bn/bn_lib.c: add computationally constant-time bn_bn2binpad.
"Computationally constant-time" means that it might still leak information about input's length, but only in cases when input is missing complete BN_ULONG limbs. But even then leak is possible only if attacker can observe memory access pattern with limb granularity. Reviewed-by:Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6889) (cherry picked from commit 89d8aade) Resolved conflicts: crypto/bn/bn_lib.c
parent
f72a7ce8
Please register or sign in to comment