diff --git a/automation/buildbot-slave/bbenv-example.sh b/automation/buildbot-slave/bbenv-example.sh index 1d0dd010a1..c76e5d6ab2 100644 --- a/automation/buildbot-slave/bbenv-example.sh +++ b/automation/buildbot-slave/bbenv-example.sh @@ -19,8 +19,6 @@ ARCH=$(uname -s) ulimit -c unlimited 2> /dev/null -export NSS_ENABLE_ECC=1 -export NSS_ECC_MORE_THAN_SUITE_B=1 export NSPR_LOG_MODULES="pkix:1" #export JAVA_HOME_32= diff --git a/automation/buildbot-slave/build.sh b/automation/buildbot-slave/build.sh index 286a735fa2..605293ed8a 100755 --- a/automation/buildbot-slave/build.sh +++ b/automation/buildbot-slave/build.sh @@ -288,7 +288,7 @@ prepare() mv ${OUTPUTDIR} ${OUTPUTDIR}.last >/dev/null 2>&1 mkdir -p ${OUTPUTDIR} - if [ -n "${NSS_ENABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then + if [ -z "${NSS_DISABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then cd ${HGDIR}/nss ECF="lib/freebl/ecl/ecl-curve.h" print_log "hg revert -r NSS_3_11_1_RTM ${ECF}" diff --git a/cmd/bltest/blapitest.c b/cmd/bltest/blapitest.c index 469ada8f00..465c337aea 100644 --- a/cmd/bltest/blapitest.c +++ b/cmd/bltest/blapitest.c @@ -21,7 +21,7 @@ #include "secoid.h" #include "nssutil.h" -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #include "ecl-curve.h" SECStatus EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams); @@ -133,7 +133,7 @@ static void Usage() PRINTUSAGE(progName, "-S -m mode", "Sign a buffer"); PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]"); PRINTUSAGE("", "", "[-b bufsize]"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PRINTUSAGE("", "", "[-n curvename]"); #endif PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]"); @@ -141,7 +141,7 @@ static void Usage() PRINTUSAGE("", "-i", "file which contains input buffer"); PRINTUSAGE("", "-o", "file for signature"); PRINTUSAGE("", "-k", "file which contains key"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:"); PRINTUSAGE("", "", " sect163k1, nistk163, sect163r1, sect163r2,"); PRINTUSAGE("", "", " nistb163, sect193r1, sect193r2, sect233k1, nistk233,"); @@ -390,7 +390,7 @@ dsakey_from_filedata(SECItem *filedata) return key; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static ECPrivateKey * eckey_from_filedata(SECItem *filedata) { @@ -544,7 +544,7 @@ getECParams(const char *curve) return ecparams; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ static void dump_pqg(PQGParams *pqg) @@ -562,7 +562,7 @@ dump_dsakey(DSAPrivateKey *key) SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static void dump_ecp(ECParams *ecp) { @@ -651,7 +651,7 @@ typedef enum { bltestRSA, /* Public Key Ciphers */ bltestRSA_OAEP, /* . (Public Key Enc.) */ bltestRSA_PSS, /* . (Public Key Sig.) */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC bltestECDSA, /* . (Public Key Sig.) */ #endif bltestDSA, /* . (Public Key Sig.) */ @@ -690,7 +690,7 @@ static char *mode_strings[] = "rsa", "rsa_oaep", "rsa_pss", -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC "ecdsa", #endif /*"pqg",*/ @@ -744,7 +744,7 @@ typedef struct PQGParams *pqg; } bltestDSAParams; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC typedef struct { char *curveName; @@ -763,7 +763,7 @@ typedef struct union { bltestRSAParams rsa; bltestDSAParams dsa; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC bltestECDSAParams ecdsa; #endif } cipherParams; @@ -1266,7 +1266,7 @@ dsa_verifyDigest(void *cx, SECItem *output, const SECItem *input) return DSA_VerifyDigest((DSAPublicKey *)params->pubKey, output, input); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECStatus ecdsa_signDigest(void *cx, SECItem *output, const SECItem *input) { @@ -1720,7 +1720,7 @@ bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) return SECSuccess; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECStatus bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) { @@ -2077,7 +2077,7 @@ SHA512_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_lengt SECStatus pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC int keysize, int exponent, char *curveName) #else int keysize, int exponent) @@ -2090,7 +2090,7 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file, RSAPrivateKey **rsaKey = NULL; bltestDSAParams *dsap; DSAPrivateKey **dsaKey = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECItem *tmpECParamsDER; ECParams *tmpECParams = NULL; SECItem ecSerialize[3]; @@ -2132,7 +2132,7 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file, dsap->keysize = (*dsaKey)->params.prime.len*8; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case bltestECDSA: ecKey = (ECPrivateKey **)&asymk->privKey; if (curveName != NULL) { @@ -2244,7 +2244,7 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt) } return bltest_dsa_init(cipherInfo, encrypt); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case bltestECDSA: if (encrypt) { SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, @@ -2494,7 +2494,7 @@ cipherFinish(bltestCipherInfo *cipherInfo) case bltestRSA_PSS: /* will be freed with it. */ case bltestRSA_OAEP: case bltestDSA: -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case bltestECDSA: #endif case bltestMD2: /* hash contexts are ephemeral */ @@ -2674,7 +2674,7 @@ dump_performance_info(bltestCipherInfo *infoList, double totalTimeInt, fprintf(stdout, "%8d", info->params.asymk.cipherParams.dsa.keysize); } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case bltestECDSA: if (td) { fprintf(stdout, "%12s", "ec_curve"); @@ -2906,7 +2906,7 @@ get_params(PLArenaPool *arena, bltestParams *params, sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j); load_file_data(arena, ¶ms->asymk.sig, filename, bltestBase64Encoded); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case bltestECDSA: sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); load_file_data(arena, ¶ms->asymk.key, filename, bltestBase64Encoded); @@ -3128,7 +3128,7 @@ dump_file(bltestCipherMode mode, char *filename) load_file_data(arena, &keydata, filename, bltestBase64Encoded); key = dsakey_from_filedata(&keydata.buf); dump_dsakey(key); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC } else if (mode == bltestECDSA) { ECPrivateKey *key; load_file_data(arena, &keydata, filename, bltestBase64Encoded); @@ -3373,7 +3373,7 @@ enum { opt_Key, opt_HexWSpc, opt_Mode, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC opt_CurveName, #endif opt_Output, @@ -3426,7 +3426,7 @@ static secuCommandFlag bltest_options[] = { /* opt_Key */ 'k', PR_TRUE, 0, PR_FALSE }, { /* opt_HexWSpc */ 'l', PR_FALSE, 0, PR_FALSE }, { /* opt_Mode */ 'm', PR_TRUE, 0, PR_FALSE }, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC { /* opt_CurveName */ 'n', PR_TRUE, 0, PR_FALSE }, #endif { /* opt_Output */ 'o', PR_TRUE, 0, PR_FALSE }, @@ -3461,7 +3461,7 @@ int main(int argc, char **argv) bltestCipherInfo *cipherInfoListHead, *cipherInfo; bltestIOMode ioMode; int bufsize, exponent, curThrdNum; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC char *curveName = NULL; #endif int i, commandsEntered; @@ -3695,7 +3695,7 @@ int main(int argc, char **argv) else exponent = 65537; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (bltest.options[opt_CurveName].activated) curveName = PORT_Strdup(bltest.options[opt_CurveName].arg); else @@ -3783,7 +3783,7 @@ int main(int argc, char **argv) file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660); } params->key.mode = bltestBase64Encoded; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC pubkeyInitKey(cipherInfo, file, keysize, exponent, curveName); #else pubkeyInitKey(cipherInfo, file, keysize, exponent); diff --git a/cmd/certutil/certutil.c b/cmd/certutil/certutil.c index a288512820..3f6543a913 100644 --- a/cmd/certutil/certutil.c +++ b/cmd/certutil/certutil.c @@ -968,7 +968,7 @@ PrintSyntax(char *progName) "\t\t [-f pwfile] [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -G [-h token-name] -k dsa [-q pqgfile -g key-size] [-f pwfile]\n" "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC FPS "\t%s -G [-h token-name] -k ec -q curve [-f pwfile]\n" "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|ec|rsa|all]\n", @@ -976,7 +976,7 @@ PrintSyntax(char *progName) #else FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|rsa|all]\n", progName); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ FPS "\t\t [-f pwfile] [-X] [-d certdir] [-P dbprefix]\n"); FPS "\t%s --upgrade-merge --source-dir upgradeDir --upgrade-id uniqueID\n", progName); @@ -1155,7 +1155,7 @@ static void luG(enum usage_level ul, const char *command) return; FPS "%-20s Name of token in which to generate key (default is internal)\n", " -h token-name"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", " -k key-type"); FPS "%-20s Key size in bits, (min %d, max %d, default %d) (not for ec)\n", @@ -1165,7 +1165,7 @@ static void luG(enum usage_level ul, const char *command) " -k key-type"); FPS "%-20s Key size in bits, (min %d, max %d, default %d)\n", " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ FPS "%-20s Set the public exponent value (3, 17, 65537) (rsa only)\n", " -y exp"); FPS "%-20s Specify the password file\n", @@ -1174,7 +1174,7 @@ static void luG(enum usage_level ul, const char *command) " -z noisefile"); FPS "%-20s read PQG value from pqgfile (dsa only)\n", " -q pqgfile"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC FPS "%-20s Elliptic curve name (ec only)\n", " -q curve-name"); FPS "%-20s One of nistp256, nistp384, nistp521\n", ""); @@ -1286,7 +1286,7 @@ static void luK(enum usage_level ul, const char *command) " -h token-name "); FPS "%-20s Key type (\"all\" (default), \"dsa\"," -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC " \"ec\"," #endif " \"rsa\")\n", @@ -1418,11 +1418,11 @@ static void luR(enum usage_level ul, const char *command) " -s subject"); FPS "%-20s Output the cert request to this file\n", " -o output-req"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", #else FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n", -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ " -k key-type-or-id"); FPS "%-20s or nickname of the cert key to use \n", ""); @@ -1432,12 +1432,12 @@ static void luR(enum usage_level ul, const char *command) " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); FPS "%-20s Name of file containing PQG parameters (dsa only)\n", " -q pqgfile"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC FPS "%-20s Elliptic curve name (ec only)\n", " -q curve-name"); FPS "%-20s See the \"-G\" option for a full list of supported names.