RubyGems - grpc - Versions diffs - 1.53.2 → 1.54.0 - Mend

grpc 1.53.2 → 1.54.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (693) hide show

data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc CHANGED Viewed

@@ -128,125 +128,102 @@ static int xname_cmp(const X509_NAME **a, const X509_NAME **b) {
   return X509_NAME_cmp(*a, *b);
 }
-// TODO(davidben): Is there any reason this doesn't call
-// |SSL_add_file_cert_subjects_to_stack|?
-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) {
-  BIO *in;
-  X509 *x = NULL;
-  X509_NAME *xn = NULL;
-  STACK_OF(X509_NAME) *ret = NULL, *sk;
-  sk = sk_X509_NAME_new(xname_cmp);
-  in = BIO_new(BIO_s_file());
-  if (sk == NULL || in == NULL) {
-    OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
-    goto err;
-  }
-  if (!BIO_read_filename(in, file)) {
-    goto err;
-  }
+static int add_bio_cert_subjects_to_stack(STACK_OF(X509_NAME) *out, BIO *bio,
+                                          bool allow_empty) {
+  // This function historically sorted |out| after every addition and skipped
+  // duplicates. This implementation preserves that behavior, but only sorts at
+  // the end, to avoid a quadratic running time. Existing duplicates in |out|
+  // are preserved, but do not introduce new duplicates.
+  bssl::UniquePtr<STACK_OF(X509_NAME)> to_append(sk_X509_NAME_new(xname_cmp));
+  if (to_append == nullptr) {
+    return 0;
+  }
+  // Temporarily switch the comparison function for |out|.
+  struct RestoreCmpFunc {
+    ~RestoreCmpFunc() { sk_X509_NAME_set_cmp_func(stack, old_cmp); }
+    STACK_OF(X509_NAME) *stack;
+    int (*old_cmp)(const X509_NAME **, const X509_NAME **);
+  };
+  RestoreCmpFunc restore = {out, sk_X509_NAME_set_cmp_func(out, xname_cmp)};
+  sk_X509_NAME_sort(out);
+  bool first = true;
   for (;;) {
-    if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) {
-      break;
-    }
-    if (ret == NULL) {
-      ret = sk_X509_NAME_new_null();
-      if (ret == NULL) {
-        OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
-        goto err;
+    bssl::UniquePtr<X509> x509(
+        PEM_read_bio_X509(bio, nullptr, nullptr, nullptr));
+    if (x509 == nullptr) {
+      if (first && !allow_empty) {
+        return 0;
       }
+      // TODO(davidben): This ignores PEM syntax errors. It should only succeed
+      // on |PEM_R_NO_START_LINE|.
+      ERR_clear_error();
+      break;
     }
-    xn = X509_get_subject_name(x);
-    if (xn == NULL) {
-      goto err;
-    }
+    first = false;
-    // Check for duplicates.
-    sk_X509_NAME_sort(sk);
-    if (sk_X509_NAME_find(sk, NULL, xn)) {
+    X509_NAME *subject = X509_get_subject_name(x509.get());
+    // Skip if already present in |out|. Duplicates in |to_append| will be
+    // handled separately.
+    if (sk_X509_NAME_find(out, /*out_index=*/NULL, subject)) {
       continue;
     }
-    xn = X509_NAME_dup(xn);
-    if (xn == NULL ||
-        !sk_X509_NAME_push(sk /* non-owning */, xn) ||
-        !sk_X509_NAME_push(ret /* owning */, xn)) {
-      X509_NAME_free(xn);
-      goto err;
+    bssl::UniquePtr<X509_NAME> copy(X509_NAME_dup(subject));
+    if (copy == nullptr ||
+        !bssl::PushToStack(to_append.get(), std::move(copy))) {
+      return 0;
     }
   }
-  if (0) {
-  err:
-    sk_X509_NAME_pop_free(ret, X509_NAME_free);
-    ret = NULL;
+  // Append |to_append| to |stack|, skipping any duplicates.
