Add a MLKEM768_X25519 hybrid key share.

This implements the currently in use MLKEM768_X25519 hybrid key share as outlined in https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ This commit does not yet wire this up to anything, that is done in follow on changes. ok tb@ jsing@ kenjiro@
author: beck <> 2025-12-04 21:03:42 +0000
committer: beck <> 2025-12-04 21:03:42 +0000
commit: f8fcf556caab3fb1fb9d9b496d2724345c90a3eb (patch)
tree: e39a46d0520e4b766125513ea7a2a2e6521f7cf6 /src/lib/libssl/tls13_client.c
parent: 25e047ad935a9d585bc84fe9aae3de40dbad3e72 (diff)
download: openbsd-f8fcf556caab3fb1fb9d9b496d2724345c90a3eb.tar.gz
openbsd-f8fcf556caab3fb1fb9d9b496d2724345c90a3eb.tar.bz2
openbsd-f8fcf556caab3fb1fb9d9b496d2724345c90a3eb.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 901b38f860..b0a285694d 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.104 2024/07/22 14:47:15 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.105 2025/12/04 21:03:42 beck Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -53,7 +53,7 @@ tls13_client_init(struct tls13_ctx *ctx)
                return 0;
        if ((ctx->hs->key_share = tls_key_share_new(groups[0])) == NULL)
                return 0;
-        if (!tls_key_share_generate(ctx->hs->key_share))
+        if (!tls_key_share_client_generate(ctx->hs->key_share))
                return 0;
        arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
@@ -450,7 +450,7 @@ tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb)
        if ((ctx->hs->key_share =
            tls_key_share_new(ctx->hs->tls13.server_group)) == NULL)
                return 0;
-        if (!tls_key_share_generate(ctx->hs->key_share))
+        if (!tls_key_share_client_generate(ctx->hs->key_share))
                return 0;
        if (!tls13_client_hello_build(ctx, cbb))
author	beck <>	2025-12-04 21:03:42 +0000
committer	beck <>	2025-12-04 21:03:42 +0000
commit	f8fcf556caab3fb1fb9d9b496d2724345c90a3eb (patch)
tree	e39a46d0520e4b766125513ea7a2a2e6521f7cf6 /src/lib/libssl/tls13_client.c
parent	25e047ad935a9d585bc84fe9aae3de40dbad3e72 (diff)
download	openbsd-f8fcf556caab3fb1fb9d9b496d2724345c90a3eb.tar.gz openbsd-f8fcf556caab3fb1fb9d9b496d2724345c90a3eb.tar.bz2 openbsd-f8fcf556caab3fb1fb9d9b496d2724345c90a3eb.zip

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 901b38f860..b0a285694d 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_client.c,v 1.104 2024/07/22 14:47:15 jsing Exp $ */	1	/* $OpenBSD: tls13_client.c,v 1.105 2025/12/04 21:03:42 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -53,7 +53,7 @@ tls13_client_init(struct tls13_ctx *ctx)
53	return 0;	53	return 0;
54	if ((ctx->hs->key_share = tls_key_share_new(groups[0])) == NULL)	54	if ((ctx->hs->key_share = tls_key_share_new(groups[0])) == NULL)
55	return 0;	55	return 0;
56	if (!tls_key_share_generate(ctx->hs->key_share))	56	if (!tls_key_share_client_generate(ctx->hs->key_share))
57	return 0;	57	return 0;
58		58
59	arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);	59	arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
@@ -450,7 +450,7 @@ tls13_client_hello_retry_send(struct tls13_ctx ctx, CBB cbb)
450	if ((ctx->hs->key_share =	450	if ((ctx->hs->key_share =
451	tls_key_share_new(ctx->hs->tls13.server_group)) == NULL)	451	tls_key_share_new(ctx->hs->tls13.server_group)) == NULL)
452	return 0;	452	return 0;
453	if (!tls_key_share_generate(ctx->hs->key_share))	453	if (!tls_key_share_client_generate(ctx->hs->key_share))
454	return 0;	454	return 0;
455		455
456	if (!tls13_client_hello_build(ctx, cbb))	456	if (!tls13_client_hello_build(ctx, cbb))