Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 1652729 - Add build flag to disable RC2 and relocate to lib/freeb…
…l/deprecated. r=kjacobs

Differential Revision: https://phabricator.services.mozilla.com/D83494

--HG--
rename : lib/freebl/alg2268.c => lib/freebl/deprecated/alg2268.c
extra : moz-landing-system : lando
  • Loading branch information
beurdouche committed Jul 24, 2020
1 parent 189d45b commit 95e58de
Show file tree
Hide file tree
Showing 11 changed files with 139 additions and 13 deletions.
26 changes: 23 additions & 3 deletions cmd/bltest/blapitest.c
Expand Up @@ -608,9 +608,11 @@ typedef enum {
bltestDES_CBC, /* . */
bltestDES_EDE_ECB, /* . */
bltestDES_EDE_CBC, /* . */
bltestRC2_ECB, /* . */
bltestRC2_CBC, /* . */
bltestRC4, /* . */
#ifndef NSS_DISABLE_DEPRECATED_RC2
bltestRC2_ECB, /* . */
bltestRC2_CBC, /* . */
#endif
bltestRC4, /* . */
#ifdef NSS_SOFTOKEN_DOES_RC5
bltestRC5_ECB, /* . */
bltestRC5_CBC, /* . */
Expand Down Expand Up @@ -648,8 +650,10 @@ static char *mode_strings[] =
"des_cbc",
"des3_ecb",
"des3_cbc",
#ifndef NSS_DISABLE_DEPRECATED_RC2
"rc2_ecb",
"rc2_cbc",
#endif
"rc4",
#ifdef NSS_SOFTOKEN_DOES_RC5
"rc5_ecb",
Expand Down Expand Up @@ -879,7 +883,9 @@ cipher_requires_IV(bltestCipherMode mode)
switch (mode) {
case bltestDES_CBC:
case bltestDES_EDE_CBC:
#ifndef NSS_DISABLE_DEPRECATED_RC2
case bltestRC2_CBC:
#endif
#ifdef NSS_SOFTOKEN_DOES_RC5
case bltestRC5_CBC:
#endif
Expand Down Expand Up @@ -1088,6 +1094,7 @@ des_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
input, inputLen);
}

#ifndef NSS_DISABLE_DEPRECATED_RC2
SECStatus
rc2_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
unsigned int maxOutputLen, const unsigned char *input,
Expand All @@ -1105,6 +1112,7 @@ rc2_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
return RC2_Decrypt((RC2Context *)cx, output, outputLen, maxOutputLen,
input, inputLen);
}
#endif /* NSS_DISABLE_DEPRECATED_RC2 */

SECStatus
rc4_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
Expand Down Expand Up @@ -1373,6 +1381,7 @@ bltest_des_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
return SECSuccess;
}

#ifndef NSS_DISABLE_DEPRECATED_RC2
SECStatus
bltest_rc2_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
{
Expand Down Expand Up @@ -1418,6 +1427,7 @@ bltest_rc2_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
cipherInfo->cipher.symmkeyCipher = rc2_Decrypt;
return SECSuccess;
}
#endif /* NSS_DISABLE_DEPRECATED_RC2 */

