Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-08 10:44:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 967153: Update to NSS 3.16 beta 4 (NSS 3_16_BETA4), r=me

Browse Source 
--HG--
extra : rebase_source : 192fdf657daa1aae51d9f163b074b8eb6a7aac13
This commit is contained in:
Brian Smith 2014-03-02 17:30:39 -08:00
parent ef27cecd0f
commit 94f4494879
52 changed files with 322 additions and 324 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
security/nss/TAG-INFO
View File

@ -1 +1 @@
NSS_3_16_BETA3
NSS_3_16_BETA4

2
security/nss/automation/buildbot-slave/bbenv-example.sh
View File

@ -19,8 +19,6 @@ ARCH=$(uname -s)
ulimit -c unlimited 2> /dev/null
export NSS_ENABLE_ECC=1
export NSS_ECC_MORE_THAN_SUITE_B=1
export NSPR_LOG_MODULES="pkix:1"
#export JAVA_HOME_32=

2
security/nss/automation/buildbot-slave/build.sh
View File

@ -288,7 +288,7 @@ prepare()
mv ${OUTPUTDIR} ${OUTPUTDIR}.last >/dev/null 2>&1
mkdir -p ${OUTPUTDIR}
if [ -n "${NSS_ENABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then
if [ -z "${NSS_DISABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then
cd ${HGDIR}/nss
ECF="lib/freebl/ecl/ecl-curve.h"
print_log "hg revert -r NSS_3_11_1_RTM ${ECF}"

50
security/nss/cmd/bltest/blapitest.c
View File

@ -21,7 +21,7 @@
#include "secoid.h"
#include "nssutil.h"
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
#include "ecl-curve.h"
SECStatus EC_DecodeParams(const SECItem *encodedParams,
ECParams **ecparams);
@ -133,7 +133,7 @@ static void Usage()
PRINTUSAGE(progName, "-S -m mode", "Sign a buffer");
PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]");
PRINTUSAGE("", "", "[-b bufsize]");
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
PRINTUSAGE("", "", "[-n curvename]");
#endif
PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
@ -141,7 +141,7 @@ static void Usage()
PRINTUSAGE("", "-i", "file which contains input buffer");
PRINTUSAGE("", "-o", "file for signature");
PRINTUSAGE("", "-k", "file which contains key");
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:");
PRINTUSAGE("", "", " sect163k1, nistk163, sect163r1, sect163r2,");
PRINTUSAGE("", "", " nistb163, sect193r1, sect193r2, sect233k1, nistk233,");
@ -390,7 +390,7 @@ dsakey_from_filedata(SECItem *filedata)
return key;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
static ECPrivateKey *
eckey_from_filedata(SECItem *filedata)
{
@ -544,7 +544,7 @@ getECParams(const char *curve)
return ecparams;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
static void
dump_pqg(PQGParams *pqg)
@ -562,7 +562,7 @@ dump_dsakey(DSAPrivateKey *key)
SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0);
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
static void
dump_ecp(ECParams *ecp)
{
@ -651,7 +651,7 @@ typedef enum {
bltestRSA, /* Public Key Ciphers */
bltestRSA_OAEP, /* . (Public Key Enc.) */
bltestRSA_PSS, /* . (Public Key Sig.) */
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
bltestECDSA, /* . (Public Key Sig.) */
#endif
bltestDSA, /* . (Public Key Sig.) */
@ -690,7 +690,7 @@ static char *mode_strings[] =
"rsa",
"rsa_oaep",
"rsa_pss",
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
"ecdsa",
#endif
/*"pqg",*/
@ -744,7 +744,7 @@ typedef struct
PQGParams *pqg;
} bltestDSAParams;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
typedef struct
{
char *curveName;
@ -763,7 +763,7 @@ typedef struct
union {
bltestRSAParams rsa;
bltestDSAParams dsa;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
bltestECDSAParams ecdsa;
#endif
} cipherParams;
@ -1266,7 +1266,7 @@ dsa_verifyDigest(void *cx, SECItem *output, const SECItem *input)
return DSA_VerifyDigest((DSAPublicKey *)params->pubKey, output, input);
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
SECStatus
ecdsa_signDigest(void *cx, SECItem *output, const SECItem *input)
{
@ -1720,7 +1720,7 @@ bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
return SECSuccess;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
SECStatus
bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
{
@ -2077,7 +2077,7 @@ finish:
SECStatus
pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
int keysize, int exponent, char *curveName)
#else
int keysize, int exponent)
@ -2090,7 +2090,7 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
RSAPrivateKey **rsaKey = NULL;
bltestDSAParams *dsap;
DSAPrivateKey **dsaKey = NULL;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
SECItem *tmpECParamsDER;
ECParams *tmpECParams = NULL;
SECItem ecSerialize[3];
@ -2132,7 +2132,7 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
dsap->keysize = (*dsaKey)->params.prime.len*8;
}
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case bltestECDSA:
ecKey = (ECPrivateKey **)&asymk->privKey;
if (curveName != NULL) {
@ -2244,7 +2244,7 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
}
return bltest_dsa_init(cipherInfo, encrypt);
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case bltestECDSA:
if (encrypt) {
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
@ -2494,7 +2494,7 @@ cipherFinish(bltestCipherInfo *cipherInfo)
case bltestRSA_PSS: /* will be freed with it. */
case bltestRSA_OAEP:
case bltestDSA:
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case bltestECDSA:
#endif
case bltestMD2: /* hash contexts are ephemeral */
@ -2674,7 +2674,7 @@ print_td:
fprintf(stdout, "%8d", info->params.asymk.cipherParams.dsa.keysize);
}
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case bltestECDSA:
if (td) {
fprintf(stdout, "%12s", "ec_curve");
@ -2906,7 +2906,7 @@ get_params(PLArenaPool *arena, bltestParams *params,
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j);
load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case bltestECDSA:
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
@ -3128,7 +3128,7 @@ dump_file(bltestCipherMode mode, char *filename)
load_file_data(arena, &keydata, filename, bltestBase64Encoded);
key = dsakey_from_filedata(&keydata.buf);
dump_dsakey(key);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
} else if (mode == bltestECDSA) {
ECPrivateKey *key;
load_file_data(arena, &keydata, filename, bltestBase64Encoded);
@ -3373,7 +3373,7 @@ enum {
opt_Key,
opt_HexWSpc,
opt_Mode,
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
opt_CurveName,
#endif
opt_Output,
@ -3426,7 +3426,7 @@ static secuCommandFlag bltest_options[] =
{ /* opt_Key */ 'k', PR_TRUE, 0, PR_FALSE },
{ /* opt_HexWSpc */ 'l', PR_FALSE, 0, PR_FALSE },
{ /* opt_Mode */ 'm', PR_TRUE, 0, PR_FALSE },
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
{ /* opt_CurveName */ 'n', PR_TRUE, 0, PR_FALSE },
#endif
{ /* opt_Output */ 'o', PR_TRUE, 0, PR_FALSE },
@ -3461,7 +3461,7 @@ int main(int argc, char **argv)
bltestCipherInfo *cipherInfoListHead, *cipherInfo;
bltestIOMode ioMode;
int bufsize, exponent, curThrdNum;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
char *curveName = NULL;
#endif
int i, commandsEntered;
@ -3695,7 +3695,7 @@ int main(int argc, char **argv)
else
exponent = 65537;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
if (bltest.options[opt_CurveName].activated)
curveName = PORT_Strdup(bltest.options[opt_CurveName].arg);
else
@ -3783,7 +3783,7 @@ int main(int argc, char **argv)
file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660);
}
params->key.mode = bltestBase64Encoded;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
pubkeyInitKey(cipherInfo, file, keysize, exponent, curveName);
#else
pubkeyInitKey(cipherInfo, file, keysize, exponent);

