mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 10:44:56 +00:00
Bug 967153: Update to NSS 3.16 beta 4 (NSS 3_16_BETA4), r=me
--HG-- extra : rebase_source : 192fdf657daa1aae51d9f163b074b8eb6a7aac13
This commit is contained in:
parent
ef27cecd0f
commit
94f4494879
@ -1 +1 @@
|
||||
NSS_3_16_BETA3
|
||||
NSS_3_16_BETA4
|
||||
|
@ -19,8 +19,6 @@ ARCH=$(uname -s)
|
||||
|
||||
ulimit -c unlimited 2> /dev/null
|
||||
|
||||
export NSS_ENABLE_ECC=1
|
||||
export NSS_ECC_MORE_THAN_SUITE_B=1
|
||||
export NSPR_LOG_MODULES="pkix:1"
|
||||
|
||||
#export JAVA_HOME_32=
|
||||
|
@ -288,7 +288,7 @@ prepare()
|
||||
mv ${OUTPUTDIR} ${OUTPUTDIR}.last >/dev/null 2>&1
|
||||
mkdir -p ${OUTPUTDIR}
|
||||
|
||||
if [ -n "${NSS_ENABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then
|
||||
if [ -z "${NSS_DISABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then
|
||||
cd ${HGDIR}/nss
|
||||
ECF="lib/freebl/ecl/ecl-curve.h"
|
||||
print_log "hg revert -r NSS_3_11_1_RTM ${ECF}"
|
||||
|
@ -21,7 +21,7 @@
|
||||
#include "secoid.h"
|
||||
#include "nssutil.h"
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
#include "ecl-curve.h"
|
||||
SECStatus EC_DecodeParams(const SECItem *encodedParams,
|
||||
ECParams **ecparams);
|
||||
@ -133,7 +133,7 @@ static void Usage()
|
||||
PRINTUSAGE(progName, "-S -m mode", "Sign a buffer");
|
||||
PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]");
|
||||
PRINTUSAGE("", "", "[-b bufsize]");
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
PRINTUSAGE("", "", "[-n curvename]");
|
||||
#endif
|
||||
PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
|
||||
@ -141,7 +141,7 @@ static void Usage()
|
||||
PRINTUSAGE("", "-i", "file which contains input buffer");
|
||||
PRINTUSAGE("", "-o", "file for signature");
|
||||
PRINTUSAGE("", "-k", "file which contains key");
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:");
|
||||
PRINTUSAGE("", "", " sect163k1, nistk163, sect163r1, sect163r2,");
|
||||
PRINTUSAGE("", "", " nistb163, sect193r1, sect193r2, sect233k1, nistk233,");
|
||||
@ -390,7 +390,7 @@ dsakey_from_filedata(SECItem *filedata)
|
||||
return key;
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
static ECPrivateKey *
|
||||
eckey_from_filedata(SECItem *filedata)
|
||||
{
|
||||
@ -544,7 +544,7 @@ getECParams(const char *curve)
|
||||
|
||||
return ecparams;
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
static void
|
||||
dump_pqg(PQGParams *pqg)
|
||||
@ -562,7 +562,7 @@ dump_dsakey(DSAPrivateKey *key)
|
||||
SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0);
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
static void
|
||||
dump_ecp(ECParams *ecp)
|
||||
{
|
||||
@ -651,7 +651,7 @@ typedef enum {
|
||||
bltestRSA, /* Public Key Ciphers */
|
||||
bltestRSA_OAEP, /* . (Public Key Enc.) */
|
||||
bltestRSA_PSS, /* . (Public Key Sig.) */
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
bltestECDSA, /* . (Public Key Sig.) */
|
||||
#endif
|
||||
bltestDSA, /* . (Public Key Sig.) */
|
||||
@ -690,7 +690,7 @@ static char *mode_strings[] =
|
||||
"rsa",
|
||||
"rsa_oaep",
|
||||
"rsa_pss",
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
"ecdsa",
|
||||
#endif
|
||||
/*"pqg",*/
|
||||
@ -744,7 +744,7 @@ typedef struct
|
||||
PQGParams *pqg;
|
||||
} bltestDSAParams;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
typedef struct
|
||||
{
|
||||
char *curveName;
|
||||
@ -763,7 +763,7 @@ typedef struct
|
||||
union {
|
||||
bltestRSAParams rsa;
|
||||
bltestDSAParams dsa;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
bltestECDSAParams ecdsa;
|
||||
#endif
|
||||
} cipherParams;
|
||||
@ -1266,7 +1266,7 @@ dsa_verifyDigest(void *cx, SECItem *output, const SECItem *input)
|
||||
return DSA_VerifyDigest((DSAPublicKey *)params->pubKey, output, input);
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
SECStatus
|
||||
ecdsa_signDigest(void *cx, SECItem *output, const SECItem *input)
|
||||
{
|
||||
@ -1720,7 +1720,7 @@ bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
SECStatus
|
||||
bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
|
||||
{
|
||||
@ -2077,7 +2077,7 @@ finish:
|
||||
|
||||
SECStatus
|
||||
pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
int keysize, int exponent, char *curveName)
|
||||
#else
|
||||
int keysize, int exponent)
|
||||
@ -2090,7 +2090,7 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
|
||||
RSAPrivateKey **rsaKey = NULL;
|
||||
bltestDSAParams *dsap;
|
||||
DSAPrivateKey **dsaKey = NULL;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
SECItem *tmpECParamsDER;
|
||||
ECParams *tmpECParams = NULL;
|
||||
SECItem ecSerialize[3];
|
||||
@ -2132,7 +2132,7 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
|
||||
dsap->keysize = (*dsaKey)->params.prime.len*8;
|
||||
}
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case bltestECDSA:
|
||||
ecKey = (ECPrivateKey **)&asymk->privKey;
|
||||
if (curveName != NULL) {
|
||||
@ -2244,7 +2244,7 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
|
||||
}
|
||||
return bltest_dsa_init(cipherInfo, encrypt);
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case bltestECDSA:
|
||||
if (encrypt) {
|
||||
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
|
||||
@ -2494,7 +2494,7 @@ cipherFinish(bltestCipherInfo *cipherInfo)
|
||||
case bltestRSA_PSS: /* will be freed with it. */
|
||||
case bltestRSA_OAEP:
|
||||
case bltestDSA:
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case bltestECDSA:
|
||||
#endif
|
||||
case bltestMD2: /* hash contexts are ephemeral */
|
||||
@ -2674,7 +2674,7 @@ print_td:
|
||||
fprintf(stdout, "%8d", info->params.asymk.cipherParams.dsa.keysize);
|
||||
}
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case bltestECDSA:
|
||||
if (td) {
|
||||
fprintf(stdout, "%12s", "ec_curve");
|
||||
@ -2906,7 +2906,7 @@ get_params(PLArenaPool *arena, bltestParams *params,
|
||||
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j);
|
||||
load_file_data(arena, ¶ms->asymk.sig, filename, bltestBase64Encoded);
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case bltestECDSA:
|
||||
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
|
||||
load_file_data(arena, ¶ms->asymk.key, filename, bltestBase64Encoded);
|
||||
@ -3128,7 +3128,7 @@ dump_file(bltestCipherMode mode, char *filename)
|
||||
load_file_data(arena, &keydata, filename, bltestBase64Encoded);
|
||||
key = dsakey_from_filedata(&keydata.buf);
|
||||
dump_dsakey(key);
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
} else if (mode == bltestECDSA) {
|
||||
ECPrivateKey *key;
|
||||
load_file_data(arena, &keydata, filename, bltestBase64Encoded);
|
||||
@ -3373,7 +3373,7 @@ enum {
|
||||
opt_Key,
|
||||
opt_HexWSpc,
|
||||
opt_Mode,
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
opt_CurveName,
|
||||
#endif
|
||||
opt_Output,
|
||||
@ -3426,7 +3426,7 @@ static secuCommandFlag bltest_options[] =
|
||||
{ /* opt_Key */ 'k', PR_TRUE, 0, PR_FALSE },
|
||||
{ /* opt_HexWSpc */ 'l', PR_FALSE, 0, PR_FALSE },
|
||||
{ /* opt_Mode */ 'm', PR_TRUE, 0, PR_FALSE },
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
{ /* opt_CurveName */ 'n', PR_TRUE, 0, PR_FALSE },
|
||||
#endif
|
||||
{ /* opt_Output */ 'o', PR_TRUE, 0, PR_FALSE },
|
||||
@ -3461,7 +3461,7 @@ int main(int argc, char **argv)
|
||||
bltestCipherInfo *cipherInfoListHead, *cipherInfo;
|
||||
bltestIOMode ioMode;
|
||||
int bufsize, exponent, curThrdNum;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
char *curveName = NULL;
|
||||
#endif
|
||||
int i, commandsEntered;
|
||||
@ -3695,7 +3695,7 @@ int main(int argc, char **argv)
|
||||
else
|
||||
exponent = 65537;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
if (bltest.options[opt_CurveName].activated)
|
||||
curveName = PORT_Strdup(bltest.options[opt_CurveName].arg);
|
||||
else
|
||||
@ -3783,7 +3783,7 @@ int main(int argc, char **argv)
|
||||
file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660);
|
||||
}
|
||||
params->key.mode = bltestBase64Encoded;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
pubkeyInitKey(cipherInfo, file, keysize, exponent, curveName);
|
||||
#else
|
||||
pubkeyInitKey(cipherInfo, file, keysize, exponent);
|
||||
|
@ -968,7 +968,7 @@ PrintSyntax(char *progName)
|
||||
"\t\t [-f pwfile] [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
|
||||
FPS "\t%s -G [-h token-name] -k dsa [-q pqgfile -g key-size] [-f pwfile]\n"
|
||||
"\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
FPS "\t%s -G [-h token-name] -k ec -q curve [-f pwfile]\n"
|
||||
"\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
|
||||
FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|ec|rsa|all]\n",
|
||||
@ -976,7 +976,7 @@ PrintSyntax(char *progName)
|
||||
#else
|
||||
FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|rsa|all]\n",
|
||||
progName);
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
FPS "\t\t [-f pwfile] [-X] [-d certdir] [-P dbprefix]\n");
|
||||
FPS "\t%s --upgrade-merge --source-dir upgradeDir --upgrade-id uniqueID\n",
|
||||
progName);
|
||||
@ -1155,7 +1155,7 @@ static void luG(enum usage_level ul, const char *command)
|
||||
return;
|
||||
FPS "%-20s Name of token in which to generate key (default is internal)\n",
|
||||
" -h token-name");
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
|
||||
" -k key-type");
|
||||
FPS "%-20s Key size in bits, (min %d, max %d, default %d) (not for ec)\n",
|
||||
@ -1165,7 +1165,7 @@ static void luG(enum usage_level ul, const char *command)
|
||||
" -k key-type");
|
||||
FPS "%-20s Key size in bits, (min %d, max %d, default %d)\n",
|
||||
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
FPS "%-20s Set the public exponent value (3, 17, 65537) (rsa only)\n",
|
||||
" -y exp");
|
||||
FPS "%-20s Specify the password file\n",
|
||||
@ -1174,7 +1174,7 @@ static void luG(enum usage_level ul, const char *command)
|
||||
" -z noisefile");
|
||||
FPS "%-20s read PQG value from pqgfile (dsa only)\n",
|
||||
" -q pqgfile");
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
FPS "%-20s Elliptic curve name (ec only)\n",
|
||||
" -q curve-name");
|
||||
FPS "%-20s One of nistp256, nistp384, nistp521\n", "");
|
||||
@ -1286,7 +1286,7 @@ static void luK(enum usage_level ul, const char *command)
|
||||
" -h token-name ");
|
||||
|
||||
FPS "%-20s Key type (\"all\" (default), \"dsa\","
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
" \"ec\","
|
||||
#endif
|
||||
" \"rsa\")\n",
|
||||
@ -1418,11 +1418,11 @@ static void luR(enum usage_level ul, const char *command)
|
||||
" -s subject");
|
||||
FPS "%-20s Output the cert request to this file\n",
|
||||
" -o output-req");
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
|
||||
#else
|
||||
FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
" -k key-type-or-id");
|
||||
FPS "%-20s or nickname of the cert key to use \n",
|
||||
"");
|
||||
@ -1432,12 +1432,12 @@ static void luR(enum usage_level ul, const char *command)
|
||||
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
|
||||
FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
|
||||
" -q pqgfile");
