From b32b5779dde0b2405a97b41bcc49f9354d9f3abf Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Wed, 25 Dec 2019 16:31:52 +0800 Subject: [PATCH 01/15] [NSS] config.mk: remove defining NO_NSPR_10_SUPPORT to fix VC7.1 build --- security/nss/coreconf/config.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/nss/coreconf/config.mk b/security/nss/coreconf/config.mk index 99c6ce6c..afbef250 100644 --- a/security/nss/coreconf/config.mk +++ b/security/nss/coreconf/config.mk @@ -184,7 +184,7 @@ DEFINES += -DUSE_UTIL_DIRECTLY USE_UTIL_DIRECTLY = 1 # Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features -DEFINES += -DNO_NSPR_10_SUPPORT +#DEFINES += -DNO_NSPR_10_SUPPORT # Hide old, deprecated, TLS cipher suite names when building NSS DEFINES += -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES From b1bbd767b35db5c7ed5290908ac446ecdb9ad107 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Wed, 25 Dec 2019 16:32:44 +0800 Subject: [PATCH 02/15] [NSS] ssl3con: fix broken comparsion which breaks VC7.1 build --- security/nss/lib/ssl/ssl3con.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index e15446ef..b22bc004 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -1670,7 +1670,7 @@ ssl3_InitPendingContextsBypass(sslSocket *ss) calg = cipher_def->calg; - if ( cipher_def == type_aead ) { + if ( cipher_def->type == type_aead ) { pwSpec->encode = NULL; pwSpec->decode = NULL; pwSpec->destroy = NULL; From 430790c1b1240f4f4c8fc3171819fad458a0b5e8 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Tue, 7 Jan 2020 15:11:52 +0800 Subject: [PATCH 03/15] cherry-picked mozilla NSS upstream changes (to rev 5fe63c0b, sha512.c changes are refined for VC6): bug1182667(other parts), bug1117022, bug1190248, bug1192020, bug1185033, bug1199349, bug1199467, bug1199494 --- security/nss/cmd/bltest/blapitest.c | 2 +- security/nss/cmd/certcgi/certcgi.c | 4 +- security/nss/cmd/lib/secpwd.c | 6 +- security/nss/cmd/selfserv/selfserv.c | 34 +- security/nss/cmd/signtool/certgen.c | 31 +- security/nss/cmd/tstclnt/tstclnt.c | 20 +- security/nss/coreconf/Darwin.mk | 20 + security/nss/coreconf/Linux.mk | 30 +- security/nss/coreconf/rules.mk | 24 +- security/nss/lib/dbm/src/h_page.c | 12 +- security/nss/lib/dbm/src/hash.c | 2 +- security/nss/lib/freebl/drbg.c | 2 +- security/nss/lib/freebl/ecl/ecp_192.c | 4 +- security/nss/lib/freebl/ecl/ecp_224.c | 2 +- security/nss/lib/freebl/mpi/mpi.c | 29 +- security/nss/lib/freebl/pqg.c | 2 +- security/nss/lib/freebl/sha512.c | 18 +- security/nss/lib/jar/jarfile.c | 2 +- .../module/pkix_pl_ldapdefaultclient.c | 2 +- .../pkix_pl_nss/module/pkix_pl_ldapresponse.c | 2 +- .../pkix_pl_nss/system/pkix_pl_object.c | 4 +- security/nss/lib/pk11wrap/pk11mech.c | 4 + security/nss/lib/pk11wrap/pk11merge.c | 6 +- security/nss/lib/pk11wrap/pk11obj.c | 4 +- security/nss/lib/pk11wrap/pk11pk12.c | 8 +- security/nss/lib/softoken/legacydb/keydb.c | 2 +- security/nss/lib/softoken/legacydb/lginit.c | 2 +- security/nss/lib/softoken/pkcs11.c | 10 +- security/nss/lib/softoken/pkcs11c.c | 101 +++- security/nss/lib/softoken/sftkdb.c | 6 +- security/nss/lib/ssl/SSLerrs.h | 6 + security/nss/lib/ssl/derive.c | 2 +- security/nss/lib/ssl/ssl.h | 8 + security/nss/lib/ssl/ssl3con.c | 565 +++++++++++++----- security/nss/lib/ssl/ssl3ecc.c | 16 +- security/nss/lib/ssl/ssl3ext.c | 116 +++- security/nss/lib/ssl/sslerr.h | 3 + security/nss/lib/ssl/sslimpl.h | 7 +- security/nss/lib/ssl/sslinfo.c | 2 + security/nss/lib/ssl/sslsnce.c | 95 +-- security/nss/lib/ssl/sslsock.c | 14 + security/nss/lib/ssl/sslt.h | 9 +- security/nss/lib/util/pkcs11n.h | 43 +- security/nss/lib/util/secport.h | 10 +- security/nss/lib/util/utilmod.c | 12 +- security/nss/tests/common/cleanup.sh | 12 +- 46 files changed, 969 insertions(+), 346 deletions(-) diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c index 81c3061b..204814d8 100644 --- a/security/nss/cmd/bltest/blapitest.c +++ b/security/nss/cmd/bltest/blapitest.c @@ -3552,7 +3552,7 @@ int main(int argc, char **argv) unsigned int keySize = 1024; unsigned long exponent = 65537; int rounds = 1; - int ret; + int ret = -1; if (bltest.options[opt_KeySize].activated) { keySize = PORT_Atoi(bltest.options[opt_KeySize].arg); diff --git a/security/nss/cmd/certcgi/certcgi.c b/security/nss/cmd/certcgi/certcgi.c index 889de254..1095d80e 100644 --- a/security/nss/cmd/certcgi/certcgi.c +++ b/security/nss/cmd/certcgi/certcgi.c @@ -508,8 +508,8 @@ get_serial_number(Pair *data) if (find_field_bool(data, "serial-auto", PR_TRUE)) { serialFile = fopen(filename, "r"); if (serialFile != NULL) { - fread(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0) { + size_t nread = fread(&serial, sizeof(int), 1, serialFile); + if (ferror(serialFile) != 0 || nread != 1) { error_out("Error: Unable to read serial number file"); } if (serial == -1) { diff --git a/security/nss/cmd/lib/secpwd.c b/security/nss/cmd/lib/secpwd.c index 2c4579d7..d78e56cc 100644 --- a/security/nss/cmd/lib/secpwd.c +++ b/security/nss/cmd/lib/secpwd.c @@ -74,7 +74,9 @@ char *SEC_GetPassword(FILE *input, FILE *output, char *prompt, echoOff(infd); } - QUIET_FGETS ( phrase, sizeof(phrase), input); + if (QUIET_FGETS(phrase, sizeof(phrase), input) == NULL) { + return NULL; + } if (isTTY) { fprintf(output, "\n"); @@ -87,7 +89,7 @@ char *SEC_GetPassword(FILE *input, FILE *output, char *prompt, /* Validate password */ if (!(*ok)(phrase)) { /* Not weird enough */ - if (!isTTY) return 0; + if (!isTTY) return NULL; fprintf(output, "Password must be at least 8 characters long with one or more\n"); fprintf(output, "non-alphabetic characters\n"); continue; diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c index 9509892d..549fda53 100644 --- a/security/nss/cmd/selfserv/selfserv.c +++ b/security/nss/cmd/selfserv/selfserv.c @@ -65,7 +65,7 @@ static const char inheritableSockName[] = { "SELFSERV_LISTEN_SOCKET" }; #define MAX_BULK_TEST 1048576 /* 1 MB */ static PRBool testBulk; static PRUint32 testBulkSize = DEFAULT_BULK_TEST; -static PRUint32 testBulkTotal; +static PRInt32 testBulkTotal; static char* testBulkBuf; static PRDescIdentity log_layer_id = PR_INVALID_IO_LAYER; static PRFileDesc *loggingFD; @@ -74,10 +74,10 @@ static PRIOMethods loggingMethods; static PRBool logStats; static PRBool loggingLayer; static int logPeriod = 30; -static PRUint32 loggerOps; -static PRUint32 loggerBytes; -static PRUint32 loggerBytesTCP; -static PRUint32 bulkSentChunks; +static PRInt32 loggerOps; +static PRInt32 loggerBytes; +static PRInt32 loggerBytesTCP; +static PRInt32 bulkSentChunks; static enum ocspStaplingModeEnum { osm_disabled, /* server doesn't support stapling */ osm_good, /* supply a signed good status */ @@ -428,10 +428,11 @@ printSecurityInfo(PRFileDesc *fd) suite.macBits, suite.macAlgorithmName); FPRINTF(stderr, "selfserv: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n" - " Compression: %s\n", + " Compression: %s, Extended Master Secret: %s\n", channel.authKeyBits, suite.authAlgorithmName, channel.keaKeyBits, suite.keaTypeName, - channel.compressionMethodName); + channel.compressionMethodName, + channel.extendedMasterSecretUsed ? "Yes": "No"); } } if (verbose) { @@ -751,8 +752,8 @@ logger(void *arg) PRIntervalTime period; PRIntervalTime previousTime; PRIntervalTime latestTime; - PRUint32 previousOps; - PRUint32 ops; + PRInt32 previousOps; + PRInt32 ops; PRIntervalTime logPeriodTicks = PR_TicksPerSecond(); PRFloat64 secondsPerTick = 1.0 / (PRFloat64)logPeriodTicks; int iterations = 0; @@ -771,7 +772,7 @@ logger(void *arg) */ PR_Sleep(logPeriodTicks); secondsElapsed++; - totalPeriodBytes += PR_ATOMIC_SET(&loggerBytes, 0); + totalPeriodBytes += PR_ATOMIC_SET(&loggerBytes, 0); totalPeriodBytesTCP += PR_ATOMIC_SET(&loggerBytesTCP, 0); if (secondsElapsed != logPeriod) { continue; @@ -837,6 +838,8 @@ PRBool testbypass = PR_FALSE; PRBool enableSessionTickets = PR_FALSE; PRBool enableCompression = PR_FALSE; PRBool failedToNegotiateName = PR_FALSE; +PRBool enableExtendedMasterSecret = PR_FALSE; + static char *virtServerNameArray[MAX_VIRT_SERVER_NAME_ARRAY_INDEX]; static int virtServerNameIndex = 1; @@ -1942,6 +1945,13 @@ server_main( } } + if (enableExtendedMasterSecret) { + rv = SSL_OptionSet(model_sock, SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE); + if (rv != SECSuccess) { + errExit("error enabling extended master secret "); + } + } + for (kea = kt_rsa; kea < kt_kea_size; kea++) { if (cert[kea] != NULL) { secStatus = SSL_ConfigSecureServer(model_sock, @@ -2218,7 +2228,7 @@ main(int argc, char **argv) ** numbers, then capital letters, then lower case, alphabetical. */ optstate = PL_CreateOptState(argc, argv, - "2:A:BC:DEH:L:M:NP:RS:T:U:V:W:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz"); + "2:A:BC:DEGH:L:M:NP:RS:T:U:V:W:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { ++optionsFound; switch(optstate->option) { @@ -2234,6 +2244,8 @@ main(int argc, char **argv) case 'E': disableStepDown = PR_TRUE; break; case 'H': configureDHE = (PORT_Atoi(optstate->value) != 0); break; + case 'G': enableExtendedMasterSecret = PR_TRUE; break; + case 'I': /* reserved for OCSP multi-stapling */ break; case 'L': diff --git a/security/nss/cmd/signtool/certgen.c b/security/nss/cmd/signtool/certgen.c index 0f7c596d..5a645049 100644 --- a/security/nss/cmd/signtool/certgen.c +++ b/security/nss/cmd/signtool/certgen.c @@ -73,6 +73,9 @@ GenerateCert(char *nickname, int keysize, char *token) LL_L2UI(serial, PR_Now()); subject = GetSubjectFromUser(serial); + if (!subject) { + FatalError("Unable to get subject from user"); + } cert = GenerateSelfSignedObjectSigningCert(nickname, db, subject, serial, keysize, token); @@ -122,7 +125,9 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "certificate common name: "); #endif - fgets(buf, STDIN_BUF_SIZE, stdin); + if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { + return NULL; + } cp = chop(buf); if (*cp == '\0') { sprintf(common_name_buf, "%s (%lu)", DEFAULT_COMMON_NAME, @@ -144,7 +149,9 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "organization: "); #endif - fgets(buf, STDIN_BUF_SIZE, stdin); + if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { + return NULL; + } cp = chop(buf); if (*cp != '\0') { org = PORT_ZAlloc(strlen(cp) + 5); @@ -163,7 +170,9 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "organization unit: "); #endif - fgets(buf, STDIN_BUF_SIZE, stdin); + if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { + return NULL; + } cp = chop(buf); if (*cp != '\0') { orgunit = PORT_ZAlloc(strlen(cp) + 6); @@ -181,7 +190,9 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "state or province: "); #endif - fgets(buf, STDIN_BUF_SIZE, stdin); + if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { + return NULL; + } cp = chop(buf); if (*cp != '\0') { state = PORT_ZAlloc(strlen(cp) + 6); @@ -199,7 +210,9 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "country (must be exactly 2 characters): "); #endif - fgets(buf, STDIN_BUF_SIZE, stdin); + if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { + return NULL; + } cp = chop(cp); if (strlen(cp) != 2) { *cp = '\0'; /* country code must be 2 chars */ @@ -220,7 +233,9 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "username: "); #endif - fgets(buf, STDIN_BUF_SIZE, stdin); + if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { + return NULL; + } cp = chop(buf); if (*cp != '\0') { uid = PORT_ZAlloc(strlen(cp) + 7); @@ -238,7 +253,9 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "email address: "); #endif - fgets(buf, STDIN_BUF_SIZE, stdin); + if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { + return NULL; + } cp = chop(buf); if (*cp != '\0') { email = PORT_ZAlloc(strlen(cp) + 5); diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c index ddfadafd..93a70222 100644 --- a/security/nss/cmd/tstclnt/tstclnt.c +++ b/security/nss/cmd/tstclnt/tstclnt.c @@ -129,10 +129,11 @@ void printSecurityInfo(PRFileDesc *fd) suite.macBits, suite.macAlgorithmName); FPRINTF(stderr, "tstclnt: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n" - " Compression: %s\n", + " Compression: %s, Extended Master Secret: %s\n", channel.authKeyBits, suite.authAlgorithmName, channel.keaKeyBits, suite.keaTypeName, - channel.compressionMethodName); + channel.compressionMethodName, + channel.extendedMasterSecretUsed ? "Yes": "No"); } } cert = SSL_RevealCert(fd); @@ -231,6 +232,7 @@ static void PrintParameterUsage(void) fprintf(stderr, "%-20s Enable compression.\n", "-z"); fprintf(stderr, "%-20s Enable false start.\n", "-g"); fprintf(stderr, "%-20s Enable the cert_status extension (OCSP stapling).\n", "-T"); + fprintf(stderr, "%-20s Enable the extended master secret extension (session hash).\n", "-G"); fprintf(stderr, "%-20s Require fresh revocation info from side channel.\n" "%-20s -F once means: require for server cert only\n" "%-20s -F twice means: require for intermediates, too\n" @@ -919,6 +921,7 @@ int main(int argc, char **argv) int enableFalseStart = 0; int enableCertStatus = 0; int forceFallbackSCSV = 0; + int enableExtendedMasterSecret = 0; PRSocketOptionData opt; PRNetAddr addr; PRPollDesc pollset[2]; @@ -967,7 +970,7 @@ int main(int argc, char **argv) SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions); optstate = PL_CreateOptState(argc, argv, - "46BCDFKM:OR:STV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:xz"); + "46BCDFGKM:OR:STV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:xz"); while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': @@ -989,6 +992,8 @@ int main(int argc, char **argv) serverCertAuth.testFreshStatusFromSideChannel = PR_TRUE; break; + case 'G': enableExtendedMasterSecret = PR_TRUE; break; + case 'I': /* reserved for OCSP multi-stapling */ break; case 'O': serverCertAuth.shouldPause = PR_FALSE; break; @@ -1386,6 +1391,15 @@ int main(int argc, char **argv) return 1; } + /* enable extended master secret mode */ + if (enableExtendedMasterSecret) { + rv = SSL_OptionSet(s, SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE); + if (rv != SECSuccess) { + SECU_PrintError(progName, "error enabling extended master secret"); + return 1; + } + } + SSL_SetPKCS11PinArg(s, &pwdata); serverCertAuth.dbHandle = CERT_GetDefaultCertDB(); diff --git a/security/nss/coreconf/Darwin.mk b/security/nss/coreconf/Darwin.mk index 18a13481..786825c7 100644 --- a/security/nss/coreconf/Darwin.mk +++ b/security/nss/coreconf/Darwin.mk @@ -83,6 +83,26 @@ endif OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -Wall -fno-common -pipe -DDARWIN -DHAVE_STRERROR -DHAVE_BSD_FLOCK $(DARWIN_SDK_CFLAGS) +ifeq (clang,$(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q')) +NSS_HAS_GCC48 = true +endif +ifndef NSS_HAS_GCC48 +NSS_HAS_GCC48 := $(shell \ + [ `$(CC) -dumpversion | cut -f 1 -d . -` -gt 4 -a \ + `$(CC) -dumpversion | cut -f 2 -d . -` -ge 8 -o \ + `$(CC) -dumpversion | cut -f 1 -d . -` -ge 5 ] && \ + echo true || echo false) +export NSS_HAS_GCC48 +endif +ifeq (true,$(NSS_HAS_GCC48)) +OS_CFLAGS += -Werror +else +# Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. +# Use this to disable use of that #pragma and the warnings it suppresses. +OS_CFLAGS += -DNSS_NO_GCC48 -Wno-unused-variable -Wno-strict-aliasing +$(warning Unable to find gcc >= 4.8 disabling -Werror) +endif + ifdef BUILD_OPT ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE)) OPTIMIZER = -Oz diff --git a/security/nss/coreconf/Linux.mk b/security/nss/coreconf/Linux.mk index 414aef53..cbd5e05c 100644 --- a/security/nss/coreconf/Linux.mk +++ b/security/nss/coreconf/Linux.mk @@ -134,7 +134,7 @@ ifeq ($(USE_PTHREADS),1) OS_PTHREAD = -lpthread endif -OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR +OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR OS_LIBS = $(OS_PTHREAD) -ldl -lc ifeq ($(COMPILER_TAG),_clang) @@ -152,29 +152,21 @@ endif NSS_HAS_GCC48 = true endif -# Check for the existence of gcc 4.8 ifndef NSS_HAS_GCC48 -define GCC48_TEST = -int main() {\n -#if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 8)\n - return 1;\n -#else\n - return 0;\n -#endif\n -}\n -endef -TEST_GCC48 := /tmp/test_gcc48_$(shell echo $$$$) -NSS_HAS_GCC48 := (,$(shell echo -e "$(GCC48_TEST)" > $(TEST_GCC48).c && \ - $(CC) -o $(TEST_GCC48) $(TEST_GCC48).c && \ - $(TEST_GCC48) && echo true || echo false; \ - rm -f $(TEST_GCC48) $(TEST_GCC48).c)) +NSS_HAS_GCC48 := $(shell \ + [ `$(CC) -dumpversion | cut -f 1 -d . -` -gt 4 -a \ + `$(CC) -dumpversion | cut -f 2 -d . -` -ge 8 -o \ + `$(CC) -dumpversion | cut -f 1 -d . -` -ge 5 ] && \ + echo true || echo false) export NSS_HAS_GCC48 endif - ifeq (true,$(NSS_HAS_GCC48)) +OS_CFLAGS += -Werror +else # Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. -# Here, we disable use of that #pragma and the warnings it suppresses. -OS_CFLAGS += -DNSS_NO_GCC48 -Wno-unused-variable +# Use this to disable use of that #pragma and the warnings it suppresses. +OS_CFLAGS += -DNSS_NO_GCC48 +$(warning Unable to find gcc >= 4.8 disabling -Werror) endif ifdef USE_PTHREADS diff --git a/security/nss/coreconf/rules.mk b/security/nss/coreconf/rules.mk index 0a891ebc..34b742a7 100644 --- a/security/nss/coreconf/rules.mk +++ b/security/nss/coreconf/rules.mk @@ -424,12 +424,12 @@ $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.S $(OBJDIR)/$(PROG_PREFIX)%: %.cpp @$(MAKE_OBJDIR) ifdef USE_NT_C_SYNTAX - $(CCC) -Fo$@ -c $(CFLAGS) $(call core_abspath,$<) + $(CCC) -Fo$@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) else ifdef NEED_ABSOLUTE_PATH - $(CCC) -o $@ -c $(CFLAGS) $(call core_abspath,$<) + $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) else - $(CCC) -o $@ -c $(CFLAGS) $< + $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $< endif endif @@ -440,16 +440,16 @@ $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cc $(MAKE_OBJDIR) ifdef STRICT_CPLUSPLUS_SUFFIX echo "#line 1 \"$<\"" | cat - $< > $(OBJDIR)/t_$*.cc - $(CCC) -o $@ -c $(CFLAGS) $(OBJDIR)/t_$*.cc + $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(OBJDIR)/t_$*.cc rm -f $(OBJDIR)/t_$*.cc else ifdef USE_NT_C_SYNTAX - $(CCC) -Fo$@ -c $(CFLAGS) $(call core_abspath,$<) + $(CCC) -Fo$@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) else ifdef NEED_ABSOLUTE_PATH - $(CCC) -o $@ -c $(CFLAGS) $(call core_abspath,$<) + $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) else - $(CCC) -o $@ -c $(CFLAGS) $< + $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $< endif endif endif #STRICT_CPLUSPLUS_SUFFIX @@ -458,22 +458,22 @@ $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cpp @$(MAKE_OBJDIR) ifdef STRICT_CPLUSPLUS_SUFFIX echo "#line 1 \"$<\"" | cat - $< > $(OBJDIR)/t_$*.cc - $(CCC) -o $@ -c $(CFLAGS) $(OBJDIR)/t_$*.cc + $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(OBJDIR)/t_$*.cc rm -f $(OBJDIR)/t_$*.cc else ifdef USE_NT_C_SYNTAX - $(CCC) -Fo$@ -c $(CFLAGS) $(call core_abspath,$<) + $(CCC) -Fo$@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) else ifdef NEED_ABSOLUTE_PATH - $(CCC) -o $@ -c $(CFLAGS) $(call core_abspath,$<) + $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) else - $(CCC) -o $@ -c $(CFLAGS) $< + $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $< endif endif endif #STRICT_CPLUSPLUS_SUFFIX %.i: %.cpp - $(CCC) -C -E $(CFLAGS) $< > $@ + $(CCC) -C -E $(CFLAGS) $(CXXFLAGS) $< > $@ %.i: %.c ifeq (,$(filter-out WIN%,$(OS_TARGET))) diff --git a/security/nss/lib/dbm/src/h_page.c b/security/nss/lib/dbm/src/h_page.c index cc024947..669f3b32 100644 --- a/security/nss/lib/dbm/src/h_page.c +++ b/security/nss/lib/dbm/src/h_page.c @@ -158,10 +158,11 @@ long new_lseek(int fd, long offset, int origin) { char buffer[1024]; long len = seek_pos-end_pos; - memset(&buffer, 0, 1024); + memset(buffer, 0, 1024); while(len > 0) { - write(fd, (char*)&buffer, (size_t)(1024 > len ? len : 1024)); + if(write(fd, buffer, (size_t)(1024 > len ? len : 1024)) < 0) + return(-1); len -= 1024; } return(lseek(fd, seek_pos, SEEK_SET)); @@ -981,7 +982,7 @@ overflow_page(HTAB *hashp) if (offset > SPLITMASK) { if (++splitnum >= NCACHED) { #ifndef macintosh - (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1); + (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr); #endif return (0); } @@ -996,7 +997,7 @@ overflow_page(HTAB *hashp) free_page++; if (free_page >= NCACHED) { #ifndef macintosh - (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1); + (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr); #endif return (0); } @@ -1022,8 +1023,7 @@ overflow_page(HTAB *hashp) if (offset > SPLITMASK) { if (++splitnum >= NCACHED) { #ifndef macintosh - (void)write(STDERR_FILENO, OVMSG, - sizeof(OVMSG) - 1); + (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr); #endif return (0); } diff --git a/security/nss/lib/dbm/src/hash.c b/security/nss/lib/dbm/src/hash.c index 3f9a516e..b3a904a8 100644 --- a/security/nss/lib/dbm/src/hash.c +++ b/security/nss/lib/dbm/src/hash.c @@ -911,7 +911,7 @@ hash_seq( uint flag) { register uint32 bucket; - register BUFHEAD *bufp; + register BUFHEAD *bufp = NULL; HTAB *hashp; uint16 *bp, ndx; diff --git a/security/nss/lib/freebl/drbg.c b/security/nss/lib/freebl/drbg.c index e20db2e6..391d4560 100644 --- a/security/nss/lib/freebl/drbg.c +++ b/security/nss/lib/freebl/drbg.c @@ -24,7 +24,7 @@ * for SHA-1, SHA-224, and SHA-256 it's 440 bits. * for SHA-384 and SHA-512 it's 888 bits */ #define PRNG_SEEDLEN (440/PR_BITS_PER_BYTE) -static const PRInt64 PRNG_MAX_ADDITIONAL_BYTES = LL_INIT(0x1, 0x0); +#define PRNG_MAX_ADDITIONAL_BYTES PR_INT64(0x100000000) /* 2^35 bits or 2^32 bytes */ #define PRNG_MAX_REQUEST_SIZE 0x10000 /* 2^19 bits or 2^16 bytes */ #define PRNG_ADDITONAL_DATA_CACHE_SIZE (8*1024) /* must be less than diff --git a/security/nss/lib/freebl/ecl/ecp_192.c b/security/nss/lib/freebl/ecl/ecp_192.c index ef11cef9..0bfd95e1 100644 --- a/security/nss/lib/freebl/ecl/ecp_192.c +++ b/security/nss/lib/freebl/ecl/ecp_192.c @@ -120,8 +120,8 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) if (((r2b == 0xffffffff) && (r2a == 0xffffffff) && (r1b == 0xffffffff) ) && ((r1a == 0xffffffff) || - (r1a == 0xfffffffe) && (r0a == 0xffffffff) && - (r0b == 0xffffffff)) ) { + ((r1a == 0xfffffffe) && (r0a == 0xffffffff) && + (r0b == 0xffffffff))) ) { /* do a quick subtract */ carry = 0; MP_ADD_CARRY(r0a, 1, r0a, carry); diff --git a/security/nss/lib/freebl/ecl/ecp_224.c b/security/nss/lib/freebl/ecl/ecp_224.c index 4faab215..142f255d 100644 --- a/security/nss/lib/freebl/ecl/ecp_224.c +++ b/security/nss/lib/freebl/ecl/ecp_224.c @@ -22,7 +22,7 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) mp_digit carry; #ifdef ECL_THIRTY_TWO_BIT mp_digit a6a = 0, a6b = 0, - a5a = 0, a5b = 0, a4a = 0, a4b = 0, a3a = 0, a3b = 0; + a5a = 0, a5b = 0, a4a = 0, a4b = 0, a3b = 0; mp_digit r0a, r0b, r1a, r1b, r2a, r2b, r3a; #else mp_digit a6 = 0, a5 = 0, a4 = 0, a3b = 0, a5a = 0; diff --git a/security/nss/lib/freebl/mpi/mpi.c b/security/nss/lib/freebl/mpi/mpi.c index 43ce83ae..84f9b97b 100644 --- a/security/nss/lib/freebl/mpi/mpi.c +++ b/security/nss/lib/freebl/mpi/mpi.c @@ -4190,6 +4190,7 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */ MP_SIGN(rem) = ZPOS; MP_SIGN(div) = ZPOS; + MP_SIGN(&part) = ZPOS; /* A working temporary for division */ MP_CHECKOK( mp_init_size(&t, MP_ALLOC(rem))); @@ -4197,8 +4198,6 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */ /* Normalize to optimize guessing */ MP_CHECKOK( s_mp_norm(rem, div, &d) ); - part = *rem; - /* Perform the division itself...woo! */ MP_USED(quot) = MP_ALLOC(quot); @@ -4207,11 +4206,15 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */ while (MP_USED(rem) > MP_USED(div) || s_mp_cmp(rem, div) >= 0) { int i; int unusedRem; + int partExtended = 0; /* set to true if we need to extend part */ unusedRem = MP_USED(rem) - MP_USED(div); MP_DIGITS(&part) = MP_DIGITS(rem) + unusedRem; MP_ALLOC(&part) = MP_ALLOC(rem) - unusedRem; MP_USED(&part) = MP_USED(div); + + /* We have now truncated the part of the remainder to the same length as + * the divisor. If part is smaller than div, extend part by one digit. */ if (s_mp_cmp(&part, div) < 0) { -- unusedRem; #if MP_ARGCHK == 2 @@ -4220,26 +4223,34 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */ -- MP_DIGITS(&part); ++ MP_USED(&part); ++ MP_ALLOC(&part); + partExtended = 1; } /* Compute a guess for the next quotient digit */ q_msd = MP_DIGIT(&part, MP_USED(&part) - 1); div_msd = MP_DIGIT(div, MP_USED(div) - 1); - if (q_msd >= div_msd) { + if (!partExtended) { + /* In this case, q_msd /= div_msd is always 1. First, since div_msd is + * normalized to have the high bit set, 2*div_msd > MP_DIGIT_MAX. Since + * we didn't extend part, q_msd >= div_msd. Therefore we know that + * div_msd <= q_msd <= MP_DIGIT_MAX < 2*div_msd. Dividing by div_msd we + * get 1 <= q_msd/div_msd < 2. So q_msd /= div_msd must be 1. */ q_msd = 1; - } else if (MP_USED(&part) > 1) { + } else { #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD) q_msd = (q_msd << MP_DIGIT_BIT) | MP_DIGIT(&part, MP_USED(&part) - 2); q_msd /= div_msd; if (q_msd == RADIX) --q_msd; #else - mp_digit r; - MP_CHECKOK( s_mpv_div_2dx1d(q_msd, MP_DIGIT(&part, MP_USED(&part) - 2), - div_msd, &q_msd, &r) ); + if (q_msd == div_msd) { + q_msd = MP_DIGIT_MAX; + } else { + mp_digit r; + MP_CHECKOK( s_mpv_div_2dx1d(q_msd, MP_DIGIT(&part, MP_USED(&part) - 2), + div_msd, &q_msd, &r) ); + } #endif - } else { - q_msd = 0; } #if MP_ARGCHK == 2 assert(q_msd > 0); /* This case should never occur any more. */ diff --git a/security/nss/lib/freebl/pqg.c b/security/nss/lib/freebl/pqg.c index f7971557..fd1351ed 100644 --- a/security/nss/lib/freebl/pqg.c +++ b/security/nss/lib/freebl/pqg.c @@ -1143,7 +1143,7 @@ makeGfromIndex(HASH_HashType hashtype, unsigned int len; mp_err err = MP_OKAY; SECStatus rv = SECSuccess; - const SECHashObject *hashobj; + const SECHashObject *hashobj = NULL; void *hashcx = NULL; MP_DIGITS(&e) = 0; diff --git a/security/nss/lib/freebl/sha512.c b/security/nss/lib/freebl/sha512.c index 0e6baa87..3298e39f 100644 --- a/security/nss/lib/freebl/sha512.c +++ b/security/nss/lib/freebl/sha512.c @@ -67,11 +67,11 @@ static const PRUint32 H256[8] = { 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 }; +#if defined(IS_LITTLE_ENDIAN) #if (_MSC_VER >= 1300) #include #pragma intrinsic(_byteswap_ulong) #define SHA_HTONL(x) _byteswap_ulong(x) -#define BYTESWAP4(x) x = SHA_HTONL(x) #elif defined(_MSC_VER) && defined(NSS_X86_OR_X64) #ifndef FORCEINLINE #if (_MSC_VER >= 1200) @@ -92,7 +92,6 @@ swap4b(PRUint32 dwd) } #define SHA_HTONL(x) swap4b(x) -#define BYTESWAP4(x) x = SHA_HTONL(x) #elif defined(__GNUC__) && defined(NSS_X86_OR_X64) static __inline__ PRUint32 swap4b(PRUint32 value) @@ -101,7 +100,6 @@ static __inline__ PRUint32 swap4b(PRUint32 value) return (value); } #define SHA_HTONL(x) swap4b(x) -#define BYTESWAP4(x) x = SHA_HTONL(x) #elif defined(__GNUC__) && (defined(__thumb2__) || \ (!defined(__thumb__) && \ @@ -121,14 +119,14 @@ static __inline__ PRUint32 swap4b(PRUint32 value) return ret; } #define SHA_HTONL(x) swap4b(x) -#define BYTESWAP4(x) x = SHA_HTONL(x) #else #define SWAP4MASK 0x00FF00FF #define SHA_HTONL(x) (t1 = (x), t1 = (t1 << 16) | (t1 >> 16), \ ((t1 & SWAP4MASK) << 8) | ((t1 >> 8) & SWAP4MASK)) -#define BYTESWAP4(x) x = SHA_HTONL(x) #endif +#define BYTESWAP4(x) x = SHA_HTONL(x) +#endif /* defined(IS_LITTLE_ENDIAN) */ #if defined(_MSC_VER) #pragma intrinsic (_lrotr, _lrotl) @@ -665,6 +663,7 @@ void SHA224_Clone(SHA224Context *dest, SHA224Context *src) #define ULLC(hi,lo) 0x ## hi ## lo ## ULL #endif +#if defined(IS_LITTLE_ENDIAN) #if defined(_MSC_VER) #pragma intrinsic(_byteswap_uint64) #define SHA_HTONLL(x) _byteswap_uint64(x) @@ -686,19 +685,20 @@ static __inline__ PRUint64 swap8b(PRUint64 value) (t1 >> 32) | (t1 << 32)) #endif #define BYTESWAP8(x) x = SHA_HTONLL(x) +#endif /* defined(IS_LITTLE_ENDIAN) */ #else /* no long long */ #if defined(IS_LITTLE_ENDIAN) #define ULLC(hi,lo) { 0x ## lo ## U, 0x ## hi ## U } -#else -#define ULLC(hi,lo) { 0x ## hi ## U, 0x ## lo ## U } -#endif - #define SHA_HTONLL(x) ( BYTESWAP4(x.lo), BYTESWAP4(x.hi), \ x.hi ^= x.lo ^= x.hi ^= x.lo, x) #define BYTESWAP8(x) do { PRUint32 tmp; BYTESWAP4(x.lo); BYTESWAP4(x.hi); \ tmp = x.lo; x.lo = x.hi; x.hi = tmp; } while (0) +#else +#define ULLC(hi,lo) { 0x ## hi ## U, 0x ## lo ## U } +#endif + #endif /* SHA-384 and SHA-512 constants, K512. */ diff --git a/security/nss/lib/jar/jarfile.c b/security/nss/lib/jar/jarfile.c index 3346dbec..96da4d79 100644 --- a/security/nss/lib/jar/jarfile.c +++ b/security/nss/lib/jar/jarfile.c @@ -76,7 +76,7 @@ dostime(char *time, const char *s); #ifdef NSS_X86_OR_X64 /* The following macros throw up warnings. */ -#ifdef __GNUC__ +#if defined(__GNUC__) && !defined(NSS_NO_GCC48) #pragma GCC diagnostic ignored "-Wstrict-aliasing" #endif #define x86ShortToUint32(ii) ((const PRUint32)*((const PRUint16 *)(ii))) diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c index a191ad65..3dc06be9 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c @@ -359,7 +359,7 @@ pkix_pl_LdapDefaultClient_VerifyBindResponse( "pkix_pl_LdapDefaultClient_VerifyBindResponse"); PKIX_NULLCHECK_TWO(client, client->rcvBuf); - decode.data = (void *)(client->rcvBuf); + decode.data = (unsigned char *)(client->rcvBuf); decode.len = bufLen; PKIX_CHECK(pkix_pl_LdapDefaultClient_DecodeBindResponse diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c index 9d37f58f..cd2543f3 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c @@ -730,7 +730,7 @@ pkix_pl_LdapResponse_GetResultCode( resultMsg = &response->decoded.protocolOp.op.searchResponseResultMsg; - *pResultCode = *(char *)(resultMsg->resultCode.data); + *pResultCode = *(resultMsg->resultCode.data); cleanup: diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c index 9a33fd5e..7dafa0b2 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c @@ -600,7 +600,7 @@ PKIX_PL_Object_Alloc( object = NULL; /* Atomically increment object counter */ - PR_ATOMIC_INCREMENT(&ctEntry->objCounter); + PR_ATOMIC_INCREMENT((PRInt32*)&ctEntry->objCounter); cleanup: @@ -897,7 +897,7 @@ PKIX_PL_Object_DecRef( } /* Atomically decrement object counter */ - PR_ATOMIC_DECREMENT(&ctEntry->objCounter); + PR_ATOMIC_DECREMENT((PRInt32*)&ctEntry->objCounter); /* pkix_pl_Object_Destroy assumes the lock is held */ /* It will call unlock and destroy the object */ diff --git a/security/nss/lib/pk11wrap/pk11mech.c b/security/nss/lib/pk11wrap/pk11mech.c index d8b82277..f70c3094 100644 --- a/security/nss/lib/pk11wrap/pk11mech.c +++ b/security/nss/lib/pk11wrap/pk11mech.c @@ -380,6 +380,8 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len) case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256: case CKM_TLS_KEY_AND_MAC_DERIVE: case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: + case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE: + case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH: case CKM_SHA_1_HMAC: case CKM_SHA_1_HMAC_GENERAL: case CKM_SHA224_HMAC: @@ -575,6 +577,8 @@ PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size) case CKM_TLS_MASTER_KEY_DERIVE: case CKM_TLS_KEY_AND_MAC_DERIVE: case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: + case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE: + case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH: return CKM_SSL3_PRE_MASTER_KEY_GEN; case CKM_SHA_1_HMAC: case CKM_SHA_1_HMAC_GENERAL: diff --git a/security/nss/lib/pk11wrap/pk11merge.c b/security/nss/lib/pk11wrap/pk11merge.c index 187e2e1f..8fadc7ca 100644 --- a/security/nss/lib/pk11wrap/pk11merge.c +++ b/security/nss/lib/pk11wrap/pk11merge.c @@ -1261,7 +1261,8 @@ pk11_mergeByObjectIDs(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot, PK11MergeLog *log, void *targetPwArg, void *sourcePwArg) { SECStatus rv = SECSuccess; - int error, i; + int error = SEC_ERROR_LIBRARY_FAILURE; + int i; for (i=0; i < count; i++) { /* try to update the entire database. On failure, keep going, @@ -1325,7 +1326,8 @@ PK11_MergeTokens(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot, PK11MergeLog *log, void *targetPwArg, void *sourcePwArg) { SECStatus rv = SECSuccess, lrv = SECSuccess; - int error, count = 0; + int error = SEC_ERROR_LIBRARY_FAILURE; + int count = 0; CK_ATTRIBUTE search[2]; CK_OBJECT_HANDLE *objectIDs = NULL; CK_BBOOL ck_true = CK_TRUE; diff --git a/security/nss/lib/pk11wrap/pk11obj.c b/security/nss/lib/pk11wrap/pk11obj.c index e09d2276..848b45a0 100644 --- a/security/nss/lib/pk11wrap/pk11obj.c +++ b/security/nss/lib/pk11wrap/pk11obj.c @@ -1577,7 +1577,7 @@ PK11_WriteRawAttribute(PK11ObjectType objType, void *objSpec, CK_ATTRIBUTE_TYPE attrType, SECItem *item) { PK11SlotInfo *slot = NULL; - CK_OBJECT_HANDLE handle; + CK_OBJECT_HANDLE handle = 0; CK_ATTRIBUTE setTemplate; CK_RV crv; CK_SESSION_HANDLE rwsession; @@ -1630,7 +1630,7 @@ PK11_ReadRawAttribute(PK11ObjectType objType, void *objSpec, CK_ATTRIBUTE_TYPE attrType, SECItem *item) { PK11SlotInfo *slot = NULL; - CK_OBJECT_HANDLE handle; + CK_OBJECT_HANDLE handle = 0; switch (objType) { case PK11_TypeGeneric: diff --git a/security/nss/lib/pk11wrap/pk11pk12.c b/security/nss/lib/pk11wrap/pk11pk12.c index 2152a41e..e5a0a21c 100644 --- a/security/nss/lib/pk11wrap/pk11pk12.c +++ b/security/nss/lib/pk11wrap/pk11pk12.c @@ -234,13 +234,17 @@ PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI, rv = SEC_ASN1DecodeItem(pki->arena, pki, SECKEY_PrivateKeyInfoTemplate, derPKI); if( rv != SECSuccess ) { - goto finish; + /* If SEC_ASN1DecodeItem fails, we cannot assume anything about the + * validity of the data in pki. The best we can do is free the arena + * and return. + */ + PORT_FreeArena(temparena, PR_TRUE); + return rv; } rv = PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname, publicValue, isPerm, isPrivate, keyUsage, privk, wincx); -finish: /* this zeroes the key and frees the arena */ SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/); return rv; diff --git a/security/nss/lib/softoken/legacydb/keydb.c b/security/nss/lib/softoken/legacydb/keydb.c index c3dd887b..d54f10c0 100644 --- a/security/nss/lib/softoken/legacydb/keydb.c +++ b/security/nss/lib/softoken/legacydb/keydb.c @@ -1378,7 +1378,7 @@ nsslowkey_PutPWCheckEntry(NSSLOWKEYDBHandle *handle,NSSLOWKEYPasswordEntry *entr NSSLOWKEYDBKey *dbkey = NULL; SECItem *item = NULL; SECItem salt; - SECOidTag algid; + SECOidTag algid = SEC_OID_UNKNOWN; SECStatus rv = SECFailure; PLArenaPool *arena; int ret; diff --git a/security/nss/lib/softoken/legacydb/lginit.c b/security/nss/lib/softoken/legacydb/lginit.c index 47da8f04..b2ff521a 100644 --- a/security/nss/lib/softoken/legacydb/lginit.c +++ b/security/nss/lib/softoken/legacydb/lginit.c @@ -601,7 +601,7 @@ legacy_Open(const char *configdir, const char *certPrefix, if (certDB) *certDB = NULL; if (certDB) { - NSSLOWCERTCertDBHandle *certdbPtr; + NSSLOWCERTCertDBHandle *certdbPtr = NULL; crv = lg_OpenCertDB(configdir, certPrefix, readOnly, &certdbPtr); if (crv != CKR_OK) { diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 1a835238..adf98115 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -475,6 +475,10 @@ static const struct mechanismList mechanisms[] = { {CKM_TLS12_KEY_AND_MAC_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, {CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, {48, 48, CKF_DERIVE}, PR_FALSE}, + {CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, + {48,128, CKF_DERIVE}, PR_FALSE}, + {CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, + {48,128, CKF_DERIVE}, PR_FALSE}, /* ---------------------- PBE Key Derivations ------------------------ */ {CKM_PBE_MD2_DES_CBC, {8, 8, CKF_DERIVE}, PR_TRUE}, {CKM_PBE_MD5_DES_CBC, {8, 8, CKF_DERIVE}, PR_TRUE}, @@ -2603,7 +2607,7 @@ CK_RV sftk_CloseAllSessions(SFTKSlot *slot, PRBool logout) --slot->sessionCount; SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock)); if (session->info.flags & CKF_RW_SESSION) { - PR_ATOMIC_DECREMENT(&slot->rwSessionCount); + (void)PR_ATOMIC_DECREMENT(&slot->rwSessionCount); } } else { SKIP_AFTER_FORK(PZ_Unlock(lock)); @@ -3720,7 +3724,7 @@ CK_RV NSC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, ++slot->sessionCount; PZ_Unlock(slot->slotLock); if (session->info.flags & CKF_RW_SESSION) { - PR_ATOMIC_INCREMENT(&slot->rwSessionCount); + (void)PR_ATOMIC_INCREMENT(&slot->rwSessionCount); } do { @@ -3788,7 +3792,7 @@ CK_RV NSC_CloseSession(CK_SESSION_HANDLE hSession) sftk_freeDB(handle); } if (session->info.flags & CKF_RW_SESSION) { - PR_ATOMIC_DECREMENT(&slot->rwSessionCount); + (void)PR_ATOMIC_DECREMENT(&slot->rwSessionCount); } } diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 0a2c5dc8..a1aec599 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -3840,7 +3840,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, * produce them any more. The affected algorithm was 3DES. */ PRBool faultyPBE3DES = PR_FALSE; - HASH_HashType hashType; + HASH_HashType hashType = HASH_AlgNULL; CHECK_FORK(); @@ -4081,7 +4081,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, */ CK_MECHANISM mech = {0, NULL, 0}; - CK_ULONG modulusLen; + CK_ULONG modulusLen = 0; CK_ULONG subPrimeLen = 0; PRBool isEncryptable = PR_FALSE; PRBool canSignVerify = PR_FALSE; @@ -6007,7 +6007,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, isDH = PR_TRUE; } - /* first do the consistancy checks */ + /* first do the consistency checks */ if (!isDH && (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) { crv = CKR_KEY_TYPE_INCONSISTENT; break; @@ -6136,6 +6136,101 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, break; } + /* Extended master key derivation [draft-ietf-tls-session-hash] */ + case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE: + case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH: + { + CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS *ems_params; + SSL3RSAPreMasterSecret *rsa_pms; + SECStatus status; + SECItem pms = { siBuffer, NULL, 0 }; + SECItem seed = { siBuffer, NULL, 0 }; + SECItem master = { siBuffer, NULL, 0 }; + + ems_params = (CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS*) + pMechanism->pParameter; + + /* First do the consistency checks */ + if ((mechanism == CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE) && + (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) { + crv = CKR_KEY_TYPE_INCONSISTENT; + break; + } + att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); + if ((att2 == NULL) || + (*(CK_KEY_TYPE *)att2->attrib.pValue != CKK_GENERIC_SECRET)) { + if (att2) sftk_FreeAttribute(att2); + crv = CKR_KEY_FUNCTION_NOT_PERMITTED; + break; + } + sftk_FreeAttribute(att2); + if (keyType != CKK_GENERIC_SECRET) { + crv = CKR_KEY_FUNCTION_NOT_PERMITTED; + break; + } + if ((keySize != 0) && (keySize != SSL3_MASTER_SECRET_LENGTH)) { + crv = CKR_KEY_FUNCTION_NOT_PERMITTED; + break; + } + + /* Do the key derivation */ + pms.data = (unsigned char*) att->attrib.pValue; + pms.len = att->attrib.ulValueLen; + seed.data = ems_params->pSessionHash; + seed.len = ems_params->ulSessionHashLen; + master.data = key_block; + master.len = SSL3_MASTER_SECRET_LENGTH; + if (ems_params-> prfHashMechanism == CKM_TLS_PRF) { + /* + * In this case, the session hash is the concatenation of SHA-1 + * and MD5, so it should be 36 bytes long. + */ + if (seed.len != MD5_LENGTH + SHA1_LENGTH) { + crv = CKR_TEMPLATE_INCONSISTENT; + break; + } + + status = TLS_PRF(&pms, "extended master secret", + &seed, &master, isFIPS); + } else { + const SECHashObject *hashObj; + + tlsPrfHash = GetHashTypeFromMechanism(ems_params->prfHashMechanism); + if (tlsPrfHash == HASH_AlgNULL) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + + hashObj = HASH_GetRawHashObject(tlsPrfHash); + if (seed.len != hashObj->length) { + crv = CKR_TEMPLATE_INCONSISTENT; + break; + } + + status = TLS_P_hash(tlsPrfHash, &pms, "extended master secret", + &seed, &master, isFIPS); + } + + /* Reflect the version if required */ + if (ems_params->pVersion) { + SFTKSessionObject *sessKey = sftk_narrowToSessionObject(key); + rsa_pms = (SSL3RSAPreMasterSecret *) att->attrib.pValue; + /* don't leak more key material than necessary for SSL to work */ + if ((sessKey == NULL) || sessKey->wasDerived) { + ems_params->pVersion->major = 0xff; + ems_params->pVersion->minor = 0xff; + } else { + ems_params->pVersion->major = rsa_pms->client_version[0]; + ems_params->pVersion->minor = rsa_pms->client_version[1]; + } + } + + /* Store the results */ + crv = sftk_forceAttribute(key, CKA_VALUE, key_block, + SSL3_MASTER_SECRET_LENGTH); + break; + } + case CKM_TLS12_KEY_AND_MAC_DERIVE: case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: case CKM_TLS_KEY_AND_MAC_DERIVE: diff --git a/security/nss/lib/softoken/sftkdb.c b/security/nss/lib/softoken/sftkdb.c index b686e8e1..61f1e9e4 100644 --- a/security/nss/lib/softoken/sftkdb.c +++ b/security/nss/lib/softoken/sftkdb.c @@ -2408,7 +2408,7 @@ sftk_getCertDB(SFTKSlot *slot) PZ_Lock(slot->slotLock); dbHandle = slot->certDB; if (dbHandle) { - PR_ATOMIC_INCREMENT(&dbHandle->ref); + (void)PR_ATOMIC_INCREMENT(&dbHandle->ref); } PZ_Unlock(slot->slotLock); return dbHandle; @@ -2426,7 +2426,7 @@ sftk_getKeyDB(SFTKSlot *slot) SKIP_AFTER_FORK(PZ_Lock(slot->slotLock)); dbHandle = slot->keyDB; if (dbHandle) { - PR_ATOMIC_INCREMENT(&dbHandle->ref); + (void)PR_ATOMIC_INCREMENT(&dbHandle->ref); } SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock)); return dbHandle; @@ -2444,7 +2444,7 @@ sftk_getDBForTokenObject(SFTKSlot *slot, CK_OBJECT_HANDLE objectID) PZ_Lock(slot->slotLock); dbHandle = objectID & SFTK_KEYDB_TYPE ? slot->keyDB : slot->certDB; if (dbHandle) { - PR_ATOMIC_INCREMENT(&dbHandle->ref); + (void)PR_ATOMIC_INCREMENT(&dbHandle->ref); } PZ_Unlock(slot->slotLock); return dbHandle; diff --git a/security/nss/lib/ssl/SSLerrs.h b/security/nss/lib/ssl/SSLerrs.h index da561644..60283968 100644 --- a/security/nss/lib/ssl/SSLerrs.h +++ b/security/nss/lib/ssl/SSLerrs.h @@ -434,3 +434,9 @@ ER3(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 134), ER3(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 135), "The peer used an unsupported combination of signature and hash algorithm.") + +ER3(SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 136), +"The peer tried to resume without a correct extended_master_secret extension") + +ER3(SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 137), +"The peer tried to resume with an unexpected extended_master_secret extension") diff --git a/security/nss/lib/ssl/derive.c b/security/nss/lib/ssl/derive.c index b7c38c30..8b58b800 100644 --- a/security/nss/lib/ssl/derive.c +++ b/security/nss/lib/ssl/derive.c @@ -431,7 +431,7 @@ key_and_mac_derive_fail: * so isRSA is always true. */ SECStatus -ssl3_MasterKeyDeriveBypass( +ssl3_MasterSecretDeriveBypass( ssl3CipherSpec * pwSpec, const unsigned char * cr, const unsigned char * sr, diff --git a/security/nss/lib/ssl/ssl.h b/security/nss/lib/ssl/ssl.h index 40f8476d..2a527693 100644 --- a/security/nss/lib/ssl/ssl.h +++ b/security/nss/lib/ssl/ssl.h @@ -196,6 +196,14 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd); */ #define SSL_ENABLE_SERVER_DHE 29 +/* Use draft-ietf-tls-session-hash. Controls whether we offer the + * extended_master_secret extension which, when accepted, hashes + * the handshake transcript into the master secret. This option is + * disabled by default. + */ +#define SSL_ENABLE_EXTENDED_MASTER_SECRET 30 + + #ifdef SSL_DEPRECATED_FUNCTION /* Old deprecated function names */ SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index b22bc004..5d7734f8 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -62,6 +62,10 @@ static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, const unsigned char *b, unsigned int l); static SECOidTag ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc); +static SECStatus ssl3_ComputeHandshakeHashes(sslSocket *ss, + ssl3CipherSpec *spec, + SSL3Hashes *hashes, + PRUint32 sender); static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, @@ -2221,7 +2225,11 @@ fail: * Sets error code, but caller probably should override to disambiguate. * NULL pms means re-use old master_secret. * - * This code is common to the bypass and PKCS11 execution paths. + * This code is common to the bypass and PKCS11 execution paths. For + * the bypass case, pms is NULL. If the old master secret is reused, + * pms is NULL and the master secret is already in either + * pwSpec->msItem.len (the bypass case) or pwSpec->master_secret. + * * For the bypass case, pms is NULL. */ SECStatus @@ -3627,13 +3635,70 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf) return SECSuccess; } -/* This method uses PKCS11 to derive the MS from the PMS, where PMS -** is a PKCS11 symkey. This is used in all cases except the -** "triple bypass" with RSA key exchange. -** Called from ssl3_InitPendingCipherSpec. prSpec is pwSpec. +/* This method completes the derivation of the MS from the PMS. +** +** 1. Derive the MS, if possible, else return an error. +** +** 2. Check the version if |pms_version| is non-zero and if wrong, +** return an error. +** +** 3. If |msp| is nonzero, return MS in |*msp|. + +** Called from: +** ssl3_ComputeMasterSecretInt +** tls_ComputeExtendedMasterSecretInt */ static SECStatus -ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) +ssl3_ComputeMasterSecretFinish(sslSocket *ss, + CK_MECHANISM_TYPE master_derive, + CK_MECHANISM_TYPE key_derive, + CK_VERSION *pms_version, + SECItem *params, CK_FLAGS keyFlags, + PK11SymKey *pms, PK11SymKey **msp) +{ + PK11SymKey *ms = NULL; + + ms = PK11_DeriveWithFlags(pms, master_derive, + params, key_derive, + CKA_DERIVE, 0, keyFlags); + if (!ms) { + ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); + return SECFailure; + } + + if (pms_version && ss->opt.detectRollBack) { + SSL3ProtocolVersion client_version; + client_version = pms_version->major << 8 | pms_version->minor; + + if (IS_DTLS(ss)) { + client_version = dtls_DTLSVersionToTLSVersion(client_version); + } + + if (client_version != ss->clientHelloVersion) { + /* Destroy MS. Version roll-back detected. */ + PK11_FreeSymKey(ms); + ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); + return SECFailure; + } + } + + if (msp) { + *msp = ms; + } else { + PK11_FreeSymKey(ms); + } + + return SECSuccess; +} + +/* Compute the ordinary (pre draft-ietf-tls-session-hash) master + ** secret and return it in |*msp|. + ** + ** Called from: ssl3_ComputeMasterSecret + */ +static SECStatus +ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms, + PK11SymKey **msp) { ssl3CipherSpec * pwSpec = ss->ssl3.pwSpec; const ssl3KEADef *kea_def= ss->ssl3.hs.kea_def; @@ -3643,26 +3708,23 @@ ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) (pwSpec->version > SSL_LIBRARY_VERSION_3_0)); PRBool isTLS12= (PRBool)(isTLS && pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); - /* + /* * Whenever isDH is true, we need to use CKM_TLS_MASTER_KEY_DERIVE_DH * which, unlike CKM_TLS_MASTER_KEY_DERIVE, converts arbitrary size - * data into a 48-byte value. + * data into a 48-byte value, and does not expect to return the version. */ PRBool isDH = (PRBool) ((ss->ssl3.hs.kea_def->exchKeyType == kt_dh) || (ss->ssl3.hs.kea_def->exchKeyType == kt_ecdh)); - SECStatus rv = SECFailure; CK_MECHANISM_TYPE master_derive; CK_MECHANISM_TYPE key_derive; SECItem params; CK_FLAGS keyFlags; CK_VERSION pms_version; + CK_VERSION *pms_version_ptr = NULL; /* master_params may be used as a CK_SSL3_MASTER_KEY_DERIVE_PARAMS */ CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params; unsigned int master_params_len; - PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); - PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); - PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); if (isTLS12) { if(isDH) master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH; else master_derive = CKM_TLS12_MASTER_KEY_DERIVE; @@ -3680,93 +3742,142 @@ ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) keyFlags = 0; } - if (pms || !pwSpec->master_secret) { - if (isDH) { - master_params.pVersion = NULL; - } else { - master_params.pVersion = &pms_version; - } - master_params.RandomInfo.pClientRandom = cr; - master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH; - master_params.RandomInfo.pServerRandom = sr; - master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH; - if (isTLS12) { - master_params.prfHashMechanism = CKM_SHA256; - master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS); - } else { - master_params_len = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS); - } - - params.data = (unsigned char *) &master_params; - params.len = master_params_len; + if (!isDH) { + pms_version_ptr = &pms_version; } - if (pms != NULL) { -#if defined(TRACE) - if (ssl_trace >= 100) { - SECStatus extractRV = PK11_ExtractKeyValue(pms); - if (extractRV == SECSuccess) { - SECItem * keyData = PK11_GetKeyData(pms); - if (keyData && keyData->data && keyData->len) { - ssl_PrintBuf(ss, "Pre-Master Secret", - keyData->data, keyData->len); - } - } - } -#endif - pwSpec->master_secret = PK11_DeriveWithFlags(pms, master_derive, - ¶ms, key_derive, CKA_DERIVE, 0, keyFlags); - if (!isDH && pwSpec->master_secret && ss->opt.detectRollBack) { - SSL3ProtocolVersion client_version; - client_version = pms_version.major << 8 | pms_version.minor; - - if (IS_DTLS(ss)) { - client_version = dtls_DTLSVersionToTLSVersion(client_version); - } - - if (client_version != ss->clientHelloVersion) { - /* Destroy it. Version roll-back detected. */ - PK11_FreeSymKey(pwSpec->master_secret); - pwSpec->master_secret = NULL; - } - } - if (pwSpec->master_secret == NULL) { - /* Generate a faux master secret in the same slot as the old one. */ - PK11SlotInfo * slot = PK11_GetSlotFromKey((PK11SymKey *)pms); - PK11SymKey * fpms = ssl3_GenerateRSAPMS(ss, pwSpec, slot); - - PK11_FreeSlot(slot); - if (fpms != NULL) { - pwSpec->master_secret = PK11_DeriveWithFlags(fpms, - master_derive, ¶ms, key_derive, - CKA_DERIVE, 0, keyFlags); - PK11_FreeSymKey(fpms); - } - } + master_params.pVersion = pms_version_ptr; + master_params.RandomInfo.pClientRandom = cr; + master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH; + master_params.RandomInfo.pServerRandom = sr; + master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH; + if (isTLS12) { + master_params.prfHashMechanism = CKM_SHA256; + master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS); + } else { + /* prfHashMechanism is not relevant with this PRF */ + master_params_len = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS); } - if (pwSpec->master_secret == NULL) { - /* Generate a faux master secret from the internal slot. */ - PK11SlotInfo * slot = PK11_GetInternalSlot(); - PK11SymKey * fpms = ssl3_GenerateRSAPMS(ss, pwSpec, slot); - PK11_FreeSlot(slot); - if (fpms != NULL) { - pwSpec->master_secret = PK11_DeriveWithFlags(fpms, - master_derive, ¶ms, key_derive, - CKA_DERIVE, 0, keyFlags); - if (pwSpec->master_secret == NULL) { - pwSpec->master_secret = fpms; /* use the fpms as the master. */ - fpms = NULL; - } - } - if (fpms) { - PK11_FreeSymKey(fpms); - } + params.data = (unsigned char *) &master_params; + params.len = master_params_len; + + return ssl3_ComputeMasterSecretFinish(ss, master_derive, key_derive, + pms_version_ptr, ¶ms, + keyFlags, pms, msp); +} + +/* Compute the draft-ietf-tls-session-hash master +** secret and return it in |*msp|. +** +** Called from: ssl3_ComputeMasterSecret +*/ +static SECStatus +tls_ComputeExtendedMasterSecretInt(sslSocket *ss, PK11SymKey *pms, + PK11SymKey **msp) +{ + ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec; + CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS extended_master_params; + SSL3Hashes hashes; + /* + * Determine whether to use the DH/ECDH or RSA derivation modes. + */ + /* + * TODO(ekr@rtfm.com): Verify that the slot can handle this key expansion + * mode. Bug 1198298 */ + PRBool isDH = (PRBool) ((ss->ssl3.hs.kea_def->exchKeyType == kt_dh) || + (ss->ssl3.hs.kea_def->exchKeyType == kt_ecdh)); + CK_MECHANISM_TYPE master_derive; + CK_MECHANISM_TYPE key_derive; + SECItem params; + const CK_FLAGS keyFlags = CKF_SIGN | CKF_VERIFY; + CK_VERSION pms_version; + CK_VERSION *pms_version_ptr = NULL; + SECStatus rv; + + rv = ssl3_ComputeHandshakeHashes(ss, pwSpec, &hashes, 0); + if (rv != SECSuccess) { + PORT_Assert(0); /* Should never fail */ + ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); + return SECFailure; } - if (pwSpec->master_secret == NULL) { - ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); - return rv; + + if (isDH) { + master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH; + } else { + master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE; + pms_version_ptr = &pms_version; } + + if (pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) { + /* TLS 1.2 */ + extended_master_params.prfHashMechanism = CKM_SHA256; + key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; + } else { + /* TLS < 1.2 */ + extended_master_params.prfHashMechanism = CKM_TLS_PRF; + key_derive = CKM_TLS_KEY_AND_MAC_DERIVE; + } + + extended_master_params.pVersion = pms_version_ptr; + extended_master_params.pSessionHash = hashes.u.raw; + extended_master_params.ulSessionHashLen = hashes.len; + + params.data = (unsigned char *) &extended_master_params; + params.len = sizeof extended_master_params; + + return ssl3_ComputeMasterSecretFinish(ss, master_derive, key_derive, + pms_version_ptr, ¶ms, + keyFlags, pms, msp); +} + + +/* Wrapper method to compute the master secret and return it in |*msp|. +** +** Called from ssl3_ComputeMasterSecret +*/ +static SECStatus +ssl3_ComputeMasterSecret(sslSocket *ss, PK11SymKey *pms, + PK11SymKey **msp) +{ + PORT_Assert(pms != NULL); + PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); + PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); + + if (ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) { + return tls_ComputeExtendedMasterSecretInt(ss, pms, msp); + } else { + return ssl3_ComputeMasterSecretInt(ss, pms, msp); + } +} + +/* This method uses PKCS11 to derive the MS from the PMS, where PMS +** is a PKCS11 symkey. We call ssl3_ComputeMasterSecret to do the +** computations and then modify the pwSpec->state as a side effect. +** +** This is used in all cases except the "triple bypass" with RSA key +** exchange. +** +** Called from ssl3_InitPendingCipherSpec. prSpec is pwSpec. +*/ +static SECStatus +ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) +{ + SECStatus rv; + PK11SymKey* ms = NULL; + ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec; + + PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); + PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); + PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); + + if (pms) { + rv = ssl3_ComputeMasterSecret(ss, pms, &ms); + pwSpec->master_secret = ms; + if (rv != SECSuccess) + return rv; + } + #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11) { SECItem * keydata; @@ -3777,7 +3888,7 @@ ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) rv = PK11_ExtractKeyValue(pwSpec->master_secret); if (rv != SECSuccess) { return rv; - } + } /* This returns the address of the secItem inside the key struct, * not a copy or a reference. So, there's no need to free it. */ @@ -3792,10 +3903,10 @@ ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) } } #endif + return SECSuccess; } - /* * Derive encryption and MAC Keys (and IVs) from master secret * Sets a useful error code when returning SECFailure. @@ -4628,11 +4739,6 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, /* compute them without PKCS11 */ PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; - if (!spec->msItem.data) { - PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); - return SECFailure; - } - ss->ssl3.hs.sha_clone(sha_cx, ss->ssl3.hs.sha_cx); ss->ssl3.hs.sha_obj->end(sha_cx, hashes->u.raw, &hashes->len, sizeof(hashes->u.raw)); @@ -4651,11 +4757,6 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, #define md5cx ((MD5Context *)md5_cx) #define shacx ((SHA1Context *)sha_cx) - if (!spec->msItem.data) { - PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); - return SECFailure; - } - MD5_Clone (md5cx, (MD5Context *)ss->ssl3.hs.md5_cx); SHA1_Clone(shacx, (SHA1Context *)ss->ssl3.hs.sha_cx); @@ -4663,6 +4764,12 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, /* compute hashes for SSL3. */ unsigned char s[4]; + if (!spec->msItem.data) { + PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); + return SECFailure; + } + + s[0] = (unsigned char)(sender >> 24); s[1] = (unsigned char)(sender >> 16); s[2] = (unsigned char)(sender >> 8); @@ -4735,11 +4842,6 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, unsigned char stackBuf[1024]; unsigned char *stateBuf = NULL; - if (!spec->master_secret) { - PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); - return SECFailure; - } - h = ss->ssl3.hs.sha; stateBuf = PK11_SaveContextAlloc(h, stackBuf, sizeof(stackBuf), &stateLen); @@ -4779,11 +4881,6 @@ tls12_loser: unsigned char md5StackBuf[256]; unsigned char shaStackBuf[512]; - if (!spec->master_secret) { - PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); - return SECFailure; - } - md5StateBuf = PK11_SaveContextAlloc(ss->ssl3.hs.md5, md5StackBuf, sizeof md5StackBuf, &md5StateLen); if (md5StateBuf == NULL) { @@ -4804,6 +4901,12 @@ tls12_loser: /* compute hashes for SSL3. */ unsigned char s[4]; + if (!spec->master_secret) { + PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); + return SECFailure; + } + + s[0] = (unsigned char)(sender >> 24); s[1] = (unsigned char)(sender >> 16); s[2] = (unsigned char)(sender >> 8); @@ -6049,14 +6152,6 @@ sendRSAClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) } } - rv = ssl3_InitPendingCipherSpec(ss, pms); - PK11_FreeSymKey(pms); pms = NULL; - - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - goto loser; - } - rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, isTLS ? enc_pms.len + 2 : enc_pms.len); if (rv != SECSuccess) { @@ -6071,6 +6166,15 @@ sendRSAClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) goto loser; /* err set by ssl3_AppendHandshake* */ } + rv = ssl3_InitPendingCipherSpec(ss, pms); + PK11_FreeSymKey(pms); + pms = NULL; + + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + goto loser; + } + rv = SECSuccess; loser: @@ -6140,14 +6244,6 @@ sendDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) SECKEY_DestroyPrivateKey(privKey); privKey = NULL; - rv = ssl3_InitPendingCipherSpec(ss, pms); - PK11_FreeSymKey(pms); pms = NULL; - - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - goto loser; - } - rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, pubKey->u.dh.publicValue.len + 2); if (rv != SECSuccess) { @@ -6163,8 +6259,16 @@ sendDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) goto loser; /* err set by ssl3_AppendHandshake* */ } - rv = SECSuccess; + rv = ssl3_InitPendingCipherSpec(ss, pms); + PK11_FreeSymKey(pms); + pms = NULL; + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + goto loser; + } + + rv = SECSuccess; loser: @@ -6561,6 +6665,32 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECItem wrappedMS; /* wrapped master secret. */ + /* [draft-ietf-tls-session-hash-06; Section 5.3] + * + * o If the original session did not use the "extended_master_secret" + * extension but the new ServerHello contains the extension, the + * client MUST abort the handshake. + */ + if (!sid->u.ssl3.keys.extendedMasterSecretUsed && + ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) { + errCode = SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET; + goto alert_loser; + } + + /* + * o If the original session used an extended master secret but the new + * ServerHello does not contain the "extended_master_secret" + * extension, the client SHOULD abort the handshake. + * + * TODO(ekr@rtfm.com): Add option to refuse to resume when EMS is not + * used at all (bug 1176526). + */ + if (sid->u.ssl3.keys.extendedMasterSecretUsed && + !ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) { + errCode = SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET; + goto alert_loser; + } + ss->sec.authAlgorithm = sid->authAlgorithm; ss->sec.authKeyBits = sid->authKeyBits; ss->sec.keaType = sid->keaType; @@ -6662,7 +6792,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); } - /* NULL value for PMS signifies re-use of the old MS */ + /* NULL value for PMS because we are reusing the old MS */ rv = ssl3_InitPendingCipherSpec(ss, NULL); if (rv != SECSuccess) { goto alert_loser; /* err code was set */ @@ -6691,6 +6821,9 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) sid->u.ssl3.sessionIDLength = sidBytes.len; PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len); + sid->u.ssl3.keys.extendedMasterSecretUsed = + ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn); + ss->ssl3.hs.isResuming = PR_FALSE; if (ss->ssl3.hs.kea_def->signKeyType != sign_null) { /* All current cipher suites other than those with sign_null (i.e., @@ -7628,6 +7761,7 @@ ssl3_NewSessionID(sslSocket *ss, PRBool is_server) sid->u.ssl3.policy = SSL_ALLOWED; sid->u.ssl3.clientWriteKey = NULL; sid->u.ssl3.serverWriteKey = NULL; + sid->u.ssl3.keys.extendedMasterSecretUsed = PR_FALSE; if (is_server) { SECStatus rv; @@ -8188,6 +8322,8 @@ compression_found: /* If there are any failures while processing the old sid, * we don't consider them to be errors. Instead, We just behave * as if the client had sent us no sid to begin with, and make a new one. + * The exception here is attempts to resume extended_master_secret + * sessions without the extension, which causes an alert. */ if (sid != NULL) do { ssl3CipherSpec *pwSpec; @@ -8199,6 +8335,30 @@ compression_found: break; /* not an error */ } + /* [draft-ietf-tls-session-hash-06; Section 5.3] + * o If the original session did not use the "extended_master_secret" + * extension but the new ClientHello contains the extension, then the + * server MUST NOT perform the abbreviated handshake. Instead, it + * SHOULD continue with a full handshake (as described in + * Section 5.2) to negotiate a new session. + * + * o If the original session used the "extended_master_secret" + * extension but the new ClientHello does not contain the extension, + * the server MUST abort the abbreviated handshake. + */ + if (ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) { + if (!sid->u.ssl3.keys.extendedMasterSecretUsed) { + break; /* not an error */ + } + } else { + if (sid->u.ssl3.keys.extendedMasterSecretUsed) { + /* Note: we do not destroy the session */ + desc = handshake_failure; + errCode = SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET; + goto alert_loser; + } + } + if (ss->sec.ci.sid) { if (ss->sec.uncache) ss->sec.uncache(ss->sec.ci.sid); @@ -8339,7 +8499,7 @@ compression_found: haveSpecWriteLock = PR_FALSE; } - /* NULL value for PMS signifies re-use of the old MS */ + /* NULL value for PMS because we are re-using the old MS */ rv = ssl3_InitPendingCipherSpec(ss, NULL); if (rv != SECSuccess) { errCode = PORT_GetError(); @@ -8530,6 +8690,8 @@ compression_found: } ss->sec.ci.sid = sid; + sid->u.ssl3.keys.extendedMasterSecretUsed = + ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn); ss->ssl3.hs.isResuming = PR_FALSE; ssl_GetXmitBufLock(ss); rv = ssl3_SendServerHelloSequence(ss); @@ -9276,7 +9438,7 @@ ssl3_SendCertificateRequest(sslSocket *ss) int nnames = 0; int certTypesLength; PRUint8 sigAlgs[MAX_SIGNATURE_ALGORITHMS * 2]; - unsigned int sigAlgsLength; + unsigned int sigAlgsLength = 0; SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake", SSL_GETPID(), ss->fd)); @@ -9540,18 +9702,17 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, PRUint32 length, SECKEYPrivateKey *serverKey) { - PK11SymKey * pms; #ifndef NO_PKCS11_BYPASS unsigned char * cr = (unsigned char *)&ss->ssl3.hs.client_random; unsigned char * sr = (unsigned char *)&ss->ssl3.hs.server_random; ssl3CipherSpec * pwSpec = ss->ssl3.pwSpec; unsigned int outLen = 0; -#endif PRBool isTLS = PR_FALSE; + SECItem pmsItem = {siBuffer, NULL, 0}; + unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH]; +#endif SECStatus rv; SECItem enc_pms; - unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH]; - SECItem pmsItem = {siBuffer, NULL, 0}; PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); @@ -9559,8 +9720,10 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, enc_pms.data = b; enc_pms.len = length; +#ifndef NO_PKCS11_BYPASS pmsItem.data = rsaPmsBuf; pmsItem.len = sizeof rsaPmsBuf; +#endif if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */ PRInt32 kLen; @@ -9572,13 +9735,24 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, if ((unsigned)kLen < enc_pms.len) { enc_pms.len = kLen; } +#ifndef NO_PKCS11_BYPASS isTLS = PR_TRUE; +#endif } else { +#ifndef NO_PKCS11_BYPASS isTLS = (PRBool)(ss->ssl3.hs.kea_def->tls_keygen != 0); +#endif } #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11) { + /* We have not implemented a tls_ExtendedMasterKeyDeriveBypass + * and will not negotiate this extension in bypass mode. This + * assert just double-checks that. + */ + PORT_Assert( + !ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)); + /* TRIPLE BYPASS, get PMS directly from RSA decryption. * Use PK11_PrivDecryptPKCS1 to decrypt the PMS to a buffer, * then, check for version rollback attack, then @@ -9606,8 +9780,8 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, } } /* have PMS, build MS without PKCS11 */ - rv = ssl3_MasterKeyDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS, - PR_TRUE); + rv = ssl3_MasterSecretDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS, + PR_TRUE); if (rv != SECSuccess) { pwSpec->msItem.data = pwSpec->raw_master_secret; pwSpec->msItem.len = SSL3_MASTER_SECRET_LENGTH; @@ -9617,46 +9791,107 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, } else #endif { + PK11SymKey *tmpPms[2] = {NULL, NULL}; + PK11SlotInfo *slot; + int useFauxPms = 0; +#define currentPms tmpPms[!useFauxPms] +#define unusedPms tmpPms[useFauxPms] +#define realPms tmpPms[1] +#define fauxPms tmpPms[0] + #ifndef NO_PKCS11_BYPASS double_bypass: #endif - /* - * unwrap pms out of the incoming buffer - * Note: CKM_SSL3_MASTER_KEY_DERIVE is NOT the mechanism used to do - * the unwrap. Rather, it is the mechanism with which the - * unwrapped pms will be used. - */ - pms = PK11_PubUnwrapSymKey(serverKey, &enc_pms, - CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, 0); - if (pms != NULL) { - PRINT_BUF(60, (ss, "decrypted premaster secret:", - PK11_GetKeyData(pms)->data, - PK11_GetKeyData(pms)->len)); - } else { - /* unwrap failed. Generate a bogus PMS and carry on. */ - PK11SlotInfo * slot = PK11_GetSlotFromPrivateKey(serverKey); - ssl_GetSpecWriteLock(ss); - pms = ssl3_GenerateRSAPMS(ss, ss->ssl3.prSpec, slot); - ssl_ReleaseSpecWriteLock(ss); - PK11_FreeSlot(slot); - } + /* + * Get as close to algorithm 2 from RFC 5246; Section 7.4.7.1 + * as we can within the constraints of the PKCS#11 interface. + * + * 1. Unconditionally generate a bogus PMS (what RFC 5246 + * calls R). + * 2. Attempt the RSA decryption to recover the PMS (what + * RFC 5246 calls M). + * 3. Set PMS = (M == NULL) ? R : M + * 4. Use ssl3_ComputeMasterSecret(PMS) to attempt to derive + * the MS from PMS. This includes performing the version + * check and length check. + * 5. If either the initial RSA decryption failed or + * ssl3_ComputeMasterSecret(PMS) failed, then discard + * M and set PMS = R. Else, discard R and set PMS = M. + * + * We do two derivations here because we can't rely on having + * a function that only performs the PMS version and length + * check. The only redundant cost is that this runs the PRF, + * which isn't necessary here. + */ - if (pms == NULL) { - /* last gasp. */ + /* Generate the bogus PMS (R) */ + slot = PK11_GetSlotFromPrivateKey(serverKey); + if (!slot) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + + if (!PK11_DoesMechanism(slot, CKM_SSL3_MASTER_KEY_DERIVE)) { + PK11_FreeSlot(slot); + slot = PK11_GetBestSlot(CKM_SSL3_MASTER_KEY_DERIVE, NULL); + if (!slot) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + } + + ssl_GetSpecWriteLock(ss); + fauxPms = ssl3_GenerateRSAPMS(ss, ss->ssl3.prSpec, slot); + ssl_ReleaseSpecWriteLock(ss); + PK11_FreeSlot(slot); + + if (fauxPms == NULL) { ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); return SECFailure; } + /* + * unwrap pms out of the incoming buffer + * Note: CKM_SSL3_MASTER_KEY_DERIVE is NOT the mechanism used to do + * the unwrap. Rather, it is the mechanism with which the + * unwrapped pms will be used. + */ + realPms = PK11_PubUnwrapSymKey(serverKey, &enc_pms, + CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, 0); + /* Temporarily use the PMS if unwrapping the real PMS fails. */ + useFauxPms |= (realPms == NULL); + + /* Attempt to derive the MS from the PMS. This is the only way to + * check the version field in the RSA PMS. If this fails, we + * then use the faux PMS in place of the PMS. Note that this + * operation should never fail if we are using the faux PMS + * since it is correctly formatted. */ + rv = ssl3_ComputeMasterSecret(ss, currentPms, NULL); + + /* If we succeeded, then select the true PMS and discard the + * FPMS. Else, select the FPMS and select the true PMS */ + useFauxPms |= (rv != SECSuccess); + + if (unusedPms) { + PK11_FreeSymKey(unusedPms); + } + /* This step will derive the MS from the PMS, among other things. */ - rv = ssl3_InitPendingCipherSpec(ss, pms); - PK11_FreeSymKey(pms); + rv = ssl3_InitPendingCipherSpec(ss, currentPms); + PK11_FreeSymKey(currentPms); } if (rv != SECSuccess) { SEND_ALERT return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */ } + +#undef currentPms +#undef unusedPms +#undef realPms +#undef fauxPms + return SECSuccess; } diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index 43af5294..dac21744 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -319,14 +319,6 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) SECKEY_DestroyPrivateKey(privKey); privKey = NULL; - rv = ssl3_InitPendingCipherSpec(ss, pms); - PK11_FreeSymKey(pms); pms = NULL; - - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - goto loser; - } - rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, pubKey->u.ec.publicValue.len + 1); if (rv != SECSuccess) { @@ -343,6 +335,14 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) goto loser; /* err set by ssl3_AppendHandshake* */ } + rv = ssl3_InitPendingCipherSpec(ss, pms); + PK11_FreeSymKey(pms); pms = NULL; + + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + goto loser; + } + rv = SECSuccess; loser: diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index c45f2954..07d79294 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -91,6 +91,12 @@ static PRInt32 ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); static SECStatus ssl3_ServerHandleDraftVersionXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data); +static PRInt32 ssl3_SendExtendedMasterSecretXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); +static SECStatus ssl3_HandleExtendedMasterSecretXtn(sslSocket *ss, + PRUint16 ex_type, + SECItem *data); + /* * Write bytes. Using this function means the SECItem structure @@ -256,6 +262,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = { { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ServerHandleDraftVersionXtn }, + { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn }, { -1, NULL } }; @@ -270,6 +277,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn }, { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, + { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn }, { -1, NULL } }; @@ -299,6 +307,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn }, + { ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn}, /* any extra entries will appear as { 0, NULL } */ }; @@ -1182,6 +1191,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) + cert_length /* cert */ + 1 /* server name type */ + srvNameLen /* name len + length field */ + + 1 /* extendedMasterSecretUsed */ + sizeof(ticket.ticket_lifetime_hint); padding_length = AES_BLOCK_SIZE - (ciphertext_length % AES_BLOCK_SIZE); @@ -1280,6 +1290,11 @@ ssl3_SendNewSessionTicket(sslSocket *ss) if (rv != SECSuccess) goto loser; } + /* extendedMasterSecretUsed */ + rv = ssl3_AppendNumberToItem( + &plaintext, ss->sec.ci.sid->u.ssl3.keys.extendedMasterSecretUsed, 1); + if (rv != SECSuccess) goto loser; + PORT_Assert(plaintext.len == padding_length); for (i = 0; i < padding_length; i++) plaintext.data[i] = (unsigned char)padding_length; @@ -1637,9 +1652,10 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, goto loser; } - /* Read ticket_version (which is ignored for now.) */ + /* Read ticket_version and reject if the version is wrong */ temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; + if (temp != TLS_EX_SESS_TICKET_VERSION) goto no_ticket; + parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp; /* Read SSLVersion. */ @@ -1740,6 +1756,13 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, parsed_session_ticket->srvName.type = nameType; } + /* Read extendedMasterSecretUsed */ + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) + goto no_ticket; + PORT_Assert(temp == PR_TRUE || temp == PR_FALSE); + parsed_session_ticket->extendedMasterSecretUsed = (PRBool)temp; + /* Done parsing. Check that all bytes have been consumed. */ if (buffer_len != padding_length) goto no_ticket; @@ -1786,6 +1809,8 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, parsed_session_ticket->ms_is_wrapped; sid->u.ssl3.masterValid = PR_TRUE; sid->u.ssl3.keys.resumable = PR_TRUE; + sid->u.ssl3.keys.extendedMasterSecretUsed = parsed_session_ticket-> + extendedMasterSecretUsed; /* Copy over client cert from session ticket if there is one. */ if (parsed_session_ticket->peer_cert.data != NULL) { @@ -2559,3 +2584,90 @@ ssl3_ServerHandleDraftVersionXtn(sslSocket * ss, PRUint16 ex_type, return SECSuccess; } + +static PRInt32 +ssl3_SendExtendedMasterSecretXtn(sslSocket * ss, PRBool append, + PRUint32 maxBytes) +{ + PRInt32 extension_length; + + if (!ss->opt.enableExtendedMS) { + return 0; + } + +#ifndef NO_PKCS11_BYPASS + /* Extended MS can only be used w/o bypass mode */ + if (ss->opt.bypassPKCS11) { + PORT_Assert(0); + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); + return -1; + } +#endif + + /* Always send the extension in this function, since the + * client always sends it and this function is only called on + * the server if we negotiated the extension. */ + extension_length = 4; /* Type + length (0) */ + if (maxBytes < extension_length) { + PORT_Assert(0); + return 0; + } + + if (append) { + SECStatus rv; + rv = ssl3_AppendHandshakeNumber(ss, ssl_extended_master_secret_xtn, 2); + if (rv != SECSuccess) + goto loser; + rv = ssl3_AppendHandshakeNumber(ss, 0, 2); + if (rv != SECSuccess) + goto loser; + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_extended_master_secret_xtn; + } + + return extension_length; + +loser: + return -1; +} + + +static SECStatus +ssl3_HandleExtendedMasterSecretXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data) +{ + if (ss->version < SSL_LIBRARY_VERSION_TLS_1_0) { + return SECSuccess; + } + + if (!ss->opt.enableExtendedMS) { + return SECSuccess; + } + +#ifndef NO_PKCS11_BYPASS + /* Extended MS can only be used w/o bypass mode */ + if (ss->opt.bypassPKCS11) { + PORT_Assert(0); + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); + return SECFailure; + } +#endif + + if (data->len != 0) { + SSL_TRC(30, ("%d: SSL3[%d]: Bogus extended master secret extension", + SSL_GETPID(), ss->fd)); + return SECFailure; + } + + SSL_DBG(("%d: SSL[%d]: Negotiated extended master secret extension.", + SSL_GETPID(), ss->fd)); + + /* Keep track of negotiated extensions. */ + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; + + if (ss->sec.isServer) { + return ssl3_RegisterServerHelloExtensionSender( + ss, ex_type, ssl3_SendExtendedMasterSecretXtn); + } + return SECSuccess; +} diff --git a/security/nss/lib/ssl/sslerr.h b/security/nss/lib/ssl/sslerr.h index 4e905438..192a1075 100644 --- a/security/nss/lib/ssl/sslerr.h +++ b/security/nss/lib/ssl/sslerr.h @@ -205,6 +205,9 @@ SSL_ERROR_RX_SHORT_DTLS_READ = (SSL_ERROR_BASE + 133), SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 134), SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 135), +SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 136), +SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 137), + SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ } SSLErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index dc3c73ee..43daa9d6 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -347,6 +347,7 @@ typedef struct sslOptionsStr { unsigned int reuseServerECDHEKey : 1; /* 28 */ unsigned int enableFallbackSCSV : 1; /* 29 */ unsigned int enableServerDhe : 1; /* 30 */ + unsigned int enableExtendedMS : 1; /* 31 */ } sslOptions; typedef enum { sslHandshakingUndetermined = 0, @@ -520,6 +521,7 @@ typedef struct { PRUint16 wrapped_master_secret_len; PRUint8 msIsWrapped; PRUint8 resumable; + PRUint8 extendedMasterSecretUsed; } ssl3SidKeys; /* 52 bytes */ typedef struct { @@ -1073,6 +1075,7 @@ typedef struct SessionTicketStr { CK_MECHANISM_TYPE msWrapMech; PRUint16 ms_length; SSL3Opaque master_secret[48]; + PRBool extendedMasterSecretUsed; ClientIdentity client_identity; SECItem peer_cert; PRUint32 timestamp; @@ -1598,7 +1601,7 @@ extern PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec, const unsigned char * cr, const unsigned char * sr, PRBool isTLS, PRBool isExport); -extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec, +extern SECStatus ssl3_MasterSecretDeriveBypass( ssl3CipherSpec * pwSpec, const unsigned char * cr, const unsigned char * sr, const SECItem * pms, PRBool isTLS, PRBool isRSA); @@ -1849,7 +1852,7 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey, /* Tell clients to consider tickets valid for this long. */ #define TLS_EX_SESS_TICKET_LIFETIME_HINT (2 * 24 * 60 * 60) /* 2 days */ -#define TLS_EX_SESS_TICKET_VERSION (0x0100) +#define TLS_EX_SESS_TICKET_VERSION (0x0101) extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned int length); diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c index 48b77b01..f631ec40 100644 --- a/security/nss/lib/ssl/sslinfo.c +++ b/security/nss/lib/ssl/sslinfo.c @@ -67,6 +67,8 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) inf.creationTime = sid->creationTime; inf.lastAccessTime = sid->lastAccessTime; inf.expirationTime = sid->expirationTime; + inf.extendedMasterSecretUsed = sid->u.ssl3.keys.extendedMasterSecretUsed; + if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */ inf.sessionIDLength = SSL2_SESSIONID_BYTES; memcpy(inf.sessionID, sid->u.ssl2.sessionID, diff --git a/security/nss/lib/ssl/sslsnce.c b/security/nss/lib/ssl/sslsnce.c index 3a80d060..f31b2e9c 100644 --- a/security/nss/lib/ssl/sslsnce.c +++ b/security/nss/lib/ssl/sslsnce.c @@ -120,14 +120,14 @@ struct sidCacheEntryStr { /* 2 */ ssl3CipherSuite cipherSuite; /* 2 */ PRUint16 compression; /* SSLCompressionMethod */ -/* 52 */ ssl3SidKeys keys; /* keys, wrapped as needed. */ +/* 54 */ ssl3SidKeys keys; /* keys, wrapped as needed. */ /* 4 */ PRUint32 masterWrapMech; /* 4 */ SSL3KEAType exchKeyType; /* 4 */ PRInt32 certIndex; /* 4 */ PRInt32 srvNameIndex; /* 32 */ PRUint8 srvNameHash[SHA256_LENGTH]; /* SHA256 name hash */ -/*104 */} ssl3; +/*108 */} ssl3; /* force sizeof(sidCacheEntry) to be a multiple of cache line size */ struct { /*120 */ PRUint8 filler[120]; /* 72+120==192, a multiple of 16 */ @@ -507,7 +507,6 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from) to->sessionIDLength = from->u.ssl3.sessionIDLength; to->u.ssl3.certIndex = -1; to->u.ssl3.srvNameIndex = -1; - PORT_Memcpy(to->sessionID, from->u.ssl3.sessionID, to->sessionIDLength); @@ -637,7 +636,7 @@ ConvertToSID(sidCacheEntry * from, to->authKeyBits = from->authKeyBits; to->keaType = from->keaType; to->keaKeyBits = from->keaKeyBits; - + return to; loser: @@ -1027,10 +1026,6 @@ CloseCache(cacheDesc *cache) memset(cache, 0, sizeof *cache); } -#ifdef __GNUC__ -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wstrict-aliasing" -#endif static SECStatus InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, int maxSrvNameCacheEntries, PRUint32 ssl2_timeout, @@ -1232,20 +1227,32 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, /* Fix pointers in our private copy of cache descriptor to point to ** spaces in shared memory */ - ptr = (ptrdiff_t)cache->cacheMem; - *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr; - *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr; - *(ptrdiff_t *)(&cache->certCacheLock) += ptr; - *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr; - *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr; - *(ptrdiff_t *)(&cache->sidCacheData ) += ptr; - *(ptrdiff_t *)(&cache->certCacheData) += ptr; - *(ptrdiff_t *)(&cache->keyCacheData ) += ptr; - *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr; - *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr; - *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr; - *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr; - *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr; + cache->sidCacheLocks = (sidCacheLock *) + (cache->cacheMem + (ptrdiff_t)cache->sidCacheLocks); + cache->keyCacheLock = (sidCacheLock *) + (cache->cacheMem + (ptrdiff_t)cache->keyCacheLock); + cache->certCacheLock = (sidCacheLock *) + (cache->cacheMem + (ptrdiff_t)cache->certCacheLock); + cache->srvNameCacheLock = (sidCacheLock *) + (cache->cacheMem + (ptrdiff_t)cache->srvNameCacheLock); + cache->sidCacheSets = (sidCacheSet *) + (cache->cacheMem + (ptrdiff_t)cache->sidCacheSets); + cache->sidCacheData = (sidCacheEntry *) + (cache->cacheMem + (ptrdiff_t)cache->sidCacheData); + cache->certCacheData = (certCacheEntry *) + (cache->cacheMem + (ptrdiff_t)cache->certCacheData); + cache->keyCacheData = (SSLWrappedSymWrappingKey *) + (cache->cacheMem + (ptrdiff_t)cache->keyCacheData); + cache->ticketKeyNameSuffix = (PRUint8 *) + (cache->cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix); + cache->ticketEncKey = (encKeyCacheEntry *) + (cache->cacheMem + (ptrdiff_t)cache->ticketEncKey); + cache->ticketMacKey = (encKeyCacheEntry *) + (cache->cacheMem + (ptrdiff_t)cache->ticketMacKey); + cache->ticketKeysValid = (PRUint32 *) + (cache->cacheMem + (ptrdiff_t)cache->ticketKeysValid); + cache->srvNameCacheData = (srvNameCacheEntry *) + (cache->cacheMem + (ptrdiff_t)cache->srvNameCacheData); /* initialize the locks */ init_time = ssl_Time(); @@ -1270,9 +1277,6 @@ loser: CloseCache(cache); return SECFailure; } -#ifdef __GNUC__ -#pragma GCC diagnostic pop -#endif PRUint32 SSL_GetMaxServerCacheLocks(void) @@ -1491,7 +1495,6 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString) char * fmString = NULL; char * myEnvString = NULL; unsigned int decoLen; - ptrdiff_t ptr; inheritance inherit; cacheDesc my; #ifdef WINNT @@ -1587,20 +1590,32 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString) /* Fix pointers in our private copy of cache descriptor to point to ** spaces in shared memory, whose address is now in "my". */ - ptr = (ptrdiff_t)my.cacheMem; - *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr; - *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr; - *(ptrdiff_t *)(&cache->certCacheLock) += ptr; - *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr; - *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr; - *(ptrdiff_t *)(&cache->sidCacheData ) += ptr; - *(ptrdiff_t *)(&cache->certCacheData) += ptr; - *(ptrdiff_t *)(&cache->keyCacheData ) += ptr; - *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr; - *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr; - *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr; - *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr; - *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr; + cache->sidCacheLocks = (sidCacheLock *) + (my.cacheMem + (ptrdiff_t)cache->sidCacheLocks); + cache->keyCacheLock = (sidCacheLock *) + (my.cacheMem + (ptrdiff_t)cache->keyCacheLock); + cache->certCacheLock = (sidCacheLock *) + (my.cacheMem + (ptrdiff_t)cache->certCacheLock); + cache->srvNameCacheLock = (sidCacheLock *) + (my.cacheMem + (ptrdiff_t)cache->srvNameCacheLock); + cache->sidCacheSets = (sidCacheSet *) + (my.cacheMem + (ptrdiff_t)cache->sidCacheSets); + cache->sidCacheData = (sidCacheEntry *) + (my.cacheMem + (ptrdiff_t)cache->sidCacheData); + cache->certCacheData = (certCacheEntry *) + (my.cacheMem + (ptrdiff_t)cache->certCacheData); + cache->keyCacheData = (SSLWrappedSymWrappingKey *) + (my.cacheMem + (ptrdiff_t)cache->keyCacheData); + cache->ticketKeyNameSuffix = (PRUint8 *) + (my.cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix); + cache->ticketEncKey = (encKeyCacheEntry *) + (my.cacheMem + (ptrdiff_t)cache->ticketEncKey); + cache->ticketMacKey = (encKeyCacheEntry *) + (my.cacheMem + (ptrdiff_t)cache->ticketMacKey); + cache->ticketKeysValid = (PRUint32 *) + (my.cacheMem + (ptrdiff_t)cache->ticketKeysValid); + cache->srvNameCacheData = (srvNameCacheEntry *) + (my.cacheMem + (ptrdiff_t)cache->srvNameCacheData); cache->cacheMemMap = my.cacheMemMap; cache->cacheMem = my.cacheMem; diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index e3521516..81c3eec2 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -85,6 +85,7 @@ static sslOptions ssl_defaults = { PR_TRUE, /* reuseServerECDHEKey */ PR_FALSE, /* enableFallbackSCSV */ PR_TRUE, /* enableServerDhe */ + PR_FALSE /* enableExtendedMS */ }; /* @@ -825,6 +826,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) ss->opt.enableServerDhe = on; break; + case SSL_ENABLE_EXTENDED_MASTER_SECRET: + ss->opt.enableExtendedMS = on; + break; + default: PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; @@ -901,6 +906,8 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) on = ss->opt.reuseServerECDHEKey; break; case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break; case SSL_ENABLE_SERVER_DHE: on = ss->opt.enableServerDhe; break; + case SSL_ENABLE_EXTENDED_MASTER_SECRET: + on = ss->opt.enableExtendedMS; break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -973,6 +980,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) case SSL_ENABLE_SERVER_DHE: on = ssl_defaults.enableServerDhe; break; + case SSL_ENABLE_EXTENDED_MASTER_SECRET: + on = ssl_defaults.enableExtendedMS; + break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -1160,6 +1170,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) ssl_defaults.enableServerDhe = on; break; + case SSL_ENABLE_EXTENDED_MASTER_SECRET: + ssl_defaults.enableExtendedMS = on; + break; + default: PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h index 7aaa1604..6f5d609e 100644 --- a/security/nss/lib/ssl/sslt.h +++ b/security/nss/lib/ssl/sslt.h @@ -146,6 +146,12 @@ typedef struct SSLChannelInfoStr { /* compression method info */ const char * compressionMethodName; SSLCompressionMethod compressionMethod; + + /* The following fields are added in NSS 3.21. + * This field only has meaning in TLS < 1.3 and will be set to + * PR_FALSE in TLS 1.3. + */ + PRBool extendedMasterSecretUsed; } SSLChannelInfo; /* Preliminary channel info */ @@ -230,13 +236,14 @@ typedef enum { ssl_use_srtp_xtn = 14, ssl_app_layer_protocol_xtn = 16, ssl_padding_xtn = 21, + ssl_extended_master_secret_xtn = 23, ssl_session_ticket_xtn = 35, ssl_next_proto_nego_xtn = 13172, ssl_renegotiation_info_xtn = 0xff01, ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */ } SSLExtensionType; -#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */ +#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */ typedef enum { ssl_dhe_group_none = 0, diff --git a/security/nss/lib/util/pkcs11n.h b/security/nss/lib/util/pkcs11n.h index 097ff9c5..22e86b1e 100644 --- a/security/nss/lib/util/pkcs11n.h +++ b/security/nss/lib/util/pkcs11n.h @@ -28,7 +28,7 @@ /* * NSS-defined object classes - * + * */ #define CKO_NSS (CKO_VENDOR_DEFINED|NSSCK_VENDOR_NSS) @@ -166,7 +166,7 @@ #define CKM_NSS_JPAKE_ROUND1_SHA512 (CKM_NSS + 10) /* J-PAKE round 2 key derivation mechanisms. - * + * * Required template attributes: CKA_NSS_JPAKE_PEERID * Input key type: CKK_NSS_JPAKE_ROUND1 * Output key type: CKK_NSS_JPAKE_ROUND2 @@ -178,14 +178,14 @@ #define CKM_NSS_JPAKE_ROUND2_SHA384 (CKM_NSS + 13) #define CKM_NSS_JPAKE_ROUND2_SHA512 (CKM_NSS + 14) -/* J-PAKE final key material derivation mechanisms +/* J-PAKE final key material derivation mechanisms * * Input key type: CKK_NSS_JPAKE_ROUND2 * Output key type: CKK_GENERIC_SECRET * Output key class: CKO_SECRET_KEY * Parameter type: CK_NSS_JPAKEFinalParams * - * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material + * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material * to get a key with uniformly distributed bits. */ #define CKM_NSS_JPAKE_FINAL_SHA1 (CKM_NSS + 15) @@ -216,6 +216,10 @@ #define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23) #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) +/* TLS extended master secret derivation */ +#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE (CKM_NSS + 25) +#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH (CKM_NSS + 26) + /* * HISTORICAL: * Do not attempt to use these. They are only used by NETSCAPE's internal @@ -294,7 +298,7 @@ typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS { /* Mandatory parameter for the CKM_NSS_HKDF_* key deriviation mechanisms. See RFC 5869. - + bExtract: If set, HKDF-Extract will be applied to the input key. If the optional salt is given, it is used; otherwise, the salt is set to a sequence of zeros equal in length to the HMAC output. @@ -319,6 +323,31 @@ typedef struct CK_NSS_HKDFParams { CK_ULONG ulInfoLen; } CK_NSS_HKDFParams; +/* + * Parameter for the TLS extended master secret key derivation mechanisms: + * + * * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE + * * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH + * + * For the TLS 1.2 PRF, the prfHashMechanism parameter determines the hash + * function used. For earlier versions of the PRF, set the prfHashMechanism + * value to CKM_TLS_PRF. + * + * The session hash input is expected to be the output of the same hash + * function as the PRF uses (as required by draft-ietf-tls-session-hash). So + * the ulSessionHashLen member must be equal the output length of the hash + * function specified by the prfHashMechanism member (or, for pre-TLS 1.2 PRF, + * the length of concatenated MD5 and SHA-1 digests). + * + */ +typedef struct CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfHashMechanism; + CK_BYTE_PTR pSessionHash; + CK_ULONG ulSessionHashLen; + CK_VERSION_PTR pVersion; +} CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS; + + /* * Trust info * @@ -343,7 +372,7 @@ typedef CK_ULONG CK_TRUST; #define CKT_NSS_NOT_TRUSTED (CKT_NSS + 10) #define CKT_NSS_TRUST_UNKNOWN (CKT_NSS + 5) /* default */ -/* +/* * These may well remain NSS-specific; I'm only using them * to cache resolution data. */ @@ -454,7 +483,7 @@ typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated #define SECMOD_MODULE_DB_FUNCTION_FIND 0 #define SECMOD_MODULE_DB_FUNCTION_ADD 1 #define SECMOD_MODULE_DB_FUNCTION_DEL 2 -#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 +#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function, char *parameters, void *moduleSpec); diff --git a/security/nss/lib/util/secport.h b/security/nss/lib/util/secport.h index 1b8f4616..7d2f5e07 100644 --- a/security/nss/lib/util/secport.h +++ b/security/nss/lib/util/secport.h @@ -87,8 +87,14 @@ extern char *PORT_ArenaStrdup(PLArenaPool *arena, const char *str); SEC_END_PROTOS #define PORT_Assert PR_ASSERT -/* This runs a function that should return SECSuccess. */ -/* The value is asserted in a debug build, otherwise it is ignored. */ +/* This runs a function that should return SECSuccess. + * Intended for NSS internal use only. + * The return value is asserted in a debug build, otherwise it is ignored. + * This is no substitute for proper error handling. It is OK only if you + * have ensured that the function cannot fail by other means such as checking + * prerequisites. In that case this can be used as a safeguard against + * unexpected changes in a function. + */ #ifdef DEBUG #define PORT_CheckSuccess(f) PR_ASSERT((f) == SECSuccess) #else diff --git a/security/nss/lib/util/utilmod.c b/security/nss/lib/util/utilmod.c index 50e6c839..4be99ade 100644 --- a/security/nss/lib/util/utilmod.c +++ b/security/nss/lib/util/utilmod.c @@ -75,14 +75,15 @@ /* * Smart string cat functions. Automatically manage the memory. - * The first parameter is the source string. If it's null, we + * The first parameter is the destination string. If it's null, we * allocate memory for it. If it's not, we reallocate memory * so the the concanenated string fits. */ static char * nssutil_DupnCat(char *baseString, const char *str, int str_len) { - int len = (baseString ? PORT_Strlen(baseString) : 0) + 1; + int baseStringLen = baseString ? PORT_Strlen(baseString) : 0; + int len = baseStringLen + 1; char *newString; len += str_len; @@ -91,8 +92,9 @@ nssutil_DupnCat(char *baseString, const char *str, int str_len) PORT_Free(baseString); return NULL; } - if (baseString == NULL) *newString = 0; - return PORT_Strncat(newString,str, str_len); + PORT_Memcpy(&newString[baseStringLen], str, str_len); + newString[len - 1] = 0; + return newString; } /* Same as nssutil_DupnCat except it concatenates the full string, not a @@ -480,7 +482,7 @@ nssutil_DeleteSecmodDBEntry(const char *appName, char *block = NULL; char *name = NULL; char *lib = NULL; - int name_len, lib_len = 0; + int name_len = 0, lib_len = 0; PRBool skip = PR_FALSE; PRBool found = PR_FALSE; diff --git a/security/nss/tests/common/cleanup.sh b/security/nss/tests/common/cleanup.sh index 17a62bbc..8030045d 100644 --- a/security/nss/tests/common/cleanup.sh +++ b/security/nss/tests/common/cleanup.sh @@ -32,10 +32,10 @@ if [ -z "${CLEANUP}" -o "${CLEANUP}" = "${SCRIPTNAME}" ]; then echo "--------------" LINES_CNT=$(cat ${RESULTS} | grep ">Passed<" | wc -l | sed s/\ *//) echo "Passed: ${LINES_CNT}" - LINES_CNT=$(cat ${RESULTS} | grep ">Failed<" | wc -l | sed s/\ *//) - echo "Failed: ${LINES_CNT}" - LINES_CNT=$(cat ${RESULTS} | grep ">Failed Core<" | wc -l | sed s/\ *//) - echo "Failed with core: ${LINES_CNT}" + FAILED_CNT=$(cat ${RESULTS} | grep ">Failed<" | wc -l | sed s/\ *//) + echo "Failed: ${FAILED_CNT}" + CORE_CNT=$(cat ${RESULTS} | grep ">Failed Core<" | wc -l | sed s/\ *//) + echo "Failed with core: ${CORE_CNT}" LINES_CNT=$(cat ${RESULTS} | grep ">Unknown<" | wc -l | sed s/\ *//) echo "Unknown status: ${LINES_CNT}" if [ ${LINES_CNT} -gt 0 ]; then @@ -46,4 +46,8 @@ if [ -z "${CLEANUP}" -o "${CLEANUP}" = "${SCRIPTNAME}" ]; then html "END_OF_TEST
" html "" rm -f ${TEMPFILES} 2>/dev/null + if [ ${FAILED_CNT} -gt 0 ]; then + exit 1 + fi + fi From 5c0160b5fbdc8c6bcef7f8a3f1b4557b413376b1 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Tue, 7 Jan 2020 17:30:06 +0800 Subject: [PATCH 04/15] cherry-picked mozilla NSS upstream changes (to rev a245a4cc): bug1201704, bug1171631, bug572412, bug1119618, bug1177770, bug1148374, bug1208243(part-of), bug1117022, bug1205688, bug1209443, bug1208508, bug1208503, bug1209435, bug1209451, bug1209456, bug1209541, bug1208503, bug1209546 --- security/nss/cmd/fipstest/fipstest.c | 3897 ++++++++++------- security/nss/cmd/lib/derprint.c | 5 +- security/nss/cmd/pk11mode/pk11mode.c | 6 +- security/nss/lib/certhigh/certvfypkix.c | 4 - security/nss/lib/freebl/Makefile | 2 +- security/nss/lib/freebl/nsslowhash.h | 5 + .../nss/lib/libpkix/include/pkix_revchecker.h | 6 +- security/nss/lib/pk11wrap/pk11cert.c | 1 + security/nss/lib/pk11wrap/pk11slot.c | 1 + security/nss/lib/pkcs7/p7common.c | 5 +- security/nss/lib/smime/cmscinfo.c | 2 +- security/nss/lib/smime/cmssiginfo.c | 1 + security/nss/lib/softoken/legacydb/Makefile | 14 +- security/nss/lib/softoken/legacydb/lginit.c | 10 +- security/nss/lib/softoken/legacydb/lgutil.c | 6 +- security/nss/lib/softoken/legacydb/pcertdb.c | 7 +- security/nss/lib/softoken/pkcs11c.c | 2 + security/nss/lib/ssl/ssl3con.c | 59 +- security/nss/lib/ssl/ssl3ecc.c | 9 +- security/nss/tests/all.sh | 6 +- security/nss/tests/common/init.sh | 2 +- security/nss/tests/ssl/ssl.sh | 4 +- security/nss/tests/ssl/sslauth.txt | 12 +- 23 files changed, 2432 insertions(+), 1634 deletions(-) diff --git a/security/nss/cmd/fipstest/fipstest.c b/security/nss/cmd/fipstest/fipstest.c index 1561e737..6a2cf2cc 100644 --- a/security/nss/cmd/fipstest/fipstest.c +++ b/security/nss/cmd/fipstest/fipstest.c @@ -17,6 +17,21 @@ #include "hasht.h" #include "lowkeyi.h" #include "softoken.h" +#include "pkcs11t.h" +#define __PASTE(x,y) x##y +#undef CK_PKCS11_FUNCTION_INFO +#undef CK_NEED_ARG_LIST +#define CK_EXTERN extern +#define CK_PKCS11_FUNCTION_INFO(func) \ + CK_RV __PASTE(NS,func) +#define CK_NEED_ARG_LIST 1 +#include "pkcs11f.h" +#undef CK_PKCS11_FUNCTION_INFO +#undef CK_NEED_ARG_LIST +#undef __PASTE +#define SSL3_RANDOM_LENGTH 32 + + #if 0 #include "../../lib/freebl/mpi/mpi.h" @@ -46,18 +61,18 @@ hex_to_byteval(const char *c2, unsigned char *byteval) unsigned char offset; *byteval = 0; for (i=0; i<2; i++) { - if (c2[i] >= '0' && c2[i] <= '9') { - offset = c2[i] - '0'; - *byteval |= offset << 4*(1-i); - } else if (c2[i] >= 'a' && c2[i] <= 'f') { - offset = c2[i] - 'a'; - *byteval |= (offset + 10) << 4*(1-i); - } else if (c2[i] >= 'A' && c2[i] <= 'F') { - offset = c2[i] - 'A'; - *byteval |= (offset + 10) << 4*(1-i); - } else { - return SECFailure; - } + if (c2[i] >= '0' && c2[i] <= '9') { + offset = c2[i] - '0'; + *byteval |= offset << 4*(1-i); + } else if (c2[i] >= 'a' && c2[i] <= 'f') { + offset = c2[i] - 'a'; + *byteval |= (offset + 10) << 4*(1-i); + } else if (c2[i] >= 'A' && c2[i] <= 'F') { + offset = c2[i] - 'A'; + *byteval |= (offset + 10) << 4*(1-i); + } else { + return SECFailure; + } } return SECSuccess; } @@ -68,12 +83,12 @@ byteval_to_hex(unsigned char byteval, char *c2, char a) int i; unsigned char offset; for (i=0; i<2; i++) { - offset = (byteval >> 4*(1-i)) & 0x0f; - if (offset < 10) { - c2[i] = '0' + offset; - } else { - c2[i] = a + offset - 10; - } + offset = (byteval >> 4*(1-i)) & 0x0f; + if (offset < 10) { + c2[i] = '0' + offset; + } else { + c2[i] = a + offset - 10; + } } return SECSuccess; } @@ -83,7 +98,7 @@ to_hex_str(char *str, const unsigned char *buf, unsigned int len) { unsigned int i; for (i=0; i 2*len) { - /* - * The input hex string is too long, but we allow it if the - * extra digits are leading 0's. - */ - for (j = 0; j < nxdigit-2*len; j++) { - if (str[j] != '0') { - return PR_FALSE; - } - } - /* skip leading 0's */ - str += nxdigit-2*len; - nxdigit = 2*len; + /* + * The input hex string is too long, but we allow it if the + * extra digits are leading 0's. + */ + for (j = 0; j < nxdigit-2*len; j++) { + if (str[j] != '0') { + return PR_FALSE; + } + } + /* skip leading 0's */ + str += nxdigit-2*len; + nxdigit = 2*len; } for (i=0, j=0; i< len; i++) { - if (2*i < 2*len-nxdigit) { - /* Handle a short input as if we padded it with leading 0's. */ - if (2*i+1 < 2*len-nxdigit) { - buf[i] = 0; - } else { - char tmp[2]; - tmp[0] = '0'; - tmp[1] = str[j]; - hex_to_byteval(tmp, &buf[i]); - j++; - } - } else { - hex_to_byteval(&str[j], &buf[i]); - j += 2; - } + if (2*i < 2*len-nxdigit) { + /* Handle a short input as if we padded it with leading 0's. */ + if (2*i+1 < 2*len-nxdigit) { + buf[i] = 0; + } else { + char tmp[2]; + tmp[0] = '0'; + tmp[1] = str[j]; + hex_to_byteval(tmp, &buf[i]); + j++; + } + } else { + hex_to_byteval(&str[j], &buf[i]); + j += 2; + } } return PR_TRUE; } @@ -288,11 +303,11 @@ tdea_kat_mmt(char *reqfn) FILE *req; /* input stream from the REQUEST file */ FILE *resp; /* output stream to the RESPONSE file */ int i, j; - int mode = NSS_DES_EDE3; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */ + int mode = NSS_DES_EDE3; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */ int crypt = DECRYPT; /* 1 means encrypt, 0 means decrypt */ unsigned char key[24]; /* TDEA 3 key bundle */ unsigned int numKeys = 0; - unsigned char iv[8]; /* for all modes except ECB */ + unsigned char iv[8]; /* for all modes except ECB */ unsigned char plaintext[8*20]; /* 1 to 20 blocks */ unsigned int plaintextlen; unsigned char ciphertext[8*20]; /* 1 to 20 blocks */ @@ -876,14 +891,14 @@ aes_encrypt_buf( cx = AES_CreateContext(key, iv, mode, PR_TRUE, keysize, 16); if (cx == NULL) { - goto loser; + goto loser; } rv = AES_Encrypt(cx, output, outputlen, maxoutputlen, input, inputlen); if (rv != SECSuccess) { - goto loser; + goto loser; } if (*outputlen != inputlen) { - goto loser; + goto loser; } AES_DestroyContext(cx, PR_TRUE); cx = NULL; @@ -894,26 +909,26 @@ aes_encrypt_buf( */ cx = AES_CreateContext(key, iv, mode, PR_FALSE, keysize, 16); if (cx == NULL) { - goto loser; + goto loser; } rv = AES_Decrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck, - output, *outputlen); + output, *outputlen); if (rv != SECSuccess) { - goto loser; + goto loser; } if (doublechecklen != *outputlen) { - goto loser; + goto loser; } AES_DestroyContext(cx, PR_TRUE); cx = NULL; if (memcmp(doublecheck, input, inputlen) != 0) { - goto loser; + goto loser; } rv = SECSuccess; loser: if (cx != NULL) { - AES_DestroyContext(cx, PR_TRUE); + AES_DestroyContext(cx, PR_TRUE); } return rv; } @@ -933,15 +948,15 @@ aes_decrypt_buf( cx = AES_CreateContext(key, iv, mode, PR_FALSE, keysize, 16); if (cx == NULL) { - goto loser; + goto loser; } rv = AES_Decrypt(cx, output, outputlen, maxoutputlen, - input, inputlen); + input, inputlen); if (rv != SECSuccess) { - goto loser; + goto loser; } if (*outputlen != inputlen) { - goto loser; + goto loser; } AES_DestroyContext(cx, PR_TRUE); cx = NULL; @@ -952,29 +967,245 @@ aes_decrypt_buf( */ cx = AES_CreateContext(key, iv, mode, PR_TRUE, keysize, 16); if (cx == NULL) { - goto loser; + goto loser; } rv = AES_Encrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck, - output, *outputlen); + output, *outputlen); if (rv != SECSuccess) { - goto loser; + goto loser; } if (doublechecklen != *outputlen) { - goto loser; + goto loser; } AES_DestroyContext(cx, PR_TRUE); cx = NULL; if (memcmp(doublecheck, input, inputlen) != 0) { - goto loser; + goto loser; } rv = SECSuccess; loser: if (cx != NULL) { - AES_DestroyContext(cx, PR_TRUE); + AES_DestroyContext(cx, PR_TRUE); } return rv; } +/* + * Perform the AES GCM tests. + * + * reqfn is the pathname of the REQUEST file. + * + * The output RESPONSE file is written to stdout. + */ +void +aes_gcm(char *reqfn, int encrypt) +{ + char buf[512]; /* holds one line from the input REQUEST file. + * needs to be large enough to hold the longest + * line "CIPHERTEXT = <320 hex digits>\n". + */ + FILE *aesreq; /* input stream from the REQUEST file */ + FILE *aesresp; /* output stream to the RESPONSE file */ + int i, j; + unsigned char key[32]; /* 128, 192, or 256 bits */ + unsigned int keysize = 0; + unsigned char iv[128]; /* handle large gcm IV's */ + unsigned char plaintext[10*16]; /* 1 to 10 blocks */ + unsigned int plaintextlen; + unsigned char ciphertext[11*16]; /* 1 to 10 blocks + tag */ + unsigned int ciphertextlen; + unsigned char aad[11*16]; /* 1 to 10 blocks + tag */ + unsigned int aadlen = 0; + unsigned int tagbits; + unsigned int taglen = 0; + unsigned int ivlen; + CK_GCM_PARAMS params; + SECStatus rv; + + aesreq = fopen(reqfn, "r"); + aesresp = stdout; + while (fgets(buf, sizeof buf, aesreq) != NULL) { + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, aesresp); + continue; + } + /* [ENCRYPT] or [DECRYPT] */ + if (buf[0] == '[') { + if (strncmp(buf, "[Taglen", 7) == 0) { + if (sscanf(buf, "[Taglen = %d]", &tagbits) != 1) { + goto loser; + } + taglen = tagbits/8; + } + if (strncmp(buf, "[IVlen", 6) == 0) { + if (sscanf(buf, "[IVlen = %d]", &ivlen) != 1) { + goto loser; + } + ivlen=ivlen/8; + } + fputs(buf, aesresp); + continue; + } + /* "COUNT = x" begins a new data set */ + if (strncmp(buf, "Count", 5) == 0) { + /* zeroize the variables for the test with this data set */ + memset(key, 0, sizeof key); + keysize = 0; + memset(iv, 0, sizeof iv); + memset(plaintext, 0, sizeof plaintext); + plaintextlen = 0; + memset(ciphertext, 0, sizeof ciphertext); + ciphertextlen = 0; + fputs(buf, aesresp); + continue; + } + /* KEY = ... */ + if (strncmp(buf, "Key", 3) == 0) { + i = 3; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + for (j=0; isxdigit(buf[i]); i+=2,j++) { + hex_to_byteval(&buf[i], &key[j]); + } + keysize = j; + fputs(buf, aesresp); + continue; + } + /* IV = ... */ + if (strncmp(buf, "IV", 2) == 0) { + i = 2; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + for (j=0; j=0; j--) { + if (last < 0) { + last = (hash[i] & (1 << j)) ? 1 : 0; + fprintf(out, "%d ", last); + count = 1; + } else if (hash[i] & (1 << j)) { + if (last) { + count++; + } else { + last = 0; + fprintf(out, "%d ", count); + count = 1; + z++; + } + } else { + if (!last) { + count++; + } else { + last = 1; + fprintf(out, "%d ", count); + count = 1; + z++; + } + } + } } fprintf(out, "^\n"); fseek(out, start, SEEK_SET); @@ -1827,23 +2058,23 @@ int get_next_line(FILE *req, char *key, char *val, FILE *rsp) int w = 0; int c; while ((c = fgetc(req)) != EOF) { - if (ignore) { - fprintf(rsp, "%c", c); - if (c == '\n') return ignore; - } else if (c == '\n') { - break; - } else if (c == '#') { - ignore = 1; - fprintf(rsp, "%c", c); - } else if (c == '=') { - writeto[w] = '\0'; - w = 0; - writeto = val; - } else if (c == ' ' || c == '[' || c == ']') { - continue; - } else { - writeto[w++] = c; - } + if (ignore) { + fprintf(rsp, "%c", c); + if (c == '\n') return ignore; + } else if (c == '\n') { + break; + } else if (c == '#') { + ignore = 1; + fprintf(rsp, "%c", c); + } else if (c == '=') { + writeto[w] = '\0'; + w = 0; + writeto = val; + } else if (c == ' ' || c == '[' || c == ']') { + continue; + } else { + writeto[w++] = c; + } } writeto[w] = '\0'; return (c == EOF) ? -1 : ignore; @@ -1950,18 +2181,18 @@ getECParams(const char *curve) if (curve != NULL) { numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair); - for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); - i++) { - if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) - curveOidTag = nameTagPair[i].curveOidTag; - } + for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); + i++) { + if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) + curveOidTag = nameTagPair[i].curveOidTag; + } } /* Return NULL if curve name is not recognized */ if ((curveOidTag == SEC_OID_UNKNOWN) || - (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) { + (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) { fprintf(stderr, "Unrecognized elliptic curve %s\n", curve); - return NULL; + return NULL; } ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len)); @@ -1978,6 +2209,121 @@ getECParams(const char *curve) return ecparams; } +/* + * HASH_ functions are available to full NSS apps and internally inside + * freebl, but not exported to users of freebl. Create short stubs to + * replace the functionality for fipstest. + */ +SECStatus +fips_hashBuf(HASH_HashType type, unsigned char *hashBuf, + unsigned char *msg, int len) +{ + SECStatus rv = SECFailure; + + switch (type) { + case HASH_AlgSHA1: + rv = SHA1_HashBuf(hashBuf, msg, len); + break; + case HASH_AlgSHA224: + rv = SHA224_HashBuf(hashBuf, msg, len); + break; + case HASH_AlgSHA256: + rv = SHA256_HashBuf(hashBuf, msg, len); + break; + case HASH_AlgSHA384: + rv = SHA384_HashBuf(hashBuf, msg, len); + break; + case HASH_AlgSHA512: + rv = SHA512_HashBuf(hashBuf, msg, len); + break; + default: + break; + } + return rv; +} + +int +fips_hashLen(HASH_HashType type) +{ + int len = 0; + + switch (type) { + case HASH_AlgSHA1: + len = SHA1_LENGTH; + break; + case HASH_AlgSHA224: + len = SHA224_LENGTH; + break; + case HASH_AlgSHA256: + len = SHA256_LENGTH; + break; + case HASH_AlgSHA384: + len = SHA384_LENGTH; + break; + case HASH_AlgSHA512: + len = SHA512_LENGTH; + break; + default: + break; + } + return len; +} + +SECOidTag +fips_hashOid(HASH_HashType type) +{ + SECOidTag oid = SEC_OID_UNKNOWN; + + switch (type) { + case HASH_AlgSHA1: + oid = SEC_OID_SHA1; + break; + case HASH_AlgSHA224: + oid = SEC_OID_SHA224; + break; + case HASH_AlgSHA256: + oid = SEC_OID_SHA256; + break; + case HASH_AlgSHA384: + oid = SEC_OID_SHA384; + break; + case HASH_AlgSHA512: + oid = SEC_OID_SHA512; + break; + default: + break; + } + return oid; +} + +HASH_HashType +sha_get_hashType(int hashbits) +{ + HASH_HashType hashType = HASH_AlgNULL; + + switch (hashbits) { + case 1: + case (SHA1_LENGTH*PR_BITS_PER_BYTE): + hashType = HASH_AlgSHA1; + break; + case (SHA224_LENGTH*PR_BITS_PER_BYTE): + hashType = HASH_AlgSHA224; + break; + case (SHA256_LENGTH*PR_BITS_PER_BYTE): + hashType = HASH_AlgSHA256; + break; + case (SHA384_LENGTH*PR_BITS_PER_BYTE): + hashType = HASH_AlgSHA384; + break; + case (SHA512_LENGTH*PR_BITS_PER_BYTE): + hashType = HASH_AlgSHA512; + break; + default: + break; + } + return hashType; +} + /* * Perform the ECDSA Key Pair Generation Test. * @@ -1996,7 +2342,7 @@ ecdsa_keypair_test(char *reqfn) FILE *ecdsareq; /* input stream from the REQUEST file */ FILE *ecdsaresp; /* output stream to the RESPONSE file */ char curve[16]; /* "nistxddd" */ - ECParams *ecparams; + ECParams *ecparams = NULL; int N; int i; unsigned int len; @@ -2005,81 +2351,95 @@ ecdsa_keypair_test(char *reqfn) ecdsaresp = stdout; strcpy(curve, "nist"); while (fgets(buf, sizeof buf, ecdsareq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, ecdsaresp); - continue; - } - /* [X-ddd] */ - if (buf[0] == '[') { - const char *src; - char *dst; - SECItem *encodedparams; + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, ecdsaresp); + continue; + } + /* [X-ddd] */ + if (buf[0] == '[') { + const char *src; + char *dst; + SECItem *encodedparams; - src = &buf[1]; - dst = &curve[4]; - *dst++ = tolower(*src); - src += 2; /* skip the hyphen */ - *dst++ = *src++; - *dst++ = *src++; - *dst++ = *src++; - *dst = '\0'; - encodedparams = getECParams(curve); - if (encodedparams == NULL) { - goto loser; - } - if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { - goto loser; - } - SECITEM_FreeItem(encodedparams, PR_TRUE); - fputs(buf, ecdsaresp); - continue; - } - /* N = x */ - if (buf[0] == 'N') { - if (sscanf(buf, "N = %d", &N) != 1) { - goto loser; - } - for (i = 0; i < N; i++) { - ECPrivateKey *ecpriv; + if (buf[1] == 'B') { + fputs(buf, ecdsaresp); + continue; + } + if (ecparams) { + PORT_FreeArena(ecparams->arena, PR_FALSE); + ecparams = NULL; + } - if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { - goto loser; - } - fputs("d = ", ecdsaresp); - to_hex_str(buf, ecpriv->privateValue.data, - ecpriv->privateValue.len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) - != SECSuccess) { - goto loser; - } - len = ecpriv->publicValue.len; - if (len%2 == 0) { - goto loser; - } - len = (len-1)/2; - if (ecpriv->publicValue.data[0] - != EC_POINT_FORM_UNCOMPRESSED) { - goto loser; - } - fputs("Qx = ", ecdsaresp); - to_hex_str(buf, &ecpriv->publicValue.data[1], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - fputs("Qy = ", ecdsaresp); - to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - fputc('\n', ecdsaresp); - PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); - } - PORT_FreeArena(ecparams->arena, PR_FALSE); - continue; - } + src = &buf[1]; + dst = &curve[4]; + *dst++ = tolower(*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; + *dst++ = *src++; + *dst = '\0'; + encodedparams = getECParams(curve); + if (encodedparams == NULL) { + fprintf(stderr, "Unknown curve %s.", curve); + goto loser; + } + if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { + fprintf(stderr, "Curve %s not supported.