| Dave Rodgman | c3cb978 | 2023-09-21 10:25:01 +0100 | [diff] [blame] | 1 | Security |
| Dave Rodgman | d162c66 | 2023-09-22 16:33:12 +0100 | [diff] [blame] | 2 | * Improve padding calculations in CBC decryption, NIST key unwrapping and |
| 3 | RSA OAEP decryption. With the previous implementation, some compilers | ||||
| 4 | (notably recent versions of Clang) could produce non-constant time code, | ||||
| 5 | which could allow a padding oracle attack if the attacker has access to | ||||
| 6 | precise timing measurements. | ||||