40
security/nss/cmd/certutil/certutil.c
View File

@ -968,7 +968,7 @@ PrintSyntax(char *progName)
"\t\t [-f pwfile] [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
FPS "\t%s -G [-h token-name] -k dsa [-q pqgfile -g key-size] [-f pwfile]\n"
"\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
FPS "\t%s -G [-h token-name] -k ec -q curve [-f pwfile]\n"
"\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|ec|rsa|all]\n",
@ -976,7 +976,7 @@ PrintSyntax(char *progName)
#else
FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|rsa|all]\n",
progName);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
FPS "\t\t [-f pwfile] [-X] [-d certdir] [-P dbprefix]\n");
FPS "\t%s --upgrade-merge --source-dir upgradeDir --upgrade-id uniqueID\n",
progName);
@ -1155,7 +1155,7 @@ static void luG(enum usage_level ul, const char *command)
return;
FPS "%-20s Name of token in which to generate key (default is internal)\n",
" -h token-name");
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
" -k key-type");
FPS "%-20s Key size in bits, (min %d, max %d, default %d) (not for ec)\n",
@ -1165,7 +1165,7 @@ static void luG(enum usage_level ul, const char *command)
" -k key-type");
FPS "%-20s Key size in bits, (min %d, max %d, default %d)\n",
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
FPS "%-20s Set the public exponent value (3, 17, 65537) (rsa only)\n",
" -y exp");
FPS "%-20s Specify the password file\n",
@ -1174,7 +1174,7 @@ static void luG(enum usage_level ul, const char *command)
" -z noisefile");
FPS "%-20s read PQG value from pqgfile (dsa only)\n",
" -q pqgfile");
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
FPS "%-20s Elliptic curve name (ec only)\n",
" -q curve-name");
FPS "%-20s One of nistp256, nistp384, nistp521\n", "");
@ -1286,7 +1286,7 @@ static void luK(enum usage_level ul, const char *command)
" -h token-name ");
FPS "%-20s Key type (\"all\" (default), \"dsa\","
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
" \"ec\","
#endif
" \"rsa\")\n",
@ -1418,11 +1418,11 @@ static void luR(enum usage_level ul, const char *command)
" -s subject");
FPS "%-20s Output the cert request to this file\n",
" -o output-req");
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
#else
FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
" -k key-type-or-id");
FPS "%-20s or nickname of the cert key to use \n",
"");
@ -1432,12 +1432,12 @@ static void luR(enum usage_level ul, const char *command)
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
" -q pqgfile");
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
FPS "%-20s Elliptic curve name (ec only)\n",
" -q curve-name");
FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
"");
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
FPS "%-20s Specify the password file\n",
" -f pwfile");
FPS "%-20s Key database directory (default is ~/.netscape)\n",
@ -1570,11 +1570,11 @@ static void luS(enum usage_level ul, const char *command)
" -c issuer-name");
FPS "%-20s Set the certificate trust attributes (see -A above)\n",
" -t trustargs");
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
#else
FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
" -k key-type-or-id");
FPS "%-20s Name of token in which to generate key (default is internal)\n",
" -h token-name");
@ -1582,12 +1582,12 @@ static void luS(enum usage_level ul, const char *command)
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
" -q pqgfile");
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
FPS "%-20s Elliptic curve name (ec only)\n",
" -q curve-name");
FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
"");
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
FPS "%-20s Self sign\n",
" -x");
FPS "%-20s Cert serial number\n",
@ -2448,12 +2448,12 @@ certutil_main(int argc, char **argv, PRBool initialize)
progName, MIN_KEY_BITS, MAX_KEY_BITS);
return 255;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
if (keytype == ecKey) {
PR_fprintf(PR_STDERR, "%s -g: Not for ec keys.\n", progName);
return 255;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
}
@ -2483,10 +2483,10 @@ certutil_main(int argc, char **argv, PRBool initialize)
keytype = rsaKey;
} else if (PL_strcmp(arg, "dsa") == 0) {
keytype = dsaKey;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
} else if (PL_strcmp(arg, "ec") == 0) {
keytype = ecKey;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
} else if (PL_strcmp(arg, "all") == 0) {
keytype = nullKey;
} else {
@ -2539,7 +2539,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
/* -q PQG file or curve name */
if (certutil.options[opt_PQGFile].activated) {
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
if ((keytype != dsaKey) && (keytype != ecKey)) {
PR_fprintf(PR_STDERR, "%s -q: specifies a PQG file for DSA keys" \
" (-k dsa) or a named curve for EC keys (-k ec)\n)",
@ -2548,7 +2548,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
if (keytype != dsaKey) {
PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)",
progName);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
return 255;
}
}

10
security/nss/cmd/certutil/keystuff.c
View File

@ -356,7 +356,7 @@ CERTUTIL_FileForRNG(const char *noise)
return SECSuccess;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
typedef struct curveNameTagPairStr {
char *curveName;
SECOidTag curveOidTag;
@ -484,7 +484,7 @@ getECParams(const char *curve)
return ecparams;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
SECKEYPrivateKey *
CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
@ -545,14 +545,14 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
params = (void *)&default_pqg_params;
}
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case ecKey:
mechanism = CKM_EC_KEY_PAIR_GEN;
/* For EC keys, PQGFile determines EC parameters */
if ((params = (void *) getECParams(pqgFile)) == NULL)
return NULL;
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
return NULL;
}
@ -567,7 +567,7 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
switch (keytype) {
case dsaKey: if (dsaparams) CERTUTIL_DestroyParamsPQG(dsaparams);
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case ecKey: SECITEM_FreeItem((SECItem *)params, PR_TRUE); break;
#endif
default: /* nothing to free */ break;

10
security/nss/cmd/fipstest/fipstest.c
View File

@ -22,7 +22,7 @@
#include "../../lib/freebl/mpi/mpi.h"
#endif
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
extern SECStatus
EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams);
extern SECStatus
@ -1849,7 +1849,7 @@ int get_next_line(FILE *req, char *key, char *val, FILE *rsp)
return (c == EOF) ? -1 : ignore;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
typedef struct curveNameTagPairStr {
char *curveName;
SECOidTag curveOidTag;
@ -2530,7 +2530,7 @@ loser:
}
fclose(ecdsareq);
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/*
@ -5327,7 +5327,7 @@ int main(int argc, char **argv)
/* Signature Verification Test */
dsa_sigver_test(argv[3]);
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/*************/
/* ECDSA */
/*************/
@ -5346,7 +5346,7 @@ int main(int argc, char **argv)
/* Signature Verification Test */
ecdsa_sigver_test(argv[3]);
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/*************/
/* RNG */
/*************/

6
security/nss/cmd/lib/secutil.c
View File

@ -1364,7 +1364,7 @@ secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level)
}
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
static void
secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
{
@ -1382,7 +1382,7 @@ secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
SECU_PrintObjectID(out, &curveOID, "Curve", level +1);
}
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
void
SECU_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
@ -1426,7 +1426,7 @@ secu_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena,
SECU_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1);
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case ecKey:
secu_PrintECPublicKey(out, pk, "EC Public Key", level +1);
break;

18
security/nss/cmd/selfserv/selfserv.c
View File

@ -160,11 +160,11 @@ PrintUsageHeader(const char *progName)
" [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n"
" [-V [min-version]:[max-version]] [-a sni_name]\n"
" [ T <good|revoked|unknown|badsig|corrupted|none|ocsp>] [-A ca]\n"
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
" [-C SSLCacheEntries] [-e ec_nickname]\n"
#else
" [-C SSLCacheEntries]\n"
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
,progName);
}
@ -2133,7 +2133,7 @@ main(int argc, char **argv)
{
char * progName = NULL;
char * nickName = NULL;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
char * ecNickName = NULL;
#endif
const char * fileName = NULL;
@ -2246,9 +2246,9 @@ main(int argc, char **argv)
case 'd': dir = optstate->value; break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case 'e': ecNickName = PORT_Strdup(optstate->value); break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
case 'f':
pwdata.source = PW_FROMFILE;
@ -2362,7 +2362,7 @@ main(int argc, char **argv)
}
if ((nickName == NULL)
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
&& (ecNickName == NULL)
#endif
) {
@ -2593,7 +2593,7 @@ main(int argc, char **argv)
setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_rsa], kt_rsa,
&pwdata);
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
if (ecNickName) {
cert[kt_ecdh] = PK11_FindCertFromNickname(ecNickName, &pwdata);
if (cert[kt_ecdh] == NULL) {
@ -2620,7 +2620,7 @@ main(int argc, char **argv)
setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_ecdh], kt_ecdh,
&pwdata);
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
if (testbypass)
goto cleanup;
@ -2691,7 +2691,7 @@ cleanup:
if (certPrefix && certPrefix != emptyString) {
PORT_Free(certPrefix);
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
if (ecNickName) {
PORT_Free(ecNickName);
}

6
security/nss/coreconf/config.mk
View File

@ -146,10 +146,10 @@ endif
# [16.0] Global environ ment defines
#######################################################################
ifdef NSS_ENABLE_ECC
DEFINES += -DNSS_ENABLE_ECC
ifdef NSS_DISABLE_ECC
DEFINES += -DNSS_DISABLE_ECC
endif
ifdef NSS_ECC_MORE_THAN_SUITE_B
DEFINES += -DNSS_ECC_MORE_THAN_SUITE_B
endif

1
security/nss/coreconf/coreconf.dep
View File

@ -10,4 +10,3 @@
*/
#error "Do not include this header file."

1
security/nss/coverage/cov.sh
View File

@ -32,7 +32,6 @@ CVS_CHECKOUT_BRANCH="cvs_checkout_${BRANCH}"
export HOST=`hostname`
export DOMSUF=red.iplanet.com
export NSS_ENABLE_ECC=1
export NSS_ECC_MORE_THAN_SUITE_B=1
export IOPR_HOSTADDR_LIST="dochinups.red.iplanet.com"
export NSS_AIA_PATH="/share/builds/mccrel3/security/aia_certs"

4
security/nss/lib/freebl/Makefile
View File

@ -449,14 +449,14 @@ else
endif # Solaris for non-sparc family CPUs
endif # target == SunOS
ifdef NSS_ENABLE_ECC
ifndef NSS_DISABLE_ECC
ifdef ECL_USE_FP
#enable floating point ECC code
DEFINES += -DECL_USE_FP
ECL_SRCS += ecp_fp160.c ecp_fp192.c ecp_fp224.c ecp_fp.c
ECL_HDRS += ecp_fp.h
endif
endif # NSS_ENABLE_ECC
endif
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #

40
security/nss/lib/freebl/ec.c
View File

@ -16,7 +16,7 @@
#include "ec.h"
#include "ecl.h"
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/*
* Returns true if pointP is the point at infinity, false otherwise
@ -192,7 +192,7 @@ cleanup:
return rv;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/* Generates a new EC key pair. The private key is a supplied
* value and the public key is the result of performing a scalar
@ -203,7 +203,7 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
const unsigned char *privKeyBytes, int privKeyLen)
{
SECStatus rv = SECFailure;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
PLArenaPool *arena;
ECPrivateKey *key;
mp_int k;
@ -301,7 +301,7 @@ cleanup:
#endif
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
return rv;
@ -317,15 +317,15 @@ EC_NewKeyFromSeed(ECParams *ecParams, ECPrivateKey **privKey,
const unsigned char *seed, int seedlen)
{
SECStatus rv = SECFailure;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
rv = ec_NewKey(ecParams, privKey, seed, seedlen);
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
return rv;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/* Generate a random private key using the algorithm A.4.1 of ANSI X9.62,
* modified a la FIPS 186-2 Change Notice 1 to eliminate the bias in the
* random number generator.
@ -381,7 +381,7 @@ cleanup:
}
return privKeyBytes;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/* Generates a new EC key pair. The private key is a random value and
* the public key is the result of performing a scalar point multiplication
@ -391,7 +391,7 @@ SECStatus
EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey)
{
SECStatus rv = SECFailure;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
int len;
unsigned char *privKeyBytes = NULL;
@ -416,7 +416,7 @@ cleanup:
#endif
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
return rv;
}
@ -430,7 +430,7 @@ cleanup:
SECStatus
EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue)
{
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
mp_int Px, Py;
ECGroup *group = NULL;
SECStatus rv = SECFailure;
@ -506,7 +506,7 @@ cleanup:
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
return SECFailure;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
}
/*
@ -527,7 +527,7 @@ ECDH_Derive(SECItem *publicValue,
SECItem *derivedSecret)
{
SECStatus rv = SECFailure;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
unsigned int len = 0;
SECItem pointQ = {siBuffer, NULL, 0};
mp_int k; /* to hold the private value */
@ -596,7 +596,7 @@ cleanup:
}
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
return rv;
}
@ -610,7 +610,7 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
const SECItem *digest, const unsigned char *kb, const int kblen)
{
SECStatus rv = SECFailure;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
mp_int x1;
mp_int d, k; /* private key, random integer */
mp_int r, s; /* tuple (r, s) is the signature */
@ -822,7 +822,7 @@ cleanup:
#endif
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
return rv;
}
@ -835,7 +835,7 @@ SECStatus
ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest)
{
SECStatus rv = SECFailure;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
int len;
unsigned char *kBytes= NULL;
@ -863,7 +863,7 @@ cleanup:
#endif
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
return rv;
}
@ -876,7 +876,7 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
const SECItem *digest)
{
SECStatus rv = SECFailure;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
mp_int r_, s_; /* tuple (r', s') is received signature) */
mp_int c, u1, u2, v; /* intermediate values used in verification */
mp_int x1;
@ -1073,7 +1073,7 @@ cleanup:
#endif
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
return rv;
}

2
security/nss/lib/freebl/loader.c
View File

@ -80,6 +80,8 @@ getLibName(void)
}
#elif defined(HPUX) && !defined(NSS_USE_64) && !defined(__ia64)
#include <unistd.h>
/* This code tests to see if we're running on a PA2.x CPU.
** It returns true (1) if so, and false (0) otherwise.
*/

2
security/nss/lib/freebl/manifest.mn
View File

@ -69,7 +69,7 @@ MPI_SRCS = mpprime.c mpmontg.c mplogic.c mpi.c mp_gf2m.c
ECL_HDRS = ecl-exp.h ecl.h ec2.h ecp.h ecl-priv.h
ifdef NSS_ENABLE_ECC
ifndef NSS_DISABLE_ECC
ECL_SRCS = ecl.c ecl_curve.c ecl_mult.c ecl_gf.c \
ecp_aff.c ecp_jac.c ecp_mont.c \
ec_naf.c ecp_jm.c ecp_256.c ecp_384.c ecp_521.c \

4
security/nss/lib/freebl/mpi/target.mk
View File

@ -205,7 +205,7 @@ ifeq ($(TARGET),WIN32)
ifeq ($(CPU_ARCH),x86_64)
AS_OBJS = mpi_amd64.obj mpi_amd64_masm.obj mp_comba_amd64_masm.asm
CFLAGS = -Od -Z7 -MDd -W3 -nologo -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USER)
CFLAGS += -DWIN32 -DWIN64 -D_WINDOWS -D_AMD_64_ -D_M_AMD64 -DWIN95 -DXP_PC -DNSS_ENABLE_ECC
CFLAGS += -DWIN32 -DWIN64 -D_WINDOWS -D_AMD_64_ -D_M_AMD64 -DWIN95 -DXP_PC
CFLAGS += $(MPICMN)
$(AS_OBJS): %.obj : %.asm
@ -220,7 +220,7 @@ MPICMN += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD -DMP_API_COMPATIBLE
MPICMN += -DMP_MONT_USE_MP_MUL
MPICMN += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
CFLAGS = -Od -Z7 -MDd -W3 -nologo -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USER)
CFLAGS += -DWIN32 -D_WINDOWS -D_X86_ -DWIN95 -DXP_PC -DNSS_ENABLE_ECC
CFLAGS += -DWIN32 -D_WINDOWS -D_X86_ -DWIN95 -DXP_PC
CFLAGS += $(MPICMN)
$(AS_OBJS): %.obj : %.asm

2
security/nss/lib/nss/nss.h
View File

@ -9,7 +9,7 @@
#define __nss_h_
/* The private macro _NSS_ECC_STRING is for NSS internal use only. */
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
#ifdef NSS_ECC_MORE_THAN_SUITE_B
#define _NSS_ECC_STRING " Extended ECC"
#else

4
security/nss/lib/softoken/ecdecode.c
View File

@ -2,7 +2,7 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
#include "blapi.h"
#include "secoid.h"
@ -603,4 +603,4 @@ EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams)
}
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */

8
security/nss/lib/softoken/fipstest.c
View File

@ -13,7 +13,7 @@
#include "pkcs11.h" /* Required for PKCS #11. */
#include "secerr.h"
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
#include "ec.h" /* Required for ECDSA */
#endif
@ -1612,7 +1612,7 @@ rsa_loser:
return( CKR_DEVICE_ERROR );
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
static CK_RV
sftk_fips_ECDSA_Test(const PRUint8 *encodedParams,
@ -1795,7 +1795,7 @@ sftk_fips_ECDSA_PowerUpSelfTest() {
return( CKR_OK );
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
static CK_RV
sftk_fips_DSA_PowerUpSelfTest( void )
@ -2080,7 +2080,7 @@ sftk_fipsPowerUpSelfTest( void )
if( rv != CKR_OK )
return rv;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/* ECDSA Power-Up SelfTest(s). */
rv = sftk_fips_ECDSA_PowerUpSelfTest();

16
security/nss/lib/softoken/legacydb/keydb.c
View File

@ -1143,12 +1143,12 @@ nsslowkey_KeyForCertExists(NSSLOWKEYDBHandle *handle, NSSLOWCERTCertificate *cer
namekey.data = pubkey->u.dh.publicValue.data;
namekey.size = pubkey->u.dh.publicValue.len;
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
namekey.data = pubkey->u.ec.publicValue.data;
namekey.size = pubkey->u.ec.publicValue.len;
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
/* XXX We don't do Fortezza or DH yet. */
return PR_FALSE;
@ -1475,7 +1475,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
SECItem *der_item = NULL;
SECItem *cipherText = NULL;
SECItem *dummy = NULL;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
SECItem *fordebug = NULL;
int savelen;
#endif
@ -1555,7 +1555,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
goto loser;
}
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
lg_prepare_low_ec_priv_key_for_asn1(pk);
/* Public value is encoded as a bit string so adjust length
@ -1594,7 +1594,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
pk->keyType, fordebug);
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
/* We don't support DH or Fortezza private keys yet */
PORT_Assert(PR_FALSE);
@ -1704,7 +1704,7 @@ seckey_decrypt_private_key(SECItem*epki,
SECStatus rv = SECFailure;
PLArenaPool *temparena = NULL, *permarena = NULL;
SECItem *dest = NULL;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
SECItem *fordebug = NULL;
#endif
@ -1812,7 +1812,7 @@ seckey_decrypt_private_key(SECItem*epki,
lg_nsslowkey_DHPrivateKeyTemplate,
&newPrivateKey);
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
pk->keyType = NSSLOWKEYECKey;
lg_prepare_low_ec_priv_key_for_asn1(pk);
@ -1849,7 +1849,7 @@ seckey_decrypt_private_key(SECItem*epki,
}
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
rv = SECFailure;
break;

20
security/nss/lib/softoken/legacydb/lgattr.c
View File

@ -423,11 +423,11 @@ lg_GetPubItem(NSSLOWKEYPublicKey *pubKey) {
case NSSLOWKEYDHKey:
pubItem = &pubKey->u.dh.publicValue;
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
pubItem = &pubKey->u.ec.publicValue;
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
break;
}
@ -551,7 +551,7 @@ lg_FindDHPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
return lg_invalidAttribute(attribute);
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
static CK_RV
lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
CK_ATTRIBUTE *attribute)
@ -601,7 +601,7 @@ lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
}
return lg_invalidAttribute(attribute);
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
static CK_RV
@ -653,10 +653,10 @@ lg_FindPublicKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
return lg_FindDSAPublicKeyAttribute(key,type,attribute);
case NSSLOWKEYDHKey:
return lg_FindDHPublicKeyAttribute(key,type,attribute);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
return lg_FindECPublicKeyAttribute(key,type,attribute);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
break;
}
@ -945,7 +945,7 @@ lg_FindDHPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
return lg_invalidAttribute(attribute);
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
static CK_RV
lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
CK_ATTRIBUTE *attribute, SDB *sdbpw)
@ -983,7 +983,7 @@ lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
}
return lg_invalidAttribute(attribute);
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
static CK_RV
lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
@ -1030,10 +1030,10 @@ lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
return lg_FindDSAPrivateKeyAttribute(key,type,attribute,obj->sdb);
case NSSLOWKEYDHKey:
return lg_FindDHPrivateKeyAttribute(key,type,attribute,obj->sdb);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
return lg_FindECPrivateKeyAttribute(key,type,attribute,obj->sdb);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
break;
}

