kris
/
boringssl
1
0
Форкнуть 0
Код Задачи 0 Pull Request'ы 0 Релизы 0 Вики Активность
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
3095 коммитов
12 Ветки
38 MiB
 
 
 
 
 
 
Дерево: f9bdcc1108
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из 'f9bdcc1108'
${ noResults }
boringssl/ssl/ssl_ecdh.c

612 строки
16 KiB
Исходник Вина История 

  1. /* Copyright (c) 2015, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #include <openssl/ssl.h>

  16. 

  17. #include <assert.h>

  18. #include <string.h>

  19. 

  20. #include <openssl/bn.h>

  21. #include <openssl/bytestring.h>

  22. #include <openssl/curve25519.h>

  23. #include <openssl/ec.h>

  24. #include <openssl/err.h>

  25. #include <openssl/mem.h>

  26. #include <openssl/newhope.h>

  27. #include <openssl/nid.h>

  28. 

  29. #include "internal.h"

  30. 

  31. 

  32. /* |EC_POINT| implementation. */

  33. 

  34. static void ssl_ec_point_cleanup(SSL_ECDH_CTX *ctx) {

  35.   BIGNUM *private_key = (BIGNUM *)ctx->data;

  36.   BN_clear_free(private_key);

  37. }

  38. 

  39. static int ssl_ec_point_offer(SSL_ECDH_CTX *ctx, CBB *out) {

  40.   assert(ctx->data == NULL);

  41.   BIGNUM *private_key = BN_new();

  42.   if (private_key == NULL) {

  43.     return 0;

  44.   }

  45.   ctx->data = private_key;

  46. 

  47.   /* Set up a shared |BN_CTX| for all operations. */

  48.   BN_CTX *bn_ctx = BN_CTX_new();

  49.   if (bn_ctx == NULL) {

  50.     return 0;

  51.   }

  52.   BN_CTX_start(bn_ctx);

  53. 

  54.   int ret = 0;

  55.   EC_POINT *public_key = NULL;

  56.   EC_GROUP *group = EC_GROUP_new_by_curve_name(ctx->method->nid);

  57.   if (group == NULL) {

  58.     goto err;

  59.   }

  60. 

  61.   /* Generate a private key. */

  62.   if (!BN_rand_range_ex(private_key, 1, EC_GROUP_get0_order(group))) {

  63.     goto err;

  64.   }

  65. 

  66.   /* Compute the corresponding public key and serialize it. */

  67.   public_key = EC_POINT_new(group);

  68.   if (public_key == NULL ||

  69.       !EC_POINT_mul(group, public_key, private_key, NULL, NULL, bn_ctx) ||

  70.       !EC_POINT_point2cbb(out, group, public_key, POINT_CONVERSION_UNCOMPRESSED,

  71.                           bn_ctx)) {

  72.     goto err;

  73.   }

  74. 

  75.   ret = 1;

  76. 

  77. err:

  78.   EC_GROUP_free(group);

  79.   EC_POINT_free(public_key);

  80.   BN_CTX_end(bn_ctx);

  81.   BN_CTX_free(bn_ctx);

  82.   return ret;

  83. }

  84. 

  85. static int ssl_ec_point_finish(SSL_ECDH_CTX *ctx, uint8_t **out_secret,

  86.                                size_t *out_secret_len, uint8_t *out_alert,

  87.                                const uint8_t *peer_key, size_t peer_key_len) {

  88.   BIGNUM *private_key = (BIGNUM *)ctx->data;

  89.   assert(private_key != NULL);

  90.   *out_alert = SSL_AD_INTERNAL_ERROR;

  91. 

  92.   /* Set up a shared |BN_CTX| for all operations. */

  93.   BN_CTX *bn_ctx = BN_CTX_new();

  94.   if (bn_ctx == NULL) {

  95.     return 0;

  96.   }

  97.   BN_CTX_start(bn_ctx);

  98. 

  99.   int ret = 0;

  100.   EC_GROUP *group = EC_GROUP_new_by_curve_name(ctx->method->nid);

  101.   EC_POINT *peer_point = NULL, *result = NULL;

  102.   uint8_t *secret = NULL;

  103.   if (group == NULL) {

  104.     goto err;

  105.   }

  106. 

