Commit 063941d9 authored by Brian Smith's avatar Brian Smith

Bug 947653: Enable ECC by default and add an option NSS_DISABLE_ECC to disable it, r=emaldona

parent 24728224
......@@ -19,8 +19,6 @@ ARCH=$(uname -s)
ulimit -c unlimited 2> /dev/null
export NSS_ENABLE_ECC=1
export NSS_ECC_MORE_THAN_SUITE_B=1
export NSPR_LOG_MODULES="pkix:1"
#export JAVA_HOME_32=
......
......@@ -288,7 +288,7 @@ prepare()
mv ${OUTPUTDIR} ${OUTPUTDIR}.last >/dev/null 2>&1
mkdir -p ${OUTPUTDIR}
if [ -n "${NSS_ENABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then
if [ -z "${NSS_DISABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then
cd ${HGDIR}/nss
ECF="lib/freebl/ecl/ecl-curve.h"
print_log "hg revert -r NSS_3_11_1_RTM ${ECF}"
......
......@@ -21,7 +21,7 @@
#include "secoid.h"
#include "nssutil.h"
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
#include "ecl-curve.h"
SECStatus EC_DecodeParams(const SECItem *encodedParams,
ECParams **ecparams);
......@@ -133,7 +133,7 @@ static void Usage()
PRINTUSAGE(progName, "-S -m mode", "Sign a buffer");
PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]");
PRINTUSAGE("", "", "[-b bufsize]");
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
PRINTUSAGE("", "", "[-n curvename]");
#endif
PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
......@@ -141,7 +141,7 @@ static void Usage()
PRINTUSAGE("", "-i", "file which contains input buffer");
PRINTUSAGE("", "-o", "file for signature");
PRINTUSAGE("", "-k", "file which contains key");
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:");
PRINTUSAGE("", "", " sect163k1, nistk163, sect163r1, sect163r2,");
PRINTUSAGE("", "", " nistb163, sect193r1, sect193r2, sect233k1, nistk233,");
......@@ -390,7 +390,7 @@ dsakey_from_filedata(SECItem *filedata)
return key;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
static ECPrivateKey *
eckey_from_filedata(SECItem *filedata)
{
......@@ -544,7 +544,7 @@ getECParams(const char *curve)
return ecparams;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
static void
dump_pqg(PQGParams *pqg)
......@@ -562,7 +562,7 @@ dump_dsakey(DSAPrivateKey *key)
SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0);
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
static void
dump_ecp(ECParams *ecp)
{
......@@ -651,7 +651,7 @@ typedef enum {
bltestRSA, /* Public Key Ciphers */
bltestRSA_OAEP, /* . (Public Key Enc.) */
bltestRSA_PSS, /* . (Public Key Sig.) */
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
bltestECDSA, /* . (Public Key Sig.) */
#endif
bltestDSA, /* . (Public Key Sig.) */
......@@ -690,7 +690,7 @@ static char *mode_strings[] =
"rsa",
"rsa_oaep",
"rsa_pss",
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
"ecdsa",
#endif
/*"pqg",*/
......@@ -744,7 +744,7 @@ typedef struct
PQGParams *pqg;
} bltestDSAParams;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
typedef struct
{
char *curveName;
......@@ -763,7 +763,7 @@ typedef struct
union {
bltestRSAParams rsa;
bltestDSAParams dsa;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
bltestECDSAParams ecdsa;
#endif
} cipherParams;
......@@ -1266,7 +1266,7 @@ dsa_verifyDigest(void *cx, SECItem *output, const SECItem *input)
return DSA_VerifyDigest((DSAPublicKey *)params->pubKey, output, input);
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
SECStatus
ecdsa_signDigest(void *cx, SECItem *output, const SECItem *input)
{
......@@ -1720,7 +1720,7 @@ bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
return SECSuccess;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
SECStatus
bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
