Bug 1246928 - Add NSS_DISABLE_CHACHAPOLY to allow compiling without ChaCha20/Poly1305 r=mt
authorTim Taubert <ttaubert@mozilla.com>
Thu, 11 Feb 2016 14:43:20 +0100
changeset 11890 7839f8a920344233e24adef85092162d8489a27a
parent 11889 bca46799818e9df2ea8fb194adecf560c5d90f00
child 11895 a7453c77284f738d4ea106e2f9ece2ff39da4986
push id989
push userttaubert@mozilla.com
push dateFri, 12 Feb 2016 07:33:16 +0000
reviewersmt
bugs1246928
Bug 1246928 - Add NSS_DISABLE_CHACHAPOLY to allow compiling without ChaCha20/Poly1305 r=mt
coreconf/config.mk
lib/freebl/Makefile
lib/freebl/chacha20poly1305.c
lib/softoken/pkcs11.c
--- a/coreconf/config.mk
+++ b/coreconf/config.mk
@@ -161,16 +161,20 @@ endif
 ifdef BUILD_LIBPKIX_TESTS
 DEFINES += -DBUILD_LIBPKIX_TESTS
 endif
 
 ifdef NSS_DISABLE_DBM
 DEFINES += -DNSS_DISABLE_DBM
 endif
 
+ifdef NSS_DISABLE_CHACHAPOLY
+DEFINES += -DNSS_DISABLE_CHACHAPOLY
+endif
+
 ifdef NSS_PKIX_NO_LDAP
 DEFINES += -DNSS_PKIX_NO_LDAP
 endif
 
 # Avoid building object leak test code for optimized library
 ifndef BUILD_OPT
 ifdef PKIX_OBJECT_LEAK_TEST
 DEFINES += -DPKIX_OBJECT_LEAK_TEST
--- a/lib/freebl/Makefile
+++ b/lib/freebl/Makefile
@@ -490,27 +490,29 @@ else ifeq (1,$(CC_IS_GCC))
     ifneq (,$(filter 4.6 4.7 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
         HAVE_INT128_SUPPORT = 1
     endif
     ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
         HAVE_INT128_SUPPORT = 1
     endif
 endif
 
-ifeq ($(CPU_ARCH),x86_64)
-    ifdef HAVE_INT128_SUPPORT
-        EXTRA_SRCS += poly1305-donna-x64-sse2-incremental-source.c
+ifndef NSS_DISABLE_CHACHAPOLY
+    ifeq ($(CPU_ARCH),x86_64)
+        ifdef HAVE_INT128_SUPPORT
+            EXTRA_SRCS += poly1305-donna-x64-sse2-incremental-source.c
+        else
+            EXTRA_SRCS += poly1305.c
+        endif
+        EXTRA_SRCS += chacha20_vec.c
     else
         EXTRA_SRCS += poly1305.c
-    endif
-    EXTRA_SRCS += chacha20_vec.c
-else
-    EXTRA_SRCS += poly1305.c
-    EXTRA_SRCS += chacha20.c
-endif # x86_64
+        EXTRA_SRCS += chacha20.c
+    endif # x86_64
+endif # NSS_DISABLE_CHACHAPOLY
 
 #######################################################################
 # (5) Execute "global" rules. (OPTIONAL)                              #
 #######################################################################
 
 include $(CORE_DEPTH)/coreconf/rules.mk
 
 #######################################################################
--- a/lib/freebl/chacha20poly1305.c
+++ b/lib/freebl/chacha20poly1305.c
@@ -7,22 +7,26 @@
 #endif
 
 #include <string.h>
 #include <stdio.h>
 
 #include "seccomon.h"
 #include "secerr.h"
 #include "blapit.h"
+
+#ifndef NSS_DISABLE_CHACHAPOLY
 #include "poly1305.h"
 #include "chacha20.h"
 #include "chacha20poly1305.h"
+#endif
 
 /* Poly1305Do writes the Poly1305 authenticator of the given additional data
  * and ciphertext to |out|. */
+#ifndef NSS_DISABLE_CHACHAPOLY
 static void
 Poly1305Do(unsigned char *out, const unsigned char *ad, unsigned int adLen,
            const unsigned char *ciphertext, unsigned int ciphertextLen,
            const unsigned char key[32])
 {
     poly1305_state state;
     unsigned int j;
     unsigned char lengthBytes[8];
@@ -47,72 +51,86 @@ Poly1305Do(unsigned char *out, const uns
     j = ciphertextLen;
     for (i = 0; i < sizeof(lengthBytes); i++) {
         lengthBytes[i] = j;
         j >>= 8;
     }
     Poly1305Update(&state, lengthBytes, sizeof(lengthBytes));
     Poly1305Finish(&state, out);
 }
+#endif
 
 SECStatus
 ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx,
                              const unsigned char *key, unsigned int keyLen,
                              unsigned int tagLen)
 {
+#ifdef NSS_DISABLE_CHACHAPOLY
+    return SECFailure;
+#else
     if (keyLen != 32) {
         PORT_SetError(SEC_ERROR_BAD_KEY);
         return SECFailure;
     }
     if (tagLen == 0 || tagLen > 16) {
         PORT_SetError(SEC_ERROR_INPUT_LEN);
         return SECFailure;
     }
 
