summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/softoken/legacydb
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/softoken/legacydb')
-rw-r--r--security/nss/lib/softoken/legacydb/keydb.c8
-rw-r--r--security/nss/lib/softoken/legacydb/lgattr.c12
-rw-r--r--security/nss/lib/softoken/legacydb/lgcreate.c15
-rw-r--r--security/nss/lib/softoken/legacydb/lgfips.c4
-rw-r--r--security/nss/lib/softoken/legacydb/lginit.c4
-rw-r--r--security/nss/lib/softoken/legacydb/lowcert.c2
-rw-r--r--security/nss/lib/softoken/legacydb/lowkey.c7
-rw-r--r--security/nss/lib/softoken/legacydb/lowkeyi.h5
-rw-r--r--security/nss/lib/softoken/legacydb/lowkeyti.h2
-rw-r--r--security/nss/lib/softoken/legacydb/pcertdb.c10
10 files changed, 50 insertions, 19 deletions
diff --git a/security/nss/lib/softoken/legacydb/keydb.c b/security/nss/lib/softoken/legacydb/keydb.c
index b4aa7754b..178e333ec 100644
--- a/security/nss/lib/softoken/legacydb/keydb.c
+++ b/security/nss/lib/softoken/legacydb/keydb.c
@@ -1137,10 +1137,12 @@ nsslowkey_KeyForCertExists(NSSLOWKEYDBHandle *handle, NSSLOWCERTCertificate *cer
namekey.data = pubkey->u.dh.publicValue.data;
namekey.size = pubkey->u.dh.publicValue.len;
break;
+#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
namekey.data = pubkey->u.ec.publicValue.data;
namekey.size = pubkey->u.ec.publicValue.len;
break;
+#endif /* NSS_DISABLE_ECC */
default:
/* XXX We don't do Fortezza or DH yet. */
return PR_FALSE;
@@ -1465,10 +1467,12 @@ seckey_encrypt_private_key(PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
SECItem *der_item = NULL;
SECItem *cipherText = NULL;
SECItem *dummy = NULL;
+#ifndef NSS_DISABLE_ECC
#ifdef EC_DEBUG
SECItem *fordebug = NULL;
#endif
int savelen;
+#endif
temparena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
if (temparena == NULL)
@@ -1544,6 +1548,7 @@ seckey_encrypt_private_key(PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
goto loser;
}
break;
+#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
lg_prepare_low_ec_priv_key_for_asn1(pk);
/* Public value is encoded as a bit string so adjust length
@@ -1584,6 +1589,7 @@ seckey_encrypt_private_key(PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
#endif
break;
+#endif /* NSS_DISABLE_ECC */
default:
/* We don't support DH or Fortezza private keys yet */
PORT_Assert(PR_FALSE);
@@ -1803,6 +1809,7 @@ seckey_decrypt_private_key(SECItem *epki,
lg_nsslowkey_DHPrivateKeyTemplate,
&newPrivateKey);
break;
+#ifndef NSS_DISABLE_ECC
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
pk->keyType = NSSLOWKEYECKey;
lg_prepare_low_ec_priv_key_for_asn1(pk);
@@ -1842,6 +1849,7 @@ seckey_decrypt_private_key(SECItem *epki,
}
break;
+#endif /* NSS_DISABLE_ECC */
default:
rv = SECFailure;
break;
diff --git a/security/nss/lib/softoken/legacydb/lgattr.c b/security/nss/lib/softoken/legacydb/lgattr.c
index 542b0c968..5c2cbdbc6 100644
--- a/security/nss/lib/softoken/legacydb/lgattr.c
+++ b/security/nss/lib/softoken/legacydb/lgattr.c
@@ -133,7 +133,7 @@ lg_CopyAttribute(CK_ATTRIBUTE *attr, CK_ATTRIBUTE_TYPE type,
attr->ulValueLen = (CK_ULONG)-1;
return CKR_BUFFER_TOO_SMALL;
}
- if (len > 0 && value != NULL) {
+ if (value != NULL) {
PORT_Memcpy(attr->pValue, value, len);
}
attr->ulValueLen = len;
@@ -421,9 +421,11 @@ lg_GetPubItem(NSSLOWKEYPublicKey *pubKey)
case NSSLOWKEYDHKey:
pubItem = &pubKey->u.dh.publicValue;
break;
+#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
pubItem = &pubKey->u.ec.publicValue;
break;
+#endif /* NSS_DISABLE_ECC */
default:
break;
}
@@ -542,6 +544,7 @@ lg_FindDHPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
return lg_invalidAttribute(attribute);
}
+#ifndef NSS_DISABLE_ECC
static CK_RV
lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
CK_ATTRIBUTE *attribute)
@@ -591,6 +594,7 @@ lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
}
return lg_invalidAttribute(attribute);
}
+#endif /* NSS_DISABLE_ECC */
static CK_RV
lg_FindPublicKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
@@ -641,8 +645,10 @@ lg_FindPublicKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
return lg_FindDSAPublicKeyAttribute(key, type, attribute);
case NSSLOWKEYDHKey:
return lg_FindDHPublicKeyAttribute(key, type, attribute);
+#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
return lg_FindECPublicKeyAttribute(key, type, attribute);
+#endif /* NSS_DISABLE_ECC */
default:
break;
}
@@ -929,6 +935,7 @@ lg_FindDHPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
return lg_invalidAttribute(attribute);
}
+#ifndef NSS_DISABLE_ECC
static CK_RV
lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
CK_ATTRIBUTE *attribute, SDB *sdbpw)
@@ -966,6 +973,7 @@ lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
}
return lg_invalidAttribute(attribute);
}
+#endif /* NSS_DISABLE_ECC */
static CK_RV
lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
@@ -1012,8 +1020,10 @@ lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
return lg_FindDSAPrivateKeyAttribute(key, type, attribute, obj->sdb);
case NSSLOWKEYDHKey:
return lg_FindDHPrivateKeyAttribute(key, type, attribute, obj->sdb);
+#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
return lg_FindECPrivateKeyAttribute(key, type, attribute, obj->sdb);
+#endif /* NSS_DISABLE_ECC */
default:
break;
}
diff --git a/security/nss/lib/softoken/legacydb/lgcreate.c b/security/nss/lib/softoken/legacydb/lgcreate.c
index f2b2aa634..a0d2b2e57 100644
--- a/security/nss/lib/softoken/legacydb/lgcreate.c
+++ b/security/nss/lib/softoken/legacydb/lgcreate.c
@@ -398,17 +398,21 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
NSSLOWKEYPrivateKey *priv;
SECItem pubKeySpace = { siBuffer, NULL, 0 };
SECItem *pubKey;
+#ifndef NSS_DISABLE_ECC
SECItem pubKey2Space = { siBuffer, NULL, 0 };
PLArenaPool *arena = NULL;
+#endif /* NSS_DISABLE_ECC */
NSSLOWKEYDBHandle *keyHandle = NULL;
switch (key_type) {
case CKK_RSA:
pubKeyAttr = CKA_MODULUS;
break;
+#ifndef NSS_DISABLE_ECC
case CKK_EC:
pubKeyAttr = CKA_EC_POINT;
break;
+#endif /* NSS_DISABLE_ECC */
case CKK_DSA:
case CKK_DH:
break;
@@ -421,6 +425,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
if (crv != CKR_OK)
return crv;
+#ifndef NSS_DISABLE_ECC
if (key_type == CKK_EC) {
SECStatus rv;
/*
@@ -443,6 +448,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
pubKey = &pubKey2Space;
}
}
+#endif /* NSS_DISABLE_ECC */
PORT_Assert(pubKey->data);
if (pubKey->data == NULL) {
@@ -463,12 +469,14 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
/* make sure the associated private key already exists */
/* only works if we are logged in */
priv = nsslowkey_FindKeyByPublicKey(keyHandle, pubKey, sdb /*password*/);
+#ifndef NSS_DISABLE_ECC
if (priv == NULL && pubKey == &pubKey2Space) {
/* no match on the decoded key, match the original pubkey */
pubKey = &pubKeySpace;
priv = nsslowkey_FindKeyByPublicKey(keyHandle, pubKey,
sdb /*password*/);
}
+#endif
if (priv == NULL) {
/* the legacy database can only 'store' public keys which already
* have their corresponding private keys in the database */
@@ -482,9 +490,10 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
done:
PORT_Free(pubKeySpace.data);
- if (arena) {
+#ifndef NSS_DISABLE_ECC
+ if (arena)
PORT_FreeArena(arena, PR_FALSE);
- }
+#endif
return crv;
}
@@ -604,6 +613,7 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count,
}
break;
+#ifndef NSS_DISABLE_ECC
case CKK_EC:
privKey->keyType = NSSLOWKEYECKey;
crv = lg_Attribute2SSecItem(arena, CKA_EC_PARAMS, templ, count,
@@ -636,6 +646,7 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count,
if (rv != SECSuccess)
crv = CKR_HOST_MEMORY;
break;
+#endif /* NSS_DISABLE_ECC */
default:
crv = CKR_KEY_TYPE_INCONSISTENT;
diff --git a/security/nss/lib/softoken/legacydb/lgfips.c b/security/nss/lib/softoken/legacydb/lgfips.c
index b991dcf8e..b017424db 100644
--- a/security/nss/lib/softoken/legacydb/lgfips.c
+++ b/security/nss/lib/softoken/legacydb/lgfips.c
@@ -6,8 +6,6 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* $Id: fipstest.c,v 1.31 2012/06/28 17:55:06 rrelyea%redhat.com Exp $ */
-#ifndef NSS_FIPS_DISABLED
-
#include "seccomon.h"
#include "lgdb.h"
#include "blapi.h"
@@ -115,5 +113,3 @@ lg_FIPSEntryOK()
#endif
return lg_self_tests_success;
}
-
-#endif /* NSS_FIPS_DISABLED */
diff --git a/security/nss/lib/softoken/legacydb/lginit.c b/security/nss/lib/softoken/legacydb/lginit.c
index 4f0b53f52..6913eea50 100644
--- a/security/nss/lib/softoken/legacydb/lginit.c
+++ b/security/nss/lib/softoken/legacydb/lginit.c
@@ -586,15 +586,11 @@ legacy_Open(const char *configdir, const char *certPrefix,
#define NSS_VERSION_VARIABLE __nss_dbm_version
#include "verref.h"
-#ifndef NSS_FIPS_DISABLED
if (flags & SDB_FIPS) {
- /* We shouldn't get here when FIPS is not enabled on the database. But
- * we also don't care when this NSS build doesn't support FIPS. */
if (!lg_FIPSEntryOK()) {
return CKR_DEVICE_ERROR;
}
}
-#endif
rv = SECOID_Init();
if (SECSuccess != rv) {
diff --git a/security/nss/lib/softoken/legacydb/lowcert.c b/security/nss/lib/softoken/legacydb/lowcert.c
index 5a349f0aa..2906120ee 100644
--- a/security/nss/lib/softoken/legacydb/lowcert.c
+++ b/security/nss/lib/softoken/legacydb/lowcert.c
@@ -823,6 +823,7 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert)
if (rv == SECSuccess)
return pubk;
break;
+#ifndef NSS_DISABLE_ECC
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
pubk->keyType = NSSLOWKEYECKey;
/* Since PKCS#11 directly takes the DER encoding of EC params
@@ -844,6 +845,7 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert)
if (rv == SECSuccess)
return pubk;
break;
+#endif /* NSS_DISABLE_ECC */
default:
rv = SECFailure;
break;
diff --git a/security/nss/lib/softoken/legacydb/lowkey.c b/security/nss/lib/softoken/legacydb/lowkey.c
index a9b7cce3d..7de4197a1 100644
--- a/security/nss/lib/softoken/legacydb/lowkey.c
+++ b/security/nss/lib/softoken/legacydb/lowkey.c
@@ -99,6 +99,8 @@ const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[] = {
{ 0 }
};
+#ifndef NSS_DISABLE_ECC
+
/* NOTE: The SECG specification allows the private key structure
* to contain curve parameters but recommends that they be stored
* in the PrivateKeyAlgorithmIdentifier field of the PrivateKeyInfo
@@ -191,6 +193,7 @@ LGEC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
loser:
return SECFailure;
}
+#endif /* NSS_DISABLE_ECC */
/*
* See bugzilla bug 125359
* Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
@@ -240,6 +243,7 @@ lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
key->u.dh.privateValue.type = siUnsignedInteger;
}
+#ifndef NSS_DISABLE_ECC
void
lg_prepare_low_ecparams_for_asn1(ECParams *params)
{
@@ -256,6 +260,7 @@ lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
key->u.ec.privateValue.type = siUnsignedInteger;
key->u.ec.publicValue.type = siUnsignedInteger;
}
+#endif /* NSS_DISABLE_ECC */
void
lg_nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk)
@@ -357,6 +362,7 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
return pubk;
}
break;
+#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
sizeof(NSSLOWKEYPublicKey));
@@ -377,6 +383,7 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
return pubk;
}
break;
+#endif /* NSS_DISABLE_ECC */
/* No Fortezza in Low Key implementations (Fortezza keys aren't
* stored in our data base */
default:
diff --git a/security/nss/lib/softoken/legacydb/lowkeyi.h b/security/nss/lib/softoken/legacydb/lowkeyi.h
index 4a5bcfa91..5136b56a5 100644
--- a/security/nss/lib/softoken/legacydb/lowkeyi.h
+++ b/security/nss/lib/softoken/legacydb/lowkeyi.h
@@ -26,8 +26,10 @@ extern void lg_prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
extern void lg_prepare_low_pqg_params_for_asn1(PQGParams *params);
extern void lg_prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
extern void lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
+#ifndef NSS_DISABLE_ECC
extern void lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
extern void lg_prepare_low_ecparams_for_asn1(ECParams *params);
+#endif /* NSS_DISABLE_ECC */
typedef char *(*NSSLOWKEYDBNameFunc)(void *arg, int dbVersion);
@@ -132,6 +134,7 @@ extern char *
nsslowkey_FindKeyNicknameByPublicKey(NSSLOWKEYDBHandle *handle,
SECItem *modulus, SDB *sdb);
+#ifndef NSS_DISABLE_ECC
/*
* smaller version of EC_FillParams. In this code, we only need
* oid and DER data.
