Update net/third_party/nss to NSS 3.13.3.

net/third_party/nss/ssl/ssl3ecc.c

 /*
  * SSL3 Protocol
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
@@ skipping 22 matching lines @@
  * under the terms of either the GPL or the LGPL, and not to allow others to
  * use your version of this file under the terms of the MPL, indicate your
  * decision by deleting the provisions above and replace them with the notice
  * and other provisions required by the GPL or the LGPL. If you do not delete
  * the provisions above, a recipient may use your version of this file under
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
 
 /* ECC code moved here from ssl3con.c */
-/* $Id: ssl3ecc.c,v 1.24 2010/03/15 08:03:14 nelson%bolyard.com Exp $ */
+/* $Id: ssl3ecc.c,v 1.26 2012/02/13 17:19:40 kaie%kuix.de Exp $ */
 
 #include "nss.h"
 #include "cert.h"
 #include "ssl.h"
 #include "cryptohi.h"   /* for DSAU_ stuff */
 #include "keyhi.h"
 #include "secder.h"
 #include "secitem.h"
 
 #include "sslimpl.h"
@@ skipping 256 matching lines @@
 
     isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
 
     /* Generate ephemeral EC keypair */
     if (svrPubKey->keyType != ecKey) {
         PORT_SetError(SEC_ERROR_BAD_KEY);
         goto loser;
     }
     /* XXX SHOULD CALL ssl3_CreateECDHEphemeralKeys here, instead! */
     privKey = SECKEY_CreateECPrivateKey(&svrPubKey->u.ec.DEREncodedParams, 
-                                        &pubKey, NULL);
+                                        &pubKey, ss->pkcs11PinArg);
     if (!privKey || !pubKey) {
             ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
             rv = SECFailure;
             goto loser;
     }
     PRINT_BUF(50, (ss, "ECDH public value:",
                                         pubKey->u.ec.publicValue.data,
                                         pubKey->u.ec.publicValue.len));
 
     if (isTLS) target = CKM_TLS_MASTER_KEY_DERIVE_DH;
@@ skipping 630 matching lines @@
         ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
     } else {
         SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature);
 
         switch (sigTag) {
         case SEC_OID_PKCS1_RSA_ENCRYPTION:
         case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
         case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
         case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
         case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
         case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
         case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
         case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
             ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
             break;
         case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
         case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
         case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
         case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
         case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
@@ skipping 203 matching lines @@
     ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
     return SECFailure;
 
 loser:
     /* no common curve supported */
     ssl3_DisableECCSuites(ss, ecSuites);
     return SECFailure;
 }
 
 #endif /* NSS_ENABLE_ECC */