Revert "Update NSS to 3.35-RTM"

This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.

1 files changed, 39 insertions, 5 deletions

diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c
index b28815ade..669c9b147 100644
--- a/security/nss/lib/freebl/ec.c
+++ b/security/nss/lib/freebl/ec.c
@@ -15,6 +15,8 @@
 #include "ec.h"
 #include "ecl.h"
 
+#ifndef NSS_DISABLE_ECC
+
 static const ECMethod kMethods[] = {
     { ECCurve25519,
       ec_Curve25519_pt_mul,
@@ -181,6 +183,7 @@ cleanup:
 
     return rv;
 }
+#endif /* NSS_DISABLE_ECC */
 
 /* Generates a new EC key pair. The private key is a supplied
  * value and the public key is the result of performing a scalar
@@ -191,6 +194,7 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
           const unsigned char *privKeyBytes, int privKeyLen)
 {
     SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
     PLArenaPool *arena;
     ECPrivateKey *key;
     mp_int k;
@@ -305,6 +309,9 @@ cleanup:
     printf("ec_NewKey returning %s\n",
            (rv == SECSuccess) ? "success" : "failure");
 #endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
@@ -319,10 +326,15 @@ EC_NewKeyFromSeed(ECParams *ecParams, ECPrivateKey **privKey,
                   const unsigned char *seed, int seedlen)
 {
     SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
     rv = ec_NewKey(ecParams, privKey, seed, seedlen);
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
     return rv;
 }
 
+#ifndef NSS_DISABLE_ECC
 /* Generate a random private key using the algorithm A.4.1 of ANSI X9.62,
  * modified a la FIPS 186-2 Change Notice 1 to eliminate the bias in the
  * random number generator.
@@ -379,6 +391,7 @@ cleanup:
     }
     return privKeyBytes;
 }
+#endif /* NSS_DISABLE_ECC */
 
 /* Generates a new EC key pair. The private key is a random value and
  * the public key is the result of performing a scalar point multiplication
@@ -388,6 +401,7 @@ SECStatus
 EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey)
 {
     SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
     int len;
     unsigned char *privKeyBytes = NULL;
 
@@ -411,6 +425,9 @@ cleanup:
     printf("EC_NewKey returning %s\n",
            (rv == SECSuccess) ? "success" : "failure");
 #endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
@@ -424,6 +441,7 @@ cleanup:
 SECStatus
 EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue)
 {
+#ifndef NSS_DISABLE_ECC
     mp_int Px, Py;
     ECGroup *group = NULL;
     SECStatus rv = SECFailure;
@@ -507,6 +525,10 @@ cleanup:
         rv = SECFailure;
     }
     return rv;
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+    return SECFailure;
+#endif /* NSS_DISABLE_ECC */
 }
 
 /*
@@ -527,6 +549,7 @@ ECDH_Derive(SECItem *publicValue,
             SECItem *derivedSecret)
 {
     SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
     unsigned int len = 0;
     SECItem pointQ = { siBuffer, NULL, 0 };
     mp_int k; /* to hold the private value */
@@ -566,11 +589,7 @@ ECDH_Derive(SECItem *publicValue,
             PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
             return SECFailure;
         }
-        rv = method->mul(derivedSecret, privateValue, publicValue);
-        if (rv != SECSuccess) {
-            SECITEM_ZfreeItem(derivedSecret, PR_FALSE);
-        }
-        return rv;
+        return method->mul(derivedSecret, privateValue, publicValue);
     }
 
     /*
@@ -635,6 +654,9 @@ cleanup:
     if (pointQ.data) {
         PORT_ZFree(pointQ.data, pointQ.len);
     }
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
@@ -648,6 +670,7 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
                          const SECItem *digest, const unsigned char *kb, const int kblen)
 {
     SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
     mp_int x1;
     mp_int d, k; /* private key, random integer */
     mp_int r, s; /* tuple (r, s) is the signature */
@@ -876,6 +899,9 @@ cleanup:
     printf("ECDSA signing with seed %s\n",
            (rv == SECSuccess) ? "succeeded" : "failed");
 #endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
@@ -888,6 +914,7 @@ SECStatus
 ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest)
 {
     SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
     int len;
     unsigned char *kBytes = NULL;
 
@@ -914,6 +941,9 @@ cleanup:
     printf("ECDSA signing %s\n",
            (rv == SECSuccess) ? "succeeded" : "failed");
 #endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
@@ -931,6 +961,7 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
                    const SECItem *digest)
 {
     SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
     mp_int r_, s_;       /* tuple (r', s') is received signature) */
     mp_int c, u1, u2, v; /* intermediate values used in verification */
     mp_int x1;
@@ -1130,6 +1161,9 @@ cleanup:
     printf("ECDSA verification %s\n",
            (rv == SECSuccess) ? "succeeded" : "failed");
 #endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }