From 295bf02f8211b77feb0bc6963c1b7ec49122ce18 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Fri, 17 Apr 2020 17:16:53 +0000
Subject: Generate client key share using our preferred group.

Generate a client key share using our preferred group, rather than always
using X25519. This means that the key share group can be controlled via
SSL{_CTX,}_set1_groups() and SSL{_CTX,}_set1_groups_list().

ok beck@
---
 src/lib/libssl/tls13_server.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib/libssl/tls13_server.c')

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 3b170f9370..1aebf5840c 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.28 2020/03/10 17:23:25 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.29 2020/04/17 17:16:53 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -49,7 +49,7 @@ tls13_server_init(struct tls13_ctx *ctx)
 	if ((s->session = SSL_SESSION_new()) == NULL)
 		return 0;
 
-	if ((ctx->hs->key_share = tls13_key_share_new(NID_X25519)) == NULL)
+	if ((ctx->hs->key_share = tls13_key_share_new_nid(NID_X25519)) == NULL)
 		return 0;
 	if (!tls13_key_share_generate(ctx->hs->key_share))
 		return 0;
-- 
cgit v1.2.3-55-g6feb