From: Filippo Valsorda <filippo@golang.org>
Date: Mon, 5 Dec 2022 11:59:55 +0000 (+0100)
Subject: math/big: add warning about using Int for cryptography
X-Git-Tag: go1.21rc1~1639
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=af2952a73736f8625e7b158383fe49d7a9220a4f;p=gostls13.git

math/big: add warning about using Int for cryptography

Change-Id: I31bec5d2b4a79a085942c7d380678379d99cf07b
Reviewed-on: https://go-review.googlesource.com/c/go/+/455135
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
---

diff --git a/src/math/big/int.go b/src/math/big/int.go
index 62cf951e7d..d34034bd1c 100644
--- a/src/math/big/int.go
+++ b/src/math/big/int.go
@@ -22,6 +22,14 @@ import (
 // an existing (or newly allocated) Int must be set to
 // a new value using the Int.Set method; shallow copies
 // of Ints are not supported and may lead to errors.
+//
+// Note that methods may leak the Int's value through timing side-channels.
+// Because of this and because of the scope and complexity of the
+// implementation, Int is not well-suited to implement cryptographic operations.
+// The standard library avoids exposing non-trivial Int methods to
+// attacker-controlled inputs and the determination of whether a bug in math/big
+// is considered a security vulnerability might depend on the impact on the
+// standard library.
 type Int struct {
 	neg bool // sign
 	abs nat  // absolute value of the integer