1 diff -up ./mozilla/security/coreconf/Linux.mk.nosha224 ./mozilla/security/coreconf/Linux.mk
2 --- ./mozilla/security/coreconf/Linux.mk.nosha224 2011-12-04 22:03:47.295609957 -0800
3 +++ ./mozilla/security/coreconf/Linux.mk 2011-12-04 22:03:47.301609957 -0800
4 @@ -188,6 +188,14 @@ NSSUTIL_LIBS = -lnssutil3
6 FREEBL_LIBS = -lfreebl3
9 +# Don't compile code that requires SHA224 if it isn't avilable
10 +# Such is the case when system freebl/softokn is the 3.12 one
12 +ifdef NO_SHA224_AVAILABLE
13 +CFLAGS+=-DNO_SHA224_AVAILABLE
16 # The -rpath '$$ORIGIN' linker option instructs this library to search for its
17 # dependencies in the same directory where it resides.
18 ifeq ($(BUILD_SUN_PKG), 1)
19 diff -up ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 ./mozilla/security/nss/cmd/bltest/blapitest.c
20 --- ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 2011-09-16 12:16:50.000000000 -0700
21 +++ ./mozilla/security/nss/cmd/bltest/blapitest.c 2011-12-04 22:03:47.302609957 -0800
22 @@ -686,7 +686,9 @@ typedef enum {
23 bltestMD2, /* Hash algorithms */
26 +#ifndef NO_SHA224_AVAILABLE
32 @@ -721,7 +723,9 @@ static char *mode_strings[] =
36 +#ifndef NO_SHA224_AVAILABLE
42 @@ -1761,6 +1765,7 @@ finish:
46 +#ifndef NO_SHA224_AVAILABLE
48 SHA224_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
50 @@ -1800,6 +1805,7 @@ finish:
51 SHA224_DestroyContext(cx, PR_TRUE);
57 SHA256_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
58 @@ -2093,6 +2099,7 @@ cipherInit(bltestCipherInfo *cipherInfo,
59 cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf;
62 +#ifndef NO_SHA224_AVAILABLE
64 restart = cipherInfo->params.hash.restart;
65 SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
66 @@ -2100,6 +2107,7 @@ cipherInit(bltestCipherInfo *cipherInfo,
67 cipherInfo->cipher.hashCipher = (restart) ? SHA224_restart
73 restart = cipherInfo->params.hash.restart;
74 @@ -2542,7 +2550,9 @@ cipherFinish(bltestCipherInfo *cipherInf
75 case bltestMD2: /* hash contexts are ephemeral */
78 +#ifndef NO_SHA224_AVAILABLE
84 @@ -2896,7 +2906,9 @@ get_params(PRArenaPool *arena, bltestPar
88 +#ifndef NO_SHA224_AVAILABLE
94 diff -up ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224 ./mozilla/security/nss/cmd/chktest/chktest.c
95 --- ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224 2010-12-06 09:22:49.000000000 -0800
96 +++ ./mozilla/security/nss/cmd/chktest/chktest.c 2011-12-04 22:03:47.304609957 -0800
101 +#ifdef NO_SHA224_AVAILABLE
102 +PRBool BLAPI_SHVerifyFile(const char *shName);
107 fprintf(stderr, "Usage: chktest <full-path-to-shared-library>\n");
108 diff -up ./mozilla/security/nss/cmd/lib/secutil.c.nosha224 ./mozilla/security/nss/cmd/lib/secutil.c
109 --- ./mozilla/security/nss/cmd/lib/secutil.c.nosha224 2011-10-22 07:35:41.000000000 -0700
110 +++ ./mozilla/security/nss/cmd/lib/secutil.c 2011-12-04 22:03:47.305609957 -0800
111 @@ -86,6 +86,14 @@ static char consoleName[] = {
115 +/* Defined in ./mozilla/dist/public/nss/certdb.h which was included
116 + * and also in ./mozilla/security/nss/lib/softoken/legacydb/pcertt.h
117 + * but invisible here for some reason
119 +#ifndef CERTDB_TERMINAL_RECORD
120 +#define CERTDB_TERMINAL_RECORD (1<<0)
