From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 22 Apr 2025 13:25:39 +0000 (-0400)
Subject: Unrelated: fix warnings about NSS kex algorithms.
X-Git-Tag: tor-0.4.9.3-alpha~49^2~18
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7dd27e9d84bfa087954b5b62bc94664856f0c81e;p=thirdparty%2Ftor.git

Unrelated: fix warnings about NSS kex algorithms.
---

diff --git a/configure.ac b/configure.ac
index d4ddda1c35..523552a767 100644
--- a/configure.ac
+++ b/configure.ac
@@ -979,6 +979,23 @@ if test "x$enable_nss" = "xyes"; then
      [have_nss=no; AC_MSG_ERROR([You asked for NSS but I can't find it, $pkg_config_user_action, or set NSS_CFLAGS and NSS_LIBS.])])
   AC_SUBST(NSS_CFLAGS)
   AC_SUBST(NSS_LIBS)
+
+  save_CFLAGS="$CFLAGS"
+  save_LIBS="$LIBS"
+  LIBS="$LIBS $NSS_LIBS"
+  CFLAGS="$CFLAGS $NSS_CFLAGS"
+  AC_MSG_CHECKING([whether NSS defines ssl_kea_ecdh_hybrid(_psk)])
+  AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+    #include <sslt.h>
+    int v = (int) ssl_kea_ecdh_hybrid_psk;
+    int v2 = (int) ssl_kea_ecdh_hybrid;
+    ]], [[]])],
+    [ AC_MSG_RESULT([yes]);
+      AC_DEFINE(NSS_HAS_ECDH_HYBRID, 1, [whether nss defines ecdh_hybrid key exchange.])
+    ],
+    [ AC_MSG_RESULT([no]) ])
+  LIBS="$save_LIBS"
+  CPPFLAGS="$save_CPPFLAGS"
 fi
 
 dnl ------------------------------------------------------
diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c
index 40e74117e0..d088d32e01 100644
--- a/src/lib/tls/tortls_nss.c
+++ b/src/lib/tls/tortls_nss.c
@@ -76,6 +76,11 @@ we_like_ssl_kea(SSLKEAType kt)
     case ssl_kea_ecdh_psk: return false;
     case ssl_kea_dh_psk: return false;
 
+#ifdef NSS_HAS_ECDH_HYBRID
+    case ssl_kea_ecdh_hybrid_psk: return false;
+    case ssl_kea_ecdh_hybrid: return true;
+#endif
+
     case ssl_kea_dh: return true;
     case ssl_kea_ecdh: return true;
     case ssl_kea_tls13_any: return true;