]> git.ipfire.org Git - people/ms/ipfire-3.x.git/blame - nss/patches/nosha224.patch0
projects / people / ms / ipfire-3.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
libsolv: Update to git version f663ca2.
[people/ms/ipfire-3.x.git] / nss / patches / nosha224.patch0
CommitLineData
94bd60cc
SS		 1diff -up ./mozilla/security/coreconf/Linux.mk.nosha224 ./mozilla/security/coreconf/Linux.mk
2--- ./mozilla/security/coreconf/Linux.mk.nosha224 2011-12-04 22:03:47.295609957 -0800
3+++ ./mozilla/security/coreconf/Linux.mk 2011-12-04 22:03:47.301609957 -0800
4@@ -188,6 +188,14 @@ NSSUTIL_LIBS = -lnssutil3
5 USE_SYSTEM_FREEBL = 1
6 FREEBL_LIBS = -lfreebl3
7
8+#
9+# Don't compile code that requires SHA224 if it isn't avilable
10+# Such is the case when system freebl/softokn is the 3.12 one
11+#
12+ifdef NO_SHA224_AVAILABLE
13+CFLAGS+=-DNO_SHA224_AVAILABLE
14+endif
15+
16 # The -rpath '$$ORIGIN' linker option instructs this library to search for its
17 # dependencies in the same directory where it resides.
18 ifeq ($(BUILD_SUN_PKG), 1)
19diff -up ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 ./mozilla/security/nss/cmd/bltest/blapitest.c
20--- ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 2011-09-16 12:16:50.000000000 -0700
21+++ ./mozilla/security/nss/cmd/bltest/blapitest.c 2011-12-04 22:03:47.302609957 -0800
22@@ -686,7 +686,9 @@ typedef enum {
23 bltestMD2, /* Hash algorithms */
24 bltestMD5, /* . */
25 bltestSHA1, /* . */
26+#ifndef NO_SHA224_AVAILABLE
27 bltestSHA224, /* . */
28+#endif
29 bltestSHA256, /* . */
30 bltestSHA384, /* . */
31 bltestSHA512, /* . */
32@@ -721,7 +723,9 @@ static char *mode_strings[] =
33 "md2",
34 "md5",
35 "sha1",
36+#ifndef NO_SHA224_AVAILABLE
37 "sha224",
38+#endif
39 "sha256",
40 "sha384",
41 "sha512",
42@@ -1761,6 +1765,7 @@ finish:
43 return rv;
44 }
45
46+#ifndef NO_SHA224_AVAILABLE
47 SECStatus
48 SHA224_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
49 {
50@@ -1800,6 +1805,7 @@ finish:
51 SHA224_DestroyContext(cx, PR_TRUE);
52 return rv;
53 }
54+#endif
55
56 SECStatus
57 SHA256_restart(unsigned char *dest, const unsigned char *src, uint32 src_length)
58@@ -2093,6 +2099,7 @@ cipherInit(bltestCipherInfo *cipherInfo,
59 cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf;
60 return SECSuccess;
61 break;
62+#ifndef NO_SHA224_AVAILABLE
63 case bltestSHA224:
64 restart = cipherInfo->params.hash.restart;
65 SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
66@@ -2100,6 +2107,7 @@ cipherInit(bltestCipherInfo *cipherInfo,
67 cipherInfo->cipher.hashCipher = (restart) ? SHA224_restart
68 : SHA224_HashBuf;
69 return SECSuccess;
70+#endif
71 break;
72 case bltestSHA256:
73 restart = cipherInfo->params.hash.restart;
74@@ -2542,7 +2550,9 @@ cipherFinish(bltestCipherInfo *cipherInf
75 case bltestMD2: /* hash contexts are ephemeral */
76 case bltestMD5:
77 case bltestSHA1:
78+#ifndef NO_SHA224_AVAILABLE
79 case bltestSHA224:
80+#endif
81 case bltestSHA256:
82 case bltestSHA384:
83 case bltestSHA512:
84@@ -2896,7 +2906,9 @@ get_params(PRArenaPool *arena, bltestPar
85 case bltestMD2:
86 case bltestMD5:
87 case bltestSHA1:
88+#ifndef NO_SHA224_AVAILABLE
89 case bltestSHA224:
90+#endif
91 case bltestSHA256:
92 case bltestSHA384:
93 case bltestSHA512:
94diff -up ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224 ./mozilla/security/nss/cmd/chktest/chktest.c
95--- ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224 2010-12-06 09:22:49.000000000 -0800
96+++ ./mozilla/security/nss/cmd/chktest/chktest.c 2011-12-04 22:03:47.304609957 -0800
97@@ -41,6 +41,10 @@
