2 files changed, 20 insertions, 9 deletions

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index fae70cc5c7..91bfb5f3b6 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.197 2020/09/14 18:34:12 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.198 2020/09/17 15:42:14 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1652,17 +1652,15 @@ ssl3_clear(SSL *s)
         S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
 }
 
-static long
-ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp)
+long
+_SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key)
 {
         EVP_PKEY *pkey = NULL;
         SESS_CERT *sc;
         int ret = 0;
 
-        *pkey_tmp = NULL;
+        *key = NULL;
 
-        if (s->server != 0)
-                return 0;
         if (s->session == NULL || SSI(s)->sess_cert == NULL)
                 return 0;
 
@@ -1688,7 +1686,7 @@ ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp)
                 goto err;
         }
 
-        *pkey_tmp = pkey;
+        *key = pkey;
         pkey = NULL;
 
         ret = 1;
@@ -2016,8 +2014,11 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
         case SSL_CTRL_SET_GROUPS_LIST:
                 return SSL_set1_groups_list(s, parg);
 
+        /* XXX - rename to SSL_CTRL_GET_PEER_TMP_KEY and remove server check. */
         case SSL_CTRL_GET_SERVER_TMP_KEY:
-                return ssl_ctrl_get_server_tmp_key(s, parg);
+                if (s->server != 0)
+                        return 0;
+                return _SSL_get_peer_tmp_key(s, parg);
 
         case SSL_CTRL_GET_MIN_PROTO_VERSION:
                 return SSL_get_min_proto_version(s);
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index eb288699b1..a783739c57 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.172 2020/09/13 16:49:05 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.173 2020/09/17 15:42:14 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1126,7 +1126,12 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
 
 #define SSL_CTRL_SET_ECDH_AUTO                  94
 
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define SSL_CTRL_GET_PEER_TMP_KEY                       109
+#define SSL_CTRL_GET_SERVER_TMP_KEY SSL_CTRL_GET_PEER_TMP_KEY
+#else
 #define SSL_CTRL_GET_SERVER_TMP_KEY             109
+#endif
 
 #define SSL_CTRL_GET_CHAIN_CERTS                        115
 
@@ -1231,6 +1236,11 @@ int SSL_set_max_proto_version(SSL *ssl, uint16_t version);
 #define SSL_get_server_tmp_key(s, pk) \
         SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
 
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define SSL_get_peer_tmp_key(s, pk) \
+        SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk)
+#endif /* LIBRESSL_HAS_TLS1_3 || LIBRESSL_INTERNAL */
+
 #ifndef LIBRESSL_INTERNAL
 /*
  * Also provide those functions as macros for compatibility with