Bug 1622033 - Disable flag for SEED deprecation. r=kjacobs,rrelyea
authorBenjamin Beurdouche <bbeurdouche@mozilla.com>
Tue, 05 May 2020 16:09:27 +0000
changeset 15586 63b5f45e7383adb4c68f6fe48c65ec420778d7ab
parent 15585 05a02d9ae57d7a2b4595852eff90d1a4b769ddcd
child 15587 60aa7df14f119d2a21750668c5ce36fa38ef2c6c
push id3736
push userkjacobs@mozilla.com
push dateTue, 05 May 2020 17:26:09 +0000
reviewerskjacobs, rrelyea
bugs1622033
Bug 1622033 - Disable flag for SEED deprecation. r=kjacobs,rrelyea Differential Revision: https://phabricator.services.mozilla.com/D70672
cmd/bltest/blapitest.c
coreconf/config.gypi
coreconf/config.mk
gtests/pk11_gtest/pk11_encrypt_derive_unittest.cc
gtests/pk11_gtest/pk11_seed_cbc_unittest.cc
lib/freebl/Makefile
lib/freebl/freebl_base.gypi
lib/freebl/ldvector.c
lib/freebl/loader.c
lib/freebl/loader.h
lib/freebl/manifest.mn
lib/softoken/pkcs11.c
lib/softoken/pkcs11c.c
--- a/cmd/bltest/blapitest.c
+++ b/cmd/bltest/blapitest.c
@@ -617,31 +617,33 @@ typedef enum {
 #endif
     bltestAES_ECB,      /* .                     */
     bltestAES_CBC,      /* .                     */
     bltestAES_CTS,      /* .                     */
     bltestAES_CTR,      /* .                     */
     bltestAES_GCM,      /* .                     */
     bltestCAMELLIA_ECB, /* .                     */
     bltestCAMELLIA_CBC, /* .                     */
-    bltestSEED_ECB,     /* SEED algorithm      */
-    bltestSEED_CBC,     /* SEED algorithm      */
-    bltestCHACHA20,     /* ChaCha20 + Poly1305   */
-    bltestRSA,          /* Public Key Ciphers    */
-    bltestRSA_OAEP,     /* . (Public Key Enc.)   */
-    bltestRSA_PSS,      /* . (Public Key Sig.)   */
-    bltestECDSA,        /* . (Public Key Sig.)   */
-    bltestDSA,          /* . (Public Key Sig.)   */
-    bltestMD2,          /* Hash algorithms       */
-    bltestMD5,          /* .             */
-    bltestSHA1,         /* .             */
-    bltestSHA224,       /* .             */
-    bltestSHA256,       /* .             */
-    bltestSHA384,       /* .             */
-    bltestSHA512,       /* .             */
+#ifndef NSS_DISABLE_DEPRECATED_SEED
+    bltestSEED_ECB, /* SEED algorithm      */
+    bltestSEED_CBC, /* SEED algorithm      */
+#endif
+    bltestCHACHA20, /* ChaCha20 + Poly1305   */
+    bltestRSA,      /* Public Key Ciphers    */
+    bltestRSA_OAEP, /* . (Public Key Enc.)   */
+    bltestRSA_PSS,  /* . (Public Key Sig.)   */
+    bltestECDSA,    /* . (Public Key Sig.)   */
+    bltestDSA,      /* . (Public Key Sig.)   */
+    bltestMD2,      /* Hash algorithms       */
+    bltestMD5,      /* .             */
+    bltestSHA1,     /* .             */
+    bltestSHA224,   /* .             */
+    bltestSHA256,   /* .             */
+    bltestSHA384,   /* .             */
+    bltestSHA512,   /* .             */
     NUMMODES
 } bltestCipherMode;
 
 static char *mode_strings[] =
     {
       "des_ecb",
       "des_cbc",
       "des3_ecb",
@@ -655,18 +657,20 @@ static char *mode_strings[] =
 #endif
       "aes_ecb",
       "aes_cbc",
       "aes_cts",
       "aes_ctr",
       "aes_gcm",
       "camellia_ecb",
       "camellia_cbc",
+#ifndef NSS_DISABLE_DEPRECATED_SEED
       "seed_ecb",
       "seed_cbc",
+#endif
       "chacha20_poly1305",
       "rsa",
       "rsa_oaep",
       "rsa_pss",
       "ecdsa",
       /*"pqg",*/
       "dsa",
       "md2",
@@ -787,18 +791,22 @@ struct bltestCipherInfoStr {
     int cxreps;
     double cxtime;
     double optime;
 };
 
 PRBool
 is_symmkeyCipher(bltestCipherMode mode)
 {
-    /* change as needed! */
+/* change as needed! */
+#ifndef NSS_DISABLE_DEPRECATED_SEED
     if (mode >= bltestDES_ECB && mode <= bltestSEED_CBC)
+#else
+    if (mode >= bltestDES_ECB && mode <= bltestCAMELLIA_CBC)
+#endif
         return PR_TRUE;
     return PR_FALSE;
 }
 
