Re: [openssl-users] CVE-2016-2177

2016-08-16 Thread Matt Caswell
On 16/08/16 03:37, Jakob Bohm wrote: > Just to clarify for anyone searching the archives in the future: > > Is that commit included in release 1.0.1t or not? No, its not yet in an official release. It will be included in the next 1.0.1 release - whenever that is. Matt > > (I could probably

[openssl-users] openssl 1.0.2 20160816 snap

2016-08-16 Thread The Doctor
This error showed up /usr/local/bin/clang38 -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -O3 -Wall -DOPENSSL_EXPERIMENTAL_JPAKE

Re: [openssl-users] CVE-2016-2177

2016-08-16 Thread Matt Caswell
On 16/08/16 09:50, Sandeep Umesh wrote: > Hi > > Has this been officially published in openSSL ? Haven't seen a security > advisory for the same. > No. This is a low severity issue. As per our security policy we push fixes for these to our repo as soon as we have them. They are then rolled up

Re: [openssl-users] CVE-2016-2177

2016-08-16 Thread Sandeep Umesh
Hi Has this been officially published in openSSL ? Haven't seen a security advisory for the same. Regards Sandeep From: "Salz, Rich" To: "openssl-users@openssl.org" Date: 08/13/2016 12:51 AM Subject:Re: [openssl-users]

Re: [openssl-users] EVP_SealInit question

2016-08-16 Thread Salz, Rich
> It sounds like you're saying that only RSA supports encrypting with a public > key. But can't any asymmetric encryption algorithm encrypt using the public > key? Why is RSA special in this regard? Because that is the only thing we have implemented. The API's (and code to call them) to do