Here's a good summary of the flaw:

https://guidovranken.com/2022/06/27/notes-on-openssl-remote-...

Note that the bug is only in 3.0.4, which was released June 21, 2022. So if you didn't update to this version, it's unlikely you're vulnerable.

Arnavion

You're talking about the first CVE. The second one affects 1.1 too.

Thankfully I can't imagine anyone using AES-OCB.

mwint

As a non-crypto-nerd: How viable is it to make a “safe” OpenSSL, which just doesn’t support all the cipher modes (?) that the HN crowd would mock me for accidentally using?

woodruffw

The modes of operation aren't the main reason people use OpenSSL; it's the support for all the gnarly (and less gnarly) protocols and wire formats that show up when doing applied cryptography.

Progress is being made on replacing OpenSSL in a lot of contexts (specifically, the RustCrypto[1] folks are doing excellent work and so is cryptography[2]), but there are still plenty of areas where OpenSSL is needed to compose the mostly algebraic cryptography with the right wire format.

Edit: I forgot to mention rustls[3], which uses ring[4] under the hood.

[1]: https://github.com/RustCrypto

[2]: https://github.com/pyca/cryptography

[3]: https://github.com/rustls/rustls

[4]: https://github.com/briansmith/ring