summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/man/BN_new.3
diff options
context:
space:
mode:
authorschwarze <>2017-01-29 23:41:49 +0000
committerschwarze <>2017-01-29 23:41:49 +0000
commitcdcc8ff92546c28c6052f507ba6ff8b82340b5e3 (patch)
tree83b0e7ffbb25488021b344d6b87cca01b6781a0b /src/lib/libcrypto/man/BN_new.3
parent349c6add6442fbf91283c7ec35808acbec836f29 (diff)
downloadopenbsd-cdcc8ff92546c28c6052f507ba6ff8b82340b5e3.tar.gz
openbsd-cdcc8ff92546c28c6052f507ba6ff8b82340b5e3.tar.bz2
openbsd-cdcc8ff92546c28c6052f507ba6ff8b82340b5e3.zip
Seriously warn against calling BN_init(3), BN_MONT_CTX_init(3),
and BN_RECP_CTX_init(3). They are not only deprecated but so dangerous that they are almost unusable. I found these scary traps while reading the code in order to document BN_set_flags(3). While here, delete ERR_get_error(3) from SEE ALSO.
Diffstat (limited to 'src/lib/libcrypto/man/BN_new.3')
-rw-r--r--src/lib/libcrypto/man/BN_new.333
1 files changed, 29 insertions, 4 deletions
diff --git a/src/lib/libcrypto/man/BN_new.3 b/src/lib/libcrypto/man/BN_new.3
index 2b2166ce30..8294a4f4d1 100644
--- a/src/lib/libcrypto/man/BN_new.3
+++ b/src/lib/libcrypto/man/BN_new.3
@@ -1,4 +1,4 @@
1.\" $OpenBSD: BN_new.3,v 1.6 2016/12/22 19:33:57 jmc Exp $ 1.\" $OpenBSD: BN_new.3,v 1.7 2017/01/29 23:41:49 schwarze Exp $
2.\" OpenSSL doc/man3/BN_new.pod 2457c19d Mar 6 08:43:36 2004 +0000 2.\" OpenSSL doc/man3/BN_new.pod 2457c19d Mar 6 08:43:36 2004 +0000
3.\" OpenSSL doc/man7/bn.pod 05ea606a May 20 20:52:46 2016 -0400 3.\" OpenSSL doc/man7/bn.pod 05ea606a May 20 20:52:46 2016 -0400
4.\" 4.\"
@@ -49,7 +49,7 @@
49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50.\" OF THE POSSIBILITY OF SUCH DAMAGE. 50.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51.\" 51.\"
52.Dd $Mdocdate: December 22 2016 $ 52.Dd $Mdocdate: January 29 2017 $
53.Dt BN_NEW 3 53.Dt BN_NEW 3
54.Os 54.Os
55.Sh NAME 55.Sh NAME
@@ -102,9 +102,12 @@ or accessed directly.
102allocates and initializes a 102allocates and initializes a
103.Vt BIGNUM 103.Vt BIGNUM
104structure. 104structure.
105.Pp
105.Fn BN_init 106.Fn BN_init
106initializes an existing uninitialized 107initializes an existing uninitialized
107.Vt BIGNUM . 108.Vt BIGNUM .
109It is deprecated and dangerous, see
110.Sx CAVEATS .
108.Pp 111.Pp
109.Fn BN_clear 112.Fn BN_clear
110is used to destroy sensitive data such as keys when they are no longer 113is used to destroy sensitive data such as keys when they are no longer
@@ -154,8 +157,7 @@ and sets an error code that can be obtained by
154.Xr BN_set_bit 3 , 157.Xr BN_set_bit 3 ,
155.Xr BN_set_negative 3 , 158.Xr BN_set_negative 3 ,
156.Xr BN_swap 3 , 159.Xr BN_swap 3 ,
157.Xr BN_zero 3 , 160.Xr BN_zero 3
158.Xr ERR_get_error 3
159.Sh HISTORY 161.Sh HISTORY
160.Fn BN_new , 162.Fn BN_new ,
161.Fn BN_clear , 163.Fn BN_clear ,
@@ -165,3 +167,26 @@ and
165are available in all versions of SSLeay and OpenSSL. 167are available in all versions of SSLeay and OpenSSL.
166.Fn BN_init 168.Fn BN_init
167was added in SSLeay 0.9.1b. 169was added in SSLeay 0.9.1b.
170.Sh CAVEATS
171.Fn BN_init
172must not be called on a
173.Vt BIGNUM
174that was used and contains an actual number, or the memory
175used for storing the number is leaked immediately.
176Besides, it must not be called on a number allocated with
177.Fn BN_new ,
178or the
179.Vt BIGNUM
180structure itself will likely be leaked later on.
181It can only be used on static
182.Vt BIGNUM
183structures, on
184.Vt BIGNUM
185structures on the stack, or on
186.Vt BIGNUM
187structures
188.Xr malloc 3 Ap ed
189manually, but all of these options are discouraged because they
190will no longer work once the
191.Vt BIGNUM
192data type will be made opaque.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 07:10:02 +0000