CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2023/06/11 13:01:01
Modified files:
lib/libssl : ssl_clnt.c ssl_srvr.c
Log message:
Convert legacy server kex to one-shot sign/verify
This converts ssl3_{get,send}_server_key_exchange() to EVP_DigestVerify()
and EVP_DigestSign(). In order to do this, build the full signed_params
up front and rework the way the key exchange parameters are constructed.
This way we can do the verify and sign steps in one go and at the same
use a more idiomatic approach with CBB/CBS.
with/ok jsing
