OLD | NEW |
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * SSL3 Protocol | 3 * SSL3 Protocol |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 /* ECC code moved here from ssl3con.c */ | 9 /* ECC code moved here from ssl3con.c */ |
10 | 10 |
(...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
207 for (i = ec_noName + 1; i < ec_pastLastName; i++) { | 207 for (i = ec_noName + 1; i < ec_pastLastName; i++) { |
208 if (ecName2OIDTag[i] == oidData->offset) | 208 if (ecName2OIDTag[i] == oidData->offset) |
209 return i; | 209 return i; |
210 } | 210 } |
211 | 211 |
212 return ec_noName; | 212 return ec_noName; |
213 } | 213 } |
214 | 214 |
215 /* Caller must set hiLevel error code. */ | 215 /* Caller must set hiLevel error code. */ |
216 static SECStatus | 216 static SECStatus |
217 ssl3_ComputeECDHKeyHash(SECOidTag hashAlg, | 217 ssl3_ComputeECDHKeyHash(SSLHashType hashAlg, |
218 SECItem ec_params, SECItem server_ecpoint, | 218 SECItem ec_params, SECItem server_ecpoint, |
219 SSL3Random *client_rand, SSL3Random *server_rand, | 219 SSL3Random *client_rand, SSL3Random *server_rand, |
220 SSL3Hashes *hashes, PRBool bypassPKCS11) | 220 SSL3Hashes *hashes, PRBool bypassPKCS11) |
221 { | 221 { |
222 PRUint8 * hashBuf; | 222 PRUint8 * hashBuf; |
223 PRUint8 * pBuf; | 223 PRUint8 * pBuf; |
224 SECStatus rv = SECSuccess; | 224 SECStatus rv = SECSuccess; |
225 unsigned int bufLen; | 225 unsigned int bufLen; |
226 /* | 226 /* |
227 * XXX For now, we only support named curves (the appropriate | 227 * XXX For now, we only support named curves (the appropriate |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
296 if (!privKey || !pubKey) { | 296 if (!privKey || !pubKey) { |
297 ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); | 297 ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); |
298 rv = SECFailure; | 298 rv = SECFailure; |
299 goto loser; | 299 goto loser; |
300 } | 300 } |
301 PRINT_BUF(50, (ss, "ECDH public value:", | 301 PRINT_BUF(50, (ss, "ECDH public value:", |
302 pubKey->u.ec.publicValue.data, | 302 pubKey->u.ec.publicValue.data, |
303 pubKey->u.ec.publicValue.len)); | 303 pubKey->u.ec.publicValue.len)); |
304 | 304 |
305 if (isTLS12) { | 305 if (isTLS12) { |
306 target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; | 306 target = CKM_TLS12_MASTER_KEY_DERIVE_DH; |
307 } else if (isTLS) { | 307 } else if (isTLS) { |
308 target = CKM_TLS_MASTER_KEY_DERIVE_DH; | 308 target = CKM_TLS_MASTER_KEY_DERIVE_DH; |
309 } else { | 309 } else { |
310 target = CKM_SSL3_MASTER_KEY_DERIVE_DH; | 310 target = CKM_SSL3_MASTER_KEY_DERIVE_DH; |
311 } | 311 } |
312 | 312 |
313 /* Determine the PMS */ | 313 /* Determine the PMS */ |
314 pms = PK11_PubDeriveWithKDF(privKey, svrPubKey, PR_FALSE, NULL, NULL, | 314 pms = PK11_PubDeriveWithKDF(privKey, svrPubKey, PR_FALSE, NULL, NULL, |
315 CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, | 315 CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, |
316 CKD_NULL, NULL, NULL); | 316 CKD_NULL, NULL, NULL); |
317 | 317 |
318 if (pms == NULL) { | 318 if (pms == NULL) { |
319 SSL3AlertDescription desc = illegal_parameter; | 319 SSL3AlertDescription desc = illegal_parameter; |
320 (void)SSL3_SendAlert(ss, alert_fatal, desc); | 320 (void)SSL3_SendAlert(ss, alert_fatal, desc); |
321 ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); | 321 ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); |
322 goto loser; | 322 goto loser; |
323 } | 323 } |
324 | 324 |