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
FPS "%-20s Elliptic curve name (ec only)\n",
|
||||
" -q curve-name");
|
||||
FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
|
||||
"");
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
FPS "%-20s Specify the password file\n",
|
||||
" -f pwfile");
|
||||
FPS "%-20s Key database directory (default is ~/.netscape)\n",
|
||||
@ -1570,11 +1570,11 @@ static void luS(enum usage_level ul, const char *command)
|
||||
" -c issuer-name");
|
||||
FPS "%-20s Set the certificate trust attributes (see -A above)\n",
|
||||
" -t trustargs");
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
|
||||
#else
|
||||
FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
" -k key-type-or-id");
|
||||
FPS "%-20s Name of token in which to generate key (default is internal)\n",
|
||||
" -h token-name");
|
||||
@ -1582,12 +1582,12 @@ static void luS(enum usage_level ul, const char *command)
|
||||
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
|
||||
FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
|
||||
" -q pqgfile");
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
FPS "%-20s Elliptic curve name (ec only)\n",
|
||||
" -q curve-name");
|
||||
FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
|
||||
"");
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
FPS "%-20s Self sign\n",
|
||||
" -x");
|
||||
FPS "%-20s Cert serial number\n",
|
||||
@ -2448,12 +2448,12 @@ certutil_main(int argc, char **argv, PRBool initialize)
|
||||
progName, MIN_KEY_BITS, MAX_KEY_BITS);
|
||||
return 255;
|
||||
}
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
if (keytype == ecKey) {
|
||||
PR_fprintf(PR_STDERR, "%s -g: Not for ec keys.\n", progName);
|
||||
return 255;
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
}
|
||||
|
||||
@ -2483,10 +2483,10 @@ certutil_main(int argc, char **argv, PRBool initialize)
|
||||
keytype = rsaKey;
|
||||
} else if (PL_strcmp(arg, "dsa") == 0) {
|
||||
keytype = dsaKey;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
} else if (PL_strcmp(arg, "ec") == 0) {
|
||||
keytype = ecKey;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
} else if (PL_strcmp(arg, "all") == 0) {
|
||||
keytype = nullKey;
|
||||
} else {
|
||||
@ -2539,7 +2539,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
|
||||
|
||||
/* -q PQG file or curve name */
|
||||
if (certutil.options[opt_PQGFile].activated) {
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
if ((keytype != dsaKey) && (keytype != ecKey)) {
|
||||
PR_fprintf(PR_STDERR, "%s -q: specifies a PQG file for DSA keys" \
|
||||
" (-k dsa) or a named curve for EC keys (-k ec)\n)",
|
||||
@ -2548,7 +2548,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
|
||||
if (keytype != dsaKey) {
|
||||
PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)",
|
||||
progName);
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
return 255;
|
||||
}
|
||||
}
|
||||
|
@ -356,7 +356,7 @@ CERTUTIL_FileForRNG(const char *noise)
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
typedef struct curveNameTagPairStr {
|
||||
char *curveName;
|
||||
SECOidTag curveOidTag;
|
||||
@ -484,7 +484,7 @@ getECParams(const char *curve)
|
||||
|
||||
return ecparams;
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
SECKEYPrivateKey *
|
||||
CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
|
||||
@ -545,14 +545,14 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
|
||||
params = (void *)&default_pqg_params;
|
||||
}
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case ecKey:
|
||||
mechanism = CKM_EC_KEY_PAIR_GEN;
|
||||
/* For EC keys, PQGFile determines EC parameters */
|
||||
if ((params = (void *) getECParams(pqgFile)) == NULL)
|
||||
return NULL;
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
@ -567,7 +567,7 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
|
||||
switch (keytype) {
|
||||
case dsaKey: if (dsaparams) CERTUTIL_DestroyParamsPQG(dsaparams);
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case ecKey: SECITEM_FreeItem((SECItem *)params, PR_TRUE); break;
|
||||
#endif
|
||||
default: /* nothing to free */ break;
|
||||
|
@ -22,7 +22,7 @@
|
||||
#include "../../lib/freebl/mpi/mpi.h"
|
||||
#endif
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
extern SECStatus
|
||||
EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams);
|
||||
extern SECStatus
|
||||
@ -1849,7 +1849,7 @@ int get_next_line(FILE *req, char *key, char *val, FILE *rsp)
|
||||
return (c == EOF) ? -1 : ignore;
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
typedef struct curveNameTagPairStr {
|
||||
char *curveName;
|
||||
SECOidTag curveOidTag;
|
||||
@ -2530,7 +2530,7 @@ loser:
|
||||
}
|
||||
fclose(ecdsareq);
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
|
||||
/*
|
||||
@ -5327,7 +5327,7 @@ int main(int argc, char **argv)
|
||||
/* Signature Verification Test */
|
||||
dsa_sigver_test(argv[3]);
|
||||
}
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
/*************/
|
||||
/* ECDSA */
|
||||
/*************/
|
||||
@ -5346,7 +5346,7 @@ int main(int argc, char **argv)
|
||||
/* Signature Verification Test */
|
||||
ecdsa_sigver_test(argv[3]);
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
/*************/
|
||||
/* RNG */
|
||||
/*************/
|
||||
|
@ -1364,7 +1364,7 @@ secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level)
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
static void
|
||||
secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
|
||||
{
|
||||
@ -1382,7 +1382,7 @@ secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
|
||||
SECU_PrintObjectID(out, &curveOID, "Curve", level +1);
|
||||
}
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
void
|
||||
SECU_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
|
||||
@ -1426,7 +1426,7 @@ secu_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena,
|
||||
SECU_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1);
|
||||
break;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case ecKey:
|
||||
secu_PrintECPublicKey(out, pk, "EC Public Key", level +1);
|
||||
break;
|
||||
|
@ -160,11 +160,11 @@ PrintUsageHeader(const char *progName)
|
||||
" [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n"
|
||||
" [-V [min-version]:[max-version]] [-a sni_name]\n"
|
||||
" [ T <good|revoked|unknown|badsig|corrupted|none|ocsp>] [-A ca]\n"
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
" [-C SSLCacheEntries] [-e ec_nickname]\n"
|
||||
#else
|
||||
" [-C SSLCacheEntries]\n"
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
,progName);
|
||||
}
|
||||
|
||||
@ -2133,7 +2133,7 @@ main(int argc, char **argv)
|
||||
{
|
||||
char * progName = NULL;
|
||||
char * nickName = NULL;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
char * ecNickName = NULL;
|
||||
#endif
|
||||
const char * fileName = NULL;
|
||||
@ -2246,9 +2246,9 @@ main(int argc, char **argv)
|
||||
|
||||
case 'd': dir = optstate->value; break;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case 'e': ecNickName = PORT_Strdup(optstate->value); break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
case 'f':
|
||||
pwdata.source = PW_FROMFILE;
|
||||
@ -2362,7 +2362,7 @@ main(int argc, char **argv)
|
||||
}
|
||||
|
||||
if ((nickName == NULL)
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
&& (ecNickName == NULL)
|
||||
#endif
|
||||
) {
|
||||
@ -2593,7 +2593,7 @@ main(int argc, char **argv)
|
||||
setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_rsa], kt_rsa,
|
||||
&pwdata);
|
||||
}
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
if (ecNickName) {
|
||||
cert[kt_ecdh] = PK11_FindCertFromNickname(ecNickName, &pwdata);
|
||||
if (cert[kt_ecdh] == NULL) {
|
||||
@ -2620,7 +2620,7 @@ main(int argc, char **argv)
|
||||
setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_ecdh], kt_ecdh,
|
||||
&pwdata);
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
if (testbypass)
|
||||
goto cleanup;
|
||||
@ -2691,7 +2691,7 @@ cleanup:
|
||||
if (certPrefix && certPrefix != emptyString) {
|
||||
PORT_Free(certPrefix);
|
||||
}
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
if (ecNickName) {
|
||||
PORT_Free(ecNickName);
|
||||
}
|
||||
|
@ -146,10 +146,10 @@ endif
|
||||
# [16.0] Global environ ment defines
|
||||
#######################################################################
|
||||
|
||||
ifdef NSS_ENABLE_ECC
|
||||
DEFINES += -DNSS_ENABLE_ECC
|
||||
ifdef NSS_DISABLE_ECC
|
||||
DEFINES += -DNSS_DISABLE_ECC
|
||||
endif
|
||||
|
||||
|
||||
ifdef NSS_ECC_MORE_THAN_SUITE_B
|
||||
DEFINES += -DNSS_ECC_MORE_THAN_SUITE_B
|
||||
endif
|
||||
|
@ -10,4 +10,3 @@
|
||||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
@ -32,7 +32,6 @@ CVS_CHECKOUT_BRANCH="cvs_checkout_${BRANCH}"
|
||||
export HOST=`hostname`
|
||||
export DOMSUF=red.iplanet.com
|
||||
|
||||
export NSS_ENABLE_ECC=1
|
||||
export NSS_ECC_MORE_THAN_SUITE_B=1
|
||||
export IOPR_HOSTADDR_LIST="dochinups.red.iplanet.com"
|
||||
export NSS_AIA_PATH="/share/builds/mccrel3/security/aia_certs"
|
||||
|
@ -449,14 +449,14 @@ else
|
||||
endif # Solaris for non-sparc family CPUs
|
||||
endif # target == SunOS
|
||||
|
||||
ifdef NSS_ENABLE_ECC
|
||||
ifndef NSS_DISABLE_ECC
|
||||
ifdef ECL_USE_FP
|
||||
#enable floating point ECC code
|
||||
DEFINES += -DECL_USE_FP
|
||||
ECL_SRCS += ecp_fp160.c ecp_fp192.c ecp_fp224.c ecp_fp.c
|
||||
ECL_HDRS += ecp_fp.h
|
||||
endif
|
||||
endif # NSS_ENABLE_ECC
|
||||
endif
|
||||
|
||||
#######################################################################
|
||||
# (5) Execute "global" rules. (OPTIONAL) #
|
||||
|
@ -16,7 +16,7 @@
|
||||
#include "ec.h"
|
||||
#include "ecl.h"
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
|
||||
/*
|
||||
* Returns true if pointP is the point at infinity, false otherwise
|
||||
@ -192,7 +192,7 @@ cleanup:
|
||||
|
||||
return rv;
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
/* Generates a new EC key pair. The private key is a supplied
|
||||
* value and the public key is the result of performing a scalar
|
||||
@ -203,7 +203,7 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
|
||||
const unsigned char *privKeyBytes, int privKeyLen)
|
||||
{
|
||||
SECStatus rv = SECFailure;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
PLArenaPool *arena;
|
||||
ECPrivateKey *key;
|
||||
mp_int k;
|
||||
@ -301,7 +301,7 @@ cleanup:
|
||||
#endif
|
||||
#else
|
||||
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
return rv;
|
||||
|
||||
@ -317,15 +317,15 @@ EC_NewKeyFromSeed(ECParams *ecParams, ECPrivateKey **privKey,
|
||||
const unsigned char *seed, int seedlen)
|
||||
{
|
||||
SECStatus rv = SECFailure;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
rv = ec_NewKey(ecParams, privKey, seed, seedlen);
|
||||
#else
|
||||
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
return rv;
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
/* Generate a random private key using the algorithm A.4.1 of ANSI X9.62,
|
||||
* modified a la FIPS 186-2 Change Notice 1 to eliminate the bias in the
|
||||
* random number generator.