{
......@@ -2077,7 +2077,7 @@ finish:
SECStatus
pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
int keysize, int exponent, char *curveName)
#else
int keysize, int exponent)
......@@ -2090,7 +2090,7 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
RSAPrivateKey **rsaKey = NULL;
bltestDSAParams *dsap;
DSAPrivateKey **dsaKey = NULL;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
SECItem *tmpECParamsDER;
ECParams *tmpECParams = NULL;
SECItem ecSerialize[3];
......@@ -2132,7 +2132,7 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
dsap->keysize = (*dsaKey)->params.prime.len*8;
}
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case bltestECDSA:
ecKey = (ECPrivateKey **)&asymk->privKey;
if (curveName != NULL) {
......@@ -2244,7 +2244,7 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
}
return bltest_dsa_init(cipherInfo, encrypt);
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case bltestECDSA:
if (encrypt) {
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
......@@ -2494,7 +2494,7 @@ cipherFinish(bltestCipherInfo *cipherInfo)
case bltestRSA_PSS: /* will be freed with it. */
case bltestRSA_OAEP:
case bltestDSA:
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case bltestECDSA:
#endif
case bltestMD2: /* hash contexts are ephemeral */
......@@ -2674,7 +2674,7 @@ print_td:
fprintf(stdout, "%8d", info->params.asymk.cipherParams.dsa.keysize);
}
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case bltestECDSA:
if (td) {
fprintf(stdout, "%12s", "ec_curve");
......@@ -2906,7 +2906,7 @@ get_params(PLArenaPool *arena, bltestParams *params,
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j);
load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case bltestECDSA:
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
......@@ -3128,7 +3128,7 @@ dump_file(bltestCipherMode mode, char *filename)
load_file_data(arena, &keydata, filename, bltestBase64Encoded);
key = dsakey_from_filedata(&keydata.buf);
dump_dsakey(key);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
} else if (mode == bltestECDSA) {
ECPrivateKey *key;
load_file_data(arena, &keydata, filename, bltestBase64Encoded);
......@@ -3373,7 +3373,7 @@ enum {
opt_Key,
opt_HexWSpc,
opt_Mode,
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
opt_CurveName,
#endif
opt_Output,
......@@ -3426,7 +3426,7 @@ static secuCommandFlag bltest_options[] =
{ /* opt_Key */ 'k', PR_TRUE, 0, PR_FALSE },
{ /* opt_HexWSpc */ 'l', PR_FALSE, 0, PR_FALSE },
{ /* opt_Mode */ 'm', PR_TRUE, 0, PR_FALSE },
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
{ /* opt_CurveName */ 'n', PR_TRUE, 0, PR_FALSE },
#endif
{ /* opt_Output */ 'o', PR_TRUE, 0, PR_FALSE },
......@@ -3461,7 +3461,7 @@ int main(int argc, char **argv)
bltestCipherInfo *cipherInfoListHead, *cipherInfo;
bltestIOMode ioMode;
int bufsize, exponent, curThrdNum;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
char *curveName = NULL;
#endif
int i, commandsEntered;
......@@ -3695,7 +3695,7 @@ int main(int argc, char **argv)
else
exponent = 65537;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
if (bltest.options[opt_CurveName].activated)
curveName = PORT_Strdup(bltest.options[opt_CurveName].arg);
else
......@@ -3783,7 +3783,7 @@ int main(int argc, char **argv)
file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660);
}
params->key.mode = bltestBase64Encoded;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
pubkeyInitKey(cipherInfo, file, keysize, exponent, curveName);
#else
pubkeyInitKey(cipherInfo, file, keysize, exponent);
......