  107.   /* Compute the x-coordinate of |peer_key| * |private_key|. */

  108.   peer_point = EC_POINT_new(group);

  109.   result = EC_POINT_new(group);

  110.   if (peer_point == NULL || result == NULL) {

  111.     goto err;

  112.   }

  113.   BIGNUM *x = BN_CTX_get(bn_ctx);

  114.   if (x == NULL) {

  115.     goto err;

  116.   }

  117.   if (!EC_POINT_oct2point(group, peer_point, peer_key, peer_key_len, bn_ctx)) {

  118.     *out_alert = SSL_AD_DECODE_ERROR;

  119.     goto err;

  120.   }

  121.   if (!EC_POINT_mul(group, result, NULL, peer_point, private_key, bn_ctx) ||

  122.       !EC_POINT_get_affine_coordinates_GFp(group, result, x, NULL, bn_ctx)) {

  123.     goto err;

  124.   }

  125. 

  126.   /* Encode the x-coordinate left-padded with zeros. */

  127.   size_t secret_len = (EC_GROUP_get_degree(group) + 7) / 8;

  128.   secret = OPENSSL_malloc(secret_len);

  129.   if (secret == NULL || !BN_bn2bin_padded(secret, secret_len, x)) {

  130.     goto err;

  131.   }

  132. 

  133.   *out_secret = secret;

  134.   *out_secret_len = secret_len;

  135.   secret = NULL;

  136.   ret = 1;

  137. 

  138. err:

  139.   EC_GROUP_free(group);

  140.   EC_POINT_free(peer_point);

  141.   EC_POINT_free(result);

  142.   BN_CTX_end(bn_ctx);

  143.   BN_CTX_free(bn_ctx);

  144.   OPENSSL_free(secret);

  145.   return ret;

  146. }

  147. 

  148. static int ssl_ec_point_accept(SSL_ECDH_CTX *ctx, CBB *out_public_key,

  149.                                uint8_t **out_secret, size_t *out_secret_len,

  150.                                uint8_t *out_alert, const uint8_t *peer_key,

  151.                                size_t peer_key_len) {

  152.   *out_alert = SSL_AD_INTERNAL_ERROR;

  153.   if (!ssl_ec_point_offer(ctx, out_public_key) ||

  154.       !ssl_ec_point_finish(ctx, out_secret, out_secret_len, out_alert, peer_key,

  155.                            peer_key_len)) {

  156.     return 0;

  157.   }

  158.   return 1;

  159. }

  160. 

  161. /* X25119 implementation. */

  162. 

  163. static void ssl_x25519_cleanup(SSL_ECDH_CTX *ctx) {

  164.   if (ctx->data == NULL) {

  165.     return;

  166.   }

  167.   OPENSSL_cleanse(ctx->data, 32);

  168.   OPENSSL_free(ctx->data);

  169. }

  170. 

  171. static int ssl_x25519_offer(SSL_ECDH_CTX *ctx, CBB *out) {

  172.   assert(ctx->data == NULL);

  173. 

  174.   ctx->data = OPENSSL_malloc(32);

  175.   if (ctx->data == NULL) {

  176.     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  177.     return 0;

  178.   }

  179.   uint8_t public_key[32];

  180.   X25519_keypair(public_key, (uint8_t *)ctx->data);

  181.   return CBB_add_bytes(out, public_key, sizeof(public_key));

  182. }

  183. 

  184. static int ssl_x25519_finish(SSL_ECDH_CTX *ctx, uint8_t **out_secret,

  185.                              size_t *out_secret_len, uint8_t *out_alert,

  186.                              const uint8_t *peer_key, size_t peer_key_len) {

  187.   assert(ctx->data != NULL);

  188.   *out_alert = SSL_AD_INTERNAL_ERROR;

  189. 

  190.   uint8_t *secret = OPENSSL_malloc(32);

  191.   if (secret == NULL) {

  192.     return 0;

  193.   }

  194. 

  195.   if (peer_key_len != 32 ||

  196.       !X25519(secret, (uint8_t *)ctx->data, peer_key)) {

  197.     OPENSSL_free(secret);

  198.     *out_alert = SSL_AD_DECODE_ERROR;

  199.     OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECPOINT);

  200.     return 0;

  201.   }

  202. 

  203.   *out_secret = secret;

  204.   *out_secret_len = 32;

  205.   return 1;

  206. }

  207. 

