Convert legacy TLS client to tls_key_share.

This requires adding DHE support to tls_key_share. In doing so,
tls_key_share_peer_public() has to lose the group argument and gains
an invalid_key argument. The one place that actually needs the group
check is tlsext_keyshare_client_parse(), so add code to do this.

ok inoguchi@ tb@

1 files changed, 1 insertions, 5 deletions

diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 3b388201ac..6eece6d944 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.88 2021/11/29 18:36:27 tb Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.89 2022/01/06 18:23:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -395,10 +395,6 @@ ssl_sess_cert_free(SESS_CERT *sc)
         for (i = 0; i < SSL_PKEY_NUM; i++)
                 X509_free(sc->peer_pkeys[i].x509);
 
-        DH_free(sc->peer_dh_tmp);
-        EC_KEY_free(sc->peer_ecdh_tmp);
-        free(sc->peer_x25519_tmp);
-
         free(sc);
 }