......@@ -968,7 +968,7 @@ PrintSyntax(char *progName)
"\t\t [-f pwfile] [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
FPS "\t%s -G [-h token-name] -k dsa [-q pqgfile -g key-size] [-f pwfile]\n"
"\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
FPS "\t%s -G [-h token-name] -k ec -q curve [-f pwfile]\n"
"\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|ec|rsa|all]\n",
......@@ -976,7 +976,7 @@ PrintSyntax(char *progName)
#else
FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|rsa|all]\n",
progName);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
FPS "\t\t [-f pwfile] [-X] [-d certdir] [-P dbprefix]\n");
FPS "\t%s --upgrade-merge --source-dir upgradeDir --upgrade-id uniqueID\n",
progName);
......@@ -1155,7 +1155,7 @@ static void luG(enum usage_level ul, const char *command)
return;
FPS "%-20s Name of token in which to generate key (default is internal)\n",
" -h token-name");
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
" -k key-type");
FPS "%-20s Key size in bits, (min %d, max %d, default %d) (not for ec)\n",
......@@ -1165,7 +1165,7 @@ static void luG(enum usage_level ul, const char *command)
" -k key-type");
FPS "%-20s Key size in bits, (min %d, max %d, default %d)\n",
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
FPS "%-20s Set the public exponent value (3, 17, 65537) (rsa only)\n",
" -y exp");
FPS "%-20s Specify the password file\n",
......@@ -1174,7 +1174,7 @@ static void luG(enum usage_level ul, const char *command)
" -z noisefile");
FPS "%-20s read PQG value from pqgfile (dsa only)\n",
" -q pqgfile");
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
FPS "%-20s Elliptic curve name (ec only)\n",
" -q curve-name");
FPS "%-20s One of nistp256, nistp384, nistp521\n", "");
......@@ -1286,7 +1286,7 @@ static void luK(enum usage_level ul, const char *command)
" -h token-name ");
FPS "%-20s Key type (\"all\" (default), \"dsa\","
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
" \"ec\","
#endif
" \"rsa\")\n",
......@@ -1418,11 +1418,11 @@ static void luR(enum usage_level ul, const char *command)
" -s subject");
FPS "%-20s Output the cert request to this file\n",
" -o output-req");
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
#else
FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
" -k key-type-or-id");
FPS "%-20s or nickname of the cert key to use \n",
"");
......@@ -1432,12 +1432,12 @@ static void luR(enum usage_level ul, const char *command)
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
" -q pqgfile");
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
FPS "%-20s Elliptic curve name (ec only)\n",
" -q curve-name");
FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
"");
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
FPS "%-20s Specify the password file\n",
" -f pwfile");
FPS "%-20s Key database directory (default is ~/.netscape)\n",
......@@ -1570,11 +1570,11 @@ static void luS(enum usage_level ul, const char *command)
" -c issuer-name");
FPS "%-20s Set the certificate trust attributes (see -A above)\n",
" -t trustargs");
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
#else
FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
" -k key-type-or-id");
FPS "%-20s Name of token in which to generate key (default is internal)\n",
" -h token-name");
......@@ -1582,12 +1582,12 @@ static void luS(enum usage_level ul, const char *command)
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
" -q pqgfile");
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
FPS "%-20s Elliptic curve name (ec only)\n",
" -q curve-name");
FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
"");
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
FPS "%-20s Self sign\n",
" -x");
FPS "%-20s Cert serial number\n",
......@@ -2448,12 +2448,12 @@ certutil_main(int argc, char **argv, PRBool initialize)
progName, MIN_KEY_BITS, MAX_KEY_BITS);
return 255;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
if (keytype == ecKey) {
PR_fprintf(PR_STDERR, "%s -g: Not for ec keys.\n", progName);
return 255;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
}
......@@ -2483,10 +2483,10 @@ certutil_main(int argc, char **argv, PRBool initialize)
keytype = rsaKey;
} else if (PL_strcmp(arg, "dsa") == 0) {
keytype = dsaKey;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
} else if (PL_strcmp(arg, "ec") == 0) {
keytype = ecKey;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
} else if (PL_strcmp(arg, "all") == 0) {
keytype = nullKey;
} else {
......@@ -2539,7 +2539,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
/* -q PQG file or curve name */
if (certutil.options[opt_PQGFile].activated) {
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
if ((keytype != dsaKey) && (keytype != ecKey)) {
PR_fprintf(PR_STDERR, "%s -q: specifies a PQG file for DSA keys" \
" (-k dsa) or a named curve for EC keys (-k ec)\n)",
......@@ -2548,7 +2548,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
if (keytype != dsaKey) {
PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)",
progName);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
return 255;
}
}
......
