subject:"\[openssl\-users\] Clarification regarding CVE\-2016\-2178 for openssl 1.0.2 i and 1.0.2 j"

Re: [openssl-users] Clarification regarding CVE-2016-2178 for openssl 1.0.2 i and 1.0.2 j

2016-10-25 Thread Matt Caswell

On 25/10/16 09:01, Sanjaya Joshi wrote: > Hello, > > 1) > In openssl1.0.2i, the release note says, there is a fix for CVE-2016-2178: > > " > *) Constant time flag not preserved in DSA signing > > Operations in the DSA signing algorithm should run in constant time in > order to avoi

[openssl-users] Clarification regarding CVE-2016-2178 for openssl 1.0.2 i and 1.0.2 j

2016-10-25 Thread Sanjaya Joshi

Hello, 1) In openssl1.0.2i, the release note says, there is a fix for CVE-2016-2178: " *) Constant time flag not preserved in DSA signing Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA impleme