Release v0.5.19 contains the following changes:
- Fix for Lenstra vulnerability. (CVE-2017-5681) - c90fc09
- Correct misleading RSA comments - 96d4b2b
- Add debug dump before QA API calls - e1a9f8b
- Remove spurious warnings in qat_parseconf.c added by mistake - 5fb264d
- Refactoring of ENGINE_set_xxx_function calls - ebb93e4
- Refactoring of XXX_meth_set_* function calls - aec04b9
- Remove unnecessary checks for the calls to BN_CTX_get - 93879b2
* Security Alert *
The RSA-CRT implementation in the Intel® QuickAssist Technology (QAT) Engine for OpenSSL versions prior to v0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.
For further details please see:
INTEL-SA-00071 - https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00071&languageid=en-fr
CVE-2017-5681 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5681
This release was tested against:
OpenSSL 1.1.0e