......@@ -356,7 +356,7 @@ CERTUTIL_FileForRNG(const char *noise)
return SECSuccess;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
typedef struct curveNameTagPairStr {
char *curveName;
SECOidTag curveOidTag;
......@@ -484,7 +484,7 @@ getECParams(const char *curve)
return ecparams;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
SECKEYPrivateKey *
CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
......@@ -545,14 +545,14 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
params = (void *)&default_pqg_params;
}
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case ecKey:
mechanism = CKM_EC_KEY_PAIR_GEN;
/* For EC keys, PQGFile determines EC parameters */
if ((params = (void *) getECParams(pqgFile)) == NULL)
return NULL;
break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
default:
return NULL;
}
......@@ -567,7 +567,7 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
switch (keytype) {
case dsaKey: if (dsaparams) CERTUTIL_DestroyParamsPQG(dsaparams);
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case ecKey: SECITEM_FreeItem((SECItem *)params, PR_TRUE); break;
#endif
default: /* nothing to free */ break;
......
......@@ -22,7 +22,7 @@
#include "../../lib/freebl/mpi/mpi.h"
#endif
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
extern SECStatus
EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams);
extern SECStatus
......@@ -1849,7 +1849,7 @@ int get_next_line(FILE *req, char *key, char *val, FILE *rsp)
return (c == EOF) ? -1 : ignore;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
typedef struct curveNameTagPairStr {
char *curveName;
SECOidTag curveOidTag;
......@@ -2530,7 +2530,7 @@ loser:
}
fclose(ecdsareq);
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/*
......@@ -5327,7 +5327,7 @@ int main(int argc, char **argv)
/* Signature Verification Test */
dsa_sigver_test(argv[3]);
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/*************/
/* ECDSA */
/*************/
......@@ -5346,7 +5346,7 @@ int main(int argc, char **argv)
/* Signature Verification Test */
ecdsa_sigver_test(argv[3]);
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/*************/
/* RNG */
/*************/
......
......@@ -1364,7 +1364,7 @@ secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level)
}
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
static void
secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
{
......@@ -1382,7 +1382,7 @@ secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
SECU_PrintObjectID(out, &curveOID, "Curve", level +1);
}
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
void
SECU_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
......@@ -1426,7 +1426,7 @@ secu_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena,
SECU_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1);
break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case ecKey:
secu_PrintECPublicKey(out, pk, "EC Public Key", level +1);
break;
......
......@@ -160,11 +160,11 @@ PrintUsageHeader(const char *progName)
" [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n"
" [-V [min-version]:[max-version]] [-a sni_name]\n"
" [ T <good|revoked|unknown|badsig|corrupted|none|ocsp>] [-A ca]\n"
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
" [-C SSLCacheEntries] [-e ec_nickname]\n"
#else
" [-C SSLCacheEntries]\n"
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
,progName);
}
......@@ -2133,7 +2133,7 @@ main(int argc, char **argv)
{
char * progName = NULL;
char * nickName = NULL;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
char * ecNickName = NULL;
#endif
const char * fileName = NULL;
......@@ -2246,9 +2246,9 @@ main(int argc, char **argv)
case 'd': dir = optstate->value; break;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
case 'e': ecNickName = PORT_Strdup(optstate->value); break;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
case 'f':
pwdata.source = PW_FROMFILE;
......@@ -2362,7 +2362,7 @@ main(int argc, char **argv)
}
if ((nickName == NULL)
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
&& (ecNickName == NULL)
#endif
) {
......@@ -2593,7 +2593,7 @@ main(int argc, char **argv)
setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_rsa], kt_rsa,
&pwdata);
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
if (ecNickName) {
cert[kt_ecdh] = PK11_FindCertFromNickname(ecNickName, &pwdata);
if (cert[kt_ecdh] == NULL) {
......@@ -2620,7 +2620,7 @@ main(int argc, char **argv)
setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_ecdh], kt_ecdh,
&pwdata);
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
if (testbypass)
goto cleanup;
......@@ -2691,7 +2691,7 @@ cleanup:
if (certPrefix && certPrefix != emptyString) {
PORT_Free(certPrefix);
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
if (ecNickName) {
PORT_Free(ecNickName);
}
......
......@@ -146,10 +146,10 @@ endif
# [16.0] Global environ ment defines
#######################################################################
ifdef NSS_ENABLE_ECC
DEFINES += -DNSS_ENABLE_ECC
ifdef NSS_DISABLE_ECC
DEFINES += -DNSS_DISABLE_ECC
endif
ifdef NSS_ECC_MORE_THAN_SUITE_B
DEFINES += -DNSS_ECC_MORE_THAN_SUITE_B
endif
......
