diff options
| author | Tim Taubert <ttaubert@mozilla.com> | 2016-02-11 14:43:20 +0100 |
|---|---|---|
| committer | Tim Taubert <ttaubert@mozilla.com> | 2016-02-11 14:43:20 +0100 |
| commit | 80a97f2d4d8819cabbaba7a3ce16952531c5a5af (patch) | |
| tree | 89e0c738e9b218b27fd9db98ef3371e76d627149 | |
| parent | 8856688493d817b78a28a50ea9b77c0f0f4add0c (diff) | |
| download | nss-hg-80a97f2d4d8819cabbaba7a3ce16952531c5a5af.tar.gz | |
Bug 1246928 - Add NSS_DISABLE_CHACHAPOLY to allow compiling without ChaCha20/Poly1305 r=mt
| -rw-r--r-- | coreconf/config.mk | 4 | ||||
| -rw-r--r-- | lib/freebl/Makefile | 20 | ||||
| -rw-r--r-- | lib/freebl/chacha20poly1305.c | 23 | ||||
| -rw-r--r-- | lib/softoken/pkcs11.c | 2 |
4 files changed, 40 insertions, 9 deletions
diff --git a/coreconf/config.mk b/coreconf/config.mk index 134d0c8c1..61d757bcc 100644 --- a/coreconf/config.mk +++ b/coreconf/config.mk @@ -166,6 +166,10 @@ ifdef NSS_DISABLE_DBM DEFINES += -DNSS_DISABLE_DBM endif +ifdef NSS_DISABLE_CHACHAPOLY +DEFINES += -DNSS_DISABLE_CHACHAPOLY +endif + ifdef NSS_PKIX_NO_LDAP DEFINES += -DNSS_PKIX_NO_LDAP endif diff --git a/lib/freebl/Makefile b/lib/freebl/Makefile index f2b9cba2e..4d1860b5b 100644 --- a/lib/freebl/Makefile +++ b/lib/freebl/Makefile @@ -495,17 +495,19 @@ else ifeq (1,$(CC_IS_GCC)) endif endif -ifeq ($(CPU_ARCH),x86_64) - ifdef HAVE_INT128_SUPPORT - EXTRA_SRCS += poly1305-donna-x64-sse2-incremental-source.c +ifndef NSS_DISABLE_CHACHAPOLY + ifeq ($(CPU_ARCH),x86_64) + ifdef HAVE_INT128_SUPPORT + EXTRA_SRCS += poly1305-donna-x64-sse2-incremental-source.c + else + EXTRA_SRCS += poly1305.c + endif + EXTRA_SRCS += chacha20_vec.c else EXTRA_SRCS += poly1305.c - endif - EXTRA_SRCS += chacha20_vec.c -else - EXTRA_SRCS += poly1305.c - EXTRA_SRCS += chacha20.c -endif # x86_64 + EXTRA_SRCS += chacha20.c + endif # x86_64 +endif # NSS_DISABLE_CHACHAPOLY ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # diff --git a/lib/freebl/chacha20poly1305.c b/lib/freebl/chacha20poly1305.c index e5d0310fb..cd265e1ff 100644 --- a/lib/freebl/chacha20poly1305.c +++ b/lib/freebl/chacha20poly1305.c @@ -12,12 +12,16 @@ #include "seccomon.h" #include "secerr.h" #include "blapit.h" + +#ifndef NSS_DISABLE_CHACHAPOLY #include "poly1305.h" #include "chacha20.h" #include "chacha20poly1305.h" +#endif /* Poly1305Do writes the Poly1305 authenticator of the given additional data * and ciphertext to |out|. */ +#ifndef NSS_DISABLE_CHACHAPOLY static void Poly1305Do(unsigned char *out, const unsigned char *ad, unsigned int adLen, const unsigned char *ciphertext, unsigned int ciphertextLen, @@ -52,12 +56,16 @@ Poly1305Do(unsigned char *out, const unsigned char *ad, unsigned int adLen, Poly1305Update(&state, lengthBytes, sizeof(lengthBytes)); Poly1305Finish(&state, out); } +#endif SECStatus ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx, const unsigned char *key, unsigned int keyLen, unsigned int tagLen) { +#ifdef NSS_DISABLE_CHACHAPOLY + return SECFailure; +#else if (keyLen != 32) { PORT_SetError(SEC_ERROR_BAD_KEY); return SECFailure; @@ -71,12 +79,16 @@ ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx, ctx->tagLen = tagLen; return SECSuccess; +#endif } ChaCha20Poly1305Context * ChaCha20Poly1305_CreateContext(const unsigned char *key, unsigned int keyLen, unsigned int tagLen) { +#ifdef NSS_DISABLE_CHACHAPOLY + return NULL; +#else ChaCha20Poly1305Context *ctx; ctx = PORT_New(ChaCha20Poly1305Context); @@ -90,15 +102,18 @@ ChaCha20Poly1305_CreateContext(const unsigned char *key, unsigned int keyLen, } return ctx; +#endif } void ChaCha20Poly1305_DestroyContext(ChaCha20Poly1305Context *ctx, PRBool freeit) { +#ifndef NSS_DISABLE_CHACHAPOLY PORT_Memset(ctx, 0, sizeof(*ctx)); if (freeit) { PORT_Free(ctx); } +#endif } SECStatus @@ -108,6 +123,9 @@ ChaCha20Poly1305_Seal(const ChaCha20Poly1305Context *ctx, unsigned char *output, const unsigned char *nonce, unsigned int nonceLen, const unsigned char *ad, unsigned int adLen) { +#ifdef NSS_DISABLE_CHACHAPOLY + return SECFailure; +#else unsigned char block[64]; unsigned char tag[16]; @@ -131,6 +149,7 @@ ChaCha20Poly1305_Seal(const ChaCha20Poly1305Context *ctx, unsigned char *output, PORT_Memcpy(output + inputLen, tag, ctx->tagLen); return SECSuccess; +#endif } SECStatus @@ -140,6 +159,9 @@ ChaCha20Poly1305_Open(const ChaCha20Poly1305Context *ctx, unsigned char *output, const unsigned char *nonce, unsigned int nonceLen, const unsigned char *ad, unsigned int adLen) { +#ifdef NSS_DISABLE_CHACHAPOLY + return SECFailure; +#else unsigned char block[64]; unsigned char tag[16]; unsigned int ciphertextLen; @@ -172,4 +194,5 @@ ChaCha20Poly1305_Open(const ChaCha20Poly1305Context *ctx, unsigned char *output, ChaCha20XOR(output, input, ciphertextLen, ctx->key, nonce, 1); return SECSuccess; +#endif } diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c index 75c9e8e9b..443a09cca 100644 --- a/lib/softoken/pkcs11.c +++ b/lib/softoken/pkcs11.c @@ -370,9 +370,11 @@ static const struct mechanismList mechanisms[] = { {CKM_SEED_MAC, {16, 16, CKF_SN_VR}, PR_TRUE}, {CKM_SEED_MAC_GENERAL, {16, 16, CKF_SN_VR}, PR_TRUE}, {CKM_SEED_CBC_PAD, {16, 16, CKF_EN_DE_WR_UN}, PR_TRUE}, +#ifndef NSS_DISABLE_CHACHAPOLY /* ------------------------- ChaCha20 Operations ---------------------- */ {CKM_NSS_CHACHA20_KEY_GEN, {32, 32, CKF_GENERATE}, PR_TRUE}, {CKM_NSS_CHACHA20_POLY1305,{32, 32, CKF_EN_DE}, PR_TRUE}, +#endif /* NSS_DISABLE_CHACHAPOLY */ /* ------------------------- Hashing Operations ----------------------- */ {CKM_MD2, {0, 0, CKF_DIGEST}, PR_FALSE}, {CKM_MD2_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, |