yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1084 from daverodgman/update-ct-changelog

Browse source 
Update padding const-time fix changelog
This commit is contained in:
Dave Rodgman 2023-09-28 11:34:07 +01:00 committed by GitHub
parent 641250f42b e614129895
commit 3a098e9090
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ChangeLog.d/padding-ct-changelog.txt
View file

@ -1,6 +1,6 @@
Security Security
* Improve padding calculations in CBC decryption, NIST key unwrapping and * Improve padding calculations in CBC decryption, NIST key unwrapping and
RSA OAEP decryption. With the previous implementation, some compilers RSA OAEP decryption. With the previous implementation, some compilers
(notably recent versions of Clang) could produce non-constant time code, (notably recent versions of Clang and IAR) could produce non-constant
which could allow a padding oracle attack if the attacker has access to time code, which could allow a padding oracle attack if the attacker
precise timing measurements. has access to precise timing measurements.