325 SECKEY_DestroyPrivateKey(privKey); | 325 SECKEY_DestroyPrivateKey(privKey); |
326 privKey = NULL; | 326 privKey = NULL; |
327 | 327 |
328 rv = ssl3_InitPendingCipherSpec(ss, pms); | |
329 PK11_FreeSymKey(pms); pms = NULL; | |
330 | |
331 if (rv != SECSuccess) { | |
332 ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); | |
333 goto loser; | |
334 } | |
335 | |
336 rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, | 328 rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, |
337 pubKey->u.ec.publicValue.len + 1); | 329 pubKey->u.ec.publicValue.len + 1); |
338 if (rv != SECSuccess) { | 330 if (rv != SECSuccess) { |
339 goto loser; /* err set by ssl3_AppendHandshake* */ | 331 goto loser; /* err set by ssl3_AppendHandshake* */ |
340 } | 332 } |
341 | 333 |
342 rv = ssl3_AppendHandshakeVariable(ss, | 334 rv = ssl3_AppendHandshakeVariable(ss, |
343 pubKey->u.ec.publicValue.data, | 335 pubKey->u.ec.publicValue.data, |
344 pubKey->u.ec.publicValue.len, 1); | 336 pubKey->u.ec.publicValue.len, 1); |
345 SECKEY_DestroyPublicKey(pubKey); | 337 SECKEY_DestroyPublicKey(pubKey); |
346 pubKey = NULL; | 338 pubKey = NULL; |
347 | 339 |
348 if (rv != SECSuccess) { | 340 if (rv != SECSuccess) { |
349 goto loser; /* err set by ssl3_AppendHandshake* */ | 341 goto loser; /* err set by ssl3_AppendHandshake* */ |
350 } | 342 } |
351 | 343 |
| 344 rv = ssl3_InitPendingCipherSpec(ss, pms); |
| 345 PK11_FreeSymKey(pms); pms = NULL; |
| 346 |
| 347 if (rv != SECSuccess) { |
| 348 ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); |
| 349 goto loser; |
| 350 } |
| 351 |
352 rv = SECSuccess; | 352 rv = SECSuccess; |
353 | 353 |
354 loser: | 354 loser: |
355 if(pms) PK11_FreeSymKey(pms); | 355 if(pms) PK11_FreeSymKey(pms); |
356 if(privKey) SECKEY_DestroyPrivateKey(privKey); | 356 if(privKey) SECKEY_DestroyPrivateKey(privKey); |
357 if(pubKey) SECKEY_DestroyPublicKey(pubKey); | 357 if(pubKey) SECKEY_DestroyPublicKey(pubKey); |
358 return rv; | 358 return rv; |
359 } | 359 } |
360 | 360 |
361 | 361 |
(...skipping 25 matching lines...) Expand all Loading... |
387 1, &b, &length); | 387 1, &b, &length); |
388 if (rv != SECSuccess) { | 388 if (rv != SECSuccess) { |
389 SEND_ALERT | 389 SEND_ALERT |
390 return SECFailure; /* XXX Who sets the error code?? */ | 390 return SECFailure; /* XXX Who sets the error code?? */ |
391 } | 391 } |
392 | 392 |
393 isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); | 393 isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); |
394 isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); | 394 isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); |
395 | 395 |
396 if (isTLS12) { | 396 if (isTLS12) { |
397 target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; | 397 target = CKM_TLS12_MASTER_KEY_DERIVE_DH; |
398 } else if (isTLS) { | 398 } else if (isTLS) { |
399 target = CKM_TLS_MASTER_KEY_DERIVE_DH; | 399 target = CKM_TLS_MASTER_KEY_DERIVE_DH; |
400 } else { | 400 } else { |
401 target = CKM_SSL3_MASTER_KEY_DERIVE_DH; | 401 target = CKM_SSL3_MASTER_KEY_DERIVE_DH; |
402 } | 402 } |
403 | 403 |
404 /* Determine the PMS */ | 404 /* Determine the PMS */ |
405 pms = PK11_PubDeriveWithKDF(srvrPrivKey, &clntPubKey, PR_FALSE, NULL, NULL, | 405 pms = PK11_PubDeriveWithKDF(srvrPrivKey, &clntPubKey, PR_FALSE, NULL, NULL, |
406 CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, | 406 CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, |
407 CKD_NULL, NULL, NULL); | 407 CKD_NULL, NULL, NULL); |
(...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