|
||||
@ -381,7 +381,7 @@ cleanup:
|
||||
}
|
||||
return privKeyBytes;
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
/* Generates a new EC key pair. The private key is a random value and
|
||||
* the public key is the result of performing a scalar point multiplication
|
||||
@ -391,7 +391,7 @@ SECStatus
|
||||
EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey)
|
||||
{
|
||||
SECStatus rv = SECFailure;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
int len;
|
||||
unsigned char *privKeyBytes = NULL;
|
||||
|
||||
@ -416,7 +416,7 @@ cleanup:
|
||||
#endif
|
||||
#else
|
||||
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
return rv;
|
||||
}
|
||||
@ -430,7 +430,7 @@ cleanup:
|
||||
SECStatus
|
||||
EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue)
|
||||
{
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
mp_int Px, Py;
|
||||
ECGroup *group = NULL;
|
||||
SECStatus rv = SECFailure;
|
||||
@ -506,7 +506,7 @@ cleanup:
|
||||
#else
|
||||
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
|
||||
return SECFailure;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
}
|
||||
|
||||
/*
|
||||
@ -527,7 +527,7 @@ ECDH_Derive(SECItem *publicValue,
|
||||
SECItem *derivedSecret)
|
||||
{
|
||||
SECStatus rv = SECFailure;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
unsigned int len = 0;
|
||||
SECItem pointQ = {siBuffer, NULL, 0};
|
||||
mp_int k; /* to hold the private value */
|
||||
@ -596,7 +596,7 @@ cleanup:
|
||||
}
|
||||
#else
|
||||
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
return rv;
|
||||
}
|
||||
@ -610,7 +610,7 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
|
||||
const SECItem *digest, const unsigned char *kb, const int kblen)
|
||||
{
|
||||
SECStatus rv = SECFailure;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
mp_int x1;
|
||||
mp_int d, k; /* private key, random integer */
|
||||
mp_int r, s; /* tuple (r, s) is the signature */
|
||||
@ -822,7 +822,7 @@ cleanup:
|
||||
#endif
|
||||
#else
|
||||
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
return rv;
|
||||
}
|
||||
@ -835,7 +835,7 @@ SECStatus
|
||||
ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest)
|
||||
{
|
||||
SECStatus rv = SECFailure;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
int len;
|
||||
unsigned char *kBytes= NULL;
|
||||
|
||||
@ -863,7 +863,7 @@ cleanup:
|
||||
#endif
|
||||
#else
|
||||
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
return rv;
|
||||
}
|
||||
@ -876,7 +876,7 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
|
||||
const SECItem *digest)
|
||||
{
|
||||
SECStatus rv = SECFailure;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
mp_int r_, s_; /* tuple (r', s') is received signature) */
|
||||
mp_int c, u1, u2, v; /* intermediate values used in verification */
|
||||
mp_int x1;
|
||||
@ -1073,7 +1073,7 @@ cleanup:
|
||||
#endif
|
||||
#else
|
||||
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
@ -80,6 +80,8 @@ getLibName(void)
|
||||
}
|
||||
|
||||
#elif defined(HPUX) && !defined(NSS_USE_64) && !defined(__ia64)
|
||||
#include <unistd.h>
|
||||
|
||||
/* This code tests to see if we're running on a PA2.x CPU.
|
||||
** It returns true (1) if so, and false (0) otherwise.
|
||||
*/
|
||||
|
@ -69,7 +69,7 @@ MPI_SRCS = mpprime.c mpmontg.c mplogic.c mpi.c mp_gf2m.c
|
||||
|
||||
|
||||
ECL_HDRS = ecl-exp.h ecl.h ec2.h ecp.h ecl-priv.h
|
||||
ifdef NSS_ENABLE_ECC
|
||||
ifndef NSS_DISABLE_ECC
|
||||
ECL_SRCS = ecl.c ecl_curve.c ecl_mult.c ecl_gf.c \
|
||||
ecp_aff.c ecp_jac.c ecp_mont.c \
|
||||
ec_naf.c ecp_jm.c ecp_256.c ecp_384.c ecp_521.c \
|
||||
|
@ -205,7 +205,7 @@ ifeq ($(TARGET),WIN32)
|
||||
ifeq ($(CPU_ARCH),x86_64)
|
||||
AS_OBJS = mpi_amd64.obj mpi_amd64_masm.obj mp_comba_amd64_masm.asm
|
||||
CFLAGS = -Od -Z7 -MDd -W3 -nologo -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USER)
|
||||
CFLAGS += -DWIN32 -DWIN64 -D_WINDOWS -D_AMD_64_ -D_M_AMD64 -DWIN95 -DXP_PC -DNSS_ENABLE_ECC
|
||||
CFLAGS += -DWIN32 -DWIN64 -D_WINDOWS -D_AMD_64_ -D_M_AMD64 -DWIN95 -DXP_PC
|
||||
CFLAGS += $(MPICMN)
|
||||
|
||||
$(AS_OBJS): %.obj : %.asm
|
||||
@ -220,7 +220,7 @@ MPICMN += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD -DMP_API_COMPATIBLE
|
||||
MPICMN += -DMP_MONT_USE_MP_MUL
|
||||
MPICMN += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
|
||||
CFLAGS = -Od -Z7 -MDd -W3 -nologo -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USER)
|
||||
CFLAGS += -DWIN32 -D_WINDOWS -D_X86_ -DWIN95 -DXP_PC -DNSS_ENABLE_ECC
|
||||
CFLAGS += -DWIN32 -D_WINDOWS -D_X86_ -DWIN95 -DXP_PC
|
||||
CFLAGS += $(MPICMN)
|
||||
|
||||
$(AS_OBJS): %.obj : %.asm
|
||||
|
@ -9,7 +9,7 @@
|
||||
#define __nss_h_
|
||||
|
||||
/* The private macro _NSS_ECC_STRING is for NSS internal use only. */
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
#ifdef NSS_ECC_MORE_THAN_SUITE_B
|
||||
#define _NSS_ECC_STRING " Extended ECC"
|
||||
#else
|
||||
|
@ -2,7 +2,7 @@
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
|
||||
#include "blapi.h"
|
||||
#include "secoid.h"
|
||||
@ -603,4 +603,4 @@ EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams)
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
@ -13,7 +13,7 @@
|
||||
#include "pkcs11.h" /* Required for PKCS #11. */
|
||||
#include "secerr.h"
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
#include "ec.h" /* Required for ECDSA */
|
||||
#endif
|
||||
|
||||
@ -1612,7 +1612,7 @@ rsa_loser:
|
||||
return( CKR_DEVICE_ERROR );
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
|
||||
static CK_RV
|
||||
sftk_fips_ECDSA_Test(const PRUint8 *encodedParams,
|
||||
@ -1795,7 +1795,7 @@ sftk_fips_ECDSA_PowerUpSelfTest() {
|
||||
return( CKR_OK );
|
||||
}
|
||||
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
static CK_RV
|
||||
sftk_fips_DSA_PowerUpSelfTest( void )
|
||||
@ -2080,7 +2080,7 @@ sftk_fipsPowerUpSelfTest( void )
|
||||
if( rv != CKR_OK )
|
||||
return rv;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
/* ECDSA Power-Up SelfTest(s). */
|
||||
rv = sftk_fips_ECDSA_PowerUpSelfTest();
|
||||
|
||||
|
@ -1143,12 +1143,12 @@ nsslowkey_KeyForCertExists(NSSLOWKEYDBHandle *handle, NSSLOWCERTCertificate *cer
|
||||
namekey.data = pubkey->u.dh.publicValue.data;
|
||||
namekey.size = pubkey->u.dh.publicValue.len;
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case NSSLOWKEYECKey:
|
||||
namekey.data = pubkey->u.ec.publicValue.data;
|
||||
namekey.size = pubkey->u.ec.publicValue.len;
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
default:
|
||||
/* XXX We don't do Fortezza or DH yet. */
|
||||
return PR_FALSE;
|
||||
@ -1475,7 +1475,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
|
||||
SECItem *der_item = NULL;
|
||||
SECItem *cipherText = NULL;
|
||||
SECItem *dummy = NULL;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
SECItem *fordebug = NULL;
|
||||
int savelen;
|
||||
#endif
|
||||
@ -1555,7 +1555,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
|
||||
goto loser;
|
||||
}
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case NSSLOWKEYECKey:
|
||||
lg_prepare_low_ec_priv_key_for_asn1(pk);
|
||||
/* Public value is encoded as a bit string so adjust length
|
||||
@ -1594,7 +1594,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
|
||||
pk->keyType, fordebug);
|
||||
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
default:
|
||||
/* We don't support DH or Fortezza private keys yet */
|
||||
PORT_Assert(PR_FALSE);
|
||||
@ -1704,7 +1704,7 @@ seckey_decrypt_private_key(SECItem*epki,
|
||||
SECStatus rv = SECFailure;
|
||||
PLArenaPool *temparena = NULL, *permarena = NULL;
|
||||
SECItem *dest = NULL;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
SECItem *fordebug = NULL;
|
||||
#endif
|
||||
|
||||
@ -1812,7 +1812,7 @@ seckey_decrypt_private_key(SECItem*epki,
|
||||
lg_nsslowkey_DHPrivateKeyTemplate,
|
||||
&newPrivateKey);
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
|
||||
pk->keyType = NSSLOWKEYECKey;
|
||||
lg_prepare_low_ec_priv_key_for_asn1(pk);
|
||||
@ -1849,7 +1849,7 @@ seckey_decrypt_private_key(SECItem*epki,
|
||||
}
|
||||
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
default:
|
||||
rv = SECFailure;
|
||||
break;
|
||||
|
@ -423,11 +423,11 @@ lg_GetPubItem(NSSLOWKEYPublicKey *pubKey) {
|
||||
case NSSLOWKEYDHKey:
|
||||
pubItem = &pubKey->u.dh.publicValue;
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case NSSLOWKEYECKey:
|
||||
pubItem = &pubKey->u.ec.publicValue;
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
default:
|
||||
break;
|
||||
}
|
||||
@ -551,7 +551,7 @@ lg_FindDHPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
|
||||
return lg_invalidAttribute(attribute);
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
static CK_RV
|
||||
lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
|
||||
CK_ATTRIBUTE *attribute)
|
||||
@ -601,7 +601,7 @@ lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
|
||||
}
|
||||
return lg_invalidAttribute(attribute);
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
|
||||
static CK_RV
|
||||
@ -653,10 +653,10 @@ lg_FindPublicKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
|
||||
return lg_FindDSAPublicKeyAttribute(key,type,attribute);
|
||||
case NSSLOWKEYDHKey:
|
||||
return lg_FindDHPublicKeyAttribute(key,type,attribute);
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case NSSLOWKEYECKey:
|
||||
return lg_FindECPublicKeyAttribute(key,type,attribute);
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
default:
|
||||
break;
|
||||
}
|
||||
@ -945,7 +945,7 @@ lg_FindDHPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
|
||||
return lg_invalidAttribute(attribute);
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
static CK_RV
|
||||
lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
|
||||
CK_ATTRIBUTE *attribute, SDB *sdbpw)
|
||||
@ -983,7 +983,7 @@ lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
|
||||
}
|
||||
return lg_invalidAttribute(attribute);
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
static CK_RV
|
||||
lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
