mbedtls/ChangeLog.d/padding-ct-changelog.txt

Security
   * Fix non-constant-time behaviour in padding calculations in CBC
     decryption, NIST SP 800-38F key wrapping, and RSAAES-OAEP decryption.
     For CBC and RSAAES-OAEP, this may have been exploitable in a
     padding oracle for a privileged local attacker with the ability to
     observe memory access timings.
Changelog for padding CT fixes Signed-off-by: Dave Rodgman <dave.rodgman@arm.com> 2023-09-21 11:25:01 +02:00			`Security`
			`* Fix non-constant-time behaviour in padding calculations in CBC`
			`decryption, NIST SP 800-38F key wrapping, and RSAAES-OAEP decryption.`
			`For CBC and RSAAES-OAEP, this may have been exploitable in a`
			`padding oracle for a privileged local attacker with the ability to`
			`observe memory access timings.`