Back out large hash code from 3.7 release

13 files changed, 9 insertions, 543 deletions

diff --git a/security/nss/lib/cryptohi/hasht.h b/security/nss/lib/cryptohi/hasht.h
index 852ee706e..143e37486 100644
--- a/security/nss/lib/cryptohi/hasht.h
+++ b/security/nss/lib/cryptohi/hasht.h
@@ -47,13 +47,10 @@ typedef struct HASHContextStr HASHContext;
  * NOTE the order must match the definition of SECHashObjects[]!
  */
 typedef enum {
-    HASH_AlgNULL   = 0,
-    HASH_AlgMD2    = 1,
-    HASH_AlgMD5    = 2,
-    HASH_AlgSHA1   = 3,
-    HASH_AlgSHA256 = 4,
-    HASH_AlgSHA384 = 5,
-    HASH_AlgSHA512 = 6,
+    HASH_AlgNULL = 0,
+    HASH_AlgMD2 = 1,
+    HASH_AlgMD5 = 2,
+    HASH_AlgSHA1 = 3,
     HASH_AlgTOTAL
 } HASH_HashType;
 
@@ -63,10 +60,6 @@ typedef enum {
 #define MD2_LENGTH	16
 #define MD5_LENGTH	16
 #define SHA1_LENGTH	20
-#define SHA256_LENGTH 	32
-#define SHA384_LENGTH 	48
-#define SHA512_LENGTH 	64
-#define HASH_LENGTH_MAX SHA512_LENGTH
 
 /*
  * Structure to hold hash computation info and routines
diff --git a/security/nss/lib/cryptohi/sechash.c b/security/nss/lib/cryptohi/sechash.c
index 715f840cf..36ee1efd2 100644
--- a/security/nss/lib/cryptohi/sechash.c
+++ b/security/nss/lib/cryptohi/sechash.c
@@ -87,21 +87,6 @@ sha1_NewContext(void) {
 	return (void *) PK11_CreateDigestContext(SEC_OID_SHA1);
 }
 
-static void *
-sha256_NewContext(void) {
-	return (void *) PK11_CreateDigestContext(SEC_OID_SHA256);
-}
-
-static void *
-sha384_NewContext(void) {
-	return (void *) PK11_CreateDigestContext(SEC_OID_SHA384);
-}
-
-static void *
-sha512_NewContext(void) {
-	return (void *) PK11_CreateDigestContext(SEC_OID_SHA512);
-}
-
 const SECHashObject SECHashObjects[] = {
   { 0,
     (void * (*)(void)) null_hash_new_context,
@@ -139,33 +124,6 @@ const SECHashObject SECHashObjects[] = {
     (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) 
 							PK11_DigestFinal
   },
-  { SHA256_LENGTH,
-    (void * (*)(void)) sha256_NewContext,
-    (void * (*)(void *)) PK11_CloneContext,
-    (void (*)(void *, PRBool)) PK11_DestroyContext,
-    (void (*)(void *)) PK11_DigestBegin,
-    (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) 
-							PK11_DigestFinal
-  },
-  { SHA384_LENGTH,
-    (void * (*)(void)) sha384_NewContext,
-    (void * (*)(void *)) PK11_CloneContext,
-    (void (*)(void *, PRBool)) PK11_DestroyContext,
-    (void (*)(void *)) PK11_DigestBegin,
-    (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) 
-							PK11_DigestFinal
-  },
-  { SHA512_LENGTH,
-    (void * (*)(void)) sha512_NewContext,
-    (void * (*)(void *)) PK11_CloneContext,
-    (void (*)(void *, PRBool)) PK11_DestroyContext,
-    (void (*)(void *)) PK11_DigestBegin,
-    (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) 
-							PK11_DigestFinal
-  },
 };
 
 const SECHashObject * 
diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h
index 121eff791..f14da297d 100644
--- a/security/nss/lib/freebl/blapi.h
+++ b/security/nss/lib/freebl/blapi.h
@@ -707,58 +707,6 @@ extern SECStatus SHA1_Flatten(SHA1Context *cx,unsigned char *space);
  */
 extern SHA1Context * SHA1_Resurrect(unsigned char *space, void *arg);
 
