commit 7dd27e9d84bfa087954b5b62bc94664856f0c81e
parent 58248adab617eb240d6d8accd7620a1cabc1a1ff
Author: Nick Mathewson <nickm@torproject.org>
Date: Tue, 22 Apr 2025 09:25:39 -0400
Unrelated: fix warnings about NSS kex algorithms.
Diffstat:
2 files changed, 22 insertions(+), 0 deletions(-)
diff --git a/configure.ac b/configure.ac
@@ -979,6 +979,23 @@ if test "x$enable_nss" = "xyes"; then
[have_nss=no; AC_MSG_ERROR([You asked for NSS but I can't find it, $pkg_config_user_action, or set NSS_CFLAGS and NSS_LIBS.])])
AC_SUBST(NSS_CFLAGS)
AC_SUBST(NSS_LIBS)
+
+ save_CFLAGS="$CFLAGS"
+ save_LIBS="$LIBS"
+ LIBS="$LIBS $NSS_LIBS"
+ CFLAGS="$CFLAGS $NSS_CFLAGS"
+ AC_MSG_CHECKING([whether NSS defines ssl_kea_ecdh_hybrid(_psk)])
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+ #include <sslt.h>
+ int v = (int) ssl_kea_ecdh_hybrid_psk;
+ int v2 = (int) ssl_kea_ecdh_hybrid;
+ ]], [[]])],
+ [ AC_MSG_RESULT([yes]);
+ AC_DEFINE(NSS_HAS_ECDH_HYBRID, 1, [whether nss defines ecdh_hybrid key exchange.])
+ ],
+ [ AC_MSG_RESULT([no]) ])
+ LIBS="$save_LIBS"
+ CPPFLAGS="$save_CPPFLAGS"
fi
dnl ------------------------------------------------------
diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c
@@ -76,6 +76,11 @@ we_like_ssl_kea(SSLKEAType kt)
case ssl_kea_ecdh_psk: return false;
case ssl_kea_dh_psk: return false;
+#ifdef NSS_HAS_ECDH_HYBRID
+ case ssl_kea_ecdh_hybrid_psk: return false;
+ case ssl_kea_ecdh_hybrid: return true;
+#endif
+
case ssl_kea_dh: return true;
case ssl_kea_ecdh: return true;
case ssl_kea_tls13_any: return true;