|
||||
@ -1030,10 +1030,10 @@ lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
|
||||
return lg_FindDSAPrivateKeyAttribute(key,type,attribute,obj->sdb);
|
||||
case NSSLOWKEYDHKey:
|
||||
return lg_FindDHPrivateKeyAttribute(key,type,attribute,obj->sdb);
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case NSSLOWKEYECKey:
|
||||
return lg_FindECPrivateKeyAttribute(key,type,attribute,obj->sdb);
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
@ -399,10 +399,10 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
|
||||
NSSLOWKEYPrivateKey *priv;
|
||||
SECItem pubKeySpace = {siBuffer, NULL, 0};
|
||||
SECItem *pubKey;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
SECItem pubKey2Space = {siBuffer, NULL, 0};
|
||||
PLArenaPool *arena = NULL;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
NSSLOWKEYDBHandle *keyHandle = NULL;
|
||||
|
||||
|
||||
@ -410,11 +410,11 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
|
||||
case CKK_RSA:
|
||||
pubKeyAttr = CKA_MODULUS;
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case CKK_EC:
|
||||
pubKeyAttr = CKA_EC_POINT;
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
case CKK_DSA:
|
||||
case CKK_DH:
|
||||
break;
|
||||
@ -427,7 +427,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
|
||||
crv = lg_Attribute2SSecItem(NULL,pubKeyAttr,templ,count,pubKey);
|
||||
if (crv != CKR_OK) return crv;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
if (key_type == CKK_EC) {
|
||||
SECStatus rv;
|
||||
/*
|
||||
@ -450,7 +450,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
|
||||
pubKey = &pubKey2Space;
|
||||
}
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
PORT_Assert(pubKey->data);
|
||||
if (pubKey->data == NULL) {
|
||||
@ -471,7 +471,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
|
||||
/* make sure the associated private key already exists */
|
||||
/* only works if we are logged in */
|
||||
priv = nsslowkey_FindKeyByPublicKey(keyHandle, pubKey, sdb /*password*/);
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
if (priv == NULL && pubKey == &pubKey2Space) {
|
||||
/* no match on the decoded key, match the original pubkey */
|
||||
pubKey = &pubKeySpace;
|
||||
@ -492,7 +492,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
|
||||
|
||||
done:
|
||||
PORT_Free(pubKeySpace.data);
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
if (arena)
|
||||
PORT_FreeArena(arena, PR_FALSE);
|
||||
#endif
|
||||
@ -599,7 +599,7 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count,
|
||||
}
|
||||
break;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case CKK_EC:
|
||||
privKey->keyType = NSSLOWKEYECKey;
|
||||
crv = lg_Attribute2SSecItem(arena, CKA_EC_PARAMS,templ,count,
|
||||
@ -628,7 +628,7 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count,
|
||||
NSSLOWKEY_EC_PRIVATE_KEY_VERSION);
|
||||
if (rv != SECSuccess) crv = CKR_HOST_MEMORY;
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
default:
|
||||
crv = CKR_KEY_TYPE_INCONSISTENT;
|
||||
|
@ -793,7 +793,7 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert)
|
||||
nsslowcert_DHPublicKeyTemplate, &os);
|
||||
if (rv == SECSuccess) return pubk;
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
|
||||
pubk->keyType = NSSLOWKEYECKey;
|
||||
/* Since PKCS#11 directly takes the DER encoding of EC params
|
||||
@ -814,7 +814,7 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert)
|
||||
rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue, &os);
|
||||
if (rv == SECSuccess) return pubk;
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
default:
|
||||
rv = SECFailure;
|
||||
break;
|
||||
|
@ -99,7 +99,7 @@ const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[] = {
|
||||
{ 0, }
|
||||
};
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
|
||||
/* XXX This is just a placeholder for later when we support
|
||||
* generic curves and need full-blown support for parsing EC
|
||||
@ -216,7 +216,7 @@ LGEC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
|
||||
loser:
|
||||
return SECFailure;
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
/*
|
||||
* See bugzilla bug 125359
|
||||
* Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
|
||||
@ -266,7 +266,7 @@ lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
|
||||
key->u.dh.privateValue.type = siUnsignedInteger;
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
void
|
||||
lg_prepare_low_ecparams_for_asn1(ECParams *params)
|
||||
{
|
||||
@ -283,7 +283,7 @@ lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
|
||||
key->u.ec.privateValue.type = siUnsignedInteger;
|
||||
key->u.ec.publicValue.type = siUnsignedInteger;
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
void
|
||||
lg_nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk)
|
||||
@ -378,7 +378,7 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
|
||||
if (rv == SECSuccess) return pubk;
|
||||
}
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case NSSLOWKEYECKey:
|
||||
pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
|
||||
sizeof(NSSLOWKEYPublicKey));
|
||||
@ -397,7 +397,7 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
|
||||
if (rv == SECSuccess) return pubk;
|
||||
}
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
/* No Fortezza in Low Key implementations (Fortezza keys aren't
|
||||
* stored in our data base */
|
||||
default:
|
||||
|
@ -26,10 +26,10 @@ extern void lg_prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
|
||||
extern void lg_prepare_low_pqg_params_for_asn1(PQGParams *params);
|
||||
extern void lg_prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
|
||||
extern void lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
extern void lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
|
||||
extern void lg_prepare_low_ecparams_for_asn1(ECParams *params);
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
typedef char * (* NSSLOWKEYDBNameFunc)(void *arg, int dbVersion);
|
||||
|
||||
@ -135,7 +135,7 @@ extern char *
|
||||
nsslowkey_FindKeyNicknameByPublicKey(NSSLOWKEYDBHandle *handle,
|
||||
SECItem *modulus, SDB *sdb);
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
/*
|
||||
* smaller version of EC_FillParams. In this code, we only need
|
||||
* oid and DER data.
|
||||
|
@ -43,11 +43,11 @@ extern const SEC_ASN1Template lg_nsslowkey_RSAPrivateKeyTemplate2[];
|
||||
extern const SEC_ASN1Template lg_nsslowkey_DSAPrivateKeyTemplate[];
|
||||
extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[];
|
||||
extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyExportTemplate[];
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
#define NSSLOWKEY_EC_PRIVATE_KEY_VERSION 1 /* as per SECG 1 C.4 */
|
||||
extern const SEC_ASN1Template lg_nsslowkey_ECParamsTemplate[];
|
||||
extern const SEC_ASN1Template lg_nsslowkey_ECPrivateKeyTemplate[];
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
extern const SEC_ASN1Template lg_nsslowkey_PrivateKeyInfoTemplate[];
|
||||
extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[];
|
||||
|
@ -9,7 +9,7 @@
|
||||
#include "secasn1.h"
|
||||
#include "secerr.h"
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
#include "softoken.h"
|
||||
#endif
|
||||
|
||||
@ -91,7 +91,7 @@ const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[] = {
|
||||
{ 0, }
|
||||
};
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
|
||||
/* XXX This is just a placeholder for later when we support
|
||||
* generic curves and need full-blown support for parsing EC
|
||||
@ -140,7 +140,7 @@ const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[] = {
|
||||
SEC_ASN1_SUB(SEC_BitStringTemplate) },
|
||||
{ 0, }
|
||||
};
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
/*
|
||||
* See bugzilla bug 125359
|
||||
* Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
|
||||
@ -196,7 +196,7 @@ prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
|
||||
key->u.dh.privateValue.type = siUnsignedInteger;
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
void
|
||||
prepare_low_ecparams_for_asn1(ECParams *params)
|
||||
{
|
||||
@ -213,7 +213,7 @@ prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
|
||||
key->u.ec.privateValue.type = siUnsignedInteger;
|
||||
key->u.ec.publicValue.type = siUnsignedInteger;
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
void
|
||||
nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk)
|
||||
@ -341,7 +341,7 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
|
||||
if (rv == SECSuccess) return pubk;
|
||||
}
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case NSSLOWKEYECKey:
|
||||
pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
|
||||
sizeof(NSSLOWKEYPublicKey));
|
||||
@ -360,7 +360,7 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
|
||||
if (rv == SECSuccess) return pubk;
|
||||
}
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
/* No Fortezza in Low Key implementations (Fortezza keys aren't
|
||||
* stored in our data base */
|
||||
default:
|
||||
@ -459,7 +459,7 @@ nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey)
|
||||
&(privKey->u.dh.base));
|
||||
if(rv != SECSuccess) break;
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case NSSLOWKEYECKey:
|
||||
rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.version),
|
||||
&(privKey->u.ec.version));
|
||||
@ -476,7 +476,7 @@ nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey)
|
||||
&(privKey->u.ec.ecParams));
|
||||
if (rv != SECSuccess) break;
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
default:
|
||||
rv = SECFailure;
|
||||
}
|
||||
|
@ -25,10 +25,10 @@ extern void prepare_low_pqg_params_for_asn1(PQGParams *params);
|
||||
extern void prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
|
||||
extern void prepare_low_dsa_priv_key_export_for_asn1(NSSLOWKEYPrivateKey *key);
|
||||
extern void prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
extern void prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
|
||||
extern void prepare_low_ecparams_for_asn1(ECParams *params);
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
/*
|
||||
** Destroy a private key object.
|
||||
|
@ -20,11 +20,11 @@ extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyTemplate[];
|
||||
extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyExportTemplate[];
|
||||
extern const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[];
|
||||
extern const SEC_ASN1Template nsslowkey_DHPrivateKeyExportTemplate[];
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
#define NSSLOWKEY_EC_PRIVATE_KEY_VERSION 1 /* as per SECG 1 C.4 */
|
||||
extern const SEC_ASN1Template nsslowkey_ECParamsTemplate[];
|
||||
extern const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[];
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
extern const SEC_ASN1Template nsslowkey_PrivateKeyInfoTemplate[];
|
||||
extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[];
|
||||
|
@ -302,7 +302,7 @@ static const struct mechanismList mechanisms[] = {
|
||||
CKF_GENERATE_KEY_PAIR}, PR_TRUE},
|
||||
{CKM_DH_PKCS_DERIVE, {DH_MIN_P_BITS, DH_MAX_P_BITS,
|
||||
CKF_DERIVE}, PR_TRUE},
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
/* -------------------- Elliptic Curve Operations --------------------- */
|
||||
{CKM_EC_KEY_PAIR_GEN, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS,
|
||||
CKF_GENERATE_KEY_PAIR|CKF_EC_BPNU}, PR_TRUE},
|
||||
@ -312,7 +312,7 @@ static const struct mechanismList mechanisms[] = {
|
||||
CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE},
|
||||
{CKM_ECDSA_SHA1, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS,
|
||||
CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE},
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
/* ------------------------- RC2 Operations --------------------------- */
|
||||
{CKM_RC2_KEY_GEN, {1, 128, CKF_GENERATE}, PR_TRUE},
|
||||
{CKM_RC2_ECB, {1, 128, CKF_EN_DE_WR_UN}, PR_TRUE},
|
||||
@ -927,7 +927,7 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object,
|
||||
recover = CK_FALSE;
|
||||
wrap = CK_FALSE;
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case CKK_EC:
|
||||
if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) {
|
||||
return CKR_TEMPLATE_INCOMPLETE;
|
||||
@ -941,7 +941,7 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object,
|
||||
recover = CK_FALSE;
|
||||
wrap = CK_FALSE;
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
default:
|
||||
return CKR_ATTRIBUTE_VALUE_INVALID;
|
||||
}
|
||||
@ -1088,7 +1088,7 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE
|
||||
recover = CK_FALSE;
|
||||
wrap = CK_FALSE;
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case CKK_EC:
|
||||
if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) {
|
||||
return CKR_TEMPLATE_INCOMPLETE;
|
||||
@ -1101,7 +1101,7 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE
|
||||
recover = CK_FALSE;
|
||||
wrap = CK_FALSE;
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
case CKK_NSS_JPAKE_ROUND1:
|
||||
if (!sftk_hasAttribute(object, CKA_PRIME) ||
|
||||
!sftk_hasAttribute(object, CKA_SUBPRIME) ||
|
||||
@ -1708,7 +1708,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type,
|
||||
crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.publicValue,
|
||||
object,CKA_VALUE);
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case CKK_EC:
|
||||
pubKey->keyType = NSSLOWKEYECKey;
|
||||
crv = sftk_Attribute2SSecItem(arena,
|
||||
@ -1768,7 +1768,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type,
|
||||
crv = CKR_ATTRIBUTE_VALUE_INVALID;
|
||||
}
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
default:
|
||||
crv = CKR_KEY_TYPE_INCONSISTENT;
|
||||
break;
|
||||
@ -1877,7 +1877,7 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp)
|
||||
* if we don't set it explicitly */
|
||||
break;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case CKK_EC:
|
||||
privKey->keyType = NSSLOWKEYECKey;
|
||||
crv = sftk_Attribute2SSecItem(arena,
|
||||
@ -1919,7 +1919,7 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp)
|
||||
#endif
|
||||
}
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
default:
|
||||
crv = CKR_KEY_TYPE_INCONSISTENT;
|
||||
|
@ -62,7 +62,7 @@ static void sftk_Null(void *data, PRBool freeit)
|
||||
return;
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
#ifdef EC_DEBUG
|
||||
#define SEC_PRINT(str1, str2, num, sitem) \
|
||||
printf("pkcs11c.c:%s:%s (keytype=%d) [len=%d]\n", \
|
||||
@ -74,7 +74,7 @@ static void sftk_Null(void *data, PRBool freeit)
|
||||
#else
|
||||
#define SEC_PRINT(a, b, c, d)
|
||||
#endif
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
/*
|
||||
* free routines.... Free local type allocated data, and convert
|
||||
@ -120,7 +120,7 @@ sftk_MapCryptError(int error)
|
||||
return CKR_KEY_SIZE_RANGE; /* the closest error code */
|
||||
case SEC_ERROR_UNSUPPORTED_EC_POINT_FORM:
|
||||
return CKR_TEMPLATE_INCONSISTENT;
|
||||
/* EC functions set this error if NSS_ENABLE_ECC is not defined */
|
||||
/* EC functions set this error if NSS_DISABLE_ECC is defined */
|
||||
case SEC_ERROR_UNSUPPORTED_KEYALG:
|
||||
return CKR_MECHANISM_INVALID;
|
||||
case SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE:
|
||||
@ -2242,7 +2242,7 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
|
||||
return rv;
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
static SECStatus
|
||||
nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen,
|
||||
void *dataBuf, unsigned int dataLen)
|
||||
@ -2277,7 +2277,7 @@ nsc_ECDSASignStub(void *ctx, void *sigBuf,
|
||||
*sigLen = signature.len;
|
||||
return rv;
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
/* NSC_SignInit setups up the signing operations. There are three basic
|
||||
* types of signing:
|
||||
@ -2429,7 +2429,7 @@ finish_rsa:
|
||||
|
||||
break;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case CKM_ECDSA_SHA1:
|
||||
context->multi = PR_TRUE;
|
||||
crv = sftk_doSubSHA1(context);
|
||||
@ -2452,7 +2452,7 @@ finish_rsa:
|
||||
context->maxLen = MAX_ECKEY_LEN * 2;
|
||||
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
#define INIT_HMAC_MECH(mmm) \
|
||||
case CKM_ ## mmm ## _HMAC_GENERAL: \
|
||||
@ -3060,7 +3060,7 @@ finish_rsa:
|
||||
context->verify = (SFTKVerify) nsc_DSA_Verify_Stub;
|
||||
context->destroy = sftk_Null;
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case CKM_ECDSA_SHA1:
|
||||
context->multi = PR_TRUE;
|
||||
crv = sftk_doSubSHA1(context);
|
||||
@ -3080,7 +3080,7 @@ finish_rsa:
|
||||
context->verify = (SFTKVerify) nsc_ECDSAVerifyStub;
|
||||
context->destroy = sftk_Null;
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
INIT_HMAC_MECH(MD2)
|
||||
INIT_HMAC_MECH(MD5)
|
||||
@ -4209,7 +4209,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession,
|
||||
pairwise_digest_length = subPrimeLen;
|
||||
mech.mechanism = CKM_DSA;
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case CKK_EC:
|
||||
signature_length = MAX_ECKEY_LEN * 2;
|
||||
mech.mechanism = CKM_ECDSA;
|
||||
@ -4332,12 +4332,12 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession,
|
||||
int private_value_bits = 0;
|
||||
DHPrivateKey * dhPriv;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
/* Elliptic Curve Cryptography */
|
||||
SECItem ecEncodedParams; /* DER Encoded parameters */
|
||||
ECPrivateKey * ecPriv;
|
||||
ECParams * ecParams;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
CHECK_FORK();
|
||||
|
||||
@ -4667,7 +4667,7 @@ dhgn_done:
|
||||
PORT_FreeArena(dhPriv->arena, PR_TRUE);
|
||||
break;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case CKM_EC_KEY_PAIR_GEN:
|
||||
sftk_DeleteAttributeType(privateKey,CKA_EC_PARAMS);
|
||||
sftk_DeleteAttributeType(privateKey,CKA_VALUE);
|
||||
@ -4730,7 +4730,7 @@ ecgn_done:
|
||||
/* should zeroize, since this function doesn't. */
|
||||
PORT_FreeArena(ecPriv->ecParams.arena, PR_TRUE);
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
default:
|
||||
crv = CKR_MECHANISM_INVALID;
|
||||
@ -4850,7 +4850,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
|
||||
void *dummy, *param = NULL;
|
||||
SECStatus rv = SECSuccess;
|
||||
SECItem *encodedKey = NULL;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
SECItem *fordebug;
|
||||
int savelen;
|
||||
#endif
|
||||
@ -4905,7 +4905,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
|
||||
nsslowkey_PQGParamsTemplate);
|
||||
algorithm = SEC_OID_ANSIX9_DSA_SIGNATURE;
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case NSSLOWKEYECKey:
|
||||
prepare_low_ec_priv_key_for_asn1(lk);
|
||||
/* Public value is encoded as a bit string so adjust length
|
||||
@ -4932,7 +4932,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
|
||||
|
||||
algorithm = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
case NSSLOWKEYDHKey:
|
||||
default:
|
||||
dummy = NULL;
|
||||
@ -4965,7 +4965,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
|
||||
nsslowkey_PrivateKeyInfoTemplate);
|
||||
*crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
fordebug = encodedKey;
|
||||
SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType,
|
||||
fordebug);
|
||||
@ -5191,7 +5191,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
|
||||
prepare_low_pqg_params_for_asn1(&lpk->u.dsa.params);
|
||||
break;
|
||||
/* case NSSLOWKEYDHKey: */
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
|
||||
keyTemplate = nsslowkey_ECPrivateKeyTemplate;
|
||||
paramTemplate = NULL;
|
||||
@ -5200,7 +5200,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
|
||||
prepare_low_ec_priv_key_for_asn1(lpk);
|
||||
prepare_low_ecparams_for_asn1(&lpk->u.ec.ecParams);
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
default:
|
||||
keyTemplate = NULL;
|
||||
paramTemplate = NULL;
|
||||
@ -5215,7 +5215,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
|
||||
/* decode the private key and any algorithm parameters */
|
||||
rv = SEC_QuickDERDecodeItem(arena, lpk, keyTemplate, &pki->privateKey);
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
if (lpk->keyType == NSSLOWKEYECKey) {
|
||||
/* convert length in bits to length in bytes */
|
||||
lpk->u.ec.publicValue.len >>= 3;
|
||||
@ -5226,7 +5226,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
if(rv != SECSuccess) {
|
||||
goto loser;
|
||||
@ -5321,7 +5321,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
|
||||
break;
|
||||
#endif
|
||||
/* what about fortezza??? */
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case NSSLOWKEYECKey:
|
||||
keyType = CKK_EC;
|
||||
crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK :
|
||||
@ -5347,7 +5347,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
|
||||
if(crv != CKR_OK) break;
|
||||
/* XXX Do we need to decode the EC Params here ?? */
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
default:
|
||||
crv = CKR_KEY_TYPE_INCONSISTENT;
|
||||
break;
|
||||
@ -5657,7 +5657,7 @@ sftk_MapKeySize(CK_KEY_TYPE keyType)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
/* Inputs:
|
||||
* key_len: Length of derived key to be generated.
|
||||
* SharedSecret: a shared secret that is the output of a key agreement primitive.