20
security/nss/lib/softoken/legacydb/lgcreate.c
View File

@ -399,10 +399,10 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
NSSLOWKEYPrivateKey *priv;
SECItem pubKeySpace = {siBuffer, NULL, 0};
SECItem *pubKey;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
SECItem pubKey2Space = {siBuffer, NULL, 0};
PLArenaPool *arena = NULL;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
NSSLOWKEYDBHandle *keyHandle = NULL;
@ -410,11 +410,11 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
case CKK_RSA:
pubKeyAttr = CKA_MODULUS;
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case CKK_EC:
pubKeyAttr = CKA_EC_POINT;
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
case CKK_DSA:
case CKK_DH:
break;
@ -427,7 +427,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
crv = lg_Attribute2SSecItem(NULL,pubKeyAttr,templ,count,pubKey);
if (crv != CKR_OK) return crv;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
if (key_type == CKK_EC) {
SECStatus rv;
/*
@ -450,7 +450,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
pubKey = &pubKey2Space;
}
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
PORT_Assert(pubKey->data);
if (pubKey->data == NULL) {
@ -471,7 +471,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
/* make sure the associated private key already exists */
/* only works if we are logged in */
priv = nsslowkey_FindKeyByPublicKey(keyHandle, pubKey, sdb /*password*/);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
if (priv == NULL && pubKey == &pubKey2Space) {
/* no match on the decoded key, match the original pubkey */
pubKey = &pubKeySpace;
@ -492,7 +492,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
done:
PORT_Free(pubKeySpace.data);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
if (arena)
PORT_FreeArena(arena, PR_FALSE);
#endif
@ -599,7 +599,7 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count,
}
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case CKK_EC:
privKey->keyType = NSSLOWKEYECKey;
crv = lg_Attribute2SSecItem(arena, CKA_EC_PARAMS,templ,count,
@ -628,7 +628,7 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count,
NSSLOWKEY_EC_PRIVATE_KEY_VERSION);
if (rv != SECSuccess) crv = CKR_HOST_MEMORY;
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
crv = CKR_KEY_TYPE_INCONSISTENT;

4
security/nss/lib/softoken/legacydb/lowcert.c
View File

@ -793,7 +793,7 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert)
nsslowcert_DHPublicKeyTemplate, &os);
if (rv == SECSuccess) return pubk;
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
pubk->keyType = NSSLOWKEYECKey;
/* Since PKCS#11 directly takes the DER encoding of EC params
@ -814,7 +814,7 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert)
rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue, &os);
if (rv == SECSuccess) return pubk;
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
rv = SECFailure;
break;

12
security/nss/lib/softoken/legacydb/lowkey.c
View File

@ -99,7 +99,7 @@ const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[] = {
{ 0, }
};
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/* XXX This is just a placeholder for later when we support
* generic curves and need full-blown support for parsing EC
@ -216,7 +216,7 @@ LGEC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
loser:
return SECFailure;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/*
* See bugzilla bug 125359
* Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
@ -266,7 +266,7 @@ lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
key->u.dh.privateValue.type = siUnsignedInteger;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
void
lg_prepare_low_ecparams_for_asn1(ECParams *params)
{
@ -283,7 +283,7 @@ lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
key->u.ec.privateValue.type = siUnsignedInteger;
key->u.ec.publicValue.type = siUnsignedInteger;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
void
lg_nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk)
@ -378,7 +378,7 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
if (rv == SECSuccess) return pubk;
}
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
sizeof(NSSLOWKEYPublicKey));
@ -397,7 +397,7 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
if (rv == SECSuccess) return pubk;
}
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/* No Fortezza in Low Key implementations (Fortezza keys aren't
* stored in our data base */
default:

6
security/nss/lib/softoken/legacydb/lowkeyi.h
View File

@ -26,10 +26,10 @@ extern void lg_prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
extern void lg_prepare_low_pqg_params_for_asn1(PQGParams *params);
extern void lg_prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
extern void lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
extern void lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
extern void lg_prepare_low_ecparams_for_asn1(ECParams *params);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
typedef char * (* NSSLOWKEYDBNameFunc)(void *arg, int dbVersion);
@ -135,7 +135,7 @@ extern char *
nsslowkey_FindKeyNicknameByPublicKey(NSSLOWKEYDBHandle *handle,
SECItem *modulus, SDB *sdb);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/*
* smaller version of EC_FillParams. In this code, we only need
* oid and DER data.

4
security/nss/lib/softoken/legacydb/lowkeyti.h
View File

@ -43,11 +43,11 @@ extern const SEC_ASN1Template lg_nsslowkey_RSAPrivateKeyTemplate2[];
extern const SEC_ASN1Template lg_nsslowkey_DSAPrivateKeyTemplate[];
extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[];
extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyExportTemplate[];
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
#define NSSLOWKEY_EC_PRIVATE_KEY_VERSION 1 /* as per SECG 1 C.4 */
extern const SEC_ASN1Template lg_nsslowkey_ECParamsTemplate[];
extern const SEC_ASN1Template lg_nsslowkey_ECPrivateKeyTemplate[];
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
extern const SEC_ASN1Template lg_nsslowkey_PrivateKeyInfoTemplate[];
extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[];

18
security/nss/lib/softoken/lowkey.c
View File

@ -9,7 +9,7 @@
#include "secasn1.h"
#include "secerr.h"
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
#include "softoken.h"
#endif
@ -91,7 +91,7 @@ const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[] = {
{ 0, }
};
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/* XXX This is just a placeholder for later when we support
* generic curves and need full-blown support for parsing EC
@ -140,7 +140,7 @@ const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[] = {
SEC_ASN1_SUB(SEC_BitStringTemplate) },
{ 0, }
};
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/*
* See bugzilla bug 125359
* Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
@ -196,7 +196,7 @@ prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
key->u.dh.privateValue.type = siUnsignedInteger;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
void
prepare_low_ecparams_for_asn1(ECParams *params)
{
@ -213,7 +213,7 @@ prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
key->u.ec.privateValue.type = siUnsignedInteger;
key->u.ec.publicValue.type = siUnsignedInteger;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
void
nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk)
@ -341,7 +341,7 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
if (rv == SECSuccess) return pubk;
}
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
sizeof(NSSLOWKEYPublicKey));
@ -360,7 +360,7 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
if (rv == SECSuccess) return pubk;
}
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/* No Fortezza in Low Key implementations (Fortezza keys aren't
* stored in our data base */
default:
@ -459,7 +459,7 @@ nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey)
&(privKey->u.dh.base));
if(rv != SECSuccess) break;
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.version),
&(privKey->u.ec.version));
@ -476,7 +476,7 @@ nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey)
&(privKey->u.ec.ecParams));
if (rv != SECSuccess) break;
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
rv = SECFailure;
}

4
security/nss/lib/softoken/lowkeyi.h
View File

@ -25,10 +25,10 @@ extern void prepare_low_pqg_params_for_asn1(PQGParams *params);
extern void prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
extern void prepare_low_dsa_priv_key_export_for_asn1(NSSLOWKEYPrivateKey *key);
extern void prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
extern void prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
extern void prepare_low_ecparams_for_asn1(ECParams *params);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/*
** Destroy a private key object.

4
security/nss/lib/softoken/lowkeyti.h
View File

@ -20,11 +20,11 @@ extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyTemplate[];
extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyExportTemplate[];
extern const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[];
extern const SEC_ASN1Template nsslowkey_DHPrivateKeyExportTemplate[];
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
#define NSSLOWKEY_EC_PRIVATE_KEY_VERSION 1 /* as per SECG 1 C.4 */
extern const SEC_ASN1Template nsslowkey_ECParamsTemplate[];
extern const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[];
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
extern const SEC_ASN1Template nsslowkey_PrivateKeyInfoTemplate[];
extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[];

