From f8fcf556caab3fb1fb9d9b496d2724345c90a3eb Mon Sep 17 00:00:00 2001 From: beck <> Date: Thu, 4 Dec 2025 21:03:42 +0000 Subject: Add a MLKEM768_X25519 hybrid key share. This implements the currently in use MLKEM768_X25519 hybrid key share as outlined in https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ This commit does not yet wire this up to anything, that is done in follow on changes. ok tb@ jsing@ kenjiro@ --- src/lib/libssl/ssl_clnt.c | 10 +- src/lib/libssl/ssl_srvr.c | 10 +- src/lib/libssl/ssl_tlsext.c | 8 +- src/lib/libssl/tls13_client.c | 6 +- src/lib/libssl/tls13_server.c | 4 +- src/lib/libssl/tls_internal.h | 9 +- src/lib/libssl/tls_key_share.c | 327 ++++++++++++++++++++++++++++- src/regress/lib/libssl/tlsext/tlsexttest.c | 10 +- 8 files changed, 353 insertions(+), 31 deletions(-) (limited to 'src') diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 0d3dcf78af..22469ce346 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.169 2025/03/09 15:53:36 tb Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.170 2025/12/04 21:03:42 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1195,7 +1195,7 @@ ssl3_get_server_kex_dhe(SSL *s, CBS *cbs) } goto err; } - if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs, + if (!tls_key_share_client_peer_public(s->s3->hs.key_share, cbs, &decode_error, &invalid_key)) { if (decode_error) { SSLerror(s, SSL_R_BAD_PACKET_LENGTH); @@ -1264,7 +1264,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs) if ((s->s3->hs.key_share = tls_key_share_new(group_id)) == NULL) goto err; - if (!tls_key_share_peer_public(s->s3->hs.key_share, &public, + if (!tls_key_share_client_peer_public(s->s3->hs.key_share, &public, &decode_error, NULL)) { if (decode_error) goto decode_err; @@ -1859,7 +1859,7 @@ ssl3_send_client_kex_dhe(SSL *s, CBB *cbb) goto err; } - if (!tls_key_share_generate(s->s3->hs.key_share)) + if (!tls_key_share_client_generate(s->s3->hs.key_share)) goto err; if (!tls_key_share_public(s->s3->hs.key_share, cbb)) goto err; @@ -1898,7 +1898,7 @@ ssl3_send_client_kex_ecdhe(SSL *s, CBB *cbb) goto err; } - if (!tls_key_share_generate(s->s3->hs.key_share)) + if (!tls_key_share_client_generate(s->s3->hs.key_share)) goto err; if (!CBB_add_u8_length_prefixed(cbb, &public)) diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index db4ba38b51..ef93e283de 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.166 2025/03/09 15:53:36 tb Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.167 2025/12/04 21:03:42 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1357,7 +1357,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) goto err; } - if (!tls_key_share_generate(s->s3->hs.key_share)) + if (!tls_key_share_server_generate(s->s3->hs.key_share)) goto err; if (!tls_key_share_params(s->s3->hs.key_share, cbb)) @@ -1393,7 +1393,7 @@ ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb) if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL) goto err; - if (!tls_key_share_generate(s->s3->hs.key_share)) + if (!tls_key_share_server_generate(s->s3->hs.key_share)) goto err; /* @@ -1744,7 +1744,7 @@ ssl3_get_client_kex_dhe(SSL *s, CBS *cbs) goto err; } - if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs, + if (!tls_key_share_server_peer_public(s->s3->hs.key_share, cbs, &decode_error, &invalid_key)) { if (decode_error) { SSLerror(s, SSL_R_BAD_PACKET_LENGTH); @@ -1792,7 +1792,7 @@ ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs) ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); goto err; } - if (!tls_key_share_peer_public(s->s3->hs.key_share, &public, + if (!tls_key_share_server_peer_public(s->s3->hs.key_share, &public, &decode_error, NULL)) { if (decode_error) { SSLerror(s, SSL_R_BAD_PACKET_LENGTH); diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 12ede899e8..dcd9a31205 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.157 2025/10/16 14:42:21 jsing Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.158 2025/12/04 21:03:42 beck Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -1523,7 +1523,7 @@ tlsext_keyshare_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) *alert = SSL_AD_INTERNAL_ERROR; return 0; } - if (!tls_key_share_peer_public(s->s3->hs.key_share, + if (!tls_key_share_server_peer_public(s->s3->hs.key_share, &key_exchange, &decode_error, NULL)) { if (!decode_error) *alert = SSL_AD_INTERNAL_ERROR; @@ -1614,7 +1614,7 @@ tlsext_keyshare_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) *alert = SSL_AD_INTERNAL_ERROR; return 0; } - if (!tls_key_share_peer_public(s->s3->hs.key_share, + if (!tls_key_share_server_peer_public(s->s3->hs.key_share, &key_exchange, &decode_error, NULL)) { if (!decode_error) *alert = SSL_AD_INTERNAL_ERROR; @@ -1691,7 +1691,7 @@ tlsext_keyshare_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) *alert = SSL_AD_INTERNAL_ERROR; return 0; } - if (!tls_key_share_peer_public(s->s3->hs.key_share, + if (!tls_key_share_client_peer_public(s->s3->hs.key_share, &key_exchange, &decode_error, NULL)) { if (!decode_error) *alert = SSL_AD_INTERNAL_ERROR; diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 901b38f860..b0a285694d 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.104 2024/07/22 14:47:15 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.105 2025/12/04 21:03:42 beck Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -53,7 +53,7 @@ tls13_client_init(struct tls13_ctx *ctx) return 0; if ((ctx->hs->key_share = tls_key_share_new(groups[0])) == NULL) return 0; - if (!tls_key_share_generate(ctx->hs->key_share)) + if (!tls_key_share_client_generate(ctx->hs->key_share)) return 0; arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); @@ -450,7 +450,7 @@ tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb) if ((ctx->hs->key_share = tls_key_share_new(ctx->hs->tls13.server_group)) == NULL) return 0; - if (!tls_key_share_generate(ctx->hs->key_share)) + if (!tls_key_share_client_generate(ctx->hs->key_share)) return 0; if (!tls13_client_hello_build(ctx, cbb)) diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index fa56db9563..604dab4cba 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.111 2025/10/25 12:31:44 tb Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.112 2025/12/04 21:03:42 beck Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -502,7 +502,7 @@ tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb) { if (ctx->hs->key_share == NULL) return 0; - if (!tls_key_share_generate(ctx->hs->key_share)) + if (!tls_key_share_server_generate(ctx->hs->key_share)) return 0; if (!tls13_servername_process(ctx)) return 0; diff --git a/src/lib/libssl/tls_internal.h b/src/lib/libssl/tls_internal.h index 