98 #include "blapi.h"
99 #include "secutil.h"
100
101+#ifdef NO_SHA224_AVAILABLE
102+PRBool BLAPI_SHVerifyFile(const char *shName);
103+#endif
104+
105 static int Usage()
106 {
107 fprintf(stderr, "Usage: chktest <full-path-to-shared-library>\n");
108diff -up ./mozilla/security/nss/cmd/lib/secutil.c.nosha224 ./mozilla/security/nss/cmd/lib/secutil.c
109--- ./mozilla/security/nss/cmd/lib/secutil.c.nosha224 2011-10-22 07:35:41.000000000 -0700
110+++ ./mozilla/security/nss/cmd/lib/secutil.c 2011-12-04 22:03:47.305609957 -0800
111@@ -86,6 +86,14 @@ static char consoleName[] = {
112 #include "nssutil.h"
113 #include "ssl.h"
114
115+/* Defined in ./mozilla/dist/public/nss/certdb.h which was included
116+ * and also in ./mozilla/security/nss/lib/softoken/legacydb/pcertt.h
117+ * but invisible here for some reason
118+ */
119+#ifndef CERTDB_TERMINAL_RECORD
120+#define CERTDB_TERMINAL_RECORD (1<<0)
121+#endif
122+
123
124 void
125 SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...)
126@@ -1509,6 +1517,8 @@ const SEC_ASN1Template secuPBEV2Params[]
127 { 0 }
128 };
129
130+/* if no sha224 then no psapss either */
131+#ifndef NO_SHA224_AVAILABLE
132 void
133 secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level)
134 {
135@@ -1572,6 +1582,7 @@ secu_PrintRSAPSSParams(FILE *out, SECIte
136 }
137 PORT_FreeArena(pool, PR_FALSE);
138 }
139+#endif
140
141 void
142 secu_PrintKDF2Params(FILE *out, SECItem *value, char *m, int level)
143@@ -1684,10 +1695,12 @@ SECU_PrintAlgorithmID(FILE *out, SECAlgo
144 return;
145 }
146
147+#ifndef NO_SHA224_AVAILABLE
148 if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
149 secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level+1);
150 return;
151 }
152+#endif
153
154 if (a->parameters.len == 0
155 || (a->parameters.len == 2
156@@ -3763,8 +3776,10 @@ SECU_StringToSignatureAlgTag(const char
157 hashAlgTag = SEC_OID_MD5;
158 } else if (!PL_strcmp(alg, "SHA1")) {
159 hashAlgTag = SEC_OID_SHA1;
160+#ifndef NO_SHA224_AVAILABLE
161 } else if (!PL_strcmp(alg, "SHA224")) {
162 hashAlgTag = SEC_OID_SHA224;
163+#endif
164 } else if (!PL_strcmp(alg, "SHA256")) {
165 hashAlgTag = SEC_OID_SHA256;
166 } else if (!PL_strcmp(alg, "SHA384")) {
167diff -up ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224 ./mozilla/security/nss/cmd/pk11mode/pk11mode.c
168--- ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224 2011-12-04 22:07:27.230604899 -0800
169+++ ./mozilla/security/nss/cmd/pk11mode/pk11mode.c 2011-12-04 22:10:06.365601241 -0800
170@@ -883,21 +883,27 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR
171
172 mech_str digestMechs[] = {
173 {CKM_SHA_1, "CKM_SHA_1 "},
174+#ifndef NO_SHA224_AVAILABLE
175 {CKM_SHA224, "CKM_SHA224"},
176+#endif
177 {CKM_SHA256, "CKM_SHA256"},
178 {CKM_SHA384, "CKM_SHA384"},
179 {CKM_SHA512, "CKM_SHA512"}
180 };
181 mech_str hmacMechs[] = {
182 {CKM_SHA_1_HMAC, "CKM_SHA_1_HMAC"},
183+#ifndef NO_SHA224_AVAILABLE
184 {CKM_SHA224_HMAC, "CKM_SHA224_HMAC"},
185+#endif
186 {CKM_SHA256_HMAC, "CKM_SHA256_HMAC"},
187 {CKM_SHA384_HMAC, "CKM_SHA384_HMAC"},
188 {CKM_SHA512_HMAC, "CKM_SHA512_HMAC"}
189 };
190 mech_str sigRSAMechs[] = {
191 {CKM_SHA1_RSA_PKCS, "CKM_SHA1_RSA_PKCS"},
192+#ifndef NO_SHA224_AVAILABLE
193 {CKM_SHA224_RSA_PKCS, "CKM_SHA224_RSA_PKCS"},
194+#endif
195 {CKM_SHA256_RSA_PKCS, "CKM_SHA256_RSA_PKCS"},
196 {CKM_SHA384_RSA_PKCS, "CKM_SHA384_RSA_PKCS"},
197 {CKM_SHA512_RSA_PKCS, "CKM_SHA512_RSA_PKCS"}
198diff -up ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224 ./mozilla/security/nss/lib/cryptohi/sechash.c
199--- ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224 2011-06-21 15:47:54.000000000 -0700
200+++ ./mozilla/security/nss/lib/cryptohi/sechash.c 2011-12-04 22:03:47.306609957 -0800
201@@ -91,10 +91,12 @@ sha1_NewContext(void) {
202 return (void *) PK11_CreateDigestContext(SEC_OID_SHA1);
203 }
204
205+#ifndef NO_SHA224_AVAILABLE
206 static void *
207 sha224_NewContext(void) {
208 return (void *) PK11_CreateDigestContext(SEC_OID_SHA224);
209 }
210+#endif
211
212 static void *
213 sha256_NewContext(void) {
214@@ -189,6 +191,7 @@ const SECHashObject SECHashObjects[] = {
215 SHA512_BLOCK_LENGTH,
216 HASH_AlgSHA512
217 },
218+#ifndef NO_SHA224_AVAILABLE
219 { SHA224_LENGTH,
220 (void * (*)(void)) sha224_NewContext,
221 (void * (*)(void *)) PK11_CloneContext,
222@@ -200,6 +203,7 @@ const SECHashObject SECHashObjects[] = {
223 SHA224_BLOCK_LENGTH,
224 HASH_AlgSHA224
225 },
226+#endif
227 };
228
229 const SECHashObject *
230@@ -217,7 +221,9 @@ HASH_GetHashTypeByOidTag(SECOidTag hashO
231 case SEC_OID_MD2: ht = HASH_AlgMD2; break;
232 case SEC_OID_MD5: ht = HASH_AlgMD5; break;
233 case SEC_OID_SHA1: ht = HASH_AlgSHA1; break;
234+#ifndef NO_SHA224_AVAILABLE
235 case SEC_OID_SHA224: ht = HASH_AlgSHA224; break;
236+#endif
237 case SEC_OID_SHA256: ht = HASH_AlgSHA256; break;
238 case SEC_OID_SHA384: ht = HASH_AlgSHA384; break;
239 case SEC_OID_SHA512: ht = HASH_AlgSHA512; break;
240@@ -237,7 +243,9 @@ HASH_GetHashOidTagByHMACOidTag(SECOidTag
241 /* no oid exists for HMAC_MD2 */
242 /* NSS does not define a oid for HMAC_MD4 */
243 case SEC_OID_HMAC_SHA1: hashOid = SEC_OID_SHA1; break;
244+#ifndef NO_SHA224_AVAILABLE
245 case SEC_OID_HMAC_SHA224: hashOid = SEC_OID_SHA224; break;
246+#endif
247 case SEC_OID_HMAC_SHA256: hashOid = SEC_OID_SHA256; break;
248 case SEC_OID_HMAC_SHA384: hashOid = SEC_OID_SHA384; break;
249 case SEC_OID_HMAC_SHA512: hashOid = SEC_OID_SHA512; break;
250@@ -257,7 +265,9 @@ HASH_GetHMACOidTagByHashOidTag(SECOidTag
251 /* no oid exists for HMAC_MD2 */
252 /* NSS does not define a oid for HMAC_MD4 */
253 case SEC_OID_SHA1: hmacOid = SEC_OID_HMAC_SHA1; break;
254+#ifndef NO_SHA224_AVAILABLE
255 case SEC_OID_SHA224: hmacOid = SEC_OID_HMAC_SHA224; break;
256+#endif
257 case SEC_OID_SHA256: hmacOid = SEC_OID_HMAC_SHA256; break;
258 case SEC_OID_SHA384: hmacOid = SEC_OID_HMAC_SHA384; break;
259 case SEC_OID_SHA512: hmacOid = SEC_OID_HMAC_SHA512; break;
260diff -up ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224 ./mozilla/security/nss/lib/cryptohi/seckey.c
261--- ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224 2011-10-22 07:35:42.000000000 -0700
262+++ ./mozilla/security/nss/lib/cryptohi/seckey.c 2011-12-04 22:03:47.307609957 -0800
263@@ -550,7 +550,9 @@ seckey_GetKeyType (SECOidTag tag) {
264 * should be handing us a cipher type */
265 case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
266 case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
267+#ifndef NO_SHA224_AVAILABLE
268 case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
269+#endif
270 case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
271 case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
272 case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
273diff -up ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224 ./mozilla/security/nss/lib/cryptohi/secvfy.c
274--- ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224 2011-10-22 07:35:42.000000000 -0700
275+++ ./mozilla/security/nss/lib/cryptohi/secvfy.c 2011-12-04 22:03:47.307609957 -0800
276@@ -240,11 +240,12 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
