Bug 1253912 - drop more than suite b support, r=mt,rrelyea

--HG-- extra : rebase_source : 808051c276a0e39d7f49918c2359f45a752d6096
sailfishos-mirror · Aug 3, 2016 · 7203698 · 7203698
1 parent 8e4303f
commit 7203698
Show file tree

Hide file tree

Showing 65 changed files with 200 additions and 7,737 deletions.
diff --git a/cmd/bltest/blapitest.c b/cmd/bltest/blapitest.c
@@ -145,23 +145,7 @@ Usage()
     PRINTUSAGE("", "-k", "file which contains key");
 #ifndef NSS_DISABLE_ECC
     PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:");
-    PRINTUSAGE("", "", "  sect163k1, nistk163, sect163r1, sect163r2,");
-    PRINTUSAGE("", "", "  nistb163, sect193r1, sect193r2, sect233k1, nistk233,");
-    PRINTUSAGE("", "", "  sect233r1, nistb233, sect239k1, sect283k1, nistk283,");
-    PRINTUSAGE("", "", "  sect283r1, nistb283, sect409k1, nistk409, sect409r1,");
-    PRINTUSAGE("", "", "  nistb409, sect571k1, nistk571, sect571r1, nistb571,");
-    PRINTUSAGE("", "", "  secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,");
-    PRINTUSAGE("", "", "  nistp192, secp224k1, secp224r1, nistp224, secp256k1,");
-    PRINTUSAGE("", "", "  secp256r1, nistp256, secp384r1, nistp384, secp521r1,");
-    PRINTUSAGE("", "", "  nistp521, prime192v1, prime192v2, prime192v3,");
-    PRINTUSAGE("", "", "  prime239v1, prime239v2, prime239v3, c2pnb163v1,");
-    PRINTUSAGE("", "", "  c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,");
-    PRINTUSAGE("", "", "  c2tnb191v2, c2tnb191v3, c2onb191v4, c2onb191v5,");
-    PRINTUSAGE("", "", "  c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,");
-    PRINTUSAGE("", "", "  c2onb239v4, c2onb239v5, c2pnb272w1, c2pnb304w1,");
-    PRINTUSAGE("", "", "  c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,");
-    PRINTUSAGE("", "", "  secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,");
-    PRINTUSAGE("", "", "  sect131r1, sect131r2, curve25519");
+    PRINTUSAGE("", "", "  nistp256, nistp384, nistp521");
 #endif
     PRINTUSAGE("", "-p", "do performance test");
     PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
@@ -415,9 +399,6 @@ typedef struct curveNameTagPairStr {
     SECOidTag curveOidTag;
 } CurveNameTagPair;
 
-#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
-/* #define DEFAULT_CURVE_OID_TAG  SEC_OID_SECG_EC_SECP160R1 */
-
 static CurveNameTagPair nameTagPair[] =
     {
       { "sect163k1", SEC_OID_SECG_EC_SECT163K1 },
@@ -1863,7 +1844,7 @@ bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
         cipherInfo->cipher.pubkeyCipher = ecdsa_signDigest;
     } else {
         /* Have to convert private key to public key.  Memory
-     * is freed with private key's arena  */
+         * is freed with private key's arena  */
         ECPublicKey *pubkey;
         ECPrivateKey *key = (ECPrivateKey *)asymk->privKey;
         pubkey = (ECPublicKey *)PORT_ArenaZAlloc(key->ecParams.arena,