  208. static int ssl_x25519_accept(SSL_ECDH_CTX *ctx, CBB *out_public_key,

  209.                              uint8_t **out_secret, size_t *out_secret_len,

  210.                              uint8_t *out_alert, const uint8_t *peer_key,

  211.                              size_t peer_key_len) {

  212.   *out_alert = SSL_AD_INTERNAL_ERROR;

  213.   if (!ssl_x25519_offer(ctx, out_public_key) ||

  214.       !ssl_x25519_finish(ctx, out_secret, out_secret_len, out_alert, peer_key,

  215.                          peer_key_len)) {

  216.     return 0;

  217.   }

  218.   return 1;

  219. }

  220. 

  221. 

  222. /* Combined X25119 + New Hope (post-quantum) implementation. */

  223. 

  224. typedef struct {

  225.   uint8_t x25519_key[32];

  226.   NEWHOPE_POLY *newhope_sk;

  227. } cecpq1_data;

  228. 

  229. #define CECPQ1_OFFERMSG_LENGTH (32 + NEWHOPE_OFFERMSG_LENGTH)

  230. #define CECPQ1_ACCEPTMSG_LENGTH (32 + NEWHOPE_ACCEPTMSG_LENGTH)

  231. #define CECPQ1_SECRET_LENGTH (32 + SHA256_DIGEST_LENGTH)

  232. 

  233. static void ssl_cecpq1_cleanup(SSL_ECDH_CTX *ctx) {

  234.   if (ctx->data == NULL) {

  235.     return;

  236.   }

  237.   cecpq1_data *data = ctx->data;

  238.   NEWHOPE_POLY_free(data->newhope_sk);

  239.   OPENSSL_cleanse(data, sizeof(cecpq1_data));

  240.   OPENSSL_free(data);

  241. }

  242. 

  243. static int ssl_cecpq1_offer(SSL_ECDH_CTX *ctx, CBB *out) {

  244.   assert(ctx->data == NULL);

  245.   cecpq1_data *data = OPENSSL_malloc(sizeof(cecpq1_data));

  246.   if (data == NULL) {

  247.     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  248.     return 0;

  249.   }

  250.   ctx->data = data;

  251.   data->newhope_sk = NEWHOPE_POLY_new();

  252.   if (data->newhope_sk == NULL) {

  253.     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  254.     return 0;

  255.   }

  256. 

  257.   uint8_t x25519_public_key[32];

  258.   X25519_keypair(x25519_public_key, data->x25519_key);

  259. 

  260.   uint8_t newhope_offermsg[NEWHOPE_OFFERMSG_LENGTH];

  261.   NEWHOPE_offer(newhope_offermsg, data->newhope_sk);

  262. 

  263.   if (!CBB_add_bytes(out, x25519_public_key, sizeof(x25519_public_key)) ||

  264.       !CBB_add_bytes(out, newhope_offermsg, sizeof(newhope_offermsg))) {

  265.     return 0;

  266.   }

  267.   return 1;

  268. }

  269. 

  270. static int ssl_cecpq1_accept(SSL_ECDH_CTX *ctx, CBB *cbb, uint8_t **out_secret,

  271.                              size_t *out_secret_len, uint8_t *out_alert,

  272.                              const uint8_t *peer_key, size_t peer_key_len) {

  273.   if (peer_key_len != CECPQ1_OFFERMSG_LENGTH) {

  274.     *out_alert = SSL_AD_DECODE_ERROR;

  275.     return 0;

  276.   }

  277. 

  278.   *out_alert = SSL_AD_INTERNAL_ERROR;

  279. 

  280.   assert(ctx->data == NULL);

  281.   cecpq1_data *data = OPENSSL_malloc(sizeof(cecpq1_data));

  282.   if (data == NULL) {

  283.     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  284.     return 0;

  285.   }

  286.   data->newhope_sk = NULL;

  287.   ctx->data = data;

  288. 

  289.   uint8_t *secret = OPENSSL_malloc(CECPQ1_SECRET_LENGTH);

  290.   if (secret == NULL) {

  291.     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  292.     return 0;

  293.   }

  294. 

  295.   /* Generate message to server, and secret key, at once. */

  296. 

  297.   uint8_t x25519_public_key[32];

  298.   X25519_keypair(x25519_public_key, data->x25519_key);

  299.   if (!X25519(secret, data->x25519_key, peer_key)) {

  300.     *out_alert = SSL_AD_DECODE_ERROR;

  301.     OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECPOINT);

  302.     goto err;

  303.   }

  304. 