-/******************************************/
-
-extern SHA256Context *SHA256_NewContext(void);
-extern void SHA256_DestroyContext(SHA256Context *cx, PRBool freeit);
-extern void SHA256_Begin(SHA256Context *cx);
-extern void SHA256_Update(SHA256Context *cx, const unsigned char *input,
-			unsigned int inputLen);
-extern void SHA256_End(SHA256Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen);
-extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
-extern SECStatus SHA256_Hash(unsigned char *dest, const char *src);
-extern void SHA256_TraceState(SHA256Context *cx);
-extern unsigned int SHA256_FlattenSize(SHA256Context *cx);
-extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space);
-extern SHA256Context * SHA256_Resurrect(unsigned char *space, void *arg);
-
-/******************************************/
-
-extern SHA512Context *SHA512_NewContext(void);
-extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit);
-extern void SHA512_Begin(SHA512Context *cx);
-extern void SHA512_Update(SHA512Context *cx, const unsigned char *input,
-			unsigned int inputLen);
-extern void SHA512_End(SHA512Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen);
-extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
-extern SECStatus SHA512_Hash(unsigned char *dest, const char *src);
-extern void SHA512_TraceState(SHA512Context *cx);
-extern unsigned int SHA512_FlattenSize(SHA512Context *cx);
-extern SECStatus SHA512_Flatten(SHA512Context *cx,unsigned char *space);
-extern SHA512Context * SHA512_Resurrect(unsigned char *space, void *arg);
-
-/******************************************/
-
-extern SHA384Context *SHA384_NewContext(void);
-extern void SHA384_DestroyContext(SHA384Context *cx, PRBool freeit);
-extern void SHA384_Begin(SHA384Context *cx);
-extern void SHA384_Update(SHA384Context *cx, const unsigned char *input,
-			unsigned int inputLen);
-extern void SHA384_End(SHA384Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen);
-extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
-extern SECStatus SHA384_Hash(unsigned char *dest, const char *src);
-extern void SHA384_TraceState(SHA384Context *cx);
-extern unsigned int SHA384_FlattenSize(SHA384Context *cx);
-extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space);
-extern SHA384Context * SHA384_Resurrect(unsigned char *space, void *arg);
-
-/******************************************/
 /*
 ** Pseudo Random Number Generation.  FIPS compliance desirable.
 */
diff --git a/security/nss/lib/freebl/ldvector.c b/security/nss/lib/freebl/ldvector.c
index 9327c2a10..ef97116e3 100644
--- a/security/nss/lib/freebl/ldvector.c
+++ b/security/nss/lib/freebl/ldvector.c
@@ -113,53 +113,9 @@ static const struct FREEBLVectorStr vector = {
     PQG_ParamGen,
     PQG_ParamGenSeedLen,
     PQG_VerifyParams,
-
-    /* End of Version 3.001. */
-
     RSA_PrivateKeyOpDoubleChecked,
     RSA_PrivateKeyCheck,
     BL_Cleanup,
-
-    /* End of Version 3.002. */
-
-    SHA256_NewContext,
-    SHA256_DestroyContext,
-    SHA256_Begin,
-    SHA256_Update,
-    SHA256_End,
-    SHA256_HashBuf,
-    SHA256_Hash,
-    SHA256_TraceState,
-    SHA256_FlattenSize,
-    SHA256_Flatten,
-    SHA256_Resurrect,
-
-    SHA512_NewContext,
-    SHA512_DestroyContext,
-    SHA512_Begin,
-    SHA512_Update,
-    SHA512_End,
-    SHA512_HashBuf,
-    SHA512_Hash,
-    SHA512_TraceState,
-    SHA512_FlattenSize,
-    SHA512_Flatten,
-    SHA512_Resurrect,
-
-    SHA384_NewContext,
-    SHA384_DestroyContext,
-    SHA384_Begin,
-    SHA384_Update,
-    SHA384_End,
-    SHA384_HashBuf,
-    SHA384_Hash,
-    SHA384_TraceState,
-    SHA384_FlattenSize,
-    SHA384_Flatten,
-    SHA384_Resurrect,
-
-    /* End of Version 3.003. */
-
 };
 
 
diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c
index 489b66f1a..2bab1fe42 100644
--- a/security/nss/lib/freebl/loader.c
+++ b/security/nss/lib/freebl/loader.c
@@ -959,278 +959,3 @@ BL_Cleanup(void)
   (vector->p_BL_Cleanup)();
 }
 