 PRBool
 is_aeadCipher(bltestCipherMode mode)
 {
     /* change as needed! */
@@ -875,17 +883,19 @@ cipher_requires_IV(bltestCipherMode mode
 #ifdef NSS_SOFTOKEN_DOES_RC5
         case bltestRC5_CBC:
 #endif
         case bltestAES_CBC:
         case bltestAES_CTS:
         case bltestAES_CTR:
         case bltestAES_GCM:
         case bltestCAMELLIA_CBC:
+#ifndef NSS_DISABLE_DEPRECATED_SEED
         case bltestSEED_CBC:
+#endif
         case bltestCHACHA20:
             return PR_TRUE;
         default:
             return PR_FALSE;
     }
 }
 
 SECStatus finishIO(bltestIO *output, PRFileDesc *file);
@@ -1171,16 +1181,17 @@ camellia_Decrypt(void *cx, unsigned char
                  unsigned int maxOutputLen, const unsigned char *input,
                  unsigned int inputLen)
 {
     return Camellia_Decrypt((CamelliaContext *)cx, output, outputLen,
                             maxOutputLen,
                             input, inputLen);
 }
 
+#ifndef NSS_DISABLE_DEPRECATED_SEED
 SECStatus
 seed_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
              unsigned int maxOutputLen, const unsigned char *input,
              unsigned int inputLen)
 {
     return SEED_Encrypt((SEEDContext *)cx, output, outputLen, maxOutputLen,
                         input, inputLen);
 }
@@ -1188,16 +1199,17 @@ seed_Encrypt(void *cx, unsigned char *ou
 SECStatus
 seed_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
              unsigned int maxOutputLen, const unsigned char *input,
              unsigned int inputLen)
 {
     return SEED_Decrypt((SEEDContext *)cx, output, outputLen, maxOutputLen,
                         input, inputLen);
 }
+#endif /* NSS_DISABLE_DEPRECATED_SEED */
 
 SECStatus
 rsa_PublicKeyOp(void *cx, SECItem *output, const SECItem *input)
 {
     bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
     RSAPublicKey *pubKey = (RSAPublicKey *)params->pubKey;
     SECStatus rv = RSA_PublicKeyOp(pubKey, output->data, input->data);
     if (rv == SECSuccess) {
@@ -1582,16 +1594,17 @@ bltest_camellia_init(bltestCipherInfo *c
     }
     if (encrypt)
         cipherInfo->cipher.symmkeyCipher = camellia_Encrypt;
     else
         cipherInfo->cipher.symmkeyCipher = camellia_Decrypt;
     return SECSuccess;
 }
 
+#ifndef NSS_DISABLE_DEPRECATED_SEED
 SECStatus
 bltest_seed_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     PRIntervalTime time1, time2;
     bltestSymmKeyParams *seedp = &cipherInfo->params.sk;
     int minorMode;
     int i;
 
@@ -1625,16 +1638,17 @@ bltest_seed_init(bltestCipherInfo *ciphe
     }
     if (encrypt)
         cipherInfo->cipher.symmkeyCipher = seed_Encrypt;
     else
         cipherInfo->cipher.symmkeyCipher = seed_Decrypt;
 