\n", ""); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ FPS "%-20s Specify the password file\n", " -f pwfile"); FPS "%-20s Key database directory (default is ~/.netscape)\n", @@ -1570,11 +1570,11 @@ static void luS(enum usage_level ul, const char *command) " -c issuer-name"); FPS "%-20s Set the certificate trust attributes (see -A above)\n", " -t trustargs"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", #else FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n", -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ " -k key-type-or-id"); FPS "%-20s Name of token in which to generate key (default is internal)\n", " -h token-name"); @@ -1582,12 +1582,12 @@ static void luS(enum usage_level ul, const char *command) " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); FPS "%-20s Name of file containing PQG parameters (dsa only)\n", " -q pqgfile"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC FPS "%-20s Elliptic curve name (ec only)\n", " -q curve-name"); FPS "%-20s See the \"-G\" option for a full list of supported names.\n", ""); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ FPS "%-20s Self sign\n", " -x"); FPS "%-20s Cert serial number\n", @@ -2448,12 +2448,12 @@ certutil_main(int argc, char **argv, PRBool initialize) progName, MIN_KEY_BITS, MAX_KEY_BITS); return 255; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (keytype == ecKey) { PR_fprintf(PR_STDERR, "%s -g: Not for ec keys.\n", progName); return 255; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ } @@ -2483,10 +2483,10 @@ certutil_main(int argc, char **argv, PRBool initialize) keytype = rsaKey; } else if (PL_strcmp(arg, "dsa") == 0) { keytype = dsaKey; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC } else if (PL_strcmp(arg, "ec") == 0) { keytype = ecKey; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ } else if (PL_strcmp(arg, "all") == 0) { keytype = nullKey; } else { @@ -2539,7 +2539,7 @@ certutil_main(int argc, char **argv, PRBool initialize) /* -q PQG file or curve name */ if (certutil.options[opt_PQGFile].activated) { -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if ((keytype != dsaKey) && (keytype != ecKey)) { PR_fprintf(PR_STDERR, "%s -q: specifies a PQG file for DSA keys" \ " (-k dsa) or a named curve for EC keys (-k ec)\n)", @@ -2548,7 +2548,7 @@ certutil_main(int argc, char **argv, PRBool initialize) if (keytype != dsaKey) { PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)", progName); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return 255; } } diff --git a/cmd/certutil/keystuff.c b/cmd/certutil/keystuff.c index 48d784bc9d..2665dd4467 100644 --- a/cmd/certutil/keystuff.c +++ b/cmd/certutil/keystuff.c @@ -356,7 +356,7 @@ CERTUTIL_FileForRNG(const char *noise) return SECSuccess; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC typedef struct curveNameTagPairStr { char *curveName; SECOidTag curveOidTag; @@ -484,7 +484,7 @@ getECParams(const char *curve) return ecparams; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ SECKEYPrivateKey * CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, @@ -545,14 +545,14 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, params = (void *)&default_pqg_params; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case ecKey: mechanism = CKM_EC_KEY_PAIR_GEN; /* For EC keys, PQGFile determines EC parameters */ if ((params = (void *) getECParams(pqgFile)) == NULL) return NULL; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: return NULL; } @@ -567,7 +567,7 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, switch (keytype) { case dsaKey: if (dsaparams) CERTUTIL_DestroyParamsPQG(dsaparams); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case ecKey: SECITEM_FreeItem((SECItem *)params, PR_TRUE); break; #endif default: /* nothing to free */ break; diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c index f921c9ac9c..cdd6b1aa54 100644 --- a/cmd/fipstest/fipstest.c +++ b/cmd/fipstest/fipstest.c @@ -22,7 +22,7 @@ #include "../../lib/freebl/mpi/mpi.h" #endif -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC extern SECStatus EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams); extern SECStatus @@ -1849,7 +1849,7 @@ int get_next_line(FILE *req, char *key, char *val, FILE *rsp) return (c == EOF) ? -1 : ignore; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC typedef struct curveNameTagPairStr { char *curveName; SECOidTag curveOidTag; @@ -2530,7 +2530,7 @@ ecdsa_sigver_test(char *reqfn) } fclose(ecdsareq); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* @@ -5327,7 +5327,7 @@ int main(int argc, char **argv) /* Signature Verification Test */ dsa_sigver_test(argv[3]); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /*************/ /* ECDSA */ /*************/ @@ -5346,7 +5346,7 @@ int main(int argc, char **argv) /* Signature Verification Test */ ecdsa_sigver_test(argv[3]); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /*************/ /* RNG */ /*************/ diff --git a/cmd/lib/secutil.c b/cmd/lib/secutil.c index 652f2ebfc1..d06dcf3cb3 100644 --- a/cmd/lib/secutil.c +++ b/cmd/lib/secutil.c @@ -1364,7 +1364,7 @@ secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level) } } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static void secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) { @@ -1382,7 +1382,7 @@ secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) SECU_PrintObjectID(out, &curveOID, "Curve", level +1); } } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ void SECU_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) @@ -1426,7 +1426,7 @@ secu_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena, SECU_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case ecKey: secu_PrintECPublicKey(out, pk, "EC Public Key", level +1); break; diff --git a/cmd/selfserv/selfserv.c b/cmd/selfserv/selfserv.c index 11f301558d..6208e10404 100644 --- a/cmd/selfserv/selfserv.c +++ b/cmd/selfserv/selfserv.c @@ -160,11 +160,11 @@ PrintUsageHeader(const char *progName) " [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n" " [-V [min-version]:[max-version]] [-a sni_name]\n" " [ T ] [-A ca]\n" -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC " [-C SSLCacheEntries] [-e ec_nickname]\n" #else " [-C SSLCacheEntries]\n" -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ ,progName); } @@ -2133,7 +2133,7 @@ main(int argc, char **argv) { char * progName = NULL; char * nickName = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC char * ecNickName = NULL; #endif const char * fileName = NULL; @@ -2246,9 +2246,9 @@ main(int argc, char **argv) case 'd': dir = optstate->value; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case 'e': ecNickName = PORT_Strdup(optstate->value); break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ case 'f': pwdata.source = PW_FROMFILE; @@ -2362,7 +2362,7 @@ main(int argc, char **argv) } if ((nickName == NULL) - #ifdef NSS_ENABLE_ECC + #ifndef NSS_DISABLE_ECC && (ecNickName == NULL) #endif ) { @@ -2593,7 +2593,7 @@ main(int argc, char **argv) setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_rsa], kt_rsa, &pwdata); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (ecNickName) { cert[kt_ecdh] = PK11_FindCertFromNickname(ecNickName, &pwdata); if (cert[kt_ecdh] == NULL) { @@ -2620,7 +2620,7 @@ main(int argc, char **argv) setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_ecdh], kt_ecdh, &pwdata); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ if (testbypass) goto cleanup; @@ -2691,7 +2691,7 @@ main(int argc, char **argv) if (certPrefix && certPrefix != emptyString) { PORT_Free(certPrefix); } - #ifdef NSS_ENABLE_ECC + #ifndef NSS_DISABLE_ECC if (ecNickName) { PORT_Free(ecNickName); } diff --git a/coreconf/config.mk b/coreconf/config.mk index 32b7540432..42013453c7 100644 --- a/coreconf/config.mk +++ b/coreconf/config.mk @@ -146,10 +146,10 @@ endif # [16.0] Global environ ment defines ####################################################################### -ifdef NSS_ENABLE_ECC -DEFINES += -DNSS_ENABLE_ECC +ifdef NSS_DISABLE_ECC +DEFINES += -DNSS_DISABLE_ECC endif - + ifdef NSS_ECC_MORE_THAN_SUITE_B DEFINES += -DNSS_ECC_MORE_THAN_SUITE_B endif diff --git a/coverage/cov.sh b/coverage/cov.sh index 51587515ec..d2a689460f 100755 --- a/coverage/cov.sh +++ b/coverage/cov.sh @@ -32,7 +32,6 @@ CVS_CHECKOUT_BRANCH="cvs_checkout_${BRANCH}" export HOST=`hostname` export DOMSUF=red.iplanet.com -export NSS_ENABLE_ECC=1 export NSS_ECC_MORE_THAN_SUITE_B=1 export IOPR_HOSTADDR_LIST="dochinups.red.iplanet.com" export NSS_AIA_PATH="/share/builds/mccrel3/security/aia_certs" diff --git a/lib/freebl/Makefile b/lib/freebl/Makefile index 4bd94d521b..9ad23c2ad4 100644 --- a/lib/freebl/Makefile +++ b/lib/freebl/Makefile @@ -449,14 +449,14 @@ else endif # Solaris for non-sparc family CPUs endif # target == SunOS -ifdef NSS_ENABLE_ECC +ifndef NSS_DISABLE_ECC ifdef ECL_USE_FP #enable floating point ECC code DEFINES += -DECL_USE_FP ECL_SRCS += ecp_fp160.c ecp_fp192.c ecp_fp224.c ecp_fp.c ECL_HDRS += ecp_fp.h endif -endif # NSS_ENABLE_ECC +endif ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # diff --git a/lib/freebl/ec.c b/lib/freebl/ec.c index a8c7832d48..ca53c1ae88 100644 --- a/lib/freebl/ec.c +++ b/lib/freebl/ec.c @@ -16,7 +16,7 @@ #include "ec.h" #include "ecl.h" -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* * Returns true if pointP is the point at infinity, false otherwise @@ -192,7 +192,7 @@ ec_points_mul(const ECParams *params, const mp_int *k1, const mp_int *k2, return rv; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* Generates a new EC key pair. The private key is a supplied * value and the public key is the result of performing a scalar @@ -203,7 +203,7 