1 files changed, 0 insertions, 422 deletions
diff --git a/src/lib/libssl/ssl_kex.c b/src/lib/libssl/ssl_kex.c
deleted file mode 100644
index fa420a35a3..0000000000
--- a/src/lib/libssl/ssl_kex.c
+++ /dev/null
@@ -1,422 +0,0 @@
-/* $OpenBSD: ssl_kex.c,v 1.12 2023/07/28 16:02:34 tb Exp $ */
-/*
- * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include <stdlib.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/ec.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "bytestring.h"
-#define DHE_MINIMUM_BITS        1024
-int
-ssl_kex_generate_dhe(DH *dh, DH *dh_params)
-{
-        BIGNUM *p = NULL, *g = NULL;
-        int ret = 0;
-        if ((p = BN_dup(DH_get0_p(dh_params))) == NULL)
-                goto err;
-        if ((g = BN_dup(DH_get0_g(dh_params))) == NULL)
-                goto err;
-        if (!DH_set0_pqg(dh, p, NULL, g))
-                goto err;
-        p = NULL;
-        g = NULL;
-        if (!DH_generate_key(dh))
-                goto err;
-        ret = 1;
- err:
-        BN_free(p);
-        BN_free(g);
-        return ret;
-}
-int
-ssl_kex_generate_dhe_params_auto(DH *dh, size_t key_bits)
-{
-        BIGNUM *p = NULL, *g = NULL;
-        int ret = 0;
-        if (key_bits >= 8192)
-                p = BN_get_rfc3526_prime_8192(NULL);
-        else if (key_bits >= 4096)
-                p = BN_get_rfc3526_prime_4096(NULL);
-        else if (key_bits >= 3072)
-                p = BN_get_rfc3526_prime_3072(NULL);
-        else if (key_bits >= 2048)
-                p = BN_get_rfc3526_prime_2048(NULL);
-        else if (key_bits >= 1536)
-                p = BN_get_rfc3526_prime_1536(NULL);
-        else
-                p = BN_get_rfc2409_prime_1024(NULL);
-        if (p == NULL)
-                goto err;
-        if ((g = BN_new()) == NULL)
-                goto err;
-        if (!BN_set_word(g, 2))
-                goto err;
-        if (!DH_set0_pqg(dh, p, NULL, g))
-                goto err;
-        p = NULL;
-        g = NULL;
-        if (!DH_generate_key(dh))
-                goto err;
-        ret = 1;
- err:
-        BN_free(p);
-        BN_free(g);
-        return ret;
-}
-int
-ssl_kex_params_dhe(DH *dh, CBB *cbb)
-{
-        int dh_p_len, dh_g_len;
-        CBB dh_p, dh_g;
-        uint8_t *data;
-        if ((dh_p_len = BN_num_bytes(DH_get0_p(dh))) <= 0)
-                return 0;
-        if ((dh_g_len = BN_num_bytes(DH_get0_g(dh))) <= 0)
-                return 0;
-        if (!CBB_add_u16_length_prefixed(cbb, &dh_p))
-                return 0;
-        if (!CBB_add_space(&dh_p, &data, dh_p_len))
-                return 0;
-        if (BN_bn2bin(DH_get0_p(dh), data) != dh_p_len)
-                return 0;
-        if (!CBB_add_u16_length_prefixed(cbb, &dh_g))
-                return 0;
-        if (!CBB_add_space(&dh_g, &data, dh_g_len))
-                return 0;
-        if (BN_bn2bin(DH_get0_g(dh), data) != dh_g_len)
-                return 0;
-        if (!CBB_flush(cbb))
-                return 0;
-        return 1;
-}
-int
-ssl_kex_public_dhe(DH *dh, CBB *cbb)
-{
-        uint8_t *data;
-        int dh_y_len;
-        CBB dh_y;
-        if ((dh_y_len = BN_num_bytes(DH_get0_pub_key(dh))) <= 0)
-                return 0;
-        if (!CBB_add_u16_length_prefixed(cbb, &dh_y))
-                return 0;
-        if (!CBB_add_space(&dh_y, &data, dh_y_len))
-                return 0;
-        if (BN_bn2bin(DH_get0_pub_key(dh), data) != dh_y_len)
-                return 0;