-/* ============== New for 3.003 =============================== */
-
-SECStatus 
-SHA256_Hash(unsigned char *dest, const char *src)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA256_Hash)(dest, src);
-}
-
-SECStatus 
-SHA256_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA256_HashBuf)(dest, src, src_length);
-}
-
-SHA256Context *
-SHA256_NewContext(void)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return NULL;
-  return (vector->p_SHA256_NewContext)();
-}
-
-void 
-SHA256_DestroyContext(SHA256Context *cx, PRBool freeit)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA256_DestroyContext)(cx, freeit);
-}
-
-void 
-SHA256_Begin(SHA256Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA256_Begin)(cx);
-}
-
-void 
-SHA256_Update(SHA256Context *cx, const unsigned char *input,
-			unsigned int inputLen)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA256_Update)(cx, input, inputLen);
-}
-
-void 
-SHA256_End(SHA256Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA256_End)(cx, digest, digestLen, maxDigestLen);
-}
-
-void 
-SHA256_TraceState(SHA256Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA256_TraceState)(cx);
-}
-
-unsigned int 
-SHA256_FlattenSize(SHA256Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return 0;
-  return (vector->p_SHA256_FlattenSize)(cx);
-}
-
-SECStatus 
-SHA256_Flatten(SHA256Context *cx,unsigned char *space)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA256_Flatten)(cx, space);
-}
-
-SHA256Context * 
-SHA256_Resurrect(unsigned char *space, void *arg)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return NULL;
-  return (vector->p_SHA256_Resurrect)(space, arg);
-}
-
-SECStatus 
-SHA512_Hash(unsigned char *dest, const char *src)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA512_Hash)(dest, src);
-}
-
-SECStatus 
-SHA512_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA512_HashBuf)(dest, src, src_length);
-}
-
-SHA512Context *
-SHA512_NewContext(void)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return NULL;
-  return (vector->p_SHA512_NewContext)();
-}
-
-void 
-SHA512_DestroyContext(SHA512Context *cx, PRBool freeit)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA512_DestroyContext)(cx, freeit);
-}
-
-void 
-SHA512_Begin(SHA512Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA512_Begin)(cx);
-}
-
-void 
-SHA512_Update(SHA512Context *cx, const unsigned char *input,
-			unsigned int inputLen)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA512_Update)(cx, input, inputLen);
-}
-
-void 
-SHA512_End(SHA512Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA512_End)(cx, digest, digestLen, maxDigestLen);
-}
-
-void 
-SHA512_TraceState(SHA512Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA512_TraceState)(cx);
-}
-
-unsigned int 
-SHA512_FlattenSize(SHA512Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return 0;
-  return (vector->p_SHA512_FlattenSize)(cx);
-}
-
-SECStatus 
-SHA512_Flatten(SHA512Context *cx,unsigned char *space)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA512_Flatten)(cx, space);
-}
-
-SHA512Context * 
-SHA512_Resurrect(unsigned char *space, void *arg)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return NULL;
-  return (vector->p_SHA512_Resurrect)(space, arg);
-}
-
-
-SECStatus 
-SHA384_Hash(unsigned char *dest, const char *src)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA384_Hash)(dest, src);
-}
-
-SECStatus 
-SHA384_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA384_HashBuf)(dest, src, src_length);
-}
-
-SHA384Context *
-SHA384_NewContext(void)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return NULL;
-  return (vector->p_SHA384_NewContext)();
-}
-
-void 
-SHA384_DestroyContext(SHA384Context *cx, PRBool freeit)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA384_DestroyContext)(cx, freeit);
-}
-
-void 
-SHA384_Begin(SHA384Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA384_Begin)(cx);
-}
-
-void 
-SHA384_Update(SHA384Context *cx, const unsigned char *input,
-			unsigned int inputLen)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA384_Update)(cx, input, inputLen);
-}
-
-void 
-SHA384_End(SHA384Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA384_End)(cx, digest, digestLen, maxDigestLen);
-}
-
-void 
-SHA384_TraceState(SHA384Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return ;
-  (vector->p_SHA384_TraceState)(cx);
-}
-
-unsigned int 
-SHA384_FlattenSize(SHA384Context *cx)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return 0;
-  return (vector->p_SHA384_FlattenSize)(cx);
-}
-
-SECStatus 
-SHA384_Flatten(SHA384Context *cx,unsigned char *space)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return SECFailure;
-  return (vector->p_SHA384_Flatten)(cx, space);
-}
-
-SHA384Context * 
-SHA384_Resurrect(unsigned char *space, void *arg)
-{
-  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
-      return NULL;
-  return (vector->p_SHA384_Resurrect)(space, arg);
-}
-
-
-
diff --git a/security/nss/lib/freebl/loader.h b/security/nss/lib/freebl/loader.h
index 634fb7865..be2cc0906 100644
--- a/security/nss/lib/freebl/loader.h
+++ b/security/nss/lib/freebl/loader.h
@@ -40,7 +40,7 @@
 
 #include "blapi.h"
 
-#define FREEBL_VERSION 0x0303
+#define FREEBL_VERSION 0x0302
 
 struct FREEBLVectorStr {
 
@@ -265,53 +265,6 @@ struct FREEBLVectorStr {
 
   /* Version 3.002 came to here */
 
- SHA256Context *(* p_SHA256_NewContext)(void);
- void (* p_SHA256_DestroyContext)(SHA256Context *cx, PRBool freeit);
- void (* p_SHA256_Begin)(SHA256Context *cx);
- void (* p_SHA256_Update)(SHA256Context *cx, const unsigned char *input,
-			unsigned int inputLen);
- void (* p_SHA256_End)(SHA256Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen);
- SECStatus (* p_SHA256_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
- SECStatus (* p_SHA256_Hash)(unsigned char *dest, const char *src);
- void (* p_SHA256_TraceState)(SHA256Context *cx);
- unsigned int (* p_SHA256_FlattenSize)(SHA256Context *cx);
- SECStatus (* p_SHA256_Flatten)(SHA256Context *cx,unsigned char *space);
- SHA256Context * (* p_SHA256_Resurrect)(unsigned char *space, void *arg);
-
- SHA512Context *(* p_SHA512_NewContext)(void);
- void (* p_SHA512_DestroyContext)(SHA512Context *cx, PRBool freeit);
- void (* p_SHA512_Begin)(SHA512Context *cx);
- void (* p_SHA512_Update)(SHA512Context *cx, const unsigned char *input,
-			unsigned int inputLen);
- void (* p_SHA512_End)(SHA512Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen);
- SECStatus (* p_SHA512_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
- SECStatus (* p_SHA512_Hash)(unsigned char *dest, const char *src);
- void (* p_SHA512_TraceState)(SHA512Context *cx);
- unsigned int (* p_SHA512_FlattenSize)(SHA512Context *cx);
- SECStatus (* p_SHA512_Flatten)(SHA512Context *cx,unsigned char *space);
- SHA512Context * (* p_SHA512_Resurrect)(unsigned char *space, void *arg);
-
- SHA384Context *(* p_SHA384_NewContext)(void);
- void (* p_SHA384_DestroyContext)(SHA384Context *cx, PRBool freeit);
- void (* p_SHA384_Begin)(SHA384Context *cx);
- void (* p_SHA384_Update)(SHA384Context *cx, const unsigned char *input,
-			unsigned int inputLen);
- void (* p_SHA384_End)(SHA384Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen);
- SECStatus (* p_SHA384_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
- SECStatus (* p_SHA384_Hash)(unsigned char *dest, const char *src);
- void (* p_SHA384_TraceState)(SHA384Context *cx);
- unsigned int (* p_SHA384_FlattenSize)(SHA384Context *cx);
- SECStatus (* p_SHA384_Flatten)(SHA384Context *cx,unsigned char *space);
- SHA384Context * (* p_SHA384_Resurrect)(unsigned char *space, void *arg);
-
-  /* Version 3.003 came to here */
-
 };
 