|
||||
@ -5768,7 +5768,7 @@ static CK_RV sftk_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len,
|
||||
else
|
||||
return CKR_MECHANISM_INVALID;
|
||||
}
|
||||
#endif
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
/*
|
||||
* SSL Key generation given pre master secret
|
||||
@ -6714,7 +6714,7 @@ key_and_mac_derive_fail:
|
||||
break;
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case CKM_ECDH1_DERIVE:
|
||||
case CKM_ECDH1_COFACTOR_DERIVE:
|
||||
{
|
||||
@ -6872,7 +6872,7 @@ ec_loser:
|
||||
break;
|
||||
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
/* See RFC 5869 and CK_NSS_HKDFParams for documentation. */
|
||||
case CKM_NSS_HKDF_SHA1: hashType = HASH_AlgSHA1; goto hkdf;
|
||||
|
@ -1246,7 +1246,7 @@ static const CK_ATTRIBUTE_TYPE dhPubKeyAttrs[] = {
|
||||
};
|
||||
static const CK_ULONG dhPubKeyAttrsCount =
|
||||
sizeof(dhPubKeyAttrs)/sizeof(dhPubKeyAttrs[0]);
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
static const CK_ATTRIBUTE_TYPE ecPubKeyAttrs[] = {
|
||||
CKA_EC_PARAMS, CKA_EC_POINT
|
||||
};
|
||||
@ -1279,7 +1279,7 @@ static const CK_ATTRIBUTE_TYPE dhPrivKeyAttrs[] = {
|
||||
};
|
||||
static const CK_ULONG dhPrivKeyAttrsCount =
|
||||
sizeof(dhPrivKeyAttrs)/sizeof(dhPrivKeyAttrs[0]);
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
static const CK_ATTRIBUTE_TYPE ecPrivKeyAttrs[] = {
|
||||
CKA_EC_PARAMS, CKA_VALUE
|
||||
};
|
||||
@ -1390,7 +1390,7 @@ stfk_CopyTokenPrivateKey(SFTKObject *destObject,SFTKTokenObject *src_to)
|
||||
crv = stfk_CopyTokenAttributes(destObject, src_to, dhPrivKeyAttrs,
|
||||
dhPrivKeyAttrsCount);
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case CKK_EC:
|
||||
crv = stfk_CopyTokenAttributes(destObject, src_to, ecPrivKeyAttrs,
|
||||
ecPrivKeyAttrsCount);
|
||||
@ -1452,7 +1452,7 @@ stfk_CopyTokenPublicKey(SFTKObject *destObject,SFTKTokenObject *src_to)
|
||||
crv = stfk_CopyTokenAttributes(destObject, src_to, dhPubKeyAttrs,
|
||||
dhPubKeyAttrsCount);
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case CKK_EC:
|
||||
crv = stfk_CopyTokenAttributes(destObject, src_to, ecPubKeyAttrs,
|
||||
ecPubKeyAttrsCount);
|
||||
|
@ -8,7 +8,7 @@
|
||||
#ifndef _SOFTKVER_H_
|
||||
#define _SOFTKVER_H_
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
#ifdef NSS_ECC_MORE_THAN_SUITE_B
|
||||
#define SOFTOKEN_ECC_STRING " Extended ECC"
|
||||
#else
|
||||
|
@ -35,7 +35,7 @@ RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key,
|
||||
const unsigned char *sig, unsigned int sigLen,
|
||||
const unsigned char *hash, unsigned int hashLen);
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
/*
|
||||
** pepare an ECParam structure from DEREncoded params
|
||||
*/
|
||||
|
@ -617,7 +617,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
|
||||
PRBool testrsa_export = PR_FALSE;
|
||||
PRBool testecdh = PR_FALSE;
|
||||
PRBool testecdhe = PR_FALSE;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
SECKEYECParams ecParams = { siBuffer, NULL, 0 };
|
||||
#endif
|
||||
|
||||
@ -755,7 +755,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
|
||||
if (enc_pms.data != NULL) {
|
||||
SECITEM_FreeItem(&enc_pms, PR_FALSE);
|
||||
}
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
for (; (privKeytype == ecKey && ( testecdh || testecdhe)) ||
|
||||
(privKeytype == rsaKey && testecdhe); ) {
|
||||
CK_MECHANISM_TYPE target;
|
||||
@ -859,7 +859,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
|
||||
PORT_Free(ecParams.data);
|
||||
ecParams.data = NULL;
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
if (pms)
|
||||
PK11_FreeSymKey(pms);
|
||||
}
|
||||
@ -877,12 +877,12 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
|
||||
if (enc_pms.data != NULL) {
|
||||
SECITEM_FreeItem(&enc_pms, PR_FALSE);
|
||||
}
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
if (ecParams.data != NULL) {
|
||||
PORT_Free(ecParams.data);
|
||||
ecParams.data = NULL;
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
if (srvPubkey) {
|
||||
SECKEY_DestroyPublicKey(srvPubkey);
|
||||
|
@ -30,15 +30,15 @@ static const PRUint16 COMMON_MTU_VALUES[] = {
|
||||
|
||||
/* List copied from ssl3con.c:cipherSuites */
|
||||
static const ssl3CipherSuite nonDTLSSuites[] = {
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
TLS_DHE_DSS_WITH_RC4_128_SHA,
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
TLS_ECDH_RSA_WITH_RC4_128_SHA,
|
||||
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
SSL_RSA_WITH_RC4_128_MD5,
|
||||
SSL_RSA_WITH_RC4_128_SHA,
|
||||
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
|
||||
|
@ -89,7 +89,7 @@ static SECStatus ssl3_AESGCMBypass(ssl3KeyMaterial *keys, PRBool doDecrypt,
|
||||
static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
||||
/* cipher_suite policy enabled isPresent */
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
|
||||
@ -105,7 +105,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
||||
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
@ -122,7 +122,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
||||
{ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
{ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
@ -131,7 +131,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
||||
{ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
/* RSA */
|
||||
{ TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
@ -162,12 +162,12 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
||||
{ SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
|
||||
/* ciphersuites with no encryption */
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
{ TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
{ SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
@ -224,9 +224,9 @@ compressionEnabled(sslSocket *ss, SSLCompressionMethod compression)
|
||||
|
||||
static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = {
|
||||
ct_RSA_sign,
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
ct_ECDSA_sign,
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
ct_DSS_sign,
|
||||
};
|
||||
|
||||
@ -238,7 +238,7 @@ static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = {
|
||||
* CertificateVerify messages that use the handshake hash. */
|
||||
static const PRUint8 supported_signature_algorithms[] = {
|
||||
tls_hash_sha256, tls_sig_rsa,
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
tls_hash_sha256, tls_sig_ecdsa,
|
||||
#endif
|
||||
tls_hash_sha256, tls_sig_dsa,
|
||||
@ -299,13 +299,13 @@ static const ssl3KEADef kea_defs[] =
|
||||
{kea_dh_anon, kt_dh, sign_null, PR_FALSE, 0, PR_FALSE},
|
||||
{kea_dh_anon_export, kt_dh, sign_null, PR_TRUE, 512, PR_FALSE},
|
||||
{kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE },
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
{kea_ecdh_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE},
|
||||
{kea_ecdhe_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE},
|
||||
{kea_ecdh_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE},
|
||||
{kea_ecdhe_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE},
|
||||
{kea_ecdh_anon, kt_ecdh, sign_null, PR_FALSE, 0, PR_FALSE},
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
};
|
||||
|
||||
/* must use ssl_LookupCipherSuiteDef to access */
|
||||
@ -405,7 +405,7 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
|
||||
{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa},
|
||||
{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa},
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
{TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa},
|
||||
{TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa},
|
||||
{TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa},
|
||||
@ -439,7 +439,7 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
|
||||
{TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon},
|
||||
{TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon},
|
||||
#endif
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
};
|
||||
|
||||
static const CK_MECHANISM_TYPE kea_alg_defs[] = {
|
||||
@ -512,7 +512,7 @@ const char * const ssl3_cipherName[] = {
|
||||
"missing"
|
||||
};
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
/* The ECCWrappedKeyInfo structure defines how various pieces of
|
||||
* information are laid out within wrappedSymmetricWrappingkey
|
||||
* for ECDH key exchange. Since wrappedSymmetricWrappingkey is
|
||||
@ -534,7 +534,7 @@ typedef struct ECCWrappedKeyInfoStr {
|
||||
PRUint8 var[MAX_EC_WRAPPED_KEY_BUFLEN]; /* this buffer contains the */
|
||||
/* EC public-key params, the EC public value and the wrapped key */
|
||||
} ECCWrappedKeyInfo;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
#if defined(TRACE)
|
||||
|
||||
@ -731,7 +731,7 @@ ssl3_config_match_init(sslSocket *ss)
|
||||
cipher_mech = alg2Mech[cipher_alg].cmech;
|
||||
exchKeyType =
|
||||
kea_defs[cipher_def->key_exchange_alg].exchKeyType;
|
||||
#ifndef NSS_ENABLE_ECC
|
||||
#ifdef NSS_DISABLE_ECC
|
||||
svrAuth = ss->serverCerts + exchKeyType;
|
||||
#else
|
||||
/* XXX SSLKEAType isn't really a good choice for
|
||||
@ -765,7 +765,7 @@ ssl3_config_match_init(sslSocket *ss)
|
||||
svrAuth = ss->serverCerts + exchKeyType;
|
||||
break;
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
/* Mark the suites that are backed by real tokens, certs and keys */
|
||||
suite->isPresent = (PRBool)
|
||||
@ -924,7 +924,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf,
|
||||
hashItem.len = hash->len;
|
||||
}
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case ecKey:
|
||||
doDerEncode = PR_TRUE;
|
||||
/* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
|
||||
@ -937,7 +937,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf,
|
||||
hashItem.len = hash->len;
|
||||
}
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
default:
|
||||
PORT_SetError(SEC_ERROR_INVALID_KEY);
|
||||
goto done;
|
||||
@ -1035,7 +1035,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert,
|
||||
}
|
||||
break;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case ecKey:
|
||||
encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
|
||||
/* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
|
||||
@ -1053,7 +1053,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert,
|
||||
hashItem.len = hash->len;
|
||||
}
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
default:
|
||||
SECKEY_DestroyPublicKey(key);
|
||||
@ -5078,12 +5078,12 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
|
||||
total_exten_len += 2;
|
||||
}
|
||||
|
||||
#if defined(NSS_ENABLE_ECC)
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
if (!total_exten_len || !isTLS) {
|
||||
/* not sending the elliptic_curves and ec_point_formats extensions */
|
||||
ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
|
||||
}
|
||||
#endif
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
if (IS_DTLS(ss)) {
|
||||
ssl3_DisableNonDTLSSuites(ss);
|
||||
@ -5394,11 +5394,11 @@ ssl_UnwrapSymWrappingKey(
|
||||
{
|
||||
PK11SymKey * unwrappedWrappingKey = NULL;
|
||||
SECItem wrappedKey;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
PK11SymKey * Ks;
|
||||
SECKEYPublicKey pubWrapKey;
|
||||
ECCWrappedKeyInfo *ecWrapped;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
/* found the wrapping key on disk. */
|
||||
PORT_Assert(pWswk->symWrapMechanism == masterWrapMech);
|
||||
@ -5420,7 +5420,7 @@ ssl_UnwrapSymWrappingKey(
|
||||
masterWrapMech, CKA_UNWRAP, 0);
|
||||
break;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case kt_ecdh:
|
||||
/*
|
||||
* For kt_ecdh, we first create an EC public key based on
|
||||
@ -5559,12 +5559,12 @@ getWrappingKey( sslSocket * ss,
|
||||
SECStatus rv;
|
||||
SECItem wrappedKey;
|
||||
SSLWrappedSymWrappingKey wswk;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
PK11SymKey * Ks = NULL;
|
||||
SECKEYPublicKey *pubWrapKey = NULL;
|
||||
SECKEYPrivateKey *privWrapKey = NULL;
|
||||
ECCWrappedKeyInfo *ecWrapped;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
svrPrivKey = ss->serverCerts[exchKeyType].SERVERKEY;
|
||||
PORT_Assert(svrPrivKey != NULL);
|
||||
@ -5647,7 +5647,7 @@ getWrappingKey( sslSocket * ss,
|
||||
unwrappedWrappingKey, &wrappedKey);
|
||||
break;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case kt_ecdh:
|
||||
/*
|
||||
* We generate an ephemeral EC key pair. Perform an ECDH
|
||||
@ -5733,7 +5733,7 @@ ec_cleanup:
|
||||
if (Ks) PK11_FreeSymKey(Ks);
|
||||
asymWrapMechanism = masterWrapMech;
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
default:
|
||||
rv = SECFailure;
|
||||
@ -6046,11 +6046,11 @@ ssl3_SendClientKeyExchange(sslSocket *ss)
|
||||
rv = sendDHClientKeyExchange(ss, serverKey);
|
||||
break;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case kt_ecdh:
|
||||
rv = ssl3_SendECDHClientKeyExchange(ss, serverKey);
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
default:
|
||||
/* got an unknown or unsupported Key Exchange Algorithm. */
|
||||
@ -6778,11 +6778,11 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case kt_ecdh:
|
||||
rv = ssl3_HandleECDHServerKeyExchange(ss, b, length);
|
||||
return rv;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
default:
|
||||
desc = handshake_failure;
|
||||
@ -7520,14 +7520,14 @@ ssl3_SendServerHelloSequence(sslSocket *ss)
|
||||
return rv;
|
||||
#endif
|
||||
}
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
} else if ((kea_def->kea == kea_ecdhe_rsa) ||
|
||||
(kea_def->kea == kea_ecdhe_ecdsa)) {
|
||||
rv = ssl3_SendServerKeyExchange(ss);
|
||||
if (rv != SECSuccess) {
|
||||
return rv; /* err code was set. */
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
}
|
||||
|
||||
if (ss->opt.requestCertificate) {
|
||||
@ -7815,7 +7815,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
/* Disable any ECC cipher suites for which we have no cert. */
|
||||
ssl3_FilterECCipherSuitesByServerCerts(ss);
|
||||
#endif
|
||||
@ -8432,7 +8432,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length)
|
||||
|
||||
PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0],
|
||||
SSL3_RANDOM_LENGTH));
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
/* Disable any ECC cipher suites for which we have no cert. */
|
||||
ssl3_FilterECCipherSuitesByServerCerts(ss);
|
||||
#endif
|
||||
@ -8821,12 +8821,12 @@ ssl3_SendServerKeyExchange(sslSocket *ss)
|
||||
PORT_Free(signed_hash.data);
|
||||
return SECSuccess;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case kt_ecdh: {
|
||||
rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash);
|
||||
return rv;
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
case kt_dh:
|
||||
case kt_null:
|
||||
@ -9249,9 +9249,9 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
||||
SECStatus rv;
|
||||
const ssl3KEADef *kea_def;
|
||||
ssl3KeyPair *serverKeyPair = NULL;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
SECKEYPublicKey *serverPubKey = NULL;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake",
|
||||
SSL_GETPID(), ss->fd));
|
||||
@ -9281,7 +9281,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
||||
ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB;
|
||||
} else
|
||||
skip:
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
/* XXX Using SSLKEAType to index server certifiates
|
||||
* does not work for (EC)DHE ciphers. Until we have
|
||||
* an indexing mechanism general enough for all key
|
||||
@ -9327,7 +9327,7 @@ skip:
|
||||
break;
|
||||
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case kt_ecdh:
|
||||
/* XXX We really ought to be able to store multiple
|
||||
* EC certs (a requirement if we wish to support both
|
||||
@ -9349,7 +9349,7 @@ skip:
|
||||
return SECFailure; /* error code set */
|
||||
}
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
default:
|
||||
(void) ssl3_HandshakeFailure(ss);
|
||||
@ -9954,7 +9954,7 @@ ssl3_AuthCertificate(sslSocket *ss)
|
||||
if (pubKey) {
|
||||
ss->sec.keaKeyBits = ss->sec.authKeyBits =
|
||||
SECKEY_PublicKeyStrengthInBits(pubKey);
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
if (ss->sec.keaType == kt_ecdh) {
|
||||
/* Get authKeyBits from signing key.
