RE: Setting a group to an existing EVP_PKEY in OpenSSL 3

2022-10-24 Thread Martin via openssl-users
Kory, Thanks for your response. I want to preserve the rest of the EC public key params. I did this. I haven’t test yet. OSSL_PARAM* extracted_params = NULL; char curve_name[64]; OSSL_PARAM* param_ecgroup = NULL; // sigkey is the EVP_PKEY ECDSA public key if (EVP_PKEY_todata(s

Re: Setting a group to an existing EVP_PKEY in OpenSSL 3

2022-10-24 Thread Kory Hamzeh
I haven’t done exactly what you are trying, but something similar. See EVP_PKEY_set_params: https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_set_params.html The specific parm to set the group could be set like this: OSSL_PA

Setting a group to an existing EVP_PKEY in OpenSSL 3

2022-10-24 Thread Martin via openssl-users
Hi, How can I set a GROUP to an existing EC type EVP_PKEY in OpenSSL 3? In 1.0.2 I was using this code having the EC_KEY: EC_KEY_set_group(eckey, EC_GROUP_new_by_curve_name(nid)); In OpenSSL 3 still EC_GROUP_new_by_curve_name(nid) can be used, but I don't know how to go from that to

RE: CVE-2022-37454 SHA-3 buffer overflow

2022-10-24 Thread Job Cacka
That is good to hear as it touches many things. Thanks for letting me know. Job -Original Message- From: Tomas Mraz Sent: Monday, October 24, 2022 1:58 AM To: Job Cacka ; openssl-users@openssl.org Subject: Re: CVE-2022-37454 SHA-3 buffer overflow The implementation of SHA-3 in OpenSSL

RE: [building OpenSSL for vxWorks on Windows using Cygwin]

2022-10-24 Thread Michael Wojcik via openssl-users
> From: openssl-users On Behalf Of ??? > Sent: Friday, 21 October, 2022 02:39 > Subject: Re: openssl-users Digest, Vol 95, Issue 27 Please note the text in the footer of each openssl-users digest message: > When replying, please edit your Subject line so it is more specific > than "Re: Cont

Re: OpenSSL 1.1.1 Windows dependencies

2022-10-24 Thread Matt Caswell
On 22/10/2022 16:02, David Harris wrote: On 21 Oct 2022 at 13:50, Michael Wojcik via openssl-users wrote: That was my initial thought too, except that if it were firewall-related, the initial port 587 connection would be blocked, and it isn't - the failure doesn't happen until after STARTTLS

Re: CVE-2022-37454 SHA-3 buffer overflow

2022-10-24 Thread Tomas Mraz
The implementation of SHA-3 in OpenSSL is different from the vulnerable one. There is a plain C implementation and also assembly implementation for various CPU architectures. See crypto/sha/keccak1600.c and crypto/sha/asm/keccak1600*.pl. None of these should suffer from the CVE-2022-37454. The SHA