From f1a0f0a56fdd0fc39f255174ce08c06b91c66c94 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@gmail.com>
Date: Fri, 23 Feb 2018 11:04:39 +0100
Subject: Update NSS to 3.35-RTM

---
 security/nss/lib/freebl/ec.c | 44 +++++---------------------------------------
 1 file changed, 5 insertions(+), 39 deletions(-)

(limited to 'security/nss/lib/freebl/ec.c')

diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c
index 669c9b147..b28815ade 100644
--- a/security/nss/lib/freebl/ec.c
+++ b/security/nss/lib/freebl/ec.c
@@ -15,8 +15,6 @@
 #include "ec.h"
 #include "ecl.h"
 
-#ifndef NSS_DISABLE_ECC
-
 static const ECMethod kMethods[] = {
     { ECCurve25519,
       ec_Curve25519_pt_mul,
@@ -183,7 +181,6 @@ cleanup:
 
     return rv;
 }
-#endif /* NSS_DISABLE_ECC */
 
 /* Generates a new EC key pair. The private key is a supplied
  * value and the public key is the result of performing a scalar
@@ -194,7 +191,6 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
           const unsigned char *privKeyBytes, int privKeyLen)
 {
     SECStatus rv = SECFailure;
-#ifndef NSS_DISABLE_ECC
     PLArenaPool *arena;
     ECPrivateKey *key;
     mp_int k;
@@ -309,9 +305,6 @@ cleanup:
     printf("ec_NewKey returning %s\n",
            (rv == SECSuccess) ? "success" : "failure");
 #endif
-#else
-    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
@@ -326,15 +319,10 @@ EC_NewKeyFromSeed(ECParams *ecParams, ECPrivateKey **privKey,
                   const unsigned char *seed, int seedlen)
 {
     SECStatus rv = SECFailure;
-#ifndef NSS_DISABLE_ECC
     rv = ec_NewKey(ecParams, privKey, seed, seedlen);
-#else
-    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_DISABLE_ECC */
     return rv;
 }
 
-#ifndef NSS_DISABLE_ECC
 /* Generate a random private key using the algorithm A.4.1 of ANSI X9.62,
  * modified a la FIPS 186-2 Change Notice 1 to eliminate the bias in the
  * random number generator.
@@ -391,7 +379,6 @@ cleanup:
     }
     return privKeyBytes;
 }
-#endif /* NSS_DISABLE_ECC */
 
 /* Generates a new EC key pair. The private key is a random value and
  * the public key is the result of performing a scalar point multiplication
@@ -401,7 +388,6 @@ SECStatus
 EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey)
 {
     SECStatus rv = SECFailure;
-#ifndef NSS_DISABLE_ECC
     int len;
     unsigned char *privKeyBytes = NULL;
 
@@ -425,9 +411,6 @@ cleanup:
     printf("EC_NewKey returning %s\n",
            (rv == SECSuccess) ? "success" : "failure");
 #endif
-#else
-    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
@@ -441,7 +424,6 @@ cleanup:
 SECStatus
 EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue)
 {
-#ifndef NSS_DISABLE_ECC
     mp_int Px, Py;
     ECGroup *group = NULL;
     SECStatus rv = SECFailure;
@@ -525,10 +507,6 @@ cleanup:
         rv = SECFailure;
     }
     return rv;
-#else
-    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-    return SECFailure;
-#endif /* NSS_DISABLE_ECC */
 }
 
 /*
@@ -549,7 +527,6 @@ ECDH_Derive(SECItem *publicValue,
             SECItem *derivedSecret)
 {
     SECStatus rv = SECFailure;
-#ifndef NSS_DISABLE_ECC
     unsigned int len = 0;
     SECItem pointQ = { siBuffer, NULL, 0 };
     mp_int k; /* to hold the private value */
@@ -589,7 +566,11 @@ ECDH_Derive(SECItem *publicValue,
             PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
             return SECFailure;
         }
-        return method->mul(derivedSecret, privateValue, publicValue);
+        rv = method->mul(derivedSecret, privateValue, publicValue);
+        if (rv != SECSuccess) {
+            SECITEM_ZfreeItem(derivedSecret, PR_FALSE);
+        }
+        return rv;
     }
 
     /*
@@ -654,9 +635,6 @@ cleanup:
     if (pointQ.data) {
         PORT_ZFree(pointQ.data, pointQ.len);
     }
-#else
-    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
@@ -670,7 +648,6 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
                          const SECItem *digest, const unsigned char *kb, const int kblen)
 {
     SECStatus rv = SECFailure;
-#ifndef NSS_DISABLE_ECC
     mp_int x1;
     mp_int d, k; /* private key, random integer */
     mp_int r, s; /* tuple (r, s) is the signature */
@@ -899,9 +876,6 @@ cleanup:
     printf("ECDSA signing with seed %s\n",
            (rv == SECSuccess) ? "succeeded" : "failed");
 #endif
-#else
-    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
@@ -914,7 +888,6 @@ SECStatus
 ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest)
 {
     SECStatus rv = SECFailure;
-#ifndef NSS_DISABLE_ECC
     int len;
     unsigned char *kBytes = NULL;
 
@@ -941,9 +914,6 @@ cleanup:
     printf("ECDSA signing %s\n",
            (rv == SECSuccess) ? "succeeded" : "failed");
 #endif
-#else
-    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
@@ -961,7 +931,6 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
                    const SECItem *digest)
 {
     SECStatus rv = SECFailure;
-#ifndef NSS_DISABLE_ECC
     mp_int r_, s_;       /* tuple (r', s') is received signature) */
     mp_int c, u1, u2, v; /* intermediate values used in verification */
     mp_int x1;
@@ -1161,9 +1130,6 @@ cleanup:
     printf("ECDSA verification %s\n",
            (rv == SECSuccess) ? "succeeded" : "failed");
 #endif
-#else
-    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_DISABLE_ECC */
 
     return rv;
 }
-- 
cgit v1.2.3