  305.   uint8_t newhope_acceptmsg[NEWHOPE_ACCEPTMSG_LENGTH];

  306.   if (!NEWHOPE_accept(secret + 32, newhope_acceptmsg, peer_key + 32,

  307.                       NEWHOPE_OFFERMSG_LENGTH)) {

  308.     *out_alert = SSL_AD_DECODE_ERROR;

  309.     goto err;

  310.   }

  311. 

  312.   if (!CBB_add_bytes(cbb, x25519_public_key, sizeof(x25519_public_key)) ||

  313.       !CBB_add_bytes(cbb, newhope_acceptmsg, sizeof(newhope_acceptmsg))) {

  314.     goto err;

  315.   }

  316. 

  317.   *out_secret = secret;

  318.   *out_secret_len = CECPQ1_SECRET_LENGTH;

  319.   return 1;

  320. 

  321.  err:

  322.   OPENSSL_cleanse(secret, CECPQ1_SECRET_LENGTH);

  323.   OPENSSL_free(secret);

  324.   return 0;

  325. }

  326. 

  327. static int ssl_cecpq1_finish(SSL_ECDH_CTX *ctx, uint8_t **out_secret,

  328.                              size_t *out_secret_len, uint8_t *out_alert,

  329.                              const uint8_t *peer_key, size_t peer_key_len) {

  330.   if (peer_key_len != CECPQ1_ACCEPTMSG_LENGTH) {

  331.     *out_alert = SSL_AD_DECODE_ERROR;

  332.     return 0;

  333.   }

  334. 

  335.   *out_alert = SSL_AD_INTERNAL_ERROR;

  336. 

  337.   assert(ctx->data != NULL);

  338.   cecpq1_data *data = ctx->data;

  339. 

  340.   uint8_t *secret = OPENSSL_malloc(CECPQ1_SECRET_LENGTH);

  341.   if (secret == NULL) {

  342.     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);

  343.     return 0;

  344.   }

  345. 

  346.   if (!X25519(secret, data->x25519_key, peer_key)) {

  347.     *out_alert = SSL_AD_DECODE_ERROR;

  348.     OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECPOINT);

  349.     goto err;

  350.   }

  351. 

  352.   if (!NEWHOPE_finish(secret + 32, data->newhope_sk, peer_key + 32,

  353.                       NEWHOPE_ACCEPTMSG_LENGTH)) {

  354.     *out_alert = SSL_AD_DECODE_ERROR;

  355.     goto err;

  356.   }

  357. 

  358.   *out_secret = secret;

  359.   *out_secret_len = CECPQ1_SECRET_LENGTH;

  360.   return 1;

  361. 

  362.  err:

  363.   OPENSSL_cleanse(secret, CECPQ1_SECRET_LENGTH);

  364.   OPENSSL_free(secret);

  365.   return 0;

  366. }

  367. 

  368. 

  369. /* Legacy DHE-based implementation. */

  370. 

  371. static void ssl_dhe_cleanup(SSL_ECDH_CTX *ctx) {

  372.   DH_free((DH *)ctx->data);

  373. }

  374. 

  375. static int ssl_dhe_offer(SSL_ECDH_CTX *ctx, CBB *out) {

  376.   DH *dh = (DH *)ctx->data;

  377.   /* The group must have been initialized already, but not the key. */

  378.   assert(dh != NULL);

  379.   assert(dh->priv_key == NULL);

  380. 

  381.   /* Due to a bug in yaSSL, the public key must be zero padded to the size of

  382.    * the prime. */

  383.   return DH_generate_key(dh) &&

  384.          BN_bn2cbb_padded(out, BN_num_bytes(dh->p), dh->pub_key);

  385. }

  386. 

  387. static int ssl_dhe_finish(SSL_ECDH_CTX *ctx, uint8_t **out_secret,

  388.                           size_t *out_secret_len, uint8_t *out_alert,

  389.                           const uint8_t *peer_key, size_t peer_key_len) {

  390.   DH *dh = (DH *)ctx->data;

  391.   assert(dh != NULL);

  392.   assert(dh->priv_key != NULL);

  393.   *out_alert = SSL_AD_INTERNAL_ERROR;

  394. 

  395.   int secret_len = 0;

  396.   uint8_t *secret = NULL;

  397.   BIGNUM *peer_point = BN_bin2bn(peer_key, peer_key_len, NULL);

  398.   if (peer_point == NULL) {

  399.     goto err;

  400.   }

  401. 