|
||||
* XXX The code below uses a quick approximation of
|
||||
@ -9980,7 +9980,7 @@ ssl3_AuthCertificate(sslSocket *ss)
|
||||
*/
|
||||
}
|
||||
}
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
SECKEY_DestroyPublicKey(pubKey);
|
||||
pubKey = NULL;
|
||||
}
|
||||
@ -9988,10 +9988,10 @@ ssl3_AuthCertificate(sslSocket *ss)
|
||||
ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */
|
||||
if (ss->ssl3.hs.kea_def->is_limited ||
|
||||
/* XXX OR server cert is signing only. */
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa ||
|
||||
ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
ss->ssl3.hs.kea_def->exchKeyType == kt_dh) {
|
||||
ss->ssl3.hs.ws = wait_server_key; /* allow server_key_exchange */
|
||||
}
|
||||
@ -10565,7 +10565,7 @@ xmit_loser:
|
||||
sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite;
|
||||
sid->u.ssl3.compression = ss->ssl3.hs.compression;
|
||||
sid->u.ssl3.policy = ss->ssl3.policy;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
sid->u.ssl3.negotiatedECCurves = ss->ssl3.hs.negotiatedECCurves;
|
||||
#endif
|
||||
sid->u.ssl3.exchKeyType = effectiveExchKeyType;
|
||||
@ -11701,7 +11701,7 @@ ssl3_InitState(sslSocket *ss)
|
||||
ssl3_InitCipherSpec(ss, ss->ssl3.prSpec);
|
||||
|
||||
ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss);
|
||||
#endif
|
||||
ssl_ReleaseSpecWriteLock(ss);
|
||||
|
@ -30,7 +30,7 @@
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
|
||||
#ifndef PK11_SETATTRS
|
||||
#define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
|
||||
@ -1258,4 +1258,4 @@ loser:
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
@ -230,7 +230,7 @@ ssl3_GetSessionTicketKeys(const unsigned char **aes_key,
|
||||
/* This table is used by the server, to handle client hello extensions. */
|
||||
static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
|
||||
{ ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
{ ssl_elliptic_curves_xtn, &ssl3_HandleSupportedCurvesXtn },
|
||||
{ ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn },
|
||||
#endif
|
||||
@ -272,7 +272,7 @@ static const
|
||||
ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
|
||||
{ ssl_server_name_xtn, &ssl3_SendServerNameXtn },
|
||||
{ ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
{ ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn },
|
||||
{ ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
|
||||
#endif
|
||||
@ -2219,7 +2219,7 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
|
||||
tls_hash_sha256, tls_sig_rsa,
|
||||
tls_hash_sha384, tls_sig_rsa,
|
||||
tls_hash_sha1, tls_sig_rsa,
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
tls_hash_sha256, tls_sig_ecdsa,
|
||||
tls_hash_sha384, tls_sig_ecdsa,
|
||||
tls_hash_sha1, tls_sig_ecdsa,
|
||||
|
@ -3101,7 +3101,7 @@ ssl2_BeginClientHandshake(sslSocket *ss)
|
||||
|
||||
return rv;
|
||||
}
|
||||
#if defined(NSS_ENABLE_ECC)
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
/* ensure we don't neogtiate ECC cipher suites with SSL2 hello */
|
||||
ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
|
||||
if (ss->cipherSpecs != NULL) {
|
||||
@ -3109,7 +3109,7 @@ ssl2_BeginClientHandshake(sslSocket *ss)
|
||||
ss->cipherSpecs = NULL;
|
||||
ss->sizeCipherSpecs = 0;
|
||||
}
|
||||
#endif
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
if (!ss->cipherSpecs) {
|
||||
rv = ssl2_ConstructCipherSpecs(ss);
|
||||
|
@ -47,7 +47,7 @@
|
||||
* the third one.
|
||||
*/
|
||||
const PRUint16 SSL_ImplementedCiphers[] = {
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
|
||||
@ -63,7 +63,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
||||
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
@ -80,7 +80,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
||||
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_RC4_128_SHA,
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
@ -89,7 +89,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
||||
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
|
||||
TLS_ECDH_RSA_WITH_RC4_128_SHA,
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
@ -119,12 +119,12 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
||||
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
|
||||
|
||||
/* ciphersuites with no encryption */
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
|
||||
TLS_ECDHE_RSA_WITH_NULL_SHA,
|
||||
TLS_ECDH_RSA_WITH_NULL_SHA,
|
||||
TLS_ECDH_ECDSA_WITH_NULL_SHA,
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
SSL_RSA_WITH_NULL_SHA,
|
||||
TLS_RSA_WITH_NULL_SHA256,
|
||||
SSL_RSA_WITH_NULL_MD5,
|
||||
|
@ -288,11 +288,11 @@ typedef struct {
|
||||
#endif
|
||||
} ssl3CipherSuiteCfg;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
#define ssl_V3_SUITES_IMPLEMENTED 61
|
||||
#else
|
||||
#define ssl_V3_SUITES_IMPLEMENTED 37
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
#define MAX_DTLS_SRTP_CIPHER_SUITES 4
|
||||
|
||||
@ -653,9 +653,9 @@ struct sslSessionIDStr {
|
||||
SSL3KEAType exchKeyType;
|
||||
/* key type used in exchange algorithm,
|
||||
* and to wrap the sym wrapping key. */
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
PRUint32 negotiatedECCurves;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
/* The following values are NOT restored from the server's on-disk
|
||||
* session cache, but are restored from the client's cache.
|
||||
@ -885,9 +885,9 @@ const ssl3CipherSuiteDef *suite_def;
|
||||
SSL3Finished sFinished[2];
|
||||
SSL3Opaque data[72];
|
||||
} finishedMsgs;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
PRUint32 negotiatedECCurves; /* bit mask */
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
PRBool authCertificatePending;
|
||||
/* Which function should SSL_RestartHandshake* call if we're blocked?
