| Dave Rodgman | c3cb978 | 2023-09-21 10:25:01 +0100 | [diff] [blame^] | 1 | Security |
| 2 | * Fix non-constant-time behaviour in padding calculations in CBC | ||||
| 3 | decryption, NIST SP 800-38F key wrapping, and RSAAES-OAEP decryption. | ||||
| 4 | For CBC and RSAAES-OAEP, this may have been exploitable in a | ||||
| 5 | padding oracle for a privileged local attacker with the ability to | ||||
| 6 | observe memory access timings. | ||||