     return SECSuccess;
 }
+#endif /* NSS_DISABLE_DEPRECATED_SEED */
 
 SECStatus
 bltest_chacha20_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     const unsigned int tagLen = 16;
     const bltestSymmKeyParams *sk = &cipherInfo->params.sk;
     cipherInfo->cx = ChaCha20Poly1305_CreateContext(sk->key.buf.data,
                                                     sk->key.buf.len, tagLen);
@@ -2277,22 +2291,24 @@ cipherInit(bltestCipherInfo *cipherInfo,
             return bltest_aes_init(cipherInfo, encrypt);
             break;
         case bltestCAMELLIA_ECB:
         case bltestCAMELLIA_CBC:
             SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
                               cipherInfo->input.pBuf.len);
             return bltest_camellia_init(cipherInfo, encrypt);
             break;
+#ifndef NSS_DISABLE_DEPRECATED_SEED
         case bltestSEED_ECB:
         case bltestSEED_CBC:
             SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
                               cipherInfo->input.pBuf.len);
             return bltest_seed_init(cipherInfo, encrypt);
             break;
+#endif /* NSS_DISABLE_DEPRECATED_SEED */
         case bltestCHACHA20:
             outlen = cipherInfo->input.pBuf.len + (encrypt ? 16 : 0);
             SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, outlen);
             return bltest_chacha20_init(cipherInfo, encrypt);
             break;
         case bltestRSA:
         case bltestRSA_OAEP:
         case bltestRSA_PSS:
@@ -2581,20 +2597,22 @@ cipherFinish(bltestCipherInfo *cipherInf
         case bltestAES_CTS:
         case bltestAES_CTR:
             AES_DestroyContext((AESContext *)cipherInfo->cx, PR_TRUE);
             break;
         case bltestCAMELLIA_ECB:
         case bltestCAMELLIA_CBC:
             Camellia_DestroyContext((CamelliaContext *)cipherInfo->cx, PR_TRUE);
             break;
+#ifndef NSS_DISABLE_DEPRECATED_SEED
         case bltestSEED_ECB:
         case bltestSEED_CBC:
             SEED_DestroyContext((SEEDContext *)cipherInfo->cx, PR_TRUE);
             break;
+#endif /* NSS_DISABLE_DEPRECATED_SEED */
         case bltestCHACHA20:
             ChaCha20Poly1305_DestroyContext((ChaCha20Poly1305Context *)
                                                 cipherInfo->cx,
                                             PR_TRUE);
             break;
         case bltestRC2_ECB:
         case bltestRC2_CBC:
             RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE);
@@ -2742,18 +2760,20 @@ print_td:
         case bltestDES_EDE_CBC:
         case bltestAES_ECB:
         case bltestAES_CBC:
         case bltestAES_CTS:
         case bltestAES_CTR:
         case bltestAES_GCM:
         case bltestCAMELLIA_ECB:
         case bltestCAMELLIA_CBC:
+#ifndef NSS_DISABLE_DEPRECATED_SEED
         case bltestSEED_ECB:
         case bltestSEED_CBC:
+#endif
         case bltestRC2_ECB:
         case bltestRC2_CBC:
         case bltestRC4:
             if (td)
                 fprintf(stdout, "%8s", "symmkey");
             else
                 fprintf(stdout, "%8d", 8 * info->params.sk.key.buf.len);
             break;
@@ -2934,29 +2954,33 @@ get_params(PLArenaPool *arena, bltestPar
             load_file_data(arena, &params->ask.aad, filename, bltestBinary);
         case bltestDES_CBC:
         case bltestDES_EDE_CBC:
         case bltestRC2_CBC:
         case bltestAES_CBC:
         case bltestAES_CTS:
         case bltestAES_CTR:
         case bltestCAMELLIA_CBC:
+#ifndef NSS_DISABLE_DEPRECATED_SEED
         case bltestSEED_CBC:
             sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
             load_file_data(arena, &params->sk.iv, filename, bltestBinary);
+#endif
         case bltestDES_ECB:
         case bltestDES_EDE_ECB:
         case bltestRC2_ECB:
         case bltestRC4:
         case bltestAES_ECB:
         case bltestCAMELLIA_ECB:
+#ifndef NSS_DISABLE_DEPRECATED_SEED
         case bltestSEED_ECB:
             sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
             load_file_data(arena, &params->sk.key, filename, bltestBinary);
             break;
+#endif
 #ifdef NSS_SOFTOKEN_DOES_RC5
         case bltestRC5_ECB:
         case bltestRC5_CBC:
             sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
             load_file_data(arena, &params->sk.iv, filename, bltestBinary);
             sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
             load_file_data(arena, &params->sk.key, filename, bltestBinary);
             sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
--- a/coreconf/config.gypi
+++ b/coreconf/config.gypi
@@ -94,16 +94,17 @@
     'freebl_name': '<(freebl_name)',
     'cc_is_clang%': '<(cc_is_clang)',
     'cc_is_gcc%': '<(cc_is_gcc)',
     'cc_use_gnu_ld%': '<(cc_use_gnu_ld)',
     # Some defaults
     'disable_arm_hw_aes%': 0,
     'disable_tests%': 0,
     'disable_chachapoly%': 0,
+    'disable_deprecated_seed%': 0,
     'disable_dbm%': 1,
     'disable_libpkix%': 1,
     'disable_werror%': 0,
     'disable_altivec%': 0,
     'disable_arm32_neon%': 0,
     'mozilla_client%': 0,
     'comm_client%': 0,
     'moz_fold_libs%': 0,
@@ -564,16 +565,21 @@
               'NSS_DISABLE_DBM',
             ],
           }],
           [ 'disable_libpkix==1', {
             'defines': [
               'NSS_DISABLE_LIBPKIX',
             ],
           }],
+          [ 'disable_deprecated_seed==1', {
+            'defines': [
+              'NSS_DISABLE_DEPRECATED_SEED',
+            ],
+          }],
         ],
       },
       # Common settings for debug should go here.
       'Debug': {
         'inherit_from': ['Common'],
         'conditions': [
           [ 'OS!="mac" and OS!="ios" and OS!="win"', {
             'cflags': [
--- a/coreconf/config.mk
+++ b/coreconf/config.mk
@@ -165,16 +165,20 @@ endif
 ifdef NSS_DISABLE_AVX2
 DEFINES += -DNSS_DISABLE_AVX2
 endif
 
 ifdef NSS_DISABLE_CHACHAPOLY
 DEFINES += -DNSS_DISABLE_CHACHAPOLY
 endif
 
+ifdef NSS_DISABLE_DEPRECATED_SEED
+DEFINES += -DNSS_DISABLE_DEPRECATED_SEED
+endif
+
 ifdef NSS_PKIX_NO_LDAP
 DEFINES += -DNSS_PKIX_NO_LDAP
 endif
 
 # FIPS support requires startup tests to be executed at load time of shared modules.
 # For performance reasons, these tests are disabled by default.
 # When compiling binaries that must support FIPS mode,
 # you should define NSS_FORCE_FIPS
--- a/gtests/pk11_gtest/pk11_encrypt_derive_unittest.cc
+++ b/gtests/pk11_gtest/pk11_encrypt_derive_unittest.cc
@@ -67,20 +67,22 @@ class EncryptDeriveTest
       case CKM_AES_ECB:
         return CKM_AES_ECB_ENCRYPT_DATA;
       case CKM_AES_CBC:
         return CKM_AES_CBC_ENCRYPT_DATA;
       case CKM_CAMELLIA_ECB:
         return CKM_CAMELLIA_ECB_ENCRYPT_DATA;
       case CKM_CAMELLIA_CBC:
         return CKM_CAMELLIA_CBC_ENCRYPT_DATA;
+#ifndef NSS_DISABLE_DEPRECATED_SEED
       case CKM_SEED_ECB:
         return CKM_SEED_ECB_ENCRYPT_DATA;
       case CKM_SEED_CBC:
         return CKM_SEED_CBC_ENCRYPT_DATA;
+#endif
       default:
         ADD_FAILURE() << "Unknown mechanism";
         break;
     }
     return CKM_INVALID_MECHANISM;
   }
 
