Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle

Use as many constant-time comparisons as practical in the
`rsa.pkcs1.decrypt` function.

`cleartext.index(b'\x00', 2)` will still be non-constant-time. The
alternative would be to iterate over all the data byte by byte in
Python, which is several orders of magnitude slower. Given that a
perfect constant-time implementation is very hard or even impossible to
do in Python [1], I chose the more performant option here.

[1]: https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/

0 files changed, 0 insertions, 0 deletions