diff --git a/cmd/bltest/tests/ecdsa/README b/cmd/bltest/tests/ecdsa/README
@@ -1,22 +1,4 @@
-0  secp160k1
-1  secp160r1
-2  secp160r2
-3  nistk163
-4  sect163r1
-5  nistb163
-6  secp192k1
-7  nistp192
-8  secp224k1
-9  nistp224
-10 nistk233
-11 nistb233
-12 nistp256
-13 nistk283
-14 nistb283
-15 nistp384
-16 nistk409
-17 nistb409
-18 nistk571
-19 nistb571
+0 nistp256
+1 nistp384
 # the following tests are not yet implemented
-#20 nistp521
+2 nistp521
diff --git a/cmd/bltest/tests/ecdsa/key0 b/cmd/bltest/tests/ecdsa/key0
@@ -1,2 +1,3 @@
-AAAABwYFK4EEAAkAAAApBPiF0ntSFtn41JULxlA1l/lHE/zUPGJWkCqtdOryS6yD
-WFCoF/IHwHsAAAAUcw+b2b1AJUlmezgu5EjmAGPC0YQ=
+AAAACgYIKoZIzj0DAQcAAABBBNGB7n4kH15tKA/SMpetaQVqg6WxIuuUuMQT2tDX
+NN5jKZfaxD47NsTjTr3x3D5t1qRBYuL6VtdgIuxBIHGG9dcAAAAgaGjyZBL+LN3a
+7NkGiHJBfqh7XKNH0AnPF3vFWpostIQ=
diff --git a/cmd/bltest/tests/ecdsa/key1 b/cmd/bltest/tests/ecdsa/key1
@@ -1,2 +1,4 @@
-AAAABwYFK4EEAAgAAAApBI80VWK9xatmkFRiDTcdeFQ0T9h3h6iVOinMURyWZw0T
-5vZqd8/gvwwAAAAUYOQMjDdtNSL5zY0nVWPWY+UJoqQ=
+AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGG
+r2VDwOfqb9tMninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lM
+q0RSVECCgdBOKIhB0H6VxAAAADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsA
+yALMCiXJqRVXwbq42WMuaELMW+g=
diff --git a/cmd/bltest/tests/ecdsa/key10 b/cmd/bltest/tests/ecdsa/key10
diff --git a/cmd/bltest/tests/ecdsa/key11 b/cmd/bltest/tests/ecdsa/key11
diff --git a/cmd/bltest/tests/ecdsa/key12 b/cmd/bltest/tests/ecdsa/key12
diff --git a/cmd/bltest/tests/ecdsa/key13 b/cmd/bltest/tests/ecdsa/key13
diff --git a/cmd/bltest/tests/ecdsa/key14 b/cmd/bltest/tests/ecdsa/key14
diff --git a/cmd/bltest/tests/ecdsa/key15 b/cmd/bltest/tests/ecdsa/key15
diff --git a/cmd/bltest/tests/ecdsa/key16 b/cmd/bltest/tests/ecdsa/key16
diff --git a/cmd/bltest/tests/ecdsa/key17 b/cmd/bltest/tests/ecdsa/key17
diff --git a/cmd/bltest/tests/ecdsa/key18 b/cmd/bltest/tests/ecdsa/key18
diff --git a/cmd/bltest/tests/ecdsa/key19 b/cmd/bltest/tests/ecdsa/key19
diff --git a/cmd/bltest/tests/ecdsa/key2 b/cmd/bltest/tests/ecdsa/key2
@@ -1,2 +1,5 @@
-AAAABwYFK4EEAB4AAAApBGouC+vgvmItzsLO4hXn+AXi3skEE+M19o/QHLfjibbA
-p7av8F4tcGgAAAAUmpQDUgnIkiXPBs0moD4jEmJHato=
+AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W
+jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my
+nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE
+MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt
+DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0=
diff --git a/cmd/bltest/tests/ecdsa/key20 b/cmd/bltest/tests/ecdsa/key20
diff --git a/cmd/bltest/tests/ecdsa/key3 b/cmd/bltest/tests/ecdsa/key3
diff --git a/cmd/bltest/tests/ecdsa/key4 b/cmd/bltest/tests/ecdsa/key4
diff --git a/cmd/bltest/tests/ecdsa/key5 b/cmd/bltest/tests/ecdsa/key5
diff --git a/cmd/bltest/tests/ecdsa/key6 b/cmd/bltest/tests/ecdsa/key6
diff --git a/cmd/bltest/tests/ecdsa/key7 b/cmd/bltest/tests/ecdsa/key7
diff --git a/cmd/bltest/tests/ecdsa/key8 b/cmd/bltest/tests/ecdsa/key8
diff --git a/cmd/bltest/tests/ecdsa/key9 b/cmd/bltest/tests/ecdsa/key9
diff --git a/cmd/certutil/certutil.c b/cmd/certutil/certutil.c
@@ -1262,8 +1262,8 @@ luG(enum usage_level ul, const char *command)
 #ifndef NSS_DISABLE_ECC
     FPS "%-20s Elliptic curve name (ec only)\n",
         "   -q curve-name");
-    FPS "%-20s One of nistp256, nistp384, nistp521, curve25519\n", "");
-#ifdef NSS_ECC_MORE_THAN_SUITE_B
+    FPS "%-20s One of nistp256, nistp384, nistp521, curve25519.\n", "");
+    FPS "%-20s If a custom token is present, the following curves are also supported:\n", "");
     FPS "%-20s sect163k1, nistk163, sect163r1, sect163r2,\n", "");
     FPS "%-20s nistb163, sect193r1, sect193r2, sect233k1, nistk233,\n", "");
     FPS "%-20s sect233r1, nistb233, sect239k1, sect283k1, nistk283,\n", "");
@@ -1281,7 +1281,6 @@ luG(enum usage_level ul, const char *command)
     FPS "%-20s c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, \n", "");
     FPS "%-20s secp112r2, secp128r1, secp128r2, sect113r1, sect113r2\n", "");
     FPS "%-20s sect131r1, sect131r2\n", "");
-#endif /* NSS_ECC_MORE_THAN_SUITE_B */
 #endif
     FPS "%-20s Key database directory (default is ~/.netscape)\n",
         "   -d keydir");

