Move key_share computation out of ClientHello callbacks.
Like the early_data CL, this does shift a bit of logic that was
previously hidden away in the callbacks. For key_share, this is probably
a good move independent of ECH. The logic around HRR, etc., was a little
messy.
Bug: 275
Change-Id: Iafbcebdf66ce1f7957d798a98ee6b996fff24639
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47986
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index aa015d4..7607d56 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -497,7 +497,8 @@
hs->early_data_offered = true;
}
- if (!ssl_write_client_hello(hs)) {
+ if (!ssl_setup_key_shares(hs, /*override_group_id=*/0) ||
+ !ssl_write_client_hello(hs)) {
return ssl_hs_error;
}