 typedef struct FREEBLVectorStr FREEBLVector;
diff --git a/security/nss/lib/freebl/manifest.mn b/security/nss/lib/freebl/manifest.mn
index d8c0d97fb..50b48d289 100644
--- a/security/nss/lib/freebl/manifest.mn
+++ b/security/nss/lib/freebl/manifest.mn
@@ -81,7 +81,6 @@ CSRCS = \
 	sha_fast.c \
 	md2.c \
 	md5.c \
-	sha512.c \
 	alg2268.c \
 	arcfour.c \
 	arcfive.c \
diff --git a/security/nss/lib/softoken/alghmac.c b/security/nss/lib/softoken/alghmac.c
index fb22fbd9c..a975f3f5a 100644
--- a/security/nss/lib/softoken/alghmac.c
+++ b/security/nss/lib/softoken/alghmac.c
@@ -62,7 +62,7 @@ HMAC_Create(const SECHashObject *hash_obj, const unsigned char *secret,
 {
     HMACContext *cx;
     unsigned int i;
-    unsigned char hashed_secret[HASH_LENGTH_MAX];
+    unsigned char hashed_secret[SHA1_LENGTH];
 
     /* required by FIPS 198 Section 3 */
     if (isFIPS && secret_len < hash_obj->length/2) {
diff --git a/security/nss/lib/softoken/pkcs11i.h b/security/nss/lib/softoken/pkcs11i.h
index ae92816b3..ef783b918 100644
--- a/security/nss/lib/softoken/pkcs11i.h
+++ b/security/nss/lib/softoken/pkcs11i.h
@@ -297,8 +297,8 @@ typedef enum {
 
 
 #define PK11_MAX_BLOCK_SIZE 16
-/* currently SHA512 is the biggest hash length */
-#define PK11_MAX_MAC_LENGTH 64
+/* currently SHA1 is the biggest hash length */
+#define PK11_MAX_MAC_LENGTH 20
 #define PK11_INVALID_MAC_SIZE 0xffffffff
 
 struct PK11SessionContextStr {
diff --git a/security/nss/lib/softoken/pkcs11n.h b/security/nss/lib/softoken/pkcs11n.h
index 5c6624bb5..c2b57acab 100644
--- a/security/nss/lib/softoken/pkcs11n.h
+++ b/security/nss/lib/softoken/pkcs11n.h
@@ -165,16 +165,6 @@ static const char CKT_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
 
 #define CKM_TLS_PRF_GENERAL                     0x80000373L
 
-/* These new SHAxxx mechanisms will be defined as vendor-defined until
-** they are given standard mechanism numbers.
-*/
-#define CKM_SHA256				0x80000401L
-#define CKM_SHA384				0x80000402L
-#define CKM_SHA512				0x80000403L
-
-#define CKM_SHA256_RSA_PKCS			0x80000411L
-#define CKM_SHA384_RSA_PKCS			0x80000412L
-#define CKM_SHA512_RSA_PKCS			0x80000413L
 
 /*
  * Netscape-defined return values
diff --git a/security/nss/lib/softoken/rawhash.c b/security/nss/lib/softoken/rawhash.c
index b32d3f31a..9250bf62b 100644
--- a/security/nss/lib/softoken/rawhash.c
+++ b/security/nss/lib/softoken/rawhash.c
@@ -107,29 +107,5 @@ const SECHashObject SECRawHashObjects[] = {
     (void (*)(void *, const unsigned char *, unsigned int)) SHA1_Update,
     (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA1_End
   },
-  { SHA256_LENGTH,
-    (void * (*)(void)) SHA256_NewContext,
-    (void * (*)(void *)) null_hash_clone_context,
-    (void (*)(void *, PRBool)) SHA256_DestroyContext,
-    (void (*)(void *)) SHA256_Begin,
-    (void (*)(void *, const unsigned char *, unsigned int)) SHA256_Update,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA256_End
-  },
-  { SHA384_LENGTH,
-    (void * (*)(void)) SHA384_NewContext,
-    (void * (*)(void *)) null_hash_clone_context,
-    (void (*)(void *, PRBool)) SHA384_DestroyContext,
-    (void (*)(void *)) SHA384_Begin,
-    (void (*)(void *, const unsigned char *, unsigned int)) SHA384_Update,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA384_End
-  },
-  { SHA512_LENGTH,
-    (void * (*)(void)) SHA512_NewContext,
-    (void * (*)(void *)) null_hash_clone_context,
-    (void (*)(void *, PRBool)) SHA512_DestroyContext,
-    (void (*)(void *)) SHA512_Begin,
-    (void (*)(void *, const unsigned char *, unsigned int)) SHA512_Update,
-    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA512_End
-  },
 };
 
diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c
index 2ee8b08e6..179105488 100644
--- a/security/nss/lib/util/secoid.c
+++ b/security/nss/lib/util/secoid.c
@@ -50,7 +50,6 @@
 
