--- a/lib/nss/nss.h
+++ b/lib/nss/nss.h
@@ -3,42 +3,31 @@
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef __nss_h_
#define __nss_h_
-/* The private macro _NSS_ECC_STRING is for NSS internal use only. */
-#ifndef NSS_DISABLE_ECC
-#ifdef NSS_ECC_MORE_THAN_SUITE_B
-#define _NSS_ECC_STRING " Extended ECC"
-#else
-#define _NSS_ECC_STRING " Basic ECC"
-#endif
-#else
-#define _NSS_ECC_STRING ""
-#endif
-
/* The private macro _NSS_CUSTOMIZED is for NSS internal use only. */
#if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL)
#define _NSS_CUSTOMIZED " (Customized build)"
#else
#define _NSS_CUSTOMIZED
#endif
/*
* NSS's major version, minor version, patch level, build number, and whether
* this is a beta release.
*
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define NSS_VERSION "3.25" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
+#define NSS_VERSION "3.25" _NSS_CUSTOMIZED " Beta"
#define NSS_VMAJOR 3
#define NSS_VMINOR 25
#define NSS_VPATCH 0
#define NSS_VBUILD 0
#define NSS_BETA PR_TRUE
#ifndef RC_INVOKED
--- a/lib/ssl/derive.c
+++ b/lib/ssl/derive.c
@@ -616,19 +616,17 @@ SSL_CanBypass(CERTCertificate *cert, SEC
CK_MECHANISM_TYPE mechanism_array[2];
SECItem enc_pms = { siBuffer, NULL, 0 };
PRBool isTLS = PR_FALSE;
SSLCipherSuiteInfo csdef;
PRBool testrsa = PR_FALSE;
PRBool testrsa_export = PR_FALSE;
PRBool testecdh = PR_FALSE;
PRBool testecdhe = PR_FALSE;
-#ifndef NSS_DISABLE_ECC
SECKEYECParams ecParams = { siBuffer, NULL, 0 };
-#endif
if (!cert || !srvPrivkey || !ciphersuites || !pcanbypass) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
srvPubkey = CERT_ExtractPublicKey(cert);
if (!srvPubkey)
@@ -753,17 +751,16 @@ SSL_CanBypass(CERTCertificate *cert, SEC
}
/* Check for NULL to avoid double free.
* SECItem_FreeItem sets data NULL in secitem.c#265
*/
if (enc_pms.data != NULL) {
SECITEM_FreeItem(&enc_pms, PR_FALSE);
}
-#ifndef NSS_DISABLE_ECC
for (; (privKeytype == ecKey && (testecdh || testecdhe)) ||
(privKeytype == rsaKey && testecdhe);) {
CK_MECHANISM_TYPE target;
SECKEYPublicKey *keapub = NULL;
SECKEYPrivateKey *keapriv;
SECKEYPublicKey *cpub = NULL; /* client's ephemeral ECDH keys */
SECKEYPrivateKey *cpriv = NULL;
SECKEYECParams *pecParams = NULL;
@@ -857,17 +854,16 @@ SSL_CanBypass(CERTCertificate *cert, SEC
goto done;
break;
}
/* Check for NULL to avoid double free. */
if (ecParams.data != NULL) {
PORT_Free(ecParams.data);
ecParams.data = NULL;
}
-#endif /* NSS_DISABLE_ECC */
if (pms)
PK11_FreeSymKey(pms);
}
/* *pcanbypass has been set */
rv = SECSuccess;
done:
@@ -875,22 +871,20 @@ done:
PK11_FreeSymKey(pms);
/* Check for NULL to avoid double free.
* SECItem_FreeItem sets data NULL in secitem.c#265
*/
if (enc_pms.data != NULL) {
SECITEM_FreeItem(&enc_pms, PR_FALSE);
}
-#ifndef NSS_DISABLE_ECC
if (ecParams.data != NULL) {
PORT_Free(ecParams.data);
ecParams.data = NULL;
}
-#endif /* NSS_DISABLE_ECC */
if (srvPubkey) {
SECKEY_DestroyPublicKey(srvPubkey);
srvPubkey = NULL;
}
return rv;
#endif /* NO_PKCS11_BYPASS */
--- a/lib/ssl/dtlscon.c
+++ b/lib/ssl/dtlscon.c
@@ -27,25 +27,21 @@ static const PRUint16 COMMON_MTU_VALUES[
576 - 28, /* Common assumption */
256 - 28 /* We're in serious trouble now */
};
#define DTLS_COOKIE_BYTES 32
/* List copied from ssl3con.c:cipherSuites */
static const ssl3CipherSuite nonDTLSSuites[] = {
-#ifndef NSS_DISABLE_ECC
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-#endif /* NSS_DISABLE_ECC */
TLS_DHE_DSS_WITH_RC4_128_SHA,
-#ifndef NSS_DISABLE_ECC
TLS_ECDH_RSA_WITH_RC4_128_SHA,
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
-#endif /* NSS_DISABLE_ECC */
TLS_RSA_WITH_RC4_128_MD5,
TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
TLS_RSA_EXPORT_WITH_RC4_40_MD5,
0 /* End of list marker */
};
/* Map back and forth between TLS and DTLS versions in wire format.
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -91,17 +91,16 @@ static SECStatus ssl3_AESGCMBypass(ssl3K
*
* Important: See bug 946147 before enabling, reordering, or adding any cipher
* suites to this list.
*/
/* clang-format off */
static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
/* cipher_suite policy enabled isPresent */
-#ifndef NSS_DISABLE_ECC
/* ECDHE-PSK from [draft-mattsson-tls-ecdhe-psk-aead]. Only enabled if
* we are doing TLS 1.3 PSK-resumption.
*/
{ TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
@@ -117,17 +116,16 @@ static ssl3CipherSuiteCfg cipherSuites[s
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-#endif /* NSS_DISABLE_ECC */
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
@@ -140,26 +138,24 @@ static ssl3CipherSuiteCfg cipherSuites[s
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-#ifndef NSS_DISABLE_ECC
{ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-#endif /* NSS_DISABLE_ECC */
/* RSA */
{ TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
@@ -181,39 +177,35 @@ static ssl3CipherSuiteCfg cipherSuites[s
{ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
/* export ciphersuites with 512-bit public key exchange keys */
{ TLS_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
/* ciphersuites with no encryption */
-#ifndef NSS_DISABLE_ECC
{ TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
-#endif /* NSS_DISABLE_ECC */
{ TLS_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
};
/* clang-format on */
static const SSLSignatureAndHashAlg defaultSignatureAlgorithms[] = {
{ ssl_hash_sha256, ssl_sign_rsa },
{ ssl_hash_sha384, ssl_sign_rsa },
{ ssl_hash_sha512, ssl_sign_rsa },
{ ssl_hash_sha1, ssl_sign_rsa },
-#ifndef NSS_DISABLE_ECC
{ ssl_hash_sha256, ssl_sign_ecdsa },
{ ssl_hash_sha384, ssl_sign_ecdsa },
{ ssl_hash_sha512, ssl_sign_ecdsa },
{ ssl_hash_sha1, ssl_sign_ecdsa },
-#endif
{ ssl_hash_sha384, ssl_sign_dsa },
{ ssl_hash_sha256, ssl_sign_dsa },
{ ssl_hash_sha1, ssl_sign_dsa }
};
PR_STATIC_ASSERT(PR_ARRAY_SIZE(defaultSignatureAlgorithms) <=
MAX_SIGNATURE_ALGORITHMS);
/* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order.