   SECItem* derive_param() const {
@@ -88,34 +90,38 @@ class EncryptDeriveTest
     static CK_DES_CBC_ENCRYPT_DATA_PARAMS des_data;
     static CK_KEY_DERIVATION_STRING_DATA string_data;
     static SECItem param = {siBuffer, NULL, 0};
 
     switch (encrypt_mech()) {
       case CKM_DES3_ECB:
       case CKM_AES_ECB:
       case CKM_CAMELLIA_ECB:
+#ifndef NSS_DISABLE_DEPRECATED_SEED
       case CKM_SEED_ECB:
+#endif
         string_data.pData = toUcharPtr(kInput);
         string_data.ulLen = keysize();
         param.data = reinterpret_cast<uint8_t*>(&string_data);
         param.len = sizeof(string_data);
         break;
 
       case CKM_DES3_CBC:
         des_data.pData = toUcharPtr(kInput);
         des_data.length = keysize();
         PORT_Memcpy(des_data.iv, kIv, 8);
         param.data = reinterpret_cast<uint8_t*>(&des_data);
         param.len = sizeof(des_data);
         break;
 
       case CKM_AES_CBC:
       case CKM_CAMELLIA_CBC:
+#ifndef NSS_DISABLE_DEPRECATED_SEED
       case CKM_SEED_CBC:
+#endif
         aes_data.pData = toUcharPtr(kInput);
         aes_data.length = keysize();
         PORT_Memcpy(aes_data.iv, kIv, keysize());
         param.data = reinterpret_cast<uint8_t*>(&aes_data);
         param.len = sizeof(aes_data);
         break;
 
       default:
@@ -127,24 +133,28 @@ class EncryptDeriveTest
 
   SECItem* encrypt_param() const {
     static SECItem param = {siBuffer, NULL, 0};
 
     switch (encrypt_mech()) {
       case CKM_DES3_ECB:
       case CKM_AES_ECB:
       case CKM_CAMELLIA_ECB:
+#ifndef NSS_DISABLE_DEPRECATED_SEED
       case CKM_SEED_ECB:
+#endif
         // No parameter needed here.
         break;
 
       case CKM_DES3_CBC:
       case CKM_AES_CBC:
       case CKM_CAMELLIA_CBC:
+#ifndef NSS_DISABLE_DEPRECATED_SEED
       case CKM_SEED_CBC:
+#endif
         param.data = toUcharPtr(kIv);
         param.len = keysize();
         break;
 
       default:
         ADD_FAILURE() << "Unknown mechanism";
         break;
     }
@@ -181,18 +191,23 @@ class EncryptDeriveTest
 
   ScopedPK11SlotInfo slot_;
   ScopedPK11SymKey key_;
 };
 
 TEST_P(EncryptDeriveTest, Test) { TestEncryptDerive(); }
 
 static const CK_MECHANISM_TYPE kEncryptDeriveMechanisms[] = {
-    CKM_DES3_ECB,     CKM_DES3_CBC,     CKM_AES_ECB,  CKM_AES_ECB, CKM_AES_CBC,
-    CKM_CAMELLIA_ECB, CKM_CAMELLIA_CBC, CKM_SEED_ECB, CKM_SEED_CBC};
+    CKM_DES3_ECB, CKM_DES3_CBC, CKM_AES_ECB, CKM_AES_ECB, CKM_AES_CBC,
+    CKM_CAMELLIA_ECB, CKM_CAMELLIA_CBC
+#ifndef NSS_DISABLE_DEPRECATED_SEED
+    ,
+    CKM_SEED_ECB, CKM_SEED_CBC
+#endif
+};
 
 INSTANTIATE_TEST_CASE_P(EncryptDeriveTests, EncryptDeriveTest,
                         ::testing::ValuesIn(kEncryptDeriveMechanisms));
 
 // This class handles the case where 3DES takes a 192-bit key
 // where all 24 octets will be used.
 class EncryptDerive3Test : public EncryptDeriveTest {
  protected:
--- a/gtests/pk11_gtest/pk11_seed_cbc_unittest.cc
+++ b/gtests/pk11_gtest/pk11_seed_cbc_unittest.cc
@@ -45,16 +45,17 @@ class Pkcs11SeedTest : public ::testing:
                              &output_len, output_size, ciphertext.data(),
                              output_len));
       decrypted.resize(output_len);
       EXPECT_EQ(plaintext, decrypted);
     }
   }
 };
 
+#ifndef NSS_DISABLE_DEPRECATED_SEED
 // The intention here is to test the arguments of these functions
 // The resulted content is already tested in EncryptDeriveTests.
 // SEED_CBC needs an IV of 16 bytes.
 // The input data size must be multiple of 16.
 // If not, some padding should be added.
 // The output size must be at least the size of input data.
 TEST_F(Pkcs11SeedTest, CBC_ValidArgs) {
   EncryptDecryptSeed(SECSuccess, 16, 16);
@@ -71,10 +72,11 @@ TEST_F(Pkcs11SeedTest, CBC_InvalidArgs) 
 