diff --git a/cmd/certutil/keystuff.c b/cmd/certutil/keystuff.c
@@ -393,9 +393,6 @@ typedef struct curveNameTagPairStr {
     SECOidTag curveOidTag;
 } CurveNameTagPair;
 
-#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
-/* #define DEFAULT_CURVE_OID_TAG  SEC_OID_SECG_EC_SECP160R1 */
-
 static CurveNameTagPair nameTagPair[] =
     {
       { "sect163k1", SEC_OID_SECG_EC_SECT163K1 },

diff --git a/cmd/ecperf/ecperf.c b/cmd/ecperf/ecperf.c
@@ -765,44 +765,11 @@ main(int argv, char **argc)
 
     /* specific arithmetic tests */
     if (nist) {
-#ifdef NSS_ECC_MORE_THAN_SUITE_B
-        ECTEST_NAMED_GFP("SECP-160K1", ECCurve_SECG_PRIME_160K1);
-        ECTEST_NAMED_GFP("NIST-P192", ECCurve_NIST_P192);
-        ECTEST_NAMED_GFP("NIST-P224", ECCurve_NIST_P224);
-#endif
         ECTEST_NAMED_GFP("NIST-P256", ECCurve_NIST_P256);
         ECTEST_NAMED_GFP("NIST-P384", ECCurve_NIST_P384);
         ECTEST_NAMED_GFP("NIST-P521", ECCurve_NIST_P521);
         ECTEST_NAMED_CUSTOM("Curve25519", ECCurve25519);
     }
-#ifdef NSS_ECC_MORE_THAN_SUITE_B
-    if (ansi) {
-        ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v1", ECCurve_X9_62_PRIME_192V1);
-        ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v2", ECCurve_X9_62_PRIME_192V2);
-        ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v3", ECCurve_X9_62_PRIME_192V3);
-        ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v1", ECCurve_X9_62_PRIME_239V1);
-        ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v2", ECCurve_X9_62_PRIME_239V2);
-        ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v3", ECCurve_X9_62_PRIME_239V3);
-        ECTEST_NAMED_GFP("ANSI X9.62 PRIME256v1", ECCurve_X9_62_PRIME_256V1);
-    }
-    if (secp) {
-        ECTEST_NAMED_GFP("SECP-112R1", ECCurve_SECG_PRIME_112R1);
-        ECTEST_NAMED_GFP("SECP-112R2", ECCurve_SECG_PRIME_112R2);
-        ECTEST_NAMED_GFP("SECP-128R1", ECCurve_SECG_PRIME_128R1);
-        ECTEST_NAMED_GFP("SECP-128R2", ECCurve_SECG_PRIME_128R2);
-        ECTEST_NAMED_GFP("SECP-160K1", ECCurve_SECG_PRIME_160K1);
-        ECTEST_NAMED_GFP("SECP-160R1", ECCurve_SECG_PRIME_160R1);
-        ECTEST_NAMED_GFP("SECP-160R2", ECCurve_SECG_PRIME_160R2);
-        ECTEST_NAMED_GFP("SECP-192K1", ECCurve_SECG_PRIME_192K1);
-        ECTEST_NAMED_GFP("SECP-192R1", ECCurve_SECG_PRIME_192R1);
-        ECTEST_NAMED_GFP("SECP-224K1", ECCurve_SECG_PRIME_224K1);
-        ECTEST_NAMED_GFP("SECP-224R1", ECCurve_SECG_PRIME_224R1);
-        ECTEST_NAMED_GFP("SECP-256K1", ECCurve_SECG_PRIME_256K1);
-        ECTEST_NAMED_GFP("SECP-256R1", ECCurve_SECG_PRIME_256R1);
-        ECTEST_NAMED_GFP("SECP-384R1", ECCurve_SECG_PRIME_384R1);
-        ECTEST_NAMED_GFP("SECP-521R1", ECCurve_SECG_PRIME_521R1);
-    }
-#endif
 