@@ -263,19 +255,17 @@ compressionEnabled(sslSocket *ss, SSLCom
#endif
default:
return PR_FALSE;
}
}
static const /*SSL3ClientCertificateType */ PRUint8 certificate_types[] = {
ct_RSA_sign,
-#ifndef NSS_DISABLE_ECC
ct_ECDSA_sign,
-#endif /* NSS_DISABLE_ECC */
ct_DSS_sign,
};
#define EXPORT_RSA_KEY_LENGTH 64 /* bytes */
/* This global item is used only in servers. It is is initialized by
** SSL_ConfigSecureServer(), and is used in ssl3_SendCertificateRequest().
*/
@@ -327,24 +317,22 @@ static const ssl3KEADef kea_defs[] =
{kea_dh_rsa_export, ssl_kea_dh, ssl_sign_rsa, ssl_auth_rsa_sign, PR_TRUE, 512, PR_FALSE, PR_FALSE, SEC_OID_TLS_DH_RSA_EXPORT},
{kea_dhe_dss, ssl_kea_dh, ssl_sign_dsa, ssl_auth_dsa, PR_FALSE, 0, PR_FALSE, PR_TRUE, SEC_OID_TLS_DHE_DSS},
{kea_dhe_dss_export, ssl_kea_dh, ssl_sign_dsa, ssl_auth_dsa, PR_TRUE, 512, PR_FALSE, PR_TRUE, SEC_OID_TLS_DHE_DSS_EXPORT},
{kea_dhe_rsa, ssl_kea_dh, ssl_sign_rsa, ssl_auth_rsa_sign, PR_FALSE, 0, PR_FALSE, PR_TRUE, SEC_OID_TLS_DHE_RSA},
{kea_dhe_rsa_export, ssl_kea_dh, ssl_sign_rsa, ssl_auth_rsa_sign, PR_TRUE, 512, PR_FALSE, PR_TRUE, SEC_OID_TLS_DHE_RSA_EXPORT},
{kea_dh_anon, ssl_kea_dh, ssl_sign_null, ssl_auth_null, PR_FALSE, 0, PR_FALSE, PR_TRUE, SEC_OID_TLS_DH_ANON},
{kea_dh_anon_export, ssl_kea_dh, ssl_sign_null, ssl_auth_null, PR_TRUE, 512, PR_FALSE, PR_TRUE, SEC_OID_TLS_DH_ANON_EXPORT},
{kea_rsa_fips, ssl_kea_rsa, ssl_sign_rsa, ssl_auth_rsa_decrypt, PR_FALSE, 0, PR_TRUE, PR_FALSE, SEC_OID_TLS_RSA},
-#ifndef NSS_DISABLE_ECC
{kea_ecdh_ecdsa, ssl_kea_ecdh, ssl_sign_null, ssl_auth_ecdh_ecdsa, PR_FALSE, 0, PR_FALSE, PR_FALSE, SEC_OID_TLS_ECDH_ECDSA},
{kea_ecdhe_ecdsa, ssl_kea_ecdh, ssl_sign_ecdsa, ssl_auth_ecdsa, PR_FALSE, 0, PR_FALSE, PR_TRUE, SEC_OID_TLS_ECDHE_ECDSA},
{kea_ecdh_rsa, ssl_kea_ecdh, ssl_sign_null, ssl_auth_ecdh_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE, SEC_OID_TLS_ECDH_RSA},
{kea_ecdhe_rsa, ssl_kea_ecdh, ssl_sign_rsa, ssl_auth_rsa_sign, PR_FALSE, 0, PR_FALSE, PR_TRUE, SEC_OID_TLS_ECDHE_RSA},
{kea_ecdh_anon, ssl_kea_ecdh, ssl_sign_null, ssl_auth_null, PR_FALSE, 0, PR_FALSE, PR_TRUE, SEC_OID_TLS_ECDH_ANON},
{kea_ecdhe_psk, ssl_kea_ecdh_psk, ssl_sign_null, ssl_auth_psk, PR_FALSE, 0, PR_FALSE, PR_TRUE, SEC_OID_TLS_ECDHE_PSK}
-#endif /* NSS_DISABLE_ECC */
};
/* must use ssl_LookupCipherSuiteDef to access */
static const ssl3CipherSuiteDef cipher_suite_defs[] =
{
/* cipher_suite bulk_cipher_alg mac_alg key_exchange_alg prf_hash_alg */
/* Note that the prf_hash_alg is the hash function used by the PRF, see sslimpl.h. */
@@ -434,33 +422,30 @@ static const ssl3CipherSuiteDef cipher_s
cipher_rc4_56, mac_sha,kea_rsa_export_1024, ssl_hash_none},
{SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa_fips, ssl_hash_none},
{SSL_RSA_FIPS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa_fips, ssl_hash_none},
{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa, ssl_hash_sha256},
{TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa, ssl_hash_sha256},
-#ifndef NSS_DISABLE_ECC
{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa, ssl_hash_sha256},
{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha256},
{TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha384},
{TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_rsa, ssl_hash_sha384},
{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_ecdsa, ssl_hash_sha384},
{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_rsa, ssl_hash_sha384},
-#endif /* NSS_DISABLE_ECC */
{TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss, ssl_hash_sha256},
{TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss, ssl_hash_sha256},
{TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss, ssl_hash_sha256},
{TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_dss, ssl_hash_sha384},
{TLS_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_rsa, ssl_hash_sha384},
{TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_dhe_rsa, ssl_hash_sha256},
-#ifndef NSS_DISABLE_ECC
{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_rsa, ssl_hash_sha256},
{TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha256},
{TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa, ssl_hash_none},
{TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa, ssl_hash_none},
{TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa, ssl_hash_none},
{TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_ecdsa, ssl_hash_none},
{TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_ecdsa, ssl_hash_none},
@@ -480,25 +465,17 @@ static const ssl3CipherSuiteDef cipher_s
{TLS_ECDHE_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_rsa, ssl_hash_none},
{TLS_ECDHE_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_rsa, ssl_hash_none},
{TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_rsa, ssl_hash_none},
{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_rsa, ssl_hash_none},
{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_rsa, ssl_hash_sha256},
{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_rsa, ssl_hash_none},
-#if 0
- {TLS_ECDH_anon_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_anon, ssl_hash_none},
- {TLS_ECDH_anon_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_anon, ssl_hash_none},
- {TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_anon, ssl_hash_none},
- {TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon, ssl_hash_none},
- {TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon, ssl_hash_none},
-#endif
{TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_psk, ssl_hash_sha256},
-#endif /* NSS_DISABLE_ECC */
};
/* clang-format on */
static const CK_MECHANISM_TYPE auth_alg_defs[] = {
CKM_INVALID_MECHANISM, /* ssl_auth_null */
CKM_RSA_PKCS, /* ssl_auth_rsa_decrypt */
CKM_DSA, /* ? _SHA1 */ /* ssl_auth_dsa */
CKM_INVALID_MECHANISM, /* ssl_auth_kea (unused) */
@@ -588,17 +565,16 @@ const char *const ssl3_cipherName[] = {
"missing"
};
const PRUint8 tls13_downgrade_random[] = { 0x44, 0x4F, 0x57, 0x4E,
0x47, 0x52, 0x44, 0x01 };
const PRUint8 tls12_downgrade_random[] = { 0x44, 0x4F, 0x57, 0x4E,
0x47, 0x52, 0x44, 0x00 };
-#ifndef NSS_DISABLE_ECC
/* The ECCWrappedKeyInfo structure defines how various pieces of
* information are laid out within wrappedSymmetricWrappingkey
* for ECDH key exchange. Since wrappedSymmetricWrappingkey is
* a 512-byte buffer (see sslimpl.h), the variable length field
* in ECCWrappedKeyInfo can be at most (512 - 8) = 504 bytes.
*
* XXX For now, NSS only supports named elliptic curves of size 571 bits
* or smaller. The public value will fit within 145 bytes and EC params
@@ -610,17 +586,16 @@ const PRUint8 tls12_downgrade_random[] =
typedef struct ECCWrappedKeyInfoStr {
PRUint16 size; /* EC public key size in bits */
PRUint16 encodedParamLen; /* length (in bytes) of DER encoded EC params */
PRUint16 pubValueLen; /* length (in bytes) of EC public value */
PRUint16 wrappedKeyLen; /* length (in bytes) of the wrapped key */
PRUint8 var[MAX_EC_WRAPPED_KEY_BUFLEN]; /* this buffer contains the */
/* EC public-key params, the EC public value and the wrapped key */
} ECCWrappedKeyInfo;
-#endif /* NSS_DISABLE_ECC */
CK_MECHANISM_TYPE
ssl3_Alg2Mech(SSLCipherAlgorithm calg)
{
PORT_Assert(alg2Mech[calg].calg == calg);
return alg2Mech[calg].cmech;
}
@@ -1123,30 +1098,28 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEY
if (hash->hashAlg == ssl_hash_none) {
hashItem.data = hash->u.s.sha;
hashItem.len = sizeof(hash->u.s.sha);
} else {
hashItem.data = hash->u.raw;
hashItem.len = hash->len;
}
break;
-#ifndef NSS_DISABLE_ECC
case ecKey:
doDerEncode = PR_TRUE;
/* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
* In that case, we use just the SHA1 part. */
if (hash->hashAlg == ssl_hash_none) {
hashItem.data = hash->u.s.sha;
hashItem.len = sizeof(hash->u.s.sha);
} else {
hashItem.data = hash->u.raw;
hashItem.len = hash->len;
}
break;
-#endif /* NSS_DISABLE_ECC */
default:
PORT_SetError(SEC_ERROR_INVALID_KEY);
goto done;
}
PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len));
if (hash->hashAlg == ssl_hash_none) {
signatureLen = PK11_SignatureLen(key);
@@ -1234,17 +1207,16 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash
if (!signature) {
PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
return SECFailure;
}
buf = signature;
}
break;
-#ifndef NSS_DISABLE_ECC
case ecKey:
encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
/* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
* In that case, we use just the SHA1 part.