+  sk_X509_NAME_sort(to_append.get());
+  size_t num = sk_X509_NAME_num(to_append.get());
+  for (size_t i = 0; i < num; i++) {
+    bssl::UniquePtr<X509_NAME> name(sk_X509_NAME_value(to_append.get(), i));
+    sk_X509_NAME_set(to_append.get(), i, nullptr);
+    if (i + 1 < num &&
+        X509_NAME_cmp(name.get(), sk_X509_NAME_value(to_append.get(), i + 1)) ==
+            0) {
+      continue;
+    }
+    if (!bssl::PushToStack(out, std::move(name))) {
+      return 0;
+    }
   }
-  sk_X509_NAME_free(sk);
-  BIO_free(in);
-  X509_free(x);
-  if (ret != NULL) {
-    ERR_clear_error();
-  }
-  return ret;
+  // Sort |out| one last time, to preserve the historical behavior of
+  // maintaining the sorted list.
+  sk_X509_NAME_sort(out);
+  return 1;
 }
-int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
-                                        const char *file) {
-  BIO *in;
-  X509 *x = NULL;
-  X509_NAME *xn = NULL;
-  int ret = 0;
-  int (*oldcmp)(const X509_NAME **a, const X509_NAME **b);
-  oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp);
-  in = BIO_new(BIO_s_file());
-  if (in == NULL) {
-    OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
-    goto err;
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) {
+  bssl::UniquePtr<BIO> in(BIO_new_file(file, "r"));
+  if (in == nullptr) {
+    return nullptr;
   }
-  if (!BIO_read_filename(in, file)) {
-    goto err;
+  bssl::UniquePtr<STACK_OF(X509_NAME)> ret(sk_X509_NAME_new_null());
+  if (ret == nullptr ||  //
+      !add_bio_cert_subjects_to_stack(ret.get(), in.get(),
+                                      /*allow_empty=*/false)) {
+    return nullptr;
   }
+  return ret.release();
+}
-  for (;;) {
-    if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) {
-      break;
-    }
-    xn = X509_get_subject_name(x);
-    if (xn == NULL) {
-      goto err;
-    }
-    // Check for duplicates.
-    sk_X509_NAME_sort(stack);
-    if (sk_X509_NAME_find(stack, NULL, xn)) {
-      continue;
-    }
-    xn = X509_NAME_dup(xn);
-    if (xn == NULL ||
-        !sk_X509_NAME_push(stack, xn)) {
-      X509_NAME_free(xn);
-      goto err;
-    }
+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *out,
+                                        const char *file) {
+  bssl::UniquePtr<BIO> in(BIO_new_file(file, "r"));
+  if (in == nullptr) {
+    return 0;
   }
+  return SSL_add_bio_cert_subjects_to_stack(out, in.get());
+}
-  ERR_clear_error();
-  ret = 1;
-err:
-  BIO_free(in);
-  X509_free(x);
-  (void) sk_X509_NAME_set_cmp_func(stack, oldcmp);
-  return ret;
+int SSL_add_bio_cert_subjects_to_stack(STACK_OF(X509_NAME) *out, BIO *bio) {
+  return add_bio_cert_subjects_to_stack(out, bio, /*allow_empty=*/true);
 }
 int SSL_use_certificate_file(SSL *ssl, const char *file, int type) {

data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc CHANGED Viewed

@@ -38,85 +38,76 @@ namespace {
 class ECKeyShare : public SSLKeyShare {
  public:
-  ECKeyShare(int nid, uint16_t group_id) : nid_(nid), group_id_(group_id) {}
+  ECKeyShare(int nid, uint16_t group_id)
+      : group_(EC_GROUP_new_by_curve_name(nid)), group_id_(group_id) {}
   uint16_t GroupID() const override { return group_id_; }
-  bool Offer(CBB *out) override {
+  bool Generate(CBB *out) override {
     assert(!private_key_);
-    // Set up a shared |BN_CTX| for all operations.
-    UniquePtr<BN_CTX> bn_ctx(BN_CTX_new());
-    if (!bn_ctx) {
-      return false;
-    }
-    BN_CTXScope scope(bn_ctx.get());
     // Generate a private key.
-    UniquePtr<EC_GROUP> group(EC_GROUP_new_by_curve_name(nid_));
     private_key_.reset(BN_new());
-    if (!group || !private_key_ ||
+    if (!group_ || !private_key_ ||
         !BN_rand_range_ex(private_key_.get(), 1,
-                          EC_GROUP_get0_order(group.get()))) {
+                          EC_GROUP_get0_order(group_))) {
       return false;
     }
     // Compute the corresponding public key and serialize it.
-    UniquePtr<EC_POINT> public_key(EC_POINT_new(group.get()));
+    UniquePtr<EC_POINT> public_key(EC_POINT_new(group_));
     if (!public_key ||
-        !EC_POINT_mul(group.get(), public_key.get(), private_key_.get(), NULL,
-                      NULL, bn_ctx.get()) ||
-        !EC_POINT_point2cbb(out, group.get(), public_key.get(),
-                            POINT_CONVERSION_UNCOMPRESSED, bn_ctx.get())) {
+        !EC_POINT_mul(group_, public_key.get(), private_key_.get(),
+                      nullptr, nullptr, /*ctx=*/nullptr) ||
+        !EC_POINT_point2cbb(out, group_, public_key.get(),
+                            POINT_CONVERSION_UNCOMPRESSED, /*ctx=*/nullptr)) {
       return false;
     }
     return true;
   }
-  bool Finish(Array<uint8_t> *out_secret, uint8_t *out_alert,
-              Span<const uint8_t> peer_key) override {
-    assert(private_key_);
+  bool Encap(CBB *out_ciphertext, Array<uint8_t> *out_secret,
+             uint8_t *out_alert, Span<const uint8_t> peer_key) override {
+    // ECDH may be fit into a KEM-like abstraction by using a second keypair's
+    // public key as the ciphertext.
     *out_alert = SSL_AD_INTERNAL_ERROR;
+    return Generate(out_ciphertext) && Decap(out_secret, out_alert, peer_key);
+  }
-    // Set up a shared |BN_CTX| for all operations.
-    UniquePtr<BN_CTX> bn_ctx(BN_CTX_new());
-    if (!bn_ctx) {
-      return false;
-    }
-    BN_CTXScope scope(bn_ctx.get());
-    UniquePtr<EC_GROUP> group(EC_GROUP_new_by_curve_name(nid_));
-    if (!group) {
-      return false;
-    }
+  bool Decap(Array<uint8_t> *out_secret, uint8_t *out_alert,
+             Span<const uint8_t> ciphertext) override {
+    assert(group_);
+    assert(private_key_);
+    *out_alert = SSL_AD_INTERNAL_ERROR;
-    UniquePtr<EC_POINT> peer_point(EC_POINT_new(group.get()));
-    UniquePtr<EC_POINT> result(EC_POINT_new(group.get()));
-    BIGNUM *x = BN_CTX_get(bn_ctx.get());
+    UniquePtr<EC_POINT> peer_point(EC_POINT_new(group_));
+    UniquePtr<EC_POINT> result(EC_POINT_new(group_));
+    UniquePtr<BIGNUM> x(BN_new());
     if (!peer_point || !result || !x) {
       return false;
     }
-    if (peer_key.empty() || peer_key[0] != POINT_CONVERSION_UNCOMPRESSED ||
-        !EC_POINT_oct2point(group.get(), peer_point.get(), peer_key.data(),
-                            peer_key.size(), bn_ctx.get())) {
+    if (ciphertext.empty() || ciphertext[0] != POINT_CONVERSION_UNCOMPRESSED ||
+        !EC_POINT_oct2point(group_, peer_point.get(), ciphertext.data(),
+                            ciphertext.size(), /*ctx=*/nullptr)) {
       OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECPOINT);
       *out_alert = SSL_AD_DECODE_ERROR;
       return false;
     }
     // Compute the x-coordinate of |peer_key| * |private_key_|.
-    if (!EC_POINT_mul(group.get(), result.get(), NULL, peer_point.get(),
-                      private_key_.get(), bn_ctx.get()) ||
-        !EC_POINT_get_affine_coordinates_GFp(group.get(), result.get(), x, NULL,
-                                             bn_ctx.get())) {
+    if (!EC_POINT_mul(group_, result.get(), NULL, peer_point.get(),
+                      private_key_.get(), /*ctx=*/nullptr) ||
+        !EC_POINT_get_affine_coordinates_GFp(group_, result.get(), x.get(),
+                                             NULL,
+                                             /*ctx=*/nullptr)) {
       return false;
     }
     // Encode the x-coordinate left-padded with zeros.
     Array<uint8_t> secret;
-    if (!secret.Init((EC_GROUP_get_degree(group.get()) + 7) / 8) ||
-        !BN_bn2bin_padded(secret.data(), secret.size(), x)) {
+    if (!secret.Init((EC_GROUP_get_degree(group_) + 7) / 8) ||
+        !BN_bn2bin_padded(secret.data(), secret.size(), x.get())) {
       return false;
     }
@@ -125,10 +116,10 @@ class ECKeyShare : public SSLKeyShare {
   }
   bool SerializePrivateKey(CBB *out) override {
+    assert(group_);
     assert(private_key_);
-    UniquePtr<EC_GROUP> group(EC_GROUP_new_by_curve_name(nid_));
     // Padding is added to avoid leaking the length.
-    size_t len = BN_num_bytes(EC_GROUP_get0_order(group.get()));
+    size_t len = BN_num_bytes(EC_GROUP_get0_order(group_));
     return BN_bn2cbb_padded(out, len, private_key_.get());
   }
@@ -140,7 +131,7 @@ class ECKeyShare : public SSLKeyShare {
  private:
   UniquePtr<BIGNUM> private_key_;
-  int nid_;
+  const EC_GROUP *const group_ = nullptr;
   uint16_t group_id_;
 };
@@ -150,24 +141,31 @@ class X25519KeyShare : public SSLKeyShare {
   uint16_t GroupID() const override { return SSL_CURVE_X25519; }
-  bool Offer(CBB *out) override {
+  bool Generate(CBB *out) override {
     uint8_t public_key[32];
     X25519_keypair(public_key, private_key_);
     return !!CBB_add_bytes(out, public_key, sizeof(public_key));
   }
-  bool Finish(Array<uint8_t> *out_secret, uint8_t *out_alert,
-              Span<const uint8_t> peer_key) override {
+  bool Encap(CBB *out_ciphertext, Array<uint8_t> *out_secret,
+             uint8_t *out_alert, Span<const uint8_t> peer_key) override {
+    // X25519 may be fit into a KEM-like abstraction by using a second keypair's
+    // public key as the ciphertext.
+    *out_alert = SSL_AD_INTERNAL_ERROR;
+    return Generate(out_ciphertext) && Decap(out_secret, out_alert, peer_key);
+  }
+  bool Decap(Array<uint8_t> *out_secret, uint8_t *out_alert,
+             Span<const uint8_t> ciphertext) override {
     *out_alert = SSL_AD_INTERNAL_ERROR;
     Array<uint8_t> secret;
     if (!secret.Init(32)) {
-      OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       return false;
     }
-    if (peer_key.size() != 32 ||
-        !X25519(secret.data(), private_key_, peer_key.data())) {
+    if (ciphertext.size() != 32 ||  //
+        !X25519(secret.data(), private_key_, ciphertext.data())) {
       *out_alert = SSL_AD_DECODE_ERROR;
       OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECPOINT);
       return false;
@@ -199,7 +197,7 @@ class CECPQ2KeyShare : public SSLKeyShare {
   uint16_t GroupID() const override { return SSL_CURVE_CECPQ2; }
-  bool Offer(CBB *out) override {
+  bool Generate(CBB *out) override {
     uint8_t x25519_public_key[32];
     X25519_keypair(x25519_public_key, x25519_private_key_);
@@ -223,11 +221,10 @@ class CECPQ2KeyShare : public SSLKeyShare {
     return true;
   }
-  bool Accept(CBB *out_public_key, Array<uint8_t> *out_secret,
-              uint8_t *out_alert, Span<const uint8_t> peer_key) override {
+  bool Encap(CBB *out_ciphertext, Array<uint8_t> *out_secret,
+             uint8_t *out_alert, Span<const uint8_t> peer_key) override {
     Array<uint8_t> secret;
     if (!secret.Init(32 + HRSS_KEY_BYTES)) {
-      OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       return false;
     }
@@ -249,9 +246,9 @@ class CECPQ2KeyShare : public SSLKeyShare {
     if (!HRSS_encap(ciphertext, secret.data() + 32, &peer_public_key,
                     entropy) ||
-        !CBB_add_bytes(out_public_key, x25519_public_key,
+        !CBB_add_bytes(out_ciphertext, x25519_public_key,
                        sizeof(x25519_public_key)) ||
-        !CBB_add_bytes(out_public_key, ciphertext, sizeof(ciphertext))) {
+        !CBB_add_bytes(out_ciphertext, ciphertext, sizeof(ciphertext))) {
       return false;
     }
@@ -259,25 +256,24 @@ class CECPQ2KeyShare : public SSLKeyShare {
     return true;
   }
-  bool Finish(Array<uint8_t> *out_secret, uint8_t *out_alert,
-              Span<const uint8_t> peer_key) override {
+  bool Decap(Array<uint8_t> *out_secret, uint8_t *out_alert,
+             Span<const uint8_t> ciphertext) override {
     *out_alert = SSL_AD_INTERNAL_ERROR;
     Array<uint8_t> secret;
     if (!secret.Init(32 + HRSS_KEY_BYTES)) {
-      OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       return false;
     }
-    if (peer_key.size() != 32 + HRSS_CIPHERTEXT_BYTES ||
-        !X25519(secret.data(), x25519_private_key_, peer_key.data())) {
+    if (ciphertext.size() != 32 + HRSS_CIPHERTEXT_BYTES ||
+        !X25519(secret.data(), x25519_private_key_, ciphertext.data())) {
       *out_alert = SSL_AD_DECODE_ERROR;
       OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECPOINT);
       return false;
     }
     if (!HRSS_decap(secret.data() + 32, &hrss_private_key_,
-                    peer_key.data() + 32, peer_key.size() - 32)) {
+                    ciphertext.data() + 32, ciphertext.size() - 32)) {
       return false;
     }
@@ -290,13 +286,62 @@ class CECPQ2KeyShare : public SSLKeyShare {
   HRSS_private_key hrss_private_key_;
 };
-CONSTEXPR_ARRAY NamedGroup kNamedGroups[] = {
+class X25519Kyber768KeyShare : public SSLKeyShare {
+ public:
+  X25519Kyber768KeyShare() {}
+  uint16_t GroupID() const override { return SSL_CURVE_X25519KYBER768; }
+  bool Generate(CBB *out) override {
+    // There is no implementation on Kyber in BoringSSL. BoringSSL must be
+    // patched for this KEM to be workable. It is not enabled by default.
+    return false;
+  }
+  bool Encap(CBB *out_ciphertext, Array<uint8_t> *out_secret,
+             uint8_t *out_alert, Span<const uint8_t> peer_key) override {
+    return false;
+  }
+  bool Decap(Array<uint8_t> *out_secret, uint8_t *out_alert,
+             Span<const uint8_t> ciphertext) override {
+    return false;
+  }
+};
+class P256Kyber768KeyShare : public SSLKeyShare {
+ public:
+  P256Kyber768KeyShare() {}
+  uint16_t GroupID() const override { return SSL_CURVE_P256KYBER768; }
+  bool Generate(CBB *out) override {
+    // There is no implementation on Kyber in BoringSSL. BoringSSL must be
+    // patched for this KEM to be workable. It is not enabled by default.
+    return false;
+  }
+  bool Encap(CBB *out_ciphertext, Array<uint8_t> *out_secret,
+             uint8_t *out_alert, Span<const uint8_t> peer_key) override {
+    return false;
+  }
+  bool Decap(Array<uint8_t> *out_secret, uint8_t *out_alert,
+             Span<const uint8_t> ciphertext) override {
+    return false;
+  }
+};
+constexpr NamedGroup kNamedGroups[] = {
     {NID_secp224r1, SSL_CURVE_SECP224R1, "P-224", "secp224r1"},
     {NID_X9_62_prime256v1, SSL_CURVE_SECP256R1, "P-256", "prime256v1"},
     {NID_secp384r1, SSL_CURVE_SECP384R1, "P-384", "secp384r1"},
     {NID_secp521r1, SSL_CURVE_SECP521R1, "P-521", "secp521r1"},
     {NID_X25519, SSL_CURVE_X25519, "X25519", "x25519"},
     {NID_CECPQ2, SSL_CURVE_CECPQ2, "CECPQ2", "CECPQ2"},
+    {NID_X25519Kyber768, SSL_CURVE_X25519KYBER768, "X25519KYBER",
+     "X25519Kyber"},
+    {NID_P256Kyber768, SSL_CURVE_P256KYBER768, "P256KYBER", "P256Kyber"},
 };
 }  // namespace
@@ -308,58 +353,26 @@ Span<const NamedGroup> NamedGroups() {
 UniquePtr<SSLKeyShare> SSLKeyShare::Create(uint16_t group_id) {
   switch (group_id) {
     case SSL_CURVE_SECP224R1:
-      return UniquePtr<SSLKeyShare>(
-          New<ECKeyShare>(NID_secp224r1, SSL_CURVE_SECP224R1));
+      return MakeUnique<ECKeyShare>(NID_secp224r1, SSL_CURVE_SECP224R1);
     case SSL_CURVE_SECP256R1:
-      return UniquePtr<SSLKeyShare>(
-          New<ECKeyShare>(NID_X9_62_prime256v1, SSL_CURVE_SECP256R1));
+      return MakeUnique<ECKeyShare>(NID_X9_62_prime256v1, SSL_CURVE_SECP256R1);
     case SSL_CURVE_SECP384R1:
-      return UniquePtr<SSLKeyShare>(
-          New<ECKeyShare>(NID_secp384r1, SSL_CURVE_SECP384R1));
+      return MakeUnique<ECKeyShare>(NID_secp384r1, SSL_CURVE_SECP384R1);
     case SSL_CURVE_SECP521R1:
-      return UniquePtr<SSLKeyShare>(
-          New<ECKeyShare>(NID_secp521r1, SSL_CURVE_SECP521R1));
+      return MakeUnique<ECKeyShare>(NID_secp521r1, SSL_CURVE_SECP521R1);
     case SSL_CURVE_X25519:
-      return UniquePtr<SSLKeyShare>(New<X25519KeyShare>());
+      return MakeUnique<X25519KeyShare>();
     case SSL_CURVE_CECPQ2:
-      return UniquePtr<SSLKeyShare>(New<CECPQ2KeyShare>());
+      return MakeUnique<CECPQ2KeyShare>();
+    case SSL_CURVE_X25519KYBER768:
+      return MakeUnique<X25519Kyber768KeyShare>();
+    case SSL_CURVE_P256KYBER768:
+      return MakeUnique<P256Kyber768KeyShare>();
     default:
       return nullptr;
   }
 }
-UniquePtr<SSLKeyShare> SSLKeyShare::Create(CBS *in) {
-  uint64_t group;
-  CBS private_key;
-  if (!CBS_get_asn1_uint64(in, &group) || group > 0xffff ||
-      !CBS_get_asn1(in, &private_key, CBS_ASN1_OCTETSTRING)) {
-    return nullptr;
-  }
-  UniquePtr<SSLKeyShare> key_share = Create(static_cast<uint16_t>(group));
-  if (!key_share || !key_share->DeserializePrivateKey(&private_key)) {
-    return nullptr;
-  }
-  return key_share;
-}
-bool SSLKeyShare::Serialize(CBB *out) {
-  CBB private_key;
-  if (!CBB_add_asn1_uint64(out, GroupID()) ||
-      !CBB_add_asn1(out, &private_key, CBS_ASN1_OCTETSTRING) ||
-      !SerializePrivateKey(&private_key) ||  //
-      !CBB_flush(out)) {
-    return false;
-  }
-  return true;
-}
-bool SSLKeyShare::Accept(CBB *out_public_key, Array<uint8_t> *out_secret,
-                         uint8_t *out_alert, Span<const uint8_t> peer_key) {
-  *out_alert = SSL_AD_INTERNAL_ERROR;
-  return Offer(out_public_key) &&
-         Finish(out_secret, out_alert, peer_key);
-}
 bool ssl_nid_to_group_id(uint16_t *out_group_id, int nid) {
   for (const auto &group : kNamedGroups) {
     if (group.nid == nid) {