Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle

Use as many constant-time comparisons as practical in the `rsa.pkcs1.decrypt` function. `cleartext.index(b'\x00', 2)` will still be non-constant-time. The alternative would be to iterate over all the data byte by byte in Python, which is several orders of magnitude slower. Given that a perfect constant-time implementation is very hard or even impossible to do in Python [1], I chose the more performant option here. [1]: https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/
author: Sybren A. Stüvel <sybren@stuvel.eu> 2020-11-15 15:18:38 +0100
committer: Sybren A. Stüvel <sybren@stuvel.eu> 2020-11-15 15:21:31 +0100
commit: dae8ce0d85478e16f2368b2341632775313d41ed (patch)
tree: b93513f2f24d50246410ab8379eb60a9fc2cdff0 /CHANGELOG.md
parent: 6f59ff07a317409fe68696935daf8549b1555c74 (diff)
download: rsa-git-dae8ce0d85478e16f2368b2341632775313d41ed.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index bc41f70..1838377 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Python-RSA changelog
 
+## Version 4.7 - in development
+
+- Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5
+  decryption code
+
 
 ## Version 4.4 & 4.6 - released 2020-06-12
author	Sybren A. Stüvel <sybren@stuvel.eu>	2020-11-15 15:18:38 +0100
committer	Sybren A. Stüvel <sybren@stuvel.eu>	2020-11-15 15:21:31 +0100
commit	dae8ce0d85478e16f2368b2341632775313d41ed (patch)
tree	b93513f2f24d50246410ab8379eb60a9fc2cdff0 /CHANGELOG.md
parent	6f59ff07a317409fe68696935daf8549b1555c74 (diff)
download	rsa-git-dae8ce0d85478e16f2368b2341632775313d41ed.tar.gz