* ECDSA signatures always encode the integers r and s using ASN.1
* (unlike DSA where ASN.1 encoding is used with TLS but not with
* SSL3). So we can use VFY_VerifyDigestDirect for ECDSA.
*/
@@ -1252,17 +1224,16 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash
hashAlg = SEC_OID_SHA1;
hashItem.data = hash->u.s.sha;
hashItem.len = sizeof(hash->u.s.sha);
} else {
hashItem.data = hash->u.raw;
hashItem.len = hash->len;
}
break;
-#endif /* NSS_DISABLE_ECC */
default:
SECKEY_DestroyPublicKey(key);
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
return SECFailure;
}
PRINT_BUF(60, (NULL, "hash(es) to be verified",
@@ -5022,19 +4993,17 @@ ssl3_IsSupportedSignatureAlgorithm(const
ssl_hash_sha1,
ssl_hash_sha256,
ssl_hash_sha384,
ssl_hash_sha512
};
static const SSLSignType supportedSigAlgs[] = {
ssl_sign_rsa,
-#ifndef NSS_DISABLE_ECC
ssl_sign_ecdsa,
-#endif
ssl_sign_dsa
};
unsigned int i;
PRBool hashOK = PR_FALSE;
PRBool signOK = PR_FALSE;
for (i = 0; i < PR_ARRAY_SIZE(supportedHashes); ++i) {
@@ -5699,22 +5668,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
return SECFailure;
}
total_exten_len += extLen;
if (total_exten_len > 0)
total_exten_len += 2;
}
-#ifndef NSS_DISABLE_ECC
if (!total_exten_len || !isTLS) {
/* not sending the elliptic_curves and ec_point_formats extensions */
ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
}
-#endif /* NSS_DISABLE_ECC */
if (IS_DTLS(ss)) {
ssl3_DisableNonDTLSSuites(ss);
}
/* how many suites are permitted by policy and user preference? */
num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);
if (!num_suites) {
@@ -6067,21 +6034,19 @@ ssl_UnwrapSymWrappingKey(
SSLWrappedSymWrappingKey *pWswk,
SECKEYPrivateKey *svrPrivKey,
SSLAuthType authType,
CK_MECHANISM_TYPE masterWrapMech,
void *pwArg)
{
PK11SymKey *unwrappedWrappingKey = NULL;
SECItem wrappedKey;
-#ifndef NSS_DISABLE_ECC
PK11SymKey *Ks;
SECKEYPublicKey pubWrapKey;
ECCWrappedKeyInfo *ecWrapped;
-#endif /* NSS_DISABLE_ECC */
/* found the wrapping key on disk. */
PORT_Assert(pWswk->symWrapMechanism == masterWrapMech);
PORT_Assert(pWswk->authType == authType);
if (pWswk->symWrapMechanism != masterWrapMech ||
pWswk->authType != authType) {
goto loser;
}
@@ -6094,17 +6059,16 @@ ssl_UnwrapSymWrappingKey(
case ssl_auth_rsa_decrypt:
case ssl_auth_rsa_sign: /* bad: see Bug 1248320 */
unwrappedWrappingKey =
PK11_PubUnwrapSymKey(svrPrivKey, &wrappedKey,
masterWrapMech, CKA_UNWRAP, 0);
break;
-#ifndef NSS_DISABLE_ECC
case ssl_auth_ecdsa:
case ssl_auth_ecdh_rsa:
case ssl_auth_ecdh_ecdsa:
/*
* For ssl_auth_ecd*, we first create an EC public key based on
* data stored with the wrappedSymmetricWrappingkey. Next,
* we do an ECDH computation involving this public key and
* the SSL server's (long-term) EC private key. The resulting
@@ -6149,17 +6113,16 @@ ssl_UnwrapSymWrappingKey(
/* Use Ks to unwrap the wrapping key */
unwrappedWrappingKey = PK11_UnwrapSymKey(Ks, masterWrapMech, NULL,
&wrappedKey, masterWrapMech,
CKA_UNWRAP, 0);
PK11_FreeSymKey(Ks);
break;
-#endif
default:
/* Assert? */
SET_ERROR_CODE
goto loser;
}
loser:
return unwrappedWrappingKey;
@@ -6244,22 +6207,20 @@ ssl3_GetWrappingKey(sslSocket *ss,
PK11SymKey *unwrappedWrappingKey = NULL;
PK11SymKey **pSymWrapKey;
CK_MECHANISM_TYPE asymWrapMechanism = CKM_INVALID_MECHANISM;
int length;
int symWrapMechIndex;
SECStatus rv;
SECItem wrappedKey;
SSLWrappedSymWrappingKey wswk;
-#ifndef NSS_DISABLE_ECC
PK11SymKey *Ks = NULL;
SECKEYPublicKey *pubWrapKey = NULL;
SECKEYPrivateKey *privWrapKey = NULL;
ECCWrappedKeyInfo *ecWrapped;
-#endif /* NSS_DISABLE_ECC */
PORT_Assert(serverCert);
PORT_Assert(serverCert->serverKeyPair);
PORT_Assert(serverCert->serverKeyPair->privKey);
PORT_Assert(serverCert->serverKeyPair->pubKey);
if (!serverCert || !serverCert->serverKeyPair ||
!serverCert->serverKeyPair->privKey ||
!serverCert->serverKeyPair->pubKey) {
@@ -6334,17 +6295,16 @@ ssl3_GetWrappingKey(sslSocket *ss,
switch (authType) {
case ssl_auth_rsa_decrypt:
case ssl_auth_rsa_sign: /* bad: see Bug 1248320 */
asymWrapMechanism = CKM_RSA_PKCS;
rv = PK11_PubWrapSymKey(asymWrapMechanism, svrPubKey,
unwrappedWrappingKey, &wrappedKey);
break;
-#ifndef NSS_DISABLE_ECC
case ssl_auth_ecdsa:
case ssl_auth_ecdh_rsa:
case ssl_auth_ecdh_ecdsa:
/*
* We generate an ephemeral EC key pair. Perform an ECDH
* computation involving this ephemeral EC public key and
* the SSL server's (long-term) EC private key. The resulting
* shared secret is treated in the same way as Fortezza's Ks,
@@ -6427,17 +6387,16 @@ ssl3_GetWrappingKey(sslSocket *ss,
if (privWrapKey)
SECKEY_DestroyPrivateKey(privWrapKey);
if (pubWrapKey)
SECKEY_DestroyPublicKey(pubWrapKey);
if (Ks)
PK11_FreeSymKey(Ks);
asymWrapMechanism = masterWrapMech;
break;
-#endif /* NSS_DISABLE_ECC */
default:
rv = SECFailure;
break;
}
if (rv != SECSuccess) {
ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
@@ -6747,21 +6706,19 @@ ssl3_SendClientKeyExchange(sslSocket *ss
case ssl_kea_rsa:
rv = sendRSAClientKeyExchange(ss, serverKey);
break;
case ssl_kea_dh:
rv = sendDHClientKeyExchange(ss, serverKey);
break;
-#ifndef NSS_DISABLE_ECC
case ssl_kea_ecdh:
rv = ssl3_SendECDHClientKeyExchange(ss, serverKey);
break;
-#endif /* NSS_DISABLE_ECC */
default:
/* got an unknown or unsupported Key Exchange Algorithm. */
SEND_ALERT
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
break;
}
@@ -7625,21 +7582,19 @@ ssl3_HandleServerKeyExchange(sslSocket *
SECITEM_CopyItem(arena, &peerKey->u.dh.publicValue, &dh_Ys)) {
goto no_memory;
}
ss->sec.peerKey = peerKey;
ss->ssl3.hs.ws = wait_cert_request;
return SECSuccess;
}
-#ifndef NSS_DISABLE_ECC
case ssl_kea_ecdh:
rv = ssl3_HandleECDHServerKeyExchange(ss, b, length);
return rv;
-#endif /* NSS_DISABLE_ECC */
default:
desc = handshake_failure;
errCode = SEC_ERROR_UNSUPPORTED_KEYALG;
break; /* goto alert_loser; */
}
alert_loser:
@@ -8685,25 +8640,23 @@ ssl3_SelectServerCert(sslSocket *ss)
* based on what order they are configured in. */
for (cursor = PR_NEXT_LINK(&ss->serverCerts);
cursor != &ss->serverCerts;
cursor = PR_NEXT_LINK(cursor)) {
sslServerCert *cert = (sslServerCert *)cursor;