SECStatus
bltest_rc4_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
Expand Down Expand Up @@ -2259,12 +2269,14 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
cipherInfo->input.pBuf.len);
return bltest_des_init(cipherInfo, encrypt);
break;
#ifndef NSS_DISABLE_DEPRECATED_RC2
case bltestRC2_ECB:
case bltestRC2_CBC:
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
cipherInfo->input.pBuf.len);
return bltest_rc2_init(cipherInfo, encrypt);
break;
#endif /* NSS_DISABLE_DEPRECATED_RC2 */
case bltestRC4:
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
cipherInfo->input.pBuf.len);
Expand Down Expand Up @@ -2613,10 +2625,12 @@ cipherFinish(bltestCipherInfo *cipherInfo)
cipherInfo->cx,
PR_TRUE);
break;
#ifndef NSS_DISABLE_DEPRECATED_RC2
case bltestRC2_ECB:
case bltestRC2_CBC:
RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE);
break;
#endif /* NSS_DISABLE_DEPRECATED_RC2 */
case bltestRC4:
RC4_DestroyContext((RC4Context *)cipherInfo->cx, PR_TRUE);
break;
Expand Down Expand Up @@ -2769,8 +2783,10 @@ dump_performance_info(bltestCipherInfo *infoList, double totalTimeInt,
case bltestSEED_ECB:
case bltestSEED_CBC:
#endif
#ifndef NSS_DISABLE_DEPRECATED_RC2
case bltestRC2_ECB:
case bltestRC2_CBC:
#endif
case bltestRC4:
if (td)
fprintf(stdout, "%8s", "symmkey");
Expand Down Expand Up @@ -2954,7 +2970,9 @@ get_params(PLArenaPool *arena, bltestParams *params,
load_file_data(arena, &params->ask.aad, filename, bltestBinary);
case bltestDES_CBC:
case bltestDES_EDE_CBC:
#ifndef NSS_DISABLE_DEPRECATED_RC2
case bltestRC2_CBC:
#endif
case bltestAES_CBC:
case bltestAES_CTS:
case bltestAES_CTR:
Expand All @@ -2966,7 +2984,9 @@ get_params(PLArenaPool *arena, bltestParams *params,
load_file_data(arena, &params->sk.iv, filename, bltestBinary);
case bltestDES_ECB:
case bltestDES_EDE_ECB:
#ifndef NSS_DISABLE_DEPRECATED_RC2
case bltestRC2_ECB:
#endif
case bltestRC4:
case bltestAES_ECB:
case bltestCAMELLIA_ECB:
Expand Down
6 changes: 6 additions & 0 deletions coreconf/config.gypi
Expand Up @@ -101,6 +101,7 @@
'disable_tests%': 0,
'disable_chachapoly%': 0,
'disable_deprecated_seed%': 0,
'disable_deprecated_rc2%': 0,
'disable_dbm%': 1,
'disable_libpkix%': 1,
'disable_werror%': 0,
Expand Down Expand Up @@ -576,6 +577,11 @@
'NSS_DISABLE_DEPRECATED_SEED',
],
}],
[ 'disable_deprecated_rc2==1', {
'defines': [
'NSS_DISABLE_DEPRECATED_RC2',
],
}],
],
},
# Common settings for debug should go here.
Expand Down
4 changes: 4 additions & 0 deletions coreconf/config.mk
Expand Up @@ -162,6 +162,10 @@ ifdef NSS_DISABLE_DEPRECATED_SEED
DEFINES += -DNSS_DISABLE_DEPRECATED_SEED
endif

ifdef NSS_DISABLE_DEPRECATED_RC2
DEFINES += -DNSS_DISABLE_DEPRECATED_RC2
endif

ifdef NSS_PKIX_NO_LDAP
DEFINES += -DNSS_PKIX_NO_LDAP
endif
Expand Down
6 changes: 3 additions & 3 deletions lib/freebl/alg2268.c → lib/freebl/deprecated/alg2268.c
Expand Up @@ -6,11 +6,11 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#include "../stubs.h"
#endif

#include "blapi.h"
#include "blapii.h"
#include "../blapi.h"
#include "../blapii.h"
#include "secerr.h"
#ifdef XP_UNIX_XXX
#include <stddef.h> /* for ptrdiff_t */
Expand Down
6 changes: 5 additions & 1 deletion lib/freebl/freebl_base.gypi
Expand Up @@ -4,7 +4,6 @@
{
'sources': [
'aeskeywrap.c',
'alg2268.c',
'cmac.c',
'alghmac.c',
'arcfive.c',
Expand Down Expand Up @@ -167,6 +166,11 @@
'deprecated/seed.c',
],
}],
[ 'disable_deprecated_rc2==0', {
'sources': [
'deprecated/alg2268.c',
],
}],
[ 'fuzz==1', {
'sources!': [ 'drbg.c' ],
'sources': [ 'det_rng.c' ],
Expand Down
15 changes: 15 additions & 0 deletions lib/freebl/ldvector.c
Expand Up @@ -48,10 +48,17 @@ static const struct FREEBLVectorStr vector =
RC4_DestroyContext,
RC4_Encrypt,
RC4_Decrypt,
#ifndef NSS_DISABLE_DEPRECATED_RC2
RC2_CreateContext,
RC2_DestroyContext,
RC2_Encrypt,
RC2_Decrypt,
#else
(F_RC2_CreateContext)FREEBL_Deprecated,
(F_RC2_DestroyContext)FREEBL_Deprecated,
(F_RC2_Encrypt)FREEBL_Deprecated,
(F_RC2_Decrypt)FREEBL_Deprecated,
#endif
RC5_CreateContext,
RC5_DestroyContext,
RC5_Encrypt,
Expand Down Expand Up @@ -175,13 +182,21 @@ static const struct FREEBLVectorStr vector =
AES_InitContext,
AESKeyWrap_InitContext,
DES_InitContext,
#ifndef NSS_DISABLE_DEPRECATED_RC2
RC2_InitContext,
#else
(F_RC2_InitContext)FREEBL_Deprecated,
#endif
RC4_InitContext,

