diff -up ./mozilla/security/coreconf/Linux.mk.nosha224 ./mozilla/security/coreconf/Linux.mk --- ./mozilla/security/coreconf/Linux.mk.nosha224 2011-12-04 22:03:47.295609957 -0800 +++ ./mozilla/security/coreconf/Linux.mk 2011-12-04 22:03:47.301609957 -0800 @@ -188,6 +188,14 @@ NSSUTIL_LIBS = -lnssutil3 USE_SYSTEM_FREEBL = 1 FREEBL_LIBS = -lfreebl3 +# +# Don't compile code that requires SHA224 if it isn't avilable +# Such is the case when system freebl/softokn is the 3.12 one +# +ifdef NO_SHA224_AVAILABLE +CFLAGS+=-DNO_SHA224_AVAILABLE +endif + # The -rpath '$$ORIGIN' linker option instructs this library to search for its # dependencies in the same directory where it resides. ifeq ($(BUILD_SUN_PKG), 1) diff -up ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 ./mozilla/security/nss/cmd/bltest/blapitest.c --- ./mozilla/security/nss/cmd/bltest/blapitest.c.nosha224 2011-09-16 12:16:50.000000000 -0700 +++ ./mozilla/security/nss/cmd/bltest/blapitest.c 2011-12-04 22:03:47.302609957 -0800 @@ -686,7 +686,9 @@ typedef enum { bltestMD2, /* Hash algorithms */ bltestMD5, /* . */ bltestSHA1, /* . */ +#ifndef NO_SHA224_AVAILABLE bltestSHA224, /* . */ +#endif bltestSHA256, /* . */ bltestSHA384, /* . */ bltestSHA512, /* . */ @@ -721,7 +723,9 @@ static char *mode_strings[] = "md2", "md5", "sha1", +#ifndef NO_SHA224_AVAILABLE "sha224", +#endif "sha256", "sha384", "sha512", @@ -1761,6 +1765,7 @@ finish: return rv; } +#ifndef NO_SHA224_AVAILABLE SECStatus SHA224_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) { @@ -1800,6 +1805,7 @@ finish: SHA224_DestroyContext(cx, PR_TRUE); return rv; } +#endif SECStatus SHA256_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) @@ -2093,6 +2099,7 @@ cipherInit(bltestCipherInfo *cipherInfo, cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf; return SECSuccess; break; +#ifndef NO_SHA224_AVAILABLE case bltestSHA224: restart = cipherInfo->params.hash.restart; SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, @@ -2100,6 +2107,7 @@ cipherInit(bltestCipherInfo *cipherInfo, cipherInfo->cipher.hashCipher = (restart) ? SHA224_restart : SHA224_HashBuf; return SECSuccess; +#endif break; case bltestSHA256: restart = cipherInfo->params.hash.restart; @@ -2542,7 +2550,9 @@ cipherFinish(bltestCipherInfo *cipherInf case bltestMD2: /* hash contexts are ephemeral */ case bltestMD5: case bltestSHA1: +#ifndef NO_SHA224_AVAILABLE case bltestSHA224: +#endif case bltestSHA256: case bltestSHA384: case bltestSHA512: @@ -2896,7 +2906,9 @@ get_params(PRArenaPool *arena, bltestPar case bltestMD2: case bltestMD5: case bltestSHA1: +#ifndef NO_SHA224_AVAILABLE case bltestSHA224: +#endif case bltestSHA256: case bltestSHA384: case bltestSHA512: diff -up ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224 ./mozilla/security/nss/cmd/chktest/chktest.c --- ./mozilla/security/nss/cmd/chktest/chktest.c.nosha224 2010-12-06 09:22:49.000000000 -0800 +++ ./mozilla/security/nss/cmd/chktest/chktest.c 2011-12-04 22:03:47.304609957 -0800 @@ -41,6 +41,10 @@ #include "blapi.h" #include "secutil.h" +#ifdef NO_SHA224_AVAILABLE +PRBool BLAPI_SHVerifyFile(const