if (cert->certType.authType != kea_def->authKeyType) {
continue;
}
-#ifndef NSS_DISABLE_ECC
if ((cert->certType.authType == ssl_auth_ecdsa ||
cert->certType.authType == ssl_auth_ecdh_rsa ||
cert->certType.authType == ssl_auth_ecdh_ecdsa) &&
!SSL_IS_CURVE_NEGOTIATED(ss->ssl3.hs.negotiatedECCurves,
cert->certType.u.namedCurve)) {
continue;
}
-#endif
/* Found one. */
ss->sec.serverCert = cert;
ss->sec.authType = cert->certType.authType;
ss->sec.authKeyBits = cert->serverKeyBits;
return SECSuccess;
}
@@ -9052,20 +9005,18 @@ ssl3_HandleClientHello(sslSocket *ss, SS
SSL_AtomicIncrementLong(&ssl3stats.hch_sid_cache_not_ok);
if (ss->sec.uncache)
ss->sec.uncache(sid);
ssl_FreeSID(sid);
sid = NULL;
}
}
-#ifndef NSS_DISABLE_ECC
/* Disable any ECC cipher suites for which we have no cert. */
ssl3_FilterECCipherSuitesByServerCerts(ss);
-#endif
if (IS_DTLS(ss)) {
ssl3_DisableNonDTLSSuites(ss);
}
#ifdef PARANOID
/* Look for a matching cipher suite. */
j = ssl3_config_match_init(ss);
@@ -9606,20 +9557,18 @@ ssl3_HandleV2ClientHello(sslSocket *ss,
PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
PORT_Memcpy(
&ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - rand_length],
random, rand_length);
PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0],
SSL3_RANDOM_LENGTH));
-#ifndef NSS_DISABLE_ECC
/* Disable any ECC cipher suites for which we have no cert. */
ssl3_FilterECCipherSuitesByServerCerts(ss);
-#endif
i = ssl3_config_match_init(ss);
if (i <= 0) {
errCode = PORT_GetError(); /* error code is already set. */
goto alert_loser;
}
/* Select a cipher suite.
**
@@ -10148,22 +10097,20 @@ ssl3_SendServerKeyExchange(sslSocket *ss
PORT_Free(signed_hash.data);
return SECSuccess;
case ssl_kea_dh: {
rv = ssl3_SendDHServerKeyExchange(ss);
return rv;
}
-#ifndef NSS_DISABLE_ECC
case ssl_kea_ecdh: {
rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash);
return rv;
}
-#endif /* NSS_DISABLE_ECC */
case ssl_kea_null:
default:
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
break;
}
loser:
if (signed_hash.data != NULL)
@@ -10793,26 +10740,24 @@ ssl3_HandleClientKeyExchange(sslSocket *
if (kea_def->ephemeral) {
if (kea_def->exchKeyType == ssl_kea_dh && ss->dheKeyPair) {
serverKeyPair = ss->dheKeyPair;
if (serverKeyPair->pubKey) {
ss->sec.keaKeyBits =
SECKEY_PublicKeyStrengthInBits(serverKeyPair->pubKey);
}
}
-#ifndef NSS_DISABLE_ECC
else if (kea_def->exchKeyType == ssl_kea_ecdh &&
ss->ephemeralECDHKeyPair) {
serverKeyPair = ss->ephemeralECDHKeyPair;
if (serverKeyPair->pubKey) {
ss->sec.keaKeyBits =
SECKEY_PublicKeyStrengthInBits(serverKeyPair->pubKey);
}
}
-#endif
} else {
serverKeyPair = ss->sec.serverCert->serverKeyPair;
ss->sec.keaKeyBits = ss->sec.serverCert->serverKeyBits;
}
if (serverKeyPair) {
serverKey = serverKeyPair->privKey;
}
@@ -10845,17 +10790,16 @@ ssl3_HandleClientKeyExchange(sslSocket *
rv = ssl3_HandleDHClientKeyExchange(ss, b, length,
serverPubKey, serverKey);
if (rv != SECSuccess) {
SSL3_SendAlert(ss, alert_fatal, handshake_failure);
return SECFailure; /* error code set */
}
break;
-#ifndef NSS_DISABLE_ECC
case ssl_kea_ecdh:
if (serverKeyPair) {
serverPubKey = serverKeyPair->pubKey;
}
if (serverPubKey == NULL) {
/* XXX Is this the right error code? */
PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
return SECFailure;
@@ -10865,17 +10809,16 @@ ssl3_HandleClientKeyExchange(sslSocket *
if (ss->ephemeralECDHKeyPair) {
ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
ss->ephemeralECDHKeyPair = NULL;
}
if (rv != SECSuccess) {
return SECFailure; /* error code set */
}
break;
-#endif /* NSS_DISABLE_ECC */
default:
(void)ssl3_HandshakeFailure(ss);
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
return SECFailure;
}
ss->ssl3.hs.ws = ss->sec.peerCert ? wait_cert_verify : wait_change_cipher;
return SECSuccess;
@@ -12223,19 +12166,17 @@ ssl3_FillInCachedSID(sslSocket *ss, sslS
{
SECStatus rv;
/* fill in the sid */
sid->u.ssl3.cipherSuite =
ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 ? ss->ssl3.hs.origCipherSuite : ss->ssl3.hs.cipher_suite;
sid->u.ssl3.compression = ss->ssl3.hs.compression;
sid->u.ssl3.policy = ss->ssl3.policy;
-#ifndef NSS_DISABLE_ECC
sid->u.ssl3.negotiatedECCurves = ss->ssl3.hs.negotiatedECCurves;
-#endif
sid->version = ss->version;
sid->authType = ss->sec.authType;
sid->authKeyBits = ss->sec.authKeyBits;
sid->keaType = ss->sec.keaType;
sid->keaKeyBits = ss->sec.keaKeyBits;
sid->lastAccessTime = sid->creationTime = ssl_Time();
sid->expirationTime = sid->creationTime + ssl3_sid_timeout;
sid->localCert = CERT_DupCertificate(ss->sec.localCert);
@@ -13426,19 +13367,17 @@ ssl3_InitState(sslSocket *ss)
ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1];
ssl3_InitCipherSpec(ss->ssl3.crSpec);
ssl3_InitCipherSpec(ss->ssl3.prSpec);
ss->ssl3.crSpec->version = ss->ssl3.prSpec->version = ss->vrange.max;
ss->ssl3.hs.sendingSCSV = PR_FALSE;
ss->ssl3.hs.preliminaryInfo = 0;
ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello;
-#ifndef NSS_DISABLE_ECC
ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss);
-#endif
ssl_ReleaseSpecWriteLock(ss);
PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData));
if (IS_DTLS(ss)) {
ss->ssl3.hs.sendMessageSeq = 0;
ss->ssl3.hs.recvMessageSeq = 0;
ss->ssl3.hs.rtTimeoutMs = DTLS_RETRANSMIT_INITIAL_MS;
--- a/lib/ssl/ssl3ecc.c
+++ b/lib/ssl/ssl3ecc.c
@@ -26,18 +26,16 @@
#include "prthread.h"
#include "prinit.h"
#include "pk11func.h"
#include "secmod.h"
#include <stdio.h>
-#ifndef NSS_DISABLE_ECC
-
#ifndef PK11_SETATTRS
#define PK11_SETATTRS(x, id, v, l) \
(x)->type = (id); \
(x)->pValue = (v); \
(x)->ulValueLen = (l);
#endif
static SECStatus ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve);
@@ -1454,10 +1452,8 @@ ssl3_HandleSupportedCurvesXtn(sslSocket
if (!foundECDH_ECDSA) {
ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
}
if (!foundECDSA) {
ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
}
return SECSuccess;
}
-
-#endif /* NSS_DISABLE_ECC */
--- a/lib/ssl/ssl3ext.c
+++ b/lib/ssl/ssl3ext.c
@@ -284,20 +284,18 @@ ssl3_GetSessionTicketKeys(const unsigned
/* Table of handlers for received TLS hello extensions, one per extension.
* In the second generation, this table will be dynamic, and functions
* will be registered here.
*/
/* This table is used by the server, to handle client hello extensions. */
static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
{ ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
-#ifndef NSS_DISABLE_ECC
{ ssl_elliptic_curves_xtn, &ssl3_HandleSupportedCurvesXtn },
{ ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn },
-#endif
{ ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn },
{ ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
{ ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn },
{ ssl_app_layer_protocol_xtn, &ssl3_ServerHandleAppProtoXtn },
{ ssl_use_srtp_xtn, &ssl3_ServerHandleUseSRTPXtn },
{ ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn },
{ ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn },
{ ssl_tls13_draft_version_xtn, &ssl3_ServerHandleDraftVersionXtn },
@@ -341,20 +339,18 @@ static const ssl3HelloExtensionHandler s
* the client hello is empty (for example, the extended master secret
* extension, if it were listed last). See bug 1243641.
*/
static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] =
{
{ ssl_server_name_xtn, &ssl3_SendServerNameXtn },
{ ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn },
{ ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
-#ifndef NSS_DISABLE_ECC
{ ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn },
{ ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
-#endif
{ ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
{ ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
{ ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
{ ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn },
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
{ ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
{ ssl_signed_cert_timestamp_xtn, &ssl3_ClientSendSignedCertTimestampXtn },
{ ssl_tls13_key_share_xtn, &tls13_ClientSendKeyShareXtn },
@@ -1316,26 +1312,24 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
goto loser;
rv = ssl3_AppendNumberToItem(&plaintext, ss->sec.keaKeyBits, 4);
if (rv != SECSuccess)
goto loser;
/* certificate slot */
PORT_Assert(ss->sec.serverCert->certType.authType == ss->sec.authType);
switch (ss->sec.authType) {
-#ifndef NSS_DISABLE_ECC
case ssl_auth_ecdsa:
case ssl_auth_ecdh_rsa:
case ssl_auth_ecdh_ecdsa:
/* Too many curves and we will need two bytes here. */
PORT_Assert(ec_pastLastName < 256);
rv = ssl3_AppendNumberToItem(&plaintext,
ss->sec.serverCert->certType.u.namedCurve, 1);
break;
-#endif
default:
rv = ssl3_AppendNumberToItem(&plaintext, 0, 1);
break;
}
if (rv != SECSuccess)
goto loser;
/* master_secret */
@@ -1829,23 +1823,21 @@ ssl3_ProcessSessionTicketCommon(sslSocke
parsed_session_ticket->keaKeyBits = (PRUint32)temp;
/* Read certificate slot */
parsed_session_ticket->certType.authType = parsed_session_ticket->authType;
temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
if (temp < 0)
goto no_ticket;
switch (parsed_session_ticket->authType) {
-#ifndef NSS_DISABLE_ECC
case ssl_auth_ecdsa:
case ssl_auth_ecdh_rsa:
case ssl_auth_ecdh_ecdsa:
parsed_session_ticket->certType.u.namedCurve = (ECName)temp;
break;
-#endif
default:
break;
}
/* Read wrapped master_secret. */
temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
if (temp < 0)
goto no_ticket;
@@ -3262,22 +3254,20 @@ PRInt32
tls13_ServerSendKeyShareXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes)
{
PRUint32 extension_length;
PRUint32 entry_length;
SECStatus rv;
switch (ss->ssl3.hs.kea_def->exchKeyType) {
-#ifndef NSS_DISABLE_ECC
case ssl_kea_ecdh:
case ssl_kea_ecdh_psk:
PORT_Assert(ss->ephemeralECDHKeyPair);
break;
-#endif
default:
/* got an unknown or unsupported Key Exchange Algorithm.
* Can't happen because tls13_HandleClientKeyShare
* enforces that we are ssl_kea_ecdh. */
PORT_Assert(0);
tls13_FatalError(ss, SEC_ERROR_UNSUPPORTED_KEYALG, internal_error);
return SECFailure;
}
--- a/lib/ssl/sslcert.c
+++ b/lib/ssl/sslcert.c
@@ -90,51 +90,47 @@ ssl_FindServerCert(const sslSocket *ss,
for (cursor = PR_NEXT_LINK(&ss->serverCerts);
cursor != &ss->serverCerts;
cursor = PR_NEXT_LINK(cursor)) {
sslServerCert *cert = (sslServerCert *)cursor;
if (cert->certType.authType != certType->authType) {
continue;
}
switch (cert->certType.authType) {
-#ifndef NSS_DISABLE_ECC
case ssl_auth_ecdsa:
case ssl_auth_ecdh_rsa:
case ssl_auth_ecdh_ecdsa:
/* Note: For deprecated APIs, we need to be able to find and
match a slot with any named curve or sign type. */
if (certType->u.namedCurve != ec_noName &&
cert->certType.u.namedCurve != certType->u.namedCurve) {
continue;
}
break;
-#endif
default:
break;
}
return cert;
}
return NULL;
}
sslServerCert *
ssl_FindServerCertByAuthType(const sslSocket *ss, SSLAuthType authType)
{
sslServerCertType certType;
certType.authType = authType;
switch (authType) {
-#ifndef NSS_DISABLE_ECC
/* Setting the named curve to ec_noName ensures that all EC certificates
* are matched when searching for this slot. */
case ssl_auth_ecdsa:
case ssl_auth_ecdh_rsa:
case ssl_auth_ecdh_ecdsa:
certType.u.namedCurve = ec_noName;
break;
-#endif
default:
break;
}
return ssl_FindServerCert(ss, &certType);
}
SECStatus
ssl_OneTimeCertSetup(sslSocket *ss, const sslServerCert *sc)
@@ -168,27 +164,25 @@ ssl_OneTimeCertSetup(sslSocket *ss, cons
/* Determine which slot a certificate fits into. SSLAuthType is known, but
* extra information needs to be worked out from the cert and key. */
static void
ssl_PopulateCertType(sslServerCertType *certType, SSLAuthType authType,
CERTCertificate *cert, ssl3KeyPair *keyPair)
{
certType->authType = authType;
-#ifndef NSS_DISABLE_ECC
switch (authType) {
case ssl_auth_ecdsa:
case ssl_auth_ecdh_rsa:
case ssl_auth_ecdh_ecdsa:
certType->u.namedCurve = ssl3_PubKey2ECName(keyPair->pubKey);
break;
default:
break;
}
-#endif
}
static SECStatus
ssl_PopulateServerCert(sslServerCert *sc, CERTCertificate *cert,
const CERTCertificateList *certChain)
{
if (sc->serverCert) {
CERT_DestroyCertificate(sc->serverCert);
@@ -417,17 +411,16 @@ ssl_ConfigCertByUsage(sslSocket *ss, CER
break;
case SEC_OID_ANSIX9_DSA_SIGNATURE:
if (cert->keyUsage & KU_DIGITAL_SIGNATURE) {
arg.authType = ssl_auth_dsa;
}
break;
