From fba28f19754f62b5227650143d5441fc86d4c7d7 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@gmail.com>
Date: Wed, 25 Apr 2018 21:33:33 +0200
Subject: Revert "Update NSS to 3.35-RTM"

This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.
---
 security/nss/tests/cert/TestCA-bogus-rsa-pss1.crt |  26 -
 security/nss/tests/cert/TestCA-bogus-rsa-pss2.crt |  24 -
 security/nss/tests/cert/cert.sh                   | 560 ++--------------------
 3 files changed, 49 insertions(+), 561 deletions(-)
 delete mode 100644 security/nss/tests/cert/TestCA-bogus-rsa-pss1.crt
 delete mode 100644 security/nss/tests/cert/TestCA-bogus-rsa-pss2.crt

(limited to 'security/nss/tests/cert')

diff --git a/security/nss/tests/cert/TestCA-bogus-rsa-pss1.crt b/security/nss/tests/cert/TestCA-bogus-rsa-pss1.crt
deleted file mode 100644
index e3c8fcdcf..000000000
--- a/security/nss/tests/cert/TestCA-bogus-rsa-pss1.crt
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEbDCCAxqgAwIBAgIBATBHBgkqhkiG9w0BAQowOqAPMA0GCWCGSAFlAwQCAQUA
-oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASCjBAICEmcwgYMxCzAJ
-BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFp
-biBWaWV3MRIwEAYDVQQKEwlCT0dVUyBOU1MxMzAxBgNVBAMTKk5TUyBUZXN0IENB
-IChSU0EtUFNTIGludmFsaWQgdHJhaWxlckZpZWxkKTAgFw0xNzEyMDcxMjU3NDBa
-GA8yMDY3MTIwNzEyNTc0MFowgYMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp
-Zm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRIwEAYDVQQKEwlCT0dVUyBO
-U1MxMzAxBgNVBAMTKk5TUyBUZXN0IENBIChSU0EtUFNTIGludmFsaWQgdHJhaWxl
-ckZpZWxkKTCCAVwwRwYJKoZIhvcNAQEKMDqgDzANBglghkgBZQMEAgEFAKEcMBoG
-CSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgowQCAhJnA4IBDwAwggEKAoIB
-AQDgkKJk+PoFpESak7kMQ0w147/xilUZCG7hDGG2uuGTbX8jqy9N9pxzB9sJjgJX
-yYND0XEmrUQ2Memmy8jufhXML5DekW1tr3Gi2L3VivbIReJZfXk1xDMvNbB/Gjjo
-SoPyu8C4hnevjgMlmqG3KdMkB+eN6PnBG64YFyki3vnLO5iTNHEBTgFYo0gTX4uK
-xl0hLtiDL+4K5l7BwVgxZwQF6uHoHjrjjlhkzR0FwjjqR8U0pH20Pb6IlRsFMv07
-/1GHf+jm34pKb/1ZNzAbiKxYv7YAQUWEZ7e/GSXgA6gbTpV9ueiLkVucUeXN/mXK
-Tqb4zivi5FaSGVl8SJnqsJXJAgMBAAGjOTA3MBQGCWCGSAGG+EIBAQEB/wQEAwIC
-BDAPBgNVHRMECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwICBDBHBgkqhkiG9w0BAQow
-OqAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUA
-ogMCASCjBAICEmcDggEBAJht9t9p/dlhJtx7ShDvUXyq8N4tCoGKdREM83K/jlW8
-HxdHOz5PuvZx+UMlaUtqZVIriSCnRtEWkoSo0hWmcv1rp80it2G1zLfLPYdyrPba
-nQmE1iFb69Wr9dwrX7o/CII+WHQgoIGeFGntZ8YRZTe5+JeiGAlAyZCqUKbl9lhh
-pCpf1YYxb3VI8mAGVi0jwabWBEbInGBZYH9HP0nK7/Tflk6UY3f4h4Fbkk5D4WZA
-hFfkebx6Wh90QGiKQhp4/N+dYira8bKvWqqn0VqwzBoJBU/RmMaJVpwqFFvcaUJh
-uEKUPeQbqkYvj1WJYmy4ettVwi4OZU50+kCaRQhMsFA=
------END CERTIFICATE-----
diff --git a/security/nss/tests/cert/TestCA-bogus-rsa-pss2.crt b/security/nss/tests/cert/TestCA-bogus-rsa-pss2.crt
deleted file mode 100644
index d46442dc4..000000000
--- a/security/nss/tests/cert/TestCA-bogus-rsa-pss2.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEFzCCAs2gAwIBAgIBATA/BgkqhkiG9w0BAQowMqAOMAwGCCqGSIb3DQIFBQCh