  402.   secret = OPENSSL_malloc(DH_size(dh));

  403.   if (secret == NULL) {

  404.     goto err;

  405.   }

  406.   secret_len = DH_compute_key(secret, peer_point, dh);

  407.   if (secret_len <= 0) {

  408.     goto err;

  409.   }

  410. 

  411.   *out_secret = secret;

  412.   *out_secret_len = (size_t)secret_len;

  413.   BN_free(peer_point);

  414.   return 1;

  415. 

  416. err:

  417.   if (secret_len > 0) {

  418.     OPENSSL_cleanse(secret, (size_t)secret_len);

  419.   }

  420.   OPENSSL_free(secret);

  421.   BN_free(peer_point);

  422.   return 0;

  423. }

  424. 

  425. static int ssl_dhe_accept(SSL_ECDH_CTX *ctx, CBB *out_public_key,

  426.                           uint8_t **out_secret, size_t *out_secret_len,

  427.                           uint8_t *out_alert, const uint8_t *peer_key,

  428.                           size_t peer_key_len) {

  429.   *out_alert = SSL_AD_INTERNAL_ERROR;

  430.   if (!ssl_dhe_offer(ctx, out_public_key) ||

  431.       !ssl_dhe_finish(ctx, out_secret, out_secret_len, out_alert, peer_key,

  432.                       peer_key_len)) {

  433.     return 0;

  434.   }

  435.   return 1;

  436. }

  437. 

  438. static const SSL_ECDH_METHOD kDHEMethod = {

  439.     NID_undef, 0, "",

  440.     ssl_dhe_cleanup,

  441.     ssl_dhe_offer,

  442.     ssl_dhe_accept,

  443.     ssl_dhe_finish,

  444.     CBS_get_u16_length_prefixed,

  445.     CBB_add_u16_length_prefixed,

  446. };

  447. 

  448. static const SSL_ECDH_METHOD kCECPQ1Method = {

  449.     NID_undef, 0, "",

  450.     ssl_cecpq1_cleanup,

  451.     ssl_cecpq1_offer,

  452.     ssl_cecpq1_accept,

  453.     ssl_cecpq1_finish,

  454.     CBS_get_u16_length_prefixed,

  455.     CBB_add_u16_length_prefixed,

  456. };

  457. 

  458. static const SSL_ECDH_METHOD kMethods[] = {

  459.     {

  460.         NID_X9_62_prime256v1,

  461.         SSL_CURVE_SECP256R1,

  462.         "P-256",

  463.         ssl_ec_point_cleanup,

  464.         ssl_ec_point_offer,

  465.         ssl_ec_point_accept,

  466.         ssl_ec_point_finish,

  467.         CBS_get_u8_length_prefixed,

  468.         CBB_add_u8_length_prefixed,

  469.     },

  470.     {

  471.         NID_secp384r1,

  472.         SSL_CURVE_SECP384R1,

  473.         "P-384",

  474.         ssl_ec_point_cleanup,

  475.         ssl_ec_point_offer,

  476.         ssl_ec_point_accept,

  477.         ssl_ec_point_finish,

  478.         CBS_get_u8_length_prefixed,

  479.         CBB_add_u8_length_prefixed,

  480.     },

  481.     {

  482.         NID_secp521r1,

  483.         SSL_CURVE_SECP521R1,

  484.         "P-521",

  485.         ssl_ec_point_cleanup,

  486.         ssl_ec_point_offer,

  487.         ssl_ec_point_accept,

  488.         ssl_ec_point_finish,

  489.         CBS_get_u8_length_prefixed,

  490.         CBB_add_u8_length_prefixed,

  491.     },

  492.     {

  493.         NID_X25519,

  494.         SSL_CURVE_X25519,

  495.         "X25519",

  496.         ssl_x25519_cleanup,

  497.         ssl_x25519_offer,

  498.         ssl_x25519_accept,

  499.         ssl_x25519_finish,

  500.         CBS_get_u8_length_prefixed,

  501.         CBB_add_u8_length_prefixed,

  502.     },

  503. };

  504. 

  505. static const SSL_ECDH_METHOD *method_from_group_id(uint16_t group_id) {

  506.   size_t i;

  507.   for (i = 0; i < sizeof(kMethods) / sizeof(kMethods[0]); i++) {

  508.     if (kMethods[i].group_id == group_id) {

  509.       return &kMethods[i];

  510.     }

  511.   }

  512.   return NULL;

  513. }

  514. 