-#ifndef NSS_DISABLE_ECC
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
if (cert->keyUsage & KU_KEY_ENCIPHERMENT) {
if ((cert->keyUsage & KU_DIGITAL_SIGNATURE) &&
arg.authType == ssl_auth_null) {
/* See above regarding bad practice. */
arg.authType = ssl_auth_ecdsa;
rv = ssl_ConfigCert(ss, cert, keyPair, &arg);
if (rv != SECSuccess) {
@@ -435,17 +428,16 @@ ssl_ConfigCertByUsage(sslSocket *ss, CER
}
}
arg.authType = ssl_GetEcdhAuthType(cert);
} else if (cert->keyUsage & KU_DIGITAL_SIGNATURE) {
arg.authType = ssl_auth_ecdsa;
}
break;
-#endif /* NSS_DISABLE_ECC */
default:
break;
}
/* Check that we successfully picked an authType */
if (arg.authType == ssl_auth_null) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -587,19 +579,17 @@ ssl_CertSuitableForAuthType(CERTCertific
case ssl_auth_rsa_sign:
return tag == SEC_OID_X500_RSA_ENCRYPTION ||
tag == SEC_OID_PKCS1_RSA_ENCRYPTION;
case ssl_auth_dsa:
return tag == SEC_OID_ANSIX9_DSA_SIGNATURE;
case ssl_auth_ecdsa:
case ssl_auth_ecdh_rsa:
case ssl_auth_ecdh_ecdsa:
-#ifndef NSS_DISABLE_ECC
return tag == SEC_OID_ANSIX962_EC_PUBLIC_KEY;
-#endif
case ssl_auth_null:
case ssl_auth_kea:
case ssl_auth_rsa_pss: /* not supported with deprecated APIs */
return PR_FALSE;
default:
PORT_Assert(0);
return PR_FALSE;
}
@@ -610,25 +600,23 @@ ssl_CertSuitableForAuthType(CERTCertific
static sslServerCert *
ssl_FindOrMakeCertType(sslSocket *ss, SSLAuthType authType)
{
sslServerCert *sc;
sslServerCertType certType;
certType.authType = authType;
switch (authType) {
-#ifndef NSS_DISABLE_ECC
case ssl_auth_ecdsa:
case ssl_auth_ecdh_rsa:
case ssl_auth_ecdh_ecdsa:
/* Setting the named curve to ec_noName ensures that all EC certificates
* are matched when searching for this slot. */
certType.u.namedCurve = ec_noName;
break;
-#endif
default:
break;
}
sc = ssl_FindServerCert(ss, &certType);
if (sc) {
PR_REMOVE_LINK(&sc->link);
return sc;
}
@@ -726,27 +714,25 @@ ssl_AddCertsByKEA(sslSocket *ss, CERTCer
cert, certChainOpt, keyPair);
break;
case ssl_kea_dh:
rv = ssl_AddCertAndKeyByAuthType(ss, ssl_auth_dsa,
cert, certChainOpt, keyPair);
break;
-#ifndef NSS_DISABLE_ECC
case ssl_kea_ecdh:
rv = ssl_AddCertAndKeyByAuthType(ss, ssl_auth_ecdsa,
cert, certChainOpt, keyPair);
if (rv != SECSuccess) {
return SECFailure;
}
rv = ssl_AddCertAndKeyByAuthType(ss, ssl_GetEcdhAuthType(cert),
cert, certChainOpt, keyPair);
break;
-#endif
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
break;
}
ssl3_FreeKeyPair(keyPair);
@@ -777,23 +763,21 @@ SSL_ConfigSecureServerWithCertChain(PRFi
ssl_RemoveCertAndKeyByAuthType(ss, ssl_auth_rsa_decrypt);
ssl_RemoveCertAndKeyByAuthType(ss, ssl_auth_rsa_sign);
break;
case ssl_kea_dh:
ssl_RemoveCertAndKeyByAuthType(ss, ssl_auth_dsa);
break;
-#ifndef NSS_DISABLE_ECC
case ssl_kea_ecdh:
ssl_RemoveCertAndKeyByAuthType(ss, ssl_auth_ecdsa);
ssl_RemoveCertAndKeyByAuthType(ss, ssl_auth_ecdh_rsa);
ssl_RemoveCertAndKeyByAuthType(ss, ssl_auth_ecdh_ecdsa);
break;
-#endif
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
return SECSuccess;
}
@@ -842,28 +826,26 @@ SSL_SetStapledOCSPResponses(PRFileDesc *
if (rv != SECSuccess) {
return SECFailure;
}
return ssl_SetOCSPResponsesInSlot(ss, ssl_auth_rsa_sign, responses);
case ssl_kea_dh:
return ssl_SetOCSPResponsesInSlot(ss, ssl_auth_dsa, responses);
-#ifndef NSS_DISABLE_ECC
case ssl_kea_ecdh:
rv = ssl_SetOCSPResponsesInSlot(ss, ssl_auth_ecdsa, responses);
if (rv != SECSuccess) {
return SECFailure;
}
rv = ssl_SetOCSPResponsesInSlot(ss, ssl_auth_ecdh_rsa, responses);
if (rv != SECSuccess) {
return SECFailure;
}
return ssl_SetOCSPResponsesInSlot(ss, ssl_auth_ecdh_ecdsa, responses);
-#endif
default:
SSL_DBG(("%d: SSL[%d]: invalid cert type in SSL_SetStapledOCSPResponses",
SSL_GETPID(), fd));
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
}
@@ -910,28 +892,26 @@ SSL_SetSignedCertTimestamps(PRFileDesc *
if (rv != SECSuccess) {
return SECFailure;
}
return ssl_SetSignedTimestampsInSlot(ss, ssl_auth_rsa_sign, scts);
case ssl_kea_dh:
return ssl_SetSignedTimestampsInSlot(ss, ssl_auth_dsa, scts);
-#ifndef NSS_DISABLE_ECC
case ssl_kea_ecdh:
rv = ssl_SetSignedTimestampsInSlot(ss, ssl_auth_ecdsa, scts);
if (rv != SECSuccess) {
return SECFailure;
}
rv = ssl_SetSignedTimestampsInSlot(ss, ssl_auth_ecdh_rsa, scts);
if (rv != SECSuccess) {
return SECFailure;
}
return ssl_SetSignedTimestampsInSlot(ss, ssl_auth_ecdh_ecdsa, scts);
-#endif
default:
SSL_DBG(("%d: SSL[%d]: invalid cert type in SSL_SetSignedCertTimestamps",
SSL_GETPID(), fd));
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
}
@@ -948,16 +928,14 @@ NSS_FindCertKEAType(CERTCertificate *cer
tag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
switch (tag) {
case SEC_OID_X500_RSA_ENCRYPTION:
case SEC_OID_PKCS1_RSA_ENCRYPTION:
return ssl_kea_rsa;
case SEC_OID_ANSIX9_DSA_SIGNATURE: /* hah, signature, not a key? */
case SEC_OID_X942_DIFFIE_HELMAN_KEY:
return ssl_kea_dh;
-#ifndef NSS_DISABLE_ECC
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
return ssl_kea_ecdh;
-#endif /* NSS_DISABLE_ECC */
default:
return ssl_kea_null;
}
}
--- a/lib/ssl/sslcert.h
+++ b/lib/ssl/sslcert.h
@@ -18,23 +18,21 @@
** parameters further narrow the slot.
**
** An EC key (ssl_auth_ecdsa or ssl_auth_ecdh_*) is assigned to a slot based on
** the named curve of the key.
*/
typedef struct sslServerCertTypeStr {
SSLAuthType authType;
union {
-#ifndef NSS_DISABLE_ECC
/* For ssl_auth_ecdsa and ssl_auth_ecdh_*. This is only the named curve
* of the end-entity certificate key. The keys in other certificates in
* the chain aren't directly relevant to the operation of TLS (though it
* might make certificate validation difficult, libssl doesn't care). */
ECName namedCurve;
-#endif
} u;
} sslServerCertType;
typedef struct sslServerCertStr {
PRCList link; /* The linked list link */
sslServerCertType certType; /* The certificate slot this occupies */
--- a/lib/ssl/sslenum.c
+++ b/lib/ssl/sslenum.c
@@ -51,17 +51,16 @@
* TLS_KRB5_EXPORT_WITH_RC4_40_MD5 { 0x00,0x2B }
* TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F }
* TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A }
* TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 }
* The broken server only supports the third and fourth ones and will select
* the third one.