-GzAZBgkqhkiG9w0BAQgwDAYIKoZIhvcNAgUFAKIDAgEgMH4xCzAJBgNVBAYTAlVT
-MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRIw
-EAYDVQQKEwlCT0dVUyBOU1MxLjAsBgNVBAMTJU5TUyBUZXN0IENBIChSU0EtUFNT
-IGludmFsaWQgaGFzaEFsZykwIBcNMTcxMjA3MTQwNjQ0WhgPMjA2ODAxMDcxNDA2
-NDRaMH4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1Nb3VudGFpbiBWaWV3MRIwEAYDVQQKEwlCT0dVUyBOU1MxLjAsBgNVBAMTJU5T
-UyBUZXN0IENBIChSU0EtUFNTIGludmFsaWQgaGFzaEFsZykwggEgMAsGCSqGSIb3
-DQEBCgOCAQ8AMIIBCgKCAQEAtDXA73yTOgs8zVYNMCtuQ9a07UgbfeQbjHp3pkF6
-7rsC/Q28mrLh+zLkht5e7qU/Qf/8a2ZkcYhPOBAjCzjgIXOdE2lsWvdVujOJLR0x
-Fesd3hDLRmL6f6momc+j1/Tw3bKyZinaeJ9BFRv9c94SayB3QUe+6+TNJKASwlhj
-sx6mUsND+h3DkuL77gi7hIUpUXfFSwa+zM69VLhIu+/WRZfG8gfKkCAIGUC3WYJa
-eU1HgQKfVSXW0ok4ototXWEe9ohU+Z1tO9LJStcY8mMpig7EU9zbpObhG46Sykfu
-aKsubB9J+gFgwP5Tb85tRYT6SbHeHR6U/N8GBrKdRcomWwIDAQABozwwOjAUBglg
-hkgBhvhCAQEBAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
-BAMCAgQwPwYJKoZIhvcNAQEKMDKgDjAMBggqhkiG9w0CBQUAoRswGQYJKoZIhvcN
-AQEIMAwGCCqGSIb3DQIFBQCiAwIBIAOCAQEAjeemeTxh2xrMUJ6Z5Yn2nH2FbcPY
-fTHJcdfXjfNBkrMl5pe2/lk0JyNuACTuTYFCxdWNRL1coN//h9DSUbF3dpF1ex6D
-difo+6PwxkO2aPVGPYw4DSivt4SFbn5dKGgVqBQfnmNK7p/iT91AcErg/grRrNL+
-4jeT0UiRjQYeX9xKJArv+ocIidNpQL3QYxXuBLZxVC92Af69ol7WG8QBRLnFi1p2
-g6q8hOHqOfB29qnsSo3PkI1yuShOl50tRLbNgyotEfZdk1N3oXvapoBsm/jlcdCT
-0aKelCSQYYAfyl5PKCpa1lgBm7zfcHSDStMhEEFu/fbnJhqO9g9znj3STQ==
------END CERTIFICATE-----
diff --git a/security/nss/tests/cert/cert.sh b/security/nss/tests/cert/cert.sh
index d1a9148a9..9b3455747 100755
--- a/security/nss/tests/cert/cert.sh
+++ b/security/nss/tests/cert/cert.sh
@@ -46,7 +46,11 @@ cert_init()
   fi
   SCRIPTNAME="cert.sh"
   CRL_GRP_DATE=`date -u "+%Y%m%d%H%M%SZ"`
-  html_head "Certutil and Crlutil Tests"
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      html_head "Certutil and Crlutil Tests with ECC"
+  else
+      html_head "Certutil and Crlutil Tests"
+  fi
 
   LIBDIR="${DIST}/${OBJDIR}/lib"
 
@@ -296,12 +300,14 @@ cert_create_cert()
 	fi
 
 
+    if [ -z "$NSS_DISABLE_ECC" ] ; then
 	CU_ACTION="Import EC Root CA for $CERTNAME"
 	certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \
 	    -d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-ec.ca.cert" 2>&1
 	if [ "$RET" -ne 0 ]; then
             return $RET
 	fi
+    fi
 
     cert_add_cert "$5"
     return $?
@@ -396,6 +402,7 @@ cert_add_cert()
 #
 #   Generate and add EC cert
 #
+    if [ -z "$NSS_DISABLE_ECC" ] ; then
 	CURVE="secp384r1"
 	CU_ACTION="Generate EC Cert Request for $CERTNAME"
 	CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
@@ -447,6 +454,7 @@ cert_add_cert()
             return $RET
 	fi
 	cert_log "SUCCESS: $CERTNAME's mixed EC Cert Created"
+    fi
 
     return 0
 }
@@ -459,7 +467,6 @@ cert_add_cert()
 cert_all_CA()
 {
     echo nss > ${PWFILE}
-    echo > ${EMPTY_FILE}
 
