From af2952a73736f8625e7b158383fe49d7a9220a4f Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Mon, 5 Dec 2022 12:59:55 +0100
Subject: [PATCH] math/big: add warning about using Int for cryptography

Change-Id: I31bec5d2b4a79a085942c7d380678379d99cf07b
Reviewed-on: https://go-review.googlesource.com/c/go/+/455135
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
---
 src/math/big/int.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/math/big/int.go b/src/math/big/int.go
index 62cf951e7d..d34034bd1c 100644
--- a/src/math/big/int.go
+++ b/src/math/big/int.go
@@ -22,6 +22,14 @@ import (
 // an existing (or newly allocated) Int must be set to
 // a new value using the Int.Set method; shallow copies
 // of Ints are not supported and may lead to errors.
+//
+// Note that methods may leak the Int's value through timing side-channels.
+// Because of this and because of the scope and complexity of the
+// implementation, Int is not well-suited to implement cryptographic operations.
+// The standard library avoids exposing non-trivial Int methods to
+// attacker-controlled inputs and the determination of whether a bug in math/big
+// is considered a security vulnerability might depend on the impact on the
+// standard library.
 type Int struct {
 	neg bool // sign
 	abs nat  // absolute value of the integer
-- 
2.50.0