 TEST_F(Pkcs11SeedTest, ECB_Singleblock) {
   EncryptDecryptSeed(SECSuccess, 16, 16, CKM_SEED_ECB);
 }
 
 TEST_F(Pkcs11SeedTest, ECB_Multiblock) {
   EncryptDecryptSeed(SECSuccess, 64, 64, CKM_SEED_ECB);
 }
+#endif
 
-}  // namespace nss_test
\ No newline at end of file
+}  // namespace nss_test
--- a/lib/freebl/Makefile
+++ b/lib/freebl/Makefile
@@ -540,16 +540,20 @@ ifneq ($(shell $(CC) -? 2>&1 >/dev/null 
     endif
 endif # lcc
 endif # USE_64
 
 ifndef HAVE_INT128_SUPPORT
     DEFINES += -DKRML_VERIFIED_UINT128
 endif
 
+ifndef NSS_DISABLE_DEPRECATED_SEED
+	CSRCS += seed.c
+endif
+
 ifndef NSS_DISABLE_CHACHAPOLY
     ifeq ($(CPU_ARCH),x86_64)
         ifndef NSS_DISABLE_AVX2
             EXTRA_SRCS += Hacl_Poly1305_256.c Hacl_Chacha20_Vec256.c Hacl_Chacha20Poly1305_256.c
         else
             EXTRA_SRCS += Hacl_Poly1305_128.c Hacl_Chacha20_Vec128.c Hacl_Chacha20Poly1305_128.c
         endif # NSS_DISABLE_AVX2
     endif # x86_64
--- a/lib/freebl/freebl_base.gypi
+++ b/lib/freebl/freebl_base.gypi
@@ -50,17 +50,17 @@
     'mpi/mplogic.c',
     'mpi/mpmontg.c',
     'mpi/mpprime.c',
     'pqg.c',
     'rawhash.c',
     'rijndael.c',
     'rsa.c',
     'rsapkcs.c',
-    'seed.c',
+    'sha512.c',
     'sha_fast.c',
     'shvfy.c',
     'sysrand.c',
     'tlsprfalg.c',
   ],
   'conditions': [
     [ 'OS=="linux" or OS=="android"', {
       'conditions': [
@@ -157,16 +157,21 @@
       # all platforms that support SSSE3. There are runtime checks in place to
       # choose the correct ChaCha implementation at runtime.
       'sources': [
         'verified/Hacl_Chacha20.c',
         'verified/Hacl_Chacha20Poly1305_32.c',
         'verified/Hacl_Poly1305_32.c',
       ],
     }],
+    [ 'disable_deprecated_seed==0', {
+      'sources': [
+        'seed.c',
+      ],
+    }],
     [ 'fuzz==1', {
       'sources!': [ 'drbg.c' ],
       'sources': [ 'det_rng.c' ],
     }],
     [ 'fuzz_tls==1', {
       'defines': [
         'UNSAFE_FUZZER_MODE',
       ],
--- a/lib/freebl/ldvector.c
+++ b/lib/freebl/ldvector.c
@@ -1,24 +1,34 @@
 /*
  * ldvector.c - platform dependent DSO containing freebl implementation.
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
 extern int FREEBL_InitStubs(void);
 #endif
 
 #include "loader.h"
 #include "cmac.h"
 #include "alghmac.h"
 #include "hmacct.h"
 #include "blapii.h"
+#include "secerr.h"
+
+SECStatus
+FREEBL_Deprecated(void)
+{
+
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+    return SECFailure;
+}
 
 static const struct FREEBLVectorStr vector =
     {
 
       sizeof vector,
       FREEBL_VERSION,
 
       RSA_NewKey,
@@ -205,24 +215,33 @@ static const struct FREEBLVectorStr vect
       Camellia_CreateContext,
       Camellia_DestroyContext,
       Camellia_Encrypt,
       Camellia_Decrypt,
 
       PQG_DestroyParams,
       PQG_DestroyVerify,
 
-      /* End of Version 3.010. */
+/* End of Version 3.010. */
 
+#ifndef NSS_DISABLE_DEPRECATED_SEED
       SEED_InitContext,
       SEED_AllocateContext,
       SEED_CreateContext,
       SEED_DestroyContext,
       SEED_Encrypt,
       SEED_Decrypt,
+#else
+      (F_SEED_InitContext)FREEBL_Deprecated,
+      (F_SEED_AllocateContext)FREEBL_Deprecated,
+      (F_SEED_CreateContext)FREEBL_Deprecated,
+      (F_SEED_DestroyContext)FREEBL_Deprecated,
+      (F_SEED_Encrypt)FREEBL_Deprecated,
+      (F_SEED_Decrypt)FREEBL_Deprecated,
+#endif /* NSS_DISABLE_DEPRECATED_SEED */
 