-        if (!CBB_flush(cbb))
-                return 0;
-        return 1;
-}
-int
-ssl_kex_peer_params_dhe(DH *dh, CBS *cbs, int *decode_error,
-    int *invalid_params)
-{
-        BIGNUM *p = NULL, *g = NULL;
-        CBS dh_p, dh_g;
-        int ret = 0;
-        *decode_error = 0;
-        *invalid_params = 0;
-        if (!CBS_get_u16_length_prefixed(cbs, &dh_p)) {
-                *decode_error = 1;
-                goto err;
-        }
-        if (!CBS_get_u16_length_prefixed(cbs, &dh_g)) {
-                *decode_error = 1;
-                goto err;
-        }
-        if ((p = BN_bin2bn(CBS_data(&dh_p), CBS_len(&dh_p), NULL)) == NULL)
-                goto err;
-        if ((g = BN_bin2bn(CBS_data(&dh_g), CBS_len(&dh_g), NULL)) == NULL)
-                goto err;
-        if (!DH_set0_pqg(dh, p, NULL, g))
-                goto err;
-        p = NULL;
-        g = NULL;
-        /* XXX - consider calling DH_check(). */
-        if (DH_bits(dh) < DHE_MINIMUM_BITS)
-                *invalid_params = 1;
-        ret = 1;
- err:
-        BN_free(p);
-        BN_free(g);
-        return ret;
-}
-int
-ssl_kex_peer_public_dhe(DH *dh, CBS *cbs, int *decode_error,
-    int *invalid_key)
-{
-        BIGNUM *pub_key = NULL;
-        int check_flags;
-        CBS dh_y;
-        int ret = 0;
-        *decode_error = 0;
-        *invalid_key = 0;
-        if (!CBS_get_u16_length_prefixed(cbs, &dh_y)) {
-                *decode_error = 1;
-                goto err;
-        }
-        if ((pub_key = BN_bin2bn(CBS_data(&dh_y), CBS_len(&dh_y),
-            NULL)) == NULL)
-                goto err;
-        if (!DH_set0_key(dh, pub_key, NULL))
-                goto err;
-        pub_key = NULL;
-        if (!DH_check_pub_key(dh, DH_get0_pub_key(dh), &check_flags))
-                goto err;
-        if (check_flags != 0)
-                *invalid_key = 1;
-        ret = 1;
- err:
-        BN_free(pub_key);
-        return ret;
-}
-int
-ssl_kex_derive_dhe(DH *dh, DH *dh_peer,
-    uint8_t **shared_key, size_t *shared_key_len)
-{
-        uint8_t *key = NULL;
-        int key_len = 0;
-        int ret = 0;
-        if ((key_len = DH_size(dh)) <= 0)
-                goto err;
-        if ((key = calloc(1, key_len)) == NULL)
-                goto err;
-        if ((key_len = DH_compute_key(key, DH_get0_pub_key(dh_peer), dh)) <= 0)
-                goto err;
-        *shared_key = key;
-        *shared_key_len = key_len;
-        key = NULL;
-        ret = 1;
- err:
-        freezero(key, key_len);
-        return ret;
-}
-int
-ssl_kex_dummy_ecdhe_x25519(EVP_PKEY *pkey)
-{
-        EC_GROUP *group = NULL;
-        EC_POINT *point = NULL;
-        EC_KEY *ec_key = NULL;
-        BIGNUM *order = NULL;
-        int ret = 0;
-        /* Fudge up an EC_KEY that looks like X25519... */
-        if ((group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL)
-                goto err;
-        if ((point = EC_POINT_new(group)) == NULL)
-                goto err;
-        if ((order = BN_new()) == NULL)
-                goto err;
-        if (!BN_set_bit(order, 252))
-                goto err;
-        if (!EC_GROUP_set_generator(group, point, order, NULL))
-                goto err;
-        EC_GROUP_set_curve_name(group, NID_X25519);
-        if ((ec_key = EC_KEY_new()) == NULL)
-                goto err;
-        if (!EC_KEY_set_group(ec_key, group))
-                goto err;
-        if (!EVP_PKEY_set1_EC_KEY(pkey, ec_key))