char *shName); +#endif + static int Usage() { fprintf(stderr, "Usage: chktest \n"); diff -up ./mozilla/security/nss/cmd/lib/secutil.c.nosha224 ./mozilla/security/nss/cmd/lib/secutil.c --- ./mozilla/security/nss/cmd/lib/secutil.c.nosha224 2011-10-22 07:35:41.000000000 -0700 +++ ./mozilla/security/nss/cmd/lib/secutil.c 2011-12-04 22:03:47.305609957 -0800 @@ -86,6 +86,14 @@ static char consoleName[] = { #include "nssutil.h" #include "ssl.h" +/* Defined in ./mozilla/dist/public/nss/certdb.h which was included + * and also in ./mozilla/security/nss/lib/softoken/legacydb/pcertt.h + * but invisible here for some reason + */ +#ifndef CERTDB_TERMINAL_RECORD +#define CERTDB_TERMINAL_RECORD (1<<0) +#endif + void SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...) @@ -1509,6 +1517,8 @@ const SEC_ASN1Template secuPBEV2Params[] { 0 } }; +/* if no sha224 then no psapss either */ +#ifndef NO_SHA224_AVAILABLE void secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level) { @@ -1572,6 +1582,7 @@ secu_PrintRSAPSSParams(FILE *out, SECIte } PORT_FreeArena(pool, PR_FALSE); } +#endif void secu_PrintKDF2Params(FILE *out, SECItem *value, char *m, int level) @@ -1684,10 +1695,12 @@ SECU_PrintAlgorithmID(FILE *out, SECAlgo return; } +#ifndef NO_SHA224_AVAILABLE if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) { secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level+1); return; } +#endif if (a->parameters.len == 0 || (a->parameters.len == 2 @@ -3763,8 +3776,10 @@ SECU_StringToSignatureAlgTag(const char hashAlgTag = SEC_OID_MD5; } else if (!PL_strcmp(alg, "SHA1")) { hashAlgTag = SEC_OID_SHA1; +#ifndef NO_SHA224_AVAILABLE } else if (!PL_strcmp(alg, "SHA224")) { hashAlgTag = SEC_OID_SHA224; +#endif } else if (!PL_strcmp(alg, "SHA256")) { hashAlgTag = SEC_OID_SHA256; } else if (!PL_strcmp(alg, "SHA384")) { diff -up ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224 ./mozilla/security/nss/cmd/pk11mode/pk11mode.c --- ./mozilla/security/nss/cmd/pk11mode/pk11mode.c.nosha224 2011-12-04 22:07:27.230604899 -0800 +++ ./mozilla/security/nss/cmd/pk11mode/pk11mode.c 2011-12-04 22:10:06.365601241 -0800 @@ -883,21 +883,27 @@ CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR mech_str digestMechs[] = { {CKM_SHA_1, "CKM_SHA_1 "}, +#ifndef NO_SHA224_AVAILABLE {CKM_SHA224, "CKM_SHA224"}, +#endif {CKM_SHA256, "CKM_SHA256"}, {CKM_SHA384, "CKM_SHA384"}, {CKM_SHA512, "CKM_SHA512"} }; mech_str hmacMechs[] = { {CKM_SHA_1_HMAC, "CKM_SHA_1_HMAC"}, +#ifndef NO_SHA224_AVAILABLE {CKM_SHA224_HMAC, "CKM_SHA224_HMAC"}, +#endif {CKM_SHA256_HMAC, "CKM_SHA256_HMAC"}, {CKM_SHA384_HMAC, "CKM_SHA384_HMAC"}, {CKM_SHA512_HMAC, "CKM_SHA512_HMAC"} }; mech_str sigRSAMechs[] = { {CKM_SHA1_RSA_PKCS, "CKM_SHA1_RSA_PKCS"}, +#ifndef NO_SHA224_AVAILABLE {CKM_SHA224_RSA_PKCS, "CKM_SHA224_RSA_PKCS"}, +#endif {CKM_SHA256_RSA_PKCS, "CKM_SHA256_RSA_PKCS"}, {CKM_SHA384_RSA_PKCS, "CKM_SHA384_RSA_PKCS"}, {CKM_SHA512_RSA_PKCS, "CKM_SHA512_RSA_PKCS"} diff -up ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224 ./mozilla/security/nss/lib/cryptohi/sechash.c --- ./mozilla/security/nss/lib/cryptohi/sechash.c.nosha224 