277 case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
278 *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */
279 break;
280-
281+#ifndef NO_SHA224_AVAILABLE
282 case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
283 case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
284 *hashalg = SEC_OID_SHA224;
285 break;
286+#endif
287 case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
288 case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
289 *hashalg = SEC_OID_SHA256;
290@@ -279,8 +280,10 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
291 len = SECKEY_PublicKeyStrength(key);
292 if (len < 28) { /* 28 bytes == 224 bits */
293 *hashalg = SEC_OID_SHA1;
294+#ifndef NO_SHA224_AVAILABLE
295 } else if (len < 32) { /* 32 bytes == 256 bits */
296 *hashalg = SEC_OID_SHA224;
297+#endif
298 } else if (len < 48) { /* 48 bytes == 384 bits */
299 *hashalg = SEC_OID_SHA256;
300 } else if (len < 64) { /* 48 bytes == 512 bits */
301@@ -325,7 +328,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
302 case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
303 case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
304 case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
305+#ifndef NO_SHA224_AVAILABLE
306 case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
307+#endif
308 case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
309 case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
310 case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
311@@ -347,7 +352,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey *
312 *encalg = SEC_OID_MISSI_DSS;
313 break;
314 case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
315+#ifndef NO_SHA224_AVAILABLE
316 case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
317+#endif
318 case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
319 case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
320 case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
321diff -up ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 ./mozilla/security/nss/lib/freebl/blapi.h
322--- ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 2011-10-04 15:05:53.000000000 -0700
323+++ ./mozilla/security/nss/lib/freebl/blapi.h 2011-12-04 22:03:47.308609957 -0800
324@@ -1088,7 +1088,7 @@ extern SHA1Context * SHA1_Resurrect(unsi
325 extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src);
326
327 /******************************************/
328-
329+#ifndef NO_SHA224_AVAILABLE
330 extern SHA224Context *SHA224_NewContext(void);
331 extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit);
332 extern void SHA224_Begin(SHA224Context *cx);
333@@ -1104,6 +1104,7 @@ extern unsigned int SHA224_FlattenSize(S
334 extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space);
335 extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg);
336 extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src);
337+#endif
338
339 /******************************************/
340
341diff -up ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224 ./mozilla/security/nss/lib/freebl/ldvector.c
342--- ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224 2011-10-04 15:05:53.000000000 -0700
343+++ ./mozilla/security/nss/lib/freebl/ldvector.c 2011-12-04 22:03:47.309609957 -0800
344@@ -270,7 +270,7 @@ static const struct FREEBLVectorStr vect
345 JPAKE_Verify,
346 JPAKE_Round2,
347 JPAKE_Final,
348-
349+#ifndef NO_SHA224_AVAILABLE
350 /* End of Version 3.012 */
351
352 TLS_P_hash,
353@@ -287,7 +287,7 @@ static const struct FREEBLVectorStr vect
