CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2023/06/11 13:01:01
Modified files: lib/libssl : ssl_clnt.c ssl_srvr.c Log message: Convert legacy server kex to one-shot sign/verify This converts ssl3_{get,send}_server_key_exchange() to EVP_DigestVerify() and EVP_DigestSign(). In order to do this, build the full signed_params up front and rework the way the key exchange parameters are constructed. This way we can do the verify and sign steps in one go and at the same use a more idiomatic approach with CBB/CBS. with/ok jsing