1339720 - Remove DISABLE_ECC

Status: RESOLVED FIXED

(NSS :: Libraries, defect)

Description

[Franziskus Kiefer [:franziskus]]

DISABLE_ECC is broken. We should remove it.

It seems some people still don't like ECC though [1].

[1] http://mozilla.6506.n7.nabble.com/Disabling-all-uses-of-elliptical-curves-td354147.html

Comment 1

[Franziskus Kiefer [:franziskus]]

Attachment: remove-disable_ecc.patch

Copy of https://nss-review.dev.mozaws.net/D264.
Bob could you have a look at this? We discussed this before and concluded that DISABLE_ECC is probably broken and we should remove it. This patch is doing that.

Comment 2

[Robert Relyea]

Comment on attachment 8904536 [details] [diff] [review]
remove-disable_ecc.patch

Review of attachment 8904536 [details] [diff] [review]:
-----------------------------------------------------------------

I also notice that we have some stray ifdef NSS_ENABLE_ECC in fipsfreebl.c that need to be removed. (I found them when I was running my module tests and found the ECC POST wasn't being called).

::: tests/ssl/ssl.sh
@@ +95,5 @@
>  
>    NON_EC_SUITES=":0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B"
>    NON_EC_SUITES="${NON_EC_SUITES}:0084:009C:009D:009E:009F:00A2:00A3:CCAAcdeinvyz"
>  
> +  ECC_STRING=" - with ECC"

In all the other tests you removed the 'with ECC' additional string, did you purposefully want to keep it for ssl?

Comment 3

[Franziskus Kiefer [:franziskus]]

Oh, I missed that ECC_STRING in ssl.sh. Removed it.

Landed as https://hg.mozilla.org/projects/nss/rev/69242366eb810294a1d8e512e60732d832fd3c8a

I filed bug 1397666 to remove the ifdef NSS_ENABLE_ECC from fipsfreebl.c.