From 130d543f3a7c33196bef386b4ee87ccc4ed53d0b Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Wed, 7 Feb 2024 14:59:31 -0600
Subject: [PATCH] Update kea_alg_defs to match NSS 3.97

The kea_alg_defs array in SSLCipher.c has been updated to match
the one defined in NSS 3.97. The assertion that compares the size
of the array with ssl_kea_size has also been removed. These
changes will allow JSS to work with the newer NSS 3.97 on Fedora
Rawhide as well as the older NSS versions on other platforms.

Resolves: https://github.com/dogtagpki/jss/issues/991
---
 native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c b/native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c
index 4f2dacb0b..ea739617a 100644
--- a/native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c
+++ b/native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c
@@ -23,7 +23,7 @@ static const CK_MECHANISM_TYPE auth_alg_defs[] = {
 };
 PR_STATIC_ASSERT(PR_ARRAY_SIZE(auth_alg_defs) == ssl_auth_size);
 
-/* Copied from NSS's ssl3con.c. */
+/* Copied from NSS 3.97's ssl3con.c. */
 static const CK_MECHANISM_TYPE kea_alg_defs[] = {
     CKM_INVALID_MECHANISM, /* ssl_kea_null */
     CKM_RSA_PKCS,          /* ssl_kea_rsa */
@@ -33,8 +33,9 @@ static const CK_MECHANISM_TYPE kea_alg_defs[] = {
     CKM_ECDH1_DERIVE,      /* ssl_kea_ecdh_psk */
     CKM_DH_PKCS_DERIVE,    /* ssl_kea_dh_psk */
     CKM_INVALID_MECHANISM, /* ssl_kea_tls13_any */
+    CKM_INVALID_MECHANISM, /* ssl_kea_ecdh_hybrid */
+    CKM_INVALID_MECHANISM, /* ssl_kea_ecdh_hybrid_psk */
 };
-PR_STATIC_ASSERT(PR_ARRAY_SIZE(kea_alg_defs) == ssl_kea_size);
 
 #ifdef HAVE_NSS_CIPHER_SUITE_INFO_KDFHASH
 /* Not present in ssl3con.c. */