  515. static const SSL_ECDH_METHOD *method_from_nid(int nid) {

  516.   size_t i;

  517.   for (i = 0; i < sizeof(kMethods) / sizeof(kMethods[0]); i++) {

  518.     if (kMethods[i].nid == nid) {

  519.       return &kMethods[i];

  520.     }

  521.   }

  522.   return NULL;

  523. }

  524. 

  525. const char* SSL_get_curve_name(uint16_t group_id) {

  526.   const SSL_ECDH_METHOD *method = method_from_group_id(group_id);

  527.   if (method == NULL) {

  528.     return NULL;

  529.   }

  530.   return method->name;

  531. }

  532. 

  533. int ssl_nid_to_group_id(uint16_t *out_group_id, int nid) {

  534.   const SSL_ECDH_METHOD *method = method_from_nid(nid);

  535.   if (method == NULL) {

  536.     return 0;

  537.   }

  538.   *out_group_id = method->group_id;

  539.   return 1;

  540. }

  541. 

  542. int SSL_ECDH_CTX_init(SSL_ECDH_CTX *ctx, uint16_t group_id) {

  543.   SSL_ECDH_CTX_cleanup(ctx);

  544. 

  545.   const SSL_ECDH_METHOD *method = method_from_group_id(group_id);

  546.   if (method == NULL) {

  547.     OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);

  548.     return 0;

  549.   }

  550.   ctx->method = method;

  551.   return 1;

  552. }

  553. 

  554. void SSL_ECDH_CTX_init_for_dhe(SSL_ECDH_CTX *ctx, DH *params) {

  555.   SSL_ECDH_CTX_cleanup(ctx);

  556. 

  557.   ctx->method = &kDHEMethod;

  558.   ctx->data = params;

  559. }

  560. 

  561. void SSL_ECDH_CTX_init_for_cecpq1(SSL_ECDH_CTX *ctx) {

  562.   SSL_ECDH_CTX_cleanup(ctx);

  563. 

  564.   ctx->method = &kCECPQ1Method;

  565. }

  566. 

  567. void SSL_ECDH_CTX_cleanup(SSL_ECDH_CTX *ctx) {

  568.   if (ctx->method == NULL) {

  569.     return;

  570.   }

  571.   ctx->method->cleanup(ctx);

  572.   ctx->method = NULL;

  573.   ctx->data = NULL;

  574. }

  575. 

  576. uint16_t SSL_ECDH_CTX_get_id(const SSL_ECDH_CTX *ctx) {

  577.   return ctx->method->group_id;

  578. }

  579. 

  580. int SSL_ECDH_CTX_get_key(SSL_ECDH_CTX *ctx, CBS *cbs, CBS *out) {

  581.   if (ctx->method == NULL) {

  582.     return 0;

  583.   }

  584.   return ctx->method->get_key(cbs, out);

  585. }

  586. 

  587. int SSL_ECDH_CTX_add_key(SSL_ECDH_CTX *ctx, CBB *cbb, CBB *out_contents) {

  588.   if (ctx->method == NULL) {

  589.     return 0;

  590.   }

  591.   return ctx->method->add_key(cbb, out_contents);

  592. }

  593. 

  594. int SSL_ECDH_CTX_offer(SSL_ECDH_CTX *ctx, CBB *out_public_key) {

  595.   return ctx->method->offer(ctx, out_public_key);

  596. }

  597. 

  598. int SSL_ECDH_CTX_accept(SSL_ECDH_CTX *ctx, CBB *out_public_key,

  599.                         uint8_t **out_secret, size_t *out_secret_len,

  600.                         uint8_t *out_alert, const uint8_t *peer_key,

  601.                         size_t peer_key_len) {

  602.   return ctx->method->accept(ctx, out_public_key, out_secret, out_secret_len,

  603.                              out_alert, peer_key, peer_key_len);

  604. }

  605. 

  606. int SSL_ECDH_CTX_finish(SSL_ECDH_CTX *ctx, uint8_t **out_secret,

  607.                         size_t *out_secret_len, uint8_t *out_alert,

  608.                         const uint8_t *peer_key, size_t peer_key_len) {

  609.   return ctx->method->finish(ctx, out_secret, out_secret_len, out_alert,

  610.                              peer_key, peer_key_len);

  611. }