2011-06-21 15:47:54.000000000 -0700 +++ ./mozilla/security/nss/lib/cryptohi/sechash.c 2011-12-04 22:03:47.306609957 -0800 @@ -91,10 +91,12 @@ sha1_NewContext(void) { return (void *) PK11_CreateDigestContext(SEC_OID_SHA1); } +#ifndef NO_SHA224_AVAILABLE static void * sha224_NewContext(void) { return (void *) PK11_CreateDigestContext(SEC_OID_SHA224); } +#endif static void * sha256_NewContext(void) { @@ -189,6 +191,7 @@ const SECHashObject SECHashObjects[] = { SHA512_BLOCK_LENGTH, HASH_AlgSHA512 }, +#ifndef NO_SHA224_AVAILABLE { SHA224_LENGTH, (void * (*)(void)) sha224_NewContext, (void * (*)(void *)) PK11_CloneContext, @@ -200,6 +203,7 @@ const SECHashObject SECHashObjects[] = { SHA224_BLOCK_LENGTH, HASH_AlgSHA224 }, +#endif }; const SECHashObject * @@ -217,7 +221,9 @@ HASH_GetHashTypeByOidTag(SECOidTag hashO case SEC_OID_MD2: ht = HASH_AlgMD2; break; case SEC_OID_MD5: ht = HASH_AlgMD5; break; case SEC_OID_SHA1: ht = HASH_AlgSHA1; break; +#ifndef NO_SHA224_AVAILABLE case SEC_OID_SHA224: ht = HASH_AlgSHA224; break; +#endif case SEC_OID_SHA256: ht = HASH_AlgSHA256; break; case SEC_OID_SHA384: ht = HASH_AlgSHA384; break; case SEC_OID_SHA512: ht = HASH_AlgSHA512; break; @@ -237,7 +243,9 @@ HASH_GetHashOidTagByHMACOidTag(SECOidTag /* no oid exists for HMAC_MD2 */ /* NSS does not define a oid for HMAC_MD4 */ case SEC_OID_HMAC_SHA1: hashOid = SEC_OID_SHA1; break; +#ifndef NO_SHA224_AVAILABLE case SEC_OID_HMAC_SHA224: hashOid = SEC_OID_SHA224; break; +#endif case SEC_OID_HMAC_SHA256: hashOid = SEC_OID_SHA256; break; case SEC_OID_HMAC_SHA384: hashOid = SEC_OID_SHA384; break; case SEC_OID_HMAC_SHA512: hashOid = SEC_OID_SHA512; break; @@ -257,7 +265,9 @@ HASH_GetHMACOidTagByHashOidTag(SECOidTag /* no oid exists for HMAC_MD2 */ /* NSS does not define a oid for HMAC_MD4 */ case SEC_OID_SHA1: hmacOid = SEC_OID_HMAC_SHA1; break; +#ifndef NO_SHA224_AVAILABLE case SEC_OID_SHA224: hmacOid = SEC_OID_HMAC_SHA224; break; +#endif case SEC_OID_SHA256: hmacOid = SEC_OID_HMAC_SHA256; break; case SEC_OID_SHA384: hmacOid = SEC_OID_HMAC_SHA384; break; case SEC_OID_SHA512: hmacOid = SEC_OID_HMAC_SHA512; break; diff -up ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224 ./mozilla/security/nss/lib/cryptohi/seckey.c --- ./mozilla/security/nss/lib/cryptohi/seckey.c.nosha224 2011-10-22 07:35:42.000000000 -0700 +++ ./mozilla/security/nss/lib/cryptohi/seckey.c 2011-12-04 22:03:47.307609957 -0800 @@ -550,7 +550,9 @@ seckey_GetKeyType (SECOidTag tag) { * should be handing us a cipher type */ case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: +#ifndef NO_SHA224_AVAILABLE case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: +#endif case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: diff -up ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224 ./mozilla/security/nss/lib/cryptohi/secvfy.c --- ./mozilla/security/nss/lib/cryptohi/secvfy.c.nosha224 2011-10-22 07:35:42.000000000 -0700 +++ ./mozilla/security/nss/lib/cryptohi/secvfy.c 2011-12-04 22:03:47.307609957 -0800 @@ -240,11 +240,12 @@ sec_DecodeSigAlg(const SECKEYPublicKey * case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */ break; - +#ifndef NO_SHA224_AVAILABLE case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: *hashalg = SEC_OID_SHA224; break; +#endif case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: *hashalg = SEC_OID_SHA256; @@ -279,8 +280,10 @@ sec_DecodeSigAlg(const SECKEYPublicKey * len = SECKEY_PublicKeyStrength(key); if (len < 28) { /* 28 bytes == 224 bits */ *hashalg = SEC_OID_SHA1; +#ifndef NO_SHA224_AVAILABLE } else if (len < 32) { /* 32 bytes == 256 bits */ *hashalg = SEC_OID_SHA224; +#endif } else if (len < 48) { /* 48 bytes == 384 bits */ *hashalg = SEC_OID_SHA256; } else if (len < 64) { /* 48 bytes == 512 bits */ @@ -325,7 +328,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey * case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: +#ifndef NO_SHA224_AVAILABLE case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: +#endif case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: @@ -347,7 +352,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey * *encalg = SEC_OID_MISSI_DSS; break; case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: +#ifndef NO_SHA224_AVAILABLE case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: +#endif case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: diff -up ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 ./mozilla/security/nss/lib/freebl/blapi.h --- ./mozilla/security/nss/lib/freebl/blapi.h.nosha224 2011-10-04 15:05:53.000000000 -0700 +++ ./mozilla/security/nss/lib/freebl/blapi.h 2011-12-04 22:03:47.308609957 -0800 @@ -1088,7 +1088,7 @@ extern SHA1Context * SHA1_Resurrect(unsi extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src); /******************************************/ - +#ifndef NO_SHA224_AVAILABLE extern SHA224Context *SHA224_NewContext(void); extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit); extern void SHA224_Begin(SHA224Context *cx); @@ -1104,6 +1104,7 @@ extern unsigned int SHA224_FlattenSize(S extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space); extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg); extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src); +#endif /******************************************/ diff -up ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224 ./mozilla/security/nss/lib/freebl/ldvector.c --- ./mozilla/security/nss/lib/freebl/ldvector.c.nosha224 2011-10-04 15:05:53.000000000 -0700 +++ ./mozilla/security/nss/lib/freebl/ldvector.c 2011-12-04 22:03:47.309609957 -0800 @@ -270,7 +270,7 @@ static const struct FREEBLVectorStr vect JPAKE_Verify, JPAKE_Round2, JPAKE_Final, - +#ifndef NO_SHA224_AVAILABLE /* End of Version 3.012 */ TLS_P_hash, @@ -287,7 +287,7 @@ static const struct FREEBLVectorStr vect SHA224_Resurrect, SHA224_Clone, BLAPI_SHVerifyFile - +#endif /* End of Version 3.013 */ }; diff -up ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224 ./mozilla/security/nss/lib/freebl/nsslowhash.c --- ./mozilla/security/nss/lib/freebl/nsslowhash.c.nosha224 2010-09-09 17:42:36.000000000 -0700 +++ ./mozilla/security/nss/lib/freebl/nsslowhash.c 2011-12-04 22:03:47.309609957 -0800 @@ -128,14 +128,14 @@ freebl_fips_SHA_PowerUpSelfTest( void ) 0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b, 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0, 0xe0,0x68,0x47,0x7a}; - +#ifndef NO_SHA224_AVAILABLE /* SHA-224 Known Digest Message (224-bits). */ static const PRUint8 sha224_known_digest[] = { 0x1c,0xc3,0x06,0x8e,0xce,0x37,0x68,0xfb, 0x1a,0x82,0x4a,0xbe,0x2b,0x00,0x51,0xf8, 0x9d,0xb6,0xe0,0x90,0x0d,0x00,0xc9,0x64, 0x9a,0xb8,0x98,0x4e}; - +#endif /* SHA-256 Known Digest Message (256-bits). */ static const PRUint8 sha256_known_digest[] = { 0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61, @@ -178,7 +178,7 @@ freebl_fips_SHA_PowerUpSelfTest( void ) ( PORT_Memcmp( sha_computed_digest, sha1_known_digest, SHA1_LENGTH ) != 0 ) ) return( CKR_DEVICE_ERROR ); - +#ifndef NO_SHA224_AVAILABLE /***************************************************/ /* SHA-224 Single-Round Known Answer Hashing Test. */ /***************************************************/ @@ -190,7 +190,7 @@ freebl_fips_SHA_PowerUpSelfTest( void ) ( PORT_Memcmp( sha_computed_digest, sha224_known_digest, SHA224_LENGTH ) != 0 ) ) return( CKR_DEVICE_ERROR ); - +#endif /***************************************************/ /* SHA-256 Single-Round Known Answer Hashing Test. */ /***************************************************/ diff -up ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224 ./mozilla/security/nss/lib/freebl/rawhash.c --- ./mozilla/security/nss/lib/freebl/rawhash.c.nosha224 2010-08-17 22:55:47.000000000 -0700 +++ ./mozilla/security/nss/lib/freebl/rawhash.c 2011-12-04 22:03:47.309609957 -0800 @@ -155,6 +155,7 @@ const SECHashObject SECRawHashObjects[] SHA512_BLOCK_LENGTH, HASH_AlgSHA512 }, +#ifndef NO_SHA224_AVAILABLE { SHA224_LENGTH, (void * (*)(void)) SHA224_NewContext, (void * (*)(void *)) null_hash_clone_context, @@ -166,6 +167,7 @@ const SECHashObject SECRawHashObjects[] SHA224_BLOCK_LENGTH, HASH_AlgSHA224 }, +#endif }; const SECHashObject * diff -up ./mozilla/security/nss/lib/freebl/sha512.c.nosha224 ./mozilla/security/nss/lib/freebl/sha512.c --- ./mozilla/security/nss/lib/freebl/sha512.c.nosha224 2011-09-14 10:48:03.000000000 -0700 +++ ./mozilla/security/nss/lib/freebl/sha512.c 2011-12-04 22:03:47.310609957 -0800 @@ -544,6 +544,7 @@ void SHA256_Clone(SHA256Context *dest, S memcpy(dest, src, sizeof *dest); } +#ifndef NO_SHA224_AVAILABLE /* ============= SHA224 implementation ================================== */ /* SHA-224 initial hash values */ @@ -630,7 +631,7 @@ void SHA224_Clone(SHA224Context *dest, S { SHA256_Clone(dest, src); } - +#endif /* ======= SHA512 and SHA384 common constants and defines ================= */ diff -up ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224 ./mozilla/security/nss/lib/softoken/fipstest.c --- ./mozilla/security/nss/lib/softoken/fipstest.c.nosha224 2011-03-29 08:12:43.000000000 -0700 +++ ./mozilla/security/nss/lib/softoken/fipstest.c 2011-12-04 22:03:47.311609956 -0800 @@ -865,12 +865,14 @@ sftk_fips_HMAC_PowerUpSelfTest( void ) 0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e, 0x5d, 0x0e, 