608 PRBool isTLS, isTLS12; | 608 PRBool isTLS, isTLS12; |
609 SECStatus rv; | 609 SECStatus rv; |
610 int errCode = SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH; | 610 int errCode = SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH; |
611 SSL3AlertDescription desc = illegal_parameter; | 611 SSL3AlertDescription desc = illegal_parameter; |
612 SSL3Hashes hashes; | 612 SSL3Hashes hashes; |
613 SECItem signature = {siBuffer, NULL, 0}; | 613 SECItem signature = {siBuffer, NULL, 0}; |
614 | 614 |
615 SECItem ec_params = {siBuffer, NULL, 0}; | 615 SECItem ec_params = {siBuffer, NULL, 0}; |
616 SECItem ec_point = {siBuffer, NULL, 0}; | 616 SECItem ec_point = {siBuffer, NULL, 0}; |
617 unsigned char paramBuf[3]; /* only for curve_type == named_curve */ | 617 unsigned char paramBuf[3]; /* only for curve_type == named_curve */ |
618 SSL3SignatureAndHashAlgorithm sigAndHash; | 618 SSLSignatureAndHashAlg sigAndHash; |
619 | 619 |
620 sigAndHash.hashAlg = SEC_OID_UNKNOWN; | 620 sigAndHash.hashAlg = ssl_hash_none; |
621 | 621 |
622 isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); | 622 isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); |
623 isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); | 623 isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); |
624 | 624 |
625 /* XXX This works only for named curves, revisit this when | 625 /* XXX This works only for named curves, revisit this when |
626 * we support generic curves. | 626 * we support generic curves. |
627 */ | 627 */ |
628 ec_params.len = sizeof paramBuf; | 628 ec_params.len = sizeof paramBuf; |
629 ec_params.data = paramBuf; | 629 ec_params.data = paramBuf; |
630 rv = ssl3_ConsumeHandshake(ss, ec_params.data, ec_params.len, &b, &length); | 630 rv = ssl3_ConsumeHandshake(ss, ec_params.data, ec_params.len, &b, &length); |
(...skipping 21 matching lines...) Expand all Loading... |
652 goto alert_loser; | 652 goto alert_loser; |
653 } | 653 } |
654 | 654 |
655 if (isTLS12) { | 655 if (isTLS12) { |
656 rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length, | 656 rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length, |
657 &sigAndHash); | 657 &sigAndHash); |
658 if (rv != SECSuccess) { | 658 if (rv != SECSuccess) { |
659 goto loser; /* malformed or unsupported. */ | 659 goto loser; /* malformed or unsupported. */ |
660 } | 660 } |
661 rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( | 661 rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( |
662 &sigAndHash, ss->sec.peerCert); | 662 ss, &sigAndHash, ss->sec.peerCert); |
663 if (rv != SECSuccess) { | 663 if (rv != SECSuccess) { |
664 goto loser; | 664 goto loser; |
665 } | 665 } |
666 } | 666 } |
667 | 667 |
668 rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length); | 668 rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length); |
669 if (rv != SECSuccess) { | 669 if (rv != SECSuccess) { |
670 goto loser; /* malformed. */ | 670 goto loser; /* malformed. */ |
671 } | 671 } |
672 | 672 |
(...skipping 30 matching lines...) Expand all Loading... |
703 errCode = | 703 errCode = |
704 ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); | 704 ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); |
705 goto alert_loser; | 705 goto alert_loser; |
706 } | 706 } |
707 | 707 |
708 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 708 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
709 if (arena == NULL) { | 709 if (arena == NULL) { |
710 goto no_memory; | 710 goto no_memory; |
711 } | 711 } |