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey, const unsigned char *privKeyBytes, int privKeyLen) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PLArenaPool *arena; ECPrivateKey *key; mp_int k; @@ -301,7 +301,7 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey, #endif #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; @@ -317,15 +317,15 @@ EC_NewKeyFromSeed(ECParams *ecParams, ECPrivateKey **privKey, const unsigned char *seed, int seedlen) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC rv = ec_NewKey(ecParams, privKey, seed, seedlen); #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* Generate a random private key using the algorithm A.4.1 of ANSI X9.62, * modified a la FIPS 186-2 Change Notice 1 to eliminate the bias in the * random number generator. @@ -381,7 +381,7 @@ ec_GenerateRandomPrivateKey(const unsigned char *order, int len) } return privKeyBytes; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* Generates a new EC key pair. The private key is a random value and * the public key is the result of performing a scalar point multiplication @@ -391,7 +391,7 @@ SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC int len; unsigned char *privKeyBytes = NULL; @@ -416,7 +416,7 @@ EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey) #endif #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } @@ -430,7 +430,7 @@ EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey) SECStatus EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue) { -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC mp_int Px, Py; ECGroup *group = NULL; SECStatus rv = SECFailure; @@ -506,7 +506,7 @@ EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue) #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); return SECFailure; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ } /* @@ -527,7 +527,7 @@ ECDH_Derive(SECItem *publicValue, SECItem *derivedSecret) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC unsigned int len = 0; SECItem pointQ = {siBuffer, NULL, 0}; mp_int k; /* to hold the private value */ @@ -596,7 +596,7 @@ ECDH_Derive(SECItem *publicValue, } #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } @@ -610,7 +610,7 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature, const SECItem *digest, const unsigned char *kb, const int kblen) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC mp_int x1; mp_int d, k; /* private key, random integer */ mp_int r, s; /* tuple (r, s) is the signature */ @@ -822,7 +822,7 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature, #endif #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } @@ -835,7 +835,7 @@ SECStatus ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC int len; unsigned char *kBytes= NULL; @@ -863,7 +863,7 @@ ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest) #endif #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } @@ -876,7 +876,7 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature, const SECItem *digest) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC mp_int r_, s_; /* tuple (r', s') is received signature) */ mp_int c, u1, u2, v; /* intermediate values used in verification */ mp_int x1; @@ -1073,7 +1073,7 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature, #endif #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } diff --git a/lib/freebl/manifest.mn b/lib/freebl/manifest.mn index eb4f8b1396..8e7e42e249 100644 --- a/lib/freebl/manifest.mn +++ b/lib/freebl/manifest.mn @@ -69,7 +69,7 @@ MPI_SRCS = mpprime.c mpmontg.c mplogic.c mpi.c mp_gf2m.c ECL_HDRS = ecl-exp.h ecl.h ec2.h ecp.h ecl-priv.h -ifdef NSS_ENABLE_ECC +ifndef NSS_DISABLE_ECC ECL_SRCS = ecl.c ecl_curve.c ecl_mult.c ecl_gf.c \ ecp_aff.c ecp_jac.c ecp_mont.c \ ec_naf.c ecp_jm.c ecp_256.c ecp_384.c ecp_521.c \ diff --git a/lib/freebl/mpi/target.mk b/lib/freebl/mpi/target.mk index 2392faff1a..dbd2fb9e33 100644 --- a/lib/freebl/mpi/target.mk +++ b/lib/freebl/mpi/target.mk @@ -205,7 +205,7 @@ ifeq ($(TARGET),WIN32) ifeq ($(CPU_ARCH),x86_64) AS_OBJS = mpi_amd64.obj mpi_amd64_masm.obj mp_comba_amd64_masm.asm CFLAGS = -Od -Z7 -MDd -W3 -nologo -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USER) -CFLAGS += -DWIN32 -DWIN64 -D_WINDOWS -D_AMD_64_ -D_M_AMD64 -DWIN95 -DXP_PC -DNSS_ENABLE_ECC +CFLAGS += -DWIN32 -DWIN64 -D_WINDOWS -D_AMD_64_ -D_M_AMD64 -DWIN95 -DXP_PC CFLAGS += $(MPICMN) $(AS_OBJS): %.obj : %.asm @@ -220,7 +220,7 @@ MPICMN += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD -DMP_API_COMPATIBLE MPICMN += -DMP_MONT_USE_MP_MUL MPICMN += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN CFLAGS = -Od -Z7 -MDd -W3 -nologo -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USER) -CFLAGS += -DWIN32 -D_WINDOWS -D_X86_ -DWIN95 -DXP_PC -DNSS_ENABLE_ECC +CFLAGS += -DWIN32 -D_WINDOWS -D_X86_ -DWIN95 -DXP_PC CFLAGS += $(MPICMN) $(AS_OBJS): %.obj : %.asm diff --git a/lib/nss/nss.h b/lib/nss/nss.h index e55f1e04f8..4fc8feb854 100644 --- a/lib/nss/nss.h +++ b/lib/nss/nss.h @@ -9,7 +9,7 @@ #define __nss_h_ /* The private macro _NSS_ECC_STRING is for NSS internal use only. */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #ifdef NSS_ECC_MORE_THAN_SUITE_B #define _NSS_ECC_STRING " Extended ECC" #else diff --git a/lib/softoken/ecdecode.c b/lib/softoken/ecdecode.c index b04d022862..6745629acb 100644 --- a/lib/softoken/ecdecode.c +++ b/lib/softoken/ecdecode.c @@ -2,7 +2,7 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #include "blapi.h" #include "secoid.h" @@ -603,4 +603,4 @@ EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams) } } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ diff --git a/lib/softoken/fipstest.c b/lib/softoken/fipstest.c index 6fc424fd75..aed33bb0a8 100644 --- a/lib/softoken/fipstest.c +++ b/lib/softoken/fipstest.c @@ -13,7 +13,7 @@ #include "pkcs11.h" /* Required for PKCS #11. */ #include "secerr.h" -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #include "ec.h" /* Required for ECDSA */ #endif @@ -1612,7 +1612,7 @@ sftk_fips_RSA_PowerUpSelfTest( void ) return( CKR_DEVICE_ERROR ); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static CK_RV sftk_fips_ECDSA_Test(const PRUint8 *encodedParams, @@ -1795,7 +1795,7 @@ sftk_fips_ECDSA_PowerUpSelfTest() { return( CKR_OK ); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ static CK_RV sftk_fips_DSA_PowerUpSelfTest( void ) @@ -2080,7 +2080,7 @@ sftk_fipsPowerUpSelfTest( void ) if( rv != CKR_OK ) return rv; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* ECDSA Power-Up SelfTest(s). */ rv = sftk_fips_ECDSA_PowerUpSelfTest(); diff --git a/lib/softoken/legacydb/keydb.c b/lib/softoken/legacydb/keydb.c index 4778bfbe58..085b2be20e 100644 --- a/lib/softoken/legacydb/keydb.c +++ b/lib/softoken/legacydb/keydb.c @@ -1143,12 +1143,12 @@ nsslowkey_KeyForCertExists(NSSLOWKEYDBHandle *handle, NSSLOWCERTCertificate *cer namekey.data = pubkey->u.dh.publicValue.data; namekey.size = pubkey->u.dh.publicValue.len; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: namekey.data = pubkey->u.ec.publicValue.data; namekey.size = pubkey->u.ec.publicValue.len; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: /* XXX We don't do Fortezza or DH yet. */ return PR_FALSE; @@ -1475,7 +1475,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, SECItem *der_item = NULL; SECItem *cipherText = NULL; SECItem *dummy = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECItem *fordebug = NULL; int savelen; #endif @@ -1555,7 +1555,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, goto loser; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: lg_prepare_low_ec_priv_key_for_asn1(pk); /* Public value is encoded as a bit string so adjust length @@ -1594,7 +1594,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, pk->keyType, fordebug); break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: /* We don't support DH or Fortezza private keys yet */ PORT_Assert(PR_FALSE); @@ -1704,7 +1704,7 @@ seckey_decrypt_private_key(SECItem*epki, SECStatus rv = SECFailure; PLArenaPool *temparena = NULL, *permarena = NULL; SECItem *dest = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECItem *fordebug = NULL; #endif @@ -1812,7 +1812,7 @@ seckey_decrypt_private_key(SECItem*epki, lg_nsslowkey_DHPrivateKeyTemplate, &newPrivateKey); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case SEC_OID_ANSIX962_EC_PUBLIC_KEY: pk->keyType = NSSLOWKEYECKey; lg_prepare_low_ec_priv_key_for_asn1(pk); @@ -1849,7 +1849,7 @@ seckey_decrypt_private_key(SECItem*epki, } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: rv = SECFailure; break; diff --git a/lib/softoken/legacydb/lgattr.c b/lib/softoken/legacydb/lgattr.c index abdbeff57f..fbe6c319d5 100644 --- a/lib/softoken/legacydb/lgattr.c +++ b/lib/softoken/legacydb/lgattr.c @@ -423,11 +423,11 @@ lg_GetPubItem(NSSLOWKEYPublicKey *pubKey) { case NSSLOWKEYDHKey: pubItem = &pubKey->u.dh.publicValue; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: pubItem = &pubKey->u.ec.publicValue; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: break; } @@ -551,7 +551,7 @@ lg_FindDHPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type, return lg_invalidAttribute(attribute); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static CK_RV lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attribute) @@ -601,7 +601,7 @@ lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type, } return lg_invalidAttribute(attribute); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ static CK_RV @@ -653,10 +653,10 @@ lg_FindPublicKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type, return lg_FindDSAPublicKeyAttribute(key,type,attribute); case NSSLOWKEYDHKey: return lg_FindDHPublicKeyAttribute(key,type,attribute); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: return lg_FindECPublicKeyAttribute(key,type,attribute); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: break; } @@ -945,7 +945,7 @@ lg_FindDHPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type, return lg_invalidAttribute(attribute); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static CK_RV lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attribute, SDB *sdbpw) @@ -983,7 +983,7 @@ lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type, } return lg_invalidAttribute(attribute); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ static CK_RV lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type, @@ -1030,10 +1030,10 @@ lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type, return lg_FindDSAPrivateKeyAttribute(key,type,attribute,obj->sdb); case NSSLOWKEYDHKey: return lg_FindDHPrivateKeyAttribute(key,type,attribute,obj->sdb); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: return lg_FindECPrivateKeyAttribute(key,type,attribute,obj->sdb); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: break; } diff --git a/lib/softoken/legacydb/lgcreate.c b/lib/softoken/legacydb/lgcreate.c index ac40031631..c5ce99e1aa 100644 --- a/lib/softoken/legacydb/lgcreate.c +++ b/lib/softoken/legacydb/lgcreate.c @@ -399,10 +399,10 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, NSSLOWKEYPrivateKey *priv; SECItem pubKeySpace = {siBuffer, NULL, 0}; SECItem *pubKey; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECItem pubKey2Space = {siBuffer, NULL, 0}; PLArenaPool *arena = NULL; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ NSSLOWKEYDBHandle *keyHandle = NULL; @@ -410,11 +410,11 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, case CKK_RSA: pubKeyAttr = CKA_MODULUS; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: pubKeyAttr = CKA_EC_POINT; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ case CKK_DSA: case CKK_DH: break; @@ -427,7 +427,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, crv = lg_Attribute2SSecItem(NULL,pubKeyAttr,templ,count,pubKey); if (crv != CKR_OK) return crv; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (key_type == CKK_EC) { SECStatus rv; /* @@ -450,7 +450,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, pubKey = &pubKey2Space; } } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ PORT_Assert(pubKey->data); if (pubKey->data == NULL) { @@ -471,7 +471,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, /* make sure the associated private key already exists */ /* only works if we are logged in */ priv = nsslowkey_FindKeyByPublicKey(keyHandle, pubKey, sdb /*password*/); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (priv == NULL && pubKey == &pubKey2Space) { /* no match on the decoded key, match the original pubkey */ pubKey = &pubKeySpace; @@ -492,7 +492,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, done: PORT_Free(pubKeySpace.data); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (arena) PORT_FreeArena(arena, PR_FALSE); #endif @@ -599,7 +599,7 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count, } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: privKey->keyType = NSSLOWKEYECKey; crv = lg_Attribute2SSecItem(arena, CKA_EC_PARAMS,templ,count, @@ -628,7 +628,7 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count, NSSLOWKEY_EC_PRIVATE_KEY_VERSION); if (rv != SECSuccess) crv = CKR_HOST_MEMORY; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: crv = CKR_KEY_TYPE_INCONSISTENT; diff --git a/lib/softoken/legacydb/lowcert.c b/lib/softoken/legacydb/lowcert.c index f0869db9d1..0b0540bca0 100644 --- a/lib/softoken/legacydb/lowcert.c +++ b/lib/softoken/legacydb/lowcert.c @@ -793,7 +793,7 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert) nsslowcert_DHPublicKeyTemplate, &os); if (rv == SECSuccess) return pubk; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case SEC_OID_ANSIX962_EC_PUBLIC_KEY: pubk->keyType = NSSLOWKEYECKey; /* Since PKCS#11 directly takes the DER encoding of EC params @@ -814,7 +814,7 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert) rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue, &os); if (rv == SECSuccess) return pubk; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: rv = SECFailure; break; diff --git a/lib/softoken/legacydb/lowkey.c b/lib/softoken/legacydb/lowkey.c index f455cf9c26..7521dac81c 100644 --- a/lib/softoken/legacydb/lowkey.c +++ b/lib/softoken/legacydb/lowkey.c @@ -99,7 +99,7 @@ const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[] = { { 0, } }; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* XXX This is just a placeholder for later when we support * generic curves and need full-blown support for parsing EC @@ -216,7 +216,7 @@ LGEC_CopyParams(PLArenaPool *arena, ECParams *dstParams, loser: return SECFailure; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* * See bugzilla bug 125359 * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints, @@ -266,7 +266,7 @@ lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key) key->u.dh.privateValue.type = siUnsignedInteger; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC void lg_prepare_low_ecparams_for_asn1(ECParams *params) { @@ -283,7 +283,7 @@ lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key) key->u.ec.privateValue.type = siUnsignedInteger; key->u.ec.publicValue.type = siUnsignedInteger; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ void lg_nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk) @@ -378,7 +378,7 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk) if (rv == SECSuccess) return pubk; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYPublicKey)); @@ -397,7 +397,7 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk) if (rv == SECSuccess) return pubk; } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* No Fortezza in Low Key implementations (Fortezza keys aren't * stored in our data base */ default: diff --git a/lib/softoken/legacydb/lowkeyi.h b/lib/softoken/legacydb/lowkeyi.h index 8054cc8688..6739888551 100644 --- a/lib/softoken/legacydb/lowkeyi.h +++ b/lib/softoken/legacydb/lowkeyi.h @@ -26,10 +26,10 @@ extern void lg_prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); extern void lg_prepare_low_pqg_params_for_asn1(PQGParams *params); extern void lg_prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); extern void lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC extern void lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); extern void lg_prepare_low_ecparams_for_asn1(ECParams *params); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ typedef char * (* NSSLOWKEYDBNameFunc)(void *arg, int dbVersion); @@ -135,7 +135,7 @@ extern char * nsslowkey_FindKeyNicknameByPublicKey(NSSLOWKEYDBHandle *handle, SECItem *modulus, SDB *sdb); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* * smaller version of EC_FillParams. In this code, we only need * oid and DER data. diff --git a/lib/softoken/legacydb/lowkeyti.h b/lib/softoken/legacydb/lowkeyti.h index 5be6b0a558..47fff7dc05 100644 --- a/lib/softoken/legacydb/lowkeyti.h +++ b/lib/softoken/legacydb/lowkeyti.h @@ -43,11 +43,11 @@ extern const SEC_ASN1Template lg_nsslowkey_RSAPrivateKeyTemplate2[]; extern const SEC_ASN1Template lg_nsslowkey_DSAPrivateKeyTemplate[]; extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[]; extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyExportTemplate[]; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #define NSSLOWKEY_EC_PRIVATE_KEY_VERSION 1 /* as per SECG 1 C.4 */ extern const SEC_ASN1Template lg_nsslowkey_ECParamsTemplate[]; extern const SEC_ASN1Template lg_nsslowkey_ECPrivateKeyTemplate[]; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ extern const SEC_ASN1Template lg_nsslowkey_PrivateKeyInfoTemplate[]; extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[]; diff --git a/lib/softoken/lowkey.c b/lib/softoken/lowkey.c index d7f97133fc..d043342102 100644 --- a/lib/softoken/lowkey.c +++ b/lib/softoken/lowkey.c @@ -9,7 +9,7 @@ #include "secasn1.h" #include "secerr.h" -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #include "softoken.h" #endif @@ -91,7 +91,7 @@ const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[] = { { 0, } }; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* XXX This is just a placeholder for later when we support * generic curves and need full-blown support for parsing EC @@ -140,7 +140,7 @@ const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[] = { SEC_ASN1_SUB(SEC_BitStringTemplate) }, { 0, } }; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* * See bugzilla bug 125359 * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints, @@ -196,7 +196,7 @@ prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key) key->u.dh.privateValue.type = siUnsignedInteger; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC void prepare_low_ecparams_for_asn1(ECParams *params) { @@ -213,7 +213,7 @@ prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key) key->u.ec.privateValue.type = siUnsignedInteger; key->u.ec.publicValue.type = siUnsignedInteger; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ void nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk) @@ -341,7 +341,7 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk) if (rv == SECSuccess) return pubk; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYPublicKey)); @@ -360,7 +360,7 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk) if (rv == SECSuccess) return pubk; } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* No Fortezza in Low Key implementations (Fortezza keys aren't * stored in our data base */ default: @@ -459,7 +459,7 @@ nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey) &(privKey->u.dh.base)); if(rv != SECSuccess) break; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.version), &(privKey->u.ec.version)); @@ -476,7 +476,7 @@ nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey) &(privKey->u.ec.ecParams)); if (rv != SECSuccess) break; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: rv = SECFailure; } diff --git a/lib/softoken/lowkeyi.h b/lib/softoken/lowkeyi.h index 1420abbc8e..7282ffe009 100644 --- a/lib/softoken/lowkeyi.h +++ b/lib/softoken/lowkeyi.h @@ -25,10 +25,10 @@ extern void prepare_low_pqg_params_for_asn1(PQGParams *params); extern void prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); extern void prepare_low_dsa_priv_key_export_for_asn1(NSSLOWKEYPrivateKey *key); extern void prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC extern void prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); extern void prepare_low_ecparams_for_asn1(ECParams *params); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* ** Destroy a private key object. diff --git a/lib/softoken/lowkeyti.h b/lib/softoken/lowkeyti.h index 76c15aa04c..a4c94d81bf 100644 --- a/lib/softoken/lowkeyti.h +++ b/lib/softoken/lowkeyti.h @@ -20,11 +20,11 @@ extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyTemplate[]; extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyExportTemplate[]; extern const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[]; extern const SEC_ASN1Template nsslowkey_DHPrivateKeyExportTemplate[]; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #define NSSLOWKEY_EC_PRIVATE_KEY_VERSION 1 /* as per SECG 1 C.4 */ extern const SEC_ASN1Template nsslowkey_ECParamsTemplate[]; extern const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[]; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ extern const SEC_ASN1Template nsslowkey_PrivateKeyInfoTemplate[]; extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[]; diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c index db0ead409c..d1dd73af5b 100644 --- a/lib/softoken/pkcs11.c +++ b/lib/softoken/pkcs11.c @@ -302,7 +302,7 @@ static const struct mechanismList mechanisms[] = { CKF_GENERATE_KEY_PAIR}, PR_TRUE}, {CKM_DH_PKCS_DERIVE, {DH_MIN_P_BITS, DH_MAX_P_BITS, CKF_DERIVE}, PR_TRUE}, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* -------------------- Elliptic Curve Operations --------------------- */ {CKM_EC_KEY_PAIR_GEN, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_GENERATE_KEY_PAIR|CKF_EC_BPNU}, PR_TRUE}, @@ -312,7 +312,7 @@ static const struct mechanismList mechanisms[] = { CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE}, {CKM_ECDSA_SHA1, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE}, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* ------------------------- RC2 Operations --------------------------- */ {CKM_RC2_KEY_GEN, {1, 128, CKF_GENERATE}, PR_TRUE}, {CKM_RC2_ECB, {1, 128, CKF_EN_DE_WR_UN}, PR_TRUE}, @@ -927,7 +927,7 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object, recover = CK_FALSE; wrap = CK_FALSE; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) { return CKR_TEMPLATE_INCOMPLETE; @@ -941,7 +941,7 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object, recover = CK_FALSE; wrap = CK_FALSE; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: return CKR_ATTRIBUTE_VALUE_INVALID; } @@ -1088,7 +1088,7 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE recover = CK_FALSE; wrap = CK_FALSE; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) { return CKR_TEMPLATE_INCOMPLETE; @@ -1101,7 +1101,7 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE recover = CK_FALSE; wrap = CK_FALSE; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ case CKK_NSS_JPAKE_ROUND1: if (!sftk_hasAttribute(object, CKA_PRIME) || !sftk_hasAttribute(object, CKA_SUBPRIME) || @@ -1708,7 +1708,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type, crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.publicValue, object,CKA_VALUE); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: pubKey->keyType = NSSLOWKEYECKey; crv = sftk_Attribute2SSecItem(arena, @@ -1768,7 +1768,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type, crv = CKR_ATTRIBUTE_VALUE_INVALID; } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: crv = CKR_KEY_TYPE_INCONSISTENT; break; @@ -1877,7 +1877,7 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp) * if we don't set it explicitly */ break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: privKey->keyType = NSSLOWKEYECKey; crv = sftk_Attribute2SSecItem(arena, @@ -1919,7 +1919,7 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp) #endif } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: crv = CKR_KEY_TYPE_INCONSISTENT; diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c index a0a3bea956..f5934ff6fc 100644 --- a/lib/softoken/pkcs11c.c +++ b/lib/softoken/pkcs11c.c @@ -62,7 +62,7 @@ static void sftk_Null(void *data, PRBool freeit) return; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #ifdef EC_DEBUG #define SEC_PRINT(str1, str2, num, sitem) \ printf("pkcs11c.c:%s:%s (keytype=%d) [len=%d]\n", \ @@ -74,7 +74,7 @@ static void sftk_Null(void *data, PRBool freeit) #else #define SEC_PRINT(a, b, c, d) #endif -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* * free routines.... Free local type allocated data, and convert @@ -120,7 +120,7 @@ sftk_MapCryptError(int error) return CKR_KEY_SIZE_RANGE; /* the closest error code */ case SEC_ERROR_UNSUPPORTED_EC_POINT_FORM: return CKR_TEMPLATE_INCONSISTENT; - /* EC functions set this error if NSS_ENABLE_ECC is not defined */ + /* EC functions set this error if NSS_DISABLE_ECC is defined */ case SEC_ERROR_UNSUPPORTED_KEYALG: return CKR_MECHANISM_INVALID; case SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE: @@ -2242,7 +2242,7 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBuf, return rv; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static SECStatus nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen, void *dataBuf, unsigned int dataLen) @@ -2277,7 +2277,7 @@ nsc_ECDSASignStub(void *ctx, void *sigBuf, *sigLen = signature.len; return rv; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* NSC_SignInit setups up the signing operations. There are three basic * types of signing: @@ -2429,7 +2429,7 @@ CK_RV NSC_SignInit(CK_SESSION_HANDLE hSession, break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKM_ECDSA_SHA1: context->multi = PR_TRUE; crv = sftk_doSubSHA1(context); @@ -2452,7 +2452,7 @@ CK_RV NSC_SignInit(CK_SESSION_HANDLE hSession, context->maxLen = MAX_ECKEY_LEN * 2; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ #define INIT_HMAC_MECH(mmm) \ case CKM_ ## mmm ## _HMAC_GENERAL: \ @@ -3060,7 +3060,7 @@ CK_RV NSC_VerifyInit(CK_SESSION_HANDLE hSession, context->verify = (SFTKVerify) nsc_DSA_Verify_Stub; context->destroy = sftk_Null; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKM_ECDSA_SHA1: context->multi = PR_TRUE; crv = sftk_doSubSHA1(context); @@ -3080,7 +3080,7 @@ CK_RV NSC_VerifyInit(CK_SESSION_HANDLE hSession, context->verify = (SFTKVerify) nsc_ECDSAVerifyStub; context->destroy = sftk_Null; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ INIT_HMAC_MECH(MD2) INIT_HMAC_MECH(MD5) @@ -4209,7 +4209,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, pairwise_digest_length = subPrimeLen; mech.mechanism = CKM_DSA; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: signature_length = MAX_ECKEY_LEN * 2; mech.mechanism = CKM_ECDSA; @@ -4332,12 +4332,12 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, int private_value_bits = 0; DHPrivateKey * dhPriv; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* Elliptic Curve Cryptography */ SECItem ecEncodedParams; /* DER Encoded parameters */ ECPrivateKey * ecPriv; ECParams * ecParams; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ CHECK_FORK(); @@ -4667,7 +4667,7 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, PORT_FreeArena(dhPriv->arena, PR_TRUE); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKM_EC_KEY_PAIR_GEN: sftk_DeleteAttributeType(privateKey,CKA_EC_PARAMS); sftk_DeleteAttributeType(privateKey,CKA_VALUE); @@ -4730,7 +4730,7 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, /* should zeroize, since this function doesn't. */ PORT_FreeArena(ecPriv->ecParams.arena, PR_TRUE); break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: crv = CKR_MECHANISM_INVALID; @@ -4850,7 +4850,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) void *dummy, *param = NULL; SECStatus rv = SECSuccess; SECItem *encodedKey = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECItem *fordebug; int savelen; #endif @@ -4905,7 +4905,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) nsslowkey_PQGParamsTemplate); algorithm = SEC_OID_ANSIX9_DSA_SIGNATURE; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: prepare_low_ec_priv_key_for_asn1(lk); /* Public value is encoded as a bit string so adjust length @@ -4932,7 +4932,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) algorithm = SEC_OID_ANSIX962_EC_PUBLIC_KEY; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ case NSSLOWKEYDHKey: default: dummy = NULL; @@ -4965,7 +4965,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) nsslowkey_PrivateKeyInfoTemplate); *crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC fordebug = encodedKey; SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType, fordebug); @@ -5191,7 +5191,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) prepare_low_pqg_params_for_asn1(&lpk->u.dsa.params); break; /* case NSSLOWKEYDHKey: */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case SEC_OID_ANSIX962_EC_PUBLIC_KEY: keyTemplate = nsslowkey_ECPrivateKeyTemplate; paramTemplate = NULL; @@ -5200,7 +5200,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) prepare_low_ec_priv_key_for_asn1(lpk); prepare_low_ecparams_for_asn1(&lpk->u.ec.ecParams); break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: keyTemplate = NULL; paramTemplate = NULL; @@ -5215,7 +5215,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) /* decode the private key and any algorithm parameters */ rv = SEC_QuickDERDecodeItem(arena, lpk, keyTemplate, &pki->privateKey); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (lpk->keyType == NSSLOWKEYECKey) { /* convert length in bits to length in bytes */ lpk->u.ec.publicValue.len >>= 3; @@ -5226,7 +5226,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) goto loser; } } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ if(rv != SECSuccess) { goto loser; @@ -5321,7 +5321,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) break; #endif /* what about fortezza??? */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: keyType = CKK_EC; crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : @@ -5347,7 +5347,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) if(crv != CKR_OK) break; /* XXX Do we need to decode the EC Params here ?? */ break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: crv = CKR_KEY_TYPE_INCONSISTENT; break; @@ -5657,7 +5657,7 @@ sftk_MapKeySize(CK_KEY_TYPE keyType) return 0; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* Inputs: * key_len: Length of derived key to be generated. * SharedSecret: a shared secret that is the output of a key agreement primitive. @@ -5768,7 +5768,7 @@ static CK_RV sftk_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len, else return CKR_MECHANISM_INVALID; } -#endif +#endif /* NSS_DISABLE_ECC */ /* * SSL Key generation given pre master secret @@ -6714,7 +6714,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, break; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKM_ECDH1_DERIVE: case CKM_ECDH1_COFACTOR_DERIVE: { @@ -6872,7 +6872,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, break; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* See RFC 5869 and CK_NSS_HKDFParams for documentation. */ case CKM_NSS_HKDF_SHA1: hashType = HASH_AlgSHA1; goto hkdf; diff --git a/lib/softoken/pkcs11u.c b/lib/softoken/pkcs11u.c index 770fb0e66f..78e2fdc9c4 100644 --- a/lib/softoken/pkcs11u.c +++ b/lib/softoken/pkcs11u.c @@ -1246,7 +1246,7 @@ static const CK_ATTRIBUTE_TYPE dhPubKeyAttrs[] = { }; static const CK_ULONG dhPubKeyAttrsCount = sizeof(dhPubKeyAttrs)/sizeof(dhPubKeyAttrs[0]); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static const CK_ATTRIBUTE_TYPE ecPubKeyAttrs[] = { CKA_EC_PARAMS, CKA_EC_POINT }; @@ -1279,7 +1279,7 @@ static const CK_ATTRIBUTE_TYPE dhPrivKeyAttrs[] = { }; static const CK_ULONG dhPrivKeyAttrsCount = sizeof(dhPrivKeyAttrs)/sizeof(dhPrivKeyAttrs[0]); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static const CK_ATTRIBUTE_TYPE ecPrivKeyAttrs[] = { CKA_EC_PARAMS, CKA_VALUE }; @@ -1390,7 +1390,7 @@ stfk_CopyTokenPrivateKey(SFTKObject *destObject,SFTKTokenObject *src_to) crv = stfk_CopyTokenAttributes(destObject, src_to, dhPrivKeyAttrs, dhPrivKeyAttrsCount); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: crv = stfk_CopyTokenAttributes(destObject, src_to, ecPrivKeyAttrs, ecPrivKeyAttrsCount); @@ -1452,7 +1452,7 @@ stfk_CopyTokenPublicKey(SFTKObject *destObject,SFTKTokenObject *src_to) crv = stfk_CopyTokenAttributes(destObject, src_to, dhPubKeyAttrs, dhPubKeyAttrsCount); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: crv = stfk_CopyTokenAttributes(destObject, src_to, ecPubKeyAttrs, ecPubKeyAttrsCount); diff --git a/lib/softoken/softkver.h b/lib/softoken/softkver.h index 7b2ab54251..22ea9fac7f 100644 --- a/lib/softoken/softkver.h +++ b/lib/softoken/softkver.h @@ -8,7 +8,7 @@ #ifndef _SOFTKVER_H_ #define _SOFTKVER_H_ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #ifdef NSS_ECC_MORE_THAN_SUITE_B #define SOFTOKEN_ECC_STRING " Extended ECC" #else diff --git a/lib/softoken/softoken.h b/lib/softoken/softoken.h index f8606da9d7..7ef9d09a51 100644 --- a/lib/softoken/softoken.h +++ b/lib/softoken/softoken.h @@ -35,7 +35,7 @@ RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key, const unsigned char *sig, unsigned int sigLen, const unsigned char *hash, unsigned int hashLen); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* ** pepare an ECParam structure from DEREncoded params */ diff --git a/lib/ssl/derive.c b/lib/ssl/derive.c index 35cfe25122..9c22c0c91d 100644 --- a/lib/ssl/derive.c +++ b/lib/ssl/derive.c @@ -617,7 +617,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, PRBool testrsa_export = PR_FALSE; PRBool testecdh = PR_FALSE; PRBool testecdhe = PR_FALSE; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECKEYECParams ecParams = { siBuffer, NULL, 0 }; #endif @@ -755,7 +755,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, if (enc_pms.data != NULL) { SECITEM_FreeItem(&enc_pms, PR_FALSE); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC for (; (privKeytype == ecKey && ( testecdh || testecdhe)) || (privKeytype == rsaKey && testecdhe); ) { CK_MECHANISM_TYPE target; @@ -859,7 +859,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, PORT_Free(ecParams.data); ecParams.data = NULL; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ if (pms) PK11_FreeSymKey(pms); } @@ -877,12 +877,12 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, if (enc_pms.data != NULL) { SECITEM_FreeItem(&enc_pms, PR_FALSE); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (ecParams.data != NULL) { PORT_Free(ecParams.data); ecParams.data = NULL; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ if (srvPubkey) { SECKEY_DestroyPublicKey(srvPubkey); diff --git a/lib/ssl/dtlscon.c b/lib/ssl/dtlscon.c index 78371e62a6..30272fa184 100644 --- a/lib/ssl/dtlscon.c +++ b/lib/ssl/dtlscon.c @@ -30,15 +30,15 @@ static const PRUint16 COMMON_MTU_VALUES[] = { /* List copied from ssl3con.c:cipherSuites */ static const ssl3CipherSuite nonDTLSSuites[] = { -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ TLS_DHE_DSS_WITH_RC4_128_SHA, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index cc30306121..925fcad0f5 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -89,7 +89,7 @@ static SECStatus ssl3_AESGCMBypass(ssl3KeyMaterial *keys, PRBool doDecrypt, static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { /* cipher_suite policy enabled isPresent */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around @@ -105,7 +105,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, @@ -122,7 +122,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, @@ -131,7 +131,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* RSA */ { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, @@ -162,12 +162,12 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, /* ciphersuites with no encryption */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ { SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, @@ -224,9 +224,9 @@ compressionEnabled(sslSocket *ss, SSLCompressionMethod compression) static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = { ct_RSA_sign, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC ct_ECDSA_sign, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ ct_DSS_sign, }; @@ -238,7 +238,7 @@ static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = { * CertificateVerify messages that use the handshake hash. */ static const PRUint8 supported_signature_algorithms[] = { tls_hash_sha256, tls_sig_rsa, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC tls_hash_sha256, tls_sig_ecdsa, #endif tls_hash_sha256, tls_sig_dsa, @@ -299,13 +299,13 @@ static const ssl3KEADef kea_defs[] = {kea_dh_anon, kt_dh, sign_null, PR_FALSE, 0, PR_FALSE}, {kea_dh_anon_export, kt_dh, sign_null, PR_TRUE, 512, PR_FALSE}, {kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE }, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC {kea_ecdh_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, {kea_ecdhe_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, {kea_ecdh_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, {kea_ecdhe_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, {kea_ecdh_anon, kt_ecdh, sign_null, PR_FALSE, 0, PR_FALSE}, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ }; /* must use ssl_LookupCipherSuiteDef to access */ @@ -405,7 +405,7 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa}, {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa}, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa}, {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa}, {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa}, @@ -439,7 +439,7 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = {TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon}, {TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon}, #endif -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ }; static const CK_MECHANISM_TYPE kea_alg_defs[] = { @@ -512,7 +512,7 @@ const char * const ssl3_cipherName[] = { "missing" }; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* The ECCWrappedKeyInfo structure defines how various pieces of * information are laid out within wrappedSymmetricWrappingkey * for ECDH key exchange. Since wrappedSymmetricWrappingkey is @@ -534,7 +534,7 @@ typedef struct ECCWrappedKeyInfoStr { PRUint8 var[MAX_EC_WRAPPED_KEY_BUFLEN]; /* this buffer contains the */ /* EC public-key params, the EC public value and the wrapped key */ } ECCWrappedKeyInfo; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ #if defined(TRACE) @@ -731,7 +731,7 @@ ssl3_config_match_init(sslSocket *ss) cipher_mech = alg2Mech[cipher_alg].cmech; exchKeyType = kea_defs[cipher_def->key_exchange_alg].exchKeyType; -#ifndef NSS_ENABLE_ECC +#ifdef NSS_DISABLE_ECC svrAuth = ss->serverCerts + exchKeyType; #else /* XXX SSLKEAType isn't really a good choice for @@ -765,7 +765,7 @@ ssl3_config_match_init(sslSocket *ss) svrAuth = ss->serverCerts + exchKeyType; break; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* Mark the suites that are backed by real tokens, certs and keys */ suite->isPresent = (PRBool) @@ -924,7 +924,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, hashItem.len = hash->len; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case ecKey: doDerEncode = PR_TRUE; /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. @@ -937,7 +937,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, hashItem.len = hash->len; } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: PORT_SetError(SEC_ERROR_INVALID_KEY); goto done; @@ -1035,7 +1035,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case ecKey: encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY; /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. @@ -1053,7 +1053,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, hashItem.len = hash->len; } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: SECKEY_DestroyPublicKey(key); @@ -5078,12 +5078,12 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) total_exten_len += 2; } -#if defined(NSS_ENABLE_ECC) +#ifndef NSS_DISABLE_ECC if (!total_exten_len || !isTLS) { /* not sending the elliptic_curves and ec_point_formats extensions */ ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */ } -#endif +#endif /* NSS_DISABLE_ECC */ if (IS_DTLS(ss)) { ssl3_DisableNonDTLSSuites(ss); @@ -5394,11 +5394,11 @@ ssl_UnwrapSymWrappingKey( { PK11SymKey * unwrappedWrappingKey = NULL; SECItem wrappedKey; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PK11SymKey * Ks; SECKEYPublicKey pubWrapKey; ECCWrappedKeyInfo *ecWrapped; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* found the wrapping key on disk. */ PORT_Assert(pWswk->symWrapMechanism == masterWrapMech); @@ -5420,7 +5420,7 @@ ssl_UnwrapSymWrappingKey( masterWrapMech, CKA_UNWRAP, 0); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: /* * For kt_ecdh, we first create an EC public key based on @@ -5559,12 +5559,12 @@ getWrappingKey( sslSocket * ss, SECStatus rv; SECItem wrappedKey; SSLWrappedSymWrappingKey wswk; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PK11SymKey * Ks = NULL; SECKEYPublicKey *pubWrapKey = NULL; SECKEYPrivateKey *privWrapKey = NULL; ECCWrappedKeyInfo *ecWrapped; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ svrPrivKey = ss->serverCerts[exchKeyType].SERVERKEY; PORT_Assert(svrPrivKey != NULL); @@ -5647,7 +5647,7 @@ getWrappingKey( sslSocket * ss, unwrappedWrappingKey, &wrappedKey); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: /* * We generate an ephemeral EC key pair. Perform an ECDH @@ -5733,7 +5733,7 @@ getWrappingKey( sslSocket * ss, if (Ks) PK11_FreeSymKey(Ks); asymWrapMechanism = masterWrapMech; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: rv = SECFailure; @@ -6046,11 +6046,11 @@ ssl3_SendClientKeyExchange(sslSocket *ss) rv = sendDHClientKeyExchange(ss, serverKey); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: rv = ssl3_SendECDHClientKeyExchange(ss, serverKey); break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: /* got an unknown or unsupported Key Exchange Algorithm. */ @@ -6778,11 +6778,11 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) return SECSuccess; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: rv = ssl3_HandleECDHServerKeyExchange(ss, b, length); return rv; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: desc = handshake_failure; @@ -7520,14 +7520,14 @@ ssl3_SendServerHelloSequence(sslSocket *ss) return rv; #endif } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC } else if ((kea_def->kea == kea_ecdhe_rsa) || (kea_def->kea == kea_ecdhe_ecdsa)) { rv = ssl3_SendServerKeyExchange(ss); if (rv != SECSuccess) { return rv; /* err code was set. */ } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ } if (ss->opt.requestCertificate) { @@ -7815,7 +7815,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* Disable any ECC cipher suites for which we have no cert. */ ssl3_FilterECCipherSuitesByServerCerts(ss); #endif @@ -8432,7 +8432,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0], SSL3_RANDOM_LENGTH)); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* Disable any ECC cipher suites for which we have no cert. */ ssl3_FilterECCipherSuitesByServerCerts(ss); #endif @@ -8821,12 +8821,12 @@ ssl3_SendServerKeyExchange(sslSocket *ss) PORT_Free(signed_hash.data); return SECSuccess; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: { rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash); return rv; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ case kt_dh: case kt_null: @@ -9249,9 +9249,9 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECStatus rv; const ssl3KEADef *kea_def; ssl3KeyPair *serverKeyPair = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECKEYPublicKey *serverPubKey = NULL; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake", SSL_GETPID(), ss->fd)); @@ -9281,7 +9281,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB; } else skip: -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* XXX Using SSLKEAType to index server certifiates * does not work for (EC)DHE ciphers. Until we have * an indexing mechanism general enough for all key @@ -9327,7 +9327,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: /* XXX We really ought to be able to store multiple * EC certs (a requirement if we wish to support both @@ -9349,7 +9349,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) return SECFailure; /* error code set */ } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: (void) ssl3_HandshakeFailure(ss); @@ -9954,7 +9954,7 @@ ssl3_AuthCertificate(sslSocket *ss) if (pubKey) { ss->sec.keaKeyBits = ss->sec.authKeyBits = SECKEY_PublicKeyStrengthInBits(pubKey); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (ss->sec.keaType == kt_ecdh) { /* Get authKeyBits from signing key. * XXX The code below uses a quick approximation of @@ -9980,7 +9980,7 @@ ssl3_AuthCertificate(sslSocket *ss) */ } } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ SECKEY_DestroyPublicKey(pubKey); pubKey = NULL; } @@ -9988,10 +9988,10 @@ ssl3_AuthCertificate(sslSocket *ss) ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */ if (ss->ssl3.hs.kea_def->is_limited || /* XXX OR server cert is signing only. */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ ss->ssl3.hs.kea_def->exchKeyType == kt_dh) { ss->ssl3.hs.ws = wait_server_key; /* allow server_key_exchange */ } @@ -10565,7 +10565,7 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite; sid->u.ssl3.compression = ss->ssl3.hs.compression; sid->u.ssl3.policy = ss->ssl3.policy; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC sid->u.ssl3.negotiatedECCurves = ss->ssl3.hs.negotiatedECCurves; #endif sid->u.ssl3.exchKeyType = effectiveExchKeyType; @@ -11701,7 +11701,7 @@ ssl3_InitState(sslSocket *ss) ssl3_InitCipherSpec(ss, ss->ssl3.prSpec); ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss); #endif ssl_ReleaseSpecWriteLock(ss); diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c index 6380cfe3c8..37743a640a 100644 --- a/lib/ssl/ssl3ecc.c +++ b/lib/ssl/ssl3ecc.c @@ -30,7 +30,7 @@ #include -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #ifndef PK11_SETATTRS #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ @@ -1258,4 +1258,4 @@ ssl3_HandleSupportedCurvesXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) return SECFailure; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c index 1c8e8426a2..607171c4da 100644 --- a/lib/ssl/ssl3ext.c +++ b/lib/ssl/ssl3ext.c @@ -230,7 +230,7 @@ ssl3_GetSessionTicketKeys(const unsigned char **aes_key, /* This table is used by the server, to handle client hello extensions. */ static const ssl3HelloExtensionHandler clientHelloHandlers[] = { { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC { ssl_elliptic_curves_xtn, &ssl3_HandleSupportedCurvesXtn }, { ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn }, #endif @@ -272,7 +272,7 @@ static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, #endif @@ -2219,7 +2219,7 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) tls_hash_sha256, tls_sig_rsa, tls_hash_sha384, tls_sig_rsa, tls_hash_sha1, tls_sig_rsa, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC tls_hash_sha256, tls_sig_ecdsa, tls_hash_sha384, tls_sig_ecdsa, tls_hash_sha1, tls_sig_ecdsa, diff --git a/lib/ssl/sslcon.c b/lib/ssl/sslcon.c index 2763654e7f..891b409908 100644 --- a/lib/ssl/sslcon.c +++ b/lib/ssl/sslcon.c @@ -3101,7 +3101,7 @@ ssl2_BeginClientHandshake(sslSocket *ss) return rv; } -#if defined(NSS_ENABLE_ECC) +#ifndef NSS_DISABLE_ECC /* ensure we don't neogtiate ECC cipher suites with SSL2 hello */ ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */ if (ss->cipherSpecs != NULL) { @@ -3109,7 +3109,7 @@ ssl2_BeginClientHandshake(sslSocket *ss) ss->cipherSpecs = NULL; ss->sizeCipherSpecs = 0; } -#endif +#endif /* NSS_DISABLE_ECC */ if (!ss->cipherSpecs) { rv = ssl2_ConstructCipherSpecs(ss); diff --git a/lib/ssl/sslenum.c b/lib/ssl/sslenum.c index 0122907a72..b2daf86fc0 100644 --- a/lib/ssl/sslenum.c +++ b/lib/ssl/sslenum.c @@ -47,7 +47,7 @@ * the third one. */ const PRUint16 SSL_ImplementedCiphers[] = { -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before @@ -63,7 +63,7 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, @@ -80,7 +80,7 @@ const PRUint16 SSL_ImplementedCiphers[] = { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_RC4_128_SHA, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, @@ -89,7 +89,7 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, @@ -119,12 +119,12 @@ const PRUint16 SSL_ImplementedCiphers[] = { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* ciphersuites with no encryption */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ SSL_RSA_WITH_NULL_SHA, TLS_RSA_WITH_NULL_SHA256, SSL_RSA_WITH_NULL_MD5, diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h index 5f70d185b4..a1908f2848 100644 --- a/lib/ssl/sslimpl.h +++ b/lib/ssl/sslimpl.h @@ -288,11 +288,11 @@ typedef struct { #endif } ssl3CipherSuiteCfg; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #define ssl_V3_SUITES_IMPLEMENTED 61 #else #define ssl_V3_SUITES_IMPLEMENTED 37 -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ #define MAX_DTLS_SRTP_CIPHER_SUITES 4 @@ -653,9 +653,9 @@ struct sslSessionIDStr { SSL3KEAType exchKeyType; /* key type used in exchange algorithm, * and to wrap the sym wrapping key. */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PRUint32 negotiatedECCurves; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* The following values are NOT restored from the server's on-disk * session cache, but are restored from the client's cache. @@ -885,9 +885,9 @@ const ssl3CipherSuiteDef *suite_def; SSL3Finished sFinished[2]; SSL3Opaque data[72]; } finishedMsgs; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PRUint32 negotiatedECCurves; /* bit mask */ -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ PRBool authCertificatePending; /* Which function should SSL_RestartHandshake* call if we're blocked? @@ -1596,7 +1596,7 @@ int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags); */ extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss); extern PRBool ssl3_IsECCEnabled(sslSocket *ss); extern SECStatus ssl3_DisableECCSuites(sslSocket * ss, @@ -1651,7 +1651,7 @@ extern SECStatus ssl3_ECName2Params(PLArenaPool *arena, ECName curve, ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on); extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on); @@ -1686,7 +1686,7 @@ extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, extern SECStatus ssl_GetPeerInfo(sslSocket *ss); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* ECDH functions */ extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey); @@ -1771,7 +1771,7 @@ extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, const CERTCertificateList *certChain, ssl3KeyPair *keyPair, SSLKEAType kea); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss, diff --git a/lib/ssl/sslinfo.c b/lib/ssl/sslinfo.c index 89545e0c8c..da3e7b585e 100644 --- a/lib/ssl/sslinfo.c +++ b/lib/ssl/sslinfo.c @@ -171,7 +171,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = { {0,CS(SSL_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, }, {0,CS(SSL_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, }, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* ECC cipher suites */ {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, @@ -201,7 +201,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = { {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, }, {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, }, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* SSL 2 table */ {0,CK(SSL_CK_RC4_128_WITH_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, }, diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c index 35658d7dff..a32e3d5462 100644 --- a/lib/ssl/sslsecur.c +++ b/lib/ssl/sslsecur.c @@ -696,11 +696,11 @@ NSS_FindCertKEAType(CERTCertificate * cert) case SEC_OID_X942_DIFFIE_HELMAN_KEY: keaType = kt_dh; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case SEC_OID_ANSIX962_EC_PUBLIC_KEY: keaType = kt_ecdh; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: keaType = kt_null; } diff --git a/lib/ssl/sslt.h b/lib/ssl/sslt.h index fb25c6d725..f239765df4 100644 --- a/lib/ssl/sslt.h +++ b/lib/ssl/sslt.h @@ -181,7 +181,7 @@ typedef enum { typedef enum { ssl_server_name_xtn = 0, ssl_cert_status_xtn = 5, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC ssl_elliptic_curves_xtn = 10, ssl_ec_point_formats_xtn = 11, #endif diff --git a/tests/all.sh b/tests/all.sh index ee10852399..1af4faf884 100755 --- a/tests/all.sh +++ b/tests/all.sh @@ -59,7 +59,7 @@ # # Optional environment variables to enable specific NSS features: # --------------------------------------------------------------- -# NSS_ENABLE_ECC - enable ECC +# NSS_DISABLE_ECC - disable ECC # NSS_ECC_MORE_THAN_SUITE_B - enable extended ECC # # Optional environment variables to select which cycles/suites to test: diff --git a/tests/cert/cert.sh b/tests/cert/cert.sh index b710b689fb..ca858f50b4 100755 --- a/tests/cert/cert.sh +++ b/tests/cert/cert.sh @@ -46,7 +46,7 @@ cert_init() fi SCRIPTNAME="cert.sh" CRL_GRP_DATE=`date -u "+%Y%m%d%H%M%SZ"` - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then html_head "Certutil and Crlutil Tests with ECC" else html_head "Certutil and Crlutil Tests" @@ -292,7 +292,7 @@ cert_create_cert() return $RET fi - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Import EC Root CA for $CERTNAME" certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \ -d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-ec.ca.cert" 2>&1 @@ -340,7 +340,7 @@ cert_add_cert() # # Generate and add EC cert # - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CURVE="secp384r1" CU_ACTION="Generate EC Cert Request for $CERTNAME" CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" @@ -430,7 +430,7 @@ cert_all_CA() # root.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last # in the chain - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then # # Create EC version of TestCA CA_CURVE="secp521r1" @@ -671,7 +671,7 @@ cert_smime_client() certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \ -i ${R_EVEDIR}/Eve.cert 2>&1 - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: Importing EC Certificates ==============================" CU_ACTION="Import Bob's EC cert into Alice's db" certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \ @@ -742,7 +742,7 @@ cert_extended_ssl() certu -A -n "clientCA" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \ -i "${CLIENT_CADIR}/clientCA.ca.cert" 2>&1 - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then # # Repeat the above for EC certs # @@ -830,7 +830,7 @@ cert_extended_ssl() certu -A -n "serverCA" -t "C,C,C" -f "${R_PWFILE}" -d "${PROFILEDIR}" \ -i "${SERVER_CADIR}/serverCA.ca.cert" 2>&1 - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then # # Repeat the above for EC certs # @@ -920,7 +920,7 @@ cert_ssl() cert_add_cert CU_ACTION="Modify trust attributes of Root CA -t TC,TC,TC" certu -M -n "TestCA" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC" certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" fi @@ -1028,7 +1028,7 @@ cert_eccurves() { ################# Creating Certs for EC curves test ######################## # - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: Creating Server CA Issued Certificate for " echo " EC Curves Test Certificates ------------------------------------" @@ -1088,7 +1088,7 @@ cert_eccurves() fi done - fi # if NSS_ENABLE_ECC=1 + fi # $NSS_DISABLE_ECC } ########################### cert_extensions_test ############################# @@ -1227,7 +1227,7 @@ EOF_CRLINI CRL_GEN_RES=`expr $? + $CRL_GEN_RES` chmod 600 ${CRL_FILE_GRP_1}_or - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Generating CRL (ECC) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-ec authority" # Until Bug 292285 is resolved, do not encode x400 Addresses. After @@ -1260,7 +1260,7 @@ EOF_CRLINI CRL_GEN_RES=`expr $? + $CRL_GEN_RES` chmod 600 ${CRL_FILE_GRP_1}_or1 TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or" - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Modify CRL (ECC) by adding one more cert" crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} \ -o ${CRL_FILE_GRP_1}_or1-ec -i ${CRL_FILE_GRP_1}_or-ec <> $(RTSH) echo 'export BUILD_OPT=$(BUILD_OPT)' >> $(RTSH) echo 'export PKITS_DATA=$(PKITS_DATA)' >> $(RTSH) - echo 'export NSS_ENABLE_ECC=$(NSS_ENABLE_ECC)' >> $(RTSH) + echo 'export NSS_DISABLE_ECC=$(NSS_DISABLE_ECC)' >> $(RTSH) echo 'export NSS_ECC_MORE_THAN_SUITE_B=$(NSS_ECC_MORE_THAN_SUITE_B)' >> $(RTSH) echo 'export NSPR_LOG_MODULES=$(NSPR_LOG_MODULES)' >> $(RTSH) ifeq ($(OS_TARGET),Android) diff --git a/tests/smime/smime.sh b/tests/smime/smime.sh index cebbc68352..2360100de1 100755 --- a/tests/smime/smime.sh +++ b/tests/smime/smime.sh @@ -40,7 +40,7 @@ smime_init() fi SCRIPTNAME=smime.sh - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then html_head "S/MIME Tests with ECC" else html_head "S/MIME Tests" @@ -85,7 +85,7 @@ smime_sign() html_msg $? 0 "Compare Attached Signed Data and Original (${HASH})" "." # Test ECDSA signing for all hash algorithms. - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: Signing Detached Message ECDSA w/ {$HASH} ------------------" echo "cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}" ${PROFTOOL} ${BINDIR}/cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG} diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh index 9f6cbbc0ed..a2bccdf325 100755 --- a/tests/ssl/ssl.sh +++ b/tests/ssl/ssl.sh @@ -82,7 +82,7 @@ ssl_init() USER_NICKNAME=TestUser NORM_EXT="" - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then ECC_STRING=" - with ECC" else ECC_STRING="" @@ -202,7 +202,7 @@ start_selfserv() echo "$SCRIPTNAME: $testname ----" fi sparam=`echo $sparam | sed -e 's;_; ;g'` - if [ -n "$NSS_ENABLE_ECC" ] && \ + if [ -z "$NSS_DISABLE_ECC" ] && \ [ -z "$NO_ECC_CERTS" -o "$NO_ECC_CERTS" != "1" ] ; then ECC_OPTIONS="-e ${HOSTADDR}-ec" else @@ -258,7 +258,7 @@ ssl_cov() html_head "SSL Cipher Coverage $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING" testname="" - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then sparam="$CLONG" else sparam="$CSHORT" @@ -292,7 +292,7 @@ ssl_cov() if [ "$NORM_EXT" = "Extended Test" -a "${SSL2}" -eq 0 ] ; then echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" - elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then + elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" elif [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] && [ "$SSL2" -eq 0 -o "$EXP" -eq 0 ] ; then echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" @@ -374,7 +374,7 @@ ssl_auth() echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" - elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then + elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" elif [ "`echo $ectype | cut -b 1`" != "#" ]; then cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" ` @@ -557,7 +557,7 @@ ssl_stress() echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" - elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then + elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" elif [ "${SERVER_MODE}" = "fips" -o "${CLIENT_MODE}" = "fips" ] && [ "${SSL2}" -eq 0 ] ; then echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" @@ -623,7 +623,7 @@ ssl_crl_ssl() while read ectype value sparam cparam testname do [ "$ectype" = "" ] && continue - if [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then + if [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" elif [ "$ectype" = "SNI" ]; then continue @@ -816,7 +816,7 @@ ssl_crl_cache() while read ectype value sparam cparam testname do [ "$ectype" = "" ] && continue - if [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then + if [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" elif [ "$ectype" = "SNI" ]; then continue diff --git a/tests/tools/tools.sh b/tests/tools/tools.sh index a8341771bc..26abf3e4e7 100644 --- a/tests/tools/tools.sh +++ b/tests/tools/tools.sh @@ -76,7 +76,7 @@ tools_init() fi SCRIPTNAME=tools.sh - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then html_head "Tools Tests with ECC" else html_head "Tools Tests" @@ -372,7 +372,7 @@ tools_p12_export_list_import_with_default_ciphers() export_list_import "DEFAULT" "DEFAULT" - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------" echo "pk12util -o Alice-ec.p12 -n \"Alice-ec\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\" echo " -w ${R_PWFILE}"