26 Oct
2023
26 Oct
'23
5:28 p.m.
Hi,
Regarding the vulnerability below that is corrected in these releases:
"Improve padding calculations in CBC decryption, NIST key unwrapping and RSA OAEP decryption. With the previous implementation, some compilers (notably recent versions of Clang and IAR) could produce non-constant time code, which could allow a padding oracle attack if the attacker has access to precise timing measurements."
Do we have any idea if gcc compilers are impacted (and if it is the case, which versions)?
Thanks!
___________
Gilles Piret
Cryptography Engineer