354 SHA224_Resurrect,
355 SHA224_Clone,
356 BLAPI_SHVerifyFile
357-
358+#endif
359 /* End of Version 3.013 */
360 };
361
362diff -up ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224 ./mozilla/security/nss/lib/freebl/nsslowhash.c
363--- ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224 2010-09-09 17:42:36.000000000 -0700
364+++ ./mozilla/security/nss/lib/freebl/nsslowhash.c 2011-12-04 22:03:47.309609957 -0800
365@@ -128,14 +128,14 @@ freebl_fips_SHA_PowerUpSelfTest( void )
366 0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b,
367 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
368 0xe0,0x68,0x47,0x7a};
369-
370+#ifndef NO_SHA224_AVAILABLE
371 /* SHA-224 Known Digest Message (224-bits). */
372 static const PRUint8 sha224_known_digest[] = {
373 0x1c,0xc3,0x06,0x8e,0xce,0x37,0x68,0xfb,
374 0x1a,0x82,0x4a,0xbe,0x2b,0x00,0x51,0xf8,
375 0x9d,0xb6,0xe0,0x90,0x0d,0x00,0xc9,0x64,
376 0x9a,0xb8,0x98,0x4e};
377-
378+#endif
379 /* SHA-256 Known Digest Message (256-bits). */
380 static const PRUint8 sha256_known_digest[] = {
381 0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61,
382@@ -178,7 +178,7 @@ freebl_fips_SHA_PowerUpSelfTest( void )
383 ( PORT_Memcmp( sha_computed_digest, sha1_known_digest,
384 SHA1_LENGTH ) != 0 ) )
385 return( CKR_DEVICE_ERROR );
386-
387+#ifndef NO_SHA224_AVAILABLE
388 /***************************************************/
389 /* SHA-224 Single-Round Known Answer Hashing Test. */
390 /***************************************************/
391@@ -190,7 +190,7 @@ freebl_fips_SHA_PowerUpSelfTest( void )
392 ( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
393 SHA224_LENGTH ) != 0 ) )
394 return( CKR_DEVICE_ERROR );
395-
396+#endif
397 /***************************************************/
398 /* SHA-256 Single-Round Known Answer Hashing Test. */
399 /***************************************************/
400diff -up ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224 ./mozilla/security/nss/lib/freebl/rawhash.c
401--- ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224 2010-08-17 22:55:47.000000000 -0700
402+++ ./mozilla/security/nss/lib/freebl/rawhash.c 2011-12-04 22:03:47.309609957 -0800
403@@ -155,6 +155,7 @@ const SECHashObject SECRawHashObjects[]
404 SHA512_BLOCK_LENGTH,
405 HASH_AlgSHA512
406 },
407+#ifndef NO_SHA224_AVAILABLE
408 { SHA224_LENGTH,
409 (void * (*)(void)) SHA224_NewContext,
410 (void * (*)(void *)) null_hash_clone_context,
411@@ -166,6 +167,7 @@ const SECHashObject SECRawHashObjects[]
412 SHA224_BLOCK_LENGTH,
413 HASH_AlgSHA224
414 },
415+#endif
416 };
417
418 const SECHashObject *
419diff -up ./mozilla/security/nss/lib/freebl/sha512.c.nosha224 ./mozilla/security/nss/lib/freebl/sha512.c
420--- ./mozilla/security/nss/lib/freebl/sha512.c.nosha224 2011-09-14 10:48:03.000000000 -0700
421+++ ./mozilla/security/nss/lib/freebl/sha512.c 2011-12-04 22:03:47.310609957 -0800
422@@ -544,6 +544,7 @@ void SHA256_Clone(SHA256Context *dest, S
423 memcpy(dest, src, sizeof *dest);
424 }
425
426+#ifndef NO_SHA224_AVAILABLE
427 /* ============= SHA224 implementation ================================== */
428
429 /* SHA-224 initial hash values */
430@@ -630,7 +631,7 @@ void SHA224_Clone(SHA224Context *dest, S
431 {
432 SHA256_Clone(dest, src);
433 }
434-
435+#endif
436
437 /* ======= SHA512 and SHA384 common constants and defines ================= */
438
439diff -up ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224 ./mozilla/security/nss/lib/softoken/fipstest.c
440--- ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224 2011-03-29 08:12:43.000000000 -0700
