Remove SSL_(CTX_)?set_ecdh_callback.

It has no callers. I prepped for its removal earlier with
https://android.googlesource.com/platform/external/conscrypt/+/c05697c2c50fe1331f08c6f32d0bc9636eecdc2d
and then completely forgot.

Thanks to upstream's 6f78b9e824c053d062188578635c575017b587c5 for
the reminder. Quoth them:

> This only gets used to set a specific curve without actually checking
> that the peer supports it or not and can therefor result in handshake
> failures that can be avoided by selecting a different cipher.

It's also a very confusing API since it does NOT pass ownership of the
EC_KEY to the caller.

Change-Id: I6a00643b3a2d6746e9e0e228b47c2bc9694b0084
Reviewed-on: https://boringssl-review.googlesource.com/6621
Reviewed-by: Adam Langley <agl@google.com>

include/openssl/ssl.h

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 4c720d5..a62108b 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1805,34 +1805,6 @@
  * preferences. (This is recommended.) */
 OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key);
 
-/* SSL_CTX_set_tmp_ecdh_callback configures |ctx| to use |callback| to determine
- * the curve for ephemeral ECDH keys. |callback| should ignore |is_export| and
- * |keylength| and return an |EC_KEY| of the selected curve or NULL on
- * error. Only the curve is used, so the |EC_KEY| needn't have a generated
- * keypair.
- *
- * If the callback is unset, an appropriate curve will be chosen based on curve
- * preferences. (This is recommended.)
- *
- * WARNING: The caller does not take ownership of the resulting |EC_KEY|, so
- * |callback| must save and release the object elsewhere. */
-OPENSSL_EXPORT void SSL_CTX_set_tmp_ecdh_callback(
-    SSL_CTX *ctx, EC_KEY *(*callback)(SSL *ssl, int is_export, int keylength));
-
-/* SSL_set_tmp_ecdh_callback configures |ssl| to use |callback| to determine the
- * curve for ephemeral ECDH keys. |callback| should ignore |is_export| and
- * |keylength| and return an |EC_KEY| of the selected curve or NULL on
- * error. Only the curve is used, so the |EC_KEY| needn't have a generated
- * keypair.
- *
- * If the callback is unset, an appropriate curve will be chosen based on curve
- * preferences. (This is recommended.)
- *
- * WARNING: The caller does not take ownership of the resulting |EC_KEY|, so
- * |callback| must save and release the object elsewhere. */
-OPENSSL_EXPORT void SSL_set_tmp_ecdh_callback(
-    SSL *ssl, EC_KEY *(*callback)(SSL *ssl, int is_export, int keylength));
-
 /* SSL_get_curve_name returns a human-readable name for the elliptic curve
  * specified by the given TLS curve id, or NULL if the curve if unknown. */
 OPENSSL_EXPORT const char *SSL_get_curve_name(uint16_t curve_id);

ssl/internal.h

diff --git a/ssl/internal.h b/ssl/internal.h
index 225c828..73387a0 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -727,12 +727,8 @@
   DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
 
   /* ecdh_nid, if not |NID_undef|, is the NID of the curve to use for ephemeral
-   * ECDH keys. If unset, |ecdh_tmp_cb| is consulted. */
+   * ECDH keys. */
   int ecdh_nid;
-  /* ecdh_tmp_cb is a callback for selecting the curve to use for ephemeral ECDH
-   * keys. If NULL, a curve is selected automatically. See
-   * |SSL_CTX_set_tmp_ecdh_callback|. */
-  EC_KEY *(*ecdh_tmp_cb)(SSL *ssl, int is_export, int keysize);
 
   /* peer_sigalgs are the algorithm/hash pairs that the peer supports. These
    * are taken from the contents of signature algorithms extension for a server

ssl/s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 002bacf..04cae2e 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1302,13 +1302,6 @@
       int nid = NID_undef;
       if (cert->ecdh_nid != NID_undef) {
         nid = cert->ecdh_nid;
-      } else if (cert->ecdh_tmp_cb != NULL) {
-        /* Note: |ecdh_tmp_cb| does NOT pass ownership of the result
-         * to the caller. */
-        EC_KEY *template = s->cert->ecdh_tmp_cb(s, 0, 1024);
-        if (template != NULL && EC_KEY_get0_group(template) != NULL) {
-          nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(template));
-        }
       } else {
         nid = tls1_get_shared_curve(s);
       }

ssl/ssl_cert.c

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 4094b27..8788152 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -186,7 +186,6 @@
   ret->dh_tmp_cb = cert->dh_tmp_cb;
 
   ret->ecdh_nid = cert->ecdh_nid;
-  ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
 
   if (cert->x509 != NULL) {
     ret->x509 = X509_up_ref(cert->x509);

ssl/ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 839cf94..379fd4f 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2128,18 +2128,6 @@
   ssl->cert->dh_tmp_cb = callback;
 }
 
-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
-                                   EC_KEY *(*callback)(SSL *ssl, int is_export,
-                                                       int keylength)) {
-  ctx->cert->ecdh_tmp_cb = callback;
-}
-
-void SSL_set_tmp_ecdh_callback(SSL *ssl,
-                               EC_KEY *(*callback)(SSL *ssl, int is_export,
-                                                   int keylength)) {
-  ssl->cert->ecdh_tmp_cb = callback;
-}
-
 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) {
   if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);

ssl/t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index d312a52..0e78594 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -611,11 +611,6 @@
            tls1_check_curve_id(s, curve_id);
   }
 
-  if (s->cert->ecdh_tmp_cb != NULL) {
-    /* Assume the callback will provide an acceptable curve. */
-    return 1;
-  }
-
   /* Otherwise, the curve gets selected automatically. ECDH is acceptable iff
    * there is a shared curve. */
   return tls1_get_shared_curve(s) != NID_undef;