Merge pull request #1078 from daverodgman/padding-ct-changelog Padding ct changelog

commit: 76059e5ef8ad532f37fe32e9448023d8ff92b66a [log] [tgz]
author: Dave Rodgman <dave.rodgman@arm.com> Mon Sep 25 14:02:42 2023 +0100
committer: GitHub <noreply@github.com> Mon Sep 25 14:02:42 2023 +0100
tree: 8a530f36f8790827cad576d5cf1c98f1ac085d59
parent: 025bed9eb700a7246207eac230e2cd563c62b2d1 [diff]
parent: d162c662b0451598937c5bb0de0d364bb52b65b0 [diff]
diff --git a/ChangeLog.d/padding-ct-changelog.txt b/ChangeLog.d/padding-ct-changelog.txt
new file mode 100644
index 0000000..e3d3424
--- /dev/null
+++ b/ChangeLog.d/padding-ct-changelog.txt

@@ -0,0 +1,6 @@
+Security
+   * Improve padding calculations in CBC decryption, NIST key unwrapping and
+     RSA OAEP decryption. With the previous implementation, some compilers
+     (notably recent versions of Clang) could produce non-constant time code,
+     which could allow a padding oracle attack if the attacker has access to
+     precise timing measurements.
commit	76059e5ef8ad532f37fe32e9448023d8ff92b66a	[log] [tgz]
author	Dave Rodgman <dave.rodgman@arm.com>	Mon Sep 25 14:02:42 2023 +0100
committer	GitHub <noreply@github.com>	Mon Sep 25 14:02:42 2023 +0100
tree	8a530f36f8790827cad576d5cf1c98f1ac085d59
parent	025bed9eb700a7246207eac230e2cd563c62b2d1 [diff]
parent	d162c662b0451598937c5bb0de0d364bb52b65b0 [diff]