......@@ -32,7 +32,6 @@ CVS_CHECKOUT_BRANCH="cvs_checkout_${BRANCH}"
export HOST=`hostname`
export DOMSUF=red.iplanet.com
export NSS_ENABLE_ECC=1
export NSS_ECC_MORE_THAN_SUITE_B=1
export IOPR_HOSTADDR_LIST="dochinups.red.iplanet.com"
export NSS_AIA_PATH="/share/builds/mccrel3/security/aia_certs"
......
......@@ -449,14 +449,14 @@ else
endif # Solaris for non-sparc family CPUs
endif # target == SunOS
ifdef NSS_ENABLE_ECC
ifndef NSS_DISABLE_ECC
ifdef ECL_USE_FP
#enable floating point ECC code
DEFINES += -DECL_USE_FP
ECL_SRCS += ecp_fp160.c ecp_fp192.c ecp_fp224.c ecp_fp.c
ECL_HDRS += ecp_fp.h
endif
endif # NSS_ENABLE_ECC
endif
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
......
......@@ -16,7 +16,7 @@
#include "ec.h"
#include "ecl.h"
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/*
* Returns true if pointP is the point at infinity, false otherwise
......@@ -192,7 +192,7 @@ cleanup:
return rv;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/* Generates a new EC key pair. The private key is a supplied
* value and the public key is the result of performing a scalar
......@@ -203,7 +203,7 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
const unsigned char *privKeyBytes, int privKeyLen)
{
SECStatus rv = SECFailure;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
PLArenaPool *arena;
ECPrivateKey *key;
mp_int k;
......@@ -301,7 +301,7 @@ cleanup:
#endif
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
return rv;
......@@ -317,15 +317,15 @@ EC_NewKeyFromSeed(ECParams *ecParams, ECPrivateKey **privKey,
const unsigned char *seed, int seedlen)
{
SECStatus rv = SECFailure;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
rv = ec_NewKey(ecParams, privKey, seed, seedlen);
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
return rv;
}
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
/* Generate a random private key using the algorithm A.4.1 of ANSI X9.62,
* modified a la FIPS 186-2 Change Notice 1 to eliminate the bias in the
* random number generator.
......@@ -381,7 +381,7 @@ cleanup:
}
return privKeyBytes;
}
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
/* Generates a new EC key pair. The private key is a random value and
* the public key is the result of performing a scalar point multiplication
......@@ -391,7 +391,7 @@ SECStatus
EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey)
{
SECStatus rv = SECFailure;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
int len;
unsigned char *privKeyBytes = NULL;
......@@ -416,7 +416,7 @@ cleanup:
#endif
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
return rv;
}
......@@ -430,7 +430,7 @@ cleanup:
SECStatus
EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue)
{
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
mp_int Px, Py;
ECGroup *group = NULL;
SECStatus rv = SECFailure;
......@@ -506,7 +506,7 @@ cleanup:
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
return SECFailure;
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
}
/*
......@@ -527,7 +527,7 @@ ECDH_Derive(SECItem *publicValue,
SECItem *derivedSecret)
{
SECStatus rv = SECFailure;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
unsigned int len = 0;
SECItem pointQ = {siBuffer, NULL, 0};
mp_int k; /* to hold the private value */
......@@ -596,7 +596,7 @@ cleanup:
}
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
return rv;
}
......@@ -610,7 +610,7 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
const SECItem *digest, const unsigned char *kb, const int kblen)
{
SECStatus rv = SECFailure;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
mp_int x1;
mp_int d, k; /* private key, random integer */
mp_int r, s; /* tuple (r, s) is the signature */
......@@ -822,7 +822,7 @@ cleanup:
#endif
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
#endif /* NSS_ENABLE_ECC */
#endif /* NSS_DISABLE_ECC */
return rv;
}
......@@ -835,7 +835,7 @@ SECStatus
ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest)
{
SECStatus rv = SECFailure;
#ifdef NSS_ENABLE_ECC
#ifndef NSS_DISABLE_ECC
int len;
unsigned char *kBytes= NULL;
......@@ -863,7 +863,7 @@ cleanup:
#endif
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);