Generate client key share using our preferred group.

Generate a client key share using our preferred group, rather than always
using X25519. This means that the key share group can be controlled via
SSL{_CTX,}_set1_groups() and SSL{_CTX,}_set1_groups_list().

ok beck@

1 files changed, 17 insertions, 9 deletions

diff --git a/lib/libssl/tls13_key_share.c b/lib/libssl/tls13_key_share.c
index c38a3e3cb8e..5404c040703 100644
--- a/lib/libssl/tls13_key_share.c
+++ b/lib/libssl/tls13_key_share.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_key_share.c,v 1.3 2020/02/04 18:06:26 jsing Exp $ */
+/* $OpenBSD: tls13_key_share.c,v 1.4 2020/04/17 17:16:53 jsing Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -36,24 +36,32 @@ struct tls13_key_share {
 };
 
 struct tls13_key_share *
-tls13_key_share_new(int nid)
+tls13_key_share_new(uint16_t group_id)
 {
 	struct tls13_key_share *ks;
+	int nid;
 
-	if ((ks = calloc(1, sizeof(struct tls13_key_share))) == NULL)
-		goto err;
+	if ((nid = tls1_ec_curve_id2nid(group_id)) == 0)
+		return NULL;
 
-	if ((ks->group_id = tls1_ec_nid2curve_id(nid)) == 0)
-		goto err;
+	if ((ks = calloc(1, sizeof(struct tls13_key_share))) == NULL)
+		return NULL;
 
+	ks->group_id = group_id;
 	ks->nid = nid;
 
 	return ks;
+}
 
- err:
-	tls13_key_share_free(ks);
+struct tls13_key_share *
+tls13_key_share_new_nid(int nid)
+{
+	uint16_t group_id;
+
+	if ((group_id = tls1_ec_nid2curve_id(nid)) == 0)
+		return NULL;
 
-	return NULL;
+	return tls13_key_share_new(group_id);
 }
 
 void