math/big: add warning about using Int for cryptography

Change-Id: I31bec5d2b4a79a085942c7d380678379d99cf07b
Reviewed-on: https://go-review.googlesource.com/c/go/+/455135
Auto-Submit: Filippo Valsorda <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Roland Shoemaker <[email protected]>
Run-TryBot: Filippo Valsorda <[email protected]>
Reviewed-by: Bryan Mills <[email protected]>

Author: FiloSottile

src/math/big/int.go

@@ -22,6 +22,14 @@ import (
 // an existing (or newly allocated) Int must be set to
 // a new value using the Int.Set method; shallow copies
 // of Ints are not supported and may lead to errors.
+//
+// Note that methods may leak the Int's value through timing side-channels.
+// Because of this and because of the scope and complexity of the
+// implementation, Int is not well-suited to implement cryptographic operations.
+// The standard library avoids exposing non-trivial Int methods to
+// attacker-controlled inputs and the determination of whether a bug in math/big
+// is considered a security vulnerability might depend on the impact on the
+// standard library.
 type Int struct {
 	neg bool // sign
 	abs nat  // absolute value of the integer