artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 80a887b) | patch
Convert legacy server kex to one-shot sign/verify
authortb <tb@openbsd.org>
Sun, 11 Jun 2023 19:01:01 +0000 (19:01 +0000)
committertb <tb@openbsd.org>
Sun, 11 Jun 2023 19:01:01 +0000 (19:01 +0000)
commitbf68ec7f06ba6d068be0a3e0457d5bdca62fba40
tree427cff7c388ee597a7a9f2e563800645d441069btree | snapshot
parent80a887b44157abe3cab06efedcbae8777a087b2fcommit | diff
Convert legacy server kex to one-shot sign/verify

This converts ssl3_{get,send}_server_key_exchange() to EVP_DigestVerify()
and EVP_DigestSign(). In order to do this, build the full signed_params
up front and rework the way the key exchange parameters are constructed.
This way we can do the verify and sign steps in one go and at the same
use a more idiomatic approach with CBB/CBS.

with/ok jsing
lib/libssl/ssl_clnt.c diff | blob | history
lib/libssl/ssl_srvr.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim