diff options
Diffstat (limited to 'security/nss/lib/freebl/ec.c')
-rw-r--r-- | security/nss/lib/freebl/ec.c | 44 |
1 files changed, 39 insertions, 5 deletions
diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c index b28815ade..669c9b147 100644 --- a/security/nss/lib/freebl/ec.c +++ b/security/nss/lib/freebl/ec.c @@ -15,6 +15,8 @@ #include "ec.h" #include "ecl.h" +#ifndef NSS_DISABLE_ECC + static const ECMethod kMethods[] = { { ECCurve25519, ec_Curve25519_pt_mul, @@ -181,6 +183,7 @@ cleanup: return rv; } +#endif /* NSS_DISABLE_ECC */ /* Generates a new EC key pair. The private key is a supplied * value and the public key is the result of performing a scalar @@ -191,6 +194,7 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey, const unsigned char *privKeyBytes, int privKeyLen) { SECStatus rv = SECFailure; +#ifndef NSS_DISABLE_ECC PLArenaPool *arena; ECPrivateKey *key; mp_int k; @@ -305,6 +309,9 @@ cleanup: printf("ec_NewKey returning %s\n", (rv == SECSuccess) ? "success" : "failure"); #endif +#else + PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); +#endif /* NSS_DISABLE_ECC */ return rv; } @@ -319,10 +326,15 @@ EC_NewKeyFromSeed(ECParams *ecParams, ECPrivateKey **privKey, const unsigned char *seed, int seedlen) { SECStatus rv = SECFailure; +#ifndef NSS_DISABLE_ECC rv = ec_NewKey(ecParams, privKey, seed, seedlen); +#else + PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); +#endif /* NSS_DISABLE_ECC */ return rv; } +#ifndef NSS_DISABLE_ECC /* Generate a random private key using the algorithm A.4.1 of ANSI X9.62, * modified a la FIPS 186-2 Change Notice 1 to eliminate the bias in the * random number generator. @@ -379,6 +391,7 @@ cleanup: } return privKeyBytes; } +#endif /* NSS_DISABLE_ECC */ /* Generates a new EC key pair. The private key is a random value and * the public key is the result of performing a scalar point multiplication @@ -388,6 +401,7 @@ SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey) { SECStatus rv = SECFailure; +#ifndef NSS_DISABLE_ECC int len; unsigned char *privKeyBytes = NULL; @@ -411,6 +425,9 @@ cleanup: printf("EC_NewKey returning %s\n", (rv == SECSuccess) ? "success" : "failure"); #endif +#else + PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); +#endif /* NSS_DISABLE_ECC */ return rv; } @@ -424,6 +441,7 @@ cleanup: SECStatus EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue) { +#ifndef NSS_DISABLE_ECC mp_int Px, Py; ECGroup *group = NULL; SECStatus rv = SECFailure; @@ -507,6 +525,10 @@ cleanup: rv = SECFailure; } return rv; +#else + PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); + return SECFailure; +#endif /* NSS_DISABLE_ECC */ } /* @@ -527,6 +549,7 @@ ECDH_Derive(SECItem *publicValue, SECItem *derivedSecret) { SECStatus rv = SECFailure; +#ifndef NSS_DISABLE_ECC unsigned int len = 0; SECItem pointQ = { siBuffer, NULL, 0 }; mp_int k; /* to hold the private value */ @@ -566,11 +589,7 @@ ECDH_Derive(SECItem *publicValue, PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); return SECFailure; } - rv = method->mul(derivedSecret, privateValue, publicValue); - if (rv != SECSuccess) { - SECITEM_ZfreeItem(derivedSecret, PR_FALSE); - } - return rv; + return method->mul(derivedSecret, privateValue, publicValue); } /* @@ -635,6 +654,9 @@ cleanup: if (pointQ.data) { PORT_ZFree(pointQ.data, pointQ.len); } +#else + PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); +#endif /* NSS_DISABLE_ECC */ return rv; } @@ -648,6 +670,7 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature, const SECItem *digest, const unsigned char *kb, const int kblen) { SECStatus rv = SECFailure; +#ifndef NSS_DISABLE_ECC mp_int x1; mp_int d, k; /* private key, random integer */ mp_int r, s; /* tuple (r, s) is the signature */ @@ -876,6 +899,9 @@ cleanup: printf("ECDSA signing with seed %s\n", (rv == SECSuccess) ? "succeeded" : "failed"); #endif +#else + PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); +#endif /* NSS_DISABLE_ECC */ return rv; } @@ -888,6 +914,7 @@ SECStatus ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest) { SECStatus rv = SECFailure; +#ifndef NSS_DISABLE_ECC int len; unsigned char *kBytes = NULL; @@ -914,6 +941,9 @@ cleanup: printf("ECDSA signing %s\n", (rv == SECSuccess) ? "succeeded" : "failed"); #endif +#else + PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); +#endif /* NSS_DISABLE_ECC */ return rv; } @@ -931,6 +961,7 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature, const SECItem *digest) { SECStatus rv = SECFailure; +#ifndef NSS_DISABLE_ECC mp_int r_, s_; /* tuple (r', s') is received signature) */ mp_int c, u1, u2, v; /* intermediate values used in verification */ mp_int x1; @@ -1130,6 +1161,9 @@ cleanup: printf("ECDSA verification %s\n", (rv == SECSuccess) ? "succeeded" : "failed"); #endif +#else + PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); +#endif /* NSS_DISABLE_ECC */ return rv; } |