441+++ ./mozilla/security/nss/lib/softoken/fipstest.c 2011-12-04 22:03:47.311609956 -0800
442@@ -865,12 +865,14 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
443 0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e,
444 0x5d, 0x0e, 0x1e, 0x11};
445
446+#ifndef NO_SHA224_AVAILABLE
447 /* known SHA224 hmac (28 bytes) */
448 static const PRUint8 known_SHA224_hmac[] = {
449 0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb,
450 0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8,
451 0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64,
452 0x9a, 0xb8, 0x98, 0x4e};
453+#endif
454
455 /* known SHA256 hmac (32 bytes) */
456 static const PRUint8 known_SHA256_hmac[] = {
457@@ -922,6 +924,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
458 /* HMAC SHA-224 Single-Round Known Answer Test. */
459 /***************************************************/
460
461+#ifndef NO_SHA224_AVAILABLE
462 hmac_status = sftk_fips_HMAC(hmac_computed,
463 HMAC_known_secret_key,
464 HMAC_known_secret_key_length,
465@@ -933,6 +936,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void )
466 ( PORT_Memcmp( hmac_computed, known_SHA224_hmac,
467 SHA224_LENGTH ) != 0 ) )
468 return( CKR_DEVICE_ERROR );
469+#endif
470
471 /***************************************************/
472 /* HMAC SHA-256 Single-Round Known Answer Test. */
473@@ -994,12 +998,14 @@ sftk_fips_SHA_PowerUpSelfTest( void )
474 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
475 0xe0,0x68,0x47,0x7a};
476
477+#ifndef NO_SHA224_AVAILABLE
478 /* SHA-224 Known Digest Message (224-bits). */
479 static const PRUint8 sha224_known_digest[] = {
480 0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f,
481 0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f,
482 0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f,
483 0x8e,0x08,0xe5,0xcb};
484+#endif
485
486 /* SHA-256 Known Digest Message (256-bits). */
487 static const PRUint8 sha256_known_digest[] = {
488@@ -1048,6 +1054,7 @@ sftk_fips_SHA_PowerUpSelfTest( void )
489 /* SHA-224 Single-Round Known Answer Hashing Test. */
490 /***************************************************/
491
492+#ifndef NO_SHA224_AVAILABLE
493 sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message,
494 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
495
496@@ -1055,6 +1062,7 @@ sftk_fips_SHA_PowerUpSelfTest( void )
497 ( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
498 SHA224_LENGTH ) != 0 ) )
499 return( CKR_DEVICE_ERROR );
500+#endif
501
502 /***************************************************/
503 /* SHA-256 Single-Round Known Answer Hashing Test. */
504diff -up ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11c.c
505--- ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224 2011-09-21 11:49:16.000000000 -0700
506+++ ./mozilla/security/nss/lib/softoken/pkcs11c.c 2011-12-04 22:03:47.313609956 -0800
507@@ -1316,7 +1316,9 @@ CK_RV NSC_DigestInit(CK_SESSION_HANDLE h
508 INIT_MECH(CKM_MD2, MD2)
509 INIT_MECH(CKM_MD5, MD5)
510 INIT_MECH(CKM_SHA_1, SHA1)
511+#ifndef NO_SHA224_AVAILABLE
512 INIT_MECH(CKM_SHA224, SHA224)
513+#endif
514 INIT_MECH(CKM_SHA256, SHA256)
515 INIT_MECH(CKM_SHA384, SHA384)
516 INIT_MECH(CKM_SHA512, SHA512)
517@@ -1440,7 +1442,9 @@ sftk_doSub ## mmm(SFTKSessionContext *co
518 DOSUB(MD2)
519 DOSUB(MD5)
520 DOSUB(SHA1)
521+#ifndef NO_SHA224_AVAILABLE
522 DOSUB(SHA224)
523+#endif
524 DOSUB(SHA256)
525 DOSUB(SHA384)
526 DOSUB(SHA512)
527@@ -2013,7 +2017,9 @@ CK_RV NSC_SignInit(CK_SESSION_HANDLE hSe
528 INIT_RSA_SIGN_MECH(MD5)
529 INIT_RSA_SIGN_MECH(MD2)