0x1e, 0x11}; +#ifndef NO_SHA224_AVAILABLE /* known SHA224 hmac (28 bytes) */ static const PRUint8 known_SHA224_hmac[] = { 0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb, 0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8, 0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64, 0x9a, 0xb8, 0x98, 0x4e}; +#endif /* known SHA256 hmac (32 bytes) */ static const PRUint8 known_SHA256_hmac[] = { @@ -922,6 +924,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void ) /* HMAC SHA-224 Single-Round Known Answer Test. */ /***************************************************/ +#ifndef NO_SHA224_AVAILABLE hmac_status = sftk_fips_HMAC(hmac_computed, HMAC_known_secret_key, HMAC_known_secret_key_length, @@ -933,6 +936,7 @@ sftk_fips_HMAC_PowerUpSelfTest( void ) ( PORT_Memcmp( hmac_computed, known_SHA224_hmac, SHA224_LENGTH ) != 0 ) ) return( CKR_DEVICE_ERROR ); +#endif /***************************************************/ /* HMAC SHA-256 Single-Round Known Answer Test. */ @@ -994,12 +998,14 @@ sftk_fips_SHA_PowerUpSelfTest( void ) 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0, 0xe0,0x68,0x47,0x7a}; +#ifndef NO_SHA224_AVAILABLE /* SHA-224 Known Digest Message (224-bits). */ static const PRUint8 sha224_known_digest[] = { 0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f, 0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f, 0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f, 0x8e,0x08,0xe5,0xcb}; +#endif /* SHA-256 Known Digest Message (256-bits). */ static const PRUint8 sha256_known_digest[] = { @@ -1048,6 +1054,7 @@ sftk_fips_SHA_PowerUpSelfTest( void ) /* SHA-224 Single-Round Known Answer Hashing Test. */ /***************************************************/ +#ifndef NO_SHA224_AVAILABLE sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message, FIPS_KNOWN_HASH_MESSAGE_LENGTH ); @@ -1055,6 +1062,7 @@ sftk_fips_SHA_PowerUpSelfTest( void ) ( PORT_Memcmp( sha_computed_digest, sha224_known_digest, SHA224_LENGTH ) != 0 ) ) return( CKR_DEVICE_ERROR ); +#endif /***************************************************/ /* SHA-256 Single-Round Known Answer Hashing Test. */ diff -up ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11c.c --- ./mozilla/security/nss/lib/softoken/pkcs11c.c.nosha224 2011-09-21 11:49:16.000000000 -0700 +++ ./mozilla/security/nss/lib/softoken/pkcs11c.c 2011-12-04 22:03:47.313609956 -0800 @@ -1316,7 +1316,9 @@ CK_RV NSC_DigestInit(CK_SESSION_HANDLE h INIT_MECH(CKM_MD2, MD2) INIT_MECH(CKM_MD5, MD5) INIT_MECH(CKM_SHA_1, SHA1) +#ifndef NO_SHA224_AVAILABLE INIT_MECH(CKM_SHA224, SHA224) +#endif INIT_MECH(CKM_SHA256, SHA256) INIT_MECH(CKM_SHA384, SHA384) INIT_MECH(CKM_SHA512, SHA512) @@ -1440,7 +1442,9 @@ sftk_doSub ## mmm(SFTKSessionContext *co DOSUB(MD2) DOSUB(MD5) DOSUB(SHA1) +#ifndef NO_SHA224_AVAILABLE DOSUB(SHA224) +#endif DOSUB(SHA256) DOSUB(SHA384) DOSUB(SHA512) @@ -2013,7 +2017,9 @@ CK_RV NSC_SignInit(CK_SESSION_HANDLE hSe INIT_RSA_SIGN_MECH(MD5) INIT_RSA_SIGN_MECH(MD2) INIT_RSA_SIGN_MECH(SHA1) +#ifndef NO_SHA224_AVAILABLE INIT_RSA_SIGN_MECH(SHA224) +#endif INIT_RSA_SIGN_MECH(SHA256) INIT_RSA_SIGN_MECH(SHA384) INIT_RSA_SIGN_MECH(SHA512) @@ -2131,7 +2137,9 @@ finish_rsa: INIT_HMAC_MECH(MD2) INIT_HMAC_MECH(MD5) +#ifndef NO_SHA224_AVAILABLE INIT_HMAC_MECH(SHA224) +#endif INIT_HMAC_MECH(SHA256) INIT_HMAC_MECH(SHA384) INIT_HMAC_MECH(SHA512) @@ -2529,7 +2537,9 @@ CK_RV NSC_VerifyInit(CK_SESSION_HANDLE h INIT_RSA_VFY_MECH(MD5) INIT_RSA_VFY_MECH(MD2) INIT_RSA_VFY_MECH(SHA1) +#ifndef NO_SHA224_AVAILABLE INIT_RSA_VFY_MECH(SHA224) +#endif INIT_RSA_VFY_MECH(SHA256) INIT_RSA_VFY_MECH(SHA384) INIT_RSA_VFY_MECH(SHA512) @@ -2626,7 +2636,9 @@ finish_rsa: INIT_HMAC_MECH(MD2) INIT_HMAC_MECH(MD5) +#ifndef NO_SHA224_AVAILABLE INIT_HMAC_MECH(SHA224) +#endif INIT_HMAC_MECH(SHA256) INIT_HMAC_MECH(SHA384) INIT_HMAC_MECH(SHA512) diff -up ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224 ./mozilla/security/nss/lib/softoken/pkcs11.c --- ./mozilla/security/nss/lib/softoken/pkcs11.c.nosha224 2011-01-21 16:12:04.000000000 -0800 +++ ./mozilla/security/nss/lib/softoken/pkcs11.c 2011-12-04 22:03:47.316609956 -0800 @@ -311,8 +311,10 @@ static const struct mechanismList mechan CKF_SN_VR}, PR_TRUE}, {CKM_SHA1_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX, CKF_SN_VR}, PR_TRUE}, +#ifndef NO_SHA224_AVAILABLE {CKM_SHA224_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX, CKF_SN_VR}, PR_TRUE}, +#endif {CKM_SHA256_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX, CKF_SN_VR}, PR_TRUE}, {CKM_SHA384_RSA_PKCS, {RSA_MIN_MODULUS_BITS,CK_MAX, @@ -401,9 +403,11 @@ static const struct mechanismList mechan {CKM_SHA_1, {0, 0, CKF_DIGEST}, PR_FALSE}, {CKM_SHA_1_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, {CKM_SHA_1_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, +#ifndef NO_SHA224_AVAILABLE {CKM_SHA224, {0, 0, CKF_DIGEST}, PR_FALSE}, {CKM_SHA224_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, {CKM_SHA224_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, +#endif {CKM_SHA256, {0, 0, CKF_DIGEST}, PR_FALSE}, {CKM_SHA256_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, {CKM_SHA256_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, diff -up ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224 ./mozilla/security/nss/lib/softoken/rsawrapr.c --- ./mozilla/security/nss/lib/softoken/rsawrapr.c.nosha224 2011-10-22 07:35:43.000000000 -0700 +++ ./mozilla/security/nss/lib/softoken/rsawrapr.c 2011-12-04 22:03:47.316609956 -0800 @@ -1173,9 +1173,11 @@ GetHashTypeFromMechanism(CK_MECHANISM_TY case CKM_SHA_1: case CKG_MGF1_SHA1: return HASH_AlgSHA1; +#ifndef NO_SHA224_AVAILABLE case CKM_SHA224: case CKG_MGF1_SHA224: return HASH_AlgSHA224; +#endif case CKM_SHA256: case CKG_MGF1_SHA256: return HASH_AlgSHA256; diff -up ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 ./mozilla/security/nss/tests/cipher/cipher.txt --- ./mozilla/security/nss/tests/cipher/cipher.txt.nosha224 2010-08-17 22:57:05.000000000 -0700 +++ ./mozilla/security/nss/tests/cipher/cipher.txt 2011-12-04 22:03:47.317609956 -0800 @@ -73,7 +73,6 @@ 0 md2_-H MD2_Hash 0 md5_-H MD5_Hash 0 sha1_-H SHA1_Hash - 0 sha224_-H SHA224_Hash 0 sha256_-H SHA256_Hash 0 sha384_-H SHA384_Hash 0 sha512_-H SHA512_Hash