       BL_Init,
       BL_SetForkState,
 
       PRNGTEST_Instantiate,
       PRNGTEST_Reseed,
       PRNGTEST_Generate,
 
--- a/lib/freebl/loader.c
+++ b/lib/freebl/loader.c
@@ -391,47 +391,63 @@ DES_Decrypt(DESContext *cx, unsigned cha
                                    inputLen);
 }
 SEEDContext *
 SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
                    int mode, PRBool encrypt)
 {
     if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
         return NULL;
+#ifndef NSS_DISABLE_DEPRECATED_SEED
     return (vector->p_SEED_CreateContext)(key, iv, mode, encrypt);
+#else
+    return NULL;
+#endif
 }
 
 void
 SEED_DestroyContext(SEEDContext *cx, PRBool freeit)
 {
     if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
         return;
+#ifndef NSS_DISABLE_DEPRECATED_SEED
     (vector->p_SEED_DestroyContext)(cx, freeit);
+#else
+    return;
+#endif
 }
 
 SECStatus
 SEED_Encrypt(SEEDContext *cx, unsigned char *output, unsigned int *outputLen,
              unsigned int maxOutputLen, const unsigned char *input,
              unsigned int inputLen)
 {
     if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
         return SECFailure;
+#ifndef NSS_DISABLE_DEPRECATED_SEED
     return (vector->p_SEED_Encrypt)(cx, output, outputLen, maxOutputLen, input,
                                     inputLen);
+#else
+    return SECFailure;
+#endif
 }
 
 SECStatus
 SEED_Decrypt(SEEDContext *cx, unsigned char *output, unsigned int *outputLen,
              unsigned int maxOutputLen, const unsigned char *input,
              unsigned int inputLen)
 {
     if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
         return SECFailure;
+#ifndef NSS_DISABLE_DEPRECATED_SEED
     return (vector->p_SEED_Decrypt)(cx, output, outputLen, maxOutputLen, input,
                                     inputLen);
+#else
+    return SECFailure;
+#endif
 }
 
 AESContext *
 AES_CreateContext(const unsigned char *key, const unsigned char *iv,
                   int mode, int encrypt,
                   unsigned int keylen, unsigned int blocklen)
 {
     if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
@@ -1336,17 +1352,21 @@ DES_InitContext(DESContext *cx, const un
 
 SECStatus
 SEED_InitContext(SEEDContext *cx, const unsigned char *key,
                  unsigned int keylen, const unsigned char *iv, int mode,
                  unsigned int encrypt, unsigned int xtra)
 {
     if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
         return SECFailure;
+#ifndef NSS_DISABLE_DEPRECATED_SEED
     return (vector->p_SEED_InitContext)(cx, key, keylen, iv, mode, encrypt, xtra);
+#else
+    return SECFailure;
+#endif
 }
 
 SECStatus
 RC2_InitContext(RC2Context *cx, const unsigned char *key,
                 unsigned int keylen, const unsigned char *iv, int mode,
                 unsigned int effectiveKeyLen, unsigned int xtra)
 {
     if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
--- a/lib/freebl/loader.h
+++ b/lib/freebl/loader.h
@@ -857,8 +857,34 @@ extern NSSLOWGetVectorFn NSSLOW_GetVecto
 
 typedef const FREEBLVector *FREEBLGetVectorFn(void);
 
 extern FREEBLGetVectorFn FREEBL_GetVector;
 