20
security/nss/lib/softoken/pkcs11.c
View File

@ -302,7 +302,7 @@ static const struct mechanismList mechanisms[] = {
CKF_GENERATE_KEY_PAIR}, PR_TRUE},
{CKM_DH_PKCS_DERIVE, {DH_MIN_P_BITS, DH_MAX_P_BITS,
CKF_DERIVE}, PR_TRUE},
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/* -------------------- Elliptic Curve Operations --------------------- */
{CKM_EC_KEY_PAIR_GEN, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS,
CKF_GENERATE_KEY_PAIR|CKF_EC_BPNU}, PR_TRUE},
@ -312,7 +312,7 @@ static const struct mechanismList mechanisms[] = {
CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE},
{CKM_ECDSA_SHA1, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS,
CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE},
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/* ------------------------- RC2 Operations --------------------------- */
{CKM_RC2_KEY_GEN, {1, 128, CKF_GENERATE}, PR_TRUE},
{CKM_RC2_ECB, {1, 128, CKF_EN_DE_WR_UN}, PR_TRUE},
@ -927,7 +927,7 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object,
recover = CK_FALSE;
wrap = CK_FALSE;
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case CKK_EC:
if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) {
return CKR_TEMPLATE_INCOMPLETE;
@ -941,7 +941,7 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object,
recover = CK_FALSE;
wrap = CK_FALSE;
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
return CKR_ATTRIBUTE_VALUE_INVALID;
}
@ -1088,7 +1088,7 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE
recover = CK_FALSE;
wrap = CK_FALSE;
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case CKK_EC:
if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) {
return CKR_TEMPLATE_INCOMPLETE;
@ -1101,7 +1101,7 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE
recover = CK_FALSE;
wrap = CK_FALSE;
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
case CKK_NSS_JPAKE_ROUND1:
if (!sftk_hasAttribute(object, CKA_PRIME) ||
!sftk_hasAttribute(object, CKA_SUBPRIME) ||
@ -1708,7 +1708,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type,
crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.publicValue,
object,CKA_VALUE);
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case CKK_EC:
pubKey->keyType = NSSLOWKEYECKey;
crv = sftk_Attribute2SSecItem(arena,
@ -1768,7 +1768,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type,
crv = CKR_ATTRIBUTE_VALUE_INVALID;
}
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
crv = CKR_KEY_TYPE_INCONSISTENT;
break;
@ -1877,7 +1877,7 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp)
* if we don't set it explicitly */
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case CKK_EC:
privKey->keyType = NSSLOWKEYECKey;
crv = sftk_Attribute2SSecItem(arena,
@ -1919,7 +1919,7 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp)
#endif
}
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
crv = CKR_KEY_TYPE_INCONSISTENT;

56
security/nss/lib/softoken/pkcs11c.c
View File

@ -62,7 +62,7 @@ static void sftk_Null(void *data, PRBool freeit)
return;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
#ifdef EC_DEBUG
#define SEC_PRINT(str1, str2, num, sitem) \
printf("pkcs11c.c:%s:%s (keytype=%d) [len=%d]\n", \
@ -74,7 +74,7 @@ static void sftk_Null(void *data, PRBool freeit)
#else
#define SEC_PRINT(a, b, c, d)
#endif
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/*
* free routines.... Free local type allocated data, and convert
@ -120,7 +120,7 @@ sftk_MapCryptError(int error)
return CKR_KEY_SIZE_RANGE; /* the closest error code */
case SEC_ERROR_UNSUPPORTED_EC_POINT_FORM:
return CKR_TEMPLATE_INCONSISTENT;
/* EC functions set this error if NSS_ENABLE_ECC is not defined */
/* EC functions set this error if NSS_DISABLE_ECC is defined */
case SEC_ERROR_UNSUPPORTED_KEYALG:
return CKR_MECHANISM_INVALID;
case SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE:
@ -2242,7 +2242,7 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
return rv;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
static SECStatus
nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen,
void *dataBuf, unsigned int dataLen)
@ -2277,7 +2277,7 @@ nsc_ECDSASignStub(void *ctx, void *sigBuf,
*sigLen = signature.len;
return rv;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/* NSC_SignInit setups up the signing operations. There are three basic
* types of signing:
@ -2429,7 +2429,7 @@ finish_rsa:
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case CKM_ECDSA_SHA1:
context->multi = PR_TRUE;
crv = sftk_doSubSHA1(context);
@ -2452,7 +2452,7 @@ finish_rsa:
context->maxLen = MAX_ECKEY_LEN * 2;
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
#define INIT_HMAC_MECH(mmm) \
case CKM_ ## mmm ## _HMAC_GENERAL: \
@ -3060,7 +3060,7 @@ finish_rsa:
context->verify = (SFTKVerify) nsc_DSA_Verify_Stub;
context->destroy = sftk_Null;
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case CKM_ECDSA_SHA1:
context->multi = PR_TRUE;
crv = sftk_doSubSHA1(context);
@ -3080,7 +3080,7 @@ finish_rsa:
context->verify = (SFTKVerify) nsc_ECDSAVerifyStub;
context->destroy = sftk_Null;
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
INIT_HMAC_MECH(MD2)
INIT_HMAC_MECH(MD5)
@ -4209,7 +4209,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession,
pairwise_digest_length = subPrimeLen;
mech.mechanism = CKM_DSA;
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case CKK_EC:
signature_length = MAX_ECKEY_LEN * 2;
mech.mechanism = CKM_ECDSA;
@ -4332,12 +4332,12 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession,
int private_value_bits = 0;
DHPrivateKey * dhPriv;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/* Elliptic Curve Cryptography */
SECItem ecEncodedParams; /* DER Encoded parameters */
ECPrivateKey * ecPriv;
ECParams * ecParams;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
CHECK_FORK();
@ -4667,7 +4667,7 @@ dhgn_done:
PORT_FreeArena(dhPriv->arena, PR_TRUE);
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case CKM_EC_KEY_PAIR_GEN:
sftk_DeleteAttributeType(privateKey,CKA_EC_PARAMS);
sftk_DeleteAttributeType(privateKey,CKA_VALUE);
@ -4730,7 +4730,7 @@ ecgn_done:
/* should zeroize, since this function doesn't. */
PORT_FreeArena(ecPriv->ecParams.arena, PR_TRUE);
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
crv = CKR_MECHANISM_INVALID;
@ -4850,7 +4850,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
void *dummy, *param = NULL;
SECStatus rv = SECSuccess;
SECItem *encodedKey = NULL;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
SECItem *fordebug;
int savelen;
#endif
@ -4905,7 +4905,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
nsslowkey_PQGParamsTemplate);
algorithm = SEC_OID_ANSIX9_DSA_SIGNATURE;
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
prepare_low_ec_priv_key_for_asn1(lk);
/* Public value is encoded as a bit string so adjust length
@ -4932,7 +4932,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
algorithm = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
case NSSLOWKEYDHKey:
default:
dummy = NULL;
@ -4965,7 +4965,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
nsslowkey_PrivateKeyInfoTemplate);
*crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
fordebug = encodedKey;
SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType,
fordebug);
@ -5191,7 +5191,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
prepare_low_pqg_params_for_asn1(&lpk->u.dsa.params);
break;
/* case NSSLOWKEYDHKey: */
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
keyTemplate = nsslowkey_ECPrivateKeyTemplate;
paramTemplate = NULL;
@ -5200,7 +5200,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
prepare_low_ec_priv_key_for_asn1(lpk);
prepare_low_ecparams_for_asn1(&lpk->u.ec.ecParams);
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
keyTemplate = NULL;
paramTemplate = NULL;
@ -5215,7 +5215,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
/* decode the private key and any algorithm parameters */
rv = SEC_QuickDERDecodeItem(arena, lpk, keyTemplate, &pki->privateKey);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
if (lpk->keyType == NSSLOWKEYECKey) {
/* convert length in bits to length in bytes */
lpk->u.ec.publicValue.len >>= 3;
@ -5226,7 +5226,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
goto loser;
}
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
if(rv != SECSuccess) {
goto loser;
@ -5321,7 +5321,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
break;
#endif
/* what about fortezza??? */
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
keyType = CKK_EC;
crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK :
@ -5347,7 +5347,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
if(crv != CKR_OK) break;
/* XXX Do we need to decode the EC Params here ?? */
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
crv = CKR_KEY_TYPE_INCONSISTENT;
break;
@ -5657,7 +5657,7 @@ sftk_MapKeySize(CK_KEY_TYPE keyType)
return 0;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/* Inputs:
* key_len: Length of derived key to be generated.
* SharedSecret: a shared secret that is the output of a key agreement primitive.
@ -5768,7 +5768,7 @@ static CK_RV sftk_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len,
else
return CKR_MECHANISM_INVALID;
}
#endif
#endif /* NSS_DISABLE_ECC */
/*
* SSL Key generation given pre master secret
@ -6714,7 +6714,7 @@ key_and_mac_derive_fail:
break;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case CKM_ECDH1_DERIVE:
case CKM_ECDH1_COFACTOR_DERIVE:
{
@ -6872,7 +6872,7 @@ ec_loser:
break;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/* See RFC 5869 and CK_NSS_HKDFParams for documentation. */
case CKM_NSS_HKDF_SHA1: hashType = HASH_AlgSHA1; goto hkdf;

8
security/nss/lib/softoken/pkcs11u.c
View File

@ -1246,7 +1246,7 @@ static const CK_ATTRIBUTE_TYPE dhPubKeyAttrs[] = {
};
static const CK_ULONG dhPubKeyAttrsCount =
sizeof(dhPubKeyAttrs)/sizeof(dhPubKeyAttrs[0]);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
static const CK_ATTRIBUTE_TYPE ecPubKeyAttrs[] = {
CKA_EC_PARAMS, CKA_EC_POINT
};
@ -1279,7 +1279,7 @@ static const CK_ATTRIBUTE_TYPE dhPrivKeyAttrs[] = {
};
static const CK_ULONG dhPrivKeyAttrsCount =
sizeof(dhPrivKeyAttrs)/sizeof(dhPrivKeyAttrs[0]);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
static const CK_ATTRIBUTE_TYPE ecPrivKeyAttrs[] = {
CKA_EC_PARAMS, CKA_VALUE
};
@ -1390,7 +1390,7 @@ stfk_CopyTokenPrivateKey(SFTKObject *destObject,SFTKTokenObject *src_to)
crv = stfk_CopyTokenAttributes(destObject, src_to, dhPrivKeyAttrs,
dhPrivKeyAttrsCount);
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case CKK_EC:
crv = stfk_CopyTokenAttributes(destObject, src_to, ecPrivKeyAttrs,
ecPrivKeyAttrsCount);
@ -1452,7 +1452,7 @@ stfk_CopyTokenPublicKey(SFTKObject *destObject,SFTKTokenObject *src_to)
crv = stfk_CopyTokenAttributes(destObject, src_to, dhPubKeyAttrs,
dhPubKeyAttrsCount);
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case CKK_EC:
crv = stfk_CopyTokenAttributes(destObject, src_to, ecPubKeyAttrs,
ecPubKeyAttrsCount);