     PORT_Memcpy(ctx->key, key, sizeof(ctx->key));
     ctx->tagLen = tagLen;
 
     return SECSuccess;
+#endif
 }
 
 ChaCha20Poly1305Context *
 ChaCha20Poly1305_CreateContext(const unsigned char *key, unsigned int keyLen,
                                unsigned int tagLen)
 {
+#ifdef NSS_DISABLE_CHACHAPOLY
+    return NULL;
+#else
     ChaCha20Poly1305Context *ctx;
 
     ctx = PORT_New(ChaCha20Poly1305Context);
     if (ctx == NULL) {
         return NULL;
     }
 
     if (ChaCha20Poly1305_InitContext(ctx, key, keyLen, tagLen) != SECSuccess) {
         PORT_Free(ctx);
         ctx = NULL;
     }
 
     return ctx;
+#endif
 }
 
 void
 ChaCha20Poly1305_DestroyContext(ChaCha20Poly1305Context *ctx, PRBool freeit)
 {
+#ifndef NSS_DISABLE_CHACHAPOLY
     PORT_Memset(ctx, 0, sizeof(*ctx));
     if (freeit) {
         PORT_Free(ctx);
     }
+#endif
 }
 
 SECStatus
 ChaCha20Poly1305_Seal(const ChaCha20Poly1305Context *ctx, unsigned char *output,
                       unsigned int *outputLen, unsigned int maxOutputLen,
                       const unsigned char *input, unsigned int inputLen,
                       const unsigned char *nonce, unsigned int nonceLen,
                       const unsigned char *ad, unsigned int adLen)
 {
+#ifdef NSS_DISABLE_CHACHAPOLY
+    return SECFailure;
+#else
     unsigned char block[64];
     unsigned char tag[16];
 
     if (nonceLen != 12) {
         PORT_SetError(SEC_ERROR_INPUT_LEN);
         return SECFailure;
     }
     *outputLen = inputLen + ctx->tagLen;
@@ -126,25 +144,29 @@ ChaCha20Poly1305_Seal(const ChaCha20Poly
     // key. The remainder of the block is discarded.
     ChaCha20XOR(block, block, sizeof(block), ctx->key, nonce, 0);
     ChaCha20XOR(output, input, inputLen, ctx->key, nonce, 1);
 
     Poly1305Do(tag, ad, adLen, output, inputLen, block);
     PORT_Memcpy(output + inputLen, tag, ctx->tagLen);
 
     return SECSuccess;
+#endif
 }
 
 SECStatus
 ChaCha20Poly1305_Open(const ChaCha20Poly1305Context *ctx, unsigned char *output,
                       unsigned int *outputLen, unsigned int maxOutputLen,
                       const unsigned char *input, unsigned int inputLen,
                       const unsigned char *nonce, unsigned int nonceLen,
                       const unsigned char *ad, unsigned int adLen)
 {
+#ifdef NSS_DISABLE_CHACHAPOLY
+    return SECFailure;
+#else
     unsigned char block[64];
     unsigned char tag[16];
     unsigned int ciphertextLen;
 
     if (nonceLen != 12) {
         PORT_SetError(SEC_ERROR_INPUT_LEN);
         return SECFailure;
     }
@@ -167,9 +189,10 @@ ChaCha20Poly1305_Open(const ChaCha20Poly
     if (NSS_SecureMemcmp(tag, &input[ciphertextLen], ctx->tagLen) != 0) {
         PORT_SetError(SEC_ERROR_BAD_DATA);
         return SECFailure;
     }
 
     ChaCha20XOR(output, input, ciphertextLen, ctx->key, nonce, 1);
 
     return SECSuccess;
+#endif
 }
--- a/lib/softoken/pkcs11.c
+++ b/lib/softoken/pkcs11.c
@@ -365,19 +365,21 @@ static const struct mechanismList mechan
      {CKM_CAMELLIA_CBC_PAD,	{16, 32, CKF_EN_DE_WR_UN},      PR_TRUE},
      /* ------------------------- SEED Operations --------------------------- */
      {CKM_SEED_KEY_GEN,		{16, 16, CKF_GENERATE},		PR_TRUE},
      {CKM_SEED_ECB,		{16, 16, CKF_EN_DE_WR_UN},	PR_TRUE},
      {CKM_SEED_CBC,		{16, 16, CKF_EN_DE_WR_UN},	PR_TRUE},
      {CKM_SEED_MAC,		{16, 16, CKF_SN_VR},		PR_TRUE},
      {CKM_SEED_MAC_GENERAL,	{16, 16, CKF_SN_VR},		PR_TRUE},
      {CKM_SEED_CBC_PAD,		{16, 16, CKF_EN_DE_WR_UN},	PR_TRUE},
+#ifndef NSS_DISABLE_CHACHAPOLY
      /* ------------------------- ChaCha20 Operations ---------------------- */
      {CKM_NSS_CHACHA20_KEY_GEN,	{32, 32, CKF_GENERATE},		PR_TRUE},
      {CKM_NSS_CHACHA20_POLY1305,{32, 32, CKF_EN_DE},		PR_TRUE},
+#endif /* NSS_DISABLE_CHACHAPOLY */
      /* ------------------------- Hashing Operations ----------------------- */
      {CKM_MD2,			{0,   0, CKF_DIGEST},		PR_FALSE},
      {CKM_MD2_HMAC,		{1, 128, CKF_SN_VR},		PR_TRUE},
      {CKM_MD2_HMAC_GENERAL,	{1, 128, CKF_SN_VR},		PR_TRUE},
      {CKM_MD5,			{0,   0, CKF_DIGEST},		PR_FALSE},
      {CKM_MD5_HMAC,		{1, 128, CKF_SN_VR},		PR_TRUE},
      {CKM_MD5_HMAC_GENERAL,	{1, 128, CKF_SN_VR},		PR_TRUE},
      {CKM_SHA_1,		{0,   0, CKF_DIGEST},		PR_FALSE},