Document that BN_bn2bin is not constant-time. Change-Id: Id503850f92cc792229ed7558371e5038399c98d7 Reviewed-on: https://boringssl-review.googlesource.com/26385 Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com>

commit: 47d88415dbad44379c56cf643cd43386d46ec34c [log] [tgz]
author: David Benjamin <davidben@google.com> Mon Mar 05 13:58:39 2018 -0500
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Mar 07 21:44:51 2018 +0000
tree: a6aa65e00d3f4b905777293a071c3a92a0f4a57f
parent: 3d2c6b0b0ef21f585468a880054d7a2b4100aba4 [diff]
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 9fd2509..14ea79e 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h

@@ -237,7 +237,8 @@
 
 // BN_bn2bin serialises the absolute value of |in| to |out| as a big-endian
 // integer, which must have |BN_num_bytes| of space available. It returns the
-// number of bytes written.
+// number of bytes written. Note this function leaks the magnitude of |in|. If
+// |in| is secret, use |BN_bn2bin_padded| instead.
 OPENSSL_EXPORT size_t BN_bn2bin(const BIGNUM *in, uint8_t *out);
 
 // BN_le2bn sets |*ret| to the value of |len| bytes from |in|, interpreted as
commit	47d88415dbad44379c56cf643cd43386d46ec34c	[log] [tgz]
author	David Benjamin <davidben@google.com>	Mon Mar 05 13:58:39 2018 -0500
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Wed Mar 07 21:44:51 2018 +0000
tree	a6aa65e00d3f4b905777293a071c3a92a0f4a57f
parent	3d2c6b0b0ef21f585468a880054d7a2b4100aba4 [diff]