-                goto err;
-        ret = 1;
- err:
-        EC_GROUP_free(group);
-        EC_POINT_free(point);
-        EC_KEY_free(ec_key);
-        BN_free(order);
-        return ret;
-}
-int
-ssl_kex_generate_ecdhe_ecp(EC_KEY *ecdh, int nid)
-{
-        EC_GROUP *group;
-        int ret = 0;
-        if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)
-                goto err;
-        if (!EC_KEY_set_group(ecdh, group))
-                goto err;
-        if (!EC_KEY_generate_key(ecdh))
-                goto err;
-        ret = 1;
- err:
-        EC_GROUP_free(group);
-        return ret;
-}
-int
-ssl_kex_public_ecdhe_ecp(EC_KEY *ecdh, CBB *cbb)
-{
-        const EC_GROUP *group;
-        const EC_POINT *point;
-        uint8_t *ecp;
-        size_t ecp_len;
-        int ret = 0;
-        if ((group = EC_KEY_get0_group(ecdh)) == NULL)
-                goto err;
-        if ((point = EC_KEY_get0_public_key(ecdh)) == NULL)
-                goto err;
-        if ((ecp_len = EC_POINT_point2oct(group, point,
-            POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL)) == 0)
-                goto err;
-        if (!CBB_add_space(cbb, &ecp, ecp_len))
-                goto err;
-        if ((EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
-            ecp, ecp_len, NULL)) == 0)
-                goto err;
-        ret = 1;
- err:
-        return ret;
-}
-int
-ssl_kex_peer_public_ecdhe_ecp(EC_KEY *ecdh, int nid, CBS *cbs)
-{
-        EC_GROUP *group = NULL;
-        EC_POINT *point = NULL;
-        int ret = 0;
-        if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)
-                goto err;
-        if (!EC_KEY_set_group(ecdh, group))
-                goto err;
-        if ((point = EC_POINT_new(group)) == NULL)
-                goto err;
-        if (EC_POINT_oct2point(group, point, CBS_data(cbs), CBS_len(cbs),
-            NULL) == 0)
-                goto err;
-        if (!EC_KEY_set_public_key(ecdh, point))
-                goto err;
-        ret = 1;
- err:
-        EC_GROUP_free(group);
-        EC_POINT_free(point);
-        return ret;
-}
-int
-ssl_kex_derive_ecdhe_ecp(EC_KEY *ecdh, EC_KEY *ecdh_peer,
-    uint8_t **shared_key, size_t *shared_key_len)
-{
-        const EC_POINT *point;
-        uint8_t *key = NULL;
-        int key_len = 0;
-        int ret = 0;
-        if (!EC_GROUP_check(EC_KEY_get0_group(ecdh), NULL))
-                goto err;
-        if (!EC_GROUP_check(EC_KEY_get0_group(ecdh_peer), NULL))
-                goto err;
-        if ((point = EC_KEY_get0_public_key(ecdh_peer)) == NULL)
-                goto err;
-        if ((key_len = ECDH_size(ecdh)) <= 0)
-                goto err;
-        if ((key = calloc(1, key_len)) == NULL)
-                goto err;
-        if (ECDH_compute_key(key, key_len, point, ecdh, NULL) <= 0)
-                goto err;
-        *shared_key = key;
-        *shared_key_len = key_len;
-        key = NULL;
-        ret = 1;
- err:
-        freezero(key, key_len);
-        return ret;
-}

diff --git a/src/lib/libssl/ssl_kex.c b/src/lib/libssl/ssl_kex.c deleted file mode 100644 index fa420a35a3..0000000000 --- a/src/lib/libssl/ssl_kex.c +++ /dev/null
@@ -1,422 +0,0 @@
1	/* $OpenBSD: ssl_kex.c,v 1.12 2023/07/28 16:02:34 tb Exp $ */
2	/*
3	* Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
4	*
5	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above
7	* copyright notice and this permission notice appear in all copies.