 SEC_END_PROTOS
 
 #endif
+
+#ifdef NSS_DISABLE_DEPRECATED_SEED
+typedef SECStatus (*F_SEED_InitContext)(SEEDContext *cx,
+                                        const unsigned char *key,
+                                        unsigned int keylen,
+                                        const unsigned char *iv,
+                                        int mode,
+                                        unsigned int encrypt,
+                                        unsigned int);
+
+typedef SEEDContext *(*F_SEED_AllocateContext)(void);
+
+typedef SEEDContext *(*F_SEED_CreateContext)(const unsigned char *key,
+                                             const unsigned char *iv,
+                                             int mode, PRBool encrypt);
+
+typedef void (*F_SEED_DestroyContext)(SEEDContext *cx, PRBool freeit);
+
+typedef SECStatus (*F_SEED_Encrypt)(SEEDContext *cx, unsigned char *output,
+                                    unsigned int *outputLen, unsigned int maxOutputLen,
+                                    const unsigned char *input, unsigned int inputLen);
+
+typedef SECStatus (*F_SEED_Decrypt)(SEEDContext *cx, unsigned char *output,
+                                    unsigned int *outputLen, unsigned int maxOutputLen,
+                                    const unsigned char *input, unsigned int inputLen);
+#endif
--- a/lib/freebl/manifest.mn
+++ b/lib/freebl/manifest.mn
@@ -121,17 +121,17 @@ CSRCS = \
 	md5.c \
 	sha512.c \
 	cmac.c \
 	alghmac.c \
 	rawhash.c \
 	alg2268.c \
 	arcfour.c \
 	arcfive.c \
-    crypto_primitives.c \
+	crypto_primitives.c \
 	blake2b.c \
 	desblapi.c \
 	des.c \
 	drbg.c \
 	chacha20poly1305.c \
 	cts.c \
 	ctr.c \
 	blinit.c \
@@ -145,17 +145,16 @@ CSRCS = \
 	ec.c \
 	ecdecode.c \
 	pqg.c \
 	dsa.c \
 	rsa.c \
 	rsapkcs.c \
 	shvfy.c \
 	tlsprfalg.c \
-	seed.c \
 	jpake.c \
 	$(MPI_SRCS) \
 	$(MPCPU_SRCS) \
 	$(ECL_SRCS) \
 	$(VERIFIED_SRCS) \
 	$(STUBS_SRCS) \
 	$(LOWHASH_SRCS) \
 	$(EXTRA_SRCS) \
--- a/lib/softoken/pkcs11.c
+++ b/lib/softoken/pkcs11.c
@@ -387,25 +387,27 @@ static const struct mechanismList mechan
     { CKM_AES_XCBC_MAC, { 16, 16, CKF_SN_VR }, PR_TRUE },
     /* ------------------------- Camellia Operations --------------------- */
     { CKM_CAMELLIA_KEY_GEN, { 16, 32, CKF_GENERATE }, PR_TRUE },
     { CKM_CAMELLIA_ECB, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
     { CKM_CAMELLIA_CBC, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
     { CKM_CAMELLIA_MAC, { 16, 32, CKF_SN_VR }, PR_TRUE },
     { CKM_CAMELLIA_MAC_GENERAL, { 16, 32, CKF_SN_VR }, PR_TRUE },
     { CKM_CAMELLIA_CBC_PAD, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
-    /* ------------------------- SEED Operations --------------------------- */
+/* ------------------------- SEED Operations --------------------------- */
+#ifndef NSS_DISABLE_DEPRECATED_SEED
     { CKM_SEED_KEY_GEN, { 16, 16, CKF_GENERATE }, PR_TRUE },
     { CKM_SEED_ECB, { 16, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
     { CKM_SEED_CBC, { 16, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
     { CKM_SEED_MAC, { 16, 16, CKF_SN_VR }, PR_TRUE },
     { CKM_SEED_MAC_GENERAL, { 16, 16, CKF_SN_VR }, PR_TRUE },
     { CKM_SEED_CBC_PAD, { 16, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
+#endif
+/* ------------------------- ChaCha20 Operations ---------------------- */
 #ifndef NSS_DISABLE_CHACHAPOLY
-    /* ------------------------- ChaCha20 Operations ---------------------- */
     { CKM_NSS_CHACHA20_KEY_GEN, { 32, 32, CKF_GENERATE }, PR_TRUE },
     { CKM_NSS_CHACHA20_POLY1305, { 32, 32, CKF_EN_DE }, PR_TRUE },
     { CKM_NSS_CHACHA20_CTR, { 32, 32, CKF_EN_DE }, PR_TRUE },
     { CKM_CHACHA20_KEY_GEN, { 32, 32, CKF_GENERATE }, PR_TRUE },
     { CKM_CHACHA20_POLY1305, { 32, 32, CKF_EN_DE_MSG }, PR_TRUE },
 #endif /* NSS_DISABLE_CHACHAPOLY */
     /* ------------------------- Hashing Operations ----------------------- */
     { CKM_MD2, { 0, 0, CKF_DIGEST }, PR_FALSE },
@@ -490,19 +492,20 @@ static const struct mechanismList mechan
     { CKM_XOR_BASE_AND_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
     { CKM_EXTRACT_KEY_FROM_KEY, { 1, 32, CKF_DERIVE }, PR_FALSE },
     { CKM_DES3_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
     { CKM_DES3_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
     { CKM_AES_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
     { CKM_AES_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
     { CKM_CAMELLIA_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
     { CKM_CAMELLIA_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
+#ifndef NSS_DISABLE_DEPRECATED_SEED
     { CKM_SEED_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
     { CKM_SEED_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-
+#endif
     /* ---------------------- SSL Key Derivations ------------------------- */
     { CKM_SSL3_PRE_MASTER_KEY_GEN, { 48, 48, CKF_GENERATE }, PR_FALSE },
     { CKM_SSL3_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
     { CKM_SSL3_MASTER_KEY_DERIVE_DH, { 8, 128, CKF_DERIVE }, PR_FALSE },
     { CKM_SSL3_KEY_AND_MAC_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
     { CKM_SSL3_MD5_MAC, { 0, 16, CKF_DERIVE }, PR_FALSE },
     { CKM_SSL3_SHA1_MAC, { 0, 20, CKF_DERIVE }, PR_FALSE },
     { CKM_MD5_KEY_DERIVATION, { 0, 16, CKF_DERIVE }, PR_FALSE },
--- a/lib/softoken/pkcs11c.c
+++ b/lib/softoken/pkcs11c.c
@@ -1039,16 +1039,17 @@ sftk_CryptInit(CK_SESSION_HANDLE hSessio
