On 11/2/22 23:08, Anupam Dutta via openssl-users wrote:
I want to upgrade the openssl version from 3.0.2 to 3.0.7. My OS
version is Ubuntu 22.04.1 LTS (Jammy Jellyfish). Please help .It is urgent
Ubuntu has already dealt with the new vulnerabilities. If you do the
normal package upgrade proce
> From: Felipe Gasper
> Sent: Thursday, 3 November, 2022 10:43
> >
> > And your description looks wrong anyway: shutdown(SHUT_RD) has
> > implementation-defined behavior for TCP sockets (because TCP does not
> > announce the read side of half-close to the peer), and on Linux causes
> > blocked rec
> On Nov 3, 2022, at 11:37, Michael Wojcik via openssl-users
> wrote:
>
>> It’s a rare
>> issue, but when it does it’s a head-scratcher. To avoid that, it’s necessary
>> to shutdown(SHUT_RD) then drain the read buffer before close().
>
> Well, it's not *necessary* to do a half-close. Applicat
Hi
In OpenSSL 3.x, what RSA padding scheme does EVP_SealInit() use? PKCS1
or OAEP ?
In 1.1, I wrote my own version of this code that forced the padding to
be OAEP and am wondering if I still need that in 3.x.
Norm Green
Michael Wojcik via openssl-users writes:
> I'm inclined to agree. While there's an argument for backward
> compatibility, C99 was standardized nearly a quarter of a century
> ago. OpenSSL 1.x is younger than C99. It doesn't seem like an
> unreasonable requirement.
That and there is no substitu
> From: Felipe Gasper
> Sent: Thursday, 3 November, 2022 08:51
>
> You probably know this, but: On Linux, at least, if a TCP socket close()s
> with a non-empty read buffer, the kernel sends TCP RST to the peer.
Yes, that's a conditional-compliance (SHOULD) requirement from the Host
Requirements
On 03/11/2022 14:21, Wiktor Kwapisiewicz via openssl-users wrote:
Hello,
I'd like to clarify one aspect of the API regarding EVP_EncryptUpdate
[0] that is the length of the output buffer that should be passed to
that function ("out" parameter). (Actually I'm using EVP_CipherUpdate
but the do
> On Nov 3, 2022, at 10:17, Michael Wojcik via openssl-users
> wrote:
>
>> Does OpenSSL’s documentation mention that? (I’m not exhaustively
>> familiar with it, but I don’t remember having seen such.)
>
> I doubt it. I don't see anything on the wiki, and this is a pretty obscure
> issue, all
Hello,
I'd like to clarify one aspect of the API regarding EVP_EncryptUpdate
[0] that is the length of the output buffer that should be passed to
that function ("out" parameter). (Actually I'm using EVP_CipherUpdate
but the docs are more comprehensive for EVP_EncryptUpdate).
[0]: https://www.o
> From: Felipe Gasper
> Sent: Thursday, 3 November, 2022 07:42
>
> It sounds, then like shutdown() (i.e., TCP half-close) is a no-no during a
> TLS session.
Um, maybe. Might generally be OK in practice, particularly with TLSv1.3, which
got rid of some of the less-well-considered ideas of earlie
> On Nov 2, 2022, at 16:36, Michael Wojcik via openssl-users
> wrote:
>
>> From: Felipe Gasper
>> Sent: Wednesday, 2 November, 2022 12:46
>>
>> I wouldn’t normally expect EPIPE from a read operation. I get why it happens;
>> it just seems odd. Given that it’s legitimate for a TLS peer to se
> From: openssl-users On Behalf Of
> Steven_M.irc via openssl-users
> Sent: Wednesday, 2 November, 2022 17:18
>
> I'm really worried about the vulnerabilities recently found in OpenSSL
> versions 3.0.0 - 3.0.6.
Why? What's your threat model?
> If I understand things correctly (and please do
> c
Hi team,
I compile OpenSSL 3.0.5 and 3.0.7 on AIX 7100, make and make install succeed,
but make test failed at very beginning when doing "00-prep_fipsmodule_cnf.t".
This is my config options: ./Configure -Wl,-R,/.uvlibs1 aix64-cc enable-fips
enable-acvp-tests no-mdc2 no-idea shared
--prefix=/di
13 matches
Mail list logo