*/
const PRUint16 SSL_ImplementedCiphers[] = {
-#ifndef NSS_DISABLE_ECC
/* ECDHE-PSK from [draft-mattsson-tls-ecdhe-psk-aead]. */
TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
@@ -76,17 +75,16 @@ const PRUint16 SSL_ImplementedCiphers[]
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-#endif /* NSS_DISABLE_ECC */
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
@@ -99,26 +97,24 @@ const PRUint16 SSL_ImplementedCiphers[]
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_DSS_WITH_RC4_128_SHA,
-#ifndef NSS_DISABLE_ECC
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
TLS_ECDH_RSA_WITH_RC4_128_SHA,
-#endif /* NSS_DISABLE_ECC */
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,
@@ -139,28 +135,25 @@ const PRUint16 SSL_ImplementedCiphers[]
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
/* export ciphersuites with 512-bit public key exchange keys */
TLS_RSA_EXPORT_WITH_RC4_40_MD5,
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
/* ciphersuites with no encryption */
-#ifndef NSS_DISABLE_ECC
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDH_RSA_WITH_NULL_SHA,
TLS_ECDH_ECDSA_WITH_NULL_SHA,
-#endif /* NSS_DISABLE_ECC */
TLS_RSA_WITH_NULL_SHA,
TLS_RSA_WITH_NULL_SHA256,
TLS_RSA_WITH_NULL_MD5,
0
-
};
const PRUint16 SSL_NumImplementedCiphers =
(sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1;
const PRUint16*
SSL_GetImplementedCiphers(void)
{
--- a/lib/ssl/sslimpl.h
+++ b/lib/ssl/sslimpl.h
@@ -147,17 +147,16 @@ typedef enum { SSLAppOpRead = 0,
/* The default value from RFC 4347 is 1s, which is too slow. */
#define DTLS_RETRANSMIT_INITIAL_MS 50
/* The maximum time to wait between retransmissions. */
#define DTLS_RETRANSMIT_MAX_MS 10000
/* Time to wait in FINISHED state for retransmissions. */
#define DTLS_RETRANSMIT_FINISHED_MS 30000
-#ifndef NSS_DISABLE_ECC
/* Types and names of elliptic curves used in TLS */
typedef enum {
ec_type_explicitPrime = 1,
ec_type_explicitChar2Curve = 2,
ec_type_named
} ECType;
typedef enum {
@@ -184,17 +183,16 @@ typedef enum {
ec_secp224k1 = 20,
ec_secp224r1 = 21,
ec_secp256k1 = 22,
ec_secp256r1 = 23,
ec_secp384r1 = 24,
ec_secp521r1 = 25,
ec_pastLastName
} ECName;
-#endif /* ndef NSS_DISABLE_ECC */
typedef struct sslBufferStr sslBuffer;
typedef struct sslConnectInfoStr sslConnectInfo;
typedef struct sslGatherStr sslGather;
typedef struct sslSecurityInfoStr sslSecurityInfo;
typedef struct sslSessionIDStr sslSessionID;
typedef struct sslSocketStr sslSocket;
typedef struct sslSocketOpsStr sslSocketOps;
@@ -309,21 +307,17 @@ typedef struct {
#else
ssl3CipherSuite cipher_suite;
PRUint8 policy;
unsigned char enabled : 1;
unsigned char isPresent : 1;
#endif
} ssl3CipherSuiteCfg;
-#ifndef NSS_DISABLE_ECC
#define ssl_V3_SUITES_IMPLEMENTED 75
-#else
-#define ssl_V3_SUITES_IMPLEMENTED 42
-#endif /* NSS_DISABLE_ECC */
#define MAX_DTLS_SRTP_CIPHER_SUITES 4
/* MAX_SIGNATURE_ALGORITHMS allows for a large number of combinations of
* SSLSignType and SSLHashType, but not all combinations (specifically, this
* doesn't allow space for combinations with MD5). */
#define MAX_SIGNATURE_ALGORITHMS 15
@@ -649,19 +643,17 @@ struct sslSessionIDStr {
SSL3Opaque sessionID[SSL3_SESSIONID_BYTES];
ssl3CipherSuite cipherSuite;
SSLCompressionMethod compression;
int policy;
ssl3SidKeys keys;
CK_MECHANISM_TYPE masterWrapMech;
/* mechanism used to wrap master secret */
-#ifndef NSS_DISABLE_ECC
PRUint32 negotiatedECCurves;
-#endif /* NSS_DISABLE_ECC */
/* The following values are NOT restored from the server's on-disk
* session cache, but are restored from the client's cache.
*/
PK11SymKey *clientWriteKey;
PK11SymKey *serverWriteKey;
/* The following values pertain to the slot that wrapped the
@@ -928,19 +920,17 @@ typedef struct SSL3HandshakeStateStr {
NewSessionTicket newSessionTicket;
PRUint16 finishedBytes; /* size of single finished below */
union {
TLSFinished tFinished[2]; /* client, then server */
SSL3Finished sFinished[2];
SSL3Opaque data[72];
} finishedMsgs;
-#ifndef NSS_DISABLE_ECC
PRUint32 negotiatedECCurves; /* bit mask */
-#endif /* NSS_DISABLE_ECC */
PRBool authCertificatePending;
/* Which function should SSL_RestartHandshake* call if we're blocked?
* One of NULL, ssl3_SendClientSecondRound, ssl3_FinishHandshake,
* or ssl3_AlwaysFail */
sslRestartTarget restartTarget;
/* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */
PRBool cacheSID;
@@ -1647,17 +1637,16 @@ int ssl3_GatherCompleteHandshake(sslSock
* with public RSA keys larger than 512 bits need to use a 512-bit public
* key, signed by the larger key. The smaller key is a "step down" key.
* Generate that key pair and keep it around.
*/
extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
extern SECStatus ssl3_SelectDHParams(sslSocket *ss);
-#ifndef NSS_DISABLE_ECC
extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
extern PRBool ssl3_IsECCEnabled(sslSocket *ss);
extern SECStatus ssl3_DisableECCSuites(sslSocket *ss,
const ssl3CipherSuite *suite);
extern PRUint32 ssl3_GetSupportedECCurveMask(sslSocket *ss);
#define SSL_IS_CURVE_NEGOTIATED(curvemsk, curveName) \
((curveName > ec_noName) && \
@@ -1676,18 +1665,16 @@ extern PRUint32 ssl3_GetSupportedECCurve
extern SECStatus ssl3_ECName2Params(PLArenaPool *arena, ECName curve,
SECKEYECParams *params);
ECName ssl3_PubKey2ECName(SECKEYPublicKey *pubKey);
ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits);
ECName ssl3_GetCurveNameForServerSocket(sslSocket *ss);
-#endif /* NSS_DISABLE_ECC */
-
extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on);
extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on);
extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool on);
extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on);
extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
@@ -1703,34 +1690,32 @@ extern SECStatus ssl3_HandleHandshakeMes
extern void ssl3_DestroySSL3Info(sslSocket *ss);
extern SECStatus ssl3_NegotiateVersion(sslSocket *ss,
SSL3ProtocolVersion peerVersion,
PRBool allowLargerPeerVersion);
extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
-#ifndef NSS_DISABLE_ECC
/* ECDH functions */
extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket *ss,
SECKEYPublicKey *svrPubKey);
extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss,
SSL3Opaque *b, PRUint32 length);
extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss,
SSL3Opaque *b, PRUint32 length,
SECKEYPublicKey *srvrPubKey,
SECKEYPrivateKey *srvrPrivKey);
extern SECStatus ssl3_SendECDHServerKeyExchange(
sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash);
SECKEYPublicKey *tls13_ImportECDHKeyShare(
sslSocket *ss, SSL3Opaque *b, PRUint32 length, ECName curve);
ECName tls13_GroupForECDHEKeyShare(ssl3KeyPair *pair);
unsigned int tls13_SizeOfECDHEKeyShareKEX(ssl3KeyPair *pair);
SECStatus tls13_EncodeECDHEKeyShareKEX(sslSocket *ss, ssl3KeyPair *pair);
-#endif
extern SECStatus ssl3_ComputeCommonKeyHash(SSLHashType hashAlg,
PRUint8 *hashBuf,
unsigned int bufLen, SSL3Hashes *hashes,
PRBool bypassPKCS11);
extern void ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName);
extern SECStatus ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms);
extern SECStatus ssl3_AppendHandshake(sslSocket *ss, const void *void_src,
@@ -1787,22 +1772,20 @@ extern PRInt32 ssl3_SendSessionTicketXtn
PRUint32 maxBytes);
/* ClientHello and ServerHello extension senders.
* The code is in ssl3ext.c.
