On Tue, 2015-12-08 at 07:22 +0100, Niels Möller wrote:
Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com writes:
Given this issue in openssl [0] , I think the issue of software errors helping retrieve an RSA key seems less and less foreign. Given its repercussions if such an issue exists (RSA private keys can be retrieved) would it make sense to have a bug fix release with that?
You're absolutely right that release is overdue, we've been talking about it since September at least. I haven't checked carefully, but I think the main missing piece is documentation for the new functions (I have a patch from you including some docs, but I haven't gotten to that yet, and a bunch of new functions have been added since then). Anything else?
The SHA3 fix, but I think that's already in.
regards, Nikos