diff --git a/lib/pkcs12/p12plcy.c b/lib/pkcs12/p12plcy.c --- a/lib/pkcs12/p12plcy.c +++ b/lib/pkcs12/p12plcy.c @@ -32,27 +32,31 @@ static pkcs12SuiteMap pkcs12SuiteMaps[] { SEC_OID_UNKNOWN, 0, PKCS12_NULL, PR_FALSE, PR_FALSE }, { SEC_OID_UNKNOWN, 0, 0L, PR_FALSE, PR_FALSE } }; /* determine if algid is an algorithm which is allowed */ static PRBool sec_PKCS12Allowed(SECOidTag alg, PRUint32 needed) { +#ifdef notdef PRUint32 policy; SECStatus rv; rv = NSS_GetAlgorithmPolicy(alg, &policy); if (rv != SECSuccess) { return PR_FALSE; } if ((policy & needed) == needed) { return PR_TRUE; } return PR_FALSE; +#else + return PR_TRUE; +#endif } PRBool SEC_PKCS12CipherAllowed(SECOidTag pbeAlg, SECOidTag hmacAlg) { SECOidTag cipherAlg = SEC_PKCS5GetCryptoFromAlgTag(pbeAlg); SECOidTag hashAlg = SEC_PKCS5GetHashFromAlgTag(pbeAlg); if (cipherAlg == SEC_OID_UNKNOWN) { diff --git a/lib/smime/smimeutil.c b/lib/smime/smimeutil.c --- a/lib/smime/smimeutil.c +++ b/lib/smime/smimeutil.c @@ -197,16 +197,17 @@ smime_get_policy_tag_from_key_length(SEC return SEC_OID_UNKNOWN; } return algtag; } PRBool smime_allowed_by_policy(SECOidTag algtag, PRUint32 neededPolicy) { +#ifdef notdef PRUint32 policyFlags; /* some S/MIME algs map to the same underlying KEA mechanism, * collaps them here */ if ((neededPolicy & (NSS_USE_ALG_IN_SMIME_KX | NSS_USE_ALG_IN_SMIME_KX_LEGACY)) != 0) { CK_MECHANISM_TYPE mechType = PK11_AlgtagToMechanism(algtag); switch (mechType) { case CKM_ECDH1_DERIVE: @@ -216,16 +217,17 @@ smime_allowed_by_policy(SECOidTag algtag } } if ((NSS_GetAlgorithmPolicy(algtag, &policyFlags) == SECFailure) || ((policyFlags & neededPolicy) != neededPolicy)) { PORT_SetError(SEC_ERROR_BAD_EXPORT_ALGORITHM); return PR_FALSE; } +#endif return PR_TRUE; } /* * We'll need this for the fake policy oids for RC2, but the * rest of these should be moved to pk11wrap for generic * algtag to key size values. We already need this for * sec_pkcs5v2_key_length_by oid. @@ -480,28 +482,34 @@ smime_init_once(void *arg) return PR_FAILURE; } algorithm_list_lock = PZ_NewLock(nssILockCache); if (algorithm_list_lock == NULL) { *error = PORT_GetError(); return PR_FAILURE; } +#ifdef notdef /* At initialization time, we need to set up the defaults. We first * look to see if the system or application has set up certain algorithms * by policy. If they have set up values by policy we'll only allow those * algorithms. We'll then look to see if any algorithms are enabled by * the application. */ rv = NSS_GetAlgorithmPolicyAll(NSS_USE_ALG_IN_SMIME_LEGACY, NSS_USE_ALG_IN_SMIME_LEGACY, &tags, &tagCount); if (tags) { PORT_Free(tags); tags = NULL; } +#else + /* just initialize the old maps */ + rv = SECSuccess; + tagCount = 0; +#endif if ((rv != SECSuccess) || (tagCount == 0)) { /* No algorithms have been enabled by policy (either by the system * or by the application, we then will use the traditional default * algorithms from the policy map */ for (i = smime_legacy_map_count - 1; i >= 0; i--) { SECOidTag policytag = smime_legacy_map[i].policytag; /* this enables the algorithm by policy. We need this or * the policy code will reject attempts to use it */ diff --git a/tests/smime/smime.sh b/tests/smime/smime.sh --- a/tests/smime/smime.sh +++ b/tests/smime/smime.sh @@ -867,13 +867,13 @@ smime_cleanup() } ################## main ################################################# smime_init smime_main smime_data_tb smime_p7 -if using_sql ; then - smime_policy -fi +#if using_sql ; then +# smime_policy +#fi smime_cleanup diff --git a/tests/tools/tools.sh b/tests/tools/tools.sh --- a/tests/tools/tools.sh +++ b/tests/tools/tools.sh @@ -590,17 +590,17 @@ tools_p12() tools_p12_export_list_import_most_ciphers fi tools_p12_export_with_none_ciphers tools_p12_export_with_invalid_ciphers tools_p12_import_old_files tools_p12_import_pbmac1_samples if using_sql; then tools_p12_import_rsa_pss_private_key - tools_p12_policy +# tools_p12_policy fi } ############################## tools_sign ############################## # local shell function pk12util uses a hardcoded tmp file, if this exists # and is owned by another user we don't get reasonable errormessages ######################################################################## check_tmpfile()