125 SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...)
126 @@ -1509,6 +1517,8 @@ const SEC_ASN1Template secuPBEV2Params[]
130 +/* if no sha224 then no psapss either */
131 +#ifndef NO_SHA224_AVAILABLE
133 secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level)
135 @@ -1572,6 +1582,7 @@ secu_PrintRSAPSSParams(FILE *out, SECIte
137 PORT_FreeArena(pool, PR_FALSE);
142 secu_PrintKDF2Params(FILE *out, SECItem *value, char *m, int level)
143 @@ -1684,10 +1695,12 @@ SECU_PrintAlgorithmID(FILE *out, SECAlgo
147 +#ifndef NO_SHA224_AVAILABLE
148 if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
149 secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level+1);
154 if (a->parameters.len == 0
155 || (a->parameters.len == 2
156 @@ -3763,8 +3776,10 @@ SECU_StringToSignatureAlgTag(const char
157 hashAlgTag = SEC_OID_MD5;
158 } else if (!PL_strcmp(alg, "SHA1")) {
159 hashAlgTag = SEC_OID_SHA1;
160 +#ifndef NO_SHA224_AVAILABLE
161 } else if (!PL_strcmp(alg, "SHA224")) {
162 hashAlgTag = SEC_OID_SHA224;
164 } else if (!PL_strcmp(alg, "SHA256")) {
165 hashAlgTag = SEC_OID_SHA256;
166 } else if (!PL_strcmp(alg, "SHA384")) {
167 diff -up ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224 ./mozilla/security/nss/cmd/pk11mode/pk11mode.c
168 --- ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224 2011-12-04 22:07:27.230604899 -0800
169 +++ ./mozilla/security/nss/cmd/pk11mode/pk11mode.c 2011-12-04 22:10:06.365601241 -0800
170 @@ -883,21 +883,27 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR
172 mech_str digestMechs[] = {
173 {CKM_SHA_1, "CKM_SHA_1 "},
174 +#ifndef NO_SHA224_AVAILABLE
175 {CKM_SHA224, "CKM_SHA224"},
177 {CKM_SHA256, "CKM_SHA256"},
178 {CKM_SHA384, "CKM_SHA384"},
179 {CKM_SHA512, "CKM_SHA512"}
181 mech_str hmacMechs[] = {
182 {CKM_SHA_1_HMAC, "CKM_SHA_1_HMAC"},
183 +#ifndef NO_SHA224_AVAILABLE
184 {CKM_SHA224_HMAC, "CKM_SHA224_HMAC"},
186 {CKM_SHA256_HMAC, "CKM_SHA256_HMAC"},
187 {CKM_SHA384_HMAC, "CKM_SHA384_HMAC"},
188 {CKM_SHA512_HMAC, "CKM_SHA512_HMAC"}
190 mech_str sigRSAMechs[] = {
191 {CKM_SHA1_RSA_PKCS, "CKM_SHA1_RSA_PKCS"},
192 +#ifndef NO_SHA224_AVAILABLE
193 {CKM_SHA224_RSA_PKCS, "CKM_SHA224_RSA_PKCS"},
195 {CKM_SHA256_RSA_PKCS, "CKM_SHA256_RSA_PKCS"},
196 {CKM_SHA384_RSA_PKCS, "CKM_SHA384_RSA_PKCS"},
197 {CKM_SHA512_RSA_PKCS, "CKM_SHA512_RSA_PKCS"}
198 diff -up ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224 ./mozilla/security/nss/lib/cryptohi/sechash.c
199 --- ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224 2011-06-21 15:47:54.000000000 -0700
200 +++ ./mozilla/security/nss/lib/cryptohi/sechash.c 2011-12-04 22:03:47.306609957 -0800
201 @@ -91,10 +91,12 @@ sha1_NewContext(void) {
202 return (void *) PK11_CreateDigestContext(SEC_OID_SHA1);
205 +#ifndef NO_SHA224_AVAILABLE
207 sha224_NewContext(void) {
208 return (void *) PK11_CreateDigestContext(SEC_OID_SHA224);
213 sha256_NewContext(void) {
214 @@ -189,6 +191,7 @@ const SECHashObject SECHashObjects[] = {
218 +#ifndef NO_SHA224_AVAILABLE
220 (void * (*)(void)) sha224_NewContext,
221 (void * (*)(void *)) PK11_CloneContext,
222 @@ -200,6 +203,7 @@ const SECHashObject SECHashObjects[] = {
229 const SECHashObject *
230 @@ -217,7 +221,9 @@ HASH_GetHashTypeByOidTag(SECOidTag hashO
231 case SEC_OID_MD2: ht = HASH_AlgMD2; break;
232 case SEC_OID_MD5: ht = HASH_AlgMD5; break;
233 case SEC_OID_SHA1: ht = HASH_AlgSHA1; break;
234 +#ifndef NO_SHA224_AVAILABLE
235 case SEC_OID_SHA224: ht = HASH_AlgSHA224; break;
237 case SEC_OID_SHA256: ht = HASH_AlgSHA256; break;
238 case SEC_OID_SHA384: ht = HASH_AlgSHA384; break;
239 case SEC_OID_SHA512: ht = HASH_AlgSHA512; break;
240 @@ -237,7 +243,9 @@ HASH_GetHashOidTagByHMACOidTag(SECOidTag
241 /* no oid exists for HMAC_MD2 */
242 /* NSS does not define a oid for HMAC_MD4 */