84edde8474..3d8d6aa940 100644 --- a/src/lib/libssl/tls_internal.h +++ b/src/lib/libssl/tls_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_internal.h,v 1.10 2022/11/10 18:06:37 jsing Exp $ */ +/* $OpenBSD: tls_internal.h,v 1.11 2025/12/04 21:03:42 beck Exp $ */ /* * Copyright (c) 2018, 2019, 2021 Joel Sing * @@ -85,12 +85,15 @@ int tls_key_share_nid(struct tls_key_share *ks); void tls_key_share_set_key_bits(struct tls_key_share *ks, size_t key_bits); int tls_key_share_set_dh_params(struct tls_key_share *ks, DH *dh_params); int tls_key_share_peer_pkey(struct tls_key_share *ks, EVP_PKEY *pkey); -int tls_key_share_generate(struct tls_key_share *ks); +int tls_key_share_client_generate(struct tls_key_share *ks); +int tls_key_share_server_generate(struct tls_key_share *ks); int tls_key_share_params(struct tls_key_share *ks, CBB *cbb); int tls_key_share_public(struct tls_key_share *ks, CBB *cbb); int tls_key_share_peer_params(struct tls_key_share *ks, CBS *cbs, int *decode_error, int *invalid_params); -int tls_key_share_peer_public(struct tls_key_share *ks, CBS *cbs, +int tls_key_share_server_peer_public(struct tls_key_share *ks, CBS *cbs, + int *decode_error, int *invalid_key); +int tls_key_share_client_peer_public(struct tls_key_share *ks, CBS *cbs, int *decode_error, int *invalid_key); int tls_key_share_derive(struct tls_key_share *ks, uint8_t **shared_key, size_t *shared_key_len); diff --git a/src/lib/libssl/tls_key_share.c b/src/lib/libssl/tls_key_share.c index cf7b1da262..3f4c44f558 100644 --- a/src/lib/libssl/tls_key_share.c +++ b/src/lib/libssl/tls_key_share.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_key_share.c,v 1.8 2022/11/26 16:08:56 tb Exp $ */ +/* $OpenBSD: tls_key_share.c,v 1.9 2025/12/04 21:03:42 beck Exp $ */ /* * Copyright (c) 2020, 2021 Joel Sing * @@ -21,6 +21,7 @@ #include #include #include +#include #include "bytestring.h" #include "ssl_local.h" @@ -40,6 +41,19 @@ struct tls_key_share { uint8_t *x25519_public; uint8_t *x25519_private; uint8_t *x25519_peer_public; + + uint8_t *mlkem_public; + size_t mlkem_public_len; + MLKEM_private_key *mlkem_private; + MLKEM_public_key *mlkem_peer_public; + + /* The ciphertext from MLKEM_encap. */ + uint8_t *mlkem_encap; + size_t mlkem_encap_len; + + /* The shared secret from an ML-KEM encapsulation. */ + uint8_t *mlkem_shared_secret; + size_t mlkem_shared_secret_len; }; static struct tls_key_share * @@ -96,6 +110,12 @@ tls_key_share_free(struct tls_key_share *ks) freezero(ks->x25519_private, X25519_KEY_LENGTH); freezero(ks->x25519_peer_public, X25519_KEY_LENGTH); + freezero(ks->mlkem_public, ks->mlkem_public_len); + MLKEM_private_key_free(ks->mlkem_private); + MLKEM_public_key_free(ks->mlkem_peer_public); + freezero(ks->mlkem_encap, ks->mlkem_encap_len); + freezero(ks->mlkem_shared_secret, ks->mlkem_shared_secret_len); + freezero(ks, sizeof(*ks)); } @@ -230,7 +250,73 @@ tls_key_share_generate_x25519(struct tls_key_share *ks) return ret; } -int +static int +tls_key_share_generate_mlkem(struct tls_key_share *ks, int rank) +{ + MLKEM_private_key *private = NULL; + uint8_t *public = NULL; + size_t p_len = 0; + int ret = 0; + + if (ks->mlkem_public != NULL || ks->mlkem_private != NULL) + goto err; + + if ((private = MLKEM_private_key_new(rank)) == NULL) + goto err; + + if (!MLKEM_generate_key(private, &public, &p_len, NULL, NULL)) + goto