     ALL_CU_SUBJECT="CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
     cert_CA $CADIR TestCA -x "CTu,CTu,CTu" ${D_CA} "1"
@@ -510,16 +517,10 @@ cert_all_CA()
 #	dsaroot.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last 
 #	in the chain
 
-#
-#       Create RSA-PSS version of TestCA
-	ALL_CU_SUBJECT="CN=NSS Test CA (RSA-PSS), O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-	cert_rsa_pss_CA $CADIR TestCA-rsa-pss -x "CTu,CTu,CTu" ${D_CA} "1" SHA256
-	rm $CADIR/rsapssroot.cert
 
-	ALL_CU_SUBJECT="CN=NSS Test CA (RSA-PSS-SHA1), O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-	cert_rsa_pss_CA $CADIR TestCA-rsa-pss-sha1 -x "CTu,CTu,CTu" ${D_CA} "1" SHA1
-	rm $CADIR/rsapssroot.cert
 
+
+    if [ -z "$NSS_DISABLE_ECC" ] ; then
 #
 #       Create EC version of TestCA
 	CA_CURVE="secp521r1"
@@ -544,6 +545,8 @@ cert_all_CA()
 	rm $CLIENT_CADIR/ecroot.cert $SERVER_CADIR/ecroot.cert
 #	ecroot.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last 
 #	in the chain
+
+    fi
 }
 
 ################################# cert_CA ################################
@@ -634,7 +637,7 @@ CERTSCRIPT
 ################################ cert_dsa_CA #############################
 # local shell function to build the Temp. Certificate Authority (CA)
 # used for testing purposes, creating  a CA Certificate and a root cert
-# This is the DSA version of cert_CA.
+# This is the ECC version of cert_CA.
 ##########################################################################
 cert_dsa_CA()
 {
@@ -645,7 +648,7 @@ cert_dsa_CA()
   DOMAIN=$5
   CERTSERIAL=$6
 
-  echo "$SCRIPTNAME: Creating a DSA CA Certificate $NICKNAME =========================="
+  echo "$SCRIPTNAME: Creating an DSA CA Certificate $NICKNAME =========================="
 
   if [ ! -d "${CUR_CADIR}" ]; then
       mkdir -p "${CUR_CADIR}"
@@ -658,7 +661,7 @@ cert_dsa_CA()
 	LPROFILE="multiaccess:${DOMAIN}"
   fi
 
-  ################# Creating a DSA CA Cert ###############################
+  ################# Creating an DSA CA Cert ###############################
   #
   CU_ACTION="Creating DSA CA Cert $NICKNAME "
   CU_SUBJECT=$ALL_CU_SUBJECT
@@ -697,79 +700,6 @@ CERTSCRIPT
 
 
 