243 case SEC_OID_HMAC_SHA1: hashOid = SEC_OID_SHA1; break;
244 +#ifndef NO_SHA224_AVAILABLE
245 case SEC_OID_HMAC_SHA224: hashOid = SEC_OID_SHA224; break;
247 case SEC_OID_HMAC_SHA256: hashOid = SEC_OID_SHA256; break;
248 case SEC_OID_HMAC_SHA384: hashOid = SEC_OID_SHA384; break;
249 case SEC_OID_HMAC_SHA512: hashOid = SEC_OID_SHA512; break;
250 @@ -257,7 +265,9 @@ HASH_GetHMACOidTagByHashOidTag(SECOidTag
251 /* no oid exists for HMAC_MD2 */
252 /* NSS does not define a oid for HMAC_MD4 */
253 case SEC_OID_SHA1: hmacOid = SEC_OID_HMAC_SHA1; break;
254 +#ifndef NO_SHA224_AVAILABLE
255 case SEC_OID_SHA224: hmacOid = SEC_OID_HMAC_SHA224; break;
257 case SEC_OID_SHA256: hmacOid = SEC_OID_HMAC_SHA256; break;
258 case SEC_OID_SHA384: hmacOid = SEC_OID_HMAC_SHA384; break;
259 case SEC_OID_SHA512: hmacOid = SEC_OID_HMAC_SHA512; break;
260 diff -up ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224 ./mozilla/security/nss/lib/cryptohi/seckey.c
261 --- ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224 2011-10-22 07:35:42.000000000 -0700
262 +++ ./mozilla/security/nss/lib/cryptohi/seckey.c 2011-12-04 22:03:47.307609957 -0800
263 @@ -550,7 +550,9 @@ seckey_GetKeyType (SECOidTag tag) {
264 * should be handing us a cipher type */
265 case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
266 case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
267 +#ifndef NO_SHA224_AVAILABLE
268 case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
270 case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
271 case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
272 case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
273 diff -up ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224 ./mozilla/security/nss/lib/cryptohi/secvfy.c
274 --- ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224 2011-10-22 07:35:42.000000000 -0700
275 +++ ./mozilla/security/nss/lib/cryptohi/secvfy.c 2011-12-04 22:03:47.307609957 -0800
276 @@ -240,11 +240,12 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
277 case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
278 *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */
281 +#ifndef NO_SHA224_AVAILABLE
282 case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
283 case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
284 *hashalg = SEC_OID_SHA224;
287 case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
288 case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
289 *hashalg = SEC_OID_SHA256;
290 @@ -279,8 +280,10 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
291 len = SECKEY_PublicKeyStrength(key);
292 if (len < 28) { /* 28 bytes == 224 bits */
293 *hashalg = SEC_OID_SHA1;
294 +#ifndef NO_SHA224_AVAILABLE
295 } else if (len < 32) { /* 32 bytes == 256 bits */
296 *hashalg = SEC_OID_SHA224;
298 } else if (len < 48) { /* 48 bytes == 384 bits */
299 *hashalg = SEC_OID_SHA256;
300 } else if (len < 64) { /* 48 bytes == 512 bits */
301 @@ -325,7 +328,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
302 case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
303 case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
304 case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
305 +#ifndef NO_SHA224_AVAILABLE
306 case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
308 case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
309 case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
310 case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
311 @@ -347,7 +352,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
312 *encalg = SEC_OID_MISSI_DSS;
314 case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
315 +#ifndef NO_SHA224_AVAILABLE
316 case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
318 case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