             sftk_FreeAttribute(att);
             if (context->cipherInfo == NULL) {
                 crv = CKR_HOST_MEMORY;
                 break;
             }
             context->update = (SFTKCipher)(isEncrypt ? DES_Encrypt : DES_Decrypt);
             context->destroy = (SFTKDestroy)DES_DestroyContext;
             break;
+#ifndef NSS_DISABLE_DEPRECATED_SEED
         case CKM_SEED_CBC_PAD:
             context->doPad = PR_TRUE;
         /* fall thru */
         case CKM_SEED_CBC:
             if (!pMechanism->pParameter ||
                 pMechanism->ulParameterLen != 16) {
                 crv = CKR_MECHANISM_PARAM_INVALID;
                 break;
@@ -1073,17 +1074,17 @@ sftk_CryptInit(CK_SESSION_HANDLE hSessio
             sftk_FreeAttribute(att);
             if (context->cipherInfo == NULL) {
                 crv = CKR_HOST_MEMORY;
                 break;
             }
             context->update = (SFTKCipher)(isEncrypt ? SEED_Encrypt : SEED_Decrypt);
             context->destroy = (SFTKDestroy)SEED_DestroyContext;
             break;
-
+#endif /* NSS_DISABLE_DEPRECATED_SEED */
         case CKM_CAMELLIA_CBC_PAD:
             context->doPad = PR_TRUE;
         /* fall thru */
         case CKM_CAMELLIA_CBC:
             if (!pMechanism->pParameter ||
                 pMechanism->ulParameterLen != 16) {
                 crv = CKR_MECHANISM_PARAM_INVALID;
                 break;
@@ -2320,26 +2321,28 @@ sftk_InitCBCMac(CK_SESSION_HANDLE hSessi
         /* fall through */
         case CKM_CDMF_MAC:
             blockSize = 8;
             PORT_Memset(ivBlock, 0, blockSize);
             cbc_mechanism.mechanism = CKM_CDMF_CBC;
             cbc_mechanism.pParameter = &ivBlock;
             cbc_mechanism.ulParameterLen = blockSize;
             break;
+#ifndef NSS_DISABLE_DEPRECATED_SEED
         case CKM_SEED_MAC_GENERAL:
             mac_bytes = *(CK_ULONG *)pMechanism->pParameter;
         /* fall through */
         case CKM_SEED_MAC:
             blockSize = 16;
             PORT_Memset(ivBlock, 0, blockSize);
             cbc_mechanism.mechanism = CKM_SEED_CBC;
             cbc_mechanism.pParameter = &ivBlock;
             cbc_mechanism.ulParameterLen = blockSize;
             break;
+#endif /* NSS_DISABLE_DEPRECATED_SEED */
         case CKM_CAMELLIA_MAC_GENERAL:
             mac_bytes = *(CK_ULONG *)pMechanism->pParameter;
         /* fall through */
         case CKM_CAMELLIA_MAC:
             blockSize = 16;
             PORT_Memset(ivBlock, 0, blockSize);
             cbc_mechanism.mechanism = CKM_CAMELLIA_CBC;
             cbc_mechanism.pParameter = &ivBlock;
@@ -4210,20 +4213,22 @@ nsc_SetupBulkKeyGen(CK_MECHANISM_TYPE me
         case CKM_DES2_KEY_GEN:
             *key_type = CKK_DES2;
             *key_length = 16;
             break;
         case CKM_DES3_KEY_GEN:
             *key_type = CKK_DES3;
             *key_length = 24;
             break;
+#ifndef NSS_DISABLE_DEPRECATED_SEED
         case CKM_SEED_KEY_GEN:
             *key_type = CKK_SEED;
             *key_length = 16;
             break;
+#endif /* NSS_DISABLE_DEPRECATED_SEED */
         case CKM_CAMELLIA_KEY_GEN:
             *key_type = CKK_CAMELLIA;
             if (*key_length == 0)
                 crv = CKR_TEMPLATE_INCOMPLETE;
             break;
         case CKM_AES_KEY_GEN:
             *key_type = CKK_AES;
             if (*key_length == 0)
@@ -4525,17 +4530,19 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
         case CKM_DES_KEY_GEN:
         case CKM_DES2_KEY_GEN:
         case CKM_DES3_KEY_GEN:
             checkWeak = PR_TRUE;
         /* fall through */
         case CKM_RC2_KEY_GEN:
         case CKM_RC4_KEY_GEN:
         case CKM_GENERIC_SECRET_KEY_GEN:
+#ifndef NSS_DISABLE_DEPRECATED_SEED
         case CKM_SEED_KEY_GEN:
+#endif
         case CKM_CAMELLIA_KEY_GEN:
         case CKM_AES_KEY_GEN:
         case CKM_NSS_CHACHA20_KEY_GEN:
         case CKM_CHACHA20_KEY_GEN:
 #if NSS_SOFTOKEN_DOES_RC5
         case CKM_RC5_KEY_GEN:
 #endif
             crv = nsc_SetupBulkKeyGen(pMechanism->mechanism, &key_type, &key_length);
@@ -7818,16 +7825,17 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
             }
             crv = sftk_DeriveEncrypt((SFTKCipher)Camellia_Encrypt,
                                      cipherInfo, 16, key, keySize,
                                      data, len);
             Camellia_DestroyContext(cipherInfo, PR_TRUE);
             break;
         }
 
+#ifndef NSS_DISABLE_DEPRECATED_SEED
         case CKM_SEED_ECB_ENCRYPT_DATA:
         case CKM_SEED_CBC_ENCRYPT_DATA: {
             void *cipherInfo;
             CK_AES_CBC_ENCRYPT_DATA_PARAMS *aesEncryptPtr;
             int mode;
             unsigned char *iv;
             unsigned char *data;
             CK_ULONG len;
@@ -7864,16 +7872,17 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
                 break;
             }
             crv = sftk_DeriveEncrypt((SFTKCipher)SEED_Encrypt,
                                      cipherInfo, 16, key, keySize,
                                      data, len);
             SEED_DestroyContext(cipherInfo, PR_TRUE);
             break;
         }
+#endif /* NSS_DISABLE_DEPRECATED_SEED */
 
         case CKM_CONCATENATE_BASE_AND_KEY: {
             SFTKObject *newKey;
 
             crv = sftk_DeriveSensitiveCheck(sourceKey, key, PR_FALSE);
             if (crv != CKR_OK)
                 break;