\n", curve); + goto loser; + } + SECITEM_FreeItem(encodedparams, PR_TRUE); + fputs(buf, ecdsaresp); + continue; + } + /* N = x */ + if (buf[0] == 'N') { + if (sscanf(buf, "N = %d", &N) != 1) { + goto loser; + } + for (i = 0; i < N; i++) { + ECPrivateKey *ecpriv; + + if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { + goto loser; + } + fputs("d = ", ecdsaresp); + to_hex_str(buf, ecpriv->privateValue.data, + ecpriv->privateValue.len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); + if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) + != SECSuccess) { + goto loser; + } + len = ecpriv->publicValue.len; + if (len%2 == 0) { + goto loser; + } + len = (len-1)/2; + if (ecpriv->publicValue.data[0] + != EC_POINT_FORM_UNCOMPRESSED) { + goto loser; + } + fputs("Qx = ", ecdsaresp); + to_hex_str(buf, &ecpriv->publicValue.data[1], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); + fputs("Qy = ", ecdsaresp); + to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); + fputc('\n', ecdsaresp); + PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); + } + continue; + } } loser: + if (ecparams) { + PORT_FreeArena(ecparams->arena, PR_FALSE); + ecparams = NULL; + } fclose(ecdsareq); } @@ -2111,92 +2471,94 @@ ecdsa_pkv_test(char *reqfn) strcpy(curve, "nist"); pubkey.data = NULL; while (fgets(buf, sizeof buf, ecdsareq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, ecdsaresp); - continue; - } - /* [X-ddd] */ - if (buf[0] == '[') { - const char *src; - char *dst; - SECItem *encodedparams; + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, ecdsaresp); + continue; + } + /* [X-ddd] */ + if (buf[0] == '[') { + const char *src; + char *dst; + SECItem *encodedparams; - src = &buf[1]; - dst = &curve[4]; - *dst++ = tolower(*src); - src += 2; /* skip the hyphen */ - *dst++ = *src++; - *dst++ = *src++; - *dst++ = *src++; - *dst = '\0'; - if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_FALSE); - ecparams = NULL; - } - encodedparams = getECParams(curve); - if (encodedparams == NULL) { - goto loser; - } - if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { - goto loser; - } - SECITEM_FreeItem(encodedparams, PR_TRUE); - len = (ecparams->fieldID.size + 7) >> 3; - if (pubkey.data != NULL) { - PORT_Free(pubkey.data); - pubkey.data = NULL; - } - SECITEM_AllocItem(NULL, &pubkey, 2*len+1); - if (pubkey.data == NULL) { - goto loser; - } - pubkey.data[0] = EC_POINT_FORM_UNCOMPRESSED; - fputs(buf, ecdsaresp); - continue; - } - /* Qx = ... */ - if (strncmp(buf, "Qx", 2) == 0) { - fputs(buf, ecdsaresp); - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - keyvalid = from_hex_str(&pubkey.data[1], len, &buf[i]); - continue; - } - /* Qy = ... */ - if (strncmp(buf, "Qy", 2) == 0) { - fputs(buf, ecdsaresp); - if (!keyvalid) { - fputs("Result = F\n", ecdsaresp); - continue; - } - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - keyvalid = from_hex_str(&pubkey.data[1+len], len, &buf[i]); - if (!keyvalid) { - fputs("Result = F\n", ecdsaresp); - continue; - } - if (EC_ValidatePublicKey(ecparams, &pubkey) == SECSuccess) { - fputs("Result = P\n", ecdsaresp); - } else if (PORT_GetError() == SEC_ERROR_BAD_KEY) { - fputs("Result = F\n", ecdsaresp); - } else { - goto loser; - } - continue; - } + src = &buf[1]; + dst = &curve[4]; + *dst++ = tolower(*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; + *dst++ = *src++; + *dst = '\0'; + if (ecparams != NULL) { + PORT_FreeArena(ecparams->arena, PR_FALSE); + ecparams = NULL; + } + encodedparams = getECParams(curve); + if (encodedparams == NULL) { + fprintf(stderr, "Unknown curve %s.", curve); + goto loser; + } + if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { + fprintf(stderr, "Curve %s not supported.\n", curve); + goto loser; + } + SECITEM_FreeItem(encodedparams, PR_TRUE); + len = (ecparams->fieldID.size + 7) >> 3; + if (pubkey.data != NULL) { + PORT_Free(pubkey.data); + pubkey.data = NULL; + } + SECITEM_AllocItem(NULL, &pubkey, 2*len+1); + if (pubkey.data == NULL) { + goto loser; + } + pubkey.data[0] = EC_POINT_FORM_UNCOMPRESSED; + fputs(buf, ecdsaresp); + continue; + } + /* Qx = ... */ + if (strncmp(buf, "Qx", 2) == 0) { + fputs(buf, ecdsaresp); + i = 2; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + keyvalid = from_hex_str(&pubkey.data[1], len, &buf[i]); + continue; + } + /* Qy = ... */ + if (strncmp(buf, "Qy", 2) == 0) { + fputs(buf, ecdsaresp); + if (!keyvalid) { + fputs("Result = F\n", ecdsaresp); + continue; + } + i = 2; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + keyvalid = from_hex_str(&pubkey.data[1+len], len, &buf[i]); + if (!keyvalid) { + fputs("Result = F\n", ecdsaresp); + continue; + } + if (EC_ValidatePublicKey(ecparams, &pubkey) == SECSuccess) { + fputs("Result = P\n", ecdsaresp); + } else if (PORT_GetError() == SEC_ERROR_BAD_KEY) { + fputs("Result = F\n", ecdsaresp); + } else { + goto loser; + } + continue; + } } loser: if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_FALSE); + PORT_FreeArena(ecparams->arena, PR_FALSE); } if (pubkey.data != NULL) { - PORT_Free(pubkey.data); + PORT_Free(pubkey.data); } fclose(ecdsareq); } @@ -2224,7 +2586,9 @@ ecdsa_siggen_test(char *reqfn) unsigned int len; unsigned char msg[512]; /* message to be signed (<= 128 bytes) */ unsigned int msglen; - unsigned char sha1[20]; /* SHA-1 hash (160 bits) */ + unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */ + unsigned int shaLength = 0; /* length of SHA */ + HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */ unsigned char sig[2*MAX_ECKEY_LEN]; SECItem signature, digest; @@ -2232,111 +2596,135 @@ ecdsa_siggen_test(char *reqfn) ecdsaresp = stdout; strcpy(curve, "nist"); while (fgets(buf, sizeof buf, ecdsareq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, ecdsaresp); - continue; - } - /* [X-ddd] */ - if (buf[0] == '[') { - const char *src; - char *dst; - SECItem *encodedparams; + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, ecdsaresp); + continue; + } + /* [X-ddd] */ + if (buf[0] == '[') { + const char *src; + char *dst; + SECItem *encodedparams; - src = &buf[1]; - dst = &curve[4]; - *dst++ = tolower(*src); - src += 2; /* skip the hyphen */ - *dst++ = *src++; - *dst++ = *src++; - *dst++ = *src++; - *dst = '\0'; - if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_FALSE); - ecparams = NULL; - } - encodedparams = getECParams(curve); - if (encodedparams == NULL) { - goto loser; - } - if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { - goto loser; - } - SECITEM_FreeItem(encodedparams, PR_TRUE); - fputs(buf, ecdsaresp); - continue; - } - /* Msg = ... */ - if (strncmp(buf, "Msg", 3) == 0) { - ECPrivateKey *ecpriv; + src = &buf[1]; + dst = &curve[4]; + *dst++ = tolower(*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; + *dst++ = *src++; + *dst = '\0'; + src++; /* skip the comma */ + /* set the SHA Algorithm */ + if (strncmp(src, "SHA-1", 5) == 0) { + shaAlg = HASH_AlgSHA1; + } else if (strncmp(src, "SHA-224", 7) == 0) { + shaAlg = HASH_AlgSHA224; + } else if (strncmp(src, "SHA-256", 7) == 0) { + shaAlg = HASH_AlgSHA256; + } else if (strncmp(src, "SHA-384", 7)== 0) { + shaAlg = HASH_AlgSHA384; + } else if (strncmp(src, "SHA-512", 7) == 0) { + shaAlg = HASH_AlgSHA512; + } else { + fprintf(ecdsaresp, "ERROR: Unable to find SHAAlg type"); + goto loser; + } + if (ecparams != NULL) { + PORT_FreeArena(ecparams->arena, PR_FALSE); + ecparams = NULL; + } + encodedparams = getECParams(curve); + if (encodedparams == NULL) { + fprintf(stderr, "Unknown curve %s.", curve); + goto loser; + } + if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { + fprintf(stderr, "Curve %s not supported.\n", curve); + goto loser; + } + SECITEM_FreeItem(encodedparams, PR_TRUE); + fputs(buf, ecdsaresp); + continue; + } + /* Msg = ... */ + if (strncmp(buf, "Msg", 3) == 0) { + ECPrivateKey *ecpriv; - i = 3; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_to_byteval(&buf[i], &msg[j]); - } - msglen = j; - if (SHA1_HashBuf(sha1, msg, msglen) != SECSuccess) { - goto loser; - } - fputs(buf, ecdsaresp); + i = 3; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + for (j=0; isxdigit(buf[i]); i+=2,j++) { + hex_to_byteval(&buf[i], &msg[j]); + } + msglen = j; + shaLength = fips_hashLen(shaAlg); + if (fips_hashBuf(shaAlg,sha,msg,msglen) != SECSuccess) { + if (shaLength == 0) { + fprintf(ecdsaresp, "ERROR: SHAAlg not defined."); + } + fprintf(ecdsaresp, "ERROR: Unable to generate SHA%x", + shaLength == 160 ? 1 : shaLength); + goto loser; + } + fputs(buf, ecdsaresp); - if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { - goto loser; - } - if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) - != SECSuccess) { - goto loser; - } - len = ecpriv->publicValue.len; - if (len%2 == 0) { - goto loser; - } - len = (len-1)/2; - if (ecpriv->publicValue.data[0] != EC_POINT_FORM_UNCOMPRESSED) { - goto loser; - } - fputs("Qx = ", ecdsaresp); - to_hex_str(buf, &ecpriv->publicValue.data[1], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - fputs("Qy = ", ecdsaresp); - to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); + if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { + goto loser; + } + if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) + != SECSuccess) { + goto loser; + } + len = ecpriv->publicValue.len; + if (len%2 == 0) { + goto loser; + } + len = (len-1)/2; + if (ecpriv->publicValue.data[0] != EC_POINT_FORM_UNCOMPRESSED) { + goto loser; + } + fputs("Qx = ", ecdsaresp); + to_hex_str(buf, &ecpriv->publicValue.data[1], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); + fputs("Qy = ", ecdsaresp); + to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); - digest.type = siBuffer; - digest.data = sha1; - digest.len = sizeof sha1; - signature.type = siBuffer; - signature.data = sig; - signature.len = sizeof sig; - if (ECDSA_SignDigest(ecpriv, &signature, &digest) != SECSuccess) { - goto loser; - } - len = signature.len; - if (len%2 != 0) { - goto loser; - } - len = len/2; - fputs("R = ", ecdsaresp); - to_hex_str(buf, &signature.data[0], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - fputs("S = ", ecdsaresp); - to_hex_str(buf, &signature.data[len], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); + digest.type = siBuffer; + digest.data = sha; + digest.len = shaLength; + signature.type = siBuffer; + signature.data = sig; + signature.len = sizeof sig; + if (ECDSA_SignDigest(ecpriv, &signature, &digest) != SECSuccess) { + goto loser; + } + len = signature.len; + if (len%2 != 0) { + goto loser; + } + len = len/2; + fputs("R = ", ecdsaresp); + to_hex_str(buf, &signature.data[0], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); + fputs("S = ", ecdsaresp); + to_hex_str(buf, &signature.data[len], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); - PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); - continue; - } + PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); + continue; + } } loser: if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_FALSE); + PORT_FreeArena(ecparams->arena, PR_FALSE); } fclose(ecdsareq); } @@ -2360,11 +2748,13 @@ ecdsa_sigver_test(char *reqfn) char curve[16]; /* "nistxddd" */ ECPublicKey ecpub; unsigned int i, j; - unsigned int flen = 0; /* length in bytes of the field size */ - unsigned int olen = 0; /* length in bytes of the base point order */ + unsigned int flen = 0; /* length in bytes of the field size */ + unsigned int olen = 0; /* length in bytes of the base point order */ unsigned char msg[512]; /* message that was signed (<= 128 bytes) */ unsigned int msglen = 0; - unsigned char sha1[20]; /* SHA-1 hash (160 bits) */ + unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */ + unsigned int shaLength = 0; /* length of SHA */ + HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */ unsigned char sig[2*MAX_ECKEY_LEN]; SECItem signature, digest; PRBool keyvalid = PR_TRUE; @@ -2375,158 +2765,182 @@ ecdsa_sigver_test(char *reqfn) ecpub.ecParams.arena = NULL; strcpy(curve, "nist"); while (fgets(buf, sizeof buf, ecdsareq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, ecdsaresp); - continue; - } - /* [X-ddd] */ - if (buf[0] == '[') { - const char *src; - char *dst; - SECItem *encodedparams; - ECParams *ecparams; + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, ecdsaresp); + continue; + } + /* [X-ddd] */ + if (buf[0] == '[') { + const char *src; + char *dst; + SECItem *encodedparams; + ECParams *ecparams; - src = &buf[1]; - dst = &curve[4]; - *dst++ = tolower(*src); - src += 2; /* skip the hyphen */ - *dst++ = *src++; - *dst++ = *src++; - *dst++ = *src++; - *dst = '\0'; - encodedparams = getECParams(curve); - if (encodedparams == NULL) { - goto loser; - } - if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { - goto loser; - } - SECITEM_FreeItem(encodedparams, PR_TRUE); - if (ecpub.ecParams.arena != NULL) { - PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE); - } - ecpub.ecParams.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (ecpub.ecParams.arena == NULL) { - goto loser; - } - if (EC_CopyParams(ecpub.ecParams.arena, &ecpub.ecParams, ecparams) - != SECSuccess) { - goto loser; - } - PORT_FreeArena(ecparams->arena, PR_FALSE); - flen = (ecpub.ecParams.fieldID.size + 7) >> 3; - olen = ecpub.ecParams.order.len; - if (2*olen > sizeof sig) { - goto loser; - } - ecpub.publicValue.type = siBuffer; - ecpub.publicValue.data = NULL; - ecpub.publicValue.len = 0; - SECITEM_AllocItem(ecpub.ecParams.arena, - &ecpub.publicValue, 2*flen+1); - if (ecpub.publicValue.data == NULL) { - goto loser; - } - ecpub.publicValue.data[0] = EC_POINT_FORM_UNCOMPRESSED; - fputs(buf, ecdsaresp); - continue; - } - /* Msg = ... */ - if (strncmp(buf, "Msg", 3) == 0) { - i = 3; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_to_byteval(&buf[i], &msg[j]); - } - msglen = j; - if (SHA1_HashBuf(sha1, msg, msglen) != SECSuccess) { - goto loser; - } - fputs(buf, ecdsaresp); + src = &buf[1]; + dst = &curve[4]; + *dst++ = tolower(*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; + *dst++ = *src++; + *dst = '\0'; + src++; /* skip the comma */ + /* set the SHA Algorithm */ + if (strncmp(src, "SHA-1", 5) == 0) { + shaAlg = HASH_AlgSHA1; + } else if (strncmp(src, "SHA-224", 7) == 0) { + shaAlg = HASH_AlgSHA224; + } else if (strncmp(src, "SHA-256", 7) == 0) { + shaAlg = HASH_AlgSHA256; + } else if (strncmp(src, "SHA-384", 7)== 0) { + shaAlg = HASH_AlgSHA384; + } else if (strncmp(src, "SHA-512", 7) == 0) { + shaAlg = HASH_AlgSHA512; + } else { + fprintf(ecdsaresp, "ERROR: Unable to find SHAAlg type"); + goto loser; + } + encodedparams = getECParams(curve); + if (encodedparams == NULL) { + fprintf(stderr, "Unknown curve %s.", curve); + goto loser; + } + if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { + fprintf(stderr, "Curve %s not supported.\n", curve); + goto loser; + } + SECITEM_FreeItem(encodedparams, PR_TRUE); + if (ecpub.ecParams.arena != NULL) { + PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE); + } + ecpub.ecParams.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (ecpub.ecParams.arena == NULL) { + goto loser; + } + if (EC_CopyParams(ecpub.ecParams.arena, &ecpub.ecParams, ecparams) + != SECSuccess) { + goto loser; + } + PORT_FreeArena(ecparams->arena, PR_FALSE); + flen = (ecpub.ecParams.fieldID.size + 7) >> 3; + olen = ecpub.ecParams.order.len; + if (2*olen > sizeof sig) { + goto loser; + } + ecpub.publicValue.type = siBuffer; + ecpub.publicValue.data = NULL; + ecpub.publicValue.len = 0; + SECITEM_AllocItem(ecpub.ecParams.arena, + &ecpub.publicValue, 2*flen+1); + if (ecpub.publicValue.data == NULL) { + goto loser; + } + ecpub.publicValue.data[0] = EC_POINT_FORM_UNCOMPRESSED; + fputs(buf, ecdsaresp); + continue; + } + /* Msg = ... */ + if (strncmp(buf, "Msg", 3) == 0) { + i = 3; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + for (j=0; isxdigit(buf[i]); i+=2,j++) { + hex_to_byteval(&buf[i], &msg[j]); + } + msglen = j; + shaLength = fips_hashLen(shaAlg); + if (fips_hashBuf(shaAlg,sha,msg,msglen) != SECSuccess) { + if (shaLength == 0) { + fprintf(ecdsaresp, "ERROR: SHAAlg not defined."); + } + fprintf(ecdsaresp, "ERROR: Unable to generate SHA%x", + shaLength == 160 ? 1 : shaLength); + goto loser; + } + fputs(buf, ecdsaresp); - digest.type = siBuffer; - digest.data = sha1; - digest.len = sizeof sha1; + digest.type = siBuffer; + digest.data = sha; + digest.len = shaLength; - continue; - } - /* Qx = ... */ - if (strncmp(buf, "Qx", 2) == 0) { - fputs(buf, ecdsaresp); - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - keyvalid = from_hex_str(&ecpub.publicValue.data[1], flen, - &buf[i]); - continue; - } - /* Qy = ... */ - if (strncmp(buf, "Qy", 2) == 0) { - fputs(buf, ecdsaresp); - if (!keyvalid) { - continue; - } - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - keyvalid = from_hex_str(&ecpub.publicValue.data[1+flen], flen, - &buf[i]); - if (!keyvalid) { - continue; - } - if (EC_ValidatePublicKey(&ecpub.ecParams, &ecpub.publicValue) - != SECSuccess) { - if (PORT_GetError() == SEC_ERROR_BAD_KEY) { - keyvalid = PR_FALSE; - } else { - goto loser; - } - } - continue; - } - /* R = ... */ - if (buf[0] == 'R') { - fputs(buf, ecdsaresp); - i = 1; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - sigvalid = from_hex_str(sig, olen, &buf[i]); - continue; - } - /* S = ... */ - if (buf[0] == 'S') { - fputs(buf, ecdsaresp); - i = 1; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - if (sigvalid) { - sigvalid = from_hex_str(&sig[olen], olen, &buf[i]); - } - signature.type = siBuffer; - signature.data = sig; - signature.len = 2*olen; + continue; + } + /* Qx = ... */ + if (strncmp(buf, "Qx", 2) == 0) { + fputs(buf, ecdsaresp); + i = 2; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + keyvalid = from_hex_str(&ecpub.publicValue.data[1], flen, + &buf[i]); + continue; + } + /* Qy = ... */ + if (strncmp(buf, "Qy", 2) == 0) { + fputs(buf, ecdsaresp); + if (!keyvalid) { + continue; + } + i = 2; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + keyvalid = from_hex_str(&ecpub.publicValue.data[1+flen], flen, + &buf[i]); + if (!keyvalid) { + continue; + } + if (EC_ValidatePublicKey(&ecpub.ecParams, &ecpub.publicValue) + != SECSuccess) { + if (PORT_GetError() == SEC_ERROR_BAD_KEY) { + keyvalid = PR_FALSE; + } else { + goto loser; + } + } + continue; + } + /* R = ... */ + if (buf[0] == 'R') { + fputs(buf, ecdsaresp); + i = 1; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + sigvalid = from_hex_str(sig, olen, &buf[i]); + continue; + } + /* S = ... */ + if (buf[0] == 'S') { + fputs(buf, ecdsaresp); + i = 1; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + if (sigvalid) { + sigvalid = from_hex_str(&sig[olen], olen, &buf[i]); + } + signature.type = siBuffer; + signature.data = sig; + signature.len = 2*olen; - if (!keyvalid || !sigvalid) { - fputs("Result = F\n", ecdsaresp); - } else if (ECDSA_VerifyDigest(&ecpub, &signature, &digest) - == SECSuccess) { - fputs("Result = P\n", ecdsaresp); - } else { - fputs("Result = F\n", ecdsaresp); - } - continue; - } + if (!keyvalid || !sigvalid) { + fputs("Result = F\n", ecdsaresp); + } else if (ECDSA_VerifyDigest(&ecpub, &signature, &digest) + == SECSuccess) { + fputs("Result = P\n", ecdsaresp); + } else { + fputs("Result = F\n", ecdsaresp); + } + continue; + } } loser: if (ecpub.ecParams.arena != NULL) { - PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE); + PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE); } fclose(ecdsareq); } @@ -2537,7 +2951,7 @@ isblankline(char *b) { while (isspace(*b)) b++; if ((*b == '\n') || (*b == 0)) { - return PR_TRUE; + return PR_TRUE; } return PR_FALSE; } @@ -2562,7 +2976,7 @@ drbg(char *reqfn) FILE *rngresp; /* output stream to the RESPONSE file */ unsigned int i, j; -#if 0 +#ifdef HANDLE_PREDICTION_RESISTANCE PRBool predictionResistance = PR_FALSE; #endif unsigned char *nonce = NULL; @@ -2573,9 +2987,9 @@ drbg(char *reqfn) int additionalInputLen = 0; unsigned char *entropyInput = NULL; int entropyInputLen = 0; - unsigned char predictedreturn_bytes[SHA256_LENGTH]; - unsigned char return_bytes[SHA256_LENGTH]; - int return_bytes_len = SHA256_LENGTH; + unsigned char *predictedreturn_bytes = NULL; + unsigned char *return_bytes = NULL; + int return_bytes_len = 0; enum { NONE, INSTANTIATE, GENERATE, RESEED, RESULT } command = NONE; PRBool genResult = PR_FALSE; @@ -2586,23 +3000,23 @@ drbg(char *reqfn) while (fgets(buf, sizeof buf, rngreq) != NULL) { switch (command) { case INSTANTIATE: - if (debug) { - fputs("# PRNGTEST_Instantiate(",rngresp); - to_hex_str(buf2,entropyInput, entropyInputLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d,",entropyInputLen); - to_hex_str(buf2,nonce, nonceLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d,",nonceLen); - to_hex_str(buf2,personalizationString, - personalizationStringLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d)\n", personalizationStringLen); - } + if (debug) { + fputs("# PRNGTEST_Instantiate(",rngresp); + to_hex_str(buf2,entropyInput, entropyInputLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d,",entropyInputLen); + to_hex_str(buf2,nonce, nonceLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d,",nonceLen); + to_hex_str(buf2,personalizationString, + personalizationStringLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d)\n", personalizationStringLen); + } rv = PRNGTEST_Instantiate(entropyInput, entropyInputLen, nonce, nonceLen, personalizationString, - personalizationStringLen); + personalizationStringLen); if (rv != SECSuccess) { goto loser; } @@ -2611,17 +3025,17 @@ drbg(char *reqfn) case GENERATE: case RESULT: memset(return_bytes, 0, return_bytes_len); - if (debug) { - fputs("# PRNGTEST_Generate(returnbytes",rngresp); - fprintf(rngresp,",%d,", return_bytes_len); - to_hex_str(buf2,additionalInput, additionalInputLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d)\n",additionalInputLen); - } + if (debug) { + fputs("# PRNGTEST_Generate(returnbytes",rngresp); + fprintf(rngresp,",%d,", return_bytes_len); + to_hex_str(buf2,additionalInput, additionalInputLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d)\n",additionalInputLen); + } rv = PRNGTEST_Generate((PRUint8 *) return_bytes, - return_bytes_len, + return_bytes_len, (PRUint8 *) additionalInput, - additionalInputLen); + additionalInputLen); if (rv != SECSuccess) { goto loser; } @@ -2631,9 +3045,9 @@ drbg(char *reqfn) to_hex_str(buf2, return_bytes, return_bytes_len); fputs(buf2, rngresp); fputc('\n', rngresp); - if (debug) { - fputs("# PRNGTEST_Uninstantiate()\n",rngresp); - } + if (debug) { + fputs("# PRNGTEST_Uninstantiate()\n",rngresp); + } rv = PRNGTEST_Uninstantiate(); if (rv != SECSuccess) { goto loser; @@ -2643,23 +3057,23 @@ drbg(char *reqfn) to_hex_str(buf2, return_bytes, return_bytes_len); fputs(buf2, rngresp); fputc('\n', rngresp); - } + } memset(additionalInput, 0, additionalInputLen); break; case RESEED: if (entropyInput || additionalInput) { - if (debug) { - fputs("# PRNGTEST_Reseed(",rngresp); - fprintf(rngresp,",%d,", return_bytes_len); - to_hex_str(buf2,entropyInput, entropyInputLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d,", entropyInputLen); - to_hex_str(buf2,additionalInput, additionalInputLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d)\n",additionalInputLen); - } + if (debug) { + fputs("# PRNGTEST_Reseed(",rngresp); + fprintf(rngresp,",%d,", return_bytes_len); + to_hex_str(buf2,entropyInput, entropyInputLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d,", entropyInputLen); + to_hex_str(buf2,additionalInput, additionalInputLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d)\n",additionalInputLen); + } rv = PRNGTEST_Reseed(entropyInput, entropyInputLen, additionalInput, additionalInputLen); if (rv != SECSuccess) { @@ -2687,22 +3101,44 @@ drbg(char *reqfn) continue; } -#if 0 /* currently unsupported */ if (strncmp(buf, "[PredictionResistance", 21) == 0) { +#ifdef HANDLE_PREDICTION_RESISTANCE i = 21; while (isspace(buf[i]) || buf[i] == '=') { i++; - } + } if (strncmp(buf, "False", 5) == 0) { predictionResistance = PR_FALSE; } else { predictionResistance = PR_TRUE; } +#endif fputs(buf, rngresp); continue; } -#endif + + if (strncmp(buf, "[ReturnedBitsLen", 16) == 0) { + if (return_bytes) { + PORT_ZFree(return_bytes, return_bytes_len); + return_bytes = NULL; + } + if (predictedreturn_bytes) { + PORT_ZFree(predictedreturn_bytes, return_bytes_len); + predictedreturn_bytes = NULL; + } + return_bytes_len = 0; + if (sscanf(buf, "[ReturnedBitsLen = %d]", &return_bytes_len) != 1) { + goto loser; + } + return_bytes_len = return_bytes_len/8; + if (return_bytes_len > 0) { + return_bytes = PORT_Alloc(return_bytes_len); + predictedreturn_bytes = PORT_Alloc(return_bytes_len); + } + fputs(buf, rngresp); + continue; + } if (strncmp(buf, "[EntropyInputLen", 16) == 0) { if (entropyInput) { @@ -2713,7 +3149,7 @@ drbg(char *reqfn) if (sscanf(buf, "[EntropyInputLen = %d]", &entropyInputLen) != 1) { goto loser; } - entropyInputLen = entropyInputLen/8; + entropyInputLen = entropyInputLen/8; if (entropyInputLen > 0) { entropyInput = PORT_Alloc(entropyInputLen); } @@ -2731,7 +3167,7 @@ drbg(char *reqfn) if (sscanf(buf, "[NonceLen = %d]", &nonceLen) != 1) { goto loser; } - nonceLen = nonceLen/8; + nonceLen = nonceLen/8; if (nonceLen > 0) { nonce = PORT_Alloc(nonceLen); } @@ -2749,7 +3185,7 @@ drbg(char *reqfn) if (sscanf(buf, "[PersonalizationStringLen = %d]", &personalizationStringLen) != 1) { goto loser; } - personalizationStringLen = personalizationStringLen / 8; + personalizationStringLen = personalizationStringLen / 8; if (personalizationStringLen > 0) { personalizationString = PORT_Alloc(personalizationStringLen); } @@ -2768,7 +3204,7 @@ drbg(char *reqfn) if (sscanf(buf, "[AdditionalInputLen = %d]", &additionalInputLen) != 1) { goto loser; } - additionalInputLen = additionalInputLen/8; + additionalInputLen = additionalInputLen/8; if (additionalInputLen > 0) { additionalInput = PORT_Alloc(additionalInputLen); } @@ -2905,7 +3341,7 @@ drbg(char *reqfn) if (memcmp(return_bytes, predictedreturn_bytes, return_bytes_len) != 0) { - if (debug) { + if (debug) { fprintf(rngresp, "# Generate failed:\n"); fputs( "# predicted=", rngresp); to_hex_str(buf, predictedreturn_bytes, @@ -2915,7 +3351,7 @@ drbg(char *reqfn) fputs(buf2, rngresp); fputc('\n', rngresp); - } else { + } else { fprintf(stderr, "Generate failed:\n"); fputs( " predicted=", stderr); to_hex_str(buf, predictedreturn_bytes, @@ -2924,9 +3360,9 @@ drbg(char *reqfn) fputs("\n actual = ", stderr); fputs(buf2, stderr); fputc('\n', stderr); - } + } } - memset(predictedreturn_bytes, 0 , sizeof predictedreturn_bytes); + memset(predictedreturn_bytes, 0 , return_bytes_len); continue; } @@ -2957,7 +3393,7 @@ rng_vst(char *reqfn) unsigned int i, j; unsigned char Q[DSA1_SUBPRIME_LEN]; PRBool hasQ = PR_FALSE; - unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */ + unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */ unsigned char XKey[512/8]; unsigned char XSeed[512/8]; unsigned char GENX[DSA1_SIGNATURE_LEN]; @@ -2967,92 +3403,92 @@ rng_vst(char *reqfn) rngreq = fopen(reqfn, "r"); rngresp = stdout; while (fgets(buf, sizeof buf, rngreq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, rngresp); - continue; - } - /* [Xchange - SHA1] */ - if (buf[0] == '[') { - fputs(buf, rngresp); - continue; - } - /* Q = ... */ - if (buf[0] == 'Q') { - i = 1; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; j1024) { @@ -3783,13 +4104,13 @@ dsa_keypair_test(char *reqfn) if (PQG_ParamGenSeedLen(keySizeIndex, PQG_TEST_SEED_BYTES, &pqg, &vfy) != SECSuccess) { fprintf(dsaresp, - "ERROR: Unable to generate PQG parameters"); + "ERROR: Unable to generate PQG parameters"); goto loser; } - } else { + } else { if (PQG_ParamGenV2(L, N, N, &pqg, &vfy) != SECSuccess) { fprintf(dsaresp, - "ERROR: Unable to generate PQG parameters"); + "ERROR: Unable to generate PQG parameters"); goto loser; } } @@ -3838,7 +4159,7 @@ loser: */ typedef enum { FIPS186_1,/* Generate/Verify P,Q & G according to FIPS 186-1 */ - A_1_1_2, /* Generate Probable P & Q */ + A_1_2_1, /* Generate Provable P & Q */ A_1_1_3, /* Verify Probable P & Q */ A_1_2_2, /* Verify Provable P & Q */ A_2_1, /* Generate Unverifiable G */ @@ -3868,7 +4189,7 @@ dsa_pqgver_test(char *reqfn) unsigned int i, j; PQGParams pqg; PQGVerify vfy; - unsigned int pghSize = 0; /* size for p, g, and h */ + unsigned int pghSize = 0; /* size for p, g, and h */ dsa_pqg_type type = FIPS186_1; dsareq = fopen(reqfn, "r"); @@ -3886,37 +4207,37 @@ dsa_pqgver_test(char *reqfn) /* [A.xxxxx ] */ if (buf[0] == '[' && buf[1] == 'A') { - if (strncmp(&buf[1],"A.1.1.3",7) == 0) { - type = A_1_1_3; - } else if (strncmp(&buf[1],"A.2.2",5) == 0) { - type = A_2_2; - } else if (strncmp(&buf[1],"A.2.4",5) == 0) { - type = A_2_4; - } else if (strncmp(&buf[1],"A.1.2.2",7) == 0) { - type = A_1_2_2; - /* validate our output from PQGGEN */ - } else if (strncmp(&buf[1],"A.1.1.2",7) == 0) { - type = A_2_4; /* validate PQ and G together */ - } else { - fprintf(stderr, "Unknown dsa ver test %s\n", &buf[1]); - exit(1); - } - + if (strncmp(&buf[1],"A.1.1.3",7) == 0) { + type = A_1_1_3; + } else if (strncmp(&buf[1],"A.2.2",5) == 0) { + type = A_2_2; + } else if (strncmp(&buf[1],"A.2.4",5) == 0) { + type = A_2_4; + } else if (strncmp(&buf[1],"A.1.2.2",7) == 0) { + type = A_1_2_2; + /* validate our output from PQGGEN */ + } else if (strncmp(&buf[1],"A.1.1.2",7) == 0) { + type = A_2_4; /* validate PQ and G together */ + } else { + fprintf(stderr, "Unknown dsa ver test %s\n", &buf[1]); + exit(1); + } + fputs(buf, dsaresp); continue; } - + /* [Mod = x] */ if (buf[0] == '[') { - if (type == FIPS186_1) { + if (type == FIPS186_1) { N=160; if (sscanf(buf, "[mod = %d]", &L) != 1) { goto loser; - } - } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) { - goto loser; + } + } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) { + goto loser; } if (pqg.prime.data) { /* P */ @@ -3940,17 +4261,17 @@ dsa_pqgver_test(char *reqfn) /*calculate the size of p, g, and h then allocate items */ pghSize = L/8; - pqg.base.data = vfy.h.data = NULL; - vfy.seed.len = pqg.base.len = vfy.h.len = 0; + pqg.base.data = vfy.h.data = NULL; + vfy.seed.len = pqg.base.len = vfy.h.len = 0; SECITEM_AllocItem(NULL, &pqg.prime, pghSize); SECITEM_AllocItem(NULL, &vfy.seed, pghSize*3); - if (type == A_2_2) { - SECITEM_AllocItem(NULL, &vfy.h, pghSize); - vfy.h.len = pghSize; - } else if (type == A_2_4) { - SECITEM_AllocItem(NULL, &vfy.h, 1); - vfy.h.len = 1; - } + if (type == A_2_2) { + SECITEM_AllocItem(NULL, &vfy.h, pghSize); + vfy.h.len = pghSize; + } else if (type == A_2_4) { + SECITEM_AllocItem(NULL, &vfy.h, 1); + vfy.h.len = 1; + } pqg.prime.len = pghSize; /* q is always N bits */ SECITEM_AllocItem(NULL, &pqg.subPrime, N/8); @@ -4009,24 +4330,24 @@ dsa_pqgver_test(char *reqfn) if (strncmp(buf, "Seed", 4) == 0) { i = 4; } else if (strncmp(buf, "domain_parameter_seed", 21) == 0) { - i = 21; - } else if (strncmp(buf,"firstseed",9) == 0) { - i = 9; - } else { - i = 0; - } - if (i) { + i = 21; + } else if (strncmp(buf,"firstseed",9) == 0) { + i = 9; + } else { + i = 0; + } + if (i) { while (isspace(buf[i]) || buf[i] == '=') { i++; } for (j=0; isxdigit(buf[i]); i+=2,j++) { hex_to_byteval(&buf[i], &vfy.seed.data[j]); } - vfy.seed.len = j; + vfy.seed.len = j; fputs(buf, dsaresp); - if (type == A_2_4) { - SECStatus result; + if (type == A_2_4) { + SECStatus result; /* Verify the Parameters */ SECStatus rv = PQG_VerifyParams(&pqg, &vfy, &result); @@ -4038,49 +4359,49 @@ dsa_pqgver_test(char *reqfn) } else { fprintf(dsaresp, "Result = F\n"); } - } + } continue; } - if ((strncmp(buf,"pseed",5) == 0) || - (strncmp(buf,"qseed",5) == 0)) - { - i = 5; + if ((strncmp(buf,"pseed",5) == 0) || + (strncmp(buf,"qseed",5) == 0)) + { + i = 5; while (isspace(buf[i]) || buf[i] == '=') { i++; } for (j=vfy.seed.len; isxdigit(buf[i]); i+=2,j++) { hex_to_byteval(&buf[i], &vfy.seed.data[j]); } - vfy.seed.len = j; + vfy.seed.len = j; fputs(buf, dsaresp); continue; - } + } if (strncmp(buf, "index", 4) == 0) { - i=5; + i=5; while (isspace(buf[i]) || buf[i] == '=') { i++; } - hex_to_byteval(&buf[i], &vfy.h.data[0]); - vfy.h.len = 1; + hex_to_byteval(&buf[i], &vfy.h.data[0]); + vfy.h.len = 1; fputs(buf, dsaresp); - } + } /* c = ... or counter=*/ if (buf[0] == 'c') { - if (strncmp(buf,"counter", 7) == 0) { + if (strncmp(buf,"counter", 7) == 0) { if (sscanf(buf, "counter = %u", &vfy.counter) != 1) { goto loser; - } - } else { + } + } else { if (sscanf(buf, "c = %u", &vfy.counter) != 1) { goto loser; - } + } } fputs(buf, dsaresp); if (type == A_1_1_3) { - SECStatus result; + SECStatus result; /* only verify P and Q, we have everything now. do it */ SECStatus rv = PQG_VerifyParams(&pqg, &vfy, &result); if (rv != SECSuccess) { @@ -4095,17 +4416,17 @@ dsa_pqgver_test(char *reqfn) } continue; } - if (strncmp(buf,"pgen_counter", 12) == 0) { + if (strncmp(buf,"pgen_counter", 12) == 0) { if (sscanf(buf, "pgen_counter = %u", &vfy.counter) != 1) { goto loser; - } + } fputs(buf, dsaresp); - continue; - } - if (strncmp(buf,"qgen_counter", 12) == 0) { + continue; + } + if (strncmp(buf,"qgen_counter", 12) == 0) { fputs(buf, dsaresp); if (type == A_1_2_2) { - SECStatus result; + SECStatus result; /* only verify P and Q, we have everything now. do it */ SECStatus rv = PQG_VerifyParams(&pqg, &vfy, &result); if (rv != SECSuccess) { @@ -4118,8 +4439,8 @@ dsa_pqgver_test(char *reqfn) } fprintf(dsaresp, "\n"); } - continue; - } + continue; + } /* H = ... */ if (buf[0] == 'H') { SECStatus rv, result = SECFailure; @@ -4131,18 +4452,18 @@ dsa_pqgver_test(char *reqfn) for (j=0; isxdigit(buf[i]); i+=2,j++) { hex_to_byteval(&buf[i], &vfy.h.data[j]); } - vfy.h.len = j; + vfy.h.len = j; fputs(buf, dsaresp); - /* this should be a byte value. Remove the leading zeros. If - * it doesn't reduce to a byte, PQG_VerifyParams will catch it - if (type == A_2_2) { - data_save = vfy.h.data; - while(vfy.h.data[0] && (vfy.h.len > 1)) { - vfy.h.data++; - vfy.h.len--; - } - } */ + /* this should be a byte value. Remove the leading zeros. If + * it doesn't reduce to a byte, PQG_VerifyParams will catch it + if (type == A_2_2) { + data_save = vfy.h.data; + while(vfy.h.data[0] && (vfy.h.len > 1)) { + vfy.h.data++; + vfy.h.len--; + } + } */ /* Verify the Parameters */ rv = PQG_VerifyParams(&pqg, &vfy, &result); @@ -4199,6 +4520,7 @@ dsa_pqggen_test(char *reqfn) int L; int i; unsigned int j; + int output_g = 1; PQGParams *pqg = NULL; PQGVerify *vfy = NULL; unsigned int keySizeIndex = 0; @@ -4215,21 +4537,23 @@ dsa_pqggen_test(char *reqfn) /* [A.xxxxx ] */ if (buf[0] == '[' && buf[1] == 'A') { - if (strncmp(&buf[1],"A.1.1.2",7) == 0) { - type = A_1_1_2; - } else if (strncmp(&buf[1],"A.2.1",5) == 0) { - fprintf(stderr, "NSS only Generates G with P&Q\n"); + if (strncmp(&buf[1],"A.1.1.2",7) == 0) { + fprintf(stderr, "NSS does Generate Probablistic Primes\n"); exit(1); - } else if (strncmp(&buf[1],"A.2.3",5) == 0) { - fprintf(stderr, "NSS only Generates G with P&Q\n"); - exit(1); - } else if (strncmp(&buf[1],"A.1.2.1",7) == 0) { - fprintf(stderr, "NSS does not support Shawe-Taylor Primes\n"); - exit(1); - } else { - fprintf(stderr, "Unknown dsa ver test %s\n", &buf[1]); - exit(1); - } + } else if (strncmp(&buf[1],"A.2.1",5) == 0) { + type = A_1_2_1; + output_g = 1; + exit(1); + } else if (strncmp(&buf[1],"A.2.3",5) == 0) { + fprintf(stderr, "NSS only Generates G with P&Q\n"); + exit(1); + } else if (strncmp(&buf[1],"A.1.2.1",7) == 0) { + type = A_1_2_1; + output_g = 0; + } else { + fprintf(stderr, "Unknown dsa pqggen test %s\n", &buf[1]); + exit(1); + } fputs(buf, dsaresp); continue; } @@ -4237,19 +4561,19 @@ dsa_pqggen_test(char *reqfn) /* [Mod = ... ] */ if (buf[0] == '[') { - if (type == FIPS186_1) { + if (type == FIPS186_1) { N=160; if (sscanf(buf, "[mod = %d]", &L) != 1) { goto loser; - } - } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) { - goto loser; + } + } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) { + goto loser; } fputs(buf, dsaresp); fputc('\n', dsaresp); - if (type == FIPS186_1) { + if (type == FIPS186_1) { /************************************************************ * PQG_ParamGenSeedLen doesn't take a key size, it takes an * index that points to a valid key size. @@ -4266,7 +4590,11 @@ dsa_pqggen_test(char *reqfn) } /* N = ... */ if (buf[0] == 'N') { - if (sscanf(buf, "N = %d", &count) != 1) { + if (strncmp(buf, "Num", 3) == 0) { + if (sscanf(buf, "Num = %d", &count) != 1) { + goto loser; + } + } else if (sscanf(buf, "N = %d", &count) != 1) { goto loser; } for (i = 0; i < count; i++) { @@ -4287,24 +4615,38 @@ dsa_pqggen_test(char *reqfn) fprintf(dsaresp, "P = %s\n", buf); to_hex_str(buf, pqg->subPrime.data, pqg->subPrime.len); fprintf(dsaresp, "Q = %s\n", buf); - to_hex_str(buf, pqg->base.data, pqg->base.len); - fprintf(dsaresp, "G = %s\n", buf); - if (type == FIPS186_1) { + if (output_g) { + to_hex_str(buf, pqg->base.data, pqg->base.len); + fprintf(dsaresp, "G = %s\n", buf); + } + if (type == FIPS186_1) { to_hex_str(buf, vfy->seed.data, vfy->seed.len); fprintf(dsaresp, "Seed = %s\n", buf); fprintf(dsaresp, "c = %d\n", vfy->counter); to_hex_str(buf, vfy->h.data, vfy->h.len); fputs("H = ", dsaresp); for (j=vfy->h.len; j< pqg->prime.len; j++) { - fprintf(dsaresp, "00"); + fprintf(dsaresp, "00"); } fprintf(dsaresp, "%s\n", buf); - } else { - fprintf(dsaresp, "counter = %d\n", vfy->counter); - fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]); - to_hex_str(buf, vfy->seed.data, vfy->seed.len); - fprintf(dsaresp, "domain_parameter_seed = %s\n", buf); - } + } else { + unsigned int seedlen = vfy->seed.len/2; + unsigned int pgen_counter = vfy->counter >> 16; + unsigned int qgen_counter = vfy->counter & 0xffff; + /*fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]); */ + to_hex_str(buf, vfy->seed.data, seedlen); + fprintf(dsaresp, "pseed = %s\n", buf); + to_hex_str(buf, vfy->seed.data+seedlen, seedlen); + fprintf(dsaresp, "qseed = %s\n", buf); + fprintf(dsaresp, "pgen_counter = %d\n", pgen_counter); + fprintf(dsaresp, "qgen_counter = %d\n", qgen_counter); + if (output_g) { + to_hex_str(buf, vfy->seed.data, vfy->seed.len); + fprintf(dsaresp, "domain_parameter_seed = %s\n", buf); + fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]); + } + + } fputc('\n', dsaresp); if(pqg!=NULL) { PQG_DestroyParams(pqg); @@ -4390,7 +4732,7 @@ dsa_siggen_test(char *reqfn) if (sscanf(buf, "[mod = L=%d, N=%d, SHA-%d]", &L, & N, &hashNum) != 3) { use_dsa1 = PR_TRUE; - hashNum = 1; + hashNum = 1; if (sscanf(buf, "[mod = %d]", &modulus) != 1) { goto loser; } @@ -4437,11 +4779,11 @@ dsa_siggen_test(char *reqfn) goto loser; } - hashType = sha_get_hashType(hashNum); - if (hashType == HASH_AlgNULL) { - fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum); - goto loser; - } + hashType = sha_get_hashType(hashNum); + if (hashType == HASH_AlgNULL) { + fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum); + goto loser; + } continue; } @@ -4450,10 +4792,10 @@ dsa_siggen_test(char *reqfn) unsigned char msg[128]; /* MAX msg 128 */ unsigned int len = 0; - if (hashType == HASH_AlgNULL) { - fprintf(dsaresp, "ERROR: Hash Alg not set"); - goto loser; - } + if (hashType == HASH_AlgNULL) { + fprintf(dsaresp, "ERROR: Hash Alg not set"); + goto loser; + } memset(hashBuf, 0, sizeof hashBuf); memset(sig, 0, sizeof sig); @@ -4467,7 +4809,7 @@ dsa_siggen_test(char *reqfn) } if (fips_hashBuf(hashType, hashBuf, msg, j) != SECSuccess) { fprintf(dsaresp, "ERROR: Unable to generate SHA% digest", - hashNum); + hashNum); goto loser; } @@ -4562,8 +4904,8 @@ dsa_sigver_test(char *reqfn) if (sscanf(buf, "[mod = L=%d, N=%d, SHA-%d]", &L, & N, &hashNum) != 3) { - N=160; - hashNum = 1; + N=160; + hashNum = 1; if (sscanf(buf, "[mod = %d]", &L) != 1) { goto loser; } @@ -4595,11 +4937,11 @@ dsa_sigver_test(char *reqfn) SECITEM_AllocItem(NULL, &pubkey.params.subPrime, N/8); pubkey.params.subPrime.len = N/8; - hashType = sha_get_hashType(hashNum); - if (hashType == HASH_AlgNULL) { - fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum); - goto loser; - } + hashType = sha_get_hashType(hashNum); + if (hashType == HASH_AlgNULL) { + fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum); + goto loser; + } continue; } @@ -4653,10 +4995,10 @@ dsa_sigver_test(char *reqfn) unsigned char msg[128]; /* MAX msg 128 */ memset(hashBuf, 0, sizeof hashBuf); - if (hashType == HASH_AlgNULL) { - fprintf(dsaresp, "ERROR: Hash Alg not set"); - goto loser; - } + if (hashType == HASH_AlgNULL) { + fprintf(dsaresp, "ERROR: Hash Alg not set"); + goto loser; + } i = 3; while (isspace(buf[i]) || buf[i] == '=') { @@ -4667,7 +5009,7 @@ dsa_sigver_test(char *reqfn) } if (fips_hashBuf(hashType, hashBuf, msg, j) != SECSuccess) { fprintf(dsaresp, "ERROR: Unable to generate SHA-%d digest", - hashNum); + hashNum); goto loser; } @@ -4707,17 +5049,17 @@ dsa_sigver_test(char *reqfn) /* S = ... */ if (buf[0] == 'S') { - if (hashType == HASH_AlgNULL) { - fprintf(dsaresp, "ERROR: Hash Alg not set"); - goto loser; - } + if (hashType == HASH_AlgNULL) { + fprintf(dsaresp, "ERROR: Hash Alg not set"); + goto loser; + } i = 1; while (isspace(buf[i]) || buf[i] == '=') { i++; } for (j=pubkey.params.subPrime.len; - j< pubkey.params.subPrime.len*2; i+=2,j++) { + j< pubkey.params.subPrime.len*2; i+=2,j++) { hex_to_byteval(&buf[i], &sig[j]); } fputs(buf, dsaresp); @@ -4734,7 +5076,7 @@ dsa_sigver_test(char *reqfn) } else { fprintf(dsaresp, "Result = F\n"); } - fprintf(dsaresp, "\n"); + fprintf(dsaresp, "\n"); continue; } } @@ -4754,6 +5096,118 @@ loser: } } +static void +pad(unsigned char *buf, int pad_len, unsigned char *src, int src_len) +{ + int offset = 0; + /* this shouldn't happen, fail right away rather than produce bad output */ + if (pad_len < src_len) { + fprintf(stderr, "data bigger than expected! %d > %d\n", src_len, pad_len); + exit(1); + } + + offset = pad_len - src_len; + memset(buf, 0, offset); + memcpy(buf+offset, src, src_len); + return; +} + + +/* + * Perform the DSA Key Pair Generation Test. + * + * reqfn is the pathname of the REQUEST file. + * + * The output RESPONSE file is written to stdout. + */ +void +rsa_keypair_test(char *reqfn) +{ + char buf[800]; /* holds one line from the input REQUEST file + * or to the output RESPONSE file. + * 800 to hold (384 public key (x2 for HEX) + 1'\n' + */ + unsigned char buf2[400]; /* can't need more then 1/2 buf length */ + FILE *rsareq; /* input stream from the REQUEST file */ + FILE *rsaresp; /* output stream to the RESPONSE file */ + int count; + int i; + int keySize; /* key size in bits*/ + int len = 0; /* key size in bytes */ + int len2 = 0; /* key size in bytes/2 (prime size) */ + SECItem e; + unsigned char default_e[] = { 0x1, 0x0, 0x1 }; + + e.data = default_e; + e.len = sizeof (default_e); + + rsareq = fopen(reqfn, "r"); + rsaresp = stdout; + while (fgets(buf, sizeof buf, rsareq) != NULL) { + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, rsaresp); + continue; + } + + /* [Mod = x] */ + if (buf[0] == '[') { + if (buf[1] == 'm') { + if (sscanf(buf, "[mod = %d]", &keySize) != 1) { + goto loser; + } + len = keySize/8; + len2 = keySize/16; + } + fputs(buf, rsaresp); + continue; + } + /* N = ...*/ + if (buf[0] == 'N') { + + if (sscanf(buf, "N = %d", &count) != 1) { + goto loser; + } + + /* Generate a DSA key, and output the key pair for N times */ + for (i = 0; i < count; i++) { + RSAPrivateKey *rsakey = NULL; + if ((rsakey = RSA_NewKey(keySize, &e)) == NULL) { + fprintf(rsaresp, "ERROR: Unable to generate RSA key"); + goto loser; + } + pad(buf2,len,rsakey->publicExponent.data, + rsakey->publicExponent.len); + to_hex_str(buf, buf2, len); + fprintf(rsaresp, "e = %s\n", buf); + pad(buf2,len2,rsakey->prime1.data, + rsakey->prime1.len); + to_hex_str(buf, buf2, len2); + fprintf(rsaresp, "p = %s\n", buf); + pad(buf2,len2,rsakey->prime2.data, + rsakey->prime2.len); + to_hex_str(buf, buf2, len2); + fprintf(rsaresp, "q = %s\n", buf); + pad(buf2,len,rsakey->modulus.data, + rsakey->modulus.len); + to_hex_str(buf, buf2, len); + fprintf(rsaresp, "n = %s\n", buf); + pad(buf2,len,rsakey->privateExponent.data, + rsakey->privateExponent.len); + to_hex_str(buf, buf2, len); + fprintf(rsaresp, "d = %s\n", buf); + fprintf(rsaresp, "\n"); + PORT_FreeArena(rsakey->arena, PR_TRUE); + rsakey = NULL; + } + continue; + } + + } +loser: + fclose(rsareq); +} + /* * Perform the RSA Signature Generation Test. * @@ -4912,16 +5366,16 @@ rsa_siggen_test(char *reqfn) for (j=0; isxdigit(buf[i]) && j < sizeof(msg); i+=2,j++) { hex_to_byteval(&buf[i], &msg[j]); } - shaLength = fips_hashLen(shaAlg); - if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) { - if (shaLength == 0) { - fprintf(rsaresp, "ERROR: SHAAlg not defined."); - } + shaLength = fips_hashLen(shaAlg); + if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) { + if (shaLength == 0) { + fprintf(rsaresp, "ERROR: SHAAlg not defined."); + } fprintf(rsaresp, "ERROR: Unable to generate SHA%x", - shaLength == 160 ? 1 : shaLength); + shaLength == 160 ? 1 : shaLength); goto loser; } - shaOid = fips_hashOid(shaAlg); + shaOid = fips_hashOid(shaAlg); /* Perform RSA signature with the RSA private key. */ rv = RSA_HashSign( shaOid, @@ -5136,13 +5590,13 @@ rsa_sigver_test(char *reqfn) hex_to_byteval(&buf[i], &msg[j]); } - shaLength = fips_hashLen(shaAlg); - if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) { - if (shaLength == 0) { - fprintf(rsaresp, "ERROR: SHAAlg not defined."); - } + shaLength = fips_hashLen(shaAlg); + if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) { + if (shaLength == 0) { + fprintf(rsaresp, "ERROR: SHAAlg not defined."); + } fprintf(rsaresp, "ERROR: Unable to generate SHA%x", - shaLength == 160 ? 1 : shaLength); + shaLength == 160 ? 1 : shaLength); goto loser; } @@ -5175,6 +5629,8 @@ rsa_sigver_test(char *reqfn) signatureLength = j; fputs(buf, rsaresp); + shaOid = fips_hashOid(shaAlg); + /* Perform RSA verification with the RSA public key. */ rv = RSA_HashCheckSign( shaOid, rsa_public_key, @@ -5200,6 +5656,302 @@ loser: } } +void +tls(char *reqfn) +{ + char buf[256]; /* holds one line from the input REQUEST file. + * needs to be large enough to hold the longest + * line "XSeed = <128 hex digits>\n". + */ + unsigned char *pms = NULL; + int pms_len; + unsigned char *master_secret = NULL; + unsigned char *key_block = NULL; + int key_block_len; + unsigned char serverHello_random[SSL3_RANDOM_LENGTH]; + unsigned char clientHello_random[SSL3_RANDOM_LENGTH]; + unsigned char server_random[SSL3_RANDOM_LENGTH]; + unsigned char client_random[SSL3_RANDOM_LENGTH]; + FILE *tlsreq = NULL; /* input stream from the REQUEST file */ + FILE *tlsresp; /* output stream to the RESPONSE file */ + unsigned int i, j; + CK_SLOT_ID slotList[10]; + CK_SLOT_ID slotID; + CK_ULONG slotListCount = sizeof(slotList)/sizeof(slotList[0]); + CK_ULONG count; + static const CK_C_INITIALIZE_ARGS pk11args= { + NULL, NULL, NULL, NULL, CKF_LIBRARY_CANT_CREATE_OS_THREADS , + (void *)"flags=readOnly,noCertDB,noModDB", NULL }; + static CK_OBJECT_CLASS ck_secret = CKO_SECRET_KEY; + static CK_KEY_TYPE ck_generic = CKK_GENERIC_SECRET; + static CK_BBOOL ck_true = CK_TRUE; + static CK_ULONG one = 1; + CK_ATTRIBUTE create_template[] = { + { CKA_VALUE, NULL, 0 }, + { CKA_CLASS, &ck_secret, sizeof(ck_secret) }, + { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) }, + { CKA_DERIVE, &ck_true, sizeof (ck_true) }, + }; + CK_ULONG create_template_count = + sizeof(create_template)/sizeof(create_template[0]); + CK_ATTRIBUTE derive_template[] = { + { CKA_CLASS, &ck_secret, sizeof(ck_secret) }, + { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) }, + { CKA_DERIVE, &ck_true, sizeof(ck_true) }, + { CKA_VALUE_LEN, &one, sizeof(one) }, + }; + CK_ULONG derive_template_count = + sizeof(derive_template)/sizeof(derive_template[0]); + CK_ATTRIBUTE master_template = + { CKA_VALUE, NULL, 0 }; + CK_ATTRIBUTE kb1_template = + { CKA_VALUE, NULL, 0 }; + CK_ATTRIBUTE kb2_template = + { CKA_VALUE, NULL, 0 }; + + + CK_MECHANISM master_mech = { CKM_TLS_MASTER_KEY_DERIVE , NULL, 0 }; + CK_MECHANISM key_block_mech = { CKM_TLS_KEY_AND_MAC_DERIVE , NULL, 0}; + CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params; + CK_SSL3_KEY_MAT_PARAMS key_block_params; + CK_SSL3_KEY_MAT_OUT key_material; + CK_RV crv; + + /* set up PKCS #11 parameters */ + master_params.pVersion = NULL; + master_params.RandomInfo.pClientRandom = clientHello_random; + master_params.RandomInfo.ulClientRandomLen = sizeof(clientHello_random); + master_params.RandomInfo.pServerRandom = serverHello_random; + master_params.RandomInfo.ulServerRandomLen = sizeof(serverHello_random); + master_mech.pParameter = (void *) &master_params; + master_mech.ulParameterLen = sizeof(master_params); + key_block_params.ulMacSizeInBits = 0; + key_block_params.ulKeySizeInBits = 0; + key_block_params.ulIVSizeInBits = 0; + key_block_params.bIsExport = PR_FALSE; /* ignored anyway for TLS mech */ + key_block_params.RandomInfo.pClientRandom = client_random; + key_block_params.RandomInfo.ulClientRandomLen = sizeof(client_random); + key_block_params.RandomInfo.pServerRandom = server_random; + key_block_params.RandomInfo.ulServerRandomLen = sizeof(server_random); + key_block_params.pReturnedKeyMaterial = &key_material; + key_block_mech.pParameter = (void *) &key_block_params; + key_block_mech.ulParameterLen = sizeof(key_block_params); + + + crv = NSC_Initialize((CK_VOID_PTR)&pk11args); + if (crv != CKR_OK) { + fprintf(stderr,"NSC_Initialize failed crv=0x%x\n",(unsigned int)crv); + goto loser; + } + count = slotListCount; + crv = NSC_GetSlotList(PR_TRUE,slotList, &count); + if (crv != CKR_OK) { + fprintf(stderr,"NSC_GetSlotList failed crv=0x%x\n",(unsigned int)crv); + goto loser; + } + if ((count > slotListCount) || count < 1) { + fprintf(stderr, +"NSC_GetSlotList returned too many or too few slots: %d slots max=%d min=1\n", + (int) count, (int) slotListCount); + goto loser; + } + slotID = slotList[0]; + tlsreq = fopen(reqfn, "r"); + tlsresp = stdout; + while (fgets(buf, sizeof buf, tlsreq) != NULL) { + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, tlsresp); + continue; + } + /* [Xchange - SHA1] */ + if (buf[0] == '[') { + if (strncmp(buf, "[TLS", 4) == 0) { + if (buf[7] == '0') { + master_mech.mechanism = CKM_TLS_MASTER_KEY_DERIVE; + key_block_mech.mechanism = CKM_TLS_KEY_AND_MAC_DERIVE; + } else if (buf[7] == '2') { + master_mech.mechanism = + CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256; + key_block_mech.mechanism = + CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; + } else { + fprintf(stderr, "Unknown TLS type %x\n", + (unsigned int)buf[0]); + goto loser; + } + } + if (strncmp(buf, "[pre-master", 11) == 0) { + if (sscanf(buf, "[pre-master secret length = %d]", + &pms_len) != 1) { + goto loser; + } + pms_len = pms_len/8; + pms = malloc(pms_len); + master_secret = malloc(pms_len); + create_template[0].pValue = pms; + create_template[0].ulValueLen = pms_len; + master_template.pValue = master_secret; + master_template.ulValueLen = pms_len; + } + if (strncmp(buf, "[key", 4) == 0) { + if (sscanf(buf, "[key block length = %d]", &key_block_len) != 1) { + goto loser; + } + key_block_params.ulKeySizeInBits = 8; + key_block_params.ulIVSizeInBits = key_block_len/2-8; + key_block_len=key_block_len/8; + key_block = malloc(key_block_len); + kb1_template.pValue = &key_block[0]; + kb1_template.ulValueLen = 1; + kb2_template.pValue = &key_block[1]; + kb2_template.ulValueLen = 1; + key_material.pIVClient = &key_block[2]; + key_material.pIVServer = &key_block[2+key_block_len/2-1]; + } + fputs(buf, tlsresp); + continue; + } + /* "COUNT = x" begins a new data set */ + if (strncmp(buf, "COUNT", 5) == 0) { + /* zeroize the variables for the test with this data set */ + memset(pms, 0, pms_len); + memset(master_secret, 0, pms_len); + memset(key_block, 0, key_block_len); + fputs(buf, tlsresp); + continue; + } + /* pre_master_secret = ... */ + if (strncmp(buf, "pre_master_secret", 17) == 0) { + i = 17; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + for (j=0; j.req */ - if ( strcmp(argv[2], "kat") == 0) { - /* Known Answer Test (KAT) */ - aes_kat_mmt(argv[4]); - } else if (strcmp(argv[2], "mmt") == 0) { - /* Multi-block Message Test (MMT) */ - aes_kat_mmt(argv[4]); - } else if (strcmp(argv[2], "mct") == 0) { - /* Monte Carlo Test (MCT) */ - if ( strcmp(argv[3], "ecb") == 0) { - /* ECB mode */ - aes_ecb_mct(argv[4]); - } else if (strcmp(argv[3], "cbc") == 0) { - /* CBC mode */ - aes_cbc_mct(argv[4]); - } - } + /* argv[2]=kat|mmt|mct argv[3]=ecb|cbc argv[4]=.req */ + if ( strcmp(argv[2], "kat") == 0) { + /* Known Answer Test (KAT) */ + aes_kat_mmt(argv[4]); + } else if (strcmp(argv[2], "mmt") == 0) { + /* Multi-block Message Test (MMT) */ + aes_kat_mmt(argv[4]); + } else if (strcmp(argv[2], "gcm") == 0) { + if ( strcmp(argv[3], "decrypt") == 0) { + aes_gcm(argv[4],0); + } else if (strcmp(argv[3], "encrypt_extiv") == 0) { + aes_gcm(argv[4],1); + } else if (strcmp(argv[3], "encrypt_intiv") == 0) { + aes_gcm(argv[4],2); + } + } else if (strcmp(argv[2], "mct") == 0) { + /* Monte Carlo Test (MCT) */ + if ( strcmp(argv[3], "ecb") == 0) { + /* ECB mode */ + aes_ecb_mct(argv[4]); + } else if (strcmp(argv[3], "cbc") == 0) { + /* CBC mode */ + aes_cbc_mct(argv[4]); + } + } /*************/ /* SHA */ /*************/ @@ -5266,7 +6026,10 @@ int main(int argc, char **argv) } else if (strcmp(argv[2], "sigver") == 0) { /* Signature Verification Test */ rsa_sigver_test(argv[3]); - } + } else if (strcmp(argv[2], "keypair") == 0) { + /* Key Pair Generation Test */ + rsa_keypair_test(argv[3]); + } /*************/ /* HMAC */ /*************/ diff --git a/security/nss/cmd/lib/derprint.c b/security/nss/cmd/lib/derprint.c index 75811df3..285eb036 100644 --- a/security/nss/cmd/lib/derprint.c +++ b/security/nss/cmd/lib/derprint.c @@ -503,9 +503,10 @@ prettyPrintItem(FILE *out, const unsigned char *data, const unsigned char *end, data += lenLen; /* - * Just quit now if slen more bytes puts us off the end. + * Just quit now if slen more bytes puts us off the end, + * or if there's no more data to process. */ - if ((data + slen) > end) { + if ((data + slen) >= end) { PORT_SetError(SEC_ERROR_BAD_DER); return -1; } diff --git a/security/nss/cmd/pk11mode/pk11mode.c b/security/nss/cmd/pk11mode/pk11mode.c index ce89945a..901323ab 100644 --- a/security/nss/cmd/pk11mode/pk11mode.c +++ b/security/nss/cmd/pk11mode/pk11mode.c @@ -2090,8 +2090,8 @@ CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList, } PKM_LogIt("C_GetMechanismList returned the mechanism types:\n"); if (verbose) { - for (i = 1; i <= mechanismCount; i++) { - mechName = getName(pMechanismList[(i-1)], ConstMechanism); + for (i = 0; i < mechanismCount; i++) { + mechName = getName(pMechanismList[(i)], ConstMechanism); /* output two mechanism name on each line */ /* currently the longest known mechansim name length is 37 */ @@ -2100,7 +2100,7 @@ CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList, } else { printf("Unknown mechanism: 0x%08lX ", pMechanismList[i]); } - if ((i != 0) && ((i % 2) == 0 )) printf("\n"); + if ((i % 2) == 1 ) printf("\n"); } printf("\n\n"); } diff --git a/security/nss/lib/certhigh/certvfypkix.c b/security/nss/lib/certhigh/certvfypkix.c index 35f841e5..b89fe215 100644 --- a/security/nss/lib/certhigh/certvfypkix.c +++ b/security/nss/lib/certhigh/certvfypkix.c @@ -1454,7 +1454,6 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams, CERTCertListNode *node; PKIX_PL_Cert *certPkix = NULL; PKIX_TrustAnchor *trustAnchor = NULL; - PKIX_PL_Date *revDate = NULL; PKIX_RevocationChecker *revChecker = NULL; PKIX_PL_NssContext *nssContext = (PKIX_PL_NssContext *)plContext; @@ -1664,9 +1663,6 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams, if (date != NULL) PKIX_PL_Object_DecRef((PKIX_PL_Object *)date, plContext); - if (revDate != NULL) - PKIX_PL_Object_DecRef((PKIX_PL_Object *)revDate, plContext); - if (revChecker != NULL) PKIX_PL_Object_DecRef((PKIX_PL_Object *)revChecker, plContext); diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile index 68fcddfe..ab0b1e57 100644 --- a/security/nss/lib/freebl/Makefile +++ b/security/nss/lib/freebl/Makefile @@ -559,7 +559,7 @@ SINGLE_SHLIB_DIR = $(OBJDIR)/$(OS_TARGET)_SINGLE_SHLIB ALL_TRASH += $(SINGLE_SHLIB_DIR) $(SINGLE_SHLIB_DIR): - -mkdir $(SINGLE_SHLIB_DIR) + -mkdir -p $(SINGLE_SHLIB_DIR) release_md libs:: $(SINGLE_SHLIB_DIR) $(MAKE) FREEBL_CHILD_BUILD=1 \ diff --git a/security/nss/lib/freebl/nsslowhash.h b/security/nss/lib/freebl/nsslowhash.h index bbd537b5..bfce42be 100644 --- a/security/nss/lib/freebl/nsslowhash.h +++ b/security/nss/lib/freebl/nsslowhash.h @@ -8,6 +8,9 @@ * Also NOTE: this only works with Hashing. Only the FIPS interface is enabled. */ +#ifndef _NSSLOWHASH_H_ +#define _NSSLOWHASH_H_ + typedef struct NSSLOWInitContextStr NSSLOWInitContext; typedef struct NSSLOWHASHContextStr NSSLOWHASHContext; @@ -26,3 +29,5 @@ void NSSLOWHASH_End(NSSLOWHASHContext *context, unsigned int *ret, unsigned int len); void NSSLOWHASH_Destroy(NSSLOWHASHContext *context); unsigned int NSSLOWHASH_Length(NSSLOWHASHContext *context); + +#endif diff --git a/security/nss/lib/libpkix/include/pkix_revchecker.h b/security/nss/lib/libpkix/include/pkix_revchecker.h index 18a10cd2..a16d23a9 100644 --- a/security/nss/lib/libpkix/include/pkix_revchecker.h +++ b/security/nss/lib/libpkix/include/pkix_revchecker.h @@ -65,12 +65,10 @@ extern "C" { * FUNCTION: PKIX_RevocationChecker_Create * DESCRIPTION: * - * Creates revocation checker object with a given flags. + * Creates a revocation checker object with the given flags. Revocation will + * be checked at the current date. * * PARAMETERS: - * "revDate" - * Revocation will be checked at this date. Current date is taken if the - * parameter is not specified. * "leafMethodListFlags" * Defines a set of method independent flags that will be used to check * revocation of the leaf cert in the chain. diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index dbf6b961..8d361ecf 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -1381,6 +1381,7 @@ pk11_keyIDHash_populate(void *wincx) } moduleLock = SECMOD_GetDefaultModuleListLock(); if (!moduleLock) { + SECITEM_FreeItem(slotid, PR_TRUE); PORT_SetError(SEC_ERROR_NOT_INITIALIZED); return PR_FAILURE; } diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index 07a8c885..79bebe44 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -400,6 +400,7 @@ PK11_NewSlotInfo(SECMODModule *mod) slot->minPassword = 0; slot->maxPassword = 0; slot->hasRootCerts = PR_FALSE; + slot->hasRootTrust = PR_FALSE; slot->nssToken = NULL; return slot; } diff --git a/security/nss/lib/pkcs7/p7common.c b/security/nss/lib/pkcs7/p7common.c index 9a44f20b..17fadec6 100644 --- a/security/nss/lib/pkcs7/p7common.c +++ b/security/nss/lib/pkcs7/p7common.c @@ -566,7 +566,7 @@ SEC_PKCS7DecryptContents(PLArenaPool *poolp, { SECAlgorithmID *algid = NULL; SECStatus rv = SECFailure; - SECItem *result = NULL, *dest, *src; + SECItem *dest, *src; void *mark; PK11SymKey *eKey = NULL; @@ -645,9 +645,6 @@ SEC_PKCS7DecryptContents(PLArenaPool *poolp, loser: /* let success fall through */ - if(result != NULL) - SECITEM_ZfreeItem(result, PR_TRUE); - if(rv == SECFailure) PORT_ArenaRelease(poolp, mark); else diff --git a/security/nss/lib/smime/cmscinfo.c b/security/nss/lib/smime/cmscinfo.c index 56ca0f20..b6f1d0a6 100644 --- a/security/nss/lib/smime/cmscinfo.c +++ b/security/nss/lib/smime/cmscinfo.c @@ -227,7 +227,7 @@ NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentIn void * NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo) { - SECOidTag tag = (cinfo && cinfo->contentTypeTag) + SECOidTag tag = cinfo->contentTypeTag ? cinfo->contentTypeTag->offset : SEC_OID_UNKNOWN; switch (tag) { diff --git a/security/nss/lib/smime/cmssiginfo.c b/security/nss/lib/smime/cmssiginfo.c index ae35f053..f3635c2d 100644 --- a/security/nss/lib/smime/cmssiginfo.c +++ b/security/nss/lib/smime/cmssiginfo.c @@ -404,6 +404,7 @@ NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, if (NSS_CMSAttributeArray_Encode(poolp, &(signerinfo->authAttr), &encoded_attrs) == NULL || encoded_attrs.data == NULL || encoded_attrs.len == 0) { + PORT_FreeArena(poolp, PR_FALSE); vs = NSSCMSVS_ProcessingError; goto loser; } diff --git a/security/nss/lib/softoken/legacydb/Makefile b/security/nss/lib/softoken/legacydb/Makefile index 616c65fb..b7e94cae 100644 --- a/security/nss/lib/softoken/legacydb/Makefile +++ b/security/nss/lib/softoken/legacydb/Makefile @@ -20,7 +20,19 @@ include $(CORE_DEPTH)/coreconf/config.mk # (3) Include "component" configuration information. (OPTIONAL) # ####################################################################### - +ifdef NSS_NO_INIT_SUPPORT + DEFINES += -DNSS_NO_INIT_SUPPORT +endif +ifeq ($(OS_TARGET),Linux) +ifeq ($(CPU_ARCH),ppc) +ifdef USE_64 + DEFINES += -DNSS_NO_INIT_SUPPORT +endif # USE_64 +endif # ppc +else # !Linux + # turn off no init support everywhere for now + DEFINES += -DNSS_NO_INIT_SUPPORT +endif # Linux ####################################################################### # (4) Include "local" platform-dependent assignments (OPTIONAL). # diff --git a/security/nss/lib/softoken/legacydb/lginit.c b/security/nss/lib/softoken/legacydb/lginit.c index b2ff521a..b49f3fea 100644 --- a/security/nss/lib/softoken/legacydb/lginit.c +++ b/security/nss/lib/softoken/legacydb/lginit.c @@ -479,14 +479,6 @@ lg_HashNumber(const void *key) return (PLHashNumber)((char *)key - (char *)NULL); } -PRIntn -lg_CompareValues(const void *v1, const void *v2) -{ - PLHashNumber value1 = lg_HashNumber(v1); - PLHashNumber value2 = lg_HashNumber(v2); - return (value1 == value2); -} - /* * helper function to wrap a NSSLOWCERTCertDBHandle or a NSSLOWKEYDBHandle * with and sdb structure. @@ -515,7 +507,7 @@ lg_init(SDB **pSdb, int flags, NSSLOWCERTCertDBHandle *certdbPtr, if (lgdb_p->dbLock == NULL) { goto loser; } - lgdb_p->hashTable = PL_NewHashTable(64, lg_HashNumber, lg_CompareValues, + lgdb_p->hashTable = PL_NewHashTable(64, lg_HashNumber, PL_CompareValues, SECITEM_HashCompare, NULL, 0); if (lgdb_p->hashTable == NULL) { goto loser; diff --git a/security/nss/lib/softoken/legacydb/lgutil.c b/security/nss/lib/softoken/legacydb/lgutil.c index 88e46d6e..1b45bb01 100644 --- a/security/nss/lib/softoken/legacydb/lgutil.c +++ b/security/nss/lib/softoken/legacydb/lgutil.c @@ -303,8 +303,10 @@ lg_mkHandle(SDB *sdb, SECItem *dbKey, CK_OBJECT_HANDLE class) /* there is only one KRL, use a fixed handle for it */ if (handle != LG_TOKEN_KRL_HANDLE) { lg_XORHash(hashBuf,dbKey->data,dbKey->len); - handle = (hashBuf[0] << 24) | (hashBuf[1] << 16) | - (hashBuf[2] << 8) | hashBuf[3]; + handle = ((CK_OBJECT_HANDLE)hashBuf[0] << 24) | + ((CK_OBJECT_HANDLE)hashBuf[1] << 16) | + ((CK_OBJECT_HANDLE)hashBuf[2] << 8) | + (CK_OBJECT_HANDLE)hashBuf[3]; handle = class | (handle & ~(LG_TOKEN_TYPE_MASK|LG_TOKEN_MASK)); /* we have a CRL who's handle has randomly matched the reserved KRL * handle, increment it */ diff --git a/security/nss/lib/softoken/legacydb/pcertdb.c b/security/nss/lib/softoken/legacydb/pcertdb.c index 4eda4f0f..418de0b8 100644 --- a/security/nss/lib/softoken/legacydb/pcertdb.c +++ b/security/nss/lib/softoken/legacydb/pcertdb.c @@ -3381,13 +3381,10 @@ AddCertToPermDB(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTCertificate *cert, loser: /* don't leave partial entry in the database */ if ( state > 0 ) { - rv = DeleteDBCertEntry(handle, &cert->certKey); + DeleteDBCertEntry(handle, &cert->certKey); } if ( ( state > 1 ) && donnentry ) { - rv = DeleteDBNicknameEntry(handle, nickname); - } - if ( state > 2 ) { - rv = DeleteDBSubjectEntry(handle, &cert->derSubject); + DeleteDBNicknameEntry(handle, nickname); } if ( certEntry ) { DestroyDBEntry((certDBEntry *)certEntry); diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index a1aec599..434e7bdb 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -2577,6 +2577,7 @@ finish_rsa: } intpointer = PORT_New(CK_ULONG); if (intpointer == NULL) { + PORT_Free(ctx); crv = CKR_HOST_MEMORY; break; } @@ -2606,6 +2607,7 @@ finish_rsa: } intpointer = PORT_New(CK_ULONG); if (intpointer == NULL) { + PORT_Free(ctx); crv = CKR_HOST_MEMORY; break; } diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 5d7734f8..1bd35a01 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -94,19 +94,19 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { /* cipher_suite policy enabled isPresent */ #ifndef NSS_DISABLE_ECC - { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around * bug 946147. */ - { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, @@ -4731,6 +4731,11 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, SSL3Opaque sha_inner[MAX_MAC_LENGTH]; PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); + if (ss->ssl3.hs.hashType == handshake_hash_unknown) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + hashes->hashAlg = ssl_hash_none; #ifndef NO_PKCS11_BYPASS @@ -4769,7 +4774,6 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, return SECFailure; } - s[0] = (unsigned char)(sender >> 24); s[1] = (unsigned char)(sender >> 16); s[2] = (unsigned char)(sender >> 8); @@ -4906,7 +4910,6 @@ tls12_loser: return SECFailure; } - s[0] = (unsigned char)(sender >> 24); s[1] = (unsigned char)(sender >> 16); s[2] = (unsigned char)(sender >> 8); @@ -6958,7 +6961,6 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); if (peerKey == NULL) { - PORT_FreeArena(arena, PR_FALSE); goto no_memory; } @@ -6969,7 +6971,6 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (SECITEM_CopyItem(arena, &peerKey->u.rsa.modulus, &modulus) || SECITEM_CopyItem(arena, &peerKey->u.rsa.publicExponent, &exponent)) { - PORT_FreeArena(arena, PR_FALSE); goto no_memory; } ss->sec.peerKey = peerKey; @@ -7069,7 +7070,7 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) goto no_memory; } - ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); + peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); if (peerKey == NULL) { goto no_memory; } @@ -7083,7 +7084,6 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECITEM_CopyItem(arena, &peerKey->u.dh.base, &dh_g) || SECITEM_CopyItem(arena, &peerKey->u.dh.publicValue, &dh_Ys)) { - PORT_FreeArena(arena, PR_FALSE); goto no_memory; } ss->sec.peerKey = peerKey; @@ -7106,10 +7106,16 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) alert_loser: (void)SSL3_SendAlert(ss, alert_fatal, desc); loser: + if (arena) { + PORT_FreeArena(arena, PR_FALSE); + } PORT_SetError( errCode ); return SECFailure; no_memory: /* no-memory error has already been set. */ + if (arena) { + PORT_FreeArena(arena, PR_FALSE); + } ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); return SECFailure; } @@ -9555,6 +9561,13 @@ ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, goto alert_loser; } + if (!hashes) { + PORT_Assert(0); + desc = internal_error; + errCode = SEC_ERROR_LIBRARY_FAILURE; + goto alert_loser; + } + if (isTLS12) { rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length, &sigAndHash); @@ -11215,6 +11228,13 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, return SECFailure; } + if (!hashes) { + PORT_Assert(0); + SSL3_SendAlert(ss, alert_fatal, internal_error); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + isTLS = (PRBool)(ss->ssl3.crSpec->version > SSL_LIBRARY_VERSION_3_0); if (isTLS) { TLSFinished tlsFinished; @@ -11440,6 +11460,7 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECStatus rv = SECSuccess; SSL3HandshakeType type = ss->ssl3.hs.msg_type; SSL3Hashes hashes; /* computed hashes are put here. */ + SSL3Hashes *hashesPtr = NULL; /* Set when hashes are computed */ PRUint8 hdr[4]; PRUint8 dtlsData[8]; @@ -11450,7 +11471,8 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) * current message. */ ssl_GetSpecReadLock(ss); /************************************/ - if((type == finished) || (type == certificate_verify)) { + if(((type == finished) && (ss->ssl3.hs.ws == wait_finished)) || + ((type == certificate_verify) && (ss->ssl3.hs.ws == wait_cert_verify))) { SSL3Sender sender = (SSL3Sender)0; ssl3CipherSpec *rSpec = ss->ssl3.prSpec; @@ -11459,6 +11481,9 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) rSpec = ss->ssl3.crSpec; } rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender); + if (rv == SECSuccess) { + hashesPtr = &hashes; + } } ssl_ReleaseSpecReadLock(ss); /************************************/ if (rv != SECSuccess) { @@ -11609,7 +11634,7 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY); return SECFailure; } - rv = ssl3_HandleCertificateVerify(ss, b, length, &hashes); + rv = ssl3_HandleCertificateVerify(ss, b, length, hashesPtr); break; case client_key_exchange: if (!ss->sec.isServer) { @@ -11628,7 +11653,7 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) rv = ssl3_HandleNewSessionTicket(ss, b, length); break; case finished: - rv = ssl3_HandleFinished(ss, b, length, &hashes); + rv = ssl3_HandleFinished(ss, b, length, hashesPtr); break; default: (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message); diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index dac21744..4aac635c 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -704,7 +704,7 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) goto no_memory; } - ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); + peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); if (peerKey == NULL) { goto no_memory; } @@ -725,7 +725,6 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) /* copy publicValue in peerKey */ if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue, &ec_point)) { - PORT_FreeArena(arena, PR_FALSE); goto no_memory; } peerKey->pkcs11Slot = NULL; @@ -739,10 +738,16 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) alert_loser: (void)SSL3_SendAlert(ss, alert_fatal, desc); loser: + if (arena) { + PORT_FreeArena(arena, PR_FALSE); + } PORT_SetError( errCode ); return SECFailure; no_memory: /* no-memory error has already been set. */ + if (arena) { + PORT_FreeArena(arena, PR_FALSE); + } ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); return SECFailure; } diff --git a/security/nss/tests/all.sh b/security/nss/tests/all.sh index a92ac938..b9aea580 100644 --- a/security/nss/tests/all.sh +++ b/security/nss/tests/all.sh @@ -201,7 +201,7 @@ run_cycle_upgrade_db() # run the subset of tests with the upgraded database TESTS="${ALL_TESTS}" - TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits chains" + TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits chains ssl_gtests" echo "${NSS_SSL_TESTS}" | grep "_" > /dev/null RET=$? @@ -232,7 +232,7 @@ run_cycle_shared_db() # run the tests for native sharedb support TESTS="${ALL_TESTS}" - TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits" + TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits ssl_gtests" echo "${NSS_SSL_TESTS}" | grep "_" > /dev/null RET=$? @@ -273,7 +273,7 @@ run_cycles() cycles="standard pkix upgradedb sharedb" CYCLES=${NSS_CYCLES:-$cycles} -tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains" +tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ssl_gtests" TESTS=${NSS_TESTS:-$tests} ALL_TESTS=${TESTS} diff --git a/security/nss/tests/common/init.sh b/security/nss/tests/common/init.sh index 08ac583b..49fbdf16 100644 --- a/security/nss/tests/common/init.sh +++ b/security/nss/tests/common/init.sh @@ -234,7 +234,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then HTML_FAILED='Failed' HTML_FAILED_CORE='Failed Core' HTML_PASSED='Passed' - HTML_UNKNOWN='Unknown/TD>' + HTML_UNKNOWN='Unknown' TABLE_ARGS= diff --git a/security/nss/tests/ssl/ssl.sh b/security/nss/tests/ssl/ssl.sh index 6b8d0830..1bfb4b74 100644 --- a/security/nss/tests/ssl/ssl.sh +++ b/security/nss/tests/ssl/ssl.sh @@ -437,10 +437,10 @@ ssl_stapling_sub() start_selfserv echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} -v ${CLIENT_OPTIONS} \\" - echo " -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE}" + echo " -c v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE}" rm ${TMP}/$HOST.tmp.$$ 2>/dev/null ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \ - -d ${P_R_CLIENTDIR} -v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE} \ + -d ${P_R_CLIENTDIR} -v -c v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE} \ >${TMP}/$HOST.tmp.$$ 2>&1 ret=$? cat ${TMP}/$HOST.tmp.$$ diff --git a/security/nss/tests/ssl/sslauth.txt b/security/nss/tests/ssl/sslauth.txt index 9178cb87..aa8196c5 100644 --- a/security/nss/tests/ssl/sslauth.txt +++ b/security/nss/tests/ssl/sslauth.txt @@ -65,12 +65,12 @@ # SNI Tests # SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI - SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI - SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert + SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI + SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert SNI 0 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser SSL3 Server hello response without SNI - SNI 1 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions + SNI 1 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI - SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI + SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host.Dom TLS Server hello response with SNI: Change name on 2d HS - SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS - SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert + SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS + SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert From 0310c45fa3b28ec71f74862a5aaebfab6a39ce1d Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Tue, 7 Jan 2020 20:22:09 +0800 Subject: [PATCH 05/15] cherry-picked mozilla NSS upstream changes (to rev 46bd290c): bug1061701, bug1210361, bug1210364, bug1210380, bug1210389, bug1009429, bug1211444, bug1180096, bug1210484, bug1211915, bug1211725, bug1213931, bug1214806, bug1214762, bug1214777, bug1214841, bug1214834, bug1213948, bug1213980, bug1192028, bug1202868, bug1214829, bug1026688, bug1214825, bug1216318 --- security/nss/Makefile | 10 +- security/nss/cmd/certutil/certext.c | 1 + security/nss/cmd/modutil/install-ds.c | 3 + security/nss/cmd/modutil/install.c | 5 +- security/nss/cmd/shlibsign/shlibsign.c | 2 +- security/nss/coreconf/Linux.mk | 5 +- security/nss/coreconf/WIN32.mk | 3 +- security/nss/coreconf/arch.mk | 9 + security/nss/coreconf/mkdepend/parse.c | 4 +- security/nss/lib/certhigh/certvfy.c | 99 ++++++++- security/nss/lib/cryptohi/keyhi.h | 8 + security/nss/lib/cryptohi/seckey.c | 19 ++ security/nss/lib/dev/devutil.c | 1 + security/nss/lib/freebl/des.c | 19 +- security/nss/lib/jar/jarsign.c | 15 +- security/nss/lib/manifest.mn | 2 +- security/nss/lib/nss/manifest.mn | 2 + security/nss/lib/nss/nss.def | 8 + security/nss/lib/nss/nss.h | 13 ++ security/nss/lib/nss/nssoptions.c | 73 +++++++ security/nss/lib/nss/nssoptions.h | 21 ++ security/nss/lib/pk11wrap/pk11akey.c | 13 +- security/nss/lib/pk11wrap/pk11cert.c | 1 + security/nss/lib/pk11wrap/pk11nobj.c | 1 - security/nss/lib/pk11wrap/pk11pars.c | 23 +- security/nss/lib/pk11wrap/secmod.h | 3 + security/nss/lib/pkcs12/p12e.c | 15 +- security/nss/lib/pkcs7/p7common.c | 4 - security/nss/lib/pkcs7/p7local.c | 3 +- security/nss/lib/pki/pki3hack.c | 1 + security/nss/lib/pki/pkibase.c | 6 + security/nss/lib/smime/cmscipher.c | 6 +- security/nss/lib/softoken/pkcs11.c | 8 +- security/nss/lib/ssl/ssl3con.c | 46 +++- security/nss/lib/ssl/ssl3ext.c | 21 +- security/nss/lib/ssl/sslimpl.h | 9 - security/nss/lib/util/nssutil.def | 6 + security/nss/lib/util/secasn1d.c | 199 ++++++++++++++++-- security/nss/lib/util/utilpars.c | 49 ++++- security/nss/lib/util/utilpars.h | 4 + security/nss/tests/dbupgrade/dbupgrade.sh | 2 +- .../suites/security/pkcs11/pk11test.c | 2 +- 42 files changed, 654 insertions(+), 90 deletions(-) create mode 100644 security/nss/lib/nss/nssoptions.c create mode 100644 security/nss/lib/nss/nssoptions.h diff --git a/security/nss/Makefile b/security/nss/Makefile index 655c4d31..41f864d6 100644 --- a/security/nss/Makefile +++ b/security/nss/Makefile @@ -26,7 +26,9 @@ include $(CORE_DEPTH)/coreconf/config.mk # (4) Include "local" platform-dependent assignments (OPTIONAL). # ####################################################################### - +ifdef NSS_DISABLE_GTESTS +DIRS := $(filter-out external_tests,$(DIRS)) +endif ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # @@ -56,7 +58,11 @@ NSPR_CONFIGURE = $(CORE_DEPTH)/../nspr/configure # ifeq ($(OS_TARGET),Android) -NSPR_CONFIGURE_OPTS += --with-android-ndk=$(ANDROID_NDK) --target=arm-linux-androideabi --with-android-version=$(OS_TARGET_RELEASE) +NSPR_CONFIGURE_OPTS += --with-android-ndk=$(ANDROID_NDK) \ + --target=$(ANDROID_PREFIX) \ + --with-android-version=$(OS_TARGET_RELEASE) \ + --with-android-toolchain=$(ANDROID_TOOLCHAIN) \ + --with-android-platform=$(ANDROID_SYSROOT) endif ifdef BUILD_OPT NSPR_CONFIGURE_OPTS += --disable-debug --enable-optimize diff --git a/security/nss/cmd/certutil/certext.c b/security/nss/cmd/certutil/certext.c index c36bc2d2..8796747d 100644 --- a/security/nss/cmd/certutil/certext.c +++ b/security/nss/cmd/certutil/certext.c @@ -970,6 +970,7 @@ AddNameConstraints(void *extHandle) if (!arena || ! constraints) { SECU_PrintError(progName, "out of memory"); + PORT_FreeArena(arena, PR_FALSE); return SECFailure; } diff --git a/security/nss/cmd/modutil/install-ds.c b/security/nss/cmd/modutil/install-ds.c index 9d3777a5..efa3c168 100644 --- a/security/nss/cmd/modutil/install-ds.c +++ b/security/nss/cmd/modutil/install-ds.c @@ -471,6 +471,9 @@ loser: PR_Free(_this->arch); _this->arch = NULL; } + if(copy) { + PR_Free(copy); + } return errStr; } diff --git a/security/nss/cmd/modutil/install.c b/security/nss/cmd/modutil/install.c index 283fc790..bcc7c7e2 100644 --- a/security/nss/cmd/modutil/install.c +++ b/security/nss/cmd/modutil/install.c @@ -833,7 +833,10 @@ rm_dash_r (char *path) /* Recursively delete all entries in the directory */ while((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) { sprintf(filename, "%s/%s", path, entry->name); - if(rm_dash_r(filename)) return -1; + if(rm_dash_r(filename)) { + PR_CloseDir(dir); + return -1; + } } if(PR_CloseDir(dir) != PR_SUCCESS) { diff --git a/security/nss/cmd/shlibsign/shlibsign.c b/security/nss/cmd/shlibsign/shlibsign.c index 0a4edc11..7ddbf343 100644 --- a/security/nss/cmd/shlibsign/shlibsign.c +++ b/security/nss/cmd/shlibsign/shlibsign.c @@ -522,7 +522,7 @@ CK_RVtoStr(CK_RV errNum) { /* Do binary search of table. */ while (low + 1 < high) { - i = (low + high) / 2; + i = low + (high - low) / 2; num = errStrings[i].errNum; if (errNum == num) return errStrings[i].errString; diff --git a/security/nss/coreconf/Linux.mk b/security/nss/coreconf/Linux.mk index cbd5e05c..0e083f14 100644 --- a/security/nss/coreconf/Linux.mk +++ b/security/nss/coreconf/Linux.mk @@ -25,9 +25,12 @@ DEFAULT_COMPILER = gcc ifeq ($(OS_TARGET),Android) ifndef ANDROID_NDK $(error Must set ANDROID_NDK to the path to the android NDK first) +endif +ifndef ANDROID_TOOLCHAIN_VERSION + $(error Must set ANDROID_TOOLCHAIN_VERSION to the requested version number) endif ANDROID_PREFIX=$(OS_TEST)-linux-androideabi - ANDROID_TARGET=$(ANDROID_PREFIX)-4.4.3 + ANDROID_TARGET=$(ANDROID_PREFIX)-$(ANDROID_TOOLCHAIN_VERSION) # should autodetect which linux we are on, currently android only # supports linux-x86 prebuilts ANDROID_TOOLCHAIN=$(ANDROID_NDK)/toolchains/$(ANDROID_TARGET)/prebuilt/linux-x86 diff --git a/security/nss/coreconf/WIN32.mk b/security/nss/coreconf/WIN32.mk index 7fe950a3..b73e815c 100644 --- a/security/nss/coreconf/WIN32.mk +++ b/security/nss/coreconf/WIN32.mk @@ -197,7 +197,8 @@ ifneq ($(_MSC_VER),$(_MSC_VER_6)) # Disable C4267: conversion from 'size_t' to 'type', possible loss of data # Disable C4244: conversion from 'type1' to 'type2', possible loss of data # Disable C4018: 'expression' : signed/unsigned mismatch - OS_CFLAGS += -w44267 -w44244 -w44018 + # Disable C4312: 'type cast': conversion from 'type1' to 'type2' of greater size + OS_CFLAGS += -w44267 -w44244 -w44018 -w44312 ifeq ($(_MSC_VER_GE_12),1) OS_CFLAGS += -FS endif diff --git a/security/nss/coreconf/arch.mk b/security/nss/coreconf/arch.mk index 782e6c03..62ba8d5d 100644 --- a/security/nss/coreconf/arch.mk +++ b/security/nss/coreconf/arch.mk @@ -280,7 +280,12 @@ endif # IMPL_STRATEGY may be defined too. # +ifdef CROSS_COMPILE +OBJDIR_NAME = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG).OBJ +else OBJDIR_NAME = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(COMPILER_TAG)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG).OBJ +endif + ifeq (,$(filter-out WIN%,$(OS_TARGET))) ifndef BUILD_OPT @@ -289,7 +294,11 @@ ifndef BUILD_OPT # (RTL) in the debug build # ifdef USE_DEBUG_RTL + ifdef CROSS_COMPILE + OBJDIR_NAME = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG).OBJD + else OBJDIR_NAME = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(COMPILER_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG).OBJD + endif endif endif endif diff --git a/security/nss/coreconf/mkdepend/parse.c b/security/nss/coreconf/mkdepend/parse.c index 968d2c4e..763ea003 100644 --- a/security/nss/coreconf/mkdepend/parse.c +++ b/security/nss/coreconf/mkdepend/parse.c @@ -350,7 +350,7 @@ define2(char *name, char *val, struct inclist *file) /* Fast inline binary search */ register char *s1; register char *s2; - register int middle = (first + last) / 2; + register int middle = first + (last - first) / 2; /* Fast inline strchr() */ s1 = name; @@ -436,7 +436,7 @@ slookup(char *symbol, struct inclist *file) /* Fast inline binary search */ register char *s1; register char *s2; - register int middle = (first + last) / 2; + register int middle = first + (last - first) / 2; /* Fast inline strchr() */ s1 = symbol; diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c index 3141163d..d5dcbe8a 100644 --- a/security/nss/lib/certhigh/certvfy.c +++ b/security/nss/lib/certhigh/certvfy.c @@ -6,7 +6,6 @@ #include "secport.h" #include "seccomon.h" #include "secoid.h" -#include "sslerr.h" #include "genname.h" #include "keyhi.h" #include "cert.h" @@ -23,6 +22,7 @@ #include "pkim.h" #include "pki3hack.h" #include "base.h" +#include "keyhi.h" /* * Check the validity times of a certificate @@ -34,6 +34,94 @@ CERT_CertTimesValid(CERTCertificate *c) return (valid == secCertTimeValid) ? SECSuccess : SECFailure; } +SECStatus checkKeyParams(const SECAlgorithmID *sigAlgorithm, const SECKEYPublicKey *key) +{ + SECStatus rv; + SECOidTag sigAlg; + SECOidTag curve; + PRUint32 policyFlags = 0; + PRInt32 minLen, len; + + sigAlg = SECOID_GetAlgorithmTag(sigAlgorithm); + + switch(sigAlg) { + case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: + if (key->keyType != ecKey) { + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return SECFailure; + } + + curve = SECKEY_GetECCOid(&key->u.ec.DEREncodedParams); + if (curve != 0) { + if (NSS_GetAlgorithmPolicy(curve, &policyFlags) == SECFailure || + !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) { + PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); + return SECFailure; + } else { + return SECSuccess; + } + } else { + PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); + return SECFailure; + } + return SECSuccess; + case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: + case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: + case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: + if (key->keyType != rsaKey && key->keyType != rsaPssKey) { + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return SECFailure; + } + + len = 8 * key->u.rsa.modulus.len; + + rv = NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minLen); + if (rv != SECSuccess) { + return SECFailure; + } + + if (len < minLen) { + return SECFailure; + } + + return SECSuccess; + case SEC_OID_ANSIX9_DSA_SIGNATURE: + case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: + case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST: + case SEC_OID_SDN702_DSA_SIGNATURE: + case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST: + case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST: + if (key->keyType != dsaKey) { + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return SECFailure; + } + + len = 8 * key->u.dsa.params.prime.len; + + rv = NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &minLen); + if (rv != SECSuccess) { + return SECFailure; + } + + if (len < minLen) { + return SECFailure; + } + + return SECSuccess; + default: + return SECSuccess; + } +} + /* * verify the signature of a signed data object with the given DER publickey */ @@ -50,7 +138,6 @@ CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd, PORT_SetError(PR_INVALID_ARGUMENT_ERROR); return SECFailure; } - /* check the signature */ sig = sd->signature; /* convert sig->len from bit counts to byte count. */ @@ -61,11 +148,17 @@ CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd, if (rv == SECSuccess) { /* Are we honoring signatures for this algorithm? */ PRUint32 policyFlags = 0; + rv = checkKeyParams(&sd->signatureAlgorithm, pubKey); + if (rv != SECSuccess) { + PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); + return SECFailure; + } + rv = NSS_GetAlgorithmPolicy(hashAlg, &policyFlags); if (rv == SECSuccess && !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) { PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); - rv = SECFailure; + return SECFailure; } } return rv; diff --git a/security/nss/lib/cryptohi/keyhi.h b/security/nss/lib/cryptohi/keyhi.h index 411ea00e..0ed3698e 100644 --- a/security/nss/lib/cryptohi/keyhi.h +++ b/security/nss/lib/cryptohi/keyhi.h @@ -260,6 +260,14 @@ extern int SECKEY_ECParamsToKeySize(const SECItem *params); */ extern int SECKEY_ECParamsToBasePointOrderLen(const SECItem *params); +/* + * Returns the object identifier of the curve, of the provided + * elliptic curve parameters structures. + * + * Return 0 on failure (unknown EC domain parameters). + */ +SECOidTag SECKEY_GetECCOid(const SECKEYECParams * params); + SEC_END_PROTOS #endif /* _KEYHI_H_ */ diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c index db72b745..1fcd4087 100644 --- a/security/nss/lib/cryptohi/seckey.c +++ b/security/nss/lib/cryptohi/seckey.c @@ -1904,3 +1904,22 @@ SECKEY_CacheStaticFlags(SECKEYPrivateKey* key) } return rv; } + +SECOidTag +SECKEY_GetECCOid(const SECKEYECParams * params) +{ + SECItem oid = { siBuffer, NULL, 0}; + SECOidData *oidData = NULL; + + /* + * params->data needs to contain the ASN encoding of an object ID (OID) + * representing a named curve. Here, we strip away everything + * before the actual OID and use the OID to look up a named curve. + */ + if (params->data[0] != SEC_ASN1_OBJECT_ID) return 0; + oid.len = params->len - 2; + oid.data = params->data + 2; + if ((oidData = SECOID_FindOID(&oid)) == NULL) return 0; + + return oidData->offset; +} diff --git a/security/nss/lib/dev/devutil.c b/security/nss/lib/dev/devutil.c index 9d1aaf65..400b69d7 100644 --- a/security/nss/lib/dev/devutil.c +++ b/security/nss/lib/dev/devutil.c @@ -579,6 +579,7 @@ get_token_objects_for_cache ( &numObjects, &status); if (status != PR_SUCCESS) { + nss_ZFreeIf(objects); return status; } for (i=0; i /* for ptrdiff_t */ /* #define USE_INDEXING 1 */ +/* Some processors automatically fix up unaligned memory access, so they can + * read or write a HALF (4 bytes) at a time whether the address is 4-byte + * aligned or not. */ +#if defined(NSS_X86_OR_X64) +#define HAVE_UNALIGNED_ACCESS 1 +#endif + /* * The tables below are the 8 sbox functions, with the 6-bit input permutation * and the 32-bit output permutation pre-computed. @@ -421,11 +428,13 @@ DES_MakeSchedule( HALF * ks, const BYTE * key, DESDirection direction) int delta; unsigned int ls; -#if defined(NSS_X86_OR_X64) +#if defined(HAVE_UNALIGNED_ACCESS) left = HALFPTR(key)[0]; right = HALFPTR(key)[1]; +#if defined(IS_LITTLE_ENDIAN) BYTESWAP(left, temp); BYTESWAP(right, temp); +#endif #else if (((ptrdiff_t)key & 0x03) == 0) { left = HALFPTR(key)[0]; @@ -572,11 +581,13 @@ DES_Do1Block(HALF * ks, const BYTE * inbuf, BYTE * outbuf) register HALF left, right; register HALF temp; -#if defined(NSS_X86_OR_X64) +#if defined(HAVE_UNALIGNED_ACCESS) left = HALFPTR(inbuf)[0]; right = HALFPTR(inbuf)[1]; +#if defined(IS_LITTLE_ENDIAN) BYTESWAP(left, temp); BYTESWAP(right, temp); +#endif #else if (((ptrdiff_t)inbuf & 0x03) == 0) { left = HALFPTR(inbuf)[0]; @@ -643,9 +654,11 @@ DES_Do1Block(HALF * ks, const BYTE * inbuf, BYTE * outbuf) FP(left, right, temp); -#if defined(NSS_X86_OR_X64) +#if defined(HAVE_UNALIGNED_ACCESS) +#if defined(IS_LITTLE_ENDIAN) BYTESWAP(left, temp); BYTESWAP(right, temp); +#endif HALFPTR(outbuf)[0] = left; HALFPTR(outbuf)[1] = right; #else diff --git a/security/nss/lib/jar/jarsign.c b/security/nss/lib/jar/jarsign.c index f0299b1c..9beaa3bf 100644 --- a/security/nss/lib/jar/jarsign.c +++ b/security/nss/lib/jar/jarsign.c @@ -49,8 +49,15 @@ JAR_calculate_digest(void *data, long length) return NULL; } - md5 = PK11_CreateDigestContext(SEC_OID_MD5); + md5 = PK11_CreateDigestContext(SEC_OID_MD5); + if (md5 == NULL) { + return NULL; + } sha1 = PK11_CreateDigestContext(SEC_OID_SHA1); + if (sha1 == NULL) { + PK11_DestroyContext(md5, PR_TRUE); + return NULL; + } if (length >= 0) { PK11_DigestBegin (md5); @@ -107,6 +114,12 @@ JAR_digest_file (char *filename, JAR_Digest *dig) sha1 = PK11_CreateDigestContext (SEC_OID_SHA1); if (md5 == NULL || sha1 == NULL) { + if (md5) { + PK11_DestroyContext(md5, PR_TRUE); + } + if (sha1) { + PK11_DestroyContext(sha1, PR_TRUE); + } /* can't generate digest contexts */ PORT_Free (buf); JAR_FCLOSE (fp); diff --git a/security/nss/lib/manifest.mn b/security/nss/lib/manifest.mn index a04068a9..dd4b5429 100644 --- a/security/nss/lib/manifest.mn +++ b/security/nss/lib/manifest.mn @@ -26,7 +26,7 @@ DIRS = \ libpkix \ certdb certhigh pk11wrap cryptohi nss \ $(ZLIB_SRCDIR) ssl \ - pkcs12 pkcs7 smime \ + pkcs7 pkcs12 smime \ crmf jar \ ckfw $(SYSINIT_SRCDIR) \ $(NULL) diff --git a/security/nss/lib/nss/manifest.mn b/security/nss/lib/nss/manifest.mn index 9e812e52..54bed49e 100644 --- a/security/nss/lib/nss/manifest.mn +++ b/security/nss/lib/nss/manifest.mn @@ -6,6 +6,7 @@ CORE_DEPTH = ../.. PRIVATE_EXPORTS = \ nssrenam.h \ + nssoptions.h \ $(NULL) EXPORTS = \ @@ -16,6 +17,7 @@ MODULE = nss CSRCS = \ nssinit.c \ + nssoptions.c \ nssver.c \ utilwrap.c \ $(NULL) diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index fbabaa09..cd2920c0 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -1082,3 +1082,11 @@ SECKEY_BigIntegerBitLength; ;+ local: ;+ *; ;+}; +;+NSS_3.21 { # NSS 3.21 release +;+ global: +NSS_OptionGet; +NSS_OptionSet; +SECMOD_CreateModuleEx; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 8caafa53..2ca262e7 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -294,6 +294,19 @@ SECStatus NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData); */ SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData); +/* Available options for NSS_OptionSet() and NSS_OptionGet(). + */ +#define NSS_RSA_MIN_KEY_SIZE (1<<0) +#define NSS_DH_MIN_KEY_SIZE (1<<1) +#define NSS_DSA_MIN_KEY_SIZE (1<<2) + +/* + * Set and get global options for the NSS library. + */ +SECStatus NSS_OptionSet(PRInt32 which, PRInt32 value); +SECStatus NSS_OptionGet(PRInt32 which, PRInt32 *value); + + /* * Close the Cert, Key databases. */ diff --git a/security/nss/lib/nss/nssoptions.c b/security/nss/lib/nss/nssoptions.c new file mode 100644 index 00000000..10b0138d --- /dev/null +++ b/security/nss/lib/nss/nssoptions.c @@ -0,0 +1,73 @@ +/* + * NSS utility functions + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include +#include +#include + +#include "seccomon.h" +#include "secoidt.h" +#include "secoid.h" +#include "nss.h" +#include "nssoptions.h" + +struct nssOps { + PRInt32 rsaMinKeySize; + PRInt32 dhMinKeySize; + PRInt32 dsaMinKeySize; +}; + +static struct nssOps nss_ops = { + SSL_RSA_MIN_MODULUS_BITS, + SSL_DH_MIN_P_BITS, + SSL_DSA_MIN_P_BITS +}; + +SECStatus +NSS_OptionSet(PRInt32 which, PRInt32 value) +{ +SECStatus rv = SECSuccess; + + switch (which) { + case NSS_RSA_MIN_KEY_SIZE: + nss_ops.rsaMinKeySize = value; + break; + case NSS_DH_MIN_KEY_SIZE: + nss_ops.dhMinKeySize = value; + break; + case NSS_DSA_MIN_KEY_SIZE: + nss_ops.dsaMinKeySize = value; + break; + default: + rv = SECFailure; + } + + return rv; +} + +SECStatus +NSS_OptionGet(PRInt32 which, PRInt32 *value) +{ +SECStatus rv = SECSuccess; + + switch (which) { + case NSS_RSA_MIN_KEY_SIZE: + *value = nss_ops.rsaMinKeySize; + break; + case NSS_DH_MIN_KEY_SIZE: + *value = nss_ops.dhMinKeySize; + break; + case NSS_DSA_MIN_KEY_SIZE: + *value = nss_ops.dsaMinKeySize; + break; + default: + rv = SECFailure; + } + + return rv; +} + diff --git a/security/nss/lib/nss/nssoptions.h b/security/nss/lib/nss/nssoptions.h new file mode 100644 index 00000000..daa0944c --- /dev/null +++ b/security/nss/lib/nss/nssoptions.h @@ -0,0 +1,21 @@ +/* + * NSS utility functions + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * Include the default limits here + */ +/* SSL default limits are here so we don't have to import a private SSL header + * file into NSS proper */ + +/* The minimum server key sizes accepted by the clients. + * Not 1024 to be conservative. */ +#define SSL_RSA_MIN_MODULUS_BITS 1023 +/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be + * only 1023 bits and similar. We don't have good data on whether this + * happens because NSS used to count bit lengths incorrectly. */ +#define SSL_DH_MIN_P_BITS 1023 +#define SSL_DSA_MIN_P_BITS 1023 + diff --git a/security/nss/lib/pk11wrap/pk11akey.c b/security/nss/lib/pk11wrap/pk11akey.c index 5ad45a59..1361bc1f 100644 --- a/security/nss/lib/pk11wrap/pk11akey.c +++ b/security/nss/lib/pk11wrap/pk11akey.c @@ -18,7 +18,6 @@ #include "secasn1.h" #include "secoid.h" #include "secerr.h" -#include "sslerr.h" #include "sechash.h" #include "secpkcs5.h" @@ -74,7 +73,7 @@ PK11_ImportPublicKey(PK11SlotInfo *slot, SECKEYPublicKey *pubKey, SECItem *ckaId = NULL; SECItem *pubValue = NULL; int signedcount = 0; - int templateCount = 0; + unsigned int templateCount = 0; SECStatus rv; /* if we already have an object in the desired slot, use it */ @@ -403,7 +402,7 @@ pk11_get_Decoded_ECPoint(PLArenaPool *arena, const SECItem *ecParams, /* If the point is uncompressed and the lengths match, it * must be an unencoded point */ if ((*((char *)ecPoint->pValue) == EC_POINT_FORM_UNCOMPRESSED) - && (ecPoint->ulValueLen == keyLen)) { + && (ecPoint->ulValueLen == (unsigned int)keyLen)) { return pk11_Attr2SecItem(arena, ecPoint, publicKeyValue); } @@ -417,7 +416,7 @@ pk11_get_Decoded_ECPoint(PLArenaPool *arena, const SECItem *ecParams, /* it coded correctly & we know the key length (and they match) * then we are done, return the results. */ - if (keyLen && rv == SECSuccess && publicKeyValue->len == keyLen) { + if (keyLen && rv == SECSuccess && publicKeyValue->len == (unsigned int)keyLen) { return CKR_OK; } @@ -549,7 +548,7 @@ PK11_ExtractPublicKey(PK11SlotInfo *slot,KeyType keyType,CK_OBJECT_HANDLE id) PLArenaPool *arena; PLArenaPool *tmp_arena; SECKEYPublicKey *pubKey; - int templateCount = 0; + unsigned int templateCount = 0; CK_KEY_TYPE pk11KeyType; CK_RV crv; CK_ATTRIBUTE template[8]; @@ -2308,7 +2307,7 @@ PK11_ListPublicKeysInSlot(PK11SlotInfo *slot, char *nickname) CK_ATTRIBUTE *attrs; CK_BBOOL ckTrue = CK_TRUE; CK_OBJECT_CLASS keyclass = CKO_PUBLIC_KEY; - int tsize = 0; + unsigned int tsize = 0; int objCount = 0; CK_OBJECT_HANDLE *key_ids; SECKEYPublicKeyList *keys; @@ -2354,7 +2353,7 @@ PK11_ListPrivKeysInSlot(PK11SlotInfo *slot, char *nickname, void *wincx) CK_ATTRIBUTE *attrs; CK_BBOOL ckTrue = CK_TRUE; CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY; - int tsize = 0; + unsigned int tsize = 0; int objCount = 0; CK_OBJECT_HANDLE *key_ids; SECKEYPrivateKeyList *keys; diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 8d361ecf..e29b4e21 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -1441,6 +1441,7 @@ pk11_FindCertObjectByRecipientNew(PK11SlotInfo *slot, NSSCMSRecipient **recipien sizeof(CK_SLOT_ID) + sizeof(SECMODModuleID)); if (!slotid) { PORT_SetError(SEC_ERROR_NO_MEMORY); + PK11_FreeSlotList(sl); return NULL; } for (le = sl->head; le; le = le->next) { diff --git a/security/nss/lib/pk11wrap/pk11nobj.c b/security/nss/lib/pk11wrap/pk11nobj.c index 427b09ea..dcca4342 100644 --- a/security/nss/lib/pk11wrap/pk11nobj.c +++ b/security/nss/lib/pk11wrap/pk11nobj.c @@ -21,7 +21,6 @@ #include "certdb.h" #include "secerr.h" -#include "sslerr.h" #include "pki3hack.h" #include "dev3hack.h" diff --git a/security/nss/lib/pk11wrap/pk11pars.c b/security/nss/lib/pk11wrap/pk11pars.c index 314062bd..40ac7908 100644 --- a/security/nss/lib/pk11wrap/pk11pars.c +++ b/security/nss/lib/pk11wrap/pk11pars.c @@ -133,6 +133,17 @@ secmod_NewModule(void) SECMODModule * SECMOD_CreateModule(const char *library, const char *moduleName, const char *parameters, const char *nss) +{ + return SECMOD_CreateModuleEx(library, moduleName, parameters, nss, NULL); +} + +/* + * for 3.4 we continue to use the old SECMODModule structure + */ +SECMODModule * +SECMOD_CreateModuleEx(const char *library, const char *moduleName, + const char *parameters, const char *nss, + const char *config) { SECMODModule *mod = secmod_NewModule(); char *slotParams,*ciphers; @@ -148,6 +159,9 @@ SECMOD_CreateModule(const char *library, const char *moduleName, if (parameters) { mod->libraryParams = PORT_ArenaStrdup(mod->arena,parameters); } + if (config) { + /* XXX: Apply configuration */ + } mod->internal = NSSUTIL_ArgHasFlag("flags","internal",nssc); mod->isFIPS = NSSUTIL_ArgHasFlag("flags","FIPS",nssc); mod->isCritical = NSSUTIL_ArgHasFlag("flags","critical",nssc); @@ -977,6 +991,7 @@ SECMODModule * SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse) { char *library = NULL, *moduleName = NULL, *parameters = NULL, *nss= NULL; + char *config = NULL; SECStatus status; SECMODModule *module = NULL; SECMODModule *oldModule = NULL; @@ -985,17 +1000,19 @@ SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse) /* initialize the underlying module structures */ SECMOD_Init(); - status = NSSUTIL_ArgParseModuleSpec(modulespec, &library, &moduleName, - ¶meters, &nss); + status = NSSUTIL_ArgParseModuleSpecEx(modulespec, &library, &moduleName, + ¶meters, &nss, + &config); if (status != SECSuccess) { goto loser; } - module = SECMOD_CreateModule(library, moduleName, parameters, nss); + module = SECMOD_CreateModuleEx(library, moduleName, parameters, nss, config); if (library) PORT_Free(library); if (moduleName) PORT_Free(moduleName); if (parameters) PORT_Free(parameters); if (nss) PORT_Free(nss); + if (config) PORT_Free(config); if (!module) { goto loser; } diff --git a/security/nss/lib/pk11wrap/secmod.h b/security/nss/lib/pk11wrap/secmod.h index 9cc4cfb5..c194d9a7 100644 --- a/security/nss/lib/pk11wrap/secmod.h +++ b/security/nss/lib/pk11wrap/secmod.h @@ -64,6 +64,9 @@ SECStatus SECMOD_UnloadUserModule(SECMODModule *mod); SECMODModule * SECMOD_CreateModule(const char *lib, const char *name, const char *param, const char *nss); +SECMODModule * SECMOD_CreateModuleEx(const char *lib, const char *name, + const char *param, const char *nss, + const char *config); /* * After a fork(), PKCS #11 says we need to call C_Initialize again in * the child before we can use the module. This function causes this diff --git a/security/nss/lib/pkcs12/p12e.c b/security/nss/lib/pkcs12/p12e.c index 76693849..ff831568 100644 --- a/security/nss/lib/pkcs12/p12e.c +++ b/security/nss/lib/pkcs12/p12e.c @@ -1487,6 +1487,8 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) SECStatus rv; SECItem ignore = {0}; void *mark; + SECItem *salt = NULL; + SECItem *params = NULL; if(!p12exp || !p12exp->safeInfos) { return NULL; @@ -1552,11 +1554,10 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) /* init password pased integrity mode */ if(p12exp->integrityEnabled) { SECItem pwd = {siBuffer,NULL, 0}; - SECItem *salt = sec_pkcs12_generate_salt(); PK11SymKey *symKey; - SECItem *params; CK_MECHANISM_TYPE integrityMechType; CK_MECHANISM_TYPE hmacMechType; + salt = sec_pkcs12_generate_salt(); /* zero out macData and set values */ PORT_Memset(&p12enc->mac, 0, sizeof(sec_PKCS12MacData)); @@ -1567,13 +1568,11 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) } if(SECITEM_CopyItem(p12exp->arena, &(p12enc->mac.macSalt), salt) != SECSuccess) { - /* XXX salt is leaked */ PORT_SetError(SEC_ERROR_NO_MEMORY); goto loser; } if (!SEC_ASN1EncodeInteger(p12exp->arena, &(p12enc->mac.iter), NSS_PBE_DEFAULT_ITERATION_COUNT)) { - /* XXX salt is leaked */ goto loser; } @@ -1581,7 +1580,6 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) if(!sec_pkcs12_convert_item_to_unicode(NULL, &pwd, p12exp->integrityInfo.pwdInfo.password, PR_TRUE, PR_TRUE, PR_TRUE)) { - /* XXX salt is leaked */ goto loser; } /* @@ -1603,7 +1601,6 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) case SEC_OID_MD2: integrityMechType = CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN; break; default: - /* XXX params is leaked */ goto loser; } @@ -1645,6 +1642,12 @@ loser: sec_pkcs12_encoder_destroy_context(p12enc); if (p12exp->arena != NULL) PORT_ArenaRelease(p12exp->arena, mark); + if (salt) { + SECITEM_ZfreeItem(salt, PR_TRUE); + } + if (params) { + PK11_DestroyPBEParams(params); + } return NULL; } diff --git a/security/nss/lib/pkcs7/p7common.c b/security/nss/lib/pkcs7/p7common.c index 17fadec6..10015ce2 100644 --- a/security/nss/lib/pkcs7/p7common.c +++ b/security/nss/lib/pkcs7/p7common.c @@ -408,7 +408,6 @@ SEC_PKCS7EncryptContents(PLArenaPool *poolp, void *wincx) { SECAlgorithmID *algid = NULL; - SECItem * result = NULL; SECItem * src; SECItem * dest; SECItem * blocked_data = NULL; @@ -524,9 +523,6 @@ loser: if(blocked_data != NULL) SECITEM_ZfreeItem(blocked_data, PR_TRUE); - if(result != NULL) - SECITEM_ZfreeItem(result, PR_TRUE); - if(rv == SECFailure) PORT_ArenaRelease(poolp, mark); else diff --git a/security/nss/lib/pkcs7/p7local.c b/security/nss/lib/pkcs7/p7local.c index 8c5e0bfa..5e67a0eb 100644 --- a/security/nss/lib/pkcs7/p7local.c +++ b/security/nss/lib/pkcs7/p7local.c @@ -203,7 +203,8 @@ sec_PKCS7CreateEncryptObject (PLArenaPool *poolp, PK11SymKey *key, rv = PK11_ParamToAlgid(algtag,param,poolp,algid); if(rv != SECSuccess) { PORT_Free (result); - SECITEM_FreeItem(param,PR_TRUE); + SECITEM_FreeItem(param,PR_TRUE); + PK11_DestroyContext(ciphercx, PR_TRUE); return NULL; } } diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index a415ace4..b1450928 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -239,6 +239,7 @@ STAN_GetCertIdentifierFromDER(NSSArena *arenaOpt, NSSDER *der) } secrv = CERT_KeyFromDERCert(arena, &secDER, &secKey); if (secrv != SECSuccess) { + PORT_FreeArena(arena, PR_FALSE); return NULL; } rvKey = nssItem_Create(arenaOpt, NULL, secKey.len, (void *)secKey.data); diff --git a/security/nss/lib/pki/pkibase.c b/security/nss/lib/pki/pkibase.c index c86e5bb4..0e39e8ba 100644 --- a/security/nss/lib/pki/pkibase.c +++ b/security/nss/lib/pki/pkibase.c @@ -1058,6 +1058,9 @@ nssCertificateCollection_Create ( { nssPKIObjectCollection *collection; collection = nssPKIObjectCollection_Create(td, NULL, nssPKIMonitor); + if (!collection) { + return NULL; + } collection->objectType = pkiObjectType_Certificate; collection->destroyObject = cert_destroyObject; collection->getUIDFromObject = cert_getUIDFromObject; @@ -1164,6 +1167,9 @@ nssCRLCollection_Create ( { nssPKIObjectCollection *collection; collection = nssPKIObjectCollection_Create(td, NULL, nssPKILock); + if (!collection) { + return NULL; + } collection->objectType = pkiObjectType_CRL; collection->destroyObject = crl_destroyObject; collection->getUIDFromObject = crl_getUIDFromObject; diff --git a/security/nss/lib/smime/cmscipher.c b/security/nss/lib/smime/cmscipher.c index 958d4e47..998ad16a 100644 --- a/security/nss/lib/smime/cmscipher.c +++ b/security/nss/lib/smime/cmscipher.c @@ -120,7 +120,7 @@ NSSCMSCipherContext * NSS_CMSCipherContext_StartEncrypt(PLArenaPool *poolp, PK11SymKey *key, SECAlgorithmID *algid) { NSSCMSCipherContext *cc; - void *ciphercx; + void *ciphercx = NULL; SECStatus rv; CK_MECHANISM_TYPE cryptoMechType; PK11SlotInfo *slot; @@ -186,6 +186,7 @@ NSS_CMSCipherContext_StartEncrypt(PLArenaPool *poolp, PK11SymKey *key, SECAlgori } cc->cx = ciphercx; + ciphercx = NULL; cc->doit = (nss_cms_cipher_function)PK11_CipherOp; cc->destroy = (nss_cms_cipher_destroy)PK11_DestroyContext; cc->encrypt = PR_TRUE; @@ -193,6 +194,9 @@ NSS_CMSCipherContext_StartEncrypt(PLArenaPool *poolp, PK11SymKey *key, SECAlgori loser: SECITEM_FreeItem(param, PR_TRUE); + if (ciphercx) { + PK11_DestroyContext(ciphercx, PR_TRUE); + } return cc; } diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index adf98115..4fd7aecc 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -2762,7 +2762,7 @@ NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args) case SECMOD_MODULE_DB_FUNCTION_FIND: if (secmod == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; + goto loser; } if (rw && (dbType != NSS_DB_TYPE_LEGACY) && (dbType != NSS_DB_TYPE_MULTIACCESS)) { @@ -2805,7 +2805,7 @@ NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args) case SECMOD_MODULE_DB_FUNCTION_ADD: if (secmod == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; + goto loser; } rvstr = (sftkdbCall_AddSecmodDB(appName,filename,secmod, (char *)args,rw) == SECSuccess) ? &success: NULL; @@ -2813,7 +2813,7 @@ NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args) case SECMOD_MODULE_DB_FUNCTION_DEL: if (secmod == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; + goto loser; } rvstr = (sftkdbCall_DeleteSecmodDB(appName,filename,secmod, (char *)args,rw) == SECSuccess) ? &success: NULL; @@ -2823,6 +2823,8 @@ NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args) (char **)args,rw) == SECSuccess) ? &success: NULL; break; } + +loser: if (secmod) PR_smprintf_free(secmod); if (appName) PORT_Free(appName); if (filename) PORT_Free(filename); diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 1bd35a01..f6b57dee 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -24,6 +24,8 @@ #include "prerror.h" #include "pratom.h" #include "prthread.h" +#include "nss.h" +#include "nssoptions.h" #include "pk11func.h" #include "secmod.h" @@ -4518,6 +4520,7 @@ ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, PRInt32 bytes, PORT_Assert(bytes <= 3); i->len = 0; i->data = NULL; + i->type = siBuffer; count = ssl3_ConsumeHandshakeNumber(ss, bytes, b, length); if (count < 0) { /* Can't test for SECSuccess here. */ return SECFailure; @@ -6985,13 +6988,19 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) unsigned dh_p_bits; unsigned dh_g_bits; unsigned dh_Ys_bits; + PRInt32 minDH; rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length); if (rv != SECSuccess) { goto loser; /* malformed. */ } + + rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH); + if (rv != SECSuccess) { + minDH = SSL_DH_MIN_P_BITS; + } dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p); - if (dh_p_bits < SSL_DH_MIN_P_BITS) { + if (dh_p_bits < minDH) { errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY; goto alert_loser; } @@ -10710,19 +10719,40 @@ ssl3_AuthCertificate(sslSocket *ss) ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType; if (pubKey) { KeyType pubKeyType; + PRInt32 minKey; ss->sec.keaKeyBits = ss->sec.authKeyBits = SECKEY_PublicKeyStrengthInBits(pubKey); pubKeyType = SECKEY_GetPublicKeyType(pubKey); + minKey = ss->sec.authKeyBits; + switch (pubKeyType) { + case rsaKey: + case rsaPssKey: + case rsaOaepKey: + rv = NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minKey); + if (rv != SECSuccess) { + minKey = SSL_RSA_MIN_MODULUS_BITS; + } + break; + case dsaKey: + rv = NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &minKey); + if (rv != SECSuccess) { + minKey = SSL_DSA_MIN_P_BITS; + } + break; + case dhKey: + rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minKey); + if (rv != SECSuccess) { + minKey = SSL_DH_MIN_P_BITS; + } + break; + default: + break; + } + /* Too small: not good enough. Send a fatal alert. */ /* We aren't checking EC here on the understanding that we only * support curves we like, a decision that might need revisiting. */ - if (((pubKeyType == rsaKey || pubKeyType == rsaPssKey || - pubKeyType == rsaOaepKey) && - ss->sec.authKeyBits < SSL_RSA_MIN_MODULUS_BITS) || - (pubKeyType == dsaKey && - ss->sec.authKeyBits < SSL_DSA_MIN_P_BITS) || - (pubKeyType == dhKey && - ss->sec.authKeyBits < SSL_DH_MIN_P_BITS)) { + if ( ss->sec.authKeyBits < minKey) { PORT_SetError(SSL_ERROR_WEAK_SERVER_CERT_KEY); (void)SSL3_SendAlert(ss, alert_fatal, ss->version >= SSL_LIBRARY_VERSION_TLS_1_0 diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index 07d79294..e86834a3 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -422,12 +422,12 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } /* length of server_name_list */ listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); - if (listLenBytes < 0 || listLenBytes != data->len) { - (void)ssl3_DecodeError(ss); + if (listLenBytes < 0) { return SECFailure; } - if (listLenBytes == 0) { - return SECSuccess; /* ignore an empty extension */ + if (listLenBytes == 0 || listLenBytes != data->len) { + (void)ssl3_DecodeError(ss); + return SECFailure; } ldata = *data; /* Calculate the size of the array.