8	*
9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/
17
18	#include <stdlib.h>
19
20	#include <openssl/bn.h>
21	#include <openssl/dh.h>
22	#include <openssl/ec.h>
23	#include <openssl/evp.h>
24	#include <openssl/objects.h>
25
26	#include "bytestring.h"
27
28	#define DHE_MINIMUM_BITS 1024
29
30	int
31	ssl_kex_generate_dhe(DH dh, DH dh_params)
32	{
33	BIGNUM p = NULL, g = NULL;
34	int ret = 0;
35
36	if ((p = BN_dup(DH_get0_p(dh_params))) == NULL)
37	goto err;
38	if ((g = BN_dup(DH_get0_g(dh_params))) == NULL)
39	goto err;
40
41	if (!DH_set0_pqg(dh, p, NULL, g))
42	goto err;
43	p = NULL;
44	g = NULL;
45
46	if (!DH_generate_key(dh))
47	goto err;
48
49	ret = 1;
50
51	err:
52	BN_free(p);
53	BN_free(g);
54
55	return ret;
56	}
57
58	int
59	ssl_kex_generate_dhe_params_auto(DH *dh, size_t key_bits)
60	{
61	BIGNUM p = NULL, g = NULL;
62	int ret = 0;
63
64	if (key_bits >= 8192)
65	p = BN_get_rfc3526_prime_8192(NULL);
66	else if (key_bits >= 4096)
67	p = BN_get_rfc3526_prime_4096(NULL);
68	else if (key_bits >= 3072)
69	p = BN_get_rfc3526_prime_3072(NULL);
70	else if (key_bits >= 2048)
71	p = BN_get_rfc3526_prime_2048(NULL);
72	else if (key_bits >= 1536)
73	p = BN_get_rfc3526_prime_1536(NULL);
74	else
75	p = BN_get_rfc2409_prime_1024(NULL);
76
77	if (p == NULL)
78	goto err;
79
80	if ((g = BN_new()) == NULL)
81	goto err;
82	if (!BN_set_word(g, 2))
83	goto err;
84
85	if (!DH_set0_pqg(dh, p, NULL, g))
86	goto err;
87	p = NULL;
88	g = NULL;
89
90	if (!DH_generate_key(dh))
91	goto err;
92
93	ret = 1;
94
95	err:
96	BN_free(p);
97	BN_free(g);
98
99	return ret;
100	}
101
102	int
103	ssl_kex_params_dhe(DH dh, CBB cbb)
104	{
105	int dh_p_len, dh_g_len;
106	CBB dh_p, dh_g;
107	uint8_t *data;
108
109	if ((dh_p_len = BN_num_bytes(DH_get0_p(dh))) <= 0)
110	return 0;
111	if ((dh_g_len = BN_num_bytes(DH_get0_g(dh))) <= 0)
112	return 0;
113
114	if (!CBB_add_u16_length_prefixed(cbb, &dh_p))
115	return 0;
116	if (!CBB_add_space(&dh_p, &data, dh_p_len))
117	return 0;
118	if (BN_bn2bin(DH_get0_p(dh), data) != dh_p_len)
119	return 0;
120
121	if (!CBB_add_u16_length_prefixed(cbb, &dh_g))
122	return 0;
123	if (!CBB_add_space(&dh_g, &data, dh_g_len))
124	return 0;
125	if (BN_bn2bin(DH_get0_g(dh), data) != dh_g_len)
126	return 0;
127
128	if (!CBB_flush(cbb))
129	return 0;
130
131	return 1;
132	}
133
134	int
135	ssl_kex_public_dhe(DH dh, CBB cbb)
136	{
137	uint8_t *data;
138	int dh_y_len;
139	CBB dh_y;
140
141	if ((dh_y_len = BN_num_bytes(DH_get0_pub_key(dh))) <= 0)
142	return 0;
143
144	if (!CBB_add_u16_length_prefixed(cbb, &dh_y))
145	return 0;
146	if (!CBB_add_space(&dh_y, &data, dh_y_len))
147	return 0;
148	if (BN_bn2bin(DH_get0_pub_key(dh), data) != dh_y_len)
149	return 0;
150
151	if (!CBB_flush(cbb))
152	return 0;
153
154	return 1;
155	}
156
157	int
158	ssl_kex_peer_params_dhe(DH dh, CBS cbs, int *decode_error,
159	int *invalid_params)
160	{
161	BIGNUM p = NULL, g = NULL;
162	CBS dh_p, dh_g;
163	int ret = 0;
164
165	*decode_error = 0;
166	*invalid_params = 0;
167
168	if (!CBS_get_u16_length_prefixed(cbs, &dh_p)) {
169	*decode_error = 1;
170	goto err;
171	}
172	if (!CBS_get_u16_length_prefixed(cbs, &dh_g)) {
173	*decode_error = 1;
174	goto err;
175	}
176
177	if ((p = BN_bin2bn(CBS_data(&dh_p), CBS_len(&dh_p), NULL)) == NULL)
178	goto err;
179	if ((g = BN_bin2bn(CBS_data(&dh_g), CBS_len(&dh_g), NULL)) == NULL)
180	goto err;
181
182	if (!DH_set0_pqg(dh, p, NULL, g))
183	goto err;
184	p = NULL;
185	g = NULL;
186
187	/* XXX - consider calling DH_check(). */
188
189	if (DH_bits(dh) < DHE_MINIMUM_BITS)
190	*invalid_params = 1;
191
192	ret = 1;
193
194	err:
195	BN_free(p);
196	BN_free(g);
197
198	return ret;
199	}
200
201	int
202	ssl_kex_peer_public_dhe(DH dh, CBS cbs, int *decode_error,
203	int *invalid_key)
204	{
205	BIGNUM *pub_key = NULL;
206	int check_flags;
207	CBS dh_y;
208	int ret = 0;
209
210	*decode_error = 0;
211	*invalid_key = 0;
212
213	if (!CBS_get_u16_length_prefixed(cbs, &dh_y)) {
214	*decode_error = 1;
215	goto err;
216	}
217
218	if ((pub_key = BN_bin2bn(CBS_data(&dh_y), CBS_len(&dh_y),
219	NULL)) == NULL)
220	goto err;
221
222	if (!DH_set0_key(dh, pub_key, NULL))
223	goto err;
224	pub_key = NULL;
225
226	if (!DH_check_pub_key(dh, DH_get0_pub_key(dh), &check_flags))
227	goto err;
228	if (check_flags != 0)
229	*invalid_key = 1;
230
231	ret = 1;
232
233	err:
234	BN_free(pub_key);
235
236	return ret;
237	}
238
239	int
240	ssl_kex_derive_dhe(DH dh, DH dh_peer,
241	uint8_t *shared_key, size_t shared_key_len)
242	{
243	uint8_t *key = NULL;
244	int key_len = 0;
245	int ret = 0;
246
247	if ((key_len = DH_size(dh)) <= 0)
248	goto err;
249	if ((key = calloc(1, key_len)) == NULL)
250	goto err;
251
252	if ((key_len = DH_compute_key(key, DH_get0_pub_key(dh_peer), dh)) <= 0)
253	goto err;
254
255	*shared_key = key;
256	*shared_key_len = key_len;
257	key = NULL;
258
259	ret = 1;
260
261	err:
262	freezero(key, key_len);
263
264	return ret;
265	}
266
267	int
268	ssl_kex_dummy_ecdhe_x25519(EVP_PKEY *pkey)
269	{
270	EC_GROUP *group = NULL;
271	EC_POINT *point = NULL;
272	EC_KEY *ec_key = NULL;
273	BIGNUM *order = NULL;
274	int ret = 0;
275
276	/* Fudge up an EC_KEY that looks like X25519... */
277	if ((group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL)
278	goto err;
279	if ((point = EC_POINT_new(group)) == NULL)
280	goto err;
281	if ((order = BN_new()) == NULL)
282	goto err;
283	if (!BN_set_bit(order, 252))
284	goto err;
285	if (!EC_GROUP_set_generator(group, point, order, NULL))
286	goto err;
287	EC_GROUP_set_curve_name(group, NID_X25519);
288	if ((ec_key = EC_KEY_new()) == NULL)
289	goto err;
290	if (!EC_KEY_set_group(ec_key, group))
291	goto err;
292	if (!EVP_PKEY_set1_EC_KEY(pkey, ec_key))
293	goto err;
294
295	ret = 1;
296
297	err:
298	EC_GROUP_free(group);
299	EC_POINT_free(point);
300	EC_KEY_free(ec_key);
301	BN_free(order);
302
303	return ret;
304	}
305
306	int
307	ssl_kex_generate_ecdhe_ecp(EC_KEY *ecdh, int nid)
308	{
309	EC_GROUP *group;
310	int ret = 0;
311
312	if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)
313	goto err;
314
315	if (!EC_KEY_set_group(ecdh, group))
316	goto err;
317	if (!EC_KEY_generate_key(ecdh))
318	goto err;
319
320	ret = 1;
321
322	err:
323	EC_GROUP_free(group);
324
325	return ret;
326	}
327
328	int
329	ssl_kex_public_ecdhe_ecp(EC_KEY ecdh, CBB cbb)
330	{
331	const EC_GROUP *group;
332	const EC_POINT *point;
333	uint8_t *ecp;
334	size_t ecp_len;
335	int ret = 0;
336
337	if ((group = EC_KEY_get0_group(ecdh)) == NULL)
338	goto err;
339	if ((point = EC_KEY_get0_public_key(ecdh)) == NULL)
340	goto err;
341
342	if ((ecp_len = EC_POINT_point2oct(group, point,
343	POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL)) == 0)
344	goto err;
345	if (!CBB_add_space(cbb, &ecp, ecp_len))
346	goto err;
347	if ((EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
348	ecp, ecp_len, NULL)) == 0)
349	goto err;
350
351	ret = 1;
352
353	err:
354	return ret;
355	}
356
357	int
358	ssl_kex_peer_public_ecdhe_ecp(EC_KEY ecdh, int nid, CBS cbs)
359	{
360	EC_GROUP *group = NULL;
361	EC_POINT *point = NULL;
362	int ret = 0;
363
364	if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)
365	goto err;
366
367	if (!EC_KEY_set_group(ecdh, group))
368	goto err;
369
370	if ((point = EC_POINT_new(group)) == NULL)
371	goto err;
372	if (EC_POINT_oct2point(group, point, CBS_data(cbs), CBS_len(cbs),
373	NULL) == 0)
374	goto err;
375	if (!EC_KEY_set_public_key(ecdh, point))
376	goto err;
377
378	ret = 1;
379
380	err:
381	EC_GROUP_free(group);
382	EC_POINT_free(point);
383
384	return ret;
385	}
386
387	int
388	ssl_kex_derive_ecdhe_ecp(EC_KEY ecdh, EC_KEY ecdh_peer,
389	uint8_t *shared_key, size_t shared_key_len)
390	{
391	const EC_POINT *point;
392	uint8_t *key = NULL;
393	int key_len = 0;
394	int ret = 0;
395
396	if (!EC_GROUP_check(EC_KEY_get0_group(ecdh), NULL))
397	goto err;
398	if (!EC_GROUP_check(EC_KEY_get0_group(ecdh_peer), NULL))
399	goto err;
400
401	if ((point = EC_KEY_get0_public_key(ecdh_peer)) == NULL)
402	goto err;
403
404	if ((key_len = ECDH_size(ecdh)) <= 0)
405	goto err;
406	if ((key = calloc(1, key_len)) == NULL)
407	goto err;
408
409	if (ECDH_compute_key(key, key_len, point, ecdh, NULL) <= 0)
410	goto err;
411
412	*shared_key = key;
413	*shared_key_len = key_len;
414	key = NULL;
415
416	ret = 1;
417
418	err:
419	freezero(key, key_len);
420
421	return ret;
422	}