*/
extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
-#ifndef NSS_DISABLE_ECC
extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss,
PRBool append, PRUint32 maxBytes);
extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss,
PRBool append, PRUint32 maxBytes);
-#endif
/* call the registered extension handlers. */
extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss,
SSL3Opaque **b, PRUint32 *length,
SSL3HandshakeType handshakeMessage);
/* Hello Extension related routines. */
extern PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type);
@@ -1933,23 +1916,21 @@ SECStatus ssl3_SendServerHello(sslSocket
SECOidTag ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc);
SECStatus ssl3_ComputeHandshakeHashes(sslSocket *ss,
ssl3CipherSpec *spec,
SSL3Hashes *hashes,
PRUint32 sender);
void ssl3_BumpSequenceNumber(SSL3SequenceNumber *num);
PRInt32 tls13_ServerSendKeyShareXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
-#ifndef NSS_DISABLE_ECC
SECStatus ssl3_CreateECDHEphemeralKeyPair(ECName ec_curve,
ssl3KeyPair **keyPair);
PK11SymKey *tls13_ComputeECDHSharedKey(sslSocket *ss,
SECKEYPrivateKey *myPrivKey,
SECKEYPublicKey *peerKey);
-#endif
SECStatus ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags);
PK11SymKey *ssl3_GetWrappingKey(sslSocket *ss,
PK11SlotInfo *masterSecretSlot,
const sslServerCert *serverCert,
CK_MECHANISM_TYPE masterWrapMech,
void *pwArg);
PRInt32 tls13_ServerSendPreSharedKeyXtn(sslSocket *ss,
PRBool append,
--- a/lib/ssl/sslinfo.c
+++ b/lib/ssl/sslinfo.c
@@ -246,17 +246,16 @@ static const SSLCipherSuiteInfo suiteInf
{ 0, CS(RSA_EXPORT1024_WITH_RC4_56_SHA), S_RSA, K_RSA, C_RC4, B_56, M_SHA, F_EXPORT, A_EXP },
{ 0, CS(RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, F_EXPORT, A_EXP },
{ 0, CS(RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, F_EXPORT, A_EXP },
{ 0, CS(RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, F_EXPORT, A_EXP },
{ 0, CS(RSA_WITH_NULL_SHA256), S_RSA, K_RSA, C_NULL, B_0, M_SHA256, F_EXPORT, A_RSAD },
{ 0, CS(RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL, B_0, M_SHA, F_EXPORT, A_RSAD },
{ 0, CS(RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL, B_0, M_MD5, F_EXPORT, A_RSAD },
-#ifndef NSS_DISABLE_ECC
/* ECC cipher suites */
{ 0, CS(ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, F_FIPS_STD, A_RSAS },
{ 0, CS(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, F_FIPS_STD, A_ECDSA },
{ 0, CS(ECDHE_PSK_WITH_AES_128_GCM_SHA256), S_PSK, K_ECDHE_PSK, C_AESGCM, B_128, M_AEAD_128, F_FIPS_STD, A_PSK },
{ 0, CS(ECDH_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDH, C_NULL, B_0, M_SHA, F_NFIPS_STD, A_ECDH_E },
{ 0, CS(ECDH_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDH, C_RC4, B_128, M_SHA, F_NFIPS_STD, A_ECDH_E },
{ 0, CS(ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDH, C_3DES, B_3DES, M_SHA, F_FIPS_STD, A_ECDH_E },
@@ -283,17 +282,16 @@ static const SSLCipherSuiteInfo suiteInf
{ 0, CS(ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, F_FIPS_STD, A_RSAS },
{ 0, CS(ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, F_FIPS_STD, A_RSAS },
{ 0, CS(ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, F_FIPS_STD, A_RSAS },
{ 0, CS(ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256), S_RSA, K_ECDHE, C_CHACHA20, B_256, M_AEAD_128, F_NFIPS_STD, A_RSAS },
{ 0, CS(ECDHE_RSA_WITH_AES_256_CBC_SHA384), S_RSA, K_ECDHE, C_AES, B_256, M_SHA384, F_FIPS_STD, A_RSAS },
{ 0, CS(ECDHE_ECDSA_WITH_AES_256_CBC_SHA384), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA384, F_FIPS_STD, A_ECDSA },
{ 0, CS(ECDHE_ECDSA_WITH_AES_256_GCM_SHA384), S_ECDSA, K_ECDHE, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_ECDSA },
{ 0, CS(ECDHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_ECDHE, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_RSAS },
-#endif /* NSS_DISABLE_ECC */
{ 0, CS(DHE_DSS_WITH_AES_256_GCM_SHA384), S_DSA, K_DHE, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_DSA },
{ 0, CS(DHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_DHE, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_RSAS },
{ 0, CS(RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_RSA, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_RSAD }
};
#define NUM_SUITEINFOS ((sizeof suiteInfo) / (sizeof suiteInfo[0]))
--- a/lib/ssl/sslsnce.c
+++ b/lib/ssl/sslsnce.c
@@ -447,23 +447,21 @@ ConvertFromSID(sidCacheEntry *to, sslSes
to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech;
to->sessionIDLength = from->u.ssl3.sessionIDLength;
to->u.ssl3.certIndex = -1;
to->u.ssl3.srvNameIndex = -1;
PORT_Memcpy(to->sessionID, from->u.ssl3.sessionID,
to->sessionIDLength);
to->u.ssl3.certTypeArgs = 0U;
switch (from->authType) {
-#ifndef NSS_DISABLE_ECC
case ssl_auth_ecdsa:
case ssl_auth_ecdh_rsa:
case ssl_auth_ecdh_ecdsa:
to->u.ssl3.certTypeArgs = (PRUint16)from->certType.u.namedCurve;
break;
-#endif
default:
break;
}
SSL_TRC(8, ("%d: SSL3: ConvertSID: time=%d addr=0x%08x%08x%08x%08x "
"cipherSuite=%d",
myPid, to->creationTime, to->addr.pr_s6_addr32[0],
to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2],
@@ -533,24 +531,22 @@ ConvertToSID(sidCacheEntry *from,
to->peerCert = CERT_NewTempCertificate(dbHandle, &derCert, NULL,
PR_FALSE, PR_TRUE);
if (to->peerCert == NULL)
goto loser;
}
to->certType.authType = from->authType;
switch (from->authType) {
-#ifndef NSS_DISABLE_ECC
case ssl_auth_ecdsa:
case ssl_auth_ecdh_rsa:
case ssl_auth_ecdh_ecdsa:
to->certType.u.namedCurve =
(ECName)from->u.ssl3.certTypeArgs;
break;
-#endif
default:
break;
}
to->version = from->version;
to->creationTime = from->creationTime;
to->lastAccessTime = from->lastAccessTime;
to->expirationTime = from->expirationTime;
--- a/lib/ssl/sslt.h
+++ b/lib/ssl/sslt.h
@@ -267,20 +267,18 @@ typedef enum {
SSL_sni_type_total
} SSLSniNameType;
/* Supported extensions. */
/* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */
typedef enum {
ssl_server_name_xtn = 0,
ssl_cert_status_xtn = 5,
-#ifndef NSS_DISABLE_ECC
ssl_elliptic_curves_xtn = 10,
ssl_ec_point_formats_xtn = 11,
-#endif
ssl_signature_algorithms_xtn = 13,
ssl_use_srtp_xtn = 14,
ssl_app_layer_protocol_xtn = 16,
/* signed_certificate_timestamp extension, RFC 6962 */
ssl_signed_cert_timestamp_xtn = 18,
ssl_padding_xtn = 21,
ssl_extended_master_secret_xtn = 23,
ssl_session_ticket_xtn = 35,
--- a/lib/ssl/tls13con.c
+++ b/lib/ssl/tls13con.c
@@ -679,27 +679,25 @@ tls13_HandleClientKeyShare(sslSocket *ss
SSL_TRC(3, ("%d: TLS13[%d]: handle client_key_share handshake",
SSL_GETPID(), ss->fd));
PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
/* Figure out what group we expect */
switch (ss->ssl3.hs.kea_def->exchKeyType) {
-#ifndef NSS_DISABLE_ECC
case ssl_kea_ecdh:
case ssl_kea_ecdh_psk:
expectedGroup = ssl3_GetCurveNameForServerSocket(ss);
if (!expectedGroup) {
FATAL_ERROR(ss, SSL_ERROR_NO_CYPHER_OVERLAP,
handshake_failure);
return SECFailure;
}
break;
-#endif
default:
/* Got an unknown or unsupported Key Exchange Algorithm.
* Can't happen. */
FATAL_ERROR(ss, SEC_ERROR_UNSUPPORTED_KEYALG,
internal_error);
return SECFailure;
}
@@ -1124,22 +1122,20 @@ tls13_HandleServerKeyShare(sslSocket *ss
TLS13KeyShareEntry *entry;
SSL_TRC(3, ("%d: TLS13[%d]: handle server_key_share handshake",
SSL_GETPID(), ss->fd));
PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
switch (ss->ssl3.hs.kea_def->exchKeyType) {
-#ifndef NSS_DISABLE_ECC
case ssl_kea_ecdh:
case ssl_kea_ecdh_psk:
expectedGroup = ssl3_PubKey2ECName(ss->ephemeralECDHKeyPair->pubKey);
break;
-#endif /* NSS_DISABLE_ECC */
default:
FATAL_ERROR(ss, SEC_ERROR_UNSUPPORTED_KEYALG, handshake_failure);
return SECFailure;
}
/* This list should have one entry. */
if (PR_CLIST_IS_EMPTY(&ss->ssl3.hs.remoteKeyShares)) {
FATAL_ERROR(ss, SSL_ERROR_MISSING_KEY_SHARE, missing_extension);