2
security/nss/lib/softoken/softkver.h
View File

@ -8,7 +8,7 @@
#ifndef _SOFTKVER_H_
#define _SOFTKVER_H_
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
#ifdef NSS_ECC_MORE_THAN_SUITE_B
#define SOFTOKEN_ECC_STRING " Extended ECC"
#else

2
security/nss/lib/softoken/softoken.h
View File

@ -35,7 +35,7 @@ RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key,
const unsigned char *sig, unsigned int sigLen,
const unsigned char *hash, unsigned int hashLen);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/*
** pepare an ECParam structure from DEREncoded params
*/

10
security/nss/lib/ssl/derive.c
View File

@ -617,7 +617,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
PRBool testrsa_export = PR_FALSE;
PRBool testecdh = PR_FALSE;
PRBool testecdhe = PR_FALSE;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
SECKEYECParams ecParams = { siBuffer, NULL, 0 };
#endif
@ -755,7 +755,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
if (enc_pms.data != NULL) {
SECITEM_FreeItem(&enc_pms, PR_FALSE);
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
for (; (privKeytype == ecKey && ( testecdh || testecdhe)) ||
(privKeytype == rsaKey && testecdhe); ) {
CK_MECHANISM_TYPE target;
@ -859,7 +859,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
PORT_Free(ecParams.data);
ecParams.data = NULL;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
if (pms)
PK11_FreeSymKey(pms);
}
@ -877,12 +877,12 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
if (enc_pms.data != NULL) {
SECITEM_FreeItem(&enc_pms, PR_FALSE);
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
if (ecParams.data != NULL) {
PORT_Free(ecParams.data);
ecParams.data = NULL;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
if (srvPubkey) {
SECKEY_DestroyPublicKey(srvPubkey);

8
security/nss/lib/ssl/dtlscon.c
View File

@ -30,15 +30,15 @@ static const PRUint16 COMMON_MTU_VALUES[] = {
/* List copied from ssl3con.c:cipherSuites */
static const ssl3CipherSuite nonDTLSSuites[] = {
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
TLS_DHE_DSS_WITH_RC4_128_SHA,
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
TLS_ECDH_RSA_WITH_RC4_128_SHA,
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,

102
security/nss/lib/ssl/ssl3con.c
View File

@ -89,7 +89,7 @@ static SECStatus ssl3_AESGCMBypass(ssl3KeyMaterial *keys, PRBool doDecrypt,
static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
/* cipher_suite policy enabled isPresent */
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
@ -105,7 +105,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
@ -122,7 +122,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
{ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
{ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
@ -131,7 +131,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
{ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/* RSA */
{ TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
@ -162,12 +162,12 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
{ SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
/* ciphersuites with no encryption */
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
{ TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
{ SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
@ -224,9 +224,9 @@ compressionEnabled(sslSocket *ss, SSLCompressionMethod compression)
static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = {
ct_RSA_sign,
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
ct_ECDSA_sign,
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
ct_DSS_sign,
};
@ -238,7 +238,7 @@ static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = {
* CertificateVerify messages that use the handshake hash. */
static const PRUint8 supported_signature_algorithms[] = {
tls_hash_sha256, tls_sig_rsa,
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
tls_hash_sha256, tls_sig_ecdsa,
#endif
tls_hash_sha256, tls_sig_dsa,
@ -299,13 +299,13 @@ static const ssl3KEADef kea_defs[] =
{kea_dh_anon, kt_dh, sign_null, PR_FALSE, 0, PR_FALSE},
{kea_dh_anon_export, kt_dh, sign_null, PR_TRUE, 512, PR_FALSE},
{kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE },
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
{kea_ecdh_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE},
{kea_ecdhe_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE},
{kea_ecdh_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE},
{kea_ecdhe_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE},
{kea_ecdh_anon, kt_ecdh, sign_null, PR_FALSE, 0, PR_FALSE},
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
};
/* must use ssl_LookupCipherSuiteDef to access */
@ -405,7 +405,7 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa},
{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa},
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
{TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa},
{TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa},
{TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa},
@ -439,7 +439,7 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
{TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon},
{TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon},
#endif
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
};
static const CK_MECHANISM_TYPE kea_alg_defs[] = {
@ -512,7 +512,7 @@ const char * const ssl3_cipherName[] = {
"missing"
};
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/* The ECCWrappedKeyInfo structure defines how various pieces of
* information are laid out within wrappedSymmetricWrappingkey
* for ECDH key exchange. Since wrappedSymmetricWrappingkey is
@ -534,7 +534,7 @@ typedef struct ECCWrappedKeyInfoStr {
PRUint8 var[MAX_EC_WRAPPED_KEY_BUFLEN]; /* this buffer contains the */
/* EC public-key params, the EC public value and the wrapped key */
} ECCWrappedKeyInfo;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
#if defined(TRACE)
@ -731,7 +731,7 @@ ssl3_config_match_init(sslSocket *ss)
cipher_mech = alg2Mech[cipher_alg].cmech;
exchKeyType =
kea_defs[cipher_def->key_exchange_alg].exchKeyType;
#ifndef NSS_ENABLE_ECC
#ifdef NSS_DISABLE_ECC
svrAuth = ss->serverCerts + exchKeyType;
#else
/* XXX SSLKEAType isn't really a good choice for
@ -765,7 +765,7 @@ ssl3_config_match_init(sslSocket *ss)
svrAuth = ss->serverCerts + exchKeyType;
break;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/* Mark the suites that are backed by real tokens, certs and keys */
suite->isPresent = (PRBool)
@ -924,7 +924,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf,
hashItem.len = hash->len;
}
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case ecKey:
doDerEncode = PR_TRUE;
/* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
@ -937,7 +937,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf,
hashItem.len = hash->len;
}
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
PORT_SetError(SEC_ERROR_INVALID_KEY);
goto done;
@ -1035,7 +1035,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert,
}
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case ecKey:
encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
/* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
@ -1053,7 +1053,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert,
hashItem.len = hash->len;
}
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
SECKEY_DestroyPublicKey(key);
@ -5078,12 +5078,12 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
total_exten_len += 2;
}
#if defined(NSS_ENABLE_ECC)
#ifndef NSS_DISABLE_ECC
if (!total_exten_len || !isTLS) {
/* not sending the elliptic_curves and ec_point_formats extensions */
ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
}
#endif
#endif /* NSS_DISABLE_ECC */
if (IS_DTLS(ss)) {
ssl3_DisableNonDTLSSuites(ss);
@ -5394,11 +5394,11 @@ ssl_UnwrapSymWrappingKey(
{
PK11SymKey * unwrappedWrappingKey = NULL;
SECItem wrappedKey;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
PK11SymKey * Ks;
SECKEYPublicKey pubWrapKey;
ECCWrappedKeyInfo *ecWrapped;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/* found the wrapping key on disk. */
PORT_Assert(pWswk->symWrapMechanism == masterWrapMech);
@ -5420,7 +5420,7 @@ ssl_UnwrapSymWrappingKey(
masterWrapMech, CKA_UNWRAP, 0);
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case kt_ecdh:
/*
* For kt_ecdh, we first create an EC public key based on
@ -5559,12 +5559,12 @@ getWrappingKey( sslSocket * ss,
SECStatus rv;
SECItem wrappedKey;
SSLWrappedSymWrappingKey wswk;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
PK11SymKey * Ks = NULL;
SECKEYPublicKey *pubWrapKey = NULL;
SECKEYPrivateKey *privWrapKey = NULL;
ECCWrappedKeyInfo *ecWrapped;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
svrPrivKey = ss->serverCerts[exchKeyType].SERVERKEY;
PORT_Assert(svrPrivKey != NULL);
@ -5647,7 +5647,7 @@ getWrappingKey( sslSocket * ss,
unwrappedWrappingKey, &wrappedKey);
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case kt_ecdh:
/*
* We generate an ephemeral EC key pair. Perform an ECDH
@ -5733,7 +5733,7 @@ ec_cleanup:
if (Ks) PK11_FreeSymKey(Ks);
asymWrapMechanism = masterWrapMech;
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
rv = SECFailure;
@ -6046,11 +6046,11 @@ ssl3_SendClientKeyExchange(sslSocket *ss)
rv = sendDHClientKeyExchange(ss, serverKey);
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case kt_ecdh:
rv = ssl3_SendECDHClientKeyExchange(ss, serverKey);
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
/* got an unknown or unsupported Key Exchange Algorithm. */
@ -6778,11 +6778,11 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
return SECSuccess;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case kt_ecdh:
rv = ssl3_HandleECDHServerKeyExchange(ss, b, length);
return rv;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
desc = handshake_failure;
@ -7520,14 +7520,14 @@ ssl3_SendServerHelloSequence(sslSocket *ss)
return rv;
#endif
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
} else if ((kea_def->kea == kea_ecdhe_rsa) ||
(kea_def->kea == kea_ecdhe_ecdsa)) {
rv = ssl3_SendServerKeyExchange(ss);
if (rv != SECSuccess) {
return rv; /* err code was set. */
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
}
if (ss->opt.requestCertificate) {
@ -7815,7 +7815,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
}
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/* Disable any ECC cipher suites for which we have no cert. */
ssl3_FilterECCipherSuitesByServerCerts(ss);
#endif
@ -8432,7 +8432,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length)
PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0],
SSL3_RANDOM_LENGTH));
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/* Disable any ECC cipher suites for which we have no cert. */
ssl3_FilterECCipherSuitesByServerCerts(ss);
#endif
@ -8821,12 +8821,12 @@ ssl3_SendServerKeyExchange(sslSocket *ss)
PORT_Free(signed_hash.data);
return SECSuccess;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case kt_ecdh: {
rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash);
return rv;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
case kt_dh:
case kt_null:
@ -9249,9 +9249,9 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
SECStatus rv;
const ssl3KEADef *kea_def;
ssl3KeyPair *serverKeyPair = NULL;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
SECKEYPublicKey *serverPubKey = NULL;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake",
SSL_GETPID(), ss->fd));
@ -9281,7 +9281,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB;
} else
skip:
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/* XXX Using SSLKEAType to index server certifiates
* does not work for (EC)DHE ciphers. Until we have
* an indexing mechanism general enough for all key
@ -9327,7 +9327,7 @@ skip:
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case kt_ecdh:
/* XXX We really ought to be able to store multiple
* EC certs (a requirement if we wish to support both
@ -9349,7 +9349,7 @@ skip:
return SECFailure; /* error code set */
}
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
(void) ssl3_HandshakeFailure(ss);
@ -9954,7 +9954,7 @@ ssl3_AuthCertificate(sslSocket *ss)
if (pubKey) {
ss->sec.keaKeyBits = ss->sec.authKeyBits =
SECKEY_PublicKeyStrengthInBits(pubKey);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
if (ss->sec.keaType == kt_ecdh) {
/* Get authKeyBits from signing key.
* XXX The code below uses a quick approximation of
@ -9980,7 +9980,7 @@ ssl3_AuthCertificate(sslSocket *ss)
*/
}
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
SECKEY_DestroyPublicKey(pubKey);
pubKey = NULL;
}
@ -9988,10 +9988,10 @@ ssl3_AuthCertificate(sslSocket *ss)
ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */
if (ss->ssl3.hs.kea_def->is_limited ||
/* XXX OR server cert is signing only. */
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa ||
ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
ss->ssl3.hs.kea_def->exchKeyType == kt_dh) {
ss->ssl3.hs.ws = wait_server_key; /* allow server_key_exchange */
}
@ -10565,7 +10565,7 @@ xmit_loser:
sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite;
sid->u.ssl3.compression = ss->ssl3.hs.compression;
sid->u.ssl3.policy = ss->ssl3.policy;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
sid->u.ssl3.negotiatedECCurves = ss->ssl3.hs.negotiatedECCurves;
#endif
sid->u.ssl3.exchKeyType = effectiveExchKeyType;
@ -11701,7 +11701,7 @@ ssl3_InitState(sslSocket *ss)
ssl3_InitCipherSpec(ss, ss->ssl3.prSpec);
ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss);
#endif
ssl_ReleaseSpecWriteLock(ss);

