From 8aaae3574818dcc48e518588a5f21f25567c50f6 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 6 Jan 2022 18:23:56 +0000
Subject: Convert legacy TLS client to tls_key_share.

This requires adding DHE support to tls_key_share. In doing so,
tls_key_share_peer_public() has to lose the group argument and gains
an invalid_key argument. The one place that actually needs the group
check is tlsext_keyshare_client_parse(), so add code to do this.

ok inoguchi@ tb@
---
 src/lib/libssl/ssl_cert.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

(limited to 'src/lib/libssl/ssl_cert.c')

diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 3b388201ac..6eece6d944 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.88 2021/11/29 18:36:27 tb Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.89 2022/01/06 18:23:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -395,10 +395,6 @@ ssl_sess_cert_free(SESS_CERT *sc)
 	for (i = 0; i < SSL_PKEY_NUM; i++)
 		X509_free(sc->peer_pkeys[i].x509);
 
-	DH_free(sc->peer_dh_tmp);
-	EC_KEY_free(sc->peer_ecdh_tmp);
-	free(sc->peer_x25519_tmp);
-
 	free(sc);
 }
 
-- 
cgit v1.2.3-55-g6feb