|
||||
@ -1596,7 +1596,7 @@ int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags);
|
||||
*/
|
||||
extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
|
||||
extern PRBool ssl3_IsECCEnabled(sslSocket *ss);
|
||||
extern SECStatus ssl3_DisableECCSuites(sslSocket * ss,
|
||||
@ -1651,7 +1651,7 @@ extern SECStatus ssl3_ECName2Params(PLArenaPool *arena, ECName curve,
|
||||
ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits);
|
||||
|
||||
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on);
|
||||
extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on);
|
||||
@ -1686,7 +1686,7 @@ extern SECStatus ssl3_NegotiateVersion(sslSocket *ss,
|
||||
|
||||
extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
/* ECDH functions */
|
||||
extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss,
|
||||
SECKEYPublicKey * svrPubKey);
|
||||
@ -1771,7 +1771,7 @@ extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert,
|
||||
const CERTCertificateList *certChain,
|
||||
ssl3KeyPair *keyPair, SSLKEAType kea);
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss,
|
||||
PRBool append, PRUint32 maxBytes);
|
||||
extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss,
|
||||
|
@ -171,7 +171,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
|
||||
{0,CS(SSL_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, },
|
||||
{0,CS(SSL_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, },
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
/* ECC cipher suites */
|
||||
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
|
||||
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
|
||||
@ -201,7 +201,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
|
||||
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
|
||||
{0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
/* SSL 2 table */
|
||||
{0,CK(SSL_CK_RC4_128_WITH_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
|
||||
|
@ -696,11 +696,11 @@ NSS_FindCertKEAType(CERTCertificate * cert)
|
||||
case SEC_OID_X942_DIFFIE_HELMAN_KEY:
|
||||
keaType = kt_dh;
|
||||
break;
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
|
||||
keaType = kt_ecdh;
|
||||
break;
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
default:
|
||||
keaType = kt_null;
|
||||
}
|
||||
|
@ -181,7 +181,7 @@ typedef enum {
|
||||
typedef enum {
|
||||
ssl_server_name_xtn = 0,
|
||||
ssl_cert_status_xtn = 5,
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
ssl_elliptic_curves_xtn = 10,
|
||||
ssl_ec_point_formats_xtn = 11,
|
||||
#endif
|
||||
|
@ -59,7 +59,7 @@
|
||||
#
|
||||
# Optional environment variables to enable specific NSS features:
|
||||
# ---------------------------------------------------------------
|
||||
# NSS_ENABLE_ECC - enable ECC
|
||||
# NSS_DISABLE_ECC - disable ECC
|
||||
# NSS_ECC_MORE_THAN_SUITE_B - enable extended ECC
|
||||
#
|
||||
# Optional environment variables to select which cycles/suites to test:
|
||||
|
@ -46,7 +46,7 @@ cert_init()
|
||||
fi
|
||||
SCRIPTNAME="cert.sh"
|
||||
CRL_GRP_DATE=`date -u "+%Y%m%d%H%M%SZ"`
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
html_head "Certutil and Crlutil Tests with ECC"
|
||||
else
|
||||
html_head "Certutil and Crlutil Tests"
|
||||
@ -292,7 +292,7 @@ cert_create_cert()
|
||||
return $RET
|
||||
fi
|
||||
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
CU_ACTION="Import EC Root CA for $CERTNAME"
|
||||
certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \
|
||||
-d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-ec.ca.cert" 2>&1
|
||||
@ -340,7 +340,7 @@ cert_add_cert()
|
||||
#
|
||||
# Generate and add EC cert
|
||||
#
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
CURVE="secp384r1"
|
||||
CU_ACTION="Generate EC Cert Request for $CERTNAME"
|
||||
CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
|
||||
@ -430,7 +430,7 @@ cert_all_CA()
|
||||
# root.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last
|
||||
# in the chain
|
||||
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
#
|
||||
# Create EC version of TestCA
|
||||
CA_CURVE="secp521r1"
|
||||
@ -671,7 +671,7 @@ cert_smime_client()
|
||||
certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \
|
||||
-i ${R_EVEDIR}/Eve.cert 2>&1
|
||||
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
echo "$SCRIPTNAME: Importing EC Certificates =============================="
|
||||
CU_ACTION="Import Bob's EC cert into Alice's db"
|
||||
certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
|
||||
@ -742,7 +742,7 @@ cert_extended_ssl()
|
||||
certu -A -n "clientCA" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \
|
||||
-i "${CLIENT_CADIR}/clientCA.ca.cert" 2>&1
|
||||
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
#
|
||||
# Repeat the above for EC certs
|
||||
#
|
||||
@ -830,7 +830,7 @@ cert_extended_ssl()
|
||||
certu -A -n "serverCA" -t "C,C,C" -f "${R_PWFILE}" -d "${PROFILEDIR}" \
|
||||
-i "${SERVER_CADIR}/serverCA.ca.cert" 2>&1
|
||||
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
#
|
||||
# Repeat the above for EC certs
|
||||
#
|
||||
@ -920,7 +920,7 @@ cert_ssl()
|
||||
cert_add_cert
|
||||
CU_ACTION="Modify trust attributes of Root CA -t TC,TC,TC"
|
||||
certu -M -n "TestCA" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC"
|
||||
certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
|
||||
fi
|
||||
@ -1028,7 +1028,7 @@ cert_eccurves()
|
||||
{
|
||||
################# Creating Certs for EC curves test ########################
|
||||
#
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
echo "$SCRIPTNAME: Creating Server CA Issued Certificate for "
|
||||
echo " EC Curves Test Certificates ------------------------------------"
|
||||
|
||||
@ -1088,7 +1088,7 @@ cert_eccurves()
|
||||
fi
|
||||
done
|
||||
|
||||
fi # if NSS_ENABLE_ECC=1
|
||||
fi # $NSS_DISABLE_ECC
|
||||
}
|
||||
|
||||
########################### cert_extensions_test #############################
|
||||
@ -1227,7 +1227,7 @@ EOF_CRLINI
|
||||
CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
|
||||
chmod 600 ${CRL_FILE_GRP_1}_or
|
||||
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
CU_ACTION="Generating CRL (ECC) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-ec authority"
|
||||
|
||||
# Until Bug 292285 is resolved, do not encode x400 Addresses. After
|
||||
@ -1260,7 +1260,7 @@ EOF_CRLINI
|
||||
CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
|
||||
chmod 600 ${CRL_FILE_GRP_1}_or1
|
||||
TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or"
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
CU_ACTION="Modify CRL (ECC) by adding one more cert"
|
||||
crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} \
|
||||
-o ${CRL_FILE_GRP_1}_or1-ec -i ${CRL_FILE_GRP_1}_or-ec <<EOF_CRLINI
|
||||
@ -1284,7 +1284,7 @@ rmcert ${UNREVOKED_CERT_GRP_1}
|
||||
EOF_CRLINI
|
||||
chmod 600 ${CRL_FILE_GRP_1}
|
||||
TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or1"
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
CU_ACTION="Modify CRL (ECC) by removing one cert"
|
||||
crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}-ec \
|
||||
-i ${CRL_FILE_GRP_1}_or1-ec <<EOF_CRLINI
|
||||
@ -1313,7 +1313,7 @@ rmcert ${UNREVOKED_CERT_GRP_2}
|
||||
EOF_CRLINI
|
||||
CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
|
||||
chmod 600 ${CRL_FILE_GRP_2}
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
CU_ACTION="Creating CRL (ECC) for groups 1 and 2"
|
||||
crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_2}-ec \
|
||||
-i ${CRL_FILE_GRP_1}-ec <<EOF_CRLINI
|
||||
@ -1346,7 +1346,7 @@ addext crlNumber 0 2
|
||||
EOF_CRLINI
|
||||
CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
|
||||
chmod 600 ${CRL_FILE_GRP_3}
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
CU_ACTION="Creating CRL (ECC) for groups 1, 2 and 3"
|
||||
crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_3}-ec \
|
||||
-i ${CRL_FILE_GRP_2}-ec <<EOF_CRLINI
|
||||
@ -1366,7 +1366,7 @@ EOF_CRLINI
|
||||
crlu -D -n TestCA -f "${R_PWFILE}" -d "${R_SERVERDIR}"
|
||||
crlu -I -i ${CRL_FILE} -n "TestCA" -f "${R_PWFILE}" -d "${R_SERVERDIR}"
|
||||
CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
CU_ACTION="Importing CRL (ECC) for groups 1"
|
||||
crlu -D -n TestCA-ec -f "${R_PWFILE}" -d "${R_SERVERDIR}"
|
||||
crlu -I -i ${CRL_FILE}-ec -n "TestCA-ec" -f "${R_PWFILE}" \
|
||||
|
@ -80,7 +80,7 @@ package_for_testing:
|
||||
echo 'export USE_64=$(USE_64)' >> $(RTSH)
|
||||
echo 'export BUILD_OPT=$(BUILD_OPT)' >> $(RTSH)
|
||||
echo 'export PKITS_DATA=$(PKITS_DATA)' >> $(RTSH)
|
||||
echo 'export NSS_ENABLE_ECC=$(NSS_ENABLE_ECC)' >> $(RTSH)
|
||||
echo 'export NSS_DISABLE_ECC=$(NSS_DISABLE_ECC)' >> $(RTSH)
|
||||
echo 'export NSS_ECC_MORE_THAN_SUITE_B=$(NSS_ECC_MORE_THAN_SUITE_B)' >> $(RTSH)
|
||||
echo 'export NSPR_LOG_MODULES=$(NSPR_LOG_MODULES)' >> $(RTSH)
|
||||
ifeq ($(OS_TARGET),Android)
|
||||
|
@ -40,7 +40,7 @@ smime_init()
|
||||
fi
|
||||
SCRIPTNAME=smime.sh
|
||||
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
html_head "S/MIME Tests with ECC"
|
||||
else
|
||||
html_head "S/MIME Tests"
|
||||
@ -85,7 +85,7 @@ smime_sign()
|
||||
html_msg $? 0 "Compare Attached Signed Data and Original (${HASH})" "."
|
||||
|
||||
# Test ECDSA signing for all hash algorithms.
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
echo "$SCRIPTNAME: Signing Detached Message ECDSA w/ {$HASH} ------------------"
|
||||
echo "cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}"
|
||||
${PROFTOOL} ${BINDIR}/cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}
|
||||
|
@ -82,7 +82,7 @@ ssl_init()
|
||||
USER_NICKNAME=TestUser
|
||||
NORM_EXT=""
|
||||
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
ECC_STRING=" - with ECC"
|
||||
else
|
||||
ECC_STRING=""
|
||||
@ -202,7 +202,7 @@ start_selfserv()
|
||||
echo "$SCRIPTNAME: $testname ----"
|
||||
fi
|
||||
sparam=`echo $sparam | sed -e 's;_; ;g'`
|
||||
if [ -n "$NSS_ENABLE_ECC" ] && \
|
||||
if [ -z "$NSS_DISABLE_ECC" ] && \
|
||||
[ -z "$NO_ECC_CERTS" -o "$NO_ECC_CERTS" != "1" ] ; then
|
||||
ECC_OPTIONS="-e ${HOSTADDR}-ec"
|
||||
else
|
||||
@ -258,7 +258,7 @@ ssl_cov()
|
||||
html_head "SSL Cipher Coverage $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING"
|
||||
|
||||
testname=""
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
sparam="$CLONG"
|
||||
else
|
||||
sparam="$CSHORT"
|
||||
@ -292,7 +292,7 @@ ssl_cov()
|
||||
|
||||
if [ "$NORM_EXT" = "Extended Test" -a "${SSL2}" -eq 0 ] ; then
|
||||
echo "$SCRIPTNAME: skipping $testname for $NORM_EXT"
|
||||
elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then
|
||||
elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then
|
||||
echo "$SCRIPTNAME: skipping $testname (ECC only)"
|
||||
elif [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] && [ "$SSL2" -eq 0 -o "$EXP" -eq 0 ] ; then
|
||||
echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
|
||||
@ -374,7 +374,7 @@ ssl_auth()
|
||||
echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
|
||||
elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then
|
||||
echo "$SCRIPTNAME: skipping $testname for $NORM_EXT"
|
||||
elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then
|
||||
elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then
|
||||
echo "$SCRIPTNAME: skipping $testname (ECC only)"
|
||||
elif [ "`echo $ectype | cut -b 1`" != "#" ]; then
|
||||
cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
|
||||
@ -557,7 +557,7 @@ ssl_stress()
|
||||
echo "$SCRIPTNAME: skipping $testname for $NORM_EXT"
|
||||
elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then
|
||||
echo "$SCRIPTNAME: skipping $testname for $NORM_EXT"
|
||||
elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then
|
||||
elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then
|
||||
echo "$SCRIPTNAME: skipping $testname (ECC only)"
|
||||
elif [ "${SERVER_MODE}" = "fips" -o "${CLIENT_MODE}" = "fips" ] && [ "${SSL2}" -eq 0 ] ; then
|
||||
echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
|
||||
@ -623,7 +623,7 @@ ssl_crl_ssl()
|
||||
while read ectype value sparam cparam testname
|
||||
do
|
||||
[ "$ectype" = "" ] && continue
|
||||
if [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then
|
||||
echo "$SCRIPTNAME: skipping $testname (ECC only)"
|
||||
elif [ "$ectype" = "SNI" ]; then
|
||||
continue
|
||||
@ -816,7 +816,7 @@ ssl_crl_cache()
|
||||
while read ectype value sparam cparam testname
|
||||
do
|
||||
[ "$ectype" = "" ] && continue
|
||||
if [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then
|
||||
echo "$SCRIPTNAME: skipping $testname (ECC only)"
|
||||
elif [ "$ectype" = "SNI" ]; then
|
||||
continue
|
||||
|
@ -76,7 +76,7 @@ tools_init()
|
||||
fi
|
||||
SCRIPTNAME=tools.sh
|
||||
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
html_head "Tools Tests with ECC"
|
||||
else
|
||||
html_head "Tools Tests"
|
||||
@ -372,7 +372,7 @@ tools_p12_export_list_import_with_default_ciphers()
|
||||
|
||||
export_list_import "DEFAULT" "DEFAULT"
|
||||
|
||||
if [ -n "$NSS_ENABLE_ECC" ] ; then
|
||||
if [ -z "$NSS_DISABLE_ECC" ] ; then
|
||||
echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------"
|
||||
echo "pk12util -o Alice-ec.p12 -n \"Alice-ec\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\"
|
||||
echo " -w ${R_PWFILE}"
|
||||
|
Loading…
Reference in New Issue
Block a user