4
security/nss/lib/ssl/ssl3ecc.c
View File

@ -30,7 +30,7 @@
#include <stdio.h>
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
#ifndef PK11_SETATTRS
#define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
@ -1258,4 +1258,4 @@ loser:
return SECFailure;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */

6
security/nss/lib/ssl/ssl3ext.c
View File

@ -230,7 +230,7 @@ ssl3_GetSessionTicketKeys(const unsigned char **aes_key,
/* This table is used by the server, to handle client hello extensions. */
static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
{ ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
{ ssl_elliptic_curves_xtn, &ssl3_HandleSupportedCurvesXtn },
{ ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn },
#endif
@ -272,7 +272,7 @@ static const
ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
{ ssl_server_name_xtn, &ssl3_SendServerNameXtn },
{ ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
{ ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn },
{ ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
#endif
@ -2219,7 +2219,7 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
tls_hash_sha256, tls_sig_rsa,
tls_hash_sha384, tls_sig_rsa,
tls_hash_sha1, tls_sig_rsa,
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
tls_hash_sha256, tls_sig_ecdsa,
tls_hash_sha384, tls_sig_ecdsa,
tls_hash_sha1, tls_sig_ecdsa,

4
security/nss/lib/ssl/sslcon.c
View File

@ -3101,7 +3101,7 @@ ssl2_BeginClientHandshake(sslSocket *ss)
return rv;
}
#if defined(NSS_ENABLE_ECC)
#ifndef NSS_DISABLE_ECC
/* ensure we don't neogtiate ECC cipher suites with SSL2 hello */
ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
if (ss->cipherSpecs != NULL) {
@ -3109,7 +3109,7 @@ ssl2_BeginClientHandshake(sslSocket *ss)
ss->cipherSpecs = NULL;
ss->sizeCipherSpecs = 0;
}
#endif
#endif /* NSS_DISABLE_ECC */
if (!ss->cipherSpecs) {
rv = ssl2_ConstructCipherSpecs(ss);

12
security/nss/lib/ssl/sslenum.c
View File

@ -47,7 +47,7 @@
* the third one.
*/
const PRUint16 SSL_ImplementedCiphers[] = {
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
@ -63,7 +63,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
@ -80,7 +80,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_DSS_WITH_RC4_128_SHA,
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
@ -89,7 +89,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
TLS_ECDH_RSA_WITH_RC4_128_SHA,
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
@ -119,12 +119,12 @@ const PRUint16 SSL_ImplementedCiphers[] = {
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
/* ciphersuites with no encryption */
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDH_RSA_WITH_NULL_SHA,
TLS_ECDH_ECDSA_WITH_NULL_SHA,
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
SSL_RSA_WITH_NULL_SHA,
TLS_RSA_WITH_NULL_SHA256,
SSL_RSA_WITH_NULL_MD5,

20
security/nss/lib/ssl/sslimpl.h
View File

@ -288,11 +288,11 @@ typedef struct {
#endif
} ssl3CipherSuiteCfg;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
#define ssl_V3_SUITES_IMPLEMENTED 61
#else
#define ssl_V3_SUITES_IMPLEMENTED 37
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
#define MAX_DTLS_SRTP_CIPHER_SUITES 4
@ -653,9 +653,9 @@ struct sslSessionIDStr {
SSL3KEAType exchKeyType;
/* key type used in exchange algorithm,
* and to wrap the sym wrapping key. */
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
PRUint32 negotiatedECCurves;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/* The following values are NOT restored from the server's on-disk
* session cache, but are restored from the client's cache.
@ -885,9 +885,9 @@ const ssl3CipherSuiteDef *suite_def;
SSL3Finished sFinished[2];
SSL3Opaque data[72];
} finishedMsgs;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
PRUint32 negotiatedECCurves; /* bit mask */
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
PRBool authCertificatePending;
/* Which function should SSL_RestartHandshake* call if we're blocked?
@ -1596,7 +1596,7 @@ int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags);
*/
extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
extern PRBool ssl3_IsECCEnabled(sslSocket *ss);
extern SECStatus ssl3_DisableECCSuites(sslSocket * ss,
@ -1651,7 +1651,7 @@ extern SECStatus ssl3_ECName2Params(PLArenaPool *arena, ECName curve,
ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on);
extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on);
@ -1686,7 +1686,7 @@ extern SECStatus ssl3_NegotiateVersion(sslSocket *ss,
extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/* ECDH functions */
extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss,
SECKEYPublicKey * svrPubKey);
@ -1771,7 +1771,7 @@ extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert,
const CERTCertificateList *certChain,
ssl3KeyPair *keyPair, SSLKEAType kea);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss,
PRBool append, PRUint32 maxBytes);
extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss,

4
security/nss/lib/ssl/sslinfo.c
View File

@ -171,7 +171,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
{0,CS(SSL_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, },
{0,CS(SSL_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, },
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/* ECC cipher suites */
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
@ -201,7 +201,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
{0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/* SSL 2 table */
{0,CK(SSL_CK_RC4_128_WITH_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },

4
security/nss/lib/ssl/sslsecur.c
View File

@ -696,11 +696,11 @@ NSS_FindCertKEAType(CERTCertificate * cert)
case SEC_OID_X942_DIFFIE_HELMAN_KEY:
keaType = kt_dh;
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
keaType = kt_ecdh;
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
keaType = kt_null;
}

2
security/nss/lib/ssl/sslt.h
View File

@ -181,7 +181,7 @@ typedef enum {
typedef enum {
ssl_server_name_xtn = 0,
ssl_cert_status_xtn = 5,
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
ssl_elliptic_curves_xtn = 10,
ssl_ec_point_formats_xtn = 11,
#endif

2
security/nss/tests/all.sh
View File

@ -59,7 +59,7 @@
#
# Optional environment variables to enable specific NSS features:
# ---------------------------------------------------------------
# NSS_ENABLE_ECC - enable ECC
# NSS_DISABLE_ECC - disable ECC
# NSS_ECC_MORE_THAN_SUITE_B - enable extended ECC
#
# Optional environment variables to select which cycles/suites to test:

