bn/bn_lib.c: add computationally constant-time bn_bn2binpad.
"Computationally constant-time" means that it might still leak
information about input's length, but only in cases when input
is missing complete BN_ULONG limbs. But even then leak is possible
only if attacker can observe memory access pattern with limb
granularity.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6889)
(cherry picked from commit
89d8aade5f4011ddeea7827f08ec544c914f275a)
Resolved conflicts:
crypto/bn/bn_lib.c
projects / oweals / openssl.git / commit