319 case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
320 case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
321 diff -up ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 ./mozilla/security/nss/lib/freebl/blapi.h
322 --- ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 2011-10-04 15:05:53.000000000 -0700
323 +++ ./mozilla/security/nss/lib/freebl/blapi.h 2011-12-04 22:03:47.308609957 -0800
324 @@ -1088,7 +1088,7 @@ extern SHA1Context * SHA1_Resurrect(unsi
325 extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src);
327 /******************************************/
329 +#ifndef NO_SHA224_AVAILABLE
330 extern SHA224Context *SHA224_NewContext(void);
331 extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit);
332 extern void SHA224_Begin(SHA224Context *cx);
333 @@ -1104,6 +1104,7 @@ extern unsigned int SHA224_FlattenSize(S
334 extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space);
335 extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg);
336 extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src);
339 /******************************************/
341 diff -up ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224 ./mozilla/security/nss/lib/freebl/ldvector.c
342 --- ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224 2011-10-04 15:05:53.000000000 -0700
343 +++ ./mozilla/security/nss/lib/freebl/ldvector.c 2011-12-04 22:03:47.309609957 -0800
344 @@ -270,7 +270,7 @@ static const struct FREEBLVectorStr vect
349 +#ifndef NO_SHA224_AVAILABLE
350 /* End of Version 3.012 */
353 @@ -287,7 +287,7 @@ static const struct FREEBLVectorStr vect
359 /* End of Version 3.013 */
362 diff -up ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224 ./mozilla/security/nss/lib/freebl/nsslowhash.c
363 --- ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224 2010-09-09 17:42:36.000000000 -0700
364 +++ ./mozilla/security/nss/lib/freebl/nsslowhash.c 2011-12-04 22:03:47.309609957 -0800
365 @@ -128,14 +128,14 @@ freebl_fips_SHA_PowerUpSelfTest( void )
366 0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b,
367 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
368 0xe0,0x68,0x47,0x7a};
370 +#ifndef NO_SHA224_AVAILABLE
371 /* SHA-224 Known Digest Message (224-bits). */
372 static const PRUint8 sha224_known_digest[] = {
373 0x1c,0xc3,0x06,0x8e,0xce,0x37,0x68,0xfb,
374 0x1a,0x82,0x4a,0xbe,0x2b,0x00,0x51,0xf8,
375 0x9d,0xb6,0xe0,0x90,0x0d,0x00,0xc9,0x64,
376 0x9a,0xb8,0x98,0x4e};
379 /* SHA-256 Known Digest Message (256-bits). */
380 static const PRUint8 sha256_known_digest[] = {
381 0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61,
382 @@ -178,7 +178,7 @@ freebl_fips_SHA_PowerUpSelfTest( void )
383 ( PORT_Memcmp( sha_computed_digest, sha1_known_digest,
384 SHA1_LENGTH ) != 0 ) )
385 return( CKR_DEVICE_ERROR );
387 +#ifndef NO_SHA224_AVAILABLE
388 /***************************************************/
389 /* SHA-224 Single-Round Known Answer Hashing Test. */
390 /***************************************************/
391 @@ -190,7 +190,7 @@ freebl_fips_SHA_PowerUpSelfTest( void )
392 ( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
393 SHA224_LENGTH ) != 0 ) )
394 return( CKR_DEVICE_ERROR );
397 /***************************************************/
398 /* SHA-256 Single-Round Known Answer Hashing Test. */
399 /***************************************************/
400 diff -up ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224 ./mozilla/security/nss/lib/freebl/rawhash.c
401 --- ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224 2010-08-17 22:55:47.000000000 -0700
402 +++ ./mozilla/security/nss/lib/freebl/rawhash.c 2011-12-04 22:03:47.309609957 -0800
403 @@ -155,6 +155,7 @@ const SECHashObject SECRawHashObjects[]
407 +#ifndef NO_SHA224_AVAILABLE
409 (void * (*)(void)) SHA224_NewContext,