530 INIT_RSA_SIGN_MECH(SHA1)
531+#ifndef NO_SHA224_AVAILABLE
532 INIT_RSA_SIGN_MECH(SHA224)
533+#endif
534 INIT_RSA_SIGN_MECH(SHA256)
535 INIT_RSA_SIGN_MECH(SHA384)
536 INIT_RSA_SIGN_MECH(SHA512)
537@@ -2131,7 +2137,9 @@ finish_rsa:
538
539 INIT_HMAC_MECH(MD2)
540 INIT_HMAC_MECH(MD5)
541+#ifndef NO_SHA224_AVAILABLE
542 INIT_HMAC_MECH(SHA224)
543+#endif
544 INIT_HMAC_MECH(SHA256)
545 INIT_HMAC_MECH(SHA384)
546 INIT_HMAC_MECH(SHA512)
547@@ -2529,7 +2537,9 @@ CK_RV NSC_VerifyInit(CK_SESSION_HANDLE h
548 INIT_RSA_VFY_MECH(MD5)
549 INIT_RSA_VFY_MECH(MD2)
550 INIT_RSA_VFY_MECH(SHA1)
551+#ifndef NO_SHA224_AVAILABLE
552 INIT_RSA_VFY_MECH(SHA224)
553+#endif
554 INIT_RSA_VFY_MECH(SHA256)
555 INIT_RSA_VFY_MECH(SHA384)
556 INIT_RSA_VFY_MECH(SHA512)
557@@ -2626,7 +2636,9 @@ finish_rsa:
558
559 INIT_HMAC_MECH(MD2)
560 INIT_HMAC_MECH(MD5)
561+#ifndef NO_SHA224_AVAILABLE
562 INIT_HMAC_MECH(SHA224)
563+#endif
564 INIT_HMAC_MECH(SHA256)
565 INIT_HMAC_MECH(SHA384)
566 INIT_HMAC_MECH(SHA512)
567diff -up ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11.c
568--- ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224 2011-01-21 16:12:04.000000000 -0800
569+++ ./mozilla/security/nss/lib/softoken/pkcs11.c 2011-12-04 22:03:47.316609956 -0800
570@@ -311,8 +311,10 @@ static const struct mechanismList mechan
571 CKF_SN_VR}, PR_TRUE},
572 {CKM_SHA1_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
573 CKF_SN_VR}, PR_TRUE},
574+#ifndef NO_SHA224_AVAILABLE
575 {CKM_SHA224_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
576 CKF_SN_VR}, PR_TRUE},
577+#endif
578 {CKM_SHA256_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
579 CKF_SN_VR}, PR_TRUE},
580 {CKM_SHA384_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX,
581@@ -401,9 +403,11 @@ static const struct mechanismList mechan
582 {CKM_SHA_1, {0, 0, CKF_DIGEST}, PR_FALSE},
583 {CKM_SHA_1_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE},
584 {CKM_SHA_1_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE},
585+#ifndef NO_SHA224_AVAILABLE
586 {CKM_SHA224, {0, 0, CKF_DIGEST}, PR_FALSE},
587 {CKM_SHA224_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE},
588 {CKM_SHA224_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE},
589+#endif
590 {CKM_SHA256, {0, 0, CKF_DIGEST}, PR_FALSE},
591 {CKM_SHA256_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE},
592 {CKM_SHA256_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE},
593diff -up ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224 ./mozilla/security/nss/lib/softoken/rsawrapr.c
594--- ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224 2011-10-22 07:35:43.000000000 -0700
595+++ ./mozilla/security/nss/lib/softoken/rsawrapr.c 2011-12-04 22:03:47.316609956 -0800
596@@ -1173,9 +1173,11 @@ GetHashTypeFromMechanism(CK_MECHANISM_TY
597 case CKM_SHA_1:
598 case CKG_MGF1_SHA1:
599 return HASH_AlgSHA1;
600+#ifndef NO_SHA224_AVAILABLE
601 case CKM_SHA224:
602 case CKG_MGF1_SHA224:
603 return HASH_AlgSHA224;
604+#endif
605 case CKM_SHA256:
606 case CKG_MGF1_SHA256:
607 return HASH_AlgSHA256;
608diff -up ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 ./mozilla/security/nss/tests/cipher/cipher.txt
609--- ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 2010-08-17 22:57:05.000000000 -0700
610+++ ./mozilla/security/nss/tests/cipher/cipher.txt 2011-12-04 22:03:47.317609956 -0800
611@@ -73,7 +73,6 @@
612 0 md2_-H MD2_Hash
613 0 md5_-H MD5_Hash
614 0 sha1_-H SHA1_Hash
615- 0 sha224_-H SHA224_Hash
616 0 sha256_-H SHA256_Hash
617 0 sha384_-H SHA384_Hash
618 0 sha512_-H SHA512_Hash
Michael's tree of IPFire 3.x.