AES_AllocateContext,
AESKeyWrap_AllocateContext,
DES_AllocateContext,
#ifndef NSS_DISABLE_DEPRECATED_RC2
RC2_AllocateContext,
#else
(F_RC2_AllocateContext)FREEBL_Deprecated,
#endif
RC4_AllocateContext,

MD2_Clone,
Expand Down
24 changes: 24 additions & 0 deletions lib/freebl/loader.c
Expand Up @@ -280,15 +280,23 @@ RC2_CreateContext(const unsigned char *key, unsigned int len,
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return NULL;
#ifndef NSS_DISABLE_DEPRECATED_RC2
return (vector->p_RC2_CreateContext)(key, len, iv, mode, effectiveKeyLen);
#else
return NULL;
#endif
}

void
RC2_DestroyContext(RC2Context *cx, PRBool freeit)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return;
#ifndef NSS_DISABLE_DEPRECATED_RC2
(vector->p_RC2_DestroyContext)(cx, freeit);
#else
return;
#endif
}

SECStatus
Expand All @@ -298,8 +306,12 @@ RC2_Encrypt(RC2Context *cx, unsigned char *output, unsigned int *outputLen,
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
#ifndef NSS_DISABLE_DEPRECATED_RC2
return (vector->p_RC2_Encrypt)(cx, output, outputLen, maxOutputLen, input,
inputLen);
#else
return SECFailure;
#endif
}

SECStatus
Expand All @@ -309,8 +321,12 @@ RC2_Decrypt(RC2Context *cx, unsigned char *output, unsigned int *outputLen,
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
#ifndef NSS_DISABLE_DEPRECATED_RC2
return (vector->p_RC2_Decrypt)(cx, output, outputLen, maxOutputLen, input,
inputLen);
#else
return SECFailure;
#endif
}

RC5Context *
Expand Down Expand Up @@ -1307,7 +1323,11 @@ RC2_AllocateContext(void)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return NULL;
#ifndef NSS_DISABLE_DEPRECATED_RC2
return (vector->p_RC2_AllocateContext)();
#else
return NULL;
#endif
}

RC4Context *
Expand Down Expand Up @@ -1371,8 +1391,12 @@ RC2_InitContext(RC2Context *cx, const unsigned char *key,
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
#ifndef NSS_DISABLE_DEPRECATED_RC2
return (vector->p_RC2_InitContext)(cx, key, keylen, iv, mode,
effectiveKeyLen, xtra);
#else
return SECFailure;
#endif
}

SECStatus
Expand Down
26 changes: 26 additions & 0 deletions lib/freebl/loader.h
Expand Up @@ -888,3 +888,29 @@ typedef SECStatus (*F_SEED_Decrypt)(SEEDContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);
#endif

#ifdef NSS_DISABLE_DEPRECATED_RC2
typedef RC2Context *(*F_RC2_CreateContext)(const unsigned char *key,
unsigned int len, const unsigned char *iv,
int mode, unsigned effectiveKeyLen);

typedef void (*F_RC2_DestroyContext)(RC2Context *cx, PRBool freeit);

typedef SECStatus (*F_RC2_Encrypt)(RC2Context *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);

typedef SECStatus (*F_RC2_Decrypt)(RC2Context *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);

typedef SECStatus (*F_RC2_InitContext)(RC2Context *cx,
const unsigned char *key,
unsigned int keylen,
const unsigned char *iv,
int mode,
unsigned int effectiveKeyLen,
unsigned int);

typedef RC2Context *(*F_RC2_AllocateContext)(void);
#endif
5 changes: 4 additions & 1 deletion lib/freebl/manifest.mn
Expand Up @@ -123,7 +123,6 @@ CSRCS = \
cmac.c \
alghmac.c \
rawhash.c \
alg2268.c \
arcfour.c \
arcfive.c \
crypto_primitives.c \
Expand Down Expand Up @@ -164,6 +163,10 @@ ifndef NSS_DISABLE_DEPRECATED_SEED
CSRCS += deprecated/seed.c
endif

ifndef NSS_DISABLE_DEPRECATED_RC2
CSRCS += deprecated/alg2268.c
endif

ALL_CSRCS := $(CSRCS)

ALL_HDRS = \
Expand Down

0 comments on commit 95e58de

Please sign in to comment.