410 (void * (*)(void *)) null_hash_clone_context,
411 @@ -166,6 +167,7 @@ const SECHashObject SECRawHashObjects[]
418 const SECHashObject *
419 diff -up ./mozilla/security/nss/lib/freebl/sha512.c.nosha224 ./mozilla/security/nss/lib/freebl/sha512.c
420 --- ./mozilla/security/nss/lib/freebl/sha512.c.nosha224 2011-09-14 10:48:03.000000000 -0700
421 +++ ./mozilla/security/nss/lib/freebl/sha512.c 2011-12-04 22:03:47.310609957 -0800
422 @@ -544,6 +544,7 @@ void SHA256_Clone(SHA256Context *dest, S
423 memcpy(dest, src, sizeof *dest);
426 +#ifndef NO_SHA224_AVAILABLE
427 /* ============= SHA224 implementation ================================== */
429 /* SHA-224 initial hash values */
430 @@ -630,7 +631,7 @@ void SHA224_Clone(SHA224Context *dest, S
432 SHA256_Clone(dest, src);
437 /* ======= SHA512 and SHA384 common constants and defines ================= */
439 diff -up ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224 ./mozilla/security/nss/lib/softoken/fipstest.c
440 --- ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224 2011-03-29 08:12:43.000000000 -0700
441 +++ ./mozilla/security/nss/lib/softoken/fipstest.c 2011-12-04 22:03:47.311609956 -0800
442 @@ -865,12 +865,14 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
443 0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e,
444 0x5d, 0x0e, 0x1e, 0x11};
446 +#ifndef NO_SHA224_AVAILABLE
447 /* known SHA224 hmac (28 bytes) */
448 static const PRUint8 known_SHA224_hmac[] = {
449 0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb,
450 0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8,
451 0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64,
452 0x9a, 0xb8, 0x98, 0x4e};
455 /* known SHA256 hmac (32 bytes) */
456 static const PRUint8 known_SHA256_hmac[] = {
457 @@ -922,6 +924,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
458 /* HMAC SHA-224 Single-Round Known Answer Test. */
459 /***************************************************/
461 +#ifndef NO_SHA224_AVAILABLE
462 hmac_status = sftk_fips_HMAC(hmac_computed,
463 HMAC_known_secret_key,
464 HMAC_known_secret_key_length,
465 @@ -933,6 +936,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
466 ( PORT_Memcmp( hmac_computed, known_SHA224_hmac,
467 SHA224_LENGTH ) != 0 ) )
468 return( CKR_DEVICE_ERROR );
471 /***************************************************/
472 /* HMAC SHA-256 Single-Round Known Answer Test. */
473 @@ -994,12 +998,14 @@ sftk_fips_SHA_PowerUpSelfTest( void )
474 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
475 0xe0,0x68,0x47,0x7a};
477 +#ifndef NO_SHA224_AVAILABLE
478 /* SHA-224 Known Digest Message (224-bits). */
479 static const PRUint8 sha224_known_digest[] = {
480 0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f,
481 0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f,
482 0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f,
483 0x8e,0x08,0xe5,0xcb};
486 /* SHA-256 Known Digest Message (256-bits). */
487 static const PRUint8 sha256_known_digest[] = {
488 @@ -1048,6 +1054,7 @@ sftk_fips_SHA_PowerUpSelfTest( void )
489 /* SHA-224 Single-Round Known Answer Hashing Test. */
490 /***************************************************/
492 +#ifndef NO_SHA224_AVAILABLE
493 sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message,
494 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
496 @@ -1055,6 +1062,7 @@ sftk_fips_SHA_PowerUpSelfTest( void )
497 ( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
498 SHA224_LENGTH ) != 0 ) )
499 return( CKR_DEVICE_ERROR );
502 /***************************************************/
503 /* SHA-256 Single-Round Known Answer Hashing Test. */
504 diff -up ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11c.c
505 --- ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224 2011-09-21 11:49:16.000000000 -0700