-
-################################ cert_rsa_pss_CA #############################
-# local shell function to build the Temp. Certificate Authority (CA)
-# used for testing purposes, creating  a CA Certificate and a root cert
-# This is the RSA-PSS version of cert_CA.
-##########################################################################
-cert_rsa_pss_CA()
-{
-  CUR_CADIR=$1
-  NICKNAME=$2
-  SIGNER=$3
-  TRUSTARG=$4
-  DOMAIN=$5
-  CERTSERIAL=$6
-  HASHALG=$7
-
-  echo "$SCRIPTNAME: Creating an RSA-PSS CA Certificate $NICKNAME =========================="
-
-  if [ ! -d "${CUR_CADIR}" ]; then
-      mkdir -p "${CUR_CADIR}"
-  fi
-  cd ${CUR_CADIR}
-  pwd
-
-  LPROFILE=.
-  if [ -n "${MULTIACCESS_DBM}" ]; then
-	LPROFILE="multiaccess:${DOMAIN}"
-  fi
-
-  HASHOPT=
-  if [ -n "$HASHALG" ]; then
-        HASHOPT="-Z $HASHALG"
-  fi
-
-  ################# Creating an RSA-PSS CA Cert ###############################
-  #
-  CU_ACTION="Creating RSA-PSS CA Cert $NICKNAME "
-  CU_SUBJECT=$ALL_CU_SUBJECT
-  certu -S -n $NICKNAME -k rsa --pss $HASHOPT -t $TRUSTARG -v 600 $SIGNER \
-    -d ${LPROFILE} -1 -2 -5 -f ${R_PWFILE} -z ${R_NOISE_FILE} \
-    -m $CERTSERIAL 2>&1 <<CERTSCRIPT
-5
-6
-9
-n
-y
--1
-n
-5
-6
-7
-9
-n
-CERTSCRIPT
-
-  if [ "$RET" -ne 0 ]; then
-      echo "return value is $RET"
-      Exit 6 "Fatal - failed to create RSA-PSS CA cert"
-  fi
-
-  ################# Exporting RSA-PSS Root Cert ###############################
-  #
-  CU_ACTION="Exporting RSA-PSS Root Cert"
-  certu -L -n  $NICKNAME -r -d ${LPROFILE} -o rsapssroot.cert
-  if [ "$RET" -ne 0 ]; then
-      Exit 7 "Fatal - failed to export RSA-PSS root cert"
-  fi
-  cp rsapssroot.cert ${NICKNAME}.ca.cert
-}
-
-
-
-
 ################################ cert_ec_CA ##############################
 # local shell function to build the Temp. Certificate Authority (CA)
 # used for testing purposes, creating  a CA Certificate and a root cert
@@ -901,6 +831,7 @@ cert_smime_client()
   certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \
         -i ${R_EVEDIR}/Eve.cert 2>&1
 
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       echo "$SCRIPTNAME: Importing EC Certificates =============================="
       CU_ACTION="Import Bob's EC cert into Alice's db"
       certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
@@ -924,6 +855,7 @@ cert_smime_client()
 #     CU_ACTION="Import Eve's EC cert into Bob's DB"
 #     certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \
 #         -i ${R_EVEDIR}/Eve-ec.cert 2>&1
+  fi
 
   if [ "$CERTFAILED" != 0 ] ; then
       cert_log "ERROR: SMIME failed $RET"
@@ -1014,6 +946,7 @@ cert_extended_ssl()
 #	  -d "${PROFILEDIR}" -i "${CLIENT_CADIR}/clientCA-dsamixed.ca.cert" \
 #	  2>&1
 
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
 #
 #     Repeat the above for EC certs
 #
@@ -1059,6 +992,7 @@ cert_extended_ssl()
 #      certu -A -n "clientCA-ecmixed" -t "T,," -f "${R_PWFILE}" \
 #	  -d "${PROFILEDIR}" -i "${CLIENT_CADIR}/clientCA-ecmixed.ca.cert" \
 #	  2>&1
+  fi
 
   echo "Importing all the server's own CA chain into the servers DB"
   for CA in `find ${SERVER_CADIR} -name "?*.ca.cert"` ;
@@ -1147,6 +1081,7 @@ cert_extended_ssl()
 # done with mixed DSA certs
 #
 
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
 #
 #     Repeat the above for EC certs
 #
@@ -1193,6 +1128,7 @@ cert_extended_ssl()
 #
 # done with mixed EC certs
 #
+  fi
 
   echo "Importing all the client's own CA chain into the servers DB"
   for CA in `find ${CLIENT_CADIR} -name "?*.ca.cert"` ;
@@ -1239,8 +1175,10 @@ cert_ssl()
   CU_ACTION="Modify trust attributes of DSA Root CA -t TC,TC,TC"
   certu -M -n "TestCA-dsa" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
 
-  CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC"
-  certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC"
+      certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
+  fi
 #  cert_init_cert ${SERVERDIR} "${HOSTADDR}" 1 ${D_SERVER}
 #  echo "************* Copying CA files to ${SERVERDIR}"
 #  cp ${CADIR}/*.db .
@@ -1261,12 +1199,6 @@ cert_ssl()
   cp -r ${R_SERVERDIR} ${R_STAPLINGDIR}
   pk12u -o ${R_STAPLINGDIR}/ca.p12 -n TestCA -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_CADIR}
   pk12u -i ${R_STAPLINGDIR}/ca.p12 -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_STAPLINGDIR}
-
-  echo "$SCRIPTNAME: Creating database for strsclnt no login tests  ==============="
-  echo "cp -r ${CLIENTDIR} ${NOLOGINDIR}"
-  cp -r ${R_CLIENTDIR} ${R_NOLOGINDIR}
-  # change the password to empty
-  certu -W -d "${R_NOLOGINDIR}" -f "${R_PWFILE}" -@ "${R_EMPTY_FILE}" 2>&1
 }
 
 ############################## cert_stresscerts ################################
@@ -1337,35 +1269,12 @@ MODSCRIPT
     html_passed "${CU_ACTION}"
   fi
 
-  CU_ACTION="Setting invalid database password in FIPS mode"
-  RETEXPECTED=255
-  certu -W -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" -@ "${R_FIPSBADPWFILE}" 2>&1
-  CU_ACTION="Attempt to generate a key with exponent of 3 (too small)"
-  certu -G -k rsa -g 2048 -y 3 -d "${PROFILEDIR}" -z ${R_NOISE_FILE} -f "${R_FIPSPWFILE}" 
-  CU_ACTION="Attempt to generate a key with exponent of 17 (too small)"
-  certu -G -k rsa -g 2048 -y 17 -d "${PROFILEDIR}" -z ${R_NOISE_FILE} -f "${R_FIPSPWFILE}" 
-  RETEXPECTED=0
-
   CU_ACTION="Generate Certificate for ${CERTNAME}"
   CU_SUBJECT="CN=${CERTNAME}, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US"
   certu -S -n ${FIPSCERTNICK} -x -t "Cu,Cu,Cu" -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" -k dsa -v 600 -m 500 -z "${R_NOISE_FILE}" 2>&1
   if [ "$RET" -eq 0 ]; then
     cert_log "SUCCESS: FIPS passed"
   fi
-
-}
-
-########################## cert_rsa_exponent #################################
-# local shell function to verify small rsa exponent can be used (only
-# run if FIPS has not been turned on in the build).
-##############################################################################
-cert_rsa_exponent_nonfips()
-{
-  echo "$SCRIPTNAME: Verify that small RSA exponents still work  =============="
-  CU_ACTION="Attempt to generate a key with exponent of 3"
-  certu -G -k rsa -g 2048 -y 3 -d "${CLIENTDIR}" -z ${R_NOISE_FILE} -f "${R_PWFILE}" 
-  CU_ACTION="Attempt to generate a key with exponent of 17"
-  certu -G -k rsa -g 2048 -y 17 -d "${CLIENTDIR}" -z ${R_NOISE_FILE} -f "${R_PWFILE}" 
 }
 
 ############################## cert_eccurves ###########################
@@ -1375,6 +1284,7 @@ cert_eccurves()
 {
   ################# Creating Certs for EC curves test ########################
   #
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
     echo "$SCRIPTNAME: Creating Server CA Issued Certificate for "
     echo "             EC Curves Test Certificates ------------------------------------"
 
@@ -1415,6 +1325,8 @@ cert_eccurves()
 		-f "${R_PWFILE}" -i "${CERTNAME}-ec.cert" 2>&1
 	fi
     done
+
+  fi # $NSS_DISABLE_ECC
 }
 
 ########################### cert_extensions_test #############################
@@ -1766,6 +1678,7 @@ EOF_CRLINI
 
 
 
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Generating CRL (ECC) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-ec authority"
 
 #     Until Bug 292285 is resolved, do not encode x400 Addresses. After
@@ -1780,6 +1693,7 @@ addext issuerAltNames 0 "rfc822Name:ca-ecemail@ca.com|dnsName:ca-ec.com|director
 EOF_CRLINI
       CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
       chmod 600 ${CRL_FILE_GRP_1}_or-ec
+  fi
 
   echo test > file
   ############################# Modification ##################################
@@ -1810,6 +1724,7 @@ EOF_CRLINI
   TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or-dsa"
 
 
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Modify CRL (ECC) by adding one more cert"
       crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} \
 	  -o ${CRL_FILE_GRP_1}_or1-ec -i ${CRL_FILE_GRP_1}_or-ec <<EOF_CRLINI
@@ -1819,6 +1734,7 @@ EOF_CRLINI
       CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
       chmod 600 ${CRL_FILE_GRP_1}_or1-ec
       TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or-ec"
+  fi
 
   ########### Removing one cert ${UNREVOKED_CERT_GRP_1} #######################
   echo "$SCRIPTNAME: Modifying CA CRL by removing one cert ==============="
@@ -1847,6 +1763,7 @@ EOF_CRLINI
 
 
 
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Modify CRL (ECC) by removing one cert"
       crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}-ec \
 	  -i ${CRL_FILE_GRP_1}_or1-ec <<EOF_CRLINI
@@ -1855,6 +1772,7 @@ rmcert  ${UNREVOKED_CERT_GRP_1}
 EOF_CRLINI
       chmod 600 ${CRL_FILE_GRP_1}-ec
       TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or1-ec"
+  fi
 
   ########### Creating second CRL which includes groups 1 and 2 ##############
   CRL_GRP_END=`expr ${CRL_GRP_2_BEGIN} + ${CRL_GRP_2_RANGE} - 1`
@@ -1874,6 +1792,7 @@ rmcert  ${UNREVOKED_CERT_GRP_2}
 EOF_CRLINI
   CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
   chmod 600 ${CRL_FILE_GRP_2}
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Creating CRL (ECC) for groups 1 and 2"
       crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_2}-ec \
           -i ${CRL_FILE_GRP_1}-ec <<EOF_CRLINI
@@ -1884,6 +1803,7 @@ rmcert  ${UNREVOKED_CERT_GRP_2}
 EOF_CRLINI
       CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
       chmod 600 ${CRL_FILE_GRP_2}-ec
+  fi
 
   ########### Creating second CRL which includes groups 1, 2 and 3 ##############
   CRL_GRP_END=`expr ${CRL_GRP_3_BEGIN} + ${CRL_GRP_3_RANGE} - 1`
@@ -1905,6 +1825,7 @@ addext crlNumber 0 2
 EOF_CRLINI
   CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
   chmod 600 ${CRL_FILE_GRP_3}
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Creating CRL (ECC) for groups 1, 2 and 3"
       crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_3}-ec \
           -i ${CRL_FILE_GRP_2}-ec <<EOF_CRLINI
@@ -1915,6 +1836,7 @@ addext crlNumber 0 2
 EOF_CRLINI
       CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
       chmod 600 ${CRL_FILE_GRP_3}-ec
+  fi
 
   ############ Importing Server CA Issued CRL for certs of first group #######
 
@@ -1923,11 +1845,13 @@ EOF_CRLINI
   crlu -D -n TestCA  -f "${R_PWFILE}" -d "${R_SERVERDIR}"
   crlu -I -i ${CRL_FILE} -n "TestCA" -f "${R_PWFILE}" -d "${R_SERVERDIR}"
   CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
       CU_ACTION="Importing CRL (ECC) for groups 1"
       crlu -D -n TestCA-ec  -f "${R_PWFILE}" -d "${R_SERVERDIR}"
       crlu -I -i ${CRL_FILE}-ec -n "TestCA-ec" -f "${R_PWFILE}" \
 	  -d "${R_SERVERDIR}"
       CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+  fi
 
   if [ "$CERTFAILED" != 0 -o "$CRL_GEN_RES" != 0 ] ; then
       cert_log "ERROR: SSL CRL prep failed $CERTFAILED : $CRL_GEN_RES"
@@ -2044,387 +1968,6 @@ cert_test_ocspresp()
   ocspr ${SERVER_CADIR} "serverCA" "chain-1-serverCA" -f "${R_PWFILE}" 2>&1
 }
 
-cert_test_implicit_db_init()
-{
-  echo "$SCRIPTNAME: test implicit database init"
-
-  CU_ACTION="Add cert with trust flags to db with implicit init"
-  mkdir ${IMPLICIT_INIT_DIR}
-  certu -A -n ca -t 'C,C,C' -d ${P_R_IMPLICIT_INIT_DIR} -i "${SERVER_CADIR}/serverCA.ca.cert"
-}
-
-check_sign_algo()
-{
-  certu -L -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}" | \
-      sed -n '/^ *Data:/,/^$/{
-/^        Signature Algorithm/,/^ *Salt length/s/^        //p
-}' > ${TMP}/signalgo.txt
-
-  diff ${TMP}/signalgo.exp ${TMP}/signalgo.txt
-  RET=$?
-  if [ "$RET" -ne 0 ]; then
-      CERTFAILED=$RET
-      html_failed "${CU_ACTION} ($RET) "
-      cert_log "ERROR: ${CU_ACTION} failed $RET"
-  else
-      html_passed "${CU_ACTION}"
-  fi
-}
-
-cert_test_rsapss()
-{
-  TEMPFILES="$TEMPFILES ${TMP}/signalgo.exp ${TMP}/signalgo.txt"
-
-  cert_init_cert "${RSAPSSDIR}" "RSA-PSS Test Cert" 1000 "${D_RSAPSS}"
-
-  CU_ACTION="Initialize Cert DB"
-  certu -N -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
-
-  CU_ACTION="Import RSA CA Cert"
-  certu -A -n "TestCA" -t "C,," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${R_CADIR}/TestCA.ca.cert" 2>&1
-
-  CU_ACTION="Import RSA-PSS CA Cert"
-  certu -A -n "TestCA-rsa-pss" -t "C,," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${R_CADIR}/TestCA-rsa-pss.ca.cert" 2>&1
-
-  CU_ACTION="Verify RSA-PSS CA Cert"
-  certu -V -u L -e -n "TestCA-rsa-pss" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-
-  CU_ACTION="Import RSA-PSS CA Cert (SHA1)"
-  certu -A -n "TestCA-rsa-pss-sha1" -t "C,," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${R_CADIR}/TestCA-rsa-pss-sha1.ca.cert" 2>&1
-
-  CU_ACTION="Import Bogus RSA-PSS CA Cert (invalid trailerField)"
-  certu -A -n "TestCA-bogus-rsa-pss1" -t "C,," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${QADIR}/cert/TestCA-bogus-rsa-pss1.crt" 2>&1
-  RETEXPECTED=255
-  certu -V -b 1712101010Z -n TestCA-bogus-rsa-pss1 -u L -e -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
-  RETEXPECTED=0
-
-  CU_ACTION="Import Bogus RSA-PSS CA Cert (invalid hashAlg)"
-  certu -A -n "TestCA-bogus-rsa-pss2" -t "C,," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${QADIR}/cert/TestCA-bogus-rsa-pss2.crt" 2>&1
-  RETEXPECTED=255
-  certu -V -b 1712101010Z -n TestCA-bogus-rsa-pss2 -u L -e -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
-  RETEXPECTED=0
-
-  CERTSERIAL=200
-
-  # Subject certificate: RSA
-  # Issuer certificate: RSA
-  # Signature: RSA-PSS (explicit, with --pss-sign)
-  CERTNAME="TestUser-rsa-pss1"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  certu -C -c "TestCA" --pss-sign -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: SHA-256
-        Mask algorithm: PKCS #1 MGF1 Mask Generation Function
-        Mask hash algorithm: SHA-256
-        Salt length: 32 (0x20)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA
-  # Issuer certificate: RSA
-  # Signature: RSA-PSS (explict, with --pss-sign -Z SHA512)
-  CERTNAME="TestUser-rsa-pss2"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  certu -C -c "TestCA" --pss-sign -Z SHA512 -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: SHA-512
-        Mask algorithm: PKCS #1 MGF1 Mask Generation Function
-        Mask hash algorithm: SHA-512
-        Salt length: 64 (0x40)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA
-  # Issuer certificate: RSA-PSS
-  # Signature: RSA-PSS
-  CERTNAME="TestUser-rsa-pss3"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  certu -C -c "TestCA-rsa-pss" -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: SHA-256
-        Mask algorithm: PKCS #1 MGF1 Mask Generation Function
-        Mask hash algorithm: SHA-256
-        Salt length: 32 (0x20)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA-PSS
-  # Issuer certificate: RSA
-  # Signature: RSA-PSS (explicit, with --pss-sign)
-  CERTNAME="TestUser-rsa-pss4"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  certu -C -c "TestCA" --pss-sign -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: SHA-256
-        Mask algorithm: PKCS #1 MGF1 Mask Generation Function
-        Mask hash algorithm: SHA-256
-        Salt length: 32 (0x20)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA-PSS
-  # Issuer certificate: RSA-PSS
-  # Signature: RSA-PSS (explicit, with --pss-sign)
-  CERTNAME="TestUser-rsa-pss5"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  certu -C -c "TestCA-rsa-pss" --pss-sign -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: SHA-256
-        Mask algorithm: PKCS #1 MGF1 Mask Generation Function
-        Mask hash algorithm: SHA-256
-        Salt length: 32 (0x20)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA-PSS
-  # Issuer certificate: RSA-PSS
-  # Signature: RSA-PSS (implicit, without --pss-sign)
-  CERTNAME="TestUser-rsa-pss6"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  # Sign without --pss-sign nor -Z option
-  certu -C -c "TestCA-rsa-pss" -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: SHA-256
-        Mask algorithm: PKCS #1 MGF1 Mask Generation Function
-        Mask hash algorithm: SHA-256
-        Salt length: 32 (0x20)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA-PSS
-  # Issuer certificate: RSA-PSS
-  # Signature: RSA-PSS (with conflicting hash algorithm)
-  CERTNAME="TestUser-rsa-pss7"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  RETEXPECTED=255
-  certu -C -c "TestCA-rsa-pss" --pss-sign -Z SHA512 -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-  RETEXPECTED=0
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA-PSS
-  # Issuer certificate: RSA-PSS
-  # Signature: RSA-PSS (with compatible hash algorithm)
-  CERTNAME="TestUser-rsa-pss8"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  certu -C -c "TestCA-rsa-pss" --pss-sign -Z SHA256 -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: SHA-256
-        Mask algorithm: PKCS #1 MGF1 Mask Generation Function
-        Mask hash algorithm: SHA-256
-        Salt length: 32 (0x20)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA
-  # Issuer certificate: RSA
-  # Signature: RSA-PSS (explict, with --pss-sign -Z SHA1)
-  CERTNAME="TestUser-rsa-pss9"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  certu -C -c "TestCA" --pss-sign -Z SHA1 -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: default, SHA-1
-        Mask algorithm: default, MGF1
-        Mask hash algorithm: default, SHA-1
-        Salt length: default, 20 (0x14)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA-PSS
-  # Issuer certificate: RSA-PSS
-  # Signature: RSA-PSS (implicit, without --pss-sign, default parameters)
-  CERTNAME="TestUser-rsa-pss10"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  # Sign without --pss-sign nor -Z option
-  certu -C -c "TestCA-rsa-pss-sha1" -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-
-  CU_ACTION="Import $CERTNAME's Cert"
-  certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-        -i "${CERTNAME}.cert" 2>&1
-
-  CU_ACTION="Verify $CERTNAME's Cert"
-  certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
-  cat > ${TMP}/signalgo.exp <<EOF
-Signature Algorithm: PKCS #1 RSA-PSS Signature
-    Parameters:
-        Hash algorithm: default, SHA-1
-        Mask algorithm: default, MGF1
-        Mask hash algorithm: default, SHA-1
-        Salt length: default, 20 (0x14)
-EOF
-  check_sign_algo
-
-  CERTSERIAL=`expr $CERTSERIAL + 1`
-
-  # Subject certificate: RSA-PSS
-  # Issuer certificate: RSA-PSS
-  # Signature: RSA-PSS (with conflicting hash algorithm, default parameters)
-  CERTNAME="TestUser-rsa-pss11"
-
-  CU_ACTION="Generate Cert Request for $CERTNAME"
-  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
-  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req  2>&1
-
-  CU_ACTION="Sign ${CERTNAME}'s Request"
-  RETEXPECTED=255
-  certu -C -c "TestCA-rsa-pss-sha1" --pss-sign -Z SHA256 -m "${CERTSERIAL}" -v 60 -d "${P_R_CADIR}" \
-        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
-  RETEXPECTED=0
-}
-
 ############################## cert_cleanup ############################
 # local shell function to finish this script (no exit since it might be
 # sourced)
@@ -2432,24 +1975,20 @@ EOF
 cert_cleanup()
 {
   cert_log "$SCRIPTNAME: finished $SCRIPTNAME"
-  html "</TABLE><BR>"
+  html "</TABLE><BR>" 
   cd ${QADIR}
   . common/cleanup.sh
 }
 
 ################## main #################################################
 
-cert_init
+cert_init 
 cert_all_CA
-cert_test_implicit_db_init
-cert_extended_ssl
-cert_ssl
-cert_smime_client
-IS_FIPS_DISABLED=`certutil --build-flags |grep -cw NSS_FIPS_DISABLED`
-if [ $IS_FIPS_DISABLED -ne 0 ]; then
-  cert_rsa_exponent_nonfips
-else
-  cert_fips
+cert_extended_ssl 
+cert_ssl 
+cert_smime_client        
+if [ -z "$NSS_TEST_DISABLE_FIPS" ]; then
+    cert_fips
 fi
 cert_eccurves
 cert_extensions
@@ -2457,7 +1996,6 @@ cert_san_and_generic_extensions
 cert_test_password
 cert_test_distrust
 cert_test_ocspresp
-cert_test_rsapss
 
 if [ -z "$NSS_TEST_DISABLE_CRL" ] ; then
     cert_crl_ssl
@@ -2466,7 +2004,7 @@ else
 fi
 
 if [ -n "$DO_DIST_ST" -a "$DO_DIST_ST" = "TRUE" ] ; then
-    cert_stresscerts
+    cert_stresscerts 
 fi
 
 cert_iopr_setup
-- 
cgit v1.2.3