 #define NISTALGS    USGOV, 3, 4
 #define AES         NISTALGS, 1
-#define SHAXXX      NISTALGS, 2
 
 /**
  ** The Netscape OID space is allocated by Terry Hayes.  If you need
@@ -180,9 +179,6 @@ CONST_OID pkcs1MD2WithRSAEncryption[]  		= { PKCS1, 0x02 };
 CONST_OID pkcs1MD4WithRSAEncryption[]  		= { PKCS1, 0x03 };
 CONST_OID pkcs1MD5WithRSAEncryption[]  		= { PKCS1, 0x04 };
 CONST_OID pkcs1SHA1WithRSAEncryption[] 		= { PKCS1, 0x05 };
-CONST_OID pkcs1SHA256WithRSAEncryption[] 	= { PKCS1, 11 };
-CONST_OID pkcs1SHA384WithRSAEncryption[] 	= { PKCS1, 12 };
-CONST_OID pkcs1SHA512WithRSAEncryption[] 	= { PKCS1, 13 };
 
 CONST_OID pkcs5PbeWithMD2AndDEScbc[]  		= { PKCS5, 0x01 };
 CONST_OID pkcs5PbeWithMD5AndDEScbc[]  		= { PKCS5, 0x03 };
@@ -418,10 +414,6 @@ CONST_OID aes256_OFB[] 				= { AES, 43 };
 CONST_OID aes256_CFB[] 				= { AES, 44 };
 #endif
 
-CONST_OID sha256[]                              = { SHAXXX, 1 };
-CONST_OID sha384[]                              = { SHAXXX, 2 };
-CONST_OID sha512[]                              = { SHAXXX, 3 };
-
 #define OI(x) { siDEROID, (unsigned char *)x, sizeof x }
 #ifndef SECOID_NO_STRINGS
 #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext }
@@ -1017,25 +1009,9 @@ const static SECOidData oids[] = {
     OD( sdn702DSASignature, SEC_OID_SDN702_DSA_SIGNATURE, 
 	"SDN.702 DSA Signature", CKM_DSA_SHA1, INVALID_CERT_EXTENSION ),
 
-    OD( ms_smimeEncryptionKeyPreference, 
-        SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE,
+    OD( ms_smimeEncryptionKeyPreference, SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE,
 	"Microsoft S/MIME Encryption Key Preference", 
 	CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
-
-    OD( sha256, SEC_OID_SHA256, "SHA-256", CKM_SHA256, INVALID_CERT_EXTENSION),
-    OD( sha384, SEC_OID_SHA384, "SHA-384", CKM_SHA384, INVALID_CERT_EXTENSION),
-    OD( sha512, SEC_OID_SHA512, "SHA-512", CKM_SHA512, INVALID_CERT_EXTENSION),
-
-    OD( pkcs1SHA256WithRSAEncryption, SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION,
-	"PKCS #1 SHA-256 With RSA Encryption", CKM_SHA256_RSA_PKCS,
-	INVALID_CERT_EXTENSION ),
-    OD( pkcs1SHA384WithRSAEncryption, SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION,
-	"PKCS #1 SHA-384 With RSA Encryption", CKM_SHA384_RSA_PKCS,
-	INVALID_CERT_EXTENSION ),
-    OD( pkcs1SHA512WithRSAEncryption, SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION,
-	"PKCS #1 SHA-512 With RSA Encryption", CKM_SHA512_RSA_PKCS,
-	INVALID_CERT_EXTENSION ),
-
 };
 
 /*
diff --git a/security/nss/lib/util/secoidt.h b/security/nss/lib/util/secoidt.h
index 113959342..5c89cf7a9 100644
--- a/security/nss/lib/util/secoidt.h
+++ b/security/nss/lib/util/secoidt.h
@@ -296,14 +296,6 @@ typedef enum {
 
     SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE = 190,
 
-    SEC_OID_SHA256              = 191,
-    SEC_OID_SHA384              = 192,
-    SEC_OID_SHA512              = 193,
-
-    SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION = 194,
-    SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION = 195,
-    SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION = 196,
-
     SEC_OID_TOTAL
 } SECOidTag;