Convert SSL_ECDH_CTX to C++.
SSLECDHContext has the acronyms problem, so I went with SSLKeyShare to
match the TLS 1.3 terminology. It's also a little shorter. Accept and
Finish, for now, take raw output pointers in anticipation of some
bssl::Array and maybe bssl::CleansedArray types.
Bug: 132
Change-Id: I427c7c0eac95704f3ad093676c504c2848f5acb9
Reviewed-on: https://boringssl-review.googlesource.com/18265
Reviewed-by: Steven Valdez <svaldez@google.com>
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc
index b57b67a..38fbef4 100644
--- a/ssl/handshake_server.cc
+++ b/ssl/handshake_server.cc
@@ -1067,11 +1067,12 @@
hs->new_session->group_id = group_id;
/* Set up ECDH, generate a key, and emit the public half. */
- if (!SSL_ECDH_CTX_init(&hs->ecdh_ctx, group_id) ||
+ hs->key_share = SSLKeyShare::Create(group_id);
+ if (!hs->key_share ||
!CBB_add_u8(cbb.get(), NAMED_CURVE_TYPE) ||
!CBB_add_u16(cbb.get(), group_id) ||
!CBB_add_u8_length_prefixed(cbb.get(), &child) ||
- !SSL_ECDH_CTX_offer(&hs->ecdh_ctx, &child)) {
+ !hs->key_share->Offer(&child)) {
return -1;
}
} else {
@@ -1434,15 +1435,14 @@
/* Compute the premaster. */
uint8_t alert = SSL_AD_DECODE_ERROR;
- if (!SSL_ECDH_CTX_finish(&hs->ecdh_ctx, &premaster_secret,
- &premaster_secret_len, &alert, CBS_data(&peer_key),
- CBS_len(&peer_key))) {
+ if (!hs->key_share->Finish(&premaster_secret, &premaster_secret_len, &alert,
+ CBS_data(&peer_key), CBS_len(&peer_key))) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
goto err;
}
/* The key exchange state may now be discarded. */
- SSL_ECDH_CTX_cleanup(&hs->ecdh_ctx);
+ hs->key_share.reset();
} else if (!(alg_k & SSL_kPSK)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
