
		113	.Fa condition
		114	is non-zero; otherwise, it has no effect.
		115	It implements the exchange by exchanging the contents of the data
		116	buffers rather than the pointers to the data buffers.
		117	This is slower, but implemented in such a way that the execution time
		118	is not only independent of the properties of the two numbers, but also
		119	independent of the
		120	.Fa condition
		121	argument, i.e. the same for swapping or not swapping.
		122	Execution time does however grow in an approximately linear manner with the
		123	.Fa nwords
		124	argument.
		125	.Pp
		126	.Fn BN_consttime_swap
		127	calls
		128	.Xr abort 3
		129	if at least one of
		130	.Fa a
		131	or
		132	.Fa b
		133	has fewer than
		134	.Fa nwords
		135	data words allocated or more than
		136	.Fa nwords
		137	data words are currently in use in at least one of them.
70	.Sh SEE ALSO	138	.Sh SEE ALSO
71	.Xr BN_new 3	139	.Xr BN_new 3 ,
		140	.Xr BN_set_flags 3
72	.Sh HISTORY	141	.Sh HISTORY
73	.Fn BN_swap	142	.Fn BN_swap
74	first appeared in OpenSSL 0.9.7 and has been available since	143	first appeared in OpenSSL 0.9.7 and has been available since
75	.Ox 3.2 .	144	.Ox 3.2 .
		145	.Pp
		146	.Fn BN_consttime_swap
		147	first appeared in OpenSSL 1.0.1g and has been available since
		148	.Ox 5.6 .