32
security/nss/tests/cert/cert.sh
View File

@ -46,7 +46,7 @@ cert_init()
fi
SCRIPTNAME="cert.sh"
CRL_GRP_DATE=`date -u "+%Y%m%d%H%M%SZ"`
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
html_head "Certutil and Crlutil Tests with ECC"
else
html_head "Certutil and Crlutil Tests"
@ -292,7 +292,7 @@ cert_create_cert()
return $RET
fi
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
CU_ACTION="Import EC Root CA for $CERTNAME"
certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \
-d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-ec.ca.cert" 2>&1
@ -340,7 +340,7 @@ cert_add_cert()
#
# Generate and add EC cert
#
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
CURVE="secp384r1"
CU_ACTION="Generate EC Cert Request for $CERTNAME"
CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
@ -430,7 +430,7 @@ cert_all_CA()
# root.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last
# in the chain
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
#
# Create EC version of TestCA
CA_CURVE="secp521r1"
@ -671,7 +671,7 @@ cert_smime_client()
certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \
-i ${R_EVEDIR}/Eve.cert 2>&1
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
echo "$SCRIPTNAME: Importing EC Certificates =============================="
CU_ACTION="Import Bob's EC cert into Alice's db"
certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
@ -742,7 +742,7 @@ cert_extended_ssl()
certu -A -n "clientCA" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \
-i "${CLIENT_CADIR}/clientCA.ca.cert" 2>&1
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
#
# Repeat the above for EC certs
#
@ -830,7 +830,7 @@ cert_extended_ssl()
certu -A -n "serverCA" -t "C,C,C" -f "${R_PWFILE}" -d "${PROFILEDIR}" \
-i "${SERVER_CADIR}/serverCA.ca.cert" 2>&1
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
#
# Repeat the above for EC certs
#
@ -920,7 +920,7 @@ cert_ssl()
cert_add_cert
CU_ACTION="Modify trust attributes of Root CA -t TC,TC,TC"
certu -M -n "TestCA" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC"
certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
fi
@ -1028,7 +1028,7 @@ cert_eccurves()
{
################# Creating Certs for EC curves test ########################
#
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
echo "$SCRIPTNAME: Creating Server CA Issued Certificate for "
echo " EC Curves Test Certificates ------------------------------------"
@ -1088,7 +1088,7 @@ cert_eccurves()
fi
done
fi # if NSS_ENABLE_ECC=1
fi # $NSS_DISABLE_ECC
}
########################### cert_extensions_test #############################
@ -1227,7 +1227,7 @@ EOF_CRLINI
CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
chmod 600 ${CRL_FILE_GRP_1}_or
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
CU_ACTION="Generating CRL (ECC) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-ec authority"
# Until Bug 292285 is resolved, do not encode x400 Addresses. After
@ -1260,7 +1260,7 @@ EOF_CRLINI
CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
chmod 600 ${CRL_FILE_GRP_1}_or1
TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or"
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
CU_ACTION="Modify CRL (ECC) by adding one more cert"
crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} \
-o ${CRL_FILE_GRP_1}_or1-ec -i ${CRL_FILE_GRP_1}_or-ec <<EOF_CRLINI
@ -1284,7 +1284,7 @@ rmcert ${UNREVOKED_CERT_GRP_1}
EOF_CRLINI
chmod 600 ${CRL_FILE_GRP_1}
TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or1"
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
CU_ACTION="Modify CRL (ECC) by removing one cert"
crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}-ec \
-i ${CRL_FILE_GRP_1}_or1-ec <<EOF_CRLINI
@ -1313,7 +1313,7 @@ rmcert ${UNREVOKED_CERT_GRP_2}
EOF_CRLINI
CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
chmod 600 ${CRL_FILE_GRP_2}
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
CU_ACTION="Creating CRL (ECC) for groups 1 and 2"
crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_2}-ec \
-i ${CRL_FILE_GRP_1}-ec <<EOF_CRLINI
@ -1346,7 +1346,7 @@ addext crlNumber 0 2
EOF_CRLINI
CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
chmod 600 ${CRL_FILE_GRP_3}
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
CU_ACTION="Creating CRL (ECC) for groups 1, 2 and 3"
crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_3}-ec \
-i ${CRL_FILE_GRP_2}-ec <<EOF_CRLINI
@ -1366,7 +1366,7 @@ EOF_CRLINI
crlu -D -n TestCA -f "${R_PWFILE}" -d "${R_SERVERDIR}"
crlu -I -i ${CRL_FILE} -n "TestCA" -f "${R_PWFILE}" -d "${R_SERVERDIR}"
CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
CU_ACTION="Importing CRL (ECC) for groups 1"
crlu -D -n TestCA-ec -f "${R_PWFILE}" -d "${R_SERVERDIR}"
crlu -I -i ${CRL_FILE}-ec -n "TestCA-ec" -f "${R_PWFILE}" \

2
security/nss/tests/remote/Makefile
View File

@ -80,7 +80,7 @@ package_for_testing:
echo 'export USE_64=$(USE_64)' >> $(RTSH)
echo 'export BUILD_OPT=$(BUILD_OPT)' >> $(RTSH)
echo 'export PKITS_DATA=$(PKITS_DATA)' >> $(RTSH)
echo 'export NSS_ENABLE_ECC=$(NSS_ENABLE_ECC)' >> $(RTSH)
echo 'export NSS_DISABLE_ECC=$(NSS_DISABLE_ECC)' >> $(RTSH)
echo 'export NSS_ECC_MORE_THAN_SUITE_B=$(NSS_ECC_MORE_THAN_SUITE_B)' >> $(RTSH)
echo 'export NSPR_LOG_MODULES=$(NSPR_LOG_MODULES)' >> $(RTSH)
ifeq ($(OS_TARGET),Android)

4
security/nss/tests/smime/smime.sh
View File

@ -40,7 +40,7 @@ smime_init()
fi
SCRIPTNAME=smime.sh
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
html_head "S/MIME Tests with ECC"
else
html_head "S/MIME Tests"
@ -85,7 +85,7 @@ smime_sign()
html_msg $? 0 "Compare Attached Signed Data and Original (${HASH})" "."
# Test ECDSA signing for all hash algorithms.
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
echo "$SCRIPTNAME: Signing Detached Message ECDSA w/ {$HASH} ------------------"
echo "cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}"
${PROFTOOL} ${BINDIR}/cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}

16
security/nss/tests/ssl/ssl.sh
View File

@ -82,7 +82,7 @@ ssl_init()
USER_NICKNAME=TestUser
NORM_EXT=""
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
ECC_STRING=" - with ECC"
else
ECC_STRING=""
@ -202,7 +202,7 @@ start_selfserv()
echo "$SCRIPTNAME: $testname ----"
fi
sparam=`echo $sparam | sed -e 's;_; ;g'`
if [ -n "$NSS_ENABLE_ECC" ] && \
if [ -z "$NSS_DISABLE_ECC" ] && \
[ -z "$NO_ECC_CERTS" -o "$NO_ECC_CERTS" != "1" ] ; then
ECC_OPTIONS="-e ${HOSTADDR}-ec"
else
@ -258,7 +258,7 @@ ssl_cov()
html_head "SSL Cipher Coverage $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING"
testname=""
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
sparam="$CLONG"
else
sparam="$CSHORT"
@ -292,7 +292,7 @@ ssl_cov()
if [ "$NORM_EXT" = "Extended Test" -a "${SSL2}" -eq 0 ] ; then
echo "$SCRIPTNAME: skipping $testname for $NORM_EXT"
elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then
elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then
echo "$SCRIPTNAME: skipping $testname (ECC only)"
elif [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] && [ "$SSL2" -eq 0 -o "$EXP" -eq 0 ] ; then
echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
@ -374,7 +374,7 @@ ssl_auth()
echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then
echo "$SCRIPTNAME: skipping $testname for $NORM_EXT"
elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then
elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then
echo "$SCRIPTNAME: skipping $testname (ECC only)"
elif [ "`echo $ectype | cut -b 1`" != "#" ]; then
cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
@ -557,7 +557,7 @@ ssl_stress()
echo "$SCRIPTNAME: skipping $testname for $NORM_EXT"
elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then
echo "$SCRIPTNAME: skipping $testname for $NORM_EXT"
elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then
elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then
echo "$SCRIPTNAME: skipping $testname (ECC only)"
elif [ "${SERVER_MODE}" = "fips" -o "${CLIENT_MODE}" = "fips" ] && [ "${SSL2}" -eq 0 ] ; then
echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
@ -623,7 +623,7 @@ ssl_crl_ssl()
while read ectype value sparam cparam testname
do
[ "$ectype" = "" ] && continue
if [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then
if [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then
echo "$SCRIPTNAME: skipping $testname (ECC only)"
elif [ "$ectype" = "SNI" ]; then
continue
@ -816,7 +816,7 @@ ssl_crl_cache()
while read ectype value sparam cparam testname
do
[ "$ectype" = "" ] && continue
if [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then
if [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then
echo "$SCRIPTNAME: skipping $testname (ECC only)"
elif [ "$ectype" = "SNI" ]; then
continue

4
security/nss/tests/tools/tools.sh
View File

@ -76,7 +76,7 @@ tools_init()
fi
SCRIPTNAME=tools.sh
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
html_head "Tools Tests with ECC"
else
html_head "Tools Tests"
@ -372,7 +372,7 @@ tools_p12_export_list_import_with_default_ciphers()
export_list_import "DEFAULT" "DEFAULT"
if [ -n "$NSS_ENABLE_ECC" ] ; then
if [ -z "$NSS_DISABLE_ECC" ] ; then
echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------"
echo "pk12util -o Alice-ec.p12 -n \"Alice-ec\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\"
echo " -w ${R_PWFILE}"