From f8fcf556caab3fb1fb9d9b496d2724345c90a3eb Mon Sep 17 00:00:00 2001
From: beck <>
Date: Thu, 4 Dec 2025 21:03:42 +0000
Subject: Add a MLKEM768_X25519 hybrid key share.

This implements the currently in use MLKEM768_X25519 hybrid
key share as outlined in

https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/

This commit does not yet wire this up to anything, that is done
in follow on changes.

ok tb@ jsing@ kenjiro@
---
 src/lib/libssl/tls13_server.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib/libssl/tls13_server.c')

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index fa56db9563..604dab4cba 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.111 2025/10/25 12:31:44 tb Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.112 2025/12/04 21:03:42 beck Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -502,7 +502,7 @@ tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb)
 {
 	if (ctx->hs->key_share == NULL)
 		return 0;
-	if (!tls_key_share_generate(ctx->hs->key_share))
+	if (!tls_key_share_server_generate(ctx->hs->key_share))
 		return 0;
 	if (!tls13_servername_process(ctx))
 		return 0;
-- 
cgit v1.2.3-55-g6feb