Skip to content
Commit 6412738b authored by Andy Polyakov's avatar Andy Polyakov
Browse files

bn/bn_lib.c: add computationally constant-time bn_bn2binpad.



"Computationally constant-time" means that it might still leak
information about input's length, but only in cases when input
is missing complete BN_ULONG limbs. But even then leak is possible
only if attacker can observe memory access pattern with limb
granularity.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6889)

(cherry picked from commit 89d8aade)

Resolved conflicts:
	crypto/bn/bn_lib.c
parent f72a7ce8
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment