Shift the KEM dependency in HPKE up a step.

This introduces an EVP_HPKE_KEM, to capture the KEM choice, and
EVP_HPKE_KEY, to capture the key import (and thus avoids asking
receivers to pass in the full keypair). It is a bit more wordy now, but
we'll be in a better place when some non-TLS user inevitably asks for a
P-256 version.

Bug: 410
Change-Id: Icb9cc8b028e6d1f86e6d8adb31ebf1f975181675
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47329
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

1 files changed, 4 insertions, 5 deletions

diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc
index 74997fe..10897e0 100644
--- a/ssl/handshake_server.cc
+++ b/ssl/handshake_server.cc
@@ -619,12 +619,11 @@ static enum ssl_hs_wait_t do_read_client_hello(SSL_HANDSHAKE *hs) {
     }
 
     if (hs->ech_server_config_list) {
-      for (const ECHServerConfig &ech_config :
-           hs->ech_server_config_list->configs) {
+      for (const auto &ech_config : hs->ech_server_config_list->configs) {
         hs->ech_hpke_ctx.Reset();
-        if (config_id != ech_config.config_id() ||
-            !ech_config.SetupContext(hs->ech_hpke_ctx.get(), kdf_id, aead_id,
-                                     enc)) {
+        if (config_id != ech_config->config_id() ||
+            !ech_config->SetupContext(hs->ech_hpke_ctx.get(), kdf_id, aead_id,
+                                      enc)) {
           // Ignore the error and try another ECHConfig.
           ERR_clear_error();
           continue;