err; + + ks->mlkem_public = public; + ks->mlkem_public_len = p_len; + ks->mlkem_private = private; + public = NULL; + private = NULL; + + ret = 1; + + err: + freezero(public, p_len); + MLKEM_private_key_free(private); + + return ret; +} + +static int +tls_key_share_client_generate_mlkem768x25519(struct tls_key_share *ks) +{ + if (!tls_key_share_generate_mlkem(ks, RANK768)) + return 0; + + if (!tls_key_share_generate_x25519(ks)) + return 0; + + return 1; +} + +static int +tls_key_share_server_generate_mlkem768x25519(struct tls_key_share *ks) +{ + if (ks->mlkem_private != NULL) + return 0; + + /* The server side needs the client's parsed share */ + + if (ks->x25519_peer_public == NULL) + return 0; + + if (ks->mlkem_peer_public == NULL) + return 0; + + if (!tls_key_share_generate_x25519(ks)) + return 0; + + return MLKEM_encap(ks->mlkem_peer_public, &ks->mlkem_encap, + &ks->mlkem_encap_len, &ks->mlkem_shared_secret, + &ks->mlkem_shared_secret_len); +} + +static int tls_key_share_generate(struct tls_key_share *ks) { if (ks->nid == NID_dhKeyAgreement) @@ -242,6 +328,24 @@ tls_key_share_generate(struct tls_key_share *ks) return tls_key_share_generate_ecdhe_ecp(ks); } +int +tls_key_share_client_generate(struct tls_key_share *ks) +{ + if (ks->nid == NID_X25519MLKEM768) + return tls_key_share_client_generate_mlkem768x25519(ks); + + return tls_key_share_generate(ks); +} + +int +tls_key_share_server_generate(struct tls_key_share *ks) +{ + if (ks->nid == NID_X25519MLKEM768) + return tls_key_share_server_generate_mlkem768x25519(ks); + + return tls_key_share_generate(ks); +} + static int tls_key_share_params_dhe(struct tls_key_share *ks, CBB *cbb) { @@ -287,6 +391,47 @@ tls_key_share_public_x25519(struct tls_key_share *ks, CBB *cbb) return CBB_add_bytes(cbb, ks->x25519_public, X25519_KEY_LENGTH); } +static int +tls_key_share_public_mlkem768x25519(struct tls_key_share *ks, CBB *cbb) +{ + uint8_t *mlkem_part; + size_t mlkem_part_len; + + if (ks->x25519_public == NULL) + return 0; + + /* + * https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ + * Section 3.1.2: + * The server's key exchange value is the concatenation of an + * ML-KEM ciphertext returned from encapsulation to the client's + * encapsulation key, and the server's ephemeral X25519 share. + */ + mlkem_part = ks->mlkem_encap; + mlkem_part_len = ks->mlkem_encap_len; + + /* + * https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ + * Section 3.1.1: + * The client's key_exchange value is the concatenation of the + * client's ML-KEM-768 encapsulation key and the client's X25519 + * ephemeral share. + */ + if (mlkem_part == NULL) { + mlkem_part = ks->mlkem_public; + mlkem_part_len = ks->mlkem_public_len; + } + + if (mlkem_part == NULL) + return 0; + + if (!CBB_add_bytes(cbb, mlkem_part, mlkem_part_len)) + return 0; + + /* Both the client and server send their x25519 public keys. */ + return CBB_add_bytes(cbb, ks->x25519_public, X25519_KEY_LENGTH); +} + int tls_key_share_public(struct tls_key_share *ks, CBB *cbb) { @@ -296,6 +441,9 @@ tls_key_share_public(struct tls_key_share *ks, CBB *cbb) if (ks->nid == NID_X25519) return tls_key_share_public_x25519(ks, cbb); + if (ks->nid == NID_X25519MLKEM768) + return tls_key_share_public_mlkem768x25519(ks, cbb); + return tls_key_share_public_ecdhe_ecp(ks, cbb); } @@ -325,7 +473,7 @@ tls_key_share_peer_params(struct tls_key_share *ks, CBS *cbs, return 0; return tls_key_share_peer_params_dhe(ks, cbs, decode_error, - invalid_params); + invalid_params); } static int @@ -383,7 +531,91 @@ tls_key_share_peer_public_x25519(struct tls_key_share *ks, CBS *cbs, return CBS_stow(cbs, &ks->x25519_peer_public, &out_len); } -int +static int +tls_key_share_client_peer_public_mlkem768x25519(struct tls_key_share *ks, + CBS *cbs, int *decode_error) +{ + CBS x25519_cbs, mlkem_ciphertext_cbs; + size_t out_len; + + if (ks->mlkem_shared_secret != NULL) + return 0; + + if (ks->mlkem_private == NULL) + return 0; + + if (!CBS_get_bytes(cbs, &mlkem_ciphertext_cbs, + MLKEM_private_key_ciphertext_length(ks->mlkem_private))) + return 0; + + if (!CBS_get_bytes(cbs, &x25519_cbs, X25519_KEY_LENGTH)) + return 0; + + if (CBS_len(cbs) != 0) + return 0; + + if (!CBS_stow(&x25519_cbs, &ks->x25519_peer_public, &out_len)) + return 0; + + if (!CBS_stow(&mlkem_ciphertext_cbs, &ks->mlkem_encap, &ks->mlkem_encap_len)) + return 0; + + return 1; +} + +static int +tls_key_share_server_peer_public_mlkem768x25519(struct tls_key_share *ks, + CBS *cbs, int *decode_error) +{ + CBS x25519_cbs, mlkem768_cbs; + size_t out_len; + + *decode_error = 0; + + /* The server should not have an mlkem private key */ + if (ks->mlkem_private != NULL) + return 0; + + if (ks->mlkem_shared_secret != NULL) + return 0; + + if (ks->mlkem_peer_public != NULL) + return 0; + + if (ks->x25519_peer_public != NULL) + return 0; + + /* Nein, ist nur normal (1024 ist gigantisch) */ + if ((ks->mlkem_peer_public = MLKEM_public_key_new(RANK768)) == NULL) + goto err; + + if (!CBS_get_bytes(cbs, &mlkem768_cbs, + MLKEM_public_key_encoded_length(ks->mlkem_peer_public))) + goto err; + + if (!CBS_get_bytes(cbs, &x25519_cbs, X25519_KEY_LENGTH)) + goto err; + + if (CBS_len(cbs) != 0) + goto err; + + if (!CBS_stow(&x25519_cbs, &ks->x25519_peer_public, &out_len)) + goto err; + + /* Poetische */ + if (!MLKEM_parse_public_key(ks->mlkem_peer_public, + CBS_data(&mlkem768_cbs), CBS_len(&mlkem768_cbs))) + goto err; + + return 1; + + err: + *decode_error = 1; + + return 0; +} + +static int tls_key_share_peer_public(struct tls_key_share *ks, CBS *cbs, int *decode_error, int *invalid_key) { @@ -402,6 +634,30 @@ tls_key_share_peer_public(struct tls_key_share *ks, CBS *cbs, int *decode_error, return tls_key_share_peer_public_ecdhe_ecp(ks, cbs); } +/* Called from client to process a server peer */ +int +tls_key_share_client_peer_public(struct tls_key_share *ks, CBS *cbs, + int *decode_error, int *invalid_key) +{ + if (ks->nid == NID_X25519MLKEM768) + return tls_key_share_client_peer_public_mlkem768x25519(ks, cbs, + decode_error); + + return tls_key_share_peer_public(ks, cbs, decode_error, invalid_key); +} + +/* Called from server to process a client peer */ +int +tls_key_share_server_peer_public(struct tls_key_share *ks, CBS *cbs, + int *decode_error, int *invalid_key) +{ + if (ks->nid == NID_X25519MLKEM768) + return tls_key_share_server_peer_public_mlkem768x25519(ks, cbs, + decode_error); + + return tls_key_share_peer_public(ks, cbs, decode_error, invalid_key); +} + static int tls_key_share_derive_dhe(struct tls_key_share *ks, uint8_t **shared_key, size_t *shared_key_len) @@ -451,6 +707,65 @@ tls_key_share_derive_x25519(struct