712 | 712 |
713 ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); | 713 peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); |
714 if (peerKey == NULL) { | 714 if (peerKey == NULL) { |
715 goto no_memory; | 715 goto no_memory; |
716 } | 716 } |
717 | 717 |
718 peerKey->arena = arena; | 718 peerKey->arena = arena; |
719 peerKey->keyType = ecKey; | 719 peerKey->keyType = ecKey; |
720 | 720 |
721 /* set up EC parameters in peerKey */ | 721 /* set up EC parameters in peerKey */ |
722 if (ssl3_ECName2Params(arena, ec_params.data[2], | 722 if (ssl3_ECName2Params(arena, ec_params.data[2], |
723 &peerKey->u.ec.DEREncodedParams) != SECSuccess) { | 723 &peerKey->u.ec.DEREncodedParams) != SECSuccess) { |
724 /* we should never get here since we already | 724 /* we should never get here since we already |
725 * checked that we are dealing with a supported curve | 725 * checked that we are dealing with a supported curve |
726 */ | 726 */ |
727 errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE; | 727 errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE; |
728 goto alert_loser; | 728 goto alert_loser; |
729 } | 729 } |
730 | 730 |
731 /* copy publicValue in peerKey */ | 731 /* copy publicValue in peerKey */ |
732 if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue, &ec_point)) | 732 if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue, &ec_point)) |
733 { | 733 { |
734 PORT_FreeArena(arena, PR_FALSE); | |
735 goto no_memory; | 734 goto no_memory; |
736 } | 735 } |
737 peerKey->pkcs11Slot = NULL; | 736 peerKey->pkcs11Slot = NULL; |
738 peerKey->pkcs11ID = CK_INVALID_HANDLE; | 737 peerKey->pkcs11ID = CK_INVALID_HANDLE; |
739 | 738 |
740 ss->sec.peerKey = peerKey; | 739 ss->sec.peerKey = peerKey; |
741 ss->ssl3.hs.ws = wait_cert_request; | 740 ss->ssl3.hs.ws = wait_cert_request; |
742 | 741 |
743 return SECSuccess; | 742 return SECSuccess; |
744 | 743 |
745 alert_loser: | 744 alert_loser: |
746 (void)SSL3_SendAlert(ss, alert_fatal, desc); | 745 (void)SSL3_SendAlert(ss, alert_fatal, desc); |
747 loser: | 746 loser: |
| 747 if (arena) { |
| 748 PORT_FreeArena(arena, PR_FALSE); |
| 749 } |
748 PORT_SetError( errCode ); | 750 PORT_SetError( errCode ); |
749 return SECFailure; | 751 return SECFailure; |
750 | 752 |
751 no_memory: /* no-memory error has already been set. */ | 753 no_memory: /* no-memory error has already been set. */ |
| 754 if (arena) { |
| 755 PORT_FreeArena(arena, PR_FALSE); |
| 756 } |
752 ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); | 757 ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); |
753 return SECFailure; | 758 return SECFailure; |
754 } | 759 } |
755 | 760 |
756 SECStatus | 761 SECStatus |
757 ssl3_SendECDHServerKeyExchange( | 762 ssl3_SendECDHServerKeyExchange( |
758 sslSocket *ss, | 763 sslSocket *ss, |
759 const SSL3SignatureAndHashAlgorithm *sigAndHash) | 764 const SSLSignatureAndHashAlg *sigAndHash) |
760 { | 765 { |
761 const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; | 766 const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; |
762 SECStatus rv = SECFailure; | 767 SECStatus rv = SECFailure; |
763 int length; | 768 int length; |
764 PRBool isTLS, isTLS12; | 769 PRBool isTLS, isTLS12; |
765 SECItem signed_hash = {siBuffer, NULL, 0}; | 770 SECItem signed_hash = {siBuffer, NULL, 0}; |
766 SSL3Hashes hashes; | 771 SSL3Hashes hashes; |
767 | 772 |
768 SECKEYPublicKey * ecdhePub; | 773 SECKEYPublicKey * ecdhePub; |
769 SECItem ec_params = {siBuffer, NULL, 0}; | 774 SECItem ec_params = {siBuffer, NULL, 0}; |
