cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-03 02:23:32 -04:00
Code Issues Packages Projects Releases Wiki Activity

Update changelog text

Browse Source 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman 2023-09-22 16:33:12 +01:00
parent c3cb97896b
commit d162c662b0
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ChangeLog.d/padding-ct-changelog.txt
View File

@ -1,6 +1,6 @@
Security Security
* Fix non-constant-time behaviour in padding calculations in CBC * Improve padding calculations in CBC decryption, NIST key unwrapping and
decryption, NIST SP 800-38F key wrapping, and RSAAES-OAEP decryption. RSA OAEP decryption. With the previous implementation, some compilers
For CBC and RSAAES-OAEP, this may have been exploitable in a (notably recent versions of Clang) could produce non-constant time code,
padding oracle for a privileged local attacker with the ability to which could allow a padding oracle attack if the attacker has access to
observe memory access timings. precise timing measurements.