tls_key_share *ks, return ret; } +/* + * https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ + * Section 3.1.3: + * For X25519MLKEM768, the shared secret is the concatenation of the ML-KEM + * shared secret and the X25519 shared secret. + */ +static int +tls_key_share_derive_mlkem768x25519(struct tls_key_share *ks, + uint8_t **out_shared_key, size_t *out_shared_key_len) +{ + uint8_t *x25519_shared_key; + CBB cbb; + + memset(&cbb, 0, sizeof(cbb)); + + if (ks->x25519_private == NULL) + goto err; + + if (ks->x25519_peer_public == NULL) + goto err; + + if (ks->mlkem_shared_secret == NULL) { + if (ks->mlkem_private == NULL) + goto err; + + if (ks->mlkem_encap == NULL) + goto err; + + if (!MLKEM_decap(ks->mlkem_private, ks->mlkem_encap, + MLKEM_private_key_ciphertext_length(ks->mlkem_private), + &ks->mlkem_shared_secret, &ks->mlkem_shared_secret_len)) + goto err; + } + + if (!CBB_init(&cbb, ks->mlkem_shared_secret_len + X25519_KEY_LENGTH)) + goto err; + + if (!CBB_add_bytes(&cbb, ks->mlkem_shared_secret, + ks->mlkem_shared_secret_len)) + goto err; + + if (!CBB_add_space(&cbb, &x25519_shared_key, X25519_KEY_LENGTH)) + goto err; + + if (!X25519(x25519_shared_key, ks->x25519_private, + ks->x25519_peer_public)) + goto err; + + if (!CBB_finish(&cbb, out_shared_key, out_shared_key_len)) + goto err; + + return 1; + + err: + CBB_cleanup(&cbb); + + return 0; +} + int tls_key_share_derive(struct tls_key_share *ks, uint8_t **shared_key, size_t *shared_key_len) @@ -468,6 +783,10 @@ tls_key_share_derive(struct tls_key_share *ks, uint8_t **shared_key, return tls_key_share_derive_x25519(ks, shared_key, shared_key_len); + if (ks->nid == NID_X25519MLKEM768) + return tls_key_share_derive_mlkem768x25519(ks, shared_key, + shared_key_len); + return tls_key_share_derive_ecdhe_ecp(ks, shared_key, shared_key_len); } diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index 68584998ce..4c3701a63d 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tlsexttest.c,v 1.94 2025/05/03 08:37:28 tb Exp $ */ +/* $OpenBSD: tlsexttest.c,v 1.95 2025/12/04 21:03:42 beck Exp $ */ /* * Copyright (c) 2017 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -3665,7 +3665,7 @@ test_tlsext_keyshare_client(void) if ((ssl->s3->hs.key_share = tls_key_share_new_nid(NID_X25519)) == NULL) errx(1, "failed to create key share"); - if (!tls_key_share_generate(ssl->s3->hs.key_share)) + if (!tls_key_share_client_generate(ssl->s3->hs.key_share)) errx(1, "failed to generate key share"); ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; @@ -3890,14 +3890,14 @@ test_tlsext_keyshare_server(void) goto done; } - if (!tls_key_share_generate(ssl->s3->hs.key_share)) { + if (!tls_key_share_server_generate(ssl->s3->hs.key_share)) { FAIL("failed to generate key share"); goto done; } CBS_init(&cbs, bogokey, sizeof(bogokey)); - if (!tls_key_share_peer_public(ssl->s3->hs.key_share, &cbs, + if (!tls_key_share_server_peer_public(ssl->s3->hs.key_share, &cbs, &decode_error, NULL)) { FAIL("failed to load peer public key\n"); goto done; @@ -3926,7 +3926,7 @@ test_tlsext_keyshare_server(void) FAIL("failed to create key share"); goto done; } - if (!tls_key_share_generate(ssl->s3->hs.key_share)) { + if (!tls_key_share_server_generate(ssl->s3->hs.key_share)) { FAIL("failed to generate key share"); goto done; } -- cgit v1.2.3-55-g6feb