@@ -142,7 +145,7 @@ SECStatus LGEC_FillParams(PLArenaPool *arena, const SECItem *encodedParams,
/* Copy all of the fields from srcParams into dstParams */
SECStatus LGEC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
const ECParams *srcParams);
-
+#endif
SEC_END_PROTOS
#endif /* _LOWKEYI_H_ */
diff --git a/security/nss/lib/softoken/legacydb/lowkeyti.h b/security/nss/lib/softoken/legacydb/lowkeyti.h
index 2fd5d4e29..ef92689e0 100644
--- a/security/nss/lib/softoken/legacydb/lowkeyti.h
+++ b/security/nss/lib/softoken/legacydb/lowkeyti.h
@@ -42,8 +42,10 @@ extern const SEC_ASN1Template lg_nsslowkey_RSAPrivateKeyTemplate2[];
extern const SEC_ASN1Template lg_nsslowkey_DSAPrivateKeyTemplate[];
extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[];
extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyExportTemplate[];
+#ifndef NSS_DISABLE_ECC
#define NSSLOWKEY_EC_PRIVATE_KEY_VERSION 1 /* as per SECG 1 C.4 */
extern const SEC_ASN1Template lg_nsslowkey_ECPrivateKeyTemplate[];
+#endif /* NSS_DISABLE_ECC */
extern const SEC_ASN1Template lg_nsslowkey_PrivateKeyInfoTemplate[];
extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[];
diff --git a/security/nss/lib/softoken/legacydb/pcertdb.c b/security/nss/lib/softoken/legacydb/pcertdb.c
index 2e8b650ee..f1444bf04 100644
--- a/security/nss/lib/softoken/legacydb/pcertdb.c
+++ b/security/nss/lib/softoken/legacydb/pcertdb.c
@@ -1854,8 +1854,6 @@ DecodeDBSMimeEntry(certDBEntrySMime *entry, SECItem *dbentry, char *emailAddr)
&dbentry->data[DB_SMIME_ENTRY_HEADER_LEN +
entry->subjectName.len],
entry->smimeOptions.len);
- } else {
- entry->smimeOptions.data = NULL;
}
if (entry->optionsDate.len) {
entry->optionsDate.data =
@@ -1870,8 +1868,6 @@ DecodeDBSMimeEntry(certDBEntrySMime *entry, SECItem *dbentry, char *emailAddr)
entry->subjectName.len +
entry->smimeOptions.len],
entry->optionsDate.len);
- } else {
- entry->optionsDate.data = NULL;
}
/* both options and options date must either exist or not exist */
@@ -2018,7 +2014,7 @@ nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *handle, char *emailAddr)
{
PLArenaPool *arena = NULL;
PLArenaPool *tmparena = NULL;
- certDBEntrySMime *entry = NULL;
+ certDBEntrySMime *entry;
SECItem dbkey;
SECItem dbentry;
SECStatus rv;
@@ -2035,8 +2031,8 @@ nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *handle, char *emailAddr)
goto loser;
}
- entry = (certDBEntrySMime *)PORT_ArenaZAlloc(arena,
- sizeof(certDBEntrySMime));
+ entry = (certDBEntrySMime *)PORT_ArenaAlloc(arena,
+ sizeof(certDBEntrySMime));
if (entry == NULL) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
goto loser;