(...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
970 0 /* end of list marker */ | 975 0 /* end of list marker */ |
971 }; | 976 }; |
972 | 977 |
973 /* On this socket, Disable the ECC cipher suites in the argument's list */ | 978 /* On this socket, Disable the ECC cipher suites in the argument's list */ |
974 SECStatus | 979 SECStatus |
975 ssl3_DisableECCSuites(sslSocket * ss, const ssl3CipherSuite * suite) | 980 ssl3_DisableECCSuites(sslSocket * ss, const ssl3CipherSuite * suite) |
976 { | 981 { |
977 if (!suite) | 982 if (!suite) |
978 suite = ecSuites; | 983 suite = ecSuites; |
979 for (; *suite; ++suite) { | 984 for (; *suite; ++suite) { |
980 SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); | 985 PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE)); |
981 | |
982 PORT_Assert(rv == SECSuccess); /* else is coding error */ | |
983 } | 986 } |
984 return SECSuccess; | 987 return SECSuccess; |
985 } | 988 } |
986 | 989 |
987 /* Look at the server certs configured on this socket, and disable any | 990 /* Look at the server certs configured on this socket, and disable any |
988 * ECC cipher suites that are not supported by those certs. | 991 * ECC cipher suites that are not supported by those certs. |
989 */ | 992 */ |
990 void | 993 void |
991 ssl3_FilterECCipherSuitesByServerCerts(sslSocket * ss) | 994 ssl3_FilterECCipherSuitesByServerCerts(sslSocket * ss) |
992 { | 995 { |
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1135 return 0; | 1138 return 0; |
1136 | 1139 |
1137 if (ssl3_SuiteBOnly(ss)) { | 1140 if (ssl3_SuiteBOnly(ss)) { |
1138 ecListSize = sizeof suiteBECList; | 1141 ecListSize = sizeof suiteBECList; |
1139 ecList = suiteBECList; | 1142 ecList = suiteBECList; |
1140 } else { | 1143 } else { |
1141 ecListSize = sizeof tlsECList; | 1144 ecListSize = sizeof tlsECList; |
1142 ecList = tlsECList; | 1145 ecList = tlsECList; |
1143 } | 1146 } |
1144 | 1147 |
1145 if (append && maxBytes >= ecListSize) { | 1148 if (maxBytes < (PRUint32)ecListSize) { |
| 1149 return 0; |
| 1150 } |
| 1151 if (append) { |
1146 SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize); | 1152 SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize); |
1147 if (rv != SECSuccess) | 1153 if (rv != SECSuccess) |
1148 return -1; | 1154 return -1; |
1149 if (!ss->sec.isServer) { | 1155 if (!ss->sec.isServer) { |
1150 TLSExtensionData *xtnData = &ss->xtnData; | 1156 TLSExtensionData *xtnData = &ss->xtnData; |
1151 xtnData->advertised[xtnData->numAdvertised++] = | 1157 xtnData->advertised[xtnData->numAdvertised++] = |
1152 ssl_elliptic_curves_xtn; | 1158 ssl_elliptic_curves_xtn; |
1153 } | 1159 } |
1154 } | 1160 } |
1155 return ecListSize; | 1161 return ecListSize; |
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1285 } | 1291 } |
1286 /* Our EC cert doesn't contain a mutually supported curve. | 1292 /* Our EC cert doesn't contain a mutually supported curve. |
1287 * Disable all ECC cipher suites that require an EC cert | 1293 * Disable all ECC cipher suites that require an EC cert |
1288 */ | 1294 */ |
1289 ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites); | 1295 ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites); |
1290 ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); | 1296 ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); |
1291 return SECSuccess; | 1297 return SECSuccess; |
1292 } | 1298 } |
1293 | 1299 |
1294 #endif /* NSS_DISABLE_ECC */ | 1300 #endif /* NSS_DISABLE_ECC */ |
OLD | NEW |