6 lines
350 B
Text
6 lines
350 B
Text
Security
|
|
* Improve padding calculations in CBC decryption, NIST key unwrapping and
|
|
RSA OAEP decryption. With the previous implementation, some compilers
|
|
(notably recent versions of Clang) could produce non-constant time code,
|
|
which could allow a padding oracle attack if the attacker has access to
|
|
precise timing measurements.
|