506 +++ ./mozilla/security/nss/lib/softoken/pkcs11c.c 2011-12-04 22:03:47.313609956 -0800
507 @@ -1316,7 +1316,9 @@ CK_RV NSC_DigestInit(CK_SESSION_HANDLE h
508 INIT_MECH(CKM_MD2, MD2)
509 INIT_MECH(CKM_MD5, MD5)
510 INIT_MECH(CKM_SHA_1, SHA1)
511 +#ifndef NO_SHA224_AVAILABLE
512 INIT_MECH(CKM_SHA224, SHA224)
514 INIT_MECH(CKM_SHA256, SHA256)
515 INIT_MECH(CKM_SHA384, SHA384)
516 INIT_MECH(CKM_SHA512, SHA512)
517 @@ -1440,7 +1442,9 @@ sftk_doSub ## mmm(SFTKSessionContext *co
521 +#ifndef NO_SHA224_AVAILABLE
527 @@ -2013,7 +2017,9 @@ CK_RV NSC_SignInit(CK_SESSION_HANDLE hSe
528 INIT_RSA_SIGN_MECH(MD5)
529 INIT_RSA_SIGN_MECH(MD2)
530 INIT_RSA_SIGN_MECH(SHA1)
531 +#ifndef NO_SHA224_AVAILABLE
532 INIT_RSA_SIGN_MECH(SHA224)
534 INIT_RSA_SIGN_MECH(SHA256)
535 INIT_RSA_SIGN_MECH(SHA384)
536 INIT_RSA_SIGN_MECH(SHA512)
537 @@ -2131,7 +2137,9 @@ finish_rsa:
541 +#ifndef NO_SHA224_AVAILABLE
542 INIT_HMAC_MECH(SHA224)
544 INIT_HMAC_MECH(SHA256)
545 INIT_HMAC_MECH(SHA384)
546 INIT_HMAC_MECH(SHA512)
547 @@ -2529,7 +2537,9 @@ CK_RV NSC_VerifyInit(CK_SESSION_HANDLE h
548 INIT_RSA_VFY_MECH(MD5)
549 INIT_RSA_VFY_MECH(MD2)
550 INIT_RSA_VFY_MECH(SHA1)
551 +#ifndef NO_SHA224_AVAILABLE
552 INIT_RSA_VFY_MECH(SHA224)
554 INIT_RSA_VFY_MECH(SHA256)
555 INIT_RSA_VFY_MECH(SHA384)
556 INIT_RSA_VFY_MECH(SHA512)
557 @@ -2626,7 +2636,9 @@ finish_rsa:
561 +#ifndef NO_SHA224_AVAILABLE
562 INIT_HMAC_MECH(SHA224)
564 INIT_HMAC_MECH(SHA256)
565 INIT_HMAC_MECH(SHA384)
566 INIT_HMAC_MECH(SHA512)
567 diff -up ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11.c
568 --- ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224 2011-01-21 16:12:04.000000000 -0800
569 +++ ./mozilla/security/nss/lib/softoken/pkcs11.c 2011-12-04 22:03:47.316609956 -0800
570 @@ -311,8 +311,10 @@ static const struct mechanismList mechan
571 CKF_SN_VR}, PR_TRUE},
572 {CKM_SHA1_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
573 CKF_SN_VR}, PR_TRUE},
574 +#ifndef NO_SHA224_AVAILABLE
575 {CKM_SHA224_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
576 CKF_SN_VR}, PR_TRUE},
578 {CKM_SHA256_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
579 CKF_SN_VR}, PR_TRUE},
580 {CKM_SHA384_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
581 @@ -401,9 +403,11 @@ static const struct mechanismList mechan
582 {CKM_SHA_1, {0, 0, CKF_DIGEST}, PR_FALSE},
583 {CKM_SHA_1_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE},
584 {CKM_SHA_1_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE},
585 +#ifndef NO_SHA224_AVAILABLE
586 {CKM_SHA224, {0, 0, CKF_DIGEST}, PR_FALSE},
587 {CKM_SHA224_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE},
588 {CKM_SHA224_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE},
590 {CKM_SHA256, {0, 0, CKF_DIGEST}, PR_FALSE},
591 {CKM_SHA256_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE},
592 {CKM_SHA256_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE},
593 diff -up ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224 ./mozilla/security/nss/lib/softoken/rsawrapr.c
594 --- ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224 2011-10-22 07:35:43.000000000 -0700
595 +++ ./mozilla/security/nss/lib/softoken/rsawrapr.c 2011-12-04 22:03:47.316609956 -0800
596 @@ -1173,9 +1173,11 @@ GetHashTypeFromMechanism(CK_MECHANISM_TY
600 +#ifndef NO_SHA224_AVAILABLE
602 case CKG_MGF1_SHA224:
603 return HASH_AlgSHA224;
606 case CKG_MGF1_SHA256:
607 return HASH_AlgSHA256;
608 diff -up ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 ./mozilla/security/nss/tests/cipher/cipher.txt
609 --- ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 2010-08-17 22:57:05.000000000 -0700
610 +++ ./mozilla/security/nss/tests/cipher/cipher.txt 2011-12-04 22:03:47.317609956 -0800
615 - 0 sha224_-H SHA224_Hash
616 0 sha256_-H SHA256_Hash
617 0 sha384_-H SHA384_Hash
618 0 sha512_-H SHA512_Hash