 cleanup:
     rv |= SECOID_Shutdown();

diff --git a/coreconf/config.mk b/coreconf/config.mk
@@ -150,10 +150,6 @@ ifdef NSS_DISABLE_ECC
 DEFINES += -DNSS_DISABLE_ECC
 endif
 
-ifdef NSS_ECC_MORE_THAN_SUITE_B
-DEFINES += -DNSS_ECC_MORE_THAN_SUITE_B
-endif
-
 ifdef NSS_ALLOW_UNSUPPORTED_CRITICAL
 DEFINES += -DNSS_ALLOW_UNSUPPORTED_CRITICAL
 endif

diff --git a/doc/certutil.xml b/doc/certutil.xml
@@ -314,28 +314,27 @@ Add one or multiple extensions that certutil cannot encode yet, by loading their
         <term>-q pqgfile or curve-name</term>
         <listitem>
         <para>Read an alternate PQG value from the specified file when generating DSA key pairs. If this argument is not used, <command>certutil</command> generates its own PQG value. PQG files are created with a separate DSA utility.</para>
-        <para>Elliptic curve name is one of the ones from SUITE B: nistp256, nistp384, nistp521</para>
+        <para>Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519.</para>
         <para>
-           If NSS has been compiled with support curves outside of SUITE B:
-              sect163k1, nistk163, sect163r1, sect163r2,            
-              nistb163,  sect193r1, sect193r2, sect233k1, nistk233,            
-              sect233r1, nistb233, sect239k1, sect283k1, nistk283,            
-              sect283r1, nistb283, sect409k1, nistk409, sect409r1,            
-              nistb409,  sect571k1, nistk571, sect571r1, nistb571,            
-              secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,            
-              nistp192,  secp224k1, secp224r1, nistp224, secp256k1,            
-              secp256r1, secp384r1, secp521r1,       
-              prime192v1, prime192v2, prime192v3,          
-              prime239v1, prime239v2, prime239v3, c2pnb163v1,             
-              c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,             
-              c2tnb191v2, c2tnb191v3,              
-              c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,             
-              c2pnb272w1, c2pnb304w1,             
-              c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,             
-              secp112r2, secp128r1, secp128r2, sect113r1, sect113r2            
-              sect131r1, sect131r2    
+           If a token is available that supports more curves, the foolowing curves are supported as well:
+           sect163k1, nistk163, sect163r1, sect163r2,
+           nistb163,  sect193r1, sect193r2, sect233k1, nistk233,
+           sect233r1, nistb233, sect239k1, sect283k1, nistk283,
+           sect283r1, nistb283, sect409k1, nistk409, sect409r1,
+           nistb409,  sect571k1, nistk571, sect571r1, nistb571,
+           secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,
+           nistp192,  secp224k1, secp224r1, nistp224, secp256k1,
+           secp256r1, secp384r1, secp521r1,
+           prime192v1, prime192v2, prime192v3,
+           prime239v1, prime239v2, prime239v3, c2pnb163v1,
+           c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,
+           c2tnb191v2, c2tnb191v3,
+           c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,
+           c2pnb272w1, c2pnb304w1,
+           c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,
+           secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,
+           sect131r1, sect131r2
         </para>
-
         </listitem>
 
       </varlistentry>