After looking at the HRR issue a little bit deeper, I think I'm running
into an issue that was fixed by this commit (
166c0b98fd6e8b1bb341397642527a9396468f6c):
Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients.
tls_parse_stoc_key_share was generating a new EVP_PKEY
Hi all,
I've been tasked with making some modifications to OpenSSL 1.1.1 in order
to bring it into compliance with FIPS 140-2. One of the items on the to-do
list was to implement the required key agreement scheme assurances
specified in NIST SP.800-56Ar3 Section 9. This involves performing some