*/ @@ -452,9 +452,6 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } listCount += 1; } - if (!listCount) { - return SECFailure; /* nothing we can act on */ - } names = PORT_ZNewArray(SECItem, listCount); if (!names) { return SECFailure; @@ -1099,7 +1096,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC; PK11Context *aes_ctx_pkcs11; CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC; - PK11Context *hmac_ctx_pkcs11; + PK11Context *hmac_ctx_pkcs11 = NULL; unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; unsigned int computed_mac_length; unsigned char iv[AES_BLOCK_SIZE]; @@ -1364,14 +1361,18 @@ ssl3_SendNewSessionTicket(sslSocket *ss) goto loser; rv = PK11_DigestBegin(hmac_ctx_pkcs11); + if (rv != SECSuccess) goto loser; rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name, SESS_TICKET_KEY_NAME_LEN); + if (rv != SECSuccess) goto loser; rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv)); + if (rv != SECSuccess) goto loser; rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2); + if (rv != SECSuccess) goto loser; rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len); + if (rv != SECSuccess) goto loser; rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac, &computed_mac_length, sizeof(computed_mac)); - PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); if (rv != SECSuccess) goto loser; } @@ -1400,6 +1401,8 @@ ssl3_SendNewSessionTicket(sslSocket *ss) if (rv != SECSuccess) goto loser; loser: + if (hmac_ctx_pkcs11) + PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); if (plaintext_item.data) SECITEM_FreeItem(&plaintext_item, PR_FALSE); if (ciphertext.data) diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index 43daa9d6..aac223f7 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -155,15 +155,6 @@ typedef enum { SSLAppOpRead = 0, #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ -/* The minimum server key sizes accepted by the clients. - * Not 1024 to be conservative. */ -#define SSL_RSA_MIN_MODULUS_BITS 1023 -/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be - * only 1023 bits and similar. We don't have good data on whether this - * happens because NSS used to count bit lengths incorrectly. */ -#define SSL_DH_MIN_P_BITS 1023 -#define SSL_DSA_MIN_P_BITS 1023 - #define INITIAL_DTLS_TIMEOUT_MS 1000 /* Default value from RFC 4347 = 1s*/ #define MAX_DTLS_TIMEOUT_MS 60000 /* 1 minute */ #define DTLS_FINISHED_TIMER_MS 120000 /* Time to wait in FINISHED state */ diff --git a/security/nss/lib/util/nssutil.def b/security/nss/lib/util/nssutil.def index 9d98df22..631a4991 100644 --- a/security/nss/lib/util/nssutil.def +++ b/security/nss/lib/util/nssutil.def @@ -277,3 +277,9 @@ _SGN_VerifyPKCS1DigestInfo; ;+ local: ;+ *; ;+}; +;+NSSUTIL_3.21 { # NSS Utilities 3.21 release +;+ global: +NSSUTIL_ArgParseModuleSpecEx; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/util/secasn1d.c b/security/nss/lib/util/secasn1d.c index d404b72d..7a5bcfd0 100644 --- a/security/nss/lib/util/secasn1d.c +++ b/security/nss/lib/util/secasn1d.c @@ -951,6 +951,33 @@ sec_asn1d_parse_more_length (sec_asn1d_state *state, return count; } +/* + * Helper function for sec_asn1d_prepare_for_contents. + * Checks that a value representing a number of bytes consumed can be + * subtracted from a remaining length. If so, returns PR_TRUE. + * Otherwise, sets the error SEC_ERROR_BAD_DER, indicates that there was a + * decoding error in the given SEC_ASN1DecoderContext, and returns PR_FALSE. + */ +static PRBool +sec_asn1d_check_and_subtract_length (unsigned long *remaining, + unsigned long consumed, + SEC_ASN1DecoderContext *cx) +{ + PORT_Assert(remaining); + PORT_Assert(cx); + if (!remaining || !cx) { + PORT_SetError (SEC_ERROR_INVALID_ARGS); + cx->status = decodeError; + return PR_FALSE; + } + if (*remaining < consumed) { + PORT_SetError (SEC_ERROR_BAD_DER); + cx->status = decodeError; + return PR_FALSE; + } + *remaining -= consumed; + return PR_TRUE; +} static void sec_asn1d_prepare_for_contents (sec_asn1d_state *state) @@ -958,6 +985,7 @@ sec_asn1d_prepare_for_contents (sec_asn1d_state *state) SECItem *item; PLArenaPool *poolp; unsigned long alloc_len; + sec_asn1d_state *parent; #ifdef DEBUG_ASN1D_STATES { @@ -966,6 +994,63 @@ sec_asn1d_prepare_for_contents (sec_asn1d_state *state) } #endif + /** + * The maximum length for a child element should be constrained to the + * length remaining in the first definite length element in the ancestor + * stack. If there is no definite length element in the ancestor stack, + * there's nothing to constrain the length of the child, so there's no + * further processing necessary. + * + * It's necessary to walk the ancestor stack, because it's possible to have + * definite length children that are part of an indefinite length element, + * which is itself part of an indefinite length element, and which is + * ultimately part of a definite length element. A simple example of this + * would be the handling of constructed OCTET STRINGs in BER encoding. + * + * This algorithm finds the first definite length element in the ancestor + * stack, if any, and if so, ensures that the length of the child element + * is consistent with the number of bytes remaining in the constraining + * ancestor element (that is, after accounting for any other sibling + * elements that may have been read). + * + * It's slightly complicated by the need to account both for integer + * underflow and overflow, as well as ensure that for indefinite length + * encodings, there's also enough space for the End-of-Contents (EOC) + * octets (Tag = 0x00, Length = 0x00, or two bytes). + */ + + /* Determine the maximum length available for this element by finding the + * first definite length ancestor, if any. */ + parent = sec_asn1d_get_enclosing_construct(state); + while (parent && parent->indefinite) { + parent = sec_asn1d_get_enclosing_construct(parent); + } + /* If parent is null, state is either the outermost state / at the top of + * the stack, or the outermost state uses indefinite length encoding. In + * these cases, there's nothing external to constrain this element, so + * there's nothing to check. */ + if (parent) { + unsigned long remaining = parent->pending; + parent = state; + do { + if (!sec_asn1d_check_and_subtract_length( + &remaining, parent->consumed, state->top) || + /* If parent->indefinite is true, parent->contents_length is + * zero and this is a no-op. */ + !sec_asn1d_check_and_subtract_length( + &remaining, parent->contents_length, state->top) || + /* If parent->indefinite is true, then ensure there is enough + * space for an EOC tag of 2 bytes. */ + (parent->indefinite && !sec_asn1d_check_and_subtract_length( + &remaining, 2, state->top))) { + /* This element is larger than its enclosing element, which is + * invalid. */ + return; + } + } while ((parent = sec_asn1d_get_enclosing_construct(parent)) && + parent->indefinite); + } + /* * XXX I cannot decide if this allocation should exclude the case * where state->endofcontents is true -- figure it out! @@ -1007,21 +1092,6 @@ sec_asn1d_prepare_for_contents (sec_asn1d_state *state) */ state->pending = state->contents_length; - /* If this item has definite length encoding, and - ** is enclosed by a definite length constructed type, - ** make sure it isn't longer than the remaining space in that - ** constructed type. - */ - if (state->contents_length > 0) { - sec_asn1d_state *parent = sec_asn1d_get_enclosing_construct(state); - if (parent && !parent->indefinite && - state->consumed + state->contents_length > parent->pending) { - PORT_SetError (SEC_ERROR_BAD_DER); - state->top->status = decodeError; - return; - } - } - /* * An EXPLICIT is nothing but an outer header, which we have * already parsed and accepted. Now we need to do the inner @@ -1720,10 +1790,107 @@ sec_asn1d_next_substring (sec_asn1d_state *state) if (state->pending == 0) done = PR_TRUE; } else { + PRBool preallocatedString; + sec_asn1d_state *temp_state; PORT_Assert (state->indefinite); item = (SECItem *)(child->dest); - if (item != NULL && item->data != NULL) { + + /** + * At this point, there's three states at play: + * child: The element that was just parsed + * state: The currently processed element + * 'parent' (aka state->parent): The enclosing construct + * of state, or NULL if this is the top-most element. + * + * This state handles both substrings of a constructed string AND + * child elements of items whose template type was that of + * SEC_ASN1_ANY, SEC_ASN1_SAVE, SEC_ASN1_ANY_CONTENTS, SEC_ASN1_SKIP + * template, as described in sec_asn1d_prepare_for_contents. For + * brevity, these will be referred to as 'string' and 'any' types. + * + * This leads to the following possibilities: + * 1: This element is an indefinite length string, part of a + * definite length string. + * 2: This element is an indefinite length string, part of an + * indefinite length string. + * 3: This element is an indefinite length any, part of a + * definite length any. + * 4: This element is an indefinite length any, part of an + * indefinite length any. + * 5: This element is an indefinite length any and does not + * meet any of the above criteria. Note that this would include + * an indefinite length string type matching an indefinite + * length any template. + * + * In Cases #1 and #3, the definite length 'parent' element will + * have allocated state->dest based on the parent elements definite + * size. During the processing of 'child', sec_asn1d_parse_leaf will + * have copied the (string, any) data directly into the offset of + * dest, as appropriate, so there's no need for this class to still + * store the child - it's already been processed. + * + * In Cases #2 and #4, dest will be set to the parent element's dest, + * but dest->data will not have been allocated yet, due to the + * indefinite length encoding. In this situation, it's necessary to + * hold onto child (and all other children) until the EOC, at which + * point, it becomes possible to compute 'state's overall length. Once + * 'state' has a computed length, this can then be fed to 'parent' (via + * this state), and then 'parent' can similarly compute the length of + * all of its children up to the EOC, which will ultimately transit to + * sec_asn1d_concat_substrings, determine the overall size needed, + * allocate, and copy the contents (of all of parent's children, which + * would include 'state', just as 'state' will have copied all of its + * children via sec_asn1d_concat_substrings) + * + * The final case, Case #5, will manifest in that item->data and + * item->len will be NULL/0, respectively, since this element was + * indefinite-length encoded. In that case, both the tag and length will + * already exist in state's subitems, via sec_asn1d_record_any_header, + * and so the contents (aka 'child') should be added to that list of + * items to concatenate in sec_asn1d_concat_substrings once the EOC + * is encountered. + * + * To distinguish #2/#4 from #1/#3, it's sufficient to walk the ancestor + * tree. If the current type is a string type, then the enclosing + * construct will be that same type (#1/#2). If the current type is an + * any type, then the enclosing construct is either an any type (#3/#4) + * or some other type (#5). Since this is BER, this nesting relationship + * between 'state' and 'parent' may go through several levels of + * constructed encoding, so continue walking the ancestor chain until a + * clear determination can be made. + * + * The variable preallocatedString is used to indicate Case #1/#3, + * indicating an in-place copy has already occurred, and Cases #2, #4, + * and #5 all have the same behaviour of adding a new substring. + */ + preallocatedString = PR_FALSE; + temp_state = state; + while (temp_state && item == temp_state->dest && temp_state->indefinite) { + sec_asn1d_state *parent = sec_asn1d_get_enclosing_construct(temp_state); + if (!parent || parent->underlying_kind != temp_state->underlying_kind) { + /* Case #5 - Either this is a top-level construct or it is part + * of some other element (e.g. a SEQUENCE), in which case, a + * new item should be allocated. */ + break; + } + if (!parent->indefinite) { + /* Cases #1 / #3 - A definite length ancestor exists, for which + * this is a substring that has already copied into dest. */ + preallocatedString = PR_TRUE; + break; + } + if (!parent->substring) { + /* Cases #2 / #4 - If the parent is not a substring, but is + * indefinite, then there's nothing further up that may have + * preallocated dest, thus child will not have already + * been copied in place, therefore it's necessary to save child + * as a subitem. */ + break; + } + temp_state = parent; + } + if (item != NULL && item->data != NULL && !preallocatedString) { /* * Save the string away for later concatenation. */ diff --git a/security/nss/lib/util/utilpars.c b/security/nss/lib/util/utilpars.c index d2cd3e04..278f9c42 100644 --- a/security/nss/lib/util/utilpars.c +++ b/security/nss/lib/util/utilpars.c @@ -762,6 +762,31 @@ NSSUTIL_MkSlotString(unsigned long slotID, unsigned long defaultFlags, } +/************************************************************************ + * Parse Full module specs into: library, commonName, module parameters, + * and NSS specifi parameters. + */ +SECStatus +NSSUTIL_ArgParseModuleSpecEx(char *modulespec, char **lib, char **mod, + char **parameters, char **nss, + char **config) +{ + int next; + modulespec = NSSUTIL_ArgStrip(modulespec); + + *lib = *mod = *parameters = *nss = *config = 0; + + while (*modulespec) { + NSSUTIL_HANDLE_STRING_ARG(modulespec,*lib,"library=",;) + NSSUTIL_HANDLE_STRING_ARG(modulespec,*mod,"name=",;) + NSSUTIL_HANDLE_STRING_ARG(modulespec,*parameters,"parameters=",;) + NSSUTIL_HANDLE_STRING_ARG(modulespec,*nss,"nss=",;) + NSSUTIL_HANDLE_STRING_ARG(modulespec,*config,"config=",;) + NSSUTIL_HANDLE_FINAL_ARG(modulespec) + } + return SECSuccess; +} + /************************************************************************ * Parse Full module specs into: library, commonName, module parameters, * and NSS specifi parameters. @@ -788,11 +813,12 @@ NSSUTIL_ArgParseModuleSpec(char *modulespec, char **lib, char **mod, /************************************************************************ * make a new module spec from it's components */ char * -NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, - char *NSS) +NSSUTIL_MkModuleSpecEx(char *dllName, char *commonName, char *parameters, + char *NSS, + char *config) { char *moduleSpec; - char *lib,*name,*param,*nss; + char *lib,*name,*param,*nss,*conf; /* * now the final spec @@ -801,7 +827,13 @@ NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, name = nssutil_formatPair("name",commonName,'\"'); param = nssutil_formatPair("parameters",parameters,'\"'); nss = nssutil_formatPair("NSS",NSS,'\"'); - moduleSpec = PR_smprintf("%s %s %s %s", lib,name,param,nss); + if (config) { + conf = nssutil_formatPair("config",config,'\"'); + moduleSpec = PR_smprintf("%s %s %s %s %s", lib,name,param,nss,conf); + nssutil_freePair(conf); + } else { + moduleSpec = PR_smprintf("%s %s %s %s", lib,name,param,nss); + } nssutil_freePair(lib); nssutil_freePair(name); nssutil_freePair(param); @@ -809,6 +841,15 @@ NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, return (moduleSpec); } +/************************************************************************ + * make a new module spec from it's components */ +char * +NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, + char *NSS) +{ + return NSSUTIL_MkModuleSpecEx(dllName, commonName, parameters, NSS, NULL); +} + #define NSSUTIL_ARG_FORTEZZA_FLAG "FORTEZZA" /****************************************************************************** diff --git a/security/nss/lib/util/utilpars.h b/security/nss/lib/util/utilpars.h index e01ba14c..7562bb65 100644 --- a/security/nss/lib/util/utilpars.h +++ b/security/nss/lib/util/utilpars.h @@ -39,8 +39,12 @@ char * NSSUTIL_MkSlotString(unsigned long slotID, unsigned long defaultFlags, PRBool hasRootCerts, PRBool hasRootTrust); SECStatus NSSUTIL_ArgParseModuleSpec(char *modulespec, char **lib, char **mod, char **parameters, char **nss); +SECStatus NSSUTIL_ArgParseModuleSpecEx(char *modulespec, char **lib, char **mod, + char **parameters, char **nss, char **config); char *NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, char *NSS); +char *NSSUTIL_MkModuleSpecEx(char *dllName, char *commonName, + char *parameters, char *NSS, char *config); void NSSUTIL_ArgParseCipherFlags(unsigned long *newCiphers,char *cipherList); char * NSSUTIL_MkNSSString(char **slotStrings, int slotCount, PRBool internal, PRBool isFIPS, PRBool isModuleDB, PRBool isModuleDBOnly, diff --git a/security/nss/tests/dbupgrade/dbupgrade.sh b/security/nss/tests/dbupgrade/dbupgrade.sh index b43ac14f..6fc4cb3c 100644 --- a/security/nss/tests/dbupgrade/dbupgrade.sh +++ b/security/nss/tests/dbupgrade/dbupgrade.sh @@ -79,7 +79,7 @@ dbupgrade_main() if [ -d fips ]; then echo "upgrading db fips" - ${BINDIR}/certutil -S -g 512 -n tmprsa -t "u,u,u" -s "CN=tmprsa, C=US" -x -d sql:fips -f ${FIPSPWFILE} -z ${NOISE_FILE} 2>&1 + ${BINDIR}/certutil -S -g 1024 -n tmprsa -t "u,u,u" -s "CN=tmprsa, C=US" -x -d sql:fips -f ${FIPSPWFILE} -z ${NOISE_FILE} 2>&1 html_msg $? 0 "Upgrading fips" # remove our temp certificate we created in the fist token ${BINDIR}/certutil -F -n tmprsa -d sql:fips -f ${FIPSPWFILE} 2>&1 diff --git a/security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pk11test.c b/security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pk11test.c index 57c43119..62826f1e 100644 --- a/security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pk11test.c +++ b/security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pk11test.c @@ -1316,7 +1316,7 @@ GetMechInfo(CK_MECHANISM_TYPE type) l = 0; r = numMechs-1; while(l <= r) { - mid = (l+r)/2; + mid = l+(r-l)/2; if(mechInfo[mid].type == type) { return &(mechInfo[mid]); } else if(mechInfo[mid].type < type) { From fa0b14bb0ce5f889a230b23c80064653ae177af1 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Tue, 7 Jan 2020 22:06:51 +0800 Subject: [PATCH 06/15] cherry-picked mozilla NSS upstream changes (to rev 50769413, which is on par with 3.21): bug1009429, bug1216505, bug1208405, bug1216501, bug1216993, bug1216318, bug1218254, bug1219165, bug1211568, bug1220016 --- security/nss/cmd/lib/derprint.c | 5 +- security/nss/cmd/modutil/install-ds.c | 1 - security/nss/cmd/modutil/pk11.c | 11 ++-- security/nss/coreconf/Darwin.mk | 23 +------ security/nss/coreconf/Linux.mk | 41 ++---------- security/nss/coreconf/WIN32.mk | 14 +++-- security/nss/coreconf/Werror.mk | 70 +++++++++++++++++++++ security/nss/lib/certhigh/ocspsig.c | 2 +- security/nss/lib/ckfw/builtins/nssckbi.h | 4 +- security/nss/lib/ckfw/hash.c | 2 +- security/nss/lib/ckfw/object.c | 1 + security/nss/lib/cryptohi/secsign.c | 1 + security/nss/lib/freebl/desblapi.c | 22 +------ security/nss/lib/freebl/intel-gcm.h | 12 ++-- security/nss/lib/nss/nss.h | 9 ++- security/nss/lib/pk11wrap/pk11akey.c | 1 + security/nss/lib/pkcs12/p12d.c | 1 + security/nss/lib/softoken/legacydb/lgattr.c | 1 + security/nss/lib/softoken/pkcs11c.c | 1 + security/nss/lib/softoken/softkver.h | 6 +- security/nss/lib/ssl/ssl3con.c | 11 +++- security/nss/lib/ssl/ssl3ext.c | 18 ++++-- security/nss/lib/ssl/sslimpl.h | 2 + security/nss/lib/util/nssutil.h | 6 +- security/nss/lib/util/secoid.c | 4 +- security/nss/lib/util/secoidt.h | 1 + 26 files changed, 151 insertions(+), 119 deletions(-) create mode 100644 security/nss/coreconf/Werror.mk diff --git a/security/nss/cmd/lib/derprint.c b/security/nss/cmd/lib/derprint.c index 285eb036..75811df3 100644 --- a/security/nss/cmd/lib/derprint.c +++ b/security/nss/cmd/lib/derprint.c @@ -503,10 +503,9 @@ prettyPrintItem(FILE *out, const unsigned char *data, const unsigned char *end, data += lenLen; /* - * Just quit now if slen more bytes puts us off the end, - * or if there's no more data to process. + * Just quit now if slen more bytes puts us off the end. */ - if ((data + slen) >= end) { + if ((data + slen) > end) { PORT_SetError(SEC_ERROR_BAD_DER); return -1; } diff --git a/security/nss/cmd/modutil/install-ds.c b/security/nss/cmd/modutil/install-ds.c index efa3c168..2ae376dd 100644 --- a/security/nss/cmd/modutil/install-ds.c +++ b/security/nss/cmd/modutil/install-ds.c @@ -1470,7 +1470,6 @@ Pk11Install_Pair_delete(Pk11Install_Pair* _this) { PR_Free(_this->key); Pk11Install_ValueList_delete(_this->list); - PR_Free(_this->list); } /*************************************************************************/ diff --git a/security/nss/cmd/modutil/pk11.c b/security/nss/cmd/modutil/pk11.c index d630e4ee..c0a6ccb7 100644 --- a/security/nss/cmd/modutil/pk11.c +++ b/security/nss/cmd/modutil/pk11.c @@ -712,6 +712,8 @@ ChangePW(char *tokenName, char *pwFile, char *newpwFile) newpw2 = SECU_GetPasswordString(NULL, "Re-enter new password: "); if(strcmp(newpw, newpw2)) { PR_fprintf(PR_STDOUT, msgStrings[PW_MATCH_MSG]); + PORT_ZFree(newpw, strlen(newpw)); + PORT_ZFree(newpw2, strlen(newpw2)); } else { matching = PR_TRUE; } @@ -738,16 +740,13 @@ ChangePW(char *tokenName, char *pwFile, char *newpwFile) loser: if(oldpw) { - memset(oldpw, 0, strlen(oldpw)); - PORT_Free(oldpw); + PORT_ZFree(oldpw, strlen(oldpw)); } if(newpw) { - memset(newpw, 0, strlen(newpw)); - PORT_Free(newpw); + PORT_ZFree(newpw, strlen(newpw)); } if(newpw2) { - memset(newpw2, 0, strlen(newpw2)); - PORT_Free(newpw2); + PORT_ZFree(newpw2, strlen(newpw2)); } PK11_FreeSlot(slot); diff --git a/security/nss/coreconf/Darwin.mk b/security/nss/coreconf/Darwin.mk index 786825c7..9c992289 100644 --- a/security/nss/coreconf/Darwin.mk +++ b/security/nss/coreconf/Darwin.mk @@ -4,6 +4,7 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. include $(CORE_DEPTH)/coreconf/UNIX.mk +include $(CORE_DEPTH)/coreconf/Werror.mk DEFAULT_COMPILER = gcc @@ -81,27 +82,7 @@ endif # definitions so that the linker can catch multiply-defined symbols. # Also, common symbols are not allowed with Darwin dynamic libraries. -OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -Wall -fno-common -pipe -DDARWIN -DHAVE_STRERROR -DHAVE_BSD_FLOCK $(DARWIN_SDK_CFLAGS) - -ifeq (clang,$(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q')) -NSS_HAS_GCC48 = true -endif -ifndef NSS_HAS_GCC48 -NSS_HAS_GCC48 := $(shell \ - [ `$(CC) -dumpversion | cut -f 1 -d . -` -gt 4 -a \ - `$(CC) -dumpversion | cut -f 2 -d . -` -ge 8 -o \ - `$(CC) -dumpversion | cut -f 1 -d . -` -ge 5 ] && \ - echo true || echo false) -export NSS_HAS_GCC48 -endif -ifeq (true,$(NSS_HAS_GCC48)) -OS_CFLAGS += -Werror -else -# Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. -# Use this to disable use of that #pragma and the warnings it suppresses. -OS_CFLAGS += -DNSS_NO_GCC48 -Wno-unused-variable -Wno-strict-aliasing -$(warning Unable to find gcc >= 4.8 disabling -Werror) -endif +OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(WARNING_CFLAGS) -fno-common -pipe -DDARWIN -DHAVE_STRERROR -DHAVE_BSD_FLOCK $(DARWIN_SDK_CFLAGS) ifdef BUILD_OPT ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE)) diff --git a/security/nss/coreconf/Linux.mk b/security/nss/coreconf/Linux.mk index 0e083f14..dfe29ae9 100644 --- a/security/nss/coreconf/Linux.mk +++ b/security/nss/coreconf/Linux.mk @@ -4,6 +4,7 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. include $(CORE_DEPTH)/coreconf/UNIX.mk +include $(CORE_DEPTH)/coreconf/Werror.mk # # The default implementation strategy for Linux is now pthreads @@ -36,9 +37,12 @@ endif ANDROID_TOOLCHAIN=$(ANDROID_NDK)/toolchains/$(ANDROID_TARGET)/prebuilt/linux-x86 ANDROID_SYSROOT=$(ANDROID_NDK)/platforms/android-$(OS_TARGET_RELEASE)/arch-$(OS_TEST) ANDROID_CC=$(ANDROID_TOOLCHAIN)/bin/$(ANDROID_PREFIX)-gcc + ANDROID_CCC=$(ANDROID_TOOLCHAIN)/bin/$(ANDROID_PREFIX)-g++ + NSS_DISABLE_GTESTS=1 # internal tools need to be built with the native compiler ifndef INTERNAL_TOOLS CC = $(ANDROID_CC) --sysroot=$(ANDROID_SYSROOT) + CCC = $(ANDROID_CCC) --sysroot=$(ANDROID_SYSROOT) DEFAULT_COMPILER=$(ANDROID_PREFIX)-gcc ARCHFLAG = --sysroot=$(ANDROID_SYSROOT) DEFINES += -DNO_SYSINFO -DNO_FORK_CHECK -DANDROID @@ -129,49 +133,16 @@ endif endif ifndef COMPILER_TAG -COMPILER_TAG = _$(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q') -CCC_COMPILER_TAG = _$(shell $(CCC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q') +COMPILER_TAG := _$(CC_NAME) endif ifeq ($(USE_PTHREADS),1) OS_PTHREAD = -lpthread endif -OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR +OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) $(WARNING_CFLAGS) -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR OS_LIBS = $(OS_PTHREAD) -ldl -lc -ifeq ($(COMPILER_TAG),_clang) -# -Qunused-arguments : clang objects to arguments that it doesn't understand -# and fixing this would require rearchitecture -# -Wno-parentheses-equality : because clang warns about macro expansions -OS_CFLAGS += -Qunused-arguments -Wno-parentheses-equality -ifdef BUILD_OPT -# clang is unable to handle glib's expansion of strcmp and similar for optimized -# builds, so ignore the resulting errors. -# See https://llvm.org/bugs/show_bug.cgi?id=20144 -OS_CFLAGS += -Wno-array-bounds -Wno-unevaluated-expression -endif -# Clang reports its version as an older gcc, but it's OK -NSS_HAS_GCC48 = true -endif - -ifndef NSS_HAS_GCC48 -NSS_HAS_GCC48 := $(shell \ - [ `$(CC) -dumpversion | cut -f 1 -d . -` -gt 4 -a \ - `$(CC) -dumpversion | cut -f 2 -d . -` -ge 8 -o \ - `$(CC) -dumpversion | cut -f 1 -d . -` -ge 5 ] && \ - echo true || echo false) -export NSS_HAS_GCC48 -endif -ifeq (true,$(NSS_HAS_GCC48)) -OS_CFLAGS += -Werror -else -# Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. -# Use this to disable use of that #pragma and the warnings it suppresses. -OS_CFLAGS += -DNSS_NO_GCC48 -$(warning Unable to find gcc >= 4.8 disabling -Werror) -endif - ifdef USE_PTHREADS DEFINES += -D_REENTRANT endif diff --git a/security/nss/coreconf/WIN32.mk b/security/nss/coreconf/WIN32.mk index b73e815c..7f810fd3 100644 --- a/security/nss/coreconf/WIN32.mk +++ b/security/nss/coreconf/WIN32.mk @@ -113,19 +113,25 @@ ifdef NS_USE_GCC else OPTIMIZER += -O2 endif - DEFINES += -UDEBUG -U_DEBUG -DNDEBUG + DEFINES += -UDEBUG -DNDEBUG else OPTIMIZER += -g NULLSTRING := SPACE := $(NULLSTRING) # end of the line USERNAME := $(subst $(SPACE),_,$(USERNAME)) USERNAME := $(subst -,_,$(USERNAME)) - DEFINES += -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USERNAME) + DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME) endif else # !NS_USE_GCC OS_CFLAGS += -W3 -nologo -D_CRT_SECURE_NO_WARNINGS \ -D_CRT_NONSTDC_NO_WARNINGS OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS + ifndef NSS_ENABLE_WERROR + NSS_ENABLE_WERROR = 1 + endif + ifeq ($(NSS_ENABLE_WERROR),1) + OS_CFLAGS += -WX + endif ifeq ($(_MSC_VER),$(_MSC_VER_6)) ifndef MOZ_DEBUG_SYMBOLS OS_DLLFLAGS += -PDB:NONE @@ -159,7 +165,7 @@ else # !NS_USE_GCC else OPTIMIZER += -O2 endif - DEFINES += -UDEBUG -U_DEBUG -DNDEBUG + DEFINES += -UDEBUG -DNDEBUG DLLFLAGS += -OUT:$@ ifdef MOZ_DEBUG_SYMBOLS ifdef MOZ_DEBUG_FLAGS @@ -176,7 +182,7 @@ else # !NS_USE_GCC SPACE := $(NULLSTRING) # end of the line USERNAME := $(subst $(SPACE),_,$(USERNAME)) USERNAME := $(subst -,_,$(USERNAME)) - DEFINES += -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USERNAME) + DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME) DLLFLAGS += -DEBUG -OUT:$@ LDFLAGS += -DEBUG ifeq ($(_MSC_VER),$(_MSC_VER_6)) diff --git a/security/nss/coreconf/Werror.mk b/security/nss/coreconf/Werror.mk new file mode 100644 index 00000000..6e2588ce --- /dev/null +++ b/security/nss/coreconf/Werror.mk @@ -0,0 +1,70 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# This sets warning flags for unix-like operating systems. + +ifndef CC_NAME + CC_NAME := $(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q') + export CC_NAME +endif + +ifndef WARNING_CFLAGS + # This tests to see if enabling the warning is possible before + # setting an option to disable it. + disable_warning = $(shell $(CC) -x c -E -Werror -W$(1) /dev/null >/dev/null 2>&1 && echo -Wno-$(1)) + + WARNING_CFLAGS = -Wall + ifeq ($(CC_NAME),clang) + # -Qunused-arguments : clang objects to arguments that it doesn't understand + # and fixing this would require rearchitecture + WARNING_CFLAGS += -Qunused-arguments + # -Wno-parentheses-equality : because clang warns about macro expansions + OS_CFLAGS += $(call disable_warning,parentheses-equality) + ifdef BUILD_OPT + # clang is unable to handle glib's expansion of strcmp and similar for optimized + # builds, so ignore the resulting errors. + # See https://llvm.org/bugs/show_bug.cgi?id=20144 + WARNING_CFLAGS += $(call disable_warning,array-bounds) + WARNING_CFLAGS += $(call disable_warning,unevaluated-expression) + endif + endif # if clang + + ifndef NSS_ENABLE_WERROR + ifeq ($(OS_TARGET),Android) + # Android lollipop generates the following warning: + # error: call to 'sprintf' declared with attribute warning: + # sprintf is often misused; please use snprintf [-Werror] + # So, just suppress -Werror entirely on Android + NSS_ENABLE_WERROR = 0 + $(warning OS_TARGET is Android, disabling -Werror) + else + ifeq ($(CC_NAME),clang) + # Clang reports its version as an older gcc, but it's OK + NSS_ENABLE_WERROR = 1 + else + CC_VERSION := $(subst ., ,$(shell $(CC) -dumpversion)) + ifneq (,$(filter 4.8 4.9,$(word 1,$(CC_VERSION)).$(word 2,$(CC_VERSION)))) + NSS_ENABLE_WERROR = 1 + endif + ifeq (,$(filter 0 1 2 3 4,$(word 1,$(CC_VERSION)))) + NSS_ENABLE_WERROR = 1 + endif + ifndef NSS_ENABLE_WERROR + $(warning Unable to find gcc 4.8 or greater, disabling -Werror) + NSS_ENABLE_WERROR = 0 + endif + endif + endif + endif #ndef NSS_ENABLE_WERROR + + ifeq ($(NSS_ENABLE_WERROR),1) + WARNING_CFLAGS += -Werror + else + # Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. + # Use this to disable use of that #pragma and the warnings it suppresses. + WARNING_CFLAGS += -DNSS_NO_GCC48 + endif + export WARNING_CFLAGS +endif # ndef WARNING_CFLAGS diff --git a/security/nss/lib/certhigh/ocspsig.c b/security/nss/lib/certhigh/ocspsig.c index 16cd1e0e..0c4c2019 100644 --- a/security/nss/lib/certhigh/ocspsig.c +++ b/security/nss/lib/certhigh/ocspsig.c @@ -543,7 +543,7 @@ CERT_CreateEncodedOCSPSuccessResponse( done: if (privKey) SECKEY_DestroyPrivateKey(privKey); - if (br->responseSignature.signature.data) + if (br && br->responseSignature.signature.data) SECITEM_FreeItem(&br->responseSignature.signature, PR_FALSE); PORT_FreeArena(tmpArena, PR_FALSE); diff --git a/security/nss/lib/ckfw/builtins/nssckbi.h b/security/nss/lib/ckfw/builtins/nssckbi.h index 1d261dff..5ef3a49f 100644 --- a/security/nss/lib/ckfw/builtins/nssckbi.h +++ b/security/nss/lib/ckfw/builtins/nssckbi.h @@ -45,8 +45,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 5 -#define NSS_BUILTINS_LIBRARY_VERSION "2.5" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 6 +#define NSS_BUILTINS_LIBRARY_VERSION "2.6" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 diff --git a/security/nss/lib/ckfw/hash.c b/security/nss/lib/ckfw/hash.c index e4f6ce2b..7d21084b 100644 --- a/security/nss/lib/ckfw/hash.c +++ b/security/nss/lib/ckfw/hash.c @@ -85,9 +85,9 @@ nssCKFWHash_Create rv->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); if (!rv->mutex) { if( CKR_OK == *pError ) { - (void)nss_ZFreeIf(rv); *pError = CKR_GENERAL_ERROR; } + (void)nss_ZFreeIf(rv); return (nssCKFWHash *)NULL; } diff --git a/security/nss/lib/ckfw/object.c b/security/nss/lib/ckfw/object.c index bc829179..661977e6 100644 --- a/security/nss/lib/ckfw/object.c +++ b/security/nss/lib/ckfw/object.c @@ -171,6 +171,7 @@ nssCKFWObject_Create if( CKR_OK == *pError ) { *pError = CKR_GENERAL_ERROR; } + nss_ZFreeIf(fwObject); return (NSSCKFWObject *)NULL; } diff --git a/security/nss/lib/cryptohi/secsign.c b/security/nss/lib/cryptohi/secsign.c index f2bd229f..fa4bf5ff 100644 --- a/security/nss/lib/cryptohi/secsign.c +++ b/security/nss/lib/cryptohi/secsign.c @@ -413,6 +413,7 @@ SGN_Digest(SECKEYPrivateKey *privKey, } result->len = modulusLen; result->data = (unsigned char*) PORT_Alloc(modulusLen); + result->type = siBuffer; if (result->data == NULL) { rv = SECFailure; diff --git a/security/nss/lib/freebl/desblapi.c b/security/nss/lib/freebl/desblapi.c index 6a547af6..04a07cae 100644 --- a/security/nss/lib/freebl/desblapi.c +++ b/security/nss/lib/freebl/desblapi.c @@ -22,28 +22,8 @@ #define COPY8B(to, from, ptr) \ HALFPTR(to)[0] = HALFPTR(from)[0]; \ HALFPTR(to)[1] = HALFPTR(from)[1]; -#elif defined(USE_MEMCPY) -#define COPY8B(to, from, ptr) memcpy(to, from, 8) #else -#define COPY8B(to, from, ptr) \ - if (((ptrdiff_t)(ptr) & 0x3) == 0) { \ - HALFPTR(to)[0] = HALFPTR(from)[0]; \ - HALFPTR(to)[1] = HALFPTR(from)[1]; \ - } else if (((ptrdiff_t)(ptr) & 0x1) == 0) { \ - SHORTPTR(to)[0] = SHORTPTR(from)[0]; \ - SHORTPTR(to)[1] = SHORTPTR(from)[1]; \ - SHORTPTR(to)[2] = SHORTPTR(from)[2]; \ - SHORTPTR(to)[3] = SHORTPTR(from)[3]; \ - } else { \ - BYTEPTR(to)[0] = BYTEPTR(from)[0]; \ - BYTEPTR(to)[1] = BYTEPTR(from)[1]; \ - BYTEPTR(to)[2] = BYTEPTR(from)[2]; \ - BYTEPTR(to)[3] = BYTEPTR(from)[3]; \ - BYTEPTR(to)[4] = BYTEPTR(from)[4]; \ - BYTEPTR(to)[5] = BYTEPTR(from)[5]; \ - BYTEPTR(to)[6] = BYTEPTR(from)[6]; \ - BYTEPTR(to)[7] = BYTEPTR(from)[7]; \ - } +#define COPY8B(to, from, ptr) memcpy(to, from, 8) #endif #define COPY8BTOHALF(to, from) COPY8B(to, from, from) #define COPY8BFROMHALF(to, from) COPY8B(to, from, to) diff --git a/security/nss/lib/freebl/intel-gcm.h b/security/nss/lib/freebl/intel-gcm.h index 22f364db..6dfbc3c4 100644 --- a/security/nss/lib/freebl/intel-gcm.h +++ b/security/nss/lib/freebl/intel-gcm.h @@ -7,15 +7,15 @@ /* Copyright(c) 2013, Intel Corp. */ /******************************************************************************/ /* Reference: */ -/* [1] Shay Gueron, Michael E. Kounavis: Intel® Carry-Less Multiplication */ +/* [1] Shay Gueron, Michael E. Kounavis: Intel(R) Carry-Less Multiplication */ /* Instruction and its Usage for Computing the GCM Mode (Rev. 2.01) */ /* http://software.intel.com/sites/default/files/article/165685/clmul-wp-r*/ /*ev-2.01-2012-09-21.pdf */ /* [2] S. Gueron, M. E. Kounavis: Efficient Implementation of the Galois */ /* Counter Mode Using a Carry-less Multiplier and a Fast Reduction */ -/* Algorithm. Information Processing Letters 110: 549–553 (2010). */ -/* [3] S. Gueron: AES Performance on the 2nd Generation Intel® Coreâ„¢ Processor*/ -/* Family (to be posted) (2012). */ +/* Algorithm. Information Processing Letters 110: 549-553 (2010). */ +/* [3] S. Gueron: AES Performance on the 2nd Generation Intel(R) Core(TM) */ +/* Processor Family (to be posted) (2012). */ /* [4] S. Gueron: Fast GHASH computations for speeding up AES-GCM (to be */ /* published) (2012). */ @@ -41,9 +41,9 @@ SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm, unsigned char * const unsigned char *inbuf, unsigned int inlen, unsigned int blocksize); -/* Prorotypes of functions in the assembler file for fast AES-GCM, using +/* Prototypes of functions in the assembler file for fast AES-GCM, using Intel AES-NI and CLMUL-NI, as described in [1] - [1] Shay Gueron, Michael E. Kounavis: Intel® Carry-Less Multiplication + [1] Shay Gueron, Michael E. Kounavis: Intel(R) Carry-Less Multiplication Instruction and its Usage for Computing the GCM Mode */ /* Prepares the constants used in the aggregated reduction method */ diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 2ca262e7..70951fa6 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -26,6 +26,9 @@ #define _NSS_CUSTOMIZED #endif +#undef _NSS_CUSTOMIZED +#define _NSS_CUSTOMIZED " (RetroZilla)" + /* * NSS's major version, minor version, patch level, build number, and whether * this is a beta release. @@ -33,11 +36,11 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define NSS_VERSION "3.20.0.1" _NSS_ECC_STRING _NSS_CUSTOMIZED +#define NSS_VERSION "3.21" _NSS_ECC_STRING _NSS_CUSTOMIZED #define NSS_VMAJOR 3 -#define NSS_VMINOR 20 +#define NSS_VMINOR 21 #define NSS_VPATCH 0 -#define NSS_VBUILD 1 +#define NSS_VBUILD 0 #define NSS_BETA PR_FALSE #ifndef RC_INVOKED diff --git a/security/nss/lib/pk11wrap/pk11akey.c b/security/nss/lib/pk11wrap/pk11akey.c index 1361bc1f..b0604de3 100644 --- a/security/nss/lib/pk11wrap/pk11akey.c +++ b/security/nss/lib/pk11wrap/pk11akey.c @@ -1515,6 +1515,7 @@ PK11_MakeKEAPubKey(unsigned char *keyData,int length) pkData.data = keyData; pkData.len = length; + pkData.type = siBuffer; arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE); if (arena == NULL) diff --git a/security/nss/lib/pkcs12/p12d.c b/security/nss/lib/pkcs12/p12d.c index 51bf0f7f..ac678271 100644 --- a/security/nss/lib/pkcs12/p12d.c +++ b/security/nss/lib/pkcs12/p12d.c @@ -1983,6 +1983,7 @@ gatherNicknames(CERTCertificate *cert, void *arg) tempNick.data = (unsigned char *)cert->nickname; tempNick.len = PORT_Strlen(cert->nickname) + 1; + tempNick.type = siAsciiString; /* do we already have the nickname in the list? */ if(nickArg->nNicks > 0) { diff --git a/security/nss/lib/softoken/legacydb/lgattr.c b/security/nss/lib/softoken/legacydb/lgattr.c index 7c80c568..429ef872 100644 --- a/security/nss/lib/softoken/legacydb/lgattr.c +++ b/security/nss/lib/softoken/legacydb/lgattr.c @@ -1776,6 +1776,7 @@ lg_SetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE handle, if (rv != SECSuccess) { crv = CKR_DEVICE_ERROR; } + PORT_Free(label); } lg_DestroyObjectCache(obj); diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 434e7bdb..b0e9a6e6 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -3698,6 +3698,7 @@ nsc_SetupHMACKeyGen(CK_MECHANISM_PTR pMechanism, NSSPKCS5PBEParameter **pbe) salt.data = (unsigned char *)pbe_params->pSalt; salt.len = (unsigned int)pbe_params->ulSaltLen; + salt.type = siBuffer; rv = SECITEM_CopyItem(arena,¶ms->salt,&salt); if (rv != SECSuccess) { PORT_FreeArena(arena,PR_TRUE); diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index c7adc4bb..c7e25e1b 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -25,11 +25,11 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.20.0.1" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.21" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 -#define SOFTOKEN_VMINOR 20 +#define SOFTOKEN_VMINOR 21 #define SOFTOKEN_VPATCH 0 -#define SOFTOKEN_VBUILD 1 +#define SOFTOKEN_VBUILD 0 #define SOFTOKEN_BETA PR_FALSE #endif /* _SOFTKVER_H_ */ diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index f6b57dee..ead786cf 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -63,7 +63,6 @@ static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, const unsigned char *b, unsigned int l); -static SECOidTag ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc); static SECStatus ssl3_ComputeHandshakeHashes(sslSocket *ss, ssl3CipherSpec *spec, SSL3Hashes *hashes, @@ -4553,7 +4552,7 @@ static const struct { * If the hash is not recognised, SEC_OID_UNKNOWN is returned. * * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ -static SECOidTag +SECOidTag ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc) { unsigned int i; @@ -9220,6 +9219,7 @@ ssl3_PickSignatureHashAlgorithm(sslSocket *ss, SSLSignatureAndHashAlg* out) { SSLSignType sigAlg; + PRUint32 policy; unsigned int i, j; switch (ss->ssl3.hs.kea_def->kea) { @@ -9271,9 +9271,16 @@ ssl3_PickSignatureHashAlgorithm(sslSocket *ss, for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { const SSLSignatureAndHashAlg *serverPref = &ss->ssl3.signatureAlgorithms[i]; + SECOidTag hashOID; if (serverPref->sigAlg != sigAlg) { continue; } + hashOID = ssl3_TLSHashAlgorithmToOID(serverPref->hashAlg); + if ((NSS_GetAlgorithmPolicy(hashOID, &policy) != SECSuccess) + || !(policy & NSS_USE_ALG_IN_SSL_KX)) { + /* we ignore hashes we don't support */ + continue; + } for (j = 0; j < ss->ssl3.hs.numClientSigAndHash; j++) { const SSLSignatureAndHashAlg *clientPref = &ss->ssl3.hs.clientSigAndHash[j]; diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index e86834a3..cf04abae 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -2410,17 +2410,29 @@ ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) { PRInt32 extension_length; unsigned int i; + PRInt32 pos=0; + PRUint32 policy; PRUint8 buf[MAX_SIGNATURE_ALGORITHMS * 2]; if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { return 0; } + for (i=0; i < ss->ssl3.signatureAlgorithmCount; i++) { + SECOidTag hashOID = ssl3_TLSHashAlgorithmToOID( + ss->ssl3.signatureAlgorithms[i].hashAlg); + if ((NSS_GetAlgorithmPolicy(hashOID, & policy) != SECSuccess) || + (policy & NSS_USE_ALG_IN_SSL_KX)) { + buf[pos++] = ss->ssl3.signatureAlgorithms[i].hashAlg; + buf[pos++] = ss->ssl3.signatureAlgorithms[i].sigAlg; + } + } + extension_length = 2 /* extension type */ + 2 /* extension length */ + 2 /* supported_signature_algorithms length */ + - ss->ssl3.signatureAlgorithmCount * 2; + pos; if (maxBytes < extension_length) { PORT_Assert(0); @@ -2438,10 +2450,6 @@ ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) return -1; } - for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { - buf[i * 2] = ss->ssl3.signatureAlgorithms[i].hashAlg; - buf[i * 2 + 1] = ss->ssl3.signatureAlgorithms[i].sigAlg; - } rv = ssl3_AppendHandshakeVariable(ss, buf, extension_length - 6, 2); if (rv != SECSuccess) { return -1; diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index aac223f7..de4f64db 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -1954,6 +1954,8 @@ ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label, unsigned int labelLen, const unsigned char *val, unsigned int valLen, unsigned char *out, unsigned int outLen); +extern SECOidTag +ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc); #ifdef TRACE #define SSL_TRACE(msg) ssl_Trace msg diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index df476920..0c8b480f 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,11 +19,11 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.20.0.1" +#define NSSUTIL_VERSION "3.21" #define NSSUTIL_VMAJOR 3 -#define NSSUTIL_VMINOR 20 +#define NSSUTIL_VMINOR 21 #define NSSUTIL_VPATCH 0 -#define NSSUTIL_VBUILD 1 +#define NSSUTIL_VBUILD 0 #define NSSUTIL_BETA PR_FALSE SEC_BEGIN_PROTOS diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c index 5068b238..942abab9 100644 --- a/security/nss/lib/util/secoid.c +++ b/security/nss/lib/util/secoid.c @@ -1887,14 +1887,14 @@ handleHashAlgSupport(char * envVal) *nextArg++ = '\0'; } } - notEnable = (*arg == '-') ? NSS_USE_ALG_IN_CERT_SIGNATURE : 0; + notEnable = (*arg == '-') ? (NSS_USE_ALG_IN_CERT_SIGNATURE|NSS_USE_ALG_IN_SSL_KX) : 0; if ((*arg == '+' || *arg == '-') && *++arg) { int i; for (i = 1; i < SEC_OID_TOTAL; i++) { if (oids[i].desc && strstr(arg, oids[i].desc)) { xOids[i].notPolicyFlags = notEnable | - (xOids[i].notPolicyFlags & ~NSS_USE_ALG_IN_CERT_SIGNATURE); + (xOids[i].notPolicyFlags & ~(NSS_USE_ALG_IN_CERT_SIGNATURE|NSS_USE_ALG_IN_SSL_KX)); } } } diff --git a/security/nss/lib/util/secoidt.h b/security/nss/lib/util/secoidt.h index ff0f5276..747450ed 100644 --- a/security/nss/lib/util/secoidt.h +++ b/security/nss/lib/util/secoidt.h @@ -476,6 +476,7 @@ struct SECOidDataStr { */ #define NSS_USE_ALG_IN_CERT_SIGNATURE 0x00000001 /* CRLs and OCSP, too */ #define NSS_USE_ALG_IN_CMS_SIGNATURE 0x00000002 /* used in S/MIME */ +#define NSS_USE_ALG_IN_SSL_KX 0x00000004 /* used in SSL key exchange */ #define NSS_USE_ALG_RESERVED 0xfffffffc /* may be used in future */ /* Code MUST NOT SET or CLEAR reserved bits, and must NOT depend on them From efa3c9c4af30e35fd4e97141da82ac63061da2a6 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Tue, 7 Jan 2020 22:10:08 +0800 Subject: [PATCH 07/15] [NSS] disable Werror in MSVC --- security/nss/coreconf/WIN32.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/nss/coreconf/WIN32.mk b/security/nss/coreconf/WIN32.mk index 7f810fd3..3bc28349 100644 --- a/security/nss/coreconf/WIN32.mk +++ b/security/nss/coreconf/WIN32.mk @@ -127,7 +127,7 @@ else # !NS_USE_GCC -D_CRT_NONSTDC_NO_WARNINGS OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS ifndef NSS_ENABLE_WERROR - NSS_ENABLE_WERROR = 1 + NSS_ENABLE_WERROR = 0 endif ifeq ($(NSS_ENABLE_WERROR),1) OS_CFLAGS += -WX From 9b2e59866bd562caccfb5c431c754566a536eab6 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Tue, 7 Jan 2020 22:10:37 +0800 Subject: [PATCH 08/15] [NSS] update certdata from 3.48, with new defines --- security/nss/lib/ckfw/builtins/certdata.txt | 4927 ++++++++++--------- security/nss/lib/util/pkcs11n.h | 2 + 2 files changed, 2508 insertions(+), 2421 deletions(-) diff --git a/security/nss/lib/ckfw/builtins/certdata.txt b/security/nss/lib/ckfw/builtins/certdata.txt index 5d2baf3a..5b9d679d 100644 --- a/security/nss/lib/ckfw/builtins/certdata.txt +++ b/security/nss/lib/ckfw/builtins/certdata.txt @@ -13,19 +13,21 @@ # # Certificates # -# -- Attribute -- -- type -- -- value -- -# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -# CKA_TOKEN CK_BBOOL CK_TRUE -# CKA_PRIVATE CK_BBOOL CK_FALSE -# CKA_MODIFIABLE CK_BBOOL CK_FALSE -# CKA_LABEL UTF8 (varies) -# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -# CKA_SUBJECT DER+base64 (varies) -# CKA_ID byte array (varies) -# CKA_ISSUER DER+base64 (varies) -# CKA_SERIAL_NUMBER DER+base64 (varies) -# CKA_VALUE DER+base64 (varies) -# CKA_NSS_EMAIL ASCII7 (unused here) +# -- Attribute -- -- type -- -- value -- +# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +# CKA_TOKEN CK_BBOOL CK_TRUE +# CKA_PRIVATE CK_BBOOL CK_FALSE +# CKA_MODIFIABLE CK_BBOOL CK_FALSE +# CKA_LABEL UTF8 (varies) +# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +# CKA_SUBJECT DER+base64 (varies) +# CKA_ID byte array (varies) +# CKA_ISSUER DER+base64 (varies) +# CKA_SERIAL_NUMBER DER+base64 (varies) +# CKA_VALUE DER+base64 (varies) +# CKA_NSS_EMAIL ASCII7 (unused here) +# CKA_NSS_SERVER_DISTRUST_AFTER DER+base64 (varies) +# CKA_NSS_EMAIL_DISTRUST_AFTER DER+base64 (varies) # # Trust # @@ -164,6 +166,8 @@ CKA_VALUE MULTILINE_OCTAL \125\342\374\110\311\051\046\151\340 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GlobalSign Root CA" # Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE @@ -298,6 +302,8 @@ CKA_VALUE MULTILINE_OCTAL \152\374\176\102\070\100\144\022\367\236\201\341\223\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GlobalSign Root CA - R2" # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2 @@ -454,6 +460,8 @@ CKA_VALUE MULTILINE_OCTAL \113\336\006\226\161\054\362\333\266\037\244\357\077\356 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Verisign Class 1 Public Primary Certification Authority - G3" # Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -619,6 +627,8 @@ CKA_VALUE MULTILINE_OCTAL \311\130\020\371\252\357\132\266\317\113\113\337\052 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G3" # Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -784,6 +794,8 @@ CKA_VALUE MULTILINE_OCTAL \153\271\012\172\116\117\113\204\356\113\361\175\335\021 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Verisign Class 3 Public Primary Certification Authority - G3" # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -1059,6 +1071,8 @@ CKA_VALUE MULTILINE_OCTAL \174\136\232\166\351\131\220\305\174\203\065\021\145\121 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Entrust.net Premium 2048 Secure Server CA" # Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net @@ -1197,6 +1211,8 @@ CKA_VALUE MULTILINE_OCTAL \347\201\035\031\303\044\102\352\143\071\251 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Baltimore CyberTrust Root" # Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE @@ -1341,6 +1357,8 @@ CKA_VALUE MULTILINE_OCTAL \065\341\035\026\034\320\274\053\216\326\161\331 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AddTrust Low-Value Services Root" # Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE @@ -1490,6 +1508,8 @@ CKA_VALUE MULTILINE_OCTAL \027\132\173\320\274\307\217\116\206\004 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AddTrust External Root" # Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE @@ -1654,6 +1674,8 @@ CKA_VALUE MULTILINE_OCTAL \036\177\132\264\074 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Entrust Root Certification Authority" # Issuer: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US @@ -1788,6 +1810,8 @@ CKA_VALUE MULTILINE_OCTAL \302\005\146\200\241\313\346\063 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Global CA" # Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US @@ -1948,6 +1972,8 @@ CKA_VALUE MULTILINE_OCTAL \244\346\216\330\371\051\110\212\316\163\376\054 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Universal CA" # Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US @@ -2108,6 +2134,8 @@ CKA_VALUE MULTILINE_OCTAL \362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Universal CA 2" # Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US @@ -2144,146 +2172,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Visa eCommerce Root" -# -# Issuer: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US -# Serial Number:13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62 -# Subject: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US -# Not Valid Before: Wed Jun 26 02:18:36 2002 -# Not Valid After : Fri Jun 24 00:16:12 2022 -# Fingerprint (MD5): FC:11:B8:D8:08:93:30:00:6D:23:F9:7E:EB:52:1E:02 -# Fingerprint (SHA1): 70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Visa eCommerce Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057 -\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156 -\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 -\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 -\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145 -\103\157\155\155\145\162\143\145\040\122\157\157\164 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057 -\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156 -\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 -\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 -\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145 -\103\157\155\155\145\162\143\145\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\023\206\065\115\035\077\006\362\301\371\145\005\325\220 -\034\142 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\242\060\202\002\212\240\003\002\001\002\002\020\023 -\206\065\115\035\077\006\362\301\371\145\005\325\220\034\142\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\153 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\015\060 -\013\006\003\125\004\012\023\004\126\111\123\101\061\057\060\055 -\006\003\125\004\013\023\046\126\151\163\141\040\111\156\164\145 -\162\156\141\164\151\157\156\141\154\040\123\145\162\166\151\143 -\145\040\101\163\163\157\143\151\141\164\151\157\156\061\034\060 -\032\006\003\125\004\003\023\023\126\151\163\141\040\145\103\157 -\155\155\145\162\143\145\040\122\157\157\164\060\036\027\015\060 -\062\060\066\062\066\060\062\061\070\063\066\132\027\015\062\062 -\060\066\062\064\060\060\061\066\061\062\132\060\153\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\015\060\013\006\003 -\125\004\012\023\004\126\111\123\101\061\057\060\055\006\003\125 -\004\013\023\046\126\151\163\141\040\111\156\164\145\162\156\141 -\164\151\157\156\141\154\040\123\145\162\166\151\143\145\040\101 -\163\163\157\143\151\141\164\151\157\156\061\034\060\032\006\003 -\125\004\003\023\023\126\151\163\141\040\145\103\157\155\155\145 -\162\143\145\040\122\157\157\164\060\202\001\042\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 -\060\202\001\012\002\202\001\001\000\257\127\336\126\036\156\241 -\332\140\261\224\047\313\027\333\007\077\200\205\117\310\234\266 -\320\364\157\117\317\231\330\341\333\302\110\134\072\254\071\063 -\307\037\152\213\046\075\053\065\365\110\261\221\301\002\116\004 -\226\221\173\260\063\360\261\024\116\021\157\265\100\257\033\105 -\245\112\357\176\266\254\362\240\037\130\077\022\106\140\074\215 -\241\340\175\317\127\076\063\036\373\107\361\252\025\227\007\125 -\146\245\265\055\056\330\200\131\262\247\015\267\106\354\041\143 -\377\065\253\245\002\317\052\364\114\376\173\365\224\135\204\115 -\250\362\140\217\333\016\045\074\237\163\161\317\224\337\112\352 -\333\337\162\070\214\363\226\275\361\027\274\322\272\073\105\132 -\306\247\366\306\027\213\001\235\374\031\250\052\203\026\270\072 -\110\376\116\076\240\253\006\031\351\123\363\200\023\007\355\055 -\277\077\012\074\125\040\071\054\054\000\151\164\225\112\274\040 -\262\251\171\345\030\211\221\250\334\034\115\357\273\176\067\013 -\135\376\071\245\210\122\214\000\154\354\030\174\101\275\366\213 -\165\167\272\140\235\204\347\376\055\002\003\001\000\001\243\102 -\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 -\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 -\002\001\006\060\035\006\003\125\035\016\004\026\004\024\025\070 -\203\017\077\054\077\160\063\036\315\106\376\007\214\040\340\327 -\303\267\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\003\202\001\001\000\137\361\101\175\174\134\010\271\053\340 -\325\222\107\372\147\134\245\023\303\003\041\233\053\114\211\106 -\317\131\115\311\376\245\100\266\143\315\335\161\050\225\147\021 -\314\044\254\323\104\154\161\256\001\040\153\003\242\217\030\267 -\051\072\175\345\026\140\123\170\074\300\257\025\203\367\217\122 -\063\044\275\144\223\227\356\213\367\333\030\250\155\161\263\367 -\054\027\320\164\045\151\367\376\153\074\224\276\115\113\101\214 -\116\342\163\320\343\220\042\163\103\315\363\357\352\163\316\105 -\212\260\246\111\377\114\175\235\161\210\304\166\035\220\133\035 -\356\375\314\367\356\375\140\245\261\172\026\161\321\026\320\174 -\022\074\154\151\227\333\256\137\071\232\160\057\005\074\031\106 -\004\231\040\066\320\140\156\141\006\273\026\102\214\160\367\060 -\373\340\333\146\243\000\001\275\346\054\332\221\137\240\106\213 -\115\152\234\075\075\335\005\106\376\166\277\240\012\074\344\000 -\346\047\267\377\204\055\336\272\042\047\226\020\161\353\042\355 -\337\337\063\234\317\343\255\256\216\324\216\346\117\121\257\026 -\222\340\134\366\007\017 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "Visa eCommerce Root" -# Issuer: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US -# Serial Number:13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62 -# Subject: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US -# Not Valid Before: Wed Jun 26 02:18:36 2002 -# Not Valid After : Fri Jun 24 00:16:12 2022 -# Fingerprint (MD5): FC:11:B8:D8:08:93:30:00:6D:23:F9:7E:EB:52:1E:02 -# Fingerprint (SHA1): 70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Visa eCommerce Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\160\027\233\206\214\000\244\372\140\221\122\042\077\237\076\062 -\275\340\005\142 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\374\021\270\330\010\223\060\000\155\043\371\176\353\122\036\002 -END -CKA_ISSUER MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057 -\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156 -\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 -\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 -\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145 -\103\157\155\155\145\162\143\145\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\023\206\065\115\035\077\006\362\301\371\145\005\325\220 -\034\142 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "Certum Root CA" # @@ -2368,6 +2256,8 @@ CKA_VALUE MULTILINE_OCTAL \350\140\052\233\205\112\100\363\153\212\044\354\006\026\054\163 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Certum Root CA" # Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL @@ -2514,6 +2404,8 @@ CKA_VALUE MULTILINE_OCTAL \225\351\066\226\230\156 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Comodo AAA Services root" # Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB @@ -2692,6 +2584,8 @@ CKA_VALUE MULTILINE_OCTAL \112\164\066\371 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "QuoVadis Root CA" # Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM @@ -2861,6 +2755,8 @@ CKA_VALUE MULTILINE_OCTAL \020\005\145\325\202\020\352\302\061\315\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "QuoVadis Root CA 2" # Issuer: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM @@ -3041,6 +2937,8 @@ CKA_VALUE MULTILINE_OCTAL \332 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "QuoVadis Root CA 3" # Issuer: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM @@ -3170,6 +3068,8 @@ CKA_VALUE MULTILINE_OCTAL \057\317\246\356\311\160\042\024\275\375\276\154\013\003 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Security Communication Root CA" # Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP @@ -3293,6 +3193,8 @@ CKA_VALUE MULTILINE_OCTAL \160\254\337\114 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Sonera Class 2 Root CA" # Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI @@ -3328,177 +3230,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "UTN USERFirst Email Root CA" -# -# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89 -# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Not Valid Before: Fri Jul 09 17:28:50 1999 -# Not Valid After : Tue Jul 09 17:36:58 2019 -# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7 -# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "UTN USERFirst Email Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 -\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 -\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 -\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 -\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 -\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125 -\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163 -\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164 -\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151 -\154 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 -\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 -\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 -\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 -\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 -\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125 -\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163 -\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164 -\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151 -\154 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147 -\311\211 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\242\060\202\003\212\240\003\002\001\002\002\020\104 -\276\014\213\120\000\044\264\021\323\066\045\045\147\311\211\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201 -\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013 -\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006 -\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040 -\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124 -\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164 -\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150 -\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162 -\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004\003 -\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164\055 -\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151\143 -\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154\060 -\036\027\015\071\071\060\067\060\071\061\067\062\070\065\060\132 -\027\015\061\071\060\067\060\071\061\067\063\066\065\070\132\060 -\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025 -\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145 -\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025 -\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145 -\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030 -\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164 -\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004 -\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164 -\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151 -\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154 -\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001 -\000\262\071\205\244\362\175\253\101\073\142\106\067\256\315\301 -\140\165\274\071\145\371\112\032\107\242\271\314\110\314\152\230 -\325\115\065\031\271\244\102\345\316\111\342\212\057\036\174\322 -\061\007\307\116\264\203\144\235\056\051\325\242\144\304\205\275 -\205\121\065\171\244\116\150\220\173\034\172\244\222\250\027\362 -\230\025\362\223\314\311\244\062\225\273\014\117\060\275\230\240 -\013\213\345\156\033\242\106\372\170\274\242\157\253\131\136\245 -\057\317\312\332\155\252\057\353\254\241\263\152\252\267\056\147 -\065\213\171\341\036\151\210\342\346\106\315\240\245\352\276\013 -\316\166\072\172\016\233\352\374\332\047\133\075\163\037\042\346 -\110\141\306\114\363\151\261\250\056\033\266\324\061\040\054\274 -\202\212\216\244\016\245\327\211\103\374\026\132\257\035\161\327 -\021\131\332\272\207\015\257\372\363\341\302\360\244\305\147\214 -\326\326\124\072\336\012\244\272\003\167\263\145\310\375\036\323 -\164\142\252\030\312\150\223\036\241\205\176\365\107\145\313\370 -\115\127\050\164\322\064\377\060\266\356\366\142\060\024\214\054 -\353\002\003\001\000\001\243\201\271\060\201\266\060\013\006\003 -\125\035\017\004\004\003\002\001\306\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 -\016\004\026\004\024\211\202\147\175\304\235\046\160\000\113\264 -\120\110\174\336\075\256\004\156\175\060\130\006\003\125\035\037 -\004\121\060\117\060\115\240\113\240\111\206\107\150\164\164\160 -\072\057\057\143\162\154\056\165\163\145\162\164\162\165\163\164 -\056\143\157\155\057\125\124\116\055\125\123\105\122\106\151\162 -\163\164\055\103\154\151\145\156\164\101\165\164\150\145\156\164 -\151\143\141\164\151\157\156\141\156\144\105\155\141\151\154\056 -\143\162\154\060\035\006\003\125\035\045\004\026\060\024\006\010 -\053\006\001\005\005\007\003\002\006\010\053\006\001\005\005\007 -\003\004\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\003\202\001\001\000\261\155\141\135\246\032\177\174\253\112 -\344\060\374\123\157\045\044\306\312\355\342\061\134\053\016\356 -\356\141\125\157\004\076\317\071\336\305\033\111\224\344\353\040 -\114\264\346\236\120\056\162\331\215\365\252\243\263\112\332\126 -\034\140\227\200\334\202\242\255\112\275\212\053\377\013\011\264 -\306\327\040\004\105\344\315\200\001\272\272\053\156\316\252\327 -\222\376\344\257\353\364\046\035\026\052\177\154\060\225\067\057 -\063\022\254\177\335\307\321\021\214\121\230\262\320\243\221\320 -\255\366\237\236\203\223\036\035\102\270\106\257\153\146\360\233 -\177\352\343\003\002\345\002\121\301\252\325\065\235\162\100\003 -\211\272\061\035\305\020\150\122\236\337\242\205\305\134\010\246 -\170\346\123\117\261\350\267\323\024\236\223\246\303\144\343\254 -\176\161\315\274\237\351\003\033\314\373\351\254\061\301\257\174 -\025\164\002\231\303\262\107\246\302\062\141\327\307\157\110\044 -\121\047\241\325\207\125\362\173\217\230\075\026\236\356\165\266 -\370\320\216\362\363\306\256\050\133\247\360\363\066\027\374\303 -\005\323\312\003\112\124 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "UTN USERFirst Email Root CA" -# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89 -# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Not Valid Before: Fri Jul 09 17:28:50 1999 -# Not Valid After : Tue Jul 09 17:36:58 2019 -# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7 -# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "UTN USERFirst Email Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\261\162\261\245\155\225\371\037\345\002\207\341\115\067\352\152 -\104\143\166\212 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\327\064\075\357\035\047\011\050\341\061\002\133\023\053\335\367 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 -\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 -\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 -\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 -\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 -\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125 -\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163 -\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164 -\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151 -\154 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147 -\311\211 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "Camerfirma Chambers of Commerce Root" # @@ -3621,6 +3352,8 @@ CKA_VALUE MULTILINE_OCTAL \334 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Camerfirma Chambers of Commerce Root" # Issuer: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU @@ -3781,6 +3514,8 @@ CKA_VALUE MULTILINE_OCTAL \166\135\165\220\032\365\046\217\360 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Camerfirma Global Chambersign Root" # Issuer: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU @@ -3934,6 +3669,8 @@ CKA_VALUE MULTILINE_OCTAL \264\003\045\274 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "XRamp Global CA Root" # Issuer: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US @@ -4081,6 +3818,8 @@ CKA_VALUE MULTILINE_OCTAL \177\333\275\237 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Go Daddy Class 2 CA" # Issuer: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US @@ -4226,6 +3965,8 @@ CKA_VALUE MULTILINE_OCTAL \037\027\224 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Starfield Class 2 CA" # Issuer: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US @@ -4390,6 +4131,8 @@ CKA_VALUE MULTILINE_OCTAL \245\206\054\174\364\022 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Taiwan GRCA" # Issuer: O=Government Root Certification Authority,C=TW @@ -4529,6 +4272,8 @@ CKA_VALUE MULTILINE_OCTAL \346\120\262\247\372\012\105\057\242\360\362 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "DigiCert Assured ID Root CA" # Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -4670,6 +4415,8 @@ CKA_VALUE MULTILINE_OCTAL \225\155\336 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "DigiCert Global Root CA" # Issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -4812,6 +4559,8 @@ CKA_VALUE MULTILINE_OCTAL \370\351\056\023\243\167\350\037\112 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "DigiCert High Assurance EV Root CA" # Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -4851,136 +4600,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Certplus Class 2 Primary CA" -# -# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR -# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23 -# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR -# Not Valid Before: Wed Jul 07 17:05:00 1999 -# Not Valid After : Sat Jul 06 23:59:59 2019 -# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B -# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Class 2 Primary CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303 -\245\104\043 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\222\060\202\002\172\240\003\002\001\002\002\021\000 -\205\275\113\363\330\332\343\151\366\224\327\137\303\245\104\043 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021 -\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165 -\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163 -\163\040\062\040\120\162\151\155\141\162\171\040\103\101\060\036 -\027\015\071\071\060\067\060\067\061\067\060\065\060\060\132\027 -\015\061\071\060\067\060\066\062\063\065\071\065\071\132\060\075 -\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060 -\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165\163 -\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163\163 -\040\062\040\120\162\151\155\141\162\171\040\103\101\060\202\001 -\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 -\003\202\001\017\000\060\202\001\012\002\202\001\001\000\334\120 -\226\320\022\370\065\322\010\170\172\266\122\160\375\157\356\317 -\271\021\313\135\167\341\354\351\176\004\215\326\314\157\163\103 -\127\140\254\063\012\104\354\003\137\034\200\044\221\345\250\221 -\126\022\202\367\340\053\364\333\256\141\056\211\020\215\153\154 -\272\263\002\275\325\066\305\110\067\043\342\360\132\067\122\063 -\027\022\342\321\140\115\276\057\101\021\343\366\027\045\014\213 -\221\300\033\231\173\231\126\015\257\356\322\274\107\127\343\171 -\111\173\064\211\047\044\204\336\261\354\351\130\116\376\116\337 -\132\276\101\255\254\010\305\030\016\357\322\123\356\154\320\235 -\022\001\023\215\334\200\142\367\225\251\104\210\112\161\116\140 -\125\236\333\043\031\171\126\007\014\077\143\013\134\260\342\276 -\176\025\374\224\063\130\101\070\164\304\341\217\213\337\046\254 -\037\265\213\073\267\103\131\153\260\044\246\155\220\213\304\162 -\352\135\063\230\267\313\336\136\173\357\224\361\033\076\312\311 -\041\301\305\230\002\252\242\366\133\167\233\365\176\226\125\064 -\034\147\151\300\361\102\343\107\254\374\050\034\146\125\002\003 -\001\000\001\243\201\214\060\201\211\060\017\006\003\125\035\023 -\004\010\060\006\001\001\377\002\001\012\060\013\006\003\125\035 -\017\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026 -\004\024\343\163\055\337\313\016\050\014\336\335\263\244\312\171 -\270\216\273\350\060\211\060\021\006\011\140\206\110\001\206\370 -\102\001\001\004\004\003\002\001\006\060\067\006\003\125\035\037 -\004\060\060\056\060\054\240\052\240\050\206\046\150\164\164\160 -\072\057\057\167\167\167\056\143\145\162\164\160\154\165\163\056 -\143\157\155\057\103\122\114\057\143\154\141\163\163\062\056\143 -\162\154\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\003\202\001\001\000\247\124\317\210\104\031\313\337\324\177 -\000\337\126\063\142\265\367\121\001\220\353\303\077\321\210\104 -\351\044\135\357\347\024\275\040\267\232\074\000\376\155\237\333 -\220\334\327\364\142\326\213\160\135\347\345\004\110\251\150\174 -\311\361\102\363\154\177\305\172\174\035\121\210\272\322\012\076 -\047\135\336\055\121\116\323\023\144\151\344\056\343\323\347\233 -\011\231\246\340\225\233\316\032\327\177\276\074\316\122\263\021 -\025\301\017\027\315\003\273\234\045\025\272\242\166\211\374\006 -\361\030\320\223\113\016\174\202\267\245\364\366\137\376\355\100 -\246\235\204\164\071\271\334\036\205\026\332\051\033\206\043\000 -\311\273\211\176\156\200\210\036\057\024\264\003\044\250\062\157 -\003\232\107\054\060\276\126\306\247\102\002\160\033\352\100\330 -\272\005\003\160\007\244\226\377\375\110\063\012\341\334\245\201 -\220\233\115\335\175\347\347\262\315\134\310\152\225\370\245\366 -\215\304\135\170\010\276\173\006\326\111\317\031\066\120\043\056 -\010\346\236\005\115\107\030\325\026\351\261\326\266\020\325\273 -\227\277\242\216\264\124 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "Certplus Class 2 Primary CA" -# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR -# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23 -# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR -# Not Valid Before: Wed Jul 07 17:05:00 1999 -# Not Valid After : Sat Jul 06 23:59:59 2019 -# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B -# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Class 2 Primary CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\164\040\164\101\162\234\335\222\354\171\061\330\043\020\215\302 -\201\222\342\273 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\210\054\214\122\270\242\074\363\367\273\003\352\256\254\102\013 -END -CKA_ISSUER MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303 -\245\104\043 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "DST Root CA X3" # @@ -5072,6 +4691,8 @@ CKA_VALUE MULTILINE_OCTAL \013\004\216\007\333\051\266\012\356\235\202\065\065\020 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "DST Root CA X3" # Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. @@ -5239,6 +4860,8 @@ CKA_VALUE MULTILINE_OCTAL \205\206\171\145\322 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "SwissSign Platinum CA - G2" # Issuer: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH @@ -5404,6 +5027,8 @@ CKA_VALUE MULTILINE_OCTAL \111\044\133\311\260\320\127\301\372\076\172\341\227\311 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "SwissSign Gold CA - G2" # Issuer: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH @@ -5570,6 +5195,8 @@ CKA_VALUE MULTILINE_OCTAL \156 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "SwissSign Silver CA - G2" # Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH @@ -5702,6 +5329,8 @@ CKA_VALUE MULTILINE_OCTAL \253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Primary Certification Authority" # Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US @@ -5857,6 +5486,8 @@ CKA_VALUE MULTILINE_OCTAL \215\126\214\150 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "thawte Primary Root CA" # Issuer: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US @@ -6032,6 +5663,8 @@ CKA_VALUE MULTILINE_OCTAL \254\021\326\250\355\143\152 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G5" # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -6175,6 +5808,8 @@ CKA_VALUE MULTILINE_OCTAL \113\035\236\054\302\270\150\274\355\002\356\061 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "SecureTrust CA" # Issuer: CN=SecureTrust CA,O=SecureTrust Corporation,C=US @@ -6310,6 +5945,8 @@ CKA_VALUE MULTILINE_OCTAL \117\043\037\332\154\254\037\104\341\335\043\170\121\133\307\026 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Secure Global CA" # Issuer: CN=Secure Global CA,O=SecureTrust Corporation,C=US @@ -6460,6 +6097,8 @@ CKA_VALUE MULTILINE_OCTAL \145 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "COMODO Certification Authority" # Issuer: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB @@ -6606,6 +6245,8 @@ CKA_VALUE MULTILINE_OCTAL \244\140\114\260\125\240\240\173\127\262 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Network Solutions Certificate Authority" # Issuer: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US @@ -6732,6 +6373,8 @@ CKA_VALUE MULTILINE_OCTAL \334\335\363\377\035\054\072\026\127\331\222\071\326 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "COMODO ECC Certification Authority" # Issuer: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB @@ -6883,6 +6526,8 @@ CKA_VALUE MULTILINE_OCTAL \374\276\337\012\015 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "OISTE WISeKey Global Root GA CA" # Issuer: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH @@ -7018,6 +6663,8 @@ CKA_VALUE MULTILINE_OCTAL \300\226\130\057\352\273\106\327\273\344\331\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Certigna" # Issuer: CN=Certigna,O=Dhimyotis,C=FR @@ -7053,621 +6700,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "AC Raiz Certicamara S.A." -# -# Issuer: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO -# Serial Number:07:7e:52:93:7b:e0:15:e3:57:f0:69:8c:cb:ec:0c -# Subject: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO -# Not Valid Before: Mon Nov 27 20:46:29 2006 -# Not Valid After : Tue Apr 02 21:42:02 2030 -# Fingerprint (MD5): 93:2A:3E:F6:FD:23:69:0D:71:20:D4:2B:47:99:2B:A6 -# Fingerprint (SHA1): CB:A1:C5:F8:B0:E3:5E:B8:B9:45:12:D3:F9:34:A2:E9:06:10:D3:36 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AC Ra\xC3\xADz Certic\xC3\xA1mara S.A." -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\173\061\013\060\011\006\003\125\004\006\023\002\103\117\061 -\107\060\105\006\003\125\004\012\014\076\123\157\143\151\145\144 -\141\144\040\103\141\155\145\162\141\154\040\144\145\040\103\145 -\162\164\151\146\151\143\141\143\151\303\263\156\040\104\151\147 -\151\164\141\154\040\055\040\103\145\162\164\151\143\303\241\155 -\141\162\141\040\123\056\101\056\061\043\060\041\006\003\125\004 -\003\014\032\101\103\040\122\141\303\255\172\040\103\145\162\164 -\151\143\303\241\155\141\162\141\040\123\056\101\056 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\173\061\013\060\011\006\003\125\004\006\023\002\103\117\061 -\107\060\105\006\003\125\004\012\014\076\123\157\143\151\145\144 -\141\144\040\103\141\155\145\162\141\154\040\144\145\040\103\145 -\162\164\151\146\151\143\141\143\151\303\263\156\040\104\151\147 -\151\164\141\154\040\055\040\103\145\162\164\151\143\303\241\155 -\141\162\141\040\123\056\101\056\061\043\060\041\006\003\125\004 -\003\014\032\101\103\040\122\141\303\255\172\040\103\145\162\164 -\151\143\303\241\155\141\162\141\040\123\056\101\056 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\017\007\176\122\223\173\340\025\343\127\360\151\214\313\354 -\014 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\006\146\060\202\004\116\240\003\002\001\002\002\017\007 -\176\122\223\173\340\025\343\127\360\151\214\313\354\014\060\015 -\006\011\052\206\110\206\367\015\001\001\005\005\000\060\173\061 -\013\060\011\006\003\125\004\006\023\002\103\117\061\107\060\105 -\006\003\125\004\012\014\076\123\157\143\151\145\144\141\144\040 -\103\141\155\145\162\141\154\040\144\145\040\103\145\162\164\151 -\146\151\143\141\143\151\303\263\156\040\104\151\147\151\164\141 -\154\040\055\040\103\145\162\164\151\143\303\241\155\141\162\141 -\040\123\056\101\056\061\043\060\041\006\003\125\004\003\014\032 -\101\103\040\122\141\303\255\172\040\103\145\162\164\151\143\303 -\241\155\141\162\141\040\123\056\101\056\060\036\027\015\060\066 -\061\061\062\067\062\060\064\066\062\071\132\027\015\063\060\060 -\064\060\062\062\061\064\062\060\062\132\060\173\061\013\060\011 -\006\003\125\004\006\023\002\103\117\061\107\060\105\006\003\125 -\004\012\014\076\123\157\143\151\145\144\141\144\040\103\141\155 -\145\162\141\154\040\144\145\040\103\145\162\164\151\146\151\143 -\141\143\151\303\263\156\040\104\151\147\151\164\141\154\040\055 -\040\103\145\162\164\151\143\303\241\155\141\162\141\040\123\056 -\101\056\061\043\060\041\006\003\125\004\003\014\032\101\103\040 -\122\141\303\255\172\040\103\145\162\164\151\143\303\241\155\141 -\162\141\040\123\056\101\056\060\202\002\042\060\015\006\011\052 -\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 -\202\002\012\002\202\002\001\000\253\153\211\243\123\314\110\043 -\010\373\303\317\121\226\010\056\270\010\172\155\074\220\027\206 -\251\351\355\056\023\064\107\262\320\160\334\311\074\320\215\312 -\356\113\027\253\320\205\260\247\043\004\313\250\242\374\345\165 -\333\100\312\142\211\217\120\236\001\075\046\133\030\204\034\313 -\174\067\267\175\354\323\177\163\031\260\152\262\330\210\212\055 -\105\164\250\367\263\270\300\324\332\315\042\211\164\115\132\025 -\071\163\030\164\117\265\353\231\247\301\036\210\264\302\223\220 -\143\227\363\247\247\022\262\011\042\007\063\331\221\315\016\234 -\037\016\040\307\356\273\063\215\217\302\322\130\247\137\375\145 -\067\342\210\302\330\217\206\165\136\371\055\247\207\063\362\170 -\067\057\213\274\035\206\067\071\261\224\362\330\274\112\234\203 -\030\132\006\374\363\324\324\272\214\025\011\045\360\371\266\215 -\004\176\027\022\063\153\127\110\114\117\333\046\036\353\314\220 -\347\213\371\150\174\160\017\243\052\320\072\070\337\067\227\342 -\133\336\200\141\323\200\330\221\203\102\132\114\004\211\150\021 -\074\254\137\150\200\101\314\140\102\316\015\132\052\014\017\233 -\060\300\246\360\206\333\253\111\327\227\155\110\213\371\003\300 -\122\147\233\022\367\302\362\056\230\145\102\331\326\232\343\320 -\031\061\014\255\207\325\127\002\172\060\350\206\046\373\217\043 -\212\124\207\344\277\074\356\353\303\165\110\137\036\071\157\201 -\142\154\305\055\304\027\124\031\267\067\215\234\067\221\310\366 -\013\325\352\143\157\203\254\070\302\363\077\336\232\373\341\043 -\141\360\310\046\313\066\310\241\363\060\217\244\243\242\241\335 -\123\263\336\360\232\062\037\203\221\171\060\301\251\037\123\233 -\123\242\025\123\077\335\235\263\020\073\110\175\211\017\374\355 -\003\365\373\045\144\165\016\027\031\015\217\000\026\147\171\172 -\100\374\055\131\007\331\220\372\232\255\075\334\200\212\346\134 -\065\242\147\114\021\153\261\370\200\144\000\055\157\042\141\305 -\254\113\046\345\132\020\202\233\244\203\173\064\367\236\211\221 -\040\227\216\267\102\307\146\303\320\351\244\326\365\040\215\304 -\303\225\254\104\012\235\133\163\074\046\075\057\112\276\247\311 -\247\020\036\373\237\120\151\363\002\003\001\000\001\243\201\346 -\060\201\343\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 -\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\321 -\011\320\351\327\316\171\164\124\371\072\060\263\364\155\054\003 -\003\033\150\060\201\240\006\003\125\035\040\004\201\230\060\201 -\225\060\201\222\006\004\125\035\040\000\060\201\211\060\053\006 -\010\053\006\001\005\005\007\002\001\026\037\150\164\164\160\072 -\057\057\167\167\167\056\143\145\162\164\151\143\141\155\141\162 -\141\056\143\157\155\057\144\160\143\057\060\132\006\010\053\006 -\001\005\005\007\002\002\060\116\032\114\114\151\155\151\164\141 -\143\151\157\156\145\163\040\144\145\040\147\141\162\141\156\164 -\355\141\163\040\144\145\040\145\163\164\145\040\143\145\162\164 -\151\146\151\143\141\144\157\040\163\145\040\160\165\145\144\145 -\156\040\145\156\143\157\156\164\162\141\162\040\145\156\040\154 -\141\040\104\120\103\056\060\015\006\011\052\206\110\206\367\015 -\001\001\005\005\000\003\202\002\001\000\134\224\265\270\105\221 -\115\216\141\037\003\050\017\123\174\346\244\131\251\263\212\172 -\305\260\377\010\174\054\243\161\034\041\023\147\241\225\022\100 -\065\203\203\217\164\333\063\134\360\111\166\012\201\122\335\111 -\324\232\062\063\357\233\247\313\165\345\172\313\227\022\220\134 -\272\173\305\233\337\273\071\043\310\377\230\316\012\115\042\001 -\110\007\176\212\300\325\040\102\224\104\357\277\167\242\211\147 -\110\033\100\003\005\241\211\354\317\142\343\075\045\166\146\277 -\046\267\273\042\276\157\377\071\127\164\272\172\311\001\225\301 -\225\121\350\253\054\370\261\206\040\351\077\313\065\133\322\027 -\351\052\376\203\023\027\100\356\210\142\145\133\325\073\140\351 -\173\074\270\311\325\177\066\002\045\252\150\302\061\025\267\060 -\145\353\177\035\110\171\261\317\071\342\102\200\026\323\365\223 -\043\374\114\227\311\132\067\154\174\042\330\112\315\322\216\066 -\203\071\221\220\020\310\361\311\065\176\077\270\323\201\306\040 -\144\032\266\120\302\041\244\170\334\320\057\073\144\223\164\360 -\226\220\361\357\373\011\132\064\100\226\360\066\022\301\243\164 -\214\223\176\101\336\167\213\354\206\331\322\017\077\055\321\314 -\100\242\211\146\110\036\040\263\234\043\131\163\251\104\163\274 -\044\171\220\126\067\263\306\051\176\243\017\361\051\071\357\176 -\134\050\062\160\065\254\332\270\310\165\146\374\233\114\071\107 -\216\033\157\233\115\002\124\042\063\357\141\272\236\051\204\357 -\116\113\063\107\166\227\152\313\176\137\375\025\246\236\102\103 -\133\146\132\212\210\015\367\026\271\077\121\145\053\146\152\213 -\321\070\122\242\326\106\021\372\374\232\034\164\236\217\227\013 -\002\117\144\306\365\150\323\113\055\377\244\067\036\213\077\277 -\104\276\141\106\241\204\075\010\047\114\201\040\167\211\010\352 -\147\100\136\154\010\121\137\064\132\214\226\150\315\327\367\211 -\302\034\323\062\000\257\122\313\323\140\133\052\072\107\176\153 -\060\063\241\142\051\177\112\271\341\055\347\024\043\016\016\030 -\107\341\171\374\025\125\320\261\374\045\161\143\165\063\034\043 -\053\257\134\331\355\107\167\140\016\073\017\036\322\300\334\144 -\005\211\374\170\326\134\054\046\103\251 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "AC Raiz Certicamara S.A." -# Issuer: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO -# Serial Number:07:7e:52:93:7b:e0:15:e3:57:f0:69:8c:cb:ec:0c -# Subject: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO -# Not Valid Before: Mon Nov 27 20:46:29 2006 -# Not Valid After : Tue Apr 02 21:42:02 2030 -# Fingerprint (MD5): 93:2A:3E:F6:FD:23:69:0D:71:20:D4:2B:47:99:2B:A6 -# Fingerprint (SHA1): CB:A1:C5:F8:B0:E3:5E:B8:B9:45:12:D3:F9:34:A2:E9:06:10:D3:36 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AC Ra\xC3\xADz Certic\xC3\xA1mara S.A." -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\313\241\305\370\260\343\136\270\271\105\022\323\371\064\242\351 -\006\020\323\066 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\223\052\076\366\375\043\151\015\161\040\324\053\107\231\053\246 -END -CKA_ISSUER MULTILINE_OCTAL -\060\173\061\013\060\011\006\003\125\004\006\023\002\103\117\061 -\107\060\105\006\003\125\004\012\014\076\123\157\143\151\145\144 -\141\144\040\103\141\155\145\162\141\154\040\144\145\040\103\145 -\162\164\151\146\151\143\141\143\151\303\263\156\040\104\151\147 -\151\164\141\154\040\055\040\103\145\162\164\151\143\303\241\155 -\141\162\141\040\123\056\101\056\061\043\060\041\006\003\125\004 -\003\014\032\101\103\040\122\141\303\255\172\040\103\145\162\164 -\151\143\303\241\155\141\162\141\040\123\056\101\056 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\017\007\176\122\223\173\340\025\343\127\360\151\214\313\354 -\014 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "TC TrustCenter Class 3 CA II" -# -# Issuer: CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE -# Serial Number:4a:47:00:01:00:02:e5:a0:5d:d6:3f:00:51:bf -# Subject: CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE -# Not Valid Before: Thu Jan 12 14:41:57 2006 -# Not Valid After : Wed Dec 31 22:59:59 2025 -# Fingerprint (MD5): 56:5F:AA:80:61:12:17:F6:67:21:E6:2B:6D:61:56:8E -# Fingerprint (SHA1): 80:25:EF:F4:6E:70:C8:D4:72:24:65:84:FE:40:3B:8A:8D:6A:DB:F5 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TC TrustCenter Class 3 CA II" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\166\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165 -\163\164\103\145\156\164\145\162\040\107\155\142\110\061\042\060 -\040\006\003\125\004\013\023\031\124\103\040\124\162\165\163\164 -\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103 -\101\061\045\060\043\006\003\125\004\003\023\034\124\103\040\124 -\162\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163 -\040\063\040\103\101\040\111\111 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\166\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165 -\163\164\103\145\156\164\145\162\040\107\155\142\110\061\042\060 -\040\006\003\125\004\013\023\031\124\103\040\124\162\165\163\164 -\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103 -\101\061\045\060\043\006\003\125\004\003\023\034\124\103\040\124 -\162\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163 -\040\063\040\103\101\040\111\111 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\016\112\107\000\001\000\002\345\240\135\326\077\000\121\277 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\252\060\202\003\222\240\003\002\001\002\002\016\112 -\107\000\001\000\002\345\240\135\326\077\000\121\277\060\015\006 -\011\052\206\110\206\367\015\001\001\005\005\000\060\166\061\013 -\060\011\006\003\125\004\006\023\002\104\105\061\034\060\032\006 -\003\125\004\012\023\023\124\103\040\124\162\165\163\164\103\145 -\156\164\145\162\040\107\155\142\110\061\042\060\040\006\003\125 -\004\013\023\031\124\103\040\124\162\165\163\164\103\145\156\164 -\145\162\040\103\154\141\163\163\040\063\040\103\101\061\045\060 -\043\006\003\125\004\003\023\034\124\103\040\124\162\165\163\164 -\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103 -\101\040\111\111\060\036\027\015\060\066\060\061\061\062\061\064 -\064\061\065\067\132\027\015\062\065\061\062\063\061\062\062\065 -\071\065\071\132\060\166\061\013\060\011\006\003\125\004\006\023 -\002\104\105\061\034\060\032\006\003\125\004\012\023\023\124\103 -\040\124\162\165\163\164\103\145\156\164\145\162\040\107\155\142 -\110\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124 -\162\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163 -\040\063\040\103\101\061\045\060\043\006\003\125\004\003\023\034 -\124\103\040\124\162\165\163\164\103\145\156\164\145\162\040\103 -\154\141\163\163\040\063\040\103\101\040\111\111\060\202\001\042 -\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 -\202\001\017\000\060\202\001\012\002\202\001\001\000\264\340\273 -\121\273\071\134\213\004\305\114\171\034\043\206\061\020\143\103 -\125\047\077\306\105\307\244\075\354\011\015\032\036\040\302\126 -\036\336\033\067\007\060\042\057\157\361\006\361\253\255\326\310 -\253\141\243\057\103\304\260\262\055\374\303\226\151\173\176\212 -\344\314\300\071\022\220\102\140\311\314\065\150\356\332\137\220 -\126\137\315\034\115\133\130\111\353\016\001\117\144\372\054\074 -\211\130\330\057\056\342\260\150\351\042\073\165\211\326\104\032 -\145\362\033\227\046\035\050\155\254\350\275\131\035\053\044\366 -\326\204\003\146\210\044\000\170\140\361\370\253\376\002\262\153 -\373\042\373\065\346\026\321\255\366\056\022\344\372\065\152\345 -\031\271\135\333\073\036\032\373\323\377\025\024\010\330\011\152 -\272\105\235\024\171\140\175\257\100\212\007\163\263\223\226\323 -\164\064\215\072\067\051\336\134\354\365\356\056\061\302\040\334 -\276\361\117\177\043\122\331\133\342\144\331\234\252\007\010\265 -\105\275\321\320\061\301\253\124\237\251\322\303\142\140\003\361 -\273\071\112\222\112\075\012\271\235\305\240\376\067\002\003\001 -\000\001\243\202\001\064\060\202\001\060\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125 -\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125 -\035\016\004\026\004\024\324\242\374\237\263\303\330\003\323\127 -\134\007\244\320\044\247\300\362\000\324\060\201\355\006\003\125 -\035\037\004\201\345\060\201\342\060\201\337\240\201\334\240\201 -\331\206\065\150\164\164\160\072\057\057\167\167\167\056\164\162 -\165\163\164\143\145\156\164\145\162\056\144\145\057\143\162\154 -\057\166\062\057\164\143\137\143\154\141\163\163\137\063\137\143 -\141\137\111\111\056\143\162\154\206\201\237\154\144\141\160\072 -\057\057\167\167\167\056\164\162\165\163\164\143\145\156\164\145 -\162\056\144\145\057\103\116\075\124\103\045\062\060\124\162\165 -\163\164\103\145\156\164\145\162\045\062\060\103\154\141\163\163 -\045\062\060\063\045\062\060\103\101\045\062\060\111\111\054\117 -\075\124\103\045\062\060\124\162\165\163\164\103\145\156\164\145 -\162\045\062\060\107\155\142\110\054\117\125\075\162\157\157\164 -\143\145\162\164\163\054\104\103\075\164\162\165\163\164\143\145 -\156\164\145\162\054\104\103\075\144\145\077\143\145\162\164\151 -\146\151\143\141\164\145\122\145\166\157\143\141\164\151\157\156 -\114\151\163\164\077\142\141\163\145\077\060\015\006\011\052\206 -\110\206\367\015\001\001\005\005\000\003\202\001\001\000\066\140 -\344\160\367\006\040\103\331\043\032\102\362\370\243\262\271\115 -\212\264\363\302\232\125\061\174\304\073\147\232\264\337\115\016 -\212\223\112\027\213\033\215\312\211\341\317\072\036\254\035\361 -\234\062\264\216\131\166\242\101\205\045\067\240\023\320\365\174 -\116\325\352\226\342\156\162\301\273\052\376\154\156\370\221\230 -\106\374\311\033\127\133\352\310\032\073\077\260\121\230\074\007 -\332\054\131\001\332\213\104\350\341\164\375\247\150\335\124\272 -\203\106\354\310\106\265\370\257\227\300\073\011\034\217\316\162 -\226\075\063\126\160\274\226\313\330\325\175\040\232\203\237\032 -\334\071\361\305\162\243\021\003\375\073\102\122\051\333\350\001 -\367\233\136\214\326\215\206\116\031\372\274\034\276\305\041\245 -\207\236\170\056\066\333\011\161\243\162\064\370\154\343\006\011 -\362\136\126\245\323\335\230\372\324\346\006\364\360\266\040\143 -\113\352\051\275\252\202\146\036\373\201\252\247\067\255\023\030 -\346\222\303\201\301\063\273\210\036\241\347\342\264\275\061\154 -\016\121\075\157\373\226\126\200\342\066\027\321\334\344 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "TC TrustCenter Class 3 CA II" -# Issuer: CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE -# Serial Number:4a:47:00:01:00:02:e5:a0:5d:d6:3f:00:51:bf -# Subject: CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE -# Not Valid Before: Thu Jan 12 14:41:57 2006 -# Not Valid After : Wed Dec 31 22:59:59 2025 -# Fingerprint (MD5): 56:5F:AA:80:61:12:17:F6:67:21:E6:2B:6D:61:56:8E -# Fingerprint (SHA1): 80:25:EF:F4:6E:70:C8:D4:72:24:65:84:FE:40:3B:8A:8D:6A:DB:F5 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TC TrustCenter Class 3 CA II" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\200\045\357\364\156\160\310\324\162\044\145\204\376\100\073\212 -\215\152\333\365 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\126\137\252\200\141\022\027\366\147\041\346\053\155\141\126\216 -END -CKA_ISSUER MULTILINE_OCTAL -\060\166\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165 -\163\164\103\145\156\164\145\162\040\107\155\142\110\061\042\060 -\040\006\003\125\004\013\023\031\124\103\040\124\162\165\163\164 -\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103 -\101\061\045\060\043\006\003\125\004\003\023\034\124\103\040\124 -\162\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163 -\040\063\040\103\101\040\111\111 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\016\112\107\000\001\000\002\345\240\135\326\077\000\121\277 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Deutsche Telekom Root CA 2" -# -# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Serial Number: 38 (0x26) -# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Not Valid Before: Fri Jul 09 12:11:00 1999 -# Not Valid After : Tue Jul 09 23:59:00 2019 -# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08 -# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Deutsche Telekom Root CA 2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 -\101\040\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 -\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\046 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\237\060\202\002\207\240\003\002\001\002\002\001\046 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061\034 -\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060\035 -\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145\143 -\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043\060 -\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150\145 -\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103\101 -\040\062\060\036\027\015\071\071\060\067\060\071\061\062\061\061 -\060\060\132\027\015\061\071\060\067\060\071\062\063\065\071\060 -\060\132\060\161\061\013\060\011\006\003\125\004\006\023\002\104 -\105\061\034\060\032\006\003\125\004\012\023\023\104\145\165\164 -\163\143\150\145\040\124\145\154\145\153\157\155\040\101\107\061 -\037\060\035\006\003\125\004\013\023\026\124\055\124\145\154\145 -\123\145\143\040\124\162\165\163\164\040\103\145\156\164\145\162 -\061\043\060\041\006\003\125\004\003\023\032\104\145\165\164\163 -\143\150\145\040\124\145\154\145\153\157\155\040\122\157\157\164 -\040\103\101\040\062\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\253\013\243\065\340\213\051\024\261\024 -\205\257\074\020\344\071\157\065\135\112\256\335\352\141\215\225 -\111\364\157\144\243\032\140\146\244\251\100\042\204\331\324\245 -\345\170\223\016\150\001\255\271\115\134\072\316\323\270\250\102 -\100\337\317\243\272\202\131\152\222\033\254\034\232\332\010\053 -\045\047\371\151\043\107\361\340\353\054\172\233\365\023\002\320 -\176\064\174\302\236\074\000\131\253\365\332\014\365\062\074\053 -\254\120\332\326\303\336\203\224\312\250\014\231\062\016\010\110 -\126\133\152\373\332\341\130\130\001\111\137\162\101\074\025\006 -\001\216\135\255\252\270\223\264\315\236\353\247\350\152\055\122 -\064\333\072\357\134\165\121\332\333\363\061\371\356\161\230\062 -\304\124\025\104\014\371\233\125\355\255\337\030\010\240\243\206 -\212\111\356\123\005\217\031\114\325\336\130\171\233\322\152\034 -\102\253\305\325\247\317\150\017\226\344\341\141\230\166\141\310 -\221\174\326\076\000\342\221\120\207\341\235\012\346\255\227\322 -\035\306\072\175\313\274\332\003\064\325\216\133\001\365\152\007 -\267\026\266\156\112\177\002\003\001\000\001\243\102\060\100\060 -\035\006\003\125\035\016\004\026\004\024\061\303\171\033\272\365 -\123\327\027\340\211\172\055\027\154\012\263\053\235\063\060\017 -\006\003\125\035\023\004\010\060\006\001\001\377\002\001\005\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202 -\001\001\000\224\144\131\255\071\144\347\051\353\023\376\132\303 -\213\023\127\310\004\044\360\164\167\300\140\343\147\373\351\211 -\246\203\277\226\202\174\156\324\303\075\357\236\200\156\273\051 -\264\230\172\261\073\124\353\071\027\107\176\032\216\013\374\037 -\061\131\061\004\262\316\027\363\054\307\142\066\125\342\042\330 -\211\125\264\230\110\252\144\372\326\034\066\330\104\170\132\132 -\043\072\127\227\365\172\060\117\256\237\152\114\113\053\216\240 -\003\343\076\340\251\324\322\173\322\263\250\342\162\074\255\236 -\377\200\131\344\233\105\264\366\073\260\315\071\031\230\062\345 -\352\041\141\220\344\061\041\216\064\261\367\057\065\112\205\020 -\332\347\212\067\041\276\131\143\340\362\205\210\061\123\324\124 -\024\205\160\171\364\056\006\167\047\165\057\037\270\212\371\376 -\305\272\330\066\344\203\354\347\145\267\277\143\132\363\106\257 -\201\224\067\324\101\214\326\043\326\036\317\365\150\033\104\143 -\242\132\272\247\065\131\241\345\160\005\233\016\043\127\231\224 -\012\155\272\071\143\050\206\222\363\030\204\330\373\321\317\005 -\126\144\127 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "Deutsche Telekom Root CA 2" -# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Serial Number: 38 (0x26) -# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Not Valid Before: Fri Jul 09 12:11:00 1999 -# Not Valid After : Tue Jul 09 23:59:00 2019 -# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08 -# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Deutsche Telekom Root CA 2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\205\244\010\300\234\031\076\135\121\130\175\315\326\023\060\375 -\214\336\067\277 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\164\001\112\221\261\010\304\130\316\107\315\360\335\021\123\010 -END -CKA_ISSUER MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 -\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\046 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "ComSign CA" -# -# Issuer: C=IL,O=ComSign,CN=ComSign CA -# Serial Number:14:13:96:83:14:55:8c:ea:7b:63:e5:fc:34:87:77:44 -# Subject: C=IL,O=ComSign,CN=ComSign CA -# Not Valid Before: Wed Mar 24 11:32:18 2004 -# Not Valid After : Mon Mar 19 15:02:18 2029 -# Fingerprint (MD5): CD:F4:39:F3:B5:18:50:D7:3E:A4:C5:91:A0:3E:21:4B -# Fingerprint (SHA1): E1:A4:5B:14:1A:21:DA:1A:79:F4:1A:42:A9:61:D6:69:CD:06:34:C1 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "ComSign CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\064\061\023\060\021\006\003\125\004\003\023\012\103\157\155 -\123\151\147\156\040\103\101\061\020\060\016\006\003\125\004\012 -\023\007\103\157\155\123\151\147\156\061\013\060\011\006\003\125 -\004\006\023\002\111\114 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\064\061\023\060\021\006\003\125\004\003\023\012\103\157\155 -\123\151\147\156\040\103\101\061\020\060\016\006\003\125\004\012 -\023\007\103\157\155\123\151\147\156\061\013\060\011\006\003\125 -\004\006\023\002\111\114 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\024\023\226\203\024\125\214\352\173\143\345\374\064\207 -\167\104 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\223\060\202\002\173\240\003\002\001\002\002\020\024 -\023\226\203\024\125\214\352\173\143\345\374\064\207\167\104\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\064 -\061\023\060\021\006\003\125\004\003\023\012\103\157\155\123\151 -\147\156\040\103\101\061\020\060\016\006\003\125\004\012\023\007 -\103\157\155\123\151\147\156\061\013\060\011\006\003\125\004\006 -\023\002\111\114\060\036\027\015\060\064\060\063\062\064\061\061 -\063\062\061\070\132\027\015\062\071\060\063\061\071\061\065\060 -\062\061\070\132\060\064\061\023\060\021\006\003\125\004\003\023 -\012\103\157\155\123\151\147\156\040\103\101\061\020\060\016\006 -\003\125\004\012\023\007\103\157\155\123\151\147\156\061\013\060 -\011\006\003\125\004\006\023\002\111\114\060\202\001\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001 -\017\000\060\202\001\012\002\202\001\001\000\360\344\124\151\053 -\323\307\217\152\104\344\176\130\047\370\013\320\344\224\022\212 -\361\033\070\070\057\037\061\234\006\324\054\247\336\013\052\256 -\032\240\343\236\152\277\237\074\307\156\242\371\213\144\154\072 -\255\205\125\121\124\245\070\125\270\253\203\004\362\077\144\066 -\367\300\215\103\103\152\146\321\367\027\052\325\357\066\372\060 -\020\102\327\123\315\371\372\063\163\114\263\351\204\040\212\326 -\101\047\065\344\070\372\224\233\270\172\344\171\037\063\373\033 -\330\041\011\050\174\115\030\151\136\144\212\172\031\223\312\176 -\354\363\162\347\067\007\130\131\050\254\102\371\305\377\315\077 -\347\245\372\070\261\320\014\307\331\122\032\123\326\201\314\102 -\172\065\133\355\113\072\172\366\265\216\314\377\017\174\344\140 -\066\207\057\255\360\241\045\175\377\322\113\021\210\160\124\246 -\101\250\147\123\122\102\136\344\064\236\344\276\243\354\252\142 -\135\335\303\114\246\202\101\344\063\013\254\311\063\017\144\202 -\127\052\375\014\255\066\341\014\256\113\305\357\073\231\331\043 -\263\133\135\264\127\354\164\160\014\052\117\002\003\001\000\001 -\243\201\240\060\201\235\060\014\006\003\125\035\023\004\005\060 -\003\001\001\377\060\075\006\003\125\035\037\004\066\060\064\060 -\062\240\060\240\056\206\054\150\164\164\160\072\057\057\146\145 -\144\151\162\056\143\157\155\163\151\147\156\056\143\157\056\151 -\154\057\143\162\154\057\103\157\155\123\151\147\156\103\101\056 -\143\162\154\060\016\006\003\125\035\017\001\001\377\004\004\003 -\002\001\206\060\037\006\003\125\035\043\004\030\060\026\200\024 -\113\001\233\076\126\032\145\066\166\313\173\227\252\222\005\356 -\062\347\050\061\060\035\006\003\125\035\016\004\026\004\024\113 -\001\233\076\126\032\145\066\166\313\173\227\252\222\005\356\062 -\347\050\061\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\003\202\001\001\000\320\331\245\176\376\051\140\105\235 -\176\203\317\156\274\107\156\365\032\236\124\166\102\161\264\074 -\130\077\055\100\045\102\366\201\234\361\211\020\310\016\252\170 -\117\070\011\127\260\074\300\010\374\065\216\361\110\121\215\014 -\161\164\272\204\304\327\162\233\204\174\070\116\144\006\047\052 -\341\247\265\354\010\231\264\012\015\324\205\163\310\022\341\065 -\355\361\005\061\035\163\231\014\353\226\312\335\323\346\205\252 -\360\212\373\165\301\362\011\074\145\145\144\363\114\330\255\313 -\210\151\363\344\203\267\014\275\027\132\226\027\312\133\377\255 -\273\034\351\055\204\200\330\041\276\205\122\331\324\164\271\151 -\205\272\115\355\050\062\353\371\141\112\344\304\066\036\031\334 -\157\204\021\037\225\365\203\050\030\250\063\222\103\047\335\135 -\023\004\105\117\207\325\106\315\075\250\272\360\363\270\126\044 -\105\353\067\307\341\166\117\162\071\030\337\176\164\162\307\163 -\055\071\352\140\346\255\021\242\126\207\173\303\150\232\376\370 -\214\160\250\337\145\062\364\244\100\214\241\302\104\003\016\224 -\000\147\240\161\000\202\110 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "ComSign CA" -# Issuer: C=IL,O=ComSign,CN=ComSign CA -# Serial Number:14:13:96:83:14:55:8c:ea:7b:63:e5:fc:34:87:77:44 -# Subject: C=IL,O=ComSign,CN=ComSign CA -# Not Valid Before: Wed Mar 24 11:32:18 2004 -# Not Valid After : Mon Mar 19 15:02:18 2029 -# Fingerprint (MD5): CD:F4:39:F3:B5:18:50:D7:3E:A4:C5:91:A0:3E:21:4B -# Fingerprint (SHA1): E1:A4:5B:14:1A:21:DA:1A:79:F4:1A:42:A9:61:D6:69:CD:06:34:C1 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "ComSign CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\341\244\133\024\032\041\332\032\171\364\032\102\251\141\326\151 -\315\006\064\301 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\315\364\071\363\265\030\120\327\076\244\305\221\240\076\041\113 -END -CKA_ISSUER MULTILINE_OCTAL -\060\064\061\023\060\021\006\003\125\004\003\023\012\103\157\155 -\123\151\147\156\040\103\101\061\020\060\016\006\003\125\004\012 -\023\007\103\157\155\123\151\147\156\061\013\060\011\006\003\125 -\004\006\023\002\111\114 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\024\023\226\203\024\125\214\352\173\143\345\374\064\207 -\167\104 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "Cybertrust Global Root" # @@ -7762,6 +6794,8 @@ CKA_VALUE MULTILINE_OCTAL \246\210\070\316\125 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Cybertrust Global Root" # Issuer: CN=Cybertrust Global Root,O="Cybertrust, Inc" @@ -7929,6 +6963,8 @@ CKA_VALUE MULTILINE_OCTAL \201\370\021\234 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "ePKI Root Certification Authority" # Issuer: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW @@ -8054,6 +7090,8 @@ CKA_VALUE MULTILINE_OCTAL \366\356\260\132\116\111\104\124\130\137\102\203 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "certSIGN ROOT CA" # Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO @@ -8202,6 +7240,8 @@ CKA_VALUE MULTILINE_OCTAL \021\055 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Primary Certification Authority - G3" # Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US @@ -8331,6 +7371,8 @@ CKA_VALUE MULTILINE_OCTAL \367\130\077\056\162\002\127\243\217\241\024\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "thawte Primary Root CA - G2" # Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US @@ -8491,6 +7533,8 @@ CKA_VALUE MULTILINE_OCTAL \061\324\100\032\142\064\066\077\065\001\256\254\143\240 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "thawte Primary Root CA - G3" # Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US @@ -8627,6 +7671,8 @@ CKA_VALUE MULTILINE_OCTAL \017\212 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Primary Certification Authority - G2" # Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US @@ -8797,6 +7843,8 @@ CKA_VALUE MULTILINE_OCTAL \354\315\202\141\361\070\346\117\227\230\052\132\215 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "VeriSign Universal Root Certification Authority" # Issuer: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -8952,6 +8000,8 @@ CKA_VALUE MULTILINE_OCTAL \055\247\330\206\052\335\056\020 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -9112,6 +8162,8 @@ CKA_VALUE MULTILINE_OCTAL \330\316\304\143\165\077\131\107\261 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "NetLock Arany (Class Gold) FÅ‘tanúsítvány" # Issuer: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU @@ -9286,6 +8338,8 @@ CKA_VALUE MULTILINE_OCTAL \370\161\012\334\271\374\175\062\140\346\353\257\212\001 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Staat der Nederlanden Root CA - G2" # Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL @@ -9412,6 +8466,8 @@ CKA_VALUE MULTILINE_OCTAL \002\153\331\132 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Hongkong Post Root CA 1" # Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK @@ -9543,6 +8599,8 @@ CKA_VALUE MULTILINE_OCTAL \362 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "SecureSign RootCA11" # Issuer: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP @@ -9690,6 +8748,8 @@ CKA_VALUE MULTILINE_OCTAL \202\042\055\172\124\253\160\303\175\042\145\202\160\226 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Microsec e-Szigno Root CA 2009" # Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU @@ -9822,6 +8882,8 @@ CKA_VALUE MULTILINE_OCTAL \130\077\137 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GlobalSign Root CA - R3" # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 @@ -9995,6 +9057,8 @@ CKA_VALUE MULTILINE_OCTAL \156\117\022\176\012\074\235\225 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" # Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES @@ -10164,6 +9228,8 @@ CKA_VALUE MULTILINE_OCTAL \333\374\046\210\307 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Izenpe.com" # Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES @@ -10369,6 +9435,8 @@ CKA_VALUE MULTILINE_OCTAL \167\110\320 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Chambers of Commerce Root - 2008" # Issuer: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU @@ -10578,6 +9646,8 @@ CKA_VALUE MULTILINE_OCTAL \351\233\256\325\124\300\164\200\321\013\102\237\301 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Global Chambersign Root - 2008" # Issuer: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU @@ -10726,6 +9796,8 @@ CKA_VALUE MULTILINE_OCTAL \342\342\104\276\134\367\352\034\365 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Go Daddy Root Certificate Authority - G2" # Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US @@ -10876,6 +9948,8 @@ CKA_VALUE MULTILINE_OCTAL \364 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Starfield Root Certificate Authority - G2" # Issuer: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US @@ -11028,6 +10102,8 @@ CKA_VALUE MULTILINE_OCTAL \261\050\272 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Starfield Services Root Certificate Authority - G2" # Issuer: CN=Starfield Services Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US @@ -11159,6 +10235,8 @@ CKA_VALUE MULTILINE_OCTAL \007\072\027\144\265\004\265\043\041\231\012\225\073\227\174\357 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AffirmTrust Commercial" # Issuer: CN=AffirmTrust Commercial,O=AffirmTrust,C=US @@ -11285,6 +10363,8 @@ CKA_VALUE MULTILINE_OCTAL \355\132\000\124\205\034\026\066\222\014\134\372\246\255\277\333 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AffirmTrust Networking" # Issuer: CN=AffirmTrust Networking,O=AffirmTrust,C=US @@ -11443,6 +10523,8 @@ CKA_VALUE MULTILINE_OCTAL \051\340\266\270\011\150\031\034\030\103 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AffirmTrust Premium" # Issuer: CN=AffirmTrust Premium,O=AffirmTrust,C=US @@ -11549,6 +10631,8 @@ CKA_VALUE MULTILINE_OCTAL \214\171 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AffirmTrust Premium ECC" # Issuer: CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US @@ -11688,6 +10772,8 @@ CKA_VALUE MULTILINE_OCTAL \326\267\064\365\176\316\071\232\331\070\361\121\367\117\054 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Certum Trusted Network CA" # Issuer: CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL @@ -11824,6 +10910,8 @@ CKA_VALUE MULTILINE_OCTAL \274\060\376\173\016\063\220\373\355\322\024\221\037\007\257 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "TWCA Root Certification Authority" # Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW @@ -12307,6 +11395,8 @@ CKA_VALUE MULTILINE_OCTAL \201\050\174\247\175\047\353\000\256\215\067 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Security Communication RootCA2" # Issuer: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP @@ -12490,6 +11580,8 @@ CKA_VALUE MULTILINE_OCTAL \371\210\075\176\270\157\156\003\344\102 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "EC-ACC" # Issuer: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES @@ -12653,6 +11745,8 @@ CKA_VALUE MULTILINE_OCTAL \113\321\047\327\270 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Hellenic Academic and Research Institutions RootCA 2011" # Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR @@ -12889,6 +11983,8 @@ CKA_VALUE MULTILINE_OCTAL \216\362\024\212\314\351\265\174\373\154\235\014\245\341\226 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Actalis Authentication Root CA" # Issuer: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT @@ -13020,6 +12116,8 @@ CKA_VALUE MULTILINE_OCTAL \145\353\127\331\363\127\226\273\110\315\201 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Trustis FPS Root CA" # Issuer: OU=Trustis FPS Root CA,O=Trustis Limited,C=GB @@ -13180,6 +12278,8 @@ CKA_VALUE MULTILINE_OCTAL \327\201\011\361\311\307\046\015\254\230\026\126\240 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Buypass Class 2 Root CA" # Issuer: CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO @@ -13339,6 +12439,8 @@ CKA_VALUE MULTILINE_OCTAL \061\356\006\274\163\277\023\142\012\237\307\271\227 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Buypass Class 3 Root CA" # Issuer: CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO @@ -13481,6 +12583,8 @@ CKA_VALUE MULTILINE_OCTAL \116\223\303\244\124\024\133 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "T-TeleSec GlobalRoot Class 3" # Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE @@ -13630,6 +12734,8 @@ CKA_VALUE MULTILINE_OCTAL \307\314\165\301\226\305\235 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "EE Certification Centre Root CA" # Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE @@ -13843,6 +12949,8 @@ CKA_VALUE MULTILINE_OCTAL \164\145\327\134\376\243\342 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "D-TRUST Root Class 3 CA 2 2009" # Issuer: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE @@ -13987,6 +13095,8 @@ CKA_VALUE MULTILINE_OCTAL \352\237\026\361\054\124\265 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "D-TRUST Root Class 3 CA 2 EV 2009" # Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE @@ -14024,181 +13134,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Swisscom Root CA 2" -# -# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch -# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6 -# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch -# Not Valid Before: Fri Jun 24 08:38:14 2011 -# Not Valid After : Wed Jun 25 07:38:14 2031 -# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19 -# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Swisscom Root CA 2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061 -\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143 -\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147 -\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145 -\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125 -\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157 -\164\040\103\101\040\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061 -\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143 -\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147 -\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145 -\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125 -\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157 -\164\040\103\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030 -\147\266 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\331\060\202\003\301\240\003\002\001\002\002\020\036 -\236\050\350\110\362\345\357\303\174\112\036\132\030\147\266\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\144 -\061\013\060\011\006\003\125\004\006\023\002\143\150\061\021\060 -\017\006\003\125\004\012\023\010\123\167\151\163\163\143\157\155 -\061\045\060\043\006\003\125\004\013\023\034\104\151\147\151\164 -\141\154\040\103\145\162\164\151\146\151\143\141\164\145\040\123 -\145\162\166\151\143\145\163\061\033\060\031\006\003\125\004\003 -\023\022\123\167\151\163\163\143\157\155\040\122\157\157\164\040 -\103\101\040\062\060\036\027\015\061\061\060\066\062\064\060\070 -\063\070\061\064\132\027\015\063\061\060\066\062\065\060\067\063 -\070\061\064\132\060\144\061\013\060\011\006\003\125\004\006\023 -\002\143\150\061\021\060\017\006\003\125\004\012\023\010\123\167 -\151\163\163\143\157\155\061\045\060\043\006\003\125\004\013\023 -\034\104\151\147\151\164\141\154\040\103\145\162\164\151\146\151 -\143\141\164\145\040\123\145\162\166\151\143\145\163\061\033\060 -\031\006\003\125\004\003\023\022\123\167\151\163\163\143\157\155 -\040\122\157\157\164\040\103\101\040\062\060\202\002\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002 -\017\000\060\202\002\012\002\202\002\001\000\225\102\116\204\235 -\121\346\323\011\350\162\132\043\151\333\170\160\216\026\361\053 -\217\015\003\316\223\314\056\000\010\173\253\063\214\364\351\100 -\346\027\114\253\236\270\107\024\062\167\062\335\050\014\336\030 -\113\137\166\237\370\071\073\374\116\211\330\174\305\147\357\253 -\322\271\064\137\153\072\363\144\066\316\302\260\317\023\150\312 -\310\313\353\265\342\075\056\041\337\352\054\324\340\371\160\226 -\114\377\152\130\230\267\027\344\033\122\345\176\007\000\035\137 -\332\346\076\225\004\267\151\210\071\241\101\140\045\141\113\225 -\071\150\142\034\261\013\005\211\300\066\202\024\041\077\256\333 -\241\375\274\157\034\140\206\266\123\224\111\271\053\106\305\117 -\000\053\277\241\273\313\077\340\307\127\034\127\350\326\151\370 -\301\044\122\235\210\125\335\302\207\056\164\043\320\024\375\052 -\107\132\273\246\235\375\224\344\321\212\245\137\206\143\166\205 -\313\257\377\111\050\374\200\355\114\171\322\273\344\300\357\001 -\356\120\101\010\065\043\160\053\251\026\264\214\156\205\351\266 -\021\317\061\335\123\046\033\337\055\132\112\002\100\374\304\300 -\266\351\061\032\010\050\345\140\303\037\304\220\216\020\142\140 -\104\015\354\012\276\125\030\161\054\245\364\262\274\025\142\377 -\034\343\276\035\332\036\127\263\074\176\315\202\035\221\343\113 -\353\054\122\064\260\212\375\022\116\226\260\353\160\177\236\071 -\367\146\102\261\253\254\122\332\166\100\127\173\052\275\350\156 -\003\262\013\200\205\210\235\014\307\302\167\260\232\232\127\364 -\270\372\023\134\150\223\072\147\244\227\320\033\231\267\206\062 -\113\140\330\316\357\320\014\177\225\237\157\207\117\207\212\216 -\137\010\174\252\133\374\132\276\241\221\237\125\175\116\260\013 -\151\314\260\224\250\247\207\362\323\112\120\334\137\162\260\026 -\165\036\313\264\030\142\232\260\247\071\252\233\237\146\330\215 -\246\154\226\025\343\346\362\370\361\203\142\154\273\125\351\141 -\223\243\075\365\261\127\213\117\043\260\233\345\224\152\057\337 -\214\337\225\121\051\140\241\013\051\344\134\125\130\267\250\374 -\231\356\045\115\114\016\263\323\114\217\204\350\051\017\375\020 -\124\002\205\310\371\345\303\213\317\347\017\002\003\001\000\001 -\243\201\206\060\201\203\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\206\060\035\006\003\125\035\041\004\026\060 -\024\060\022\006\007\140\205\164\001\123\002\001\006\007\140\205 -\164\001\123\002\001\060\022\006\003\125\035\023\001\001\377\004 -\010\060\006\001\001\377\002\001\007\060\035\006\003\125\035\016 -\004\026\004\024\115\046\040\042\211\113\323\325\244\012\241\157 -\336\342\022\201\305\361\074\056\060\037\006\003\125\035\043\004 -\030\060\026\200\024\115\046\040\042\211\113\323\325\244\012\241 -\157\336\342\022\201\305\361\074\056\060\015\006\011\052\206\110 -\206\367\015\001\001\013\005\000\003\202\002\001\000\062\012\262 -\244\033\313\175\276\202\127\211\271\152\177\363\364\301\056\021 -\175\270\031\076\171\267\250\250\162\067\146\233\032\355\254\023 -\073\016\277\142\360\234\337\236\173\241\123\110\016\101\172\312 -\040\247\027\033\266\170\354\100\221\363\102\255\020\303\134\357 -\377\140\131\177\315\205\243\213\075\110\034\045\002\074\147\175 -\365\062\351\057\060\345\175\245\172\070\320\363\146\052\146\036 -\215\063\203\212\157\174\156\250\132\165\232\270\327\332\130\110 -\104\107\250\114\372\114\111\012\112\302\022\067\250\100\014\303 -\310\341\320\127\015\227\062\225\307\072\237\227\323\127\370\013 -\336\345\162\363\243\333\377\265\330\131\262\163\335\115\052\161 -\262\272\111\365\313\034\325\365\171\310\231\263\374\301\114\164 -\343\264\275\051\067\025\004\050\036\336\105\106\160\354\257\272 -\170\016\212\052\316\000\171\334\300\137\031\147\054\153\113\357 -\150\150\013\103\343\254\301\142\011\357\246\335\145\141\240\257 -\204\125\110\221\122\034\306\045\221\052\320\301\042\043\141\131 -\257\105\021\205\035\001\044\064\217\317\263\377\027\162\040\023 -\302\200\252\041\054\161\071\016\320\217\134\301\323\321\216\042 -\162\106\114\035\226\256\117\161\261\341\005\051\226\131\364\273 -\236\165\075\317\015\067\015\142\333\046\214\143\251\043\337\147 -\006\074\174\072\332\064\102\341\146\264\106\004\336\306\226\230 -\017\113\110\172\044\062\165\221\237\254\367\150\351\052\271\125 -\145\316\135\141\323\047\160\330\067\376\237\271\257\240\056\126 -\267\243\145\121\355\073\253\024\277\114\121\003\350\137\212\005 -\233\356\212\156\234\357\277\150\372\310\332\013\343\102\311\320 -\027\024\234\267\112\340\257\223\047\041\125\046\265\144\057\215 -\361\377\246\100\005\205\005\134\312\007\031\134\013\023\050\114 -\130\177\302\245\357\105\332\140\323\256\145\141\235\123\203\164 -\302\256\362\134\302\026\355\222\076\204\076\163\140\210\274\166 -\364\054\317\320\175\175\323\270\136\321\221\022\020\351\315\335 -\312\045\343\325\355\231\057\276\165\201\113\044\371\105\106\224 -\311\051\041\123\234\046\105\252\023\027\344\347\315\170\342\071 -\301\053\022\236\246\236\033\305\346\016\331\061\331 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "Swisscom Root CA 2" -# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch -# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6 -# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch -# Not Valid Before: Fri Jun 24 08:38:14 2011 -# Not Valid After : Wed Jun 25 07:38:14 2031 -# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19 -# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Swisscom Root CA 2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\167\107\117\306\060\344\017\114\107\144\077\204\272\270\306\225 -\112\212\101\354 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\133\004\151\354\245\203\224\143\030\247\206\320\344\362\156\031 -END -CKA_ISSUER MULTILINE_OCTAL -\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061 -\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143 -\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147 -\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145 -\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125 -\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157 -\164\040\103\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030 -\147\266 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "CA Disig Root R2" # @@ -14325,6 +13260,8 @@ CKA_VALUE MULTILINE_OCTAL \363\154\033\165\106\243\345\112\027\351\244\327\013 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "CA Disig Root R2" # Issuer: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK @@ -14525,6 +13462,8 @@ CKA_VALUE MULTILINE_OCTAL \125\064\106\052\213\206\073 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "ACCVRAIZ1" # Issuer: C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1 @@ -14685,6 +13624,8 @@ CKA_VALUE MULTILINE_OCTAL \053\006\320\004\315 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "TWCA Global Root CA" # Issuer: CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW @@ -14842,6 +13783,8 @@ CKA_VALUE MULTILINE_OCTAL \245\240\314\277\323\366\165\244\165\226\155\126 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "TeliaSonera Root CA v1" # Issuer: CN=TeliaSonera Root CA v1,O=TeliaSonera @@ -15030,6 +13973,8 @@ CKA_VALUE MULTILINE_OCTAL \243\253\157\134\035\266\176\350\263\202\064\355\006\134\044 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "E-Tugra Certification Authority" # Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR @@ -15179,6 +14124,8 @@ CKA_VALUE MULTILINE_OCTAL \005\047\216\023\241\156\302 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "T-TeleSec GlobalRoot Class 2" # Issuer: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE @@ -15310,6 +14257,8 @@ CKA_VALUE MULTILINE_OCTAL \035\362\376\011\021\260\360\207\173\247\235 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Atos TrustedRoot 2011" # Issuer: C=DE,O=Atos,CN=Atos TrustedRoot 2011 @@ -15470,6 +14419,8 @@ CKA_VALUE MULTILINE_OCTAL \063\140\345\303 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "QuoVadis Root CA 1 G3" # Issuer: CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM @@ -15632,6 +14583,8 @@ CKA_VALUE MULTILINE_OCTAL \203\336\177\214 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "QuoVadis Root CA 2 G3" # Issuer: CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM @@ -15794,6 +14747,8 @@ CKA_VALUE MULTILINE_OCTAL \130\371\230\364 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "QuoVadis Root CA 3 G3" # Issuer: CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM @@ -15931,6 +14886,8 @@ CKA_VALUE MULTILINE_OCTAL \042\023\163\154\317\046\365\212\051\347 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "DigiCert Assured ID Root G2" # Issuer: CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -16049,6 +15006,8 @@ CKA_VALUE MULTILINE_OCTAL \352\226\143\152\145\105\222\225\001\264 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "DigiCert Assured ID Root G3" # Issuer: CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -16188,6 +15147,8 @@ CKA_VALUE MULTILINE_OCTAL \062\266 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "DigiCert Global Root G2" # Issuer: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -16306,6 +15267,8 @@ CKA_VALUE MULTILINE_OCTAL \263\047\027 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "DigiCert Global Root G3" # Issuer: CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -16477,6 +15440,8 @@ CKA_VALUE MULTILINE_OCTAL \317\363\146\176 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "DigiCert Trusted Root G4" # Issuer: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -16656,6 +15621,8 @@ CKA_VALUE MULTILINE_OCTAL \065\123\205\006\112\135\237\255\273\033\137\164 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "COMODO RSA Certification Authority" # Issuer: CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB @@ -16838,6 +15805,8 @@ CKA_VALUE MULTILINE_OCTAL \250\375 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "USERTrust RSA Certification Authority" # Issuer: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US @@ -16967,6 +15936,8 @@ CKA_VALUE MULTILINE_OCTAL \127\152\030 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "USERTrust ECC Certification Authority" # Issuer: CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US @@ -17079,6 +16050,8 @@ CKA_VALUE MULTILINE_OCTAL \173\013\370\237\204 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "GlobalSign ECC Root CA - R4" # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4 @@ -17192,6 +16165,8 @@ CKA_VALUE MULTILINE_OCTAL \220\067 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "GlobalSign ECC Root CA - R5" # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5 @@ -17357,6 +16332,8 @@ CKA_VALUE MULTILINE_OCTAL \367\200\173\041\147\047\060\131 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Staat der Nederlanden Root CA - G3" # Issuer: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL @@ -17521,6 +16498,8 @@ CKA_VALUE MULTILINE_OCTAL \356\354\327\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Staat der Nederlanden EV Root CA" # Issuer: CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL @@ -17683,6 +16662,8 @@ CKA_VALUE MULTILINE_OCTAL \272\204\156\207 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "IdenTrust Commercial Root CA 1" # Issuer: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US @@ -17845,6 +16826,8 @@ CKA_VALUE MULTILINE_OCTAL \267\254\266\255\267\312\076\001\357\234 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "IdenTrust Public Sector Root CA 1" # Issuer: CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US @@ -17882,155 +16865,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "S-TRUST Universal Root CA" -# -# Issuer: CN=S-TRUST Universal Root CA,OU=S-TRUST Certification Services,O=Deutscher Sparkassen Verlag GmbH,C=DE -# Serial Number:60:56:c5:4b:23:40:5b:64:d4:ed:25:da:d9:d6:1e:1e -# Subject: CN=S-TRUST Universal Root CA,OU=S-TRUST Certification Services,O=Deutscher Sparkassen Verlag GmbH,C=DE -# Not Valid Before: Tue Oct 22 00:00:00 2013 -# Not Valid After : Thu Oct 21 23:59:59 2038 -# Fingerprint (SHA-256): D8:0F:EF:91:0A:E3:F1:04:72:3B:04:5C:EC:2D:01:9F:44:1C:E6:21:3A:DF:15:67:91:E7:0C:17:90:11:0A:31 -# Fingerprint (SHA1): 1B:3D:11:14:EA:7A:0F:95:58:54:41:95:BF:6B:25:82:AB:40:CE:9A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "S-TRUST Universal Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\205\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\051\060\047\006\003\125\004\012\023\040\104\145\165\164\163 -\143\150\145\162\040\123\160\141\162\153\141\163\163\145\156\040 -\126\145\162\154\141\147\040\107\155\142\110\061\047\060\045\006 -\003\125\004\013\023\036\123\055\124\122\125\123\124\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\123\145\162\166 -\151\143\145\163\061\042\060\040\006\003\125\004\003\023\031\123 -\055\124\122\125\123\124\040\125\156\151\166\145\162\163\141\154 -\040\122\157\157\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\205\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\051\060\047\006\003\125\004\012\023\040\104\145\165\164\163 -\143\150\145\162\040\123\160\141\162\153\141\163\163\145\156\040 -\126\145\162\154\141\147\040\107\155\142\110\061\047\060\045\006 -\003\125\004\013\023\036\123\055\124\122\125\123\124\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\123\145\162\166 -\151\143\145\163\061\042\060\040\006\003\125\004\003\023\031\123 -\055\124\122\125\123\124\040\125\156\151\166\145\162\163\141\154 -\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\140\126\305\113\043\100\133\144\324\355\045\332\331\326 -\036\036 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\330\060\202\002\300\240\003\002\001\002\002\020\140 -\126\305\113\043\100\133\144\324\355\045\332\331\326\036\036\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201 -\205\061\013\060\011\006\003\125\004\006\023\002\104\105\061\051 -\060\047\006\003\125\004\012\023\040\104\145\165\164\163\143\150 -\145\162\040\123\160\141\162\153\141\163\163\145\156\040\126\145 -\162\154\141\147\040\107\155\142\110\061\047\060\045\006\003\125 -\004\013\023\036\123\055\124\122\125\123\124\040\103\145\162\164 -\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143 -\145\163\061\042\060\040\006\003\125\004\003\023\031\123\055\124 -\122\125\123\124\040\125\156\151\166\145\162\163\141\154\040\122 -\157\157\164\040\103\101\060\036\027\015\061\063\061\060\062\062 -\060\060\060\060\060\060\132\027\015\063\070\061\060\062\061\062 -\063\065\071\065\071\132\060\201\205\061\013\060\011\006\003\125 -\004\006\023\002\104\105\061\051\060\047\006\003\125\004\012\023 -\040\104\145\165\164\163\143\150\145\162\040\123\160\141\162\153 -\141\163\163\145\156\040\126\145\162\154\141\147\040\107\155\142 -\110\061\047\060\045\006\003\125\004\013\023\036\123\055\124\122 -\125\123\124\040\103\145\162\164\151\146\151\143\141\164\151\157 -\156\040\123\145\162\166\151\143\145\163\061\042\060\040\006\003 -\125\004\003\023\031\123\055\124\122\125\123\124\040\125\156\151 -\166\145\162\163\141\154\040\122\157\157\164\040\103\101\060\202 -\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005 -\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\250 -\343\013\337\021\067\205\202\232\265\154\146\174\141\077\300\107 -\032\035\106\343\260\125\144\345\270\202\071\050\007\176\027\377 -\364\233\212\360\221\201\352\070\077\041\170\154\110\354\153\057 -\242\323\212\162\262\247\327\331\352\177\264\300\111\153\060\045 -\211\214\353\267\325\100\141\230\342\334\074\040\222\315\145\112 -\162\237\032\216\214\372\045\025\277\363\041\203\050\015\213\257 -\131\021\202\103\134\233\115\045\121\177\130\030\143\140\073\263 -\265\212\213\130\143\067\110\110\220\104\302\100\335\135\367\103 -\151\051\230\134\022\145\136\253\220\222\113\146\337\325\165\022 -\123\124\030\246\336\212\326\273\127\003\071\131\231\030\005\014 -\371\375\025\306\220\144\106\027\202\327\302\112\101\075\375\000 -\276\127\162\030\224\167\033\123\132\211\001\366\063\162\016\223 -\072\334\350\036\375\005\005\326\274\163\340\210\334\253\117\354 -\265\030\206\117\171\204\016\110\052\146\052\335\062\310\170\145 -\310\013\235\130\001\005\161\355\201\365\150\027\156\313\015\264 -\113\330\241\354\256\070\353\034\130\057\241\145\003\064\057\002 -\003\001\000\001\243\102\060\100\060\017\006\003\125\035\023\001 -\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017 -\001\001\377\004\004\003\002\001\006\060\035\006\003\125\035\016 -\004\026\004\024\232\175\327\353\353\177\124\230\105\051\264\040 -\253\155\013\226\043\031\244\302\060\015\006\011\052\206\110\206 -\367\015\001\001\013\005\000\003\202\001\001\000\116\226\022\333 -\176\167\136\222\047\236\041\027\030\202\166\330\077\274\245\011 -\004\146\210\211\255\333\125\263\063\152\306\145\304\217\115\363 -\062\066\334\171\004\226\251\167\062\321\227\365\030\153\214\272 -\355\316\021\320\104\307\222\361\264\104\216\355\210\122\110\236 -\325\375\131\370\243\036\121\373\001\122\345\137\345\172\335\252 -\044\117\042\213\335\166\106\366\245\240\017\065\330\312\017\230 -\271\060\135\040\157\302\201\036\275\275\300\376\025\323\070\052 -\011\223\230\047\033\223\173\320\053\064\136\150\245\025\117\321 -\122\303\240\312\240\203\105\035\365\365\267\131\163\135\131\001 -\217\252\302\107\057\024\161\325\051\343\020\265\107\223\045\314 -\043\051\332\267\162\330\221\324\354\033\110\212\042\344\301\052 -\367\072\150\223\237\105\031\156\103\267\314\376\270\221\232\141 -\032\066\151\143\144\222\050\363\157\141\222\205\023\237\311\007 -\054\213\127\334\353\236\171\325\302\336\010\325\124\262\127\116 -\052\062\215\241\342\072\321\020\040\042\071\175\064\105\157\161 -\073\303\035\374\377\262\117\250\342\366\060\036 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "S-TRUST Universal Root CA" -# Issuer: CN=S-TRUST Universal Root CA,OU=S-TRUST Certification Services,O=Deutscher Sparkassen Verlag GmbH,C=DE -# Serial Number:60:56:c5:4b:23:40:5b:64:d4:ed:25:da:d9:d6:1e:1e -# Subject: CN=S-TRUST Universal Root CA,OU=S-TRUST Certification Services,O=Deutscher Sparkassen Verlag GmbH,C=DE -# Not Valid Before: Tue Oct 22 00:00:00 2013 -# Not Valid After : Thu Oct 21 23:59:59 2038 -# Fingerprint (SHA-256): D8:0F:EF:91:0A:E3:F1:04:72:3B:04:5C:EC:2D:01:9F:44:1C:E6:21:3A:DF:15:67:91:E7:0C:17:90:11:0A:31 -# Fingerprint (SHA1): 1B:3D:11:14:EA:7A:0F:95:58:54:41:95:BF:6B:25:82:AB:40:CE:9A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "S-TRUST Universal Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\033\075\021\024\352\172\017\225\130\124\101\225\277\153\045\202 -\253\100\316\232 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\130\366\101\001\256\365\133\121\231\116\134\041\350\117\324\146 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\205\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\051\060\047\006\003\125\004\012\023\040\104\145\165\164\163 -\143\150\145\162\040\123\160\141\162\153\141\163\163\145\156\040 -\126\145\162\154\141\147\040\107\155\142\110\061\047\060\045\006 -\003\125\004\013\023\036\123\055\124\122\125\123\124\040\103\145 -\162\164\151\146\151\143\141\164\151\157\156\040\123\145\162\166 -\151\143\145\163\061\042\060\040\006\003\125\004\003\023\031\123 -\055\124\122\125\123\124\040\125\156\151\166\145\162\163\141\154 -\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\140\126\305\113\043\100\133\144\324\355\045\332\331\326 -\036\036 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "Entrust Root Certification Authority - G2" # @@ -18153,6 +16987,8 @@ CKA_VALUE MULTILINE_OCTAL \105\366 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Entrust Root Certification Authority - G2" # Issuer: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US @@ -18298,6 +17134,8 @@ CKA_VALUE MULTILINE_OCTAL \231\267\046\101\133\045\140\256\320\110\032\356\006 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Entrust Root Certification Authority - EC1" # Issuer: CN=Entrust Root Certification Authority - EC1,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US @@ -18471,6 +17309,8 @@ CKA_VALUE MULTILINE_OCTAL \056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "CFCA EV ROOT" # Issuer: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN @@ -18508,333 +17348,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "TÃœRKTRUST Elektronik Sertifika Hizmet SaÄŸlayıcısı H5" -# -# Issuer: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H5,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR -# Serial Number:00:8e:17:fe:24:20:81 -# Subject: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H5,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR -# Not Valid Before: Tue Apr 30 08:07:01 2013 -# Not Valid After : Fri Apr 28 08:07:01 2023 -# Fingerprint (SHA-256): 49:35:1B:90:34:44:C1:85:CC:DC:5C:69:3D:24:D8:55:5C:B2:08:D6:A8:14:13:07:69:9F:4A:F0:63:19:9D:78 -# Fingerprint (SHA1): C4:18:F6:4D:46:D1:DF:00:3D:27:30:13:72:43:A9:12:11:C6:75:FB -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TÃœRKTRUST Elektronik Sertifika Hizmet SaÄŸlayıcısı H5" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\261\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162 -\141\061\115\060\113\006\003\125\004\012\014\104\124\303\234\122 -\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154 -\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305 -\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040 -\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056 -\061\102\060\100\006\003\125\004\003\014\071\124\303\234\122\113 -\124\122\125\123\124\040\105\154\145\153\164\162\157\156\151\153 -\040\123\145\162\164\151\146\151\153\141\040\110\151\172\155\145 -\164\040\123\141\304\237\154\141\171\304\261\143\304\261\163\304 -\261\040\110\065 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\261\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162 -\141\061\115\060\113\006\003\125\004\012\014\104\124\303\234\122 -\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154 -\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305 -\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040 -\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056 -\061\102\060\100\006\003\125\004\003\014\071\124\303\234\122\113 -\124\122\125\123\124\040\105\154\145\153\164\162\157\156\151\153 -\040\123\145\162\164\151\146\151\153\141\040\110\151\172\155\145 -\164\040\123\141\304\237\154\141\171\304\261\143\304\261\163\304 -\261\040\110\065 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\007\000\216\027\376\044\040\201 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\047\060\202\003\017\240\003\002\001\002\002\007\000 -\216\027\376\044\040\201\060\015\006\011\052\206\110\206\367\015 -\001\001\013\005\000\060\201\261\061\013\060\011\006\003\125\004 -\006\023\002\124\122\061\017\060\015\006\003\125\004\007\014\006 -\101\156\153\141\162\141\061\115\060\113\006\003\125\004\012\014 -\104\124\303\234\122\113\124\122\125\123\124\040\102\151\154\147 -\151\040\304\260\154\145\164\151\305\237\151\155\040\166\145\040 -\102\151\154\151\305\237\151\155\040\107\303\274\166\145\156\154 -\151\304\237\151\040\110\151\172\155\145\164\154\145\162\151\040 -\101\056\305\236\056\061\102\060\100\006\003\125\004\003\014\071 -\124\303\234\122\113\124\122\125\123\124\040\105\154\145\153\164 -\162\157\156\151\153\040\123\145\162\164\151\146\151\153\141\040 -\110\151\172\155\145\164\040\123\141\304\237\154\141\171\304\261 -\143\304\261\163\304\261\040\110\065\060\036\027\015\061\063\060 -\064\063\060\060\070\060\067\060\061\132\027\015\062\063\060\064 -\062\070\060\070\060\067\060\061\132\060\201\261\061\013\060\011 -\006\003\125\004\006\023\002\124\122\061\017\060\015\006\003\125 -\004\007\014\006\101\156\153\141\162\141\061\115\060\113\006\003 -\125\004\012\014\104\124\303\234\122\113\124\122\125\123\124\040 -\102\151\154\147\151\040\304\260\154\145\164\151\305\237\151\155 -\040\166\145\040\102\151\154\151\305\237\151\155\040\107\303\274 -\166\145\156\154\151\304\237\151\040\110\151\172\155\145\164\154 -\145\162\151\040\101\056\305\236\056\061\102\060\100\006\003\125 -\004\003\014\071\124\303\234\122\113\124\122\125\123\124\040\105 -\154\145\153\164\162\157\156\151\153\040\123\145\162\164\151\146 -\151\153\141\040\110\151\172\155\145\164\040\123\141\304\237\154 -\141\171\304\261\143\304\261\163\304\261\040\110\065\060\202\001 -\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 -\003\202\001\017\000\060\202\001\012\002\202\001\001\000\244\045 -\031\341\145\236\353\110\041\120\112\010\345\021\360\132\272\046 -\377\203\131\316\104\052\057\376\341\316\140\003\374\215\003\245 -\355\377\153\250\272\314\064\006\237\131\065\366\354\054\273\235 -\373\215\122\151\343\234\047\020\123\363\244\002\305\247\371\021 -\032\151\165\156\303\035\213\321\230\215\223\207\247\161\227\015 -\041\307\231\371\122\323\054\143\135\125\274\350\037\001\110\271 -\140\376\102\112\366\310\200\256\315\146\172\236\105\212\150\167 -\342\110\150\237\242\332\361\341\301\020\237\353\074\051\201\247 -\341\062\010\324\240\005\261\214\373\215\226\000\016\076\045\337 -\123\206\042\073\374\364\275\363\011\176\167\354\206\353\017\063 -\345\103\117\364\124\165\155\051\231\056\146\132\103\337\313\134 -\312\310\345\070\361\176\073\065\235\017\364\305\132\241\314\363 -\040\200\044\323\127\354\025\272\165\045\233\350\144\113\263\064 -\204\357\004\270\366\311\154\252\002\076\266\125\342\062\067\137 -\374\146\227\137\315\326\236\307\040\277\115\306\254\077\165\137 -\034\355\062\234\174\151\000\151\221\343\043\030\123\351\002\003 -\001\000\001\243\102\060\100\060\035\006\003\125\035\016\004\026 -\004\024\126\231\007\036\323\254\014\151\144\264\014\120\107\336 -\103\054\276\040\300\373\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\015\006\011\052\206\110\206\367 -\015\001\001\013\005\000\003\202\001\001\000\236\105\166\173\027 -\110\062\362\070\213\051\275\356\226\112\116\201\030\261\121\107 -\040\315\320\144\261\016\311\331\001\331\011\316\310\231\334\150 -\045\023\324\134\362\243\350\004\376\162\011\307\013\252\035\045 -\125\176\226\232\127\267\272\305\021\172\031\346\247\176\075\205 -\016\365\371\056\051\057\347\371\154\130\026\127\120\045\366\076 -\056\076\252\355\167\161\252\252\231\226\106\012\256\216\354\052 -\121\026\260\136\315\352\147\004\034\130\060\365\140\212\275\246 -\275\115\345\226\264\374\102\211\001\153\366\160\310\120\071\014 -\055\325\146\331\310\322\263\062\267\033\031\155\313\063\371\337 -\245\346\025\204\067\360\302\362\145\226\222\220\167\360\255\364 -\220\351\021\170\327\223\211\300\075\013\272\051\364\350\231\235 -\162\216\355\235\057\356\222\175\241\361\377\135\272\063\140\205 -\142\376\007\002\241\204\126\106\276\226\012\232\023\327\041\114 -\267\174\007\237\116\116\077\221\164\373\047\235\021\314\335\346 -\261\312\161\115\023\027\071\046\305\051\041\053\223\051\152\226 -\372\253\101\341\113\266\065\013\300\233\025 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "TÃœRKTRUST Elektronik Sertifika Hizmet SaÄŸlayıcısı H5" -# Issuer: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H5,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR -# Serial Number:00:8e:17:fe:24:20:81 -# Subject: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H5,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR -# Not Valid Before: Tue Apr 30 08:07:01 2013 -# Not Valid After : Fri Apr 28 08:07:01 2023 -# Fingerprint (SHA-256): 49:35:1B:90:34:44:C1:85:CC:DC:5C:69:3D:24:D8:55:5C:B2:08:D6:A8:14:13:07:69:9F:4A:F0:63:19:9D:78 -# Fingerprint (SHA1): C4:18:F6:4D:46:D1:DF:00:3D:27:30:13:72:43:A9:12:11:C6:75:FB -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TÃœRKTRUST Elektronik Sertifika Hizmet SaÄŸlayıcısı H5" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\304\030\366\115\106\321\337\000\075\047\060\023\162\103\251\022 -\021\306\165\373 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\332\160\216\360\042\337\223\046\366\137\237\323\025\006\122\116 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\261\061\013\060\011\006\003\125\004\006\023\002\124\122 -\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162 -\141\061\115\060\113\006\003\125\004\012\014\104\124\303\234\122 -\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154 -\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305 -\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040 -\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056 -\061\102\060\100\006\003\125\004\003\014\071\124\303\234\122\113 -\124\122\125\123\124\040\105\154\145\153\164\162\157\156\151\153 -\040\123\145\162\164\151\146\151\153\141\040\110\151\172\155\145 -\164\040\123\141\304\237\154\141\171\304\261\143\304\261\163\304 -\261\040\110\065 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\007\000\216\027\376\044\040\201 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Certinomis - Root CA" -# -# Issuer: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR -# Serial Number: 1 (0x1) -# Subject: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR -# Not Valid Before: Mon Oct 21 09:17:18 2013 -# Not Valid After : Fri Oct 21 09:17:18 2033 -# Fingerprint (SHA-256): 2A:99:F5:BC:11:74:B7:3C:BB:1D:62:08:84:E0:1C:34:E5:1C:CB:39:78:DA:12:5F:0E:33:26:88:83:BF:41:58 -# Fingerprint (SHA1): 9D:70:BB:01:A5:A4:A0:18:11:2E:F7:1C:01:B9:32:C5:34:E7:88:A8 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certinomis - Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156 -\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060 -\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060 -\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155 -\151\163\040\055\040\122\157\157\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156 -\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060 -\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060 -\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155 -\151\163\040\055\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\222\060\202\003\172\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061\023 -\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156\157 -\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060\060 -\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060\033 -\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155\151 -\163\040\055\040\122\157\157\164\040\103\101\060\036\027\015\061 -\063\061\060\062\061\060\071\061\067\061\070\132\027\015\063\063 -\061\060\062\061\060\071\061\067\061\070\132\060\132\061\013\060 -\011\006\003\125\004\006\023\002\106\122\061\023\060\021\006\003 -\125\004\012\023\012\103\145\162\164\151\156\157\155\151\163\061 -\027\060\025\006\003\125\004\013\023\016\060\060\060\062\040\064 -\063\063\071\071\070\071\060\063\061\035\060\033\006\003\125\004 -\003\023\024\103\145\162\164\151\156\157\155\151\163\040\055\040 -\122\157\157\164\040\103\101\060\202\002\042\060\015\006\011\052 -\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 -\202\002\012\002\202\002\001\000\324\314\011\012\054\077\222\366 -\177\024\236\013\234\232\152\035\100\060\144\375\252\337\016\036 -\006\133\237\120\205\352\315\215\253\103\147\336\260\372\176\200 -\226\236\204\170\222\110\326\343\071\356\316\344\131\130\227\345 -\056\047\230\352\223\250\167\233\112\360\357\164\200\055\353\060 -\037\265\331\307\200\234\142\047\221\210\360\112\211\335\334\210 -\346\024\371\325\003\057\377\225\333\275\237\354\054\372\024\025 -\131\225\012\306\107\174\151\030\271\247\003\371\312\166\251\317 -\307\157\264\136\005\376\356\301\122\262\165\062\207\354\355\051 -\146\073\363\112\026\202\366\326\232\333\162\230\351\336\360\305 -\114\245\253\265\352\001\342\214\056\144\177\144\157\375\243\045 -\223\213\310\242\016\111\215\064\360\037\354\130\105\056\064\252 -\204\120\275\347\262\112\023\270\260\017\256\070\135\260\251\033 -\346\163\311\132\241\331\146\100\252\251\115\246\064\002\255\204 -\176\262\043\301\373\052\306\147\364\064\266\260\225\152\063\117 -\161\104\265\255\300\171\063\210\340\277\355\243\240\024\264\234 -\011\260\012\343\140\276\370\370\146\210\315\133\361\167\005\340 -\265\163\156\301\175\106\056\216\113\047\246\315\065\012\375\345 -\115\175\252\052\243\051\307\132\150\004\350\345\326\223\244\142 -\302\305\346\364\117\306\371\237\032\215\202\111\031\212\312\131 -\103\072\350\015\062\301\364\114\023\003\157\156\246\077\221\163 -\313\312\163\157\022\040\213\356\300\202\170\336\113\056\302\111 -\303\035\355\026\366\044\364\047\033\134\127\061\334\125\356\250 -\036\157\154\254\342\105\314\127\127\212\165\127\031\340\265\130 -\231\111\066\061\074\063\001\155\026\112\315\270\052\203\204\206 -\233\371\140\322\037\155\221\003\323\140\246\325\075\232\335\167 -\220\075\065\244\237\017\136\365\122\104\151\271\300\272\334\317 -\175\337\174\331\304\254\206\042\062\274\173\153\221\357\172\370 -\027\150\260\342\123\125\140\055\257\076\302\203\330\331\011\053 -\360\300\144\333\207\213\221\314\221\353\004\375\166\264\225\232 -\346\024\006\033\325\064\035\276\330\377\164\034\123\205\231\340 -\131\122\112\141\355\210\236\153\111\211\106\176\040\132\331\347 -\112\345\152\356\322\145\021\103\002\003\001\000\001\243\143\060 -\141\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\035\006\003\125\035\016\004\026\004\024\357\221\114 -\365\245\303\060\350\057\010\352\323\161\042\244\222\150\170\164 -\331\060\037\006\003\125\035\043\004\030\060\026\200\024\357\221 -\114\365\245\303\060\350\057\010\352\323\161\042\244\222\150\170 -\164\331\060\015\006\011\052\206\110\206\367\015\001\001\013\005 -\000\003\202\002\001\000\176\075\124\332\042\135\032\130\076\073 -\124\047\272\272\314\310\343\032\152\352\076\371\022\353\126\137 -\075\120\316\340\352\110\046\046\317\171\126\176\221\034\231\077 -\320\241\221\034\054\017\117\230\225\131\123\275\320\042\330\210 -\135\234\067\374\373\144\301\170\214\213\232\140\011\352\325\372 -\041\137\320\164\145\347\120\305\277\056\271\013\013\255\265\260 -\027\246\022\214\324\142\170\352\126\152\354\012\322\100\303\074 -\005\060\076\115\224\267\237\112\003\323\175\047\113\266\376\104 -\316\372\031\063\032\155\244\102\321\335\314\310\310\327\026\122 -\203\117\065\224\263\022\125\175\345\342\102\353\344\234\223\011 -\300\114\133\007\253\307\155\021\240\120\027\224\043\250\265\012 -\222\017\262\172\301\140\054\070\314\032\246\133\377\362\014\343 -\252\037\034\334\270\240\223\047\336\143\343\177\041\237\072\345 -\236\372\340\023\152\165\353\226\134\142\221\224\216\147\123\266 -\211\370\022\011\313\157\122\133\003\162\206\120\225\010\324\215 -\207\206\025\037\225\044\330\244\157\232\316\244\235\233\155\322 -\262\166\006\206\306\126\010\305\353\011\332\066\302\033\133\101 -\276\141\052\343\160\346\270\246\370\266\132\304\275\041\367\377 -\252\137\241\154\166\071\146\326\352\114\125\341\000\063\233\023 -\230\143\311\157\320\001\040\011\067\122\347\014\117\076\315\274 -\365\137\226\047\247\040\002\225\340\056\350\007\101\005\037\025 -\156\326\260\344\031\340\017\002\223\000\047\162\305\213\321\124 -\037\135\112\303\100\227\176\125\246\174\301\063\004\024\001\035 -\111\040\151\013\031\223\235\156\130\042\367\100\014\106\014\043 -\143\363\071\322\177\166\121\247\364\310\241\361\014\166\042\043 -\106\122\051\055\342\243\101\007\126\151\230\322\005\011\274\151 -\307\132\141\315\217\201\140\025\115\200\335\220\342\175\304\120 -\362\214\073\156\112\307\306\346\200\053\074\201\274\021\200\026 -\020\047\327\360\315\077\171\314\163\052\303\176\123\221\326\156 -\370\365\363\307\320\121\115\216\113\245\133\346\031\027\073\326 -\201\011\334\042\334\356\216\271\304\217\123\341\147\273\063\270 -\210\025\106\317\355\151\065\377\165\015\106\363\316\161\341\305 -\153\206\102\006\271\101 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "Certinomis - Root CA" -# Issuer: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR -# Serial Number: 1 (0x1) -# Subject: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR -# Not Valid Before: Mon Oct 21 09:17:18 2013 -# Not Valid After : Fri Oct 21 09:17:18 2033 -# Fingerprint (SHA-256): 2A:99:F5:BC:11:74:B7:3C:BB:1D:62:08:84:E0:1C:34:E5:1C:CB:39:78:DA:12:5F:0E:33:26:88:83:BF:41:58 -# Fingerprint (SHA1): 9D:70:BB:01:A5:A4:A0:18:11:2E:F7:1C:01:B9:32:C5:34:E7:88:A8 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certinomis - Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\235\160\273\001\245\244\240\030\021\056\367\034\001\271\062\305 -\064\347\210\250 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\024\012\375\215\250\050\265\070\151\333\126\176\141\042\003\077 -END -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156 -\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060 -\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060 -\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155 -\151\163\040\055\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "OISTE WISeKey Global Root GB CA" # @@ -18937,6 +17450,8 @@ CKA_VALUE MULTILINE_OCTAL \065\255\201\307\116\161\272\210\023 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "OISTE WISeKey Global Root GB CA" # Issuer: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH @@ -19072,6 +17587,8 @@ CKA_VALUE MULTILINE_OCTAL \326\040\036\343\163\267 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "SZAFIR ROOT CA2" # Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL @@ -19250,6 +17767,8 @@ CKA_VALUE MULTILINE_OCTAL \016\265\271\276\044\217 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Certum Trusted Network CA 2" # Issuer: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL @@ -19437,6 +17956,8 @@ CKA_VALUE MULTILINE_OCTAL \276\157\152\247\365\054\102\355\062\255\266\041\236\276\274 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Hellenic Academic and Research Institutions RootCA 2015" # Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR @@ -19573,6 +18094,8 @@ CKA_VALUE MULTILINE_OCTAL \342\174\352\002\130\042\221 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Hellenic Academic and Research Institutions ECC RootCA 2015" # Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR @@ -19615,707 +18138,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Certplus Root CA G1" -# -# Issuer: CN=Certplus Root CA G1,O=Certplus,C=FR -# Serial Number:11:20:55:83:e4:2d:3e:54:56:85:2d:83:37:b7:2c:dc:46:11 -# Subject: CN=Certplus Root CA G1,O=Certplus,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 15:2A:40:2B:FC:DF:2C:D5:48:05:4D:22:75:B3:9C:7F:CA:3E:C0:97:80:78:B0:F0:EA:76:E5:61:A6:C7:43:3E -# Fingerprint (SHA1): 22:FD:D0:B7:FD:A2:4E:0D:AC:49:2C:A0:AC:A6:7B:6A:1F:E3:F7:66 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Root CA G1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\125\203\344\055\076\124\126\205\055\203\067\267 -\054\334\106\021 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\153\060\202\003\123\240\003\002\001\002\002\022\021 -\040\125\203\344\055\076\124\126\205\055\203\067\267\054\334\106 -\021\060\015\006\011\052\206\110\206\367\015\001\001\015\005\000 -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 -\060\036\027\015\061\064\060\065\062\066\060\060\060\060\060\060 -\132\027\015\063\070\060\061\061\065\060\060\060\060\060\060\132 -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 -\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 -\000\332\120\207\266\332\270\251\076\235\144\372\126\063\232\126 -\075\026\345\003\225\262\064\034\232\155\142\005\324\330\217\347 -\211\144\237\272\333\144\213\144\346\171\052\141\315\257\217\132 -\211\221\145\271\130\374\264\003\137\221\077\055\020\025\340\176 -\317\274\374\177\103\147\250\255\136\066\043\330\230\263\115\363 -\103\236\071\174\052\374\354\210\325\210\356\160\275\205\026\055 -\352\113\211\074\243\161\102\376\034\375\323\034\055\020\270\206 -\124\352\103\270\333\306\207\332\250\256\200\045\317\172\046\035 -\252\221\260\110\157\256\265\336\236\330\327\372\000\375\306\217 -\320\121\273\142\175\244\261\214\262\377\040\021\272\065\143\005 -\206\107\140\103\063\220\366\107\242\003\117\226\115\235\117\301 -\352\352\234\242\376\064\056\336\267\312\033\166\244\267\255\237 -\351\250\324\170\077\170\376\362\070\011\066\035\322\026\002\310 -\354\052\150\257\365\216\224\357\055\023\172\036\102\112\035\025 -\061\256\014\004\127\374\141\163\363\061\126\206\061\200\240\304 -\021\156\060\166\343\224\360\137\004\304\254\207\162\211\230\305 -\235\314\127\010\232\364\014\374\175\172\005\072\372\107\200\071 -\266\317\204\023\167\157\047\352\377\226\147\027\010\155\351\015 -\326\043\120\060\260\025\164\023\076\345\057\377\016\315\304\013 -\112\135\360\330\000\063\111\146\353\241\030\174\131\056\075\050 -\271\141\161\313\265\245\272\270\352\334\342\160\157\010\152\334 -\207\147\064\357\337\060\162\335\363\311\077\043\377\065\341\276 -\041\051\040\060\201\344\031\245\040\351\045\312\163\061\164\051 -\276\342\102\325\363\262\046\146\307\150\375\031\263\347\040\223 -\231\350\135\340\136\207\347\106\350\045\234\012\051\044\324\315 -\130\206\122\100\044\262\173\017\230\022\040\044\366\220\154\107 -\310\015\273\030\040\056\331\375\374\213\362\051\352\207\164\225 -\340\102\120\170\204\004\101\141\260\364\041\043\217\055\313\050 -\041\362\152\154\364\032\246\305\024\264\067\145\117\225\375\200 -\310\370\162\345\045\153\304\140\261\173\155\216\112\212\163\316 -\131\373\160\172\163\006\023\331\323\164\067\044\101\012\021\157 -\227\334\347\344\176\241\275\025\362\272\207\017\075\150\212\026 -\007\002\003\001\000\001\243\143\060\141\060\016\006\003\125\035 -\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125 -\035\016\004\026\004\024\250\301\300\233\221\250\103\025\174\135 -\006\047\264\052\121\330\227\013\201\261\060\037\006\003\125\035 -\043\004\030\060\026\200\024\250\301\300\233\221\250\103\025\174 -\135\006\047\264\052\121\330\227\013\201\261\060\015\006\011\052 -\206\110\206\367\015\001\001\015\005\000\003\202\002\001\000\234 -\126\157\001\176\321\275\114\365\212\306\360\046\037\344\340\070 -\030\314\062\303\051\073\235\101\051\064\141\306\327\360\000\241 -\353\244\162\217\224\027\274\023\054\165\264\127\356\012\174\011 -\172\334\325\312\241\320\064\023\370\167\253\237\345\376\330\036 -\164\212\205\007\217\177\314\171\172\312\226\315\315\375\117\373 -\375\043\015\220\365\364\136\323\306\141\175\236\021\340\002\356 -\011\004\331\007\335\246\212\267\014\203\044\273\203\120\222\376 -\140\165\021\076\330\235\260\212\172\265\340\235\233\313\220\122 -\113\260\223\052\324\076\026\063\345\236\306\145\025\076\144\073 -\004\077\333\014\217\137\134\035\151\037\257\363\351\041\214\363 -\357\227\366\232\267\031\266\204\164\234\243\124\265\160\116\143 -\330\127\135\123\041\233\100\222\103\372\326\167\125\063\117\144 -\325\373\320\054\152\216\155\045\246\357\205\350\002\304\123\076 -\271\236\207\274\314\065\032\336\241\351\212\143\207\145\036\021 -\052\333\143\167\227\024\276\232\024\231\021\262\300\356\260\117 -\370\024\041\062\103\117\237\253\242\313\250\017\252\073\006\125 -\306\022\051\127\010\324\067\327\207\047\255\111\131\247\221\253 -\104\172\136\215\160\333\227\316\110\120\261\163\223\366\360\203 -\140\371\315\361\341\061\375\133\174\161\041\143\024\024\252\257 -\305\336\223\176\150\261\354\042\242\252\220\165\236\265\103\162 -\352\144\243\204\113\375\014\250\046\153\161\227\356\126\143\146 -\350\102\124\371\307\035\337\320\217\133\337\310\060\157\210\376 -\015\304\063\034\123\250\243\375\110\020\362\344\012\116\341\025 -\127\374\156\144\060\302\125\021\334\352\251\315\112\124\254\051 -\143\104\317\112\100\240\326\150\131\033\063\371\357\072\213\333 -\040\222\334\102\204\277\001\253\207\300\325\040\202\333\306\271 -\203\205\102\134\017\103\073\152\111\065\325\230\364\025\277\372 -\141\201\014\011\040\030\322\320\027\014\313\110\000\120\351\166 -\202\214\144\327\072\240\007\125\314\036\061\300\357\072\264\145 -\373\343\277\102\153\236\017\250\275\153\230\334\330\333\313\213 -\244\335\327\131\364\156\335\376\252\303\221\320\056\102\007\300 -\014\115\123\315\044\261\114\133\036\121\364\337\351\222\372 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "Certplus Root CA G1" -# Issuer: CN=Certplus Root CA G1,O=Certplus,C=FR -# Serial Number:11:20:55:83:e4:2d:3e:54:56:85:2d:83:37:b7:2c:dc:46:11 -# Subject: CN=Certplus Root CA G1,O=Certplus,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 15:2A:40:2B:FC:DF:2C:D5:48:05:4D:22:75:B3:9C:7F:CA:3E:C0:97:80:78:B0:F0:EA:76:E5:61:A6:C7:43:3E -# Fingerprint (SHA1): 22:FD:D0:B7:FD:A2:4E:0D:AC:49:2C:A0:AC:A6:7B:6A:1F:E3:F7:66 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Root CA G1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\042\375\320\267\375\242\116\015\254\111\054\240\254\246\173\152 -\037\343\367\146 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\177\011\234\367\331\271\134\151\151\126\325\067\076\024\015\102 -END -CKA_ISSUER MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\125\203\344\055\076\124\126\205\055\203\067\267 -\054\334\106\021 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Certplus Root CA G2" -# -# Issuer: CN=Certplus Root CA G2,O=Certplus,C=FR -# Serial Number:11:20:d9:91:ce:ae:a3:e8:c5:e7:ff:e9:02:af:cf:73:bc:55 -# Subject: CN=Certplus Root CA G2,O=Certplus,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 6C:C0:50:41:E6:44:5E:74:69:6C:4C:FB:C9:F8:0F:54:3B:7E:AB:BB:44:B4:CE:6F:78:7C:6A:99:71:C4:2F:17 -# Fingerprint (SHA1): 4F:65:8E:1F:E9:06:D8:28:02:E9:54:47:41:C9:54:25:5D:69:CC:1A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Root CA G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\331\221\316\256\243\350\305\347\377\351\002\257 -\317\163\274\125 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\034\060\202\001\242\240\003\002\001\002\002\022\021 -\040\331\221\316\256\243\350\305\347\377\351\002\257\317\163\274 -\125\060\012\006\010\052\206\110\316\075\004\003\003\060\076\061 -\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060\017 -\006\003\125\004\012\014\010\103\145\162\164\160\154\165\163\061 -\034\060\032\006\003\125\004\003\014\023\103\145\162\164\160\154 -\165\163\040\122\157\157\164\040\103\101\040\107\062\060\036\027 -\015\061\064\060\065\062\066\060\060\060\060\060\060\132\027\015 -\063\070\060\061\061\065\060\060\060\060\060\060\132\060\076\061 -\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060\017 -\006\003\125\004\012\014\010\103\145\162\164\160\154\165\163\061 -\034\060\032\006\003\125\004\003\014\023\103\145\162\164\160\154 -\165\163\040\122\157\157\164\040\103\101\040\107\062\060\166\060 -\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000 -\042\003\142\000\004\315\017\133\126\202\337\360\105\032\326\255 -\367\171\360\035\311\254\226\326\236\116\234\037\264\102\021\312 -\206\277\155\373\205\243\305\345\031\134\327\356\246\077\151\147 -\330\170\342\246\311\304\333\055\171\056\347\213\215\002\157\061 -\042\115\006\343\140\162\105\235\016\102\167\236\316\317\345\177 -\205\233\030\344\374\314\056\162\323\026\223\116\312\231\143\134 -\241\005\052\154\006\243\143\060\141\060\016\006\003\125\035\017 -\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 -\016\004\026\004\024\332\203\143\002\171\216\332\114\306\074\043 -\024\330\217\303\040\253\050\140\131\060\037\006\003\125\035\043 -\004\030\060\026\200\024\332\203\143\002\171\216\332\114\306\074 -\043\024\330\217\303\040\253\050\140\131\060\012\006\010\052\206 -\110\316\075\004\003\003\003\150\000\060\145\002\060\160\376\260 -\013\331\367\203\227\354\363\125\035\324\334\263\006\016\376\063 -\230\235\213\071\220\153\224\041\355\266\327\135\326\114\327\041 -\247\347\277\041\017\053\315\367\052\334\205\007\235\002\061\000 -\206\024\026\345\334\260\145\302\300\216\024\237\277\044\026\150 -\345\274\371\171\151\334\255\105\053\367\266\061\163\314\006\245 -\123\223\221\032\223\256\160\152\147\272\327\236\345\141\032\137 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "Certplus Root CA G2" -# Issuer: CN=Certplus Root CA G2,O=Certplus,C=FR -# Serial Number:11:20:d9:91:ce:ae:a3:e8:c5:e7:ff:e9:02:af:cf:73:bc:55 -# Subject: CN=Certplus Root CA G2,O=Certplus,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 6C:C0:50:41:E6:44:5E:74:69:6C:4C:FB:C9:F8:0F:54:3B:7E:AB:BB:44:B4:CE:6F:78:7C:6A:99:71:C4:2F:17 -# Fingerprint (SHA1): 4F:65:8E:1F:E9:06:D8:28:02:E9:54:47:41:C9:54:25:5D:69:CC:1A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Root CA G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\117\145\216\037\351\006\330\050\002\351\124\107\101\311\124\045 -\135\151\314\032 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\247\356\304\170\055\033\356\055\271\051\316\326\247\226\062\061 -END -CKA_ISSUER MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\331\221\316\256\243\350\305\347\377\351\002\257 -\317\163\274\125 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "OpenTrust Root CA G1" -# -# Issuer: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR -# Serial Number:11:20:b3:90:55:39:7d:7f:36:6d:64:c2:a7:9f:6b:63:8e:67 -# Subject: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 08:45:50 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 56:C7:71:28:D9:8C:18:D9:1B:4C:FD:FF:BC:25:EE:91:03:D4:75:8E:A2:AB:AD:82:6A:90:F3:45:7D:46:0E:B4 -# Fingerprint (SHA1): 79:91:E8:34:F7:E2:EE:DD:08:95:01:52:E9:55:2D:14:E9:58:D5:7E -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\263\220\125\071\175\177\066\155\144\302\247\237 -\153\143\216\147 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\157\060\202\003\127\240\003\002\001\002\002\022\021 -\040\263\220\125\071\175\177\066\155\144\302\247\237\153\143\216 -\147\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000 -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\061\060\036\027\015\061\064\060\065\062\066\060\070\064\065 -\065\060\132\027\015\063\070\060\061\061\065\060\060\060\060\060 -\060\132\060\100\061\013\060\011\006\003\125\004\006\023\002\106 -\122\061\022\060\020\006\003\125\004\012\014\011\117\160\145\156 -\124\162\165\163\164\061\035\060\033\006\003\125\004\003\014\024 -\117\160\145\156\124\162\165\163\164\040\122\157\157\164\040\103 -\101\040\107\061\060\202\002\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 -\002\202\002\001\000\370\171\106\332\226\305\060\136\212\161\003 -\055\160\244\273\260\305\010\334\315\346\065\300\200\244\021\055 -\335\346\207\256\135\075\221\322\207\154\067\267\332\142\236\233 -\302\044\327\217\361\333\246\246\337\106\157\121\246\161\313\076 -\033\061\147\142\367\021\133\064\047\325\171\116\214\233\130\275 -\042\020\015\134\047\014\335\060\345\250\323\135\041\070\164\027 -\376\343\037\266\117\073\153\055\333\175\140\037\214\175\114\005 -\302\353\001\026\025\230\024\216\321\220\167\042\077\354\302\071 -\270\171\072\360\111\044\342\225\221\334\141\064\222\214\124\164 -\357\261\175\214\001\342\070\175\301\137\152\137\044\262\216\142 -\027\255\171\040\255\253\035\267\340\264\226\110\117\146\103\020 -\006\026\044\003\341\340\234\216\306\106\117\216\032\231\341\217 -\271\216\063\154\151\336\130\255\240\016\247\144\124\021\151\104 -\146\117\114\022\247\216\054\175\304\324\133\305\000\064\060\301 -\331\231\376\062\316\007\204\264\116\315\012\377\066\115\142\361 -\247\143\127\344\333\152\247\256\277\053\271\311\346\262\047\211 -\345\176\232\034\115\150\306\301\030\336\063\053\121\106\113\034 -\216\367\075\014\371\212\064\024\304\373\063\065\043\361\314\361 -\052\307\245\273\260\242\316\376\123\153\115\101\033\146\050\262 -\226\372\247\256\012\116\271\071\063\104\234\164\301\223\034\370 -\340\236\044\045\103\361\233\043\202\252\337\054\040\260\334\066 -\116\003\263\174\002\324\346\173\032\252\207\023\277\076\241\164 -\273\233\016\341\300\223\237\327\244\146\312\273\033\073\343\060 -\364\063\131\212\007\162\003\125\347\163\152\003\061\156\157\226 -\033\343\242\237\257\222\307\355\365\102\267\045\114\073\023\004 -\317\034\226\257\034\042\243\320\253\005\262\114\022\043\122\334 -\375\031\133\047\234\036\073\172\375\102\043\333\043\200\023\360 -\274\121\025\124\224\246\167\076\320\164\121\275\121\024\010\071 -\067\313\037\064\251\060\235\122\204\056\125\220\261\272\337\125 -\000\013\330\126\055\261\111\111\162\200\251\142\327\300\366\030 -\021\004\125\315\164\173\317\141\160\171\364\173\054\134\134\222 -\374\345\270\132\253\114\223\225\241\047\356\245\276\317\161\043 -\102\272\233\166\055\002\003\001\000\001\243\143\060\141\060\016 -\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\035\006\003\125\035\016\004\026\004\024\227\106\041\127\041\065 -\332\066\125\307\363\361\067\160\345\010\366\223\051\266\060\037 -\006\003\125\035\043\004\030\060\026\200\024\227\106\041\127\041 -\065\332\066\125\307\363\361\067\160\345\010\366\223\051\266\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202 -\002\001\000\035\335\002\140\174\340\065\247\346\230\173\352\104 -\316\147\100\117\362\223\156\146\324\071\211\046\254\323\115\004 -\074\273\207\041\077\067\364\161\045\332\113\272\253\226\202\201 -\221\266\355\331\261\244\145\227\342\157\144\131\244\226\356\140 -\312\037\043\373\105\272\377\217\044\360\312\251\061\177\171\037 -\200\263\055\062\272\144\147\140\257\271\131\315\337\232\111\323 -\250\202\261\371\230\224\212\314\340\273\340\004\033\231\140\261 -\106\145\334\010\242\262\106\236\104\210\352\223\176\127\026\322 -\025\162\137\056\113\253\324\235\143\270\343\110\345\376\204\056 -\130\012\237\103\035\376\267\030\222\206\103\113\016\234\062\206 -\054\140\365\351\110\352\225\355\160\051\361\325\057\375\065\264 -\127\317\333\205\110\231\271\302\157\154\217\315\170\225\254\144 -\050\375\126\260\303\157\303\276\131\122\341\137\204\217\200\362 -\364\015\066\255\166\263\243\265\341\144\166\072\130\334\175\117 -\136\126\154\345\125\131\127\245\337\361\212\146\060\214\324\122 -\142\070\167\264\276\050\327\312\066\304\233\005\360\370\025\333 -\333\361\357\064\235\035\170\112\210\126\147\156\140\377\217\310 -\213\341\216\275\102\251\063\012\131\102\022\022\052\372\261\235 -\103\216\005\233\231\332\142\255\127\066\263\035\266\015\171\055 -\226\270\353\362\014\113\014\245\224\306\060\247\046\031\055\355 -\114\006\120\060\361\375\130\075\271\113\027\137\031\264\152\204 -\124\264\070\117\071\242\015\226\150\303\050\224\375\355\055\037 -\112\153\103\226\056\220\001\020\373\070\246\201\013\320\277\165 -\323\324\271\316\361\077\157\016\034\036\067\161\345\030\207\165 -\031\077\120\271\136\244\105\064\255\260\312\346\345\023\166\017 -\061\024\251\216\055\224\326\325\205\115\163\025\117\113\362\262 -\076\355\154\275\375\016\235\146\163\260\075\264\367\277\250\340 -\021\244\304\256\165\011\112\143\000\110\040\246\306\235\013\011 -\212\264\340\346\316\076\307\076\046\070\351\053\336\246\010\111 -\003\004\220\212\351\217\277\350\266\264\052\243\043\215\034\034 -\262\071\222\250\217\002\134\100\071\165\324\163\101\002\167\336 -\315\340\103\207\326\344\272\112\303\154\022\177\376\052\346\043 -\326\214\161 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "OpenTrust Root CA G1" -# Issuer: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR -# Serial Number:11:20:b3:90:55:39:7d:7f:36:6d:64:c2:a7:9f:6b:63:8e:67 -# Subject: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 08:45:50 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 56:C7:71:28:D9:8C:18:D9:1B:4C:FD:FF:BC:25:EE:91:03:D4:75:8E:A2:AB:AD:82:6A:90:F3:45:7D:46:0E:B4 -# Fingerprint (SHA1): 79:91:E8:34:F7:E2:EE:DD:08:95:01:52:E9:55:2D:14:E9:58:D5:7E -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\171\221\350\064\367\342\356\335\010\225\001\122\351\125\055\024 -\351\130\325\176 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\166\000\314\201\051\315\125\136\210\152\172\056\367\115\071\332 -END -CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\263\220\125\071\175\177\066\155\144\302\247\237 -\153\143\216\147 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "OpenTrust Root CA G2" -# -# Issuer: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR -# Serial Number:11:20:a1:69:1b:bf:bd:b9:bd:52:96:8f:23:e8:48:bf:26:11 -# Subject: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 27:99:58:29:FE:6A:75:15:C1:BF:E8:48:F9:C4:76:1D:B1:6C:22:59:29:25:7B:F4:0D:08:94:F2:9E:A8:BA:F2 -# Fingerprint (SHA1): 79:5F:88:60:C5:AB:7C:3D:92:E6:CB:F4:8D:E1:45:CD:11:EF:60:0B -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\241\151\033\277\275\271\275\122\226\217\043\350 -\110\277\046\021 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\157\060\202\003\127\240\003\002\001\002\002\022\021 -\040\241\151\033\277\275\271\275\122\226\217\043\350\110\277\046 -\021\060\015\006\011\052\206\110\206\367\015\001\001\015\005\000 -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\062\060\036\027\015\061\064\060\065\062\066\060\060\060\060 -\060\060\132\027\015\063\070\060\061\061\065\060\060\060\060\060 -\060\132\060\100\061\013\060\011\006\003\125\004\006\023\002\106 -\122\061\022\060\020\006\003\125\004\012\014\011\117\160\145\156 -\124\162\165\163\164\061\035\060\033\006\003\125\004\003\014\024 -\117\160\145\156\124\162\165\163\164\040\122\157\157\164\040\103 -\101\040\107\062\060\202\002\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 -\002\202\002\001\000\314\266\127\245\063\224\020\201\062\123\337 -\141\176\017\166\071\317\134\302\123\165\035\111\172\226\070\335 -\242\163\152\361\157\336\136\242\132\271\161\041\276\066\331\241 -\374\274\356\154\250\174\064\032\161\032\350\032\330\137\016\104 -\006\355\247\340\363\322\141\013\340\062\242\226\321\070\360\302 -\332\001\027\374\344\254\117\350\356\211\036\164\253\117\277\036 -\011\266\066\152\126\363\341\356\226\211\146\044\006\344\315\102 -\072\112\335\340\232\260\304\202\105\263\376\311\253\134\174\076 -\311\353\027\057\014\175\156\256\245\217\310\254\045\012\157\372 -\325\105\230\322\065\011\366\003\103\224\376\331\277\040\225\171 -\200\230\212\331\211\065\273\121\033\244\067\175\374\231\073\253 -\377\277\254\015\217\103\261\231\173\026\020\176\035\157\107\304 -\025\217\004\226\010\006\102\004\370\204\326\035\274\221\246\102 -\276\111\325\152\210\077\274\055\121\321\236\215\340\122\314\127 -\335\065\065\130\333\264\217\044\210\344\213\337\334\153\124\322 -\201\053\262\316\222\113\034\037\106\372\035\330\222\313\166\147 -\265\011\231\011\345\254\027\024\125\160\306\074\240\126\012\003 -\263\334\142\031\337\310\265\060\177\365\074\046\165\021\275\327 -\033\263\207\236\007\257\145\161\345\240\317\032\247\011\020\035 -\223\211\146\133\350\074\142\062\265\265\072\156\351\205\001\213 -\236\103\214\147\163\050\131\133\353\343\334\054\314\245\046\162 -\142\022\264\346\234\203\104\366\121\244\342\300\172\044\127\312 -\016\245\077\072\265\073\213\345\166\356\160\346\222\336\026\134 -\050\133\227\031\047\222\376\172\222\124\316\223\071\012\026\207 -\274\143\263\365\261\223\134\340\156\267\320\352\371\142\062\210 -\104\373\277\047\050\266\060\225\135\022\050\271\225\276\217\123 -\030\345\242\030\026\342\126\244\262\054\020\365\035\067\246\370 -\267\366\320\131\134\211\367\302\325\265\224\164\321\325\376\033 -\266\360\346\326\036\173\322\074\313\250\343\365\030\363\041\037 -\156\357\115\150\006\173\055\135\156\103\211\246\300\371\240\277 -\202\036\317\123\177\264\353\054\333\135\366\152\175\100\044\005 -\162\211\070\001\223\313\161\302\071\135\006\021\366\157\170\370 -\067\015\071\204\047\002\003\001\000\001\243\143\060\141\060\016 -\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\035\006\003\125\035\016\004\026\004\024\152\071\372\102\042\367 -\346\211\000\115\136\175\063\203\313\270\156\167\206\257\060\037 -\006\003\125\035\043\004\030\060\026\200\024\152\071\372\102\042 -\367\346\211\000\115\136\175\063\203\313\270\156\167\206\257\060 -\015\006\011\052\206\110\206\367\015\001\001\015\005\000\003\202 -\002\001\000\230\313\253\100\074\345\063\002\227\177\055\207\246 -\217\324\136\112\257\270\036\347\273\161\373\200\144\045\251\263 -\032\076\150\135\047\046\247\272\052\341\360\127\203\012\144\117 -\036\042\164\033\351\220\137\360\254\317\377\117\150\172\070\244 -\020\154\015\261\307\244\167\200\030\266\242\050\104\166\247\064 -\235\161\204\057\312\131\322\107\210\231\101\042\311\060\230\141 -\156\075\250\250\005\155\321\037\300\121\104\126\177\047\065\002 -\335\136\230\012\102\353\060\277\215\241\233\121\252\073\352\223 -\106\144\305\000\171\336\041\153\366\127\240\206\327\006\162\354 -\160\106\113\213\163\335\240\041\165\076\334\035\300\217\323\117 -\163\034\205\331\376\177\142\310\225\157\266\323\173\214\272\123 -\302\157\233\104\114\171\320\035\160\263\327\237\002\364\262\007 -\260\307\345\370\255\043\016\246\126\311\051\022\167\110\331\057 -\106\375\073\360\374\164\160\222\245\216\070\010\037\144\060\266 -\267\113\373\066\254\020\216\240\122\063\143\235\003\065\126\305 -\151\275\306\043\132\047\224\366\244\022\370\055\063\074\241\126 -\245\137\326\031\351\355\174\010\275\167\315\047\144\314\224\332 -\116\106\120\207\340\371\301\123\200\036\273\255\373\107\122\213 -\033\375\242\371\336\016\042\267\075\063\131\154\324\336\365\225 -\006\062\015\121\031\101\134\076\117\006\367\271\053\200\047\366 -\243\252\172\174\006\341\103\303\023\071\142\032\066\275\340\050 -\056\224\002\344\051\056\140\125\256\100\075\260\164\222\136\360 -\040\144\226\077\137\105\135\210\265\212\332\002\240\133\105\124 -\336\070\075\011\300\250\112\145\106\026\374\252\277\124\116\115 -\133\276\070\103\267\050\312\213\063\252\032\045\272\045\134\051 -\057\133\112\156\214\352\055\234\052\366\005\166\340\167\227\200 -\210\335\147\023\157\035\150\044\213\117\267\164\201\345\364\140 -\237\172\125\327\076\067\332\026\153\076\167\254\256\030\160\225 -\010\171\051\003\212\376\301\073\263\077\032\017\244\073\136\037 -\130\241\225\311\253\057\163\112\320\055\156\232\131\017\125\030 -\170\055\074\121\246\227\213\346\273\262\160\252\114\021\336\377 -\174\053\067\324\172\321\167\064\217\347\371\102\367\074\201\014 -\113\122\012 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "OpenTrust Root CA G2" -# Issuer: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR -# Serial Number:11:20:a1:69:1b:bf:bd:b9:bd:52:96:8f:23:e8:48:bf:26:11 -# Subject: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 27:99:58:29:FE:6A:75:15:C1:BF:E8:48:F9:C4:76:1D:B1:6C:22:59:29:25:7B:F4:0D:08:94:F2:9E:A8:BA:F2 -# Fingerprint (SHA1): 79:5F:88:60:C5:AB:7C:3D:92:E6:CB:F4:8D:E1:45:CD:11:EF:60:0B -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\171\137\210\140\305\253\174\075\222\346\313\364\215\341\105\315 -\021\357\140\013 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\127\044\266\131\044\153\256\310\376\034\014\040\362\300\116\353 -END -CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\241\151\033\277\275\271\275\122\226\217\043\350 -\110\277\046\021 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "OpenTrust Root CA G3" -# -# Issuer: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR -# Serial Number:11:20:e6:f8:4c:fc:24:b0:be:05:40:ac:da:83:1b:34:60:3f -# Subject: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): B7:C3:62:31:70:6E:81:07:8C:36:7C:B8:96:19:8F:1E:32:08:DD:92:69:49:DD:8F:57:09:A4:10:F7:5B:62:92 -# Fingerprint (SHA1): 6E:26:64:F3:56:BF:34:55:BF:D1:93:3F:7C:01:DE:D8:13:DA:8A:A6 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\346\370\114\374\044\260\276\005\100\254\332\203 -\033\064\140\077 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\041\060\202\001\246\240\003\002\001\002\002\022\021 -\040\346\370\114\374\044\260\276\005\100\254\332\203\033\064\140 -\077\060\012\006\010\052\206\110\316\075\004\003\003\060\100\061 -\013\060\011\006\003\125\004\006\023\002\106\122\061\022\060\020 -\006\003\125\004\012\014\011\117\160\145\156\124\162\165\163\164 -\061\035\060\033\006\003\125\004\003\014\024\117\160\145\156\124 -\162\165\163\164\040\122\157\157\164\040\103\101\040\107\063\060 -\036\027\015\061\064\060\065\062\066\060\060\060\060\060\060\132 -\027\015\063\070\060\061\061\065\060\060\060\060\060\060\132\060 -\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061\022 -\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162\165 -\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160\145 -\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040\107 -\063\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005 -\053\201\004\000\042\003\142\000\004\112\356\130\256\115\312\146 -\336\006\072\243\021\374\340\030\360\156\034\272\055\060\014\211 -\331\326\356\233\163\203\251\043\025\214\057\131\212\132\335\024 -\352\235\131\053\103\267\006\354\062\266\272\356\101\265\255\135 -\241\205\314\352\035\024\146\243\147\176\106\342\224\363\347\266 -\126\241\025\131\241\117\067\227\271\042\036\275\021\353\364\262 -\037\136\303\024\232\345\331\227\231\243\143\060\141\060\016\006 -\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006 -\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\035 -\006\003\125\035\016\004\026\004\024\107\167\303\024\213\142\071 -\014\311\157\341\120\115\320\020\130\334\225\210\155\060\037\006 -\003\125\035\043\004\030\060\026\200\024\107\167\303\024\213\142 -\071\014\311\157\341\120\115\320\020\130\334\225\210\155\060\012 -\006\010\052\206\110\316\075\004\003\003\003\151\000\060\146\002 -\061\000\217\250\334\235\272\014\004\027\372\025\351\075\057\051 -\001\227\277\201\026\063\100\223\154\374\371\355\200\160\157\252 -\217\333\204\302\213\365\065\312\006\334\144\157\150\026\341\217 -\221\271\002\061\000\330\113\245\313\302\320\010\154\351\030\373 -\132\335\115\137\044\013\260\000\041\045\357\217\247\004\046\161 -\342\174\151\345\135\232\370\101\037\073\071\223\223\235\125\352 -\315\215\361\373\301 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "OpenTrust Root CA G3" -# Issuer: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR -# Serial Number:11:20:e6:f8:4c:fc:24:b0:be:05:40:ac:da:83:1b:34:60:3f -# Subject: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): B7:C3:62:31:70:6E:81:07:8C:36:7C:B8:96:19:8F:1E:32:08:DD:92:69:49:DD:8F:57:09:A4:10:F7:5B:62:92 -# Fingerprint (SHA1): 6E:26:64:F3:56:BF:34:55:BF:D1:93:3F:7C:01:DE:D8:13:DA:8A:A6 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\156\046\144\363\126\277\064\125\277\321\223\077\174\001\336\330 -\023\332\212\246 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\041\067\264\027\026\222\173\147\106\160\251\226\327\250\023\044 -END -CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\346\370\114\374\044\260\276\005\100\254\332\203 -\033\064\140\077 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "ISRG Root X1" # @@ -20443,6 +18265,8 @@ CKA_VALUE MULTILINE_OCTAL \376\216\036\127\242\315\100\235\176\142\042\332\336\030\047 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "ISRG Root X1" # Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US @@ -20606,6 +18430,8 @@ CKA_VALUE MULTILINE_OCTAL \072\117\110\366\213\266\263 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "AC RAIZ FNMT-RCM" # Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES @@ -20731,6 +18557,8 @@ CKA_VALUE MULTILINE_OCTAL \304\220\276\361\271 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Amazon Root CA 1" # Issuer: CN=Amazon Root CA 1,O=Amazon,C=US @@ -20888,6 +18716,8 @@ CKA_VALUE MULTILINE_OCTAL \340\373\011\140\154 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Amazon Root CA 2" # Issuer: CN=Amazon Root CA 2,O=Amazon,C=US @@ -20988,6 +18818,8 @@ CKA_VALUE MULTILINE_OCTAL \143\044\110\034\337\060\175\325\150\073 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Amazon Root CA 3" # Issuer: CN=Amazon Root CA 3,O=Amazon,C=US @@ -21092,6 +18924,8 @@ CKA_VALUE MULTILINE_OCTAL \012\166\324\245\274\020 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Amazon Root CA 4" # Issuer: CN=Amazon Root CA 4,O=Amazon,C=US @@ -21259,6 +19093,8 @@ CKA_VALUE MULTILINE_OCTAL \045\307\043\200\203\012\353 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "LuxTrust Global Root 2" # Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU @@ -21408,6 +19244,8 @@ CKA_VALUE MULTILINE_OCTAL \322\063\340\377\275\321\124\071\051\017 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Symantec Class 1 Public Primary Certification Authority - G6" # Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US @@ -21562,6 +19400,8 @@ CKA_VALUE MULTILINE_OCTAL \157\374\132\344\202\125\131\257\061\251 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Symantec Class 2 Public Primary Certification Authority - G6" # Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US @@ -21695,6 +19535,8 @@ CKA_VALUE MULTILINE_OCTAL \362\014\105\111\071\277\231\004\034\323\020\240 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Symantec Class 1 Public Primary Certification Authority - G4" # Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US @@ -21828,6 +19670,8 @@ CKA_VALUE MULTILINE_OCTAL \051\246\330\107\331\240\226\030\333\362\105\263 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Symantec Class 2 Public Primary Certification Authority - G4" # Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US @@ -21973,6 +19817,8 @@ CKA_VALUE MULTILINE_OCTAL \137\134 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "D-TRUST Root CA 3 2013" # Issuer: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE @@ -22135,6 +19981,8 @@ CKA_VALUE MULTILINE_OCTAL \237\042\136\242\017\241\343 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" # Issuer: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR @@ -22310,6 +20158,8 @@ CKA_VALUE MULTILINE_OCTAL \250\267\101\154\007\335\275\074\206\227\057\322 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "GDCA TrustAUTH R5 ROOT" # Issuer: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN @@ -22465,6 +20315,8 @@ CKA_VALUE MULTILINE_OCTAL \132\171\054\031 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "TrustCor RootCert CA-1" # Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA @@ -22656,6 +20508,8 @@ CKA_VALUE MULTILINE_OCTAL \326\354\011 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "TrustCor RootCert CA-2" # Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA @@ -22812,6 +20666,8 @@ CKA_VALUE MULTILINE_OCTAL \264\237\327\346 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "TrustCor ECA-1" # Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA @@ -22991,6 +20847,8 @@ CKA_VALUE MULTILINE_OCTAL \271 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "SSL.com Root Certification Authority RSA" # Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US @@ -23115,6 +20973,8 @@ CKA_VALUE MULTILINE_OCTAL \145 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "SSL.com Root Certification Authority ECC" # Issuer: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US @@ -23294,6 +21154,8 @@ CKA_VALUE MULTILINE_OCTAL \040\022\215\264\254\127\261\105\143\241\254\166\251\302\373 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "SSL.com EV Root Certification Authority RSA R2" # Issuer: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US @@ -23421,6 +21283,8 @@ CKA_VALUE MULTILINE_OCTAL \371\007\340\142\232\214\134\112 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "SSL.com EV Root Certification Authority ECC" # Issuer: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US @@ -23460,3 +21324,2224 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "GlobalSign Root CA - R6" +# +# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6 +# Serial Number:45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51 +# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6 +# Not Valid Before: Wed Dec 10 00:00:00 2014 +# Not Valid After : Sun Dec 10 00:00:00 2034 +# Fingerprint (SHA-256): 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69 +# Fingerprint (SHA1): 80:94:64:0E:B5:A7:A1:CA:11:9C:1F:DD:D5:9F:81:02:63:A7:FB:D1 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GlobalSign Root CA - R6" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 +\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 +\055\040\122\066\061\023\060\021\006\003\125\004\012\023\012\107 +\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 +\004\003\023\012\107\154\157\142\141\154\123\151\147\156 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 +\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 +\055\040\122\066\061\023\060\021\006\003\125\004\012\023\012\107 +\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 +\004\003\023\012\107\154\157\142\141\154\123\151\147\156 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\016\105\346\273\003\203\063\303\205\145\110\346\377\105\121 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\203\060\202\003\153\240\003\002\001\002\002\016\105 +\346\273\003\203\063\303\205\145\110\346\377\105\121\060\015\006 +\011\052\206\110\206\367\015\001\001\014\005\000\060\114\061\040 +\060\036\006\003\125\004\013\023\027\107\154\157\142\141\154\123 +\151\147\156\040\122\157\157\164\040\103\101\040\055\040\122\066 +\061\023\060\021\006\003\125\004\012\023\012\107\154\157\142\141 +\154\123\151\147\156\061\023\060\021\006\003\125\004\003\023\012 +\107\154\157\142\141\154\123\151\147\156\060\036\027\015\061\064 +\061\062\061\060\060\060\060\060\060\060\132\027\015\063\064\061 +\062\061\060\060\060\060\060\060\060\132\060\114\061\040\060\036 +\006\003\125\004\013\023\027\107\154\157\142\141\154\123\151\147 +\156\040\122\157\157\164\040\103\101\040\055\040\122\066\061\023 +\060\021\006\003\125\004\012\023\012\107\154\157\142\141\154\123 +\151\147\156\061\023\060\021\006\003\125\004\003\023\012\107\154 +\157\142\141\154\123\151\147\156\060\202\002\042\060\015\006\011 +\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000 +\060\202\002\012\002\202\002\001\000\225\007\350\163\312\146\371 +\354\024\312\173\074\367\015\010\361\264\105\013\054\202\264\110 +\306\353\133\074\256\203\270\101\222\063\024\244\157\177\351\052 +\314\306\260\210\153\305\266\211\321\306\262\377\024\316\121\024 +\041\354\112\335\033\132\306\326\207\356\115\072\025\006\355\144 +\146\013\222\200\312\104\336\163\224\116\363\247\211\177\117\170 +\143\010\310\022\120\155\102\146\057\115\271\171\050\115\122\032 +\212\032\200\267\031\201\016\176\304\212\274\144\114\041\034\103 +\150\327\075\074\212\305\262\146\325\220\232\267\061\006\305\276 +\342\155\062\006\246\036\371\271\353\252\243\270\277\276\202\143 +\120\320\360\030\211\337\344\017\171\365\352\242\037\052\322\160 +\056\173\347\274\223\273\155\123\342\110\174\214\020\007\070\377 +\146\262\167\141\176\340\352\214\074\252\264\244\366\363\225\112 +\022\007\155\375\214\262\211\317\320\240\141\167\310\130\164\260 +\324\043\072\367\135\072\312\242\333\235\011\336\135\104\055\220 +\361\201\315\127\222\372\176\274\120\004\143\064\337\153\223\030 +\276\153\066\262\071\344\254\044\066\267\360\357\266\034\023\127 +\223\266\336\262\370\342\205\267\163\242\270\065\252\105\362\340 +\235\066\241\157\124\212\361\162\126\156\056\210\305\121\102\104 +\025\224\356\243\305\070\226\233\116\116\132\013\107\363\006\066 +\111\167\060\274\161\067\345\246\354\041\010\165\374\346\141\026 +\077\167\325\331\221\227\204\012\154\324\002\115\164\300\024\355 +\375\071\373\203\362\136\024\241\004\260\013\351\376\356\217\341 +\156\013\262\010\263\141\146\011\152\261\006\072\145\226\131\300 +\360\065\375\311\332\050\215\032\021\207\160\201\012\250\232\165 +\035\236\072\206\005\000\236\333\200\326\045\371\334\005\236\047 +\131\114\166\071\133\352\371\245\241\330\203\017\321\377\337\060 +\021\371\205\317\063\110\365\312\155\144\024\054\172\130\117\323 +\113\010\111\305\225\144\032\143\016\171\075\365\263\214\312\130 +\255\234\102\105\171\156\016\207\031\134\124\261\145\266\277\214 +\233\334\023\351\015\157\270\056\334\147\156\311\213\021\265\204 +\024\212\000\031\160\203\171\221\227\221\324\032\047\277\067\036 +\062\007\330\024\143\074\050\114\257\002\003\001\000\001\243\143 +\060\141\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003 +\001\001\377\060\035\006\003\125\035\016\004\026\004\024\256\154 +\005\243\223\023\342\242\347\342\327\034\326\307\360\177\310\147 +\123\240\060\037\006\003\125\035\043\004\030\060\026\200\024\256 +\154\005\243\223\023\342\242\347\342\327\034\326\307\360\177\310 +\147\123\240\060\015\006\011\052\206\110\206\367\015\001\001\014 +\005\000\003\202\002\001\000\203\045\355\350\321\375\225\122\315 +\236\300\004\240\221\151\346\134\320\204\336\334\255\242\117\350 +\107\170\326\145\230\251\133\250\074\207\174\002\212\321\156\267 +\026\163\346\137\300\124\230\325\164\276\301\315\342\021\221\255 +\043\030\075\335\341\162\104\226\264\225\136\300\173\216\231\170 +\026\103\023\126\127\263\242\263\073\265\167\334\100\162\254\243 +\353\233\065\076\261\010\041\241\347\304\103\067\171\062\276\265 +\347\234\054\114\274\103\051\231\216\060\323\254\041\340\343\035 +\372\330\007\063\166\124\000\042\052\271\115\040\056\160\150\332 +\345\123\374\203\134\323\235\362\377\104\014\104\146\362\322\343 +\275\106\000\032\155\002\272\045\135\215\241\061\121\335\124\106 +\034\115\333\231\226\357\032\034\004\134\246\025\357\170\340\171 +\376\135\333\076\252\114\125\375\232\025\251\157\341\246\373\337 +\160\060\351\303\356\102\106\355\302\223\005\211\372\175\143\173 +\077\320\161\201\174\000\350\230\256\016\170\064\303\045\373\257 +\012\237\040\153\335\073\023\217\022\214\342\101\032\110\172\163 +\240\167\151\307\266\134\177\202\310\036\376\130\033\050\053\250 +\154\255\136\155\300\005\322\173\267\353\200\376\045\067\376\002 +\233\150\254\102\135\303\356\365\314\334\360\120\165\322\066\151 +\234\346\173\004\337\156\006\151\266\336\012\011\110\131\207\353 +\173\024\140\172\144\252\151\103\357\221\307\114\354\030\335\154 +\357\123\055\214\231\341\136\362\162\076\317\124\310\275\147\354 +\244\017\114\105\377\323\271\060\043\007\114\217\020\277\206\226 +\331\231\132\264\231\127\034\244\314\273\025\211\123\272\054\005 +\017\344\304\236\031\261\030\064\325\114\235\272\355\367\037\257 +\044\225\004\170\250\003\273\356\201\345\332\137\174\213\112\241 +\220\164\045\247\263\076\113\310\054\126\275\307\310\357\070\342 +\134\222\360\171\367\234\204\272\164\055\141\001\040\176\176\321 +\362\117\007\131\137\213\055\103\122\353\106\014\224\341\365\146 +\107\171\167\325\124\133\037\255\044\067\313\105\132\116\240\104 +\110\310\330\260\231\305\025\204\011\366\326\111\111\300\145\270 +\346\032\161\156\240\250\361\202\350\105\076\154\326\002\327\012 +\147\203\005\132\311\244\020 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "GlobalSign Root CA - R6" +# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6 +# Serial Number:45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51 +# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6 +# Not Valid Before: Wed Dec 10 00:00:00 2014 +# Not Valid After : Sun Dec 10 00:00:00 2034 +# Fingerprint (SHA-256): 2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69 +# Fingerprint (SHA1): 80:94:64:0E:B5:A7:A1:CA:11:9C:1F:DD:D5:9F:81:02:63:A7:FB:D1 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GlobalSign Root CA - R6" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\200\224\144\016\265\247\241\312\021\234\037\335\325\237\201\002 +\143\247\373\321 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\117\335\007\344\324\042\144\071\036\014\067\102\352\321\306\256 +END +CKA_ISSUER MULTILINE_OCTAL +\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157 +\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040 +\055\040\122\066\061\023\060\021\006\003\125\004\012\023\012\107 +\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125 +\004\003\023\012\107\154\157\142\141\154\123\151\147\156 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\016\105\346\273\003\203\063\303\205\145\110\346\377\105\121 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "OISTE WISeKey Global Root GC CA" +# +# Issuer: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH +# Serial Number:21:2a:56:0c:ae:da:0c:ab:40:45:bf:2b:a2:2d:3a:ea +# Subject: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH +# Not Valid Before: Tue May 09 09:48:34 2017 +# Not Valid After : Fri May 09 09:58:33 2042 +# Fingerprint (SHA-256): 85:60:F9:1C:36:24:DA:BA:95:70:B5:FE:A0:DB:E3:6F:F1:1A:83:23:BE:94:86:85:4F:B3:F3:4A:55:71:19:8D +# Fingerprint (SHA1): E0:11:84:5E:34:DE:BE:88:81:B9:9C:F6:16:26:D1:96:1F:C3:B9:31 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "OISTE WISeKey Global Root GC CA" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 +\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 +\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 +\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 +\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 +\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 +\157\142\141\154\040\122\157\157\164\040\107\103\040\103\101 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 +\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 +\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 +\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 +\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 +\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 +\157\142\141\154\040\122\157\157\164\040\107\103\040\103\101 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\041\052\126\014\256\332\014\253\100\105\277\053\242\055 +\072\352 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\151\060\202\001\357\240\003\002\001\002\002\020\041 +\052\126\014\256\332\014\253\100\105\277\053\242\055\072\352\060 +\012\006\010\052\206\110\316\075\004\003\003\060\155\061\013\060 +\011\006\003\125\004\006\023\002\103\110\061\020\060\016\006\003 +\125\004\012\023\007\127\111\123\145\113\145\171\061\042\060\040 +\006\003\125\004\013\023\031\117\111\123\124\105\040\106\157\165 +\156\144\141\164\151\157\156\040\105\156\144\157\162\163\145\144 +\061\050\060\046\006\003\125\004\003\023\037\117\111\123\124\105 +\040\127\111\123\145\113\145\171\040\107\154\157\142\141\154\040 +\122\157\157\164\040\107\103\040\103\101\060\036\027\015\061\067 +\060\065\060\071\060\071\064\070\063\064\132\027\015\064\062\060 +\065\060\071\060\071\065\070\063\063\132\060\155\061\013\060\011 +\006\003\125\004\006\023\002\103\110\061\020\060\016\006\003\125 +\004\012\023\007\127\111\123\145\113\145\171\061\042\060\040\006 +\003\125\004\013\023\031\117\111\123\124\105\040\106\157\165\156 +\144\141\164\151\157\156\040\105\156\144\157\162\163\145\144\061 +\050\060\046\006\003\125\004\003\023\037\117\111\123\124\105\040 +\127\111\123\145\113\145\171\040\107\154\157\142\141\154\040\122 +\157\157\164\040\107\103\040\103\101\060\166\060\020\006\007\052 +\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000 +\004\114\351\120\300\306\017\162\030\274\330\361\272\263\211\342 +\171\112\243\026\247\153\124\044\333\121\377\352\364\011\044\303 +\013\042\237\313\152\047\202\201\015\322\300\257\061\344\164\202 +\156\312\045\331\214\165\235\361\333\320\232\242\113\041\176\026 +\247\143\220\322\071\324\261\207\170\137\030\226\017\120\033\065 +\067\017\152\306\334\331\023\115\244\216\220\067\346\275\133\061 +\221\243\124\060\122\060\016\006\003\125\035\017\001\001\377\004 +\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004 +\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004 +\024\110\207\024\254\343\303\236\220\140\072\327\312\211\356\323 +\255\214\264\120\146\060\020\006\011\053\006\001\004\001\202\067 +\025\001\004\003\002\001\000\060\012\006\010\052\206\110\316\075 +\004\003\003\003\150\000\060\145\002\060\046\307\151\133\334\325 +\347\262\347\310\014\214\214\303\335\171\214\033\143\325\311\122 +\224\116\115\202\112\163\036\262\200\204\251\045\300\114\132\155 +\111\051\140\170\023\342\176\110\353\144\002\061\000\333\064\040 +\062\010\377\232\111\002\266\210\336\024\257\135\154\231\161\215 +\032\077\213\327\340\242\066\206\034\007\202\072\166\123\375\302 +\242\355\357\173\260\200\117\130\017\113\123\071\275 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "OISTE WISeKey Global Root GC CA" +# Issuer: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH +# Serial Number:21:2a:56:0c:ae:da:0c:ab:40:45:bf:2b:a2:2d:3a:ea +# Subject: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH +# Not Valid Before: Tue May 09 09:48:34 2017 +# Not Valid After : Fri May 09 09:58:33 2042 +# Fingerprint (SHA-256): 85:60:F9:1C:36:24:DA:BA:95:70:B5:FE:A0:DB:E3:6F:F1:1A:83:23:BE:94:86:85:4F:B3:F3:4A:55:71:19:8D +# Fingerprint (SHA1): E0:11:84:5E:34:DE:BE:88:81:B9:9C:F6:16:26:D1:96:1F:C3:B9:31 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "OISTE WISeKey Global Root GC CA" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\340\021\204\136\064\336\276\210\201\271\234\366\026\046\321\226 +\037\303\271\061 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\251\326\271\055\057\223\144\370\245\151\312\221\351\150\007\043 +END +CKA_ISSUER MULTILINE_OCTAL +\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061 +\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145 +\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124 +\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144 +\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037 +\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154 +\157\142\141\154\040\122\157\157\164\040\107\103\040\103\101 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\041\052\126\014\256\332\014\253\100\105\277\053\242\055 +\072\352 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "GTS Root R1" +# +# Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c5:4b:47:0c:0d:ec:33:d0:89:b9:1c:f4:e1 +# Subject: CN=GTS Root R1,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 2A:57:54:71:E3:13:40:BC:21:58:1C:BD:2C:F1:3E:15:84:63:20:3E:CE:94:BC:F9:D3:CC:19:6B:F0:9A:54:72 +# Fingerprint (SHA1): E1:C9:50:E6:EF:22:F8:4C:56:45:72:8B:92:20:60:D7:D5:A7:A3:E8 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GTS Root R1" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\061 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\156\107\251\305\113\107\014\015\354\063\320\211\271\034 +\364\341 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\132\060\202\003\102\240\003\002\001\002\002\020\156 +\107\251\305\113\107\014\015\354\063\320\211\271\034\364\341\060 +\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\107 +\061\013\060\011\006\003\125\004\006\023\002\125\123\061\042\060 +\040\006\003\125\004\012\023\031\107\157\157\147\154\145\040\124 +\162\165\163\164\040\123\145\162\166\151\143\145\163\040\114\114 +\103\061\024\060\022\006\003\125\004\003\023\013\107\124\123\040 +\122\157\157\164\040\122\061\060\036\027\015\061\066\060\066\062 +\062\060\060\060\060\060\060\132\027\015\063\066\060\066\062\062 +\060\060\060\060\060\060\132\060\107\061\013\060\011\006\003\125 +\004\006\023\002\125\123\061\042\060\040\006\003\125\004\012\023 +\031\107\157\157\147\154\145\040\124\162\165\163\164\040\123\145 +\162\166\151\143\145\163\040\114\114\103\061\024\060\022\006\003 +\125\004\003\023\013\107\124\123\040\122\157\157\164\040\122\061 +\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 +\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 +\000\266\021\002\213\036\343\241\167\233\073\334\277\224\076\267 +\225\247\100\074\241\375\202\371\175\062\006\202\161\366\366\214 +\177\373\350\333\274\152\056\227\227\243\214\113\371\053\366\261 +\371\316\204\035\261\371\305\227\336\357\271\362\243\351\274\022 +\211\136\247\252\122\253\370\043\047\313\244\261\234\143\333\327 +\231\176\360\012\136\353\150\246\364\306\132\107\015\115\020\063 +\343\116\261\023\243\310\030\154\113\354\374\011\220\337\235\144 +\051\045\043\007\241\264\322\075\056\140\340\317\322\011\207\273 +\315\110\360\115\302\302\172\210\212\273\272\317\131\031\326\257 +\217\260\007\260\236\061\361\202\301\300\337\056\246\155\154\031 +\016\265\330\176\046\032\105\003\075\260\171\244\224\050\255\017 +\177\046\345\250\010\376\226\350\074\150\224\123\356\203\072\210 +\053\025\226\011\262\340\172\214\056\165\326\234\353\247\126\144 +\217\226\117\150\256\075\227\302\204\217\300\274\100\300\013\134 +\275\366\207\263\065\154\254\030\120\177\204\340\114\315\222\323 +\040\351\063\274\122\231\257\062\265\051\263\045\052\264\110\371 +\162\341\312\144\367\346\202\020\215\350\235\302\212\210\372\070 +\146\212\374\143\371\001\371\170\375\173\134\167\372\166\207\372 +\354\337\261\016\171\225\127\264\275\046\357\326\001\321\353\026 +\012\273\216\013\265\305\305\212\125\253\323\254\352\221\113\051 +\314\031\244\062\045\116\052\361\145\104\320\002\316\252\316\111 +\264\352\237\174\203\260\100\173\347\103\253\247\154\243\217\175 +\211\201\372\114\245\377\325\216\303\316\113\340\265\330\263\216 +\105\317\166\300\355\100\053\375\123\017\260\247\325\073\015\261 +\212\242\003\336\061\255\314\167\352\157\173\076\326\337\221\042 +\022\346\276\372\330\062\374\020\143\024\121\162\336\135\326\026 +\223\275\051\150\063\357\072\146\354\007\212\046\337\023\327\127 +\145\170\047\336\136\111\024\000\242\000\177\232\250\041\266\251 +\261\225\260\245\271\015\026\021\332\307\154\110\074\100\340\176 +\015\132\315\126\074\321\227\005\271\313\113\355\071\113\234\304 +\077\322\125\023\156\044\260\326\161\372\364\301\272\314\355\033 +\365\376\201\101\330\000\230\075\072\310\256\172\230\067\030\005 +\225\002\003\001\000\001\243\102\060\100\060\016\006\003\125\035 +\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035 +\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125 +\035\016\004\026\004\024\344\257\053\046\161\032\053\110\047\205 +\057\122\146\054\357\360\211\023\161\076\060\015\006\011\052\206 +\110\206\367\015\001\001\014\005\000\003\202\002\001\000\070\226 +\012\356\075\264\226\036\137\357\235\234\013\063\237\053\340\312 +\375\322\216\012\037\101\164\245\174\252\204\324\345\362\036\346 +\067\122\062\234\013\321\141\035\277\050\301\266\104\051\065\165 +\167\230\262\174\331\275\164\254\212\150\343\251\061\011\051\001 +\140\163\343\107\174\123\250\220\112\047\357\113\327\237\223\347 +\202\066\316\232\150\014\202\347\317\324\020\026\157\137\016\231 +\134\366\037\161\175\357\357\173\057\176\352\066\326\227\160\013 +\025\356\327\134\126\152\063\245\343\111\070\014\270\175\373\215 +\205\244\261\131\136\364\152\341\335\241\366\144\104\256\346\121 +\203\041\146\306\021\076\363\316\107\356\234\050\037\045\332\377 +\254\146\225\335\065\017\134\357\040\054\142\375\221\272\251\314 +\374\132\234\223\201\203\051\227\112\174\132\162\264\071\320\267 +\167\313\171\375\151\072\222\067\355\156\070\145\106\176\351\140 +\275\171\210\227\137\070\022\364\356\257\133\202\310\206\325\341 +\231\155\214\004\362\166\272\111\366\156\351\155\036\137\240\357 +\047\202\166\100\370\246\323\130\134\017\054\102\332\102\306\173 +\210\064\307\301\330\105\233\301\076\305\141\035\331\143\120\111 +\366\064\205\152\340\030\305\156\107\253\101\102\051\233\366\140 +\015\322\061\323\143\230\043\223\132\000\201\110\264\357\315\212 +\315\311\317\231\356\331\236\252\066\341\150\113\161\111\024\066 +\050\072\075\035\316\232\217\045\346\200\161\141\053\265\173\314 +\371\045\026\201\341\061\137\241\243\176\026\244\234\026\152\227 +\030\275\166\162\245\013\236\035\066\346\057\241\057\276\160\221 +\017\250\346\332\370\304\222\100\154\045\176\173\263\011\334\262 +\027\255\200\104\360\150\245\217\224\165\377\164\132\350\250\002 +\174\014\011\342\251\113\013\240\205\013\142\271\357\241\061\222 +\373\357\366\121\004\211\154\350\251\164\241\273\027\263\265\375 +\111\017\174\074\354\203\030\040\103\116\325\223\272\264\064\261 +\037\026\066\037\014\346\144\071\026\114\334\340\376\035\310\251 +\142\075\100\352\312\305\064\002\264\256\211\210\063\065\334\054 +\023\163\330\047\361\320\162\356\165\073\042\336\230\150\146\133 +\361\306\143\107\125\034\272\245\010\121\165\246\110\045 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "GTS Root R1" +# Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c5:4b:47:0c:0d:ec:33:d0:89:b9:1c:f4:e1 +# Subject: CN=GTS Root R1,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 2A:57:54:71:E3:13:40:BC:21:58:1C:BD:2C:F1:3E:15:84:63:20:3E:CE:94:BC:F9:D3:CC:19:6B:F0:9A:54:72 +# Fingerprint (SHA1): E1:C9:50:E6:EF:22:F8:4C:56:45:72:8B:92:20:60:D7:D5:A7:A3:E8 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GTS Root R1" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\341\311\120\346\357\042\370\114\126\105\162\213\222\040\140\327 +\325\247\243\350 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\202\032\357\324\322\112\362\237\342\075\227\006\024\160\162\205 +END +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\156\107\251\305\113\107\014\015\354\063\320\211\271\034 +\364\341 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "GTS Root R2" +# +# Issuer: CN=GTS Root R2,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c6:5a:b3:e7:20:c5:30:9a:3f:68:52:f2:6f +# Subject: CN=GTS Root R2,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): C4:5D:7B:B0:8E:6D:67:E6:2E:42:35:11:0B:56:4E:5F:78:FD:92:EF:05:8C:84:0A:EA:4E:64:55:D7:58:5C:60 +# Fingerprint (SHA1): D2:73:96:2A:2A:5E:39:9F:73:3F:E1:C7:1E:64:3F:03:38:34:FC:4D +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GTS Root R2" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\156\107\251\306\132\263\347\040\305\060\232\077\150\122 +\362\157 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\132\060\202\003\102\240\003\002\001\002\002\020\156 +\107\251\306\132\263\347\040\305\060\232\077\150\122\362\157\060 +\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\107 +\061\013\060\011\006\003\125\004\006\023\002\125\123\061\042\060 +\040\006\003\125\004\012\023\031\107\157\157\147\154\145\040\124 +\162\165\163\164\040\123\145\162\166\151\143\145\163\040\114\114 +\103\061\024\060\022\006\003\125\004\003\023\013\107\124\123\040 +\122\157\157\164\040\122\062\060\036\027\015\061\066\060\066\062 +\062\060\060\060\060\060\060\132\027\015\063\066\060\066\062\062 +\060\060\060\060\060\060\132\060\107\061\013\060\011\006\003\125 +\004\006\023\002\125\123\061\042\060\040\006\003\125\004\012\023 +\031\107\157\157\147\154\145\040\124\162\165\163\164\040\123\145 +\162\166\151\143\145\163\040\114\114\103\061\024\060\022\006\003 +\125\004\003\023\013\107\124\123\040\122\157\157\164\040\122\062 +\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 +\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 +\000\316\336\375\246\373\354\354\024\064\074\007\006\132\154\131 +\367\031\065\335\367\301\235\125\252\323\315\073\244\223\162\357 +\012\372\155\235\366\360\205\200\133\241\110\122\237\071\305\267 +\356\050\254\357\313\166\150\024\271\337\255\001\154\231\037\304 +\042\035\237\376\162\167\340\054\133\257\344\004\277\117\162\240 +\032\064\230\350\071\150\354\225\045\173\166\241\346\151\271\205 +\031\275\211\214\376\255\355\066\352\163\274\377\203\342\313\175 +\301\322\316\112\263\215\005\236\213\111\223\337\301\133\320\156 +\136\360\056\060\056\202\374\372\274\264\027\012\110\345\210\233 +\305\233\153\336\260\312\264\003\360\332\364\220\270\145\144\367 +\134\114\255\350\176\146\136\231\327\270\302\076\310\320\023\235 +\255\356\344\105\173\211\125\367\212\037\142\122\204\022\263\302 +\100\227\343\212\037\107\221\246\164\132\322\370\261\143\050\020 +\270\263\011\270\126\167\100\242\046\230\171\306\376\337\045\356 +\076\345\240\177\324\141\017\121\113\074\077\214\332\341\160\164 +\330\302\150\241\371\301\014\351\241\342\177\273\125\074\166\006 +\356\152\116\314\222\210\060\115\232\275\117\013\110\232\204\265 +\230\243\325\373\163\301\127\141\335\050\126\165\023\256\207\216 +\347\014\121\011\020\165\210\114\274\215\371\173\074\324\042\110 +\037\052\334\353\153\273\104\261\313\063\161\062\106\257\255\112 +\361\214\350\164\072\254\347\032\042\163\200\322\060\367\045\102 +\307\042\073\073\022\255\226\056\306\303\166\007\252\040\267\065 +\111\127\351\222\111\350\166\026\162\061\147\053\226\176\212\243 +\307\224\126\042\277\152\113\176\001\041\262\043\062\337\344\232 +\104\155\131\133\135\365\000\240\034\233\306\170\227\215\220\377 +\233\310\252\264\257\021\121\071\136\331\373\147\255\325\133\021 +\235\062\232\033\275\325\272\133\245\311\313\045\151\123\125\047 +\134\340\312\066\313\210\141\373\036\267\320\313\356\026\373\323 +\246\114\336\222\245\324\342\337\365\006\124\336\056\235\113\264 +\223\060\252\201\316\335\032\334\121\163\015\117\160\351\345\266 +\026\041\031\171\262\346\211\013\165\144\312\325\253\274\011\301 +\030\241\377\324\124\241\205\074\375\024\044\003\262\207\323\244 +\267\002\003\001\000\001\243\102\060\100\060\016\006\003\125\035 +\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035 +\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125 +\035\016\004\026\004\024\273\377\312\216\043\237\117\231\312\333 +\342\150\246\245\025\047\027\036\331\016\060\015\006\011\052\206 +\110\206\367\015\001\001\014\005\000\003\202\002\001\000\266\151 +\360\246\167\376\236\356\013\201\255\341\300\251\307\371\065\035 +\100\202\253\346\004\264\337\313\367\035\017\203\360\176\023\115 +\215\214\356\343\063\042\303\071\374\100\337\156\101\113\102\123 +\276\026\210\361\322\070\136\304\150\231\034\230\122\223\214\347 +\150\355\033\152\163\172\005\100\115\177\145\073\326\130\361\316 +\203\107\140\343\377\227\251\234\140\167\030\125\265\176\010\223 +\317\320\366\074\147\003\025\141\011\371\201\171\365\354\123\244 +\237\311\217\001\213\163\304\167\166\334\203\242\365\014\111\032 +\250\166\336\222\233\144\370\263\054\305\047\323\007\300\010\200 +\244\230\222\343\001\226\002\252\002\356\217\073\305\321\155\012 +\063\060\163\170\271\117\124\026\277\013\007\241\244\134\346\313 +\311\134\204\217\017\340\025\167\054\176\046\176\332\304\113\333 +\247\026\167\007\260\315\165\350\162\102\326\225\204\235\206\203 +\362\344\220\315\011\107\324\213\003\160\332\132\306\003\102\364 +\355\067\242\360\033\120\124\113\016\330\204\336\031\050\231\201 +\107\256\011\033\077\110\321\303\157\342\260\140\027\365\356\043 +\002\245\332\000\133\155\220\253\356\242\351\033\073\351\307\104 +\047\105\216\153\237\365\244\204\274\167\371\153\227\254\076\121 +\105\242\021\246\314\205\356\012\150\362\076\120\070\172\044\142 +\036\027\040\067\155\152\115\267\011\233\311\374\244\130\365\266 +\373\234\116\030\273\225\002\347\241\255\233\007\356\066\153\044 +\322\071\206\301\223\203\120\322\201\106\250\137\142\127\054\273 +\154\144\210\010\156\357\023\124\137\335\055\304\147\143\323\317 +\211\067\277\235\040\364\373\172\203\233\240\036\201\000\120\302 +\344\014\042\131\122\020\355\103\126\207\000\370\024\122\247\035 +\213\223\214\242\115\106\177\047\306\161\233\044\336\344\332\206 +\213\015\176\153\040\301\300\236\341\145\330\152\243\246\350\205 +\213\072\007\010\034\272\365\217\125\232\030\165\176\345\354\201 +\146\321\041\163\241\065\104\013\200\075\133\234\136\157\052\027 +\226\321\203\043\210\146\155\346\206\342\160\062\057\122\042\347 +\310\347\177\304\054\140\135\057\303\257\236\105\005\303\204\002 +\267\375\054\010\122\117\202\335\243\360\324\206\011\002 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "GTS Root R2" +# Issuer: CN=GTS Root R2,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c6:5a:b3:e7:20:c5:30:9a:3f:68:52:f2:6f +# Subject: CN=GTS Root R2,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): C4:5D:7B:B0:8E:6D:67:E6:2E:42:35:11:0B:56:4E:5F:78:FD:92:EF:05:8C:84:0A:EA:4E:64:55:D7:58:5C:60 +# Fingerprint (SHA1): D2:73:96:2A:2A:5E:39:9F:73:3F:E1:C7:1E:64:3F:03:38:34:FC:4D +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GTS Root R2" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\322\163\226\052\052\136\071\237\163\077\341\307\036\144\077\003 +\070\064\374\115 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\104\355\232\016\244\011\073\000\362\256\114\243\306\141\260\213 +END +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\156\107\251\306\132\263\347\040\305\060\232\077\150\122 +\362\157 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "GTS Root R3" +# +# Issuer: CN=GTS Root R3,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c7:6c:a9:73:24:40:89:0f:03:55:dd:8d:1d +# Subject: CN=GTS Root R3,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 15:D5:B8:77:46:19:EA:7D:54:CE:1C:A6:D0:B0:C4:03:E0:37:A9:17:F1:31:E8:A0:4E:1E:6B:7A:71:BA:BC:E5 +# Fingerprint (SHA1): 30:D4:24:6F:07:FF:DB:91:89:8A:0B:E9:49:66:11:EB:8C:5E:46:E5 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GTS Root R3" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\063 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\156\107\251\307\154\251\163\044\100\211\017\003\125\335 +\215\035 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\014\060\202\001\221\240\003\002\001\002\002\020\156 +\107\251\307\154\251\163\044\100\211\017\003\125\335\215\035\060 +\012\006\010\052\206\110\316\075\004\003\003\060\107\061\013\060 +\011\006\003\125\004\006\023\002\125\123\061\042\060\040\006\003 +\125\004\012\023\031\107\157\157\147\154\145\040\124\162\165\163 +\164\040\123\145\162\166\151\143\145\163\040\114\114\103\061\024 +\060\022\006\003\125\004\003\023\013\107\124\123\040\122\157\157 +\164\040\122\063\060\036\027\015\061\066\060\066\062\062\060\060 +\060\060\060\060\132\027\015\063\066\060\066\062\062\060\060\060 +\060\060\060\132\060\107\061\013\060\011\006\003\125\004\006\023 +\002\125\123\061\042\060\040\006\003\125\004\012\023\031\107\157 +\157\147\154\145\040\124\162\165\163\164\040\123\145\162\166\151 +\143\145\163\040\114\114\103\061\024\060\022\006\003\125\004\003 +\023\013\107\124\123\040\122\157\157\164\040\122\063\060\166\060 +\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000 +\042\003\142\000\004\037\117\063\207\063\051\212\241\204\336\313 +\307\041\130\101\211\352\126\235\053\113\205\306\035\114\047\274 +\177\046\121\162\157\342\237\326\243\312\314\105\024\106\213\255 +\357\176\206\214\354\261\176\057\377\251\161\235\030\204\105\004 +\101\125\156\053\352\046\177\273\220\001\343\113\031\272\344\124 +\226\105\011\261\325\154\221\104\255\204\023\216\232\214\015\200 +\014\062\366\340\047\243\102\060\100\060\016\006\003\125\035\017 +\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023 +\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 +\016\004\026\004\024\301\361\046\272\240\055\256\205\201\317\323 +\361\052\022\275\270\012\147\375\274\060\012\006\010\052\206\110 +\316\075\004\003\003\003\151\000\060\146\002\061\000\200\133\244 +\174\043\300\225\245\054\334\276\211\157\043\271\243\335\145\000 +\122\136\221\254\310\235\162\164\202\123\013\175\251\100\275\150 +\140\305\341\270\124\073\301\066\027\045\330\301\275\002\061\000 +\236\065\222\164\205\045\121\365\044\354\144\122\044\120\245\037 +\333\350\313\311\166\354\354\202\156\365\205\030\123\350\270\343 +\232\051\252\226\323\203\043\311\244\173\141\263\314\002\350\135 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "GTS Root R3" +# Issuer: CN=GTS Root R3,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c7:6c:a9:73:24:40:89:0f:03:55:dd:8d:1d +# Subject: CN=GTS Root R3,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 15:D5:B8:77:46:19:EA:7D:54:CE:1C:A6:D0:B0:C4:03:E0:37:A9:17:F1:31:E8:A0:4E:1E:6B:7A:71:BA:BC:E5 +# Fingerprint (SHA1): 30:D4:24:6F:07:FF:DB:91:89:8A:0B:E9:49:66:11:EB:8C:5E:46:E5 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GTS Root R3" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\060\324\044\157\007\377\333\221\211\212\013\351\111\146\021\353 +\214\136\106\345 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\032\171\133\153\004\122\234\135\307\164\063\033\045\232\371\045 +END +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\156\107\251\307\154\251\163\044\100\211\017\003\125\335 +\215\035 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "GTS Root R4" +# +# Issuer: CN=GTS Root R4,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c8:8b:94:b6:e8:bb:3b:2a:d8:a2:b2:c1:99 +# Subject: CN=GTS Root R4,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 71:CC:A5:39:1F:9E:79:4B:04:80:25:30:B3:63:E1:21:DA:8A:30:43:BB:26:66:2F:EA:4D:CA:7F:C9:51:A4:BD +# Fingerprint (SHA1): 2A:1D:60:27:D9:4A:B1:0A:1C:4D:91:5C:CD:33:A0:CB:3E:2D:54:CB +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GTS Root R4" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\064 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\156\107\251\310\213\224\266\350\273\073\052\330\242\262 +\301\231 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\012\060\202\001\221\240\003\002\001\002\002\020\156 +\107\251\310\213\224\266\350\273\073\052\330\242\262\301\231\060 +\012\006\010\052\206\110\316\075\004\003\003\060\107\061\013\060 +\011\006\003\125\004\006\023\002\125\123\061\042\060\040\006\003 +\125\004\012\023\031\107\157\157\147\154\145\040\124\162\165\163 +\164\040\123\145\162\166\151\143\145\163\040\114\114\103\061\024 +\060\022\006\003\125\004\003\023\013\107\124\123\040\122\157\157 +\164\040\122\064\060\036\027\015\061\066\060\066\062\062\060\060 +\060\060\060\060\132\027\015\063\066\060\066\062\062\060\060\060 +\060\060\060\132\060\107\061\013\060\011\006\003\125\004\006\023 +\002\125\123\061\042\060\040\006\003\125\004\012\023\031\107\157 +\157\147\154\145\040\124\162\165\163\164\040\123\145\162\166\151 +\143\145\163\040\114\114\103\061\024\060\022\006\003\125\004\003 +\023\013\107\124\123\040\122\157\157\164\040\122\064\060\166\060 +\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000 +\042\003\142\000\004\363\164\163\247\150\213\140\256\103\270\065 +\305\201\060\173\113\111\235\373\301\141\316\346\336\106\275\153 +\325\141\030\065\256\100\335\163\367\211\221\060\132\353\074\356 +\205\174\242\100\166\073\251\306\270\107\330\052\347\222\221\152 +\163\351\261\162\071\237\051\237\242\230\323\137\136\130\206\145 +\017\241\204\145\006\321\334\213\311\307\163\310\214\152\057\345 +\304\253\321\035\212\243\102\060\100\060\016\006\003\125\035\017 +\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023 +\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 +\016\004\026\004\024\200\114\326\353\164\377\111\066\243\325\330 +\374\265\076\305\152\360\224\035\214\060\012\006\010\052\206\110 +\316\075\004\003\003\003\147\000\060\144\002\060\152\120\122\164 +\010\304\160\334\236\120\164\041\350\215\172\041\303\117\226\156 +\025\321\042\065\141\055\372\010\067\356\031\155\255\333\262\314 +\175\007\064\365\140\031\054\265\064\331\157\040\002\060\003\161 +\261\272\243\140\013\206\355\232\010\152\225\150\237\342\263\341 +\223\144\174\136\223\246\337\171\055\215\205\343\224\317\043\135 +\161\314\362\260\115\326\376\231\310\224\251\165\242\343 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "GTS Root R4" +# Issuer: CN=GTS Root R4,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c8:8b:94:b6:e8:bb:3b:2a:d8:a2:b2:c1:99 +# Subject: CN=GTS Root R4,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 71:CC:A5:39:1F:9E:79:4B:04:80:25:30:B3:63:E1:21:DA:8A:30:43:BB:26:66:2F:EA:4D:CA:7F:C9:51:A4:BD +# Fingerprint (SHA1): 2A:1D:60:27:D9:4A:B1:0A:1C:4D:91:5C:CD:33:A0:CB:3E:2D:54:CB +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GTS Root R4" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\052\035\140\047\331\112\261\012\034\115\221\134\315\063\240\313 +\076\055\124\313 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\135\266\152\304\140\027\044\152\032\231\250\113\356\136\264\046 +END +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\156\107\251\310\213\224\266\350\273\073\052\330\242\262 +\301\231 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "UCA Global G2 Root" +# +# Issuer: CN=UCA Global G2 Root,O=UniTrust,C=CN +# Serial Number:5d:df:b1:da:5a:a3:ed:5d:be:5a:65:20:65:03:90:ef +# Subject: CN=UCA Global G2 Root,O=UniTrust,C=CN +# Not Valid Before: Fri Mar 11 00:00:00 2016 +# Not Valid After : Mon Dec 31 00:00:00 2040 +# Fingerprint (SHA-256): 9B:EA:11:C9:76:FE:01:47:64:C1:BE:56:A6:F9:14:B5:A5:60:31:7A:BD:99:88:39:33:82:E5:16:1A:A0:49:3C +# Fingerprint (SHA1): 28:F9:78:16:19:7A:FF:18:25:18:AA:44:FE:C1:A0:CE:5C:B6:4C:8A +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "UCA Global G2 Root" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\075\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\033\060\031\006\003\125\004\003\014\022\125\103\101 +\040\107\154\157\142\141\154\040\107\062\040\122\157\157\164 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\075\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\033\060\031\006\003\125\004\003\014\022\125\103\101 +\040\107\154\157\142\141\154\040\107\062\040\122\157\157\164 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\135\337\261\332\132\243\355\135\276\132\145\040\145\003 +\220\357 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\106\060\202\003\056\240\003\002\001\002\002\020\135 +\337\261\332\132\243\355\135\276\132\145\040\145\003\220\357\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\075 +\061\013\060\011\006\003\125\004\006\023\002\103\116\061\021\060 +\017\006\003\125\004\012\014\010\125\156\151\124\162\165\163\164 +\061\033\060\031\006\003\125\004\003\014\022\125\103\101\040\107 +\154\157\142\141\154\040\107\062\040\122\157\157\164\060\036\027 +\015\061\066\060\063\061\061\060\060\060\060\060\060\132\027\015 +\064\060\061\062\063\061\060\060\060\060\060\060\132\060\075\061 +\013\060\011\006\003\125\004\006\023\002\103\116\061\021\060\017 +\006\003\125\004\012\014\010\125\156\151\124\162\165\163\164\061 +\033\060\031\006\003\125\004\003\014\022\125\103\101\040\107\154 +\157\142\141\154\040\107\062\040\122\157\157\164\060\202\002\042 +\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 +\202\002\017\000\060\202\002\012\002\202\002\001\000\305\346\053 +\157\174\357\046\005\047\243\201\044\332\157\313\001\371\231\232 +\251\062\302\042\207\141\101\221\073\313\303\150\033\006\305\114 +\251\053\301\147\027\042\035\053\355\371\051\211\223\242\170\275 +\222\153\240\243\015\242\176\312\223\263\246\321\214\065\325\165 +\371\027\366\317\105\305\345\172\354\167\223\240\217\043\256\016 +\032\003\177\276\324\320\355\056\173\253\106\043\133\377\054\346 +\124\172\224\300\052\025\360\311\215\260\172\073\044\341\327\150 +\342\061\074\006\063\106\266\124\021\246\245\057\042\124\052\130 +\015\001\002\361\372\025\121\147\154\300\372\327\266\033\177\321 +\126\210\057\032\072\215\073\273\202\021\340\107\000\320\122\207 +\253\373\206\176\017\044\153\100\235\064\147\274\215\307\055\206 +\157\171\076\216\251\074\027\113\177\260\231\343\260\161\140\334 +\013\365\144\303\316\103\274\155\161\271\322\336\047\133\212\350 +\330\306\256\341\131\175\317\050\055\065\270\225\126\032\361\262 +\130\113\267\022\067\310\174\263\355\113\200\341\215\372\062\043 +\266\157\267\110\225\010\261\104\116\205\214\072\002\124\040\057 +\337\277\127\117\073\072\220\041\327\301\046\065\124\040\354\307 +\077\107\354\357\132\277\113\172\301\255\073\027\120\134\142\330 +\017\113\112\334\053\372\156\274\163\222\315\354\307\120\350\101 +\226\327\251\176\155\330\351\035\217\212\265\271\130\222\272\112 +\222\053\014\126\375\200\353\010\360\136\051\156\033\034\014\257 +\217\223\211\255\333\275\243\236\041\312\211\031\354\337\265\303 +\032\353\026\376\170\066\114\326\156\320\076\027\034\220\027\153 +\046\272\373\172\057\277\021\034\030\016\055\163\003\217\240\345 +\065\240\132\342\114\165\035\161\341\071\070\123\170\100\314\203 +\223\327\012\236\235\133\217\212\344\345\340\110\344\110\262\107 +\315\116\052\165\052\173\362\042\366\311\276\011\221\226\127\172 +\210\210\254\356\160\254\371\334\051\343\014\034\073\022\116\104 +\326\247\116\260\046\310\363\331\032\227\221\150\352\357\215\106 +\006\322\126\105\130\232\074\014\017\203\270\005\045\303\071\317 +\073\244\064\211\267\171\022\057\107\305\347\251\227\151\374\246 +\167\147\265\337\173\361\172\145\025\344\141\126\145\002\003\001 +\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 +\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 +\004\024\201\304\214\314\365\344\060\377\245\014\010\137\214\025 +\147\041\164\001\337\337\060\015\006\011\052\206\110\206\367\015 +\001\001\013\005\000\003\202\002\001\000\023\145\042\365\216\053 +\255\104\344\313\377\271\150\346\303\200\110\075\004\173\372\043 +\057\172\355\066\332\262\316\155\366\346\236\345\137\130\217\313 +\067\062\241\310\145\266\256\070\075\065\033\076\274\073\266\004 +\320\274\371\111\365\233\367\205\305\066\266\313\274\370\310\071 +\325\344\137\007\275\025\124\227\164\312\312\355\117\272\272\144 +\166\237\201\270\204\105\111\114\215\157\242\353\261\314\321\303 +\224\332\104\302\346\342\352\030\350\242\037\047\005\272\327\345 +\326\251\315\335\357\166\230\215\000\016\315\033\372\003\267\216 +\200\130\016\047\077\122\373\224\242\312\136\145\311\326\204\332 +\271\065\161\363\046\300\117\167\346\201\047\322\167\073\232\024 +\157\171\364\366\320\341\323\224\272\320\127\121\275\047\005\015 +\301\375\310\022\060\356\157\215\021\053\010\235\324\324\277\200 +\105\024\232\210\104\332\060\352\264\247\343\356\357\133\202\325 +\076\326\255\170\222\333\134\074\363\330\255\372\270\153\177\304 +\066\050\266\002\025\212\124\054\234\260\027\163\216\320\067\243 +\024\074\230\225\000\014\051\005\133\236\111\111\261\137\307\343 +\313\317\047\145\216\065\027\267\127\310\060\331\101\133\271\024 +\266\350\302\017\224\061\247\224\230\314\152\353\265\341\047\365 +\020\250\001\350\216\022\142\350\210\314\265\177\106\227\300\233 +\020\146\070\032\066\106\137\042\150\075\337\311\306\023\047\253 +\123\006\254\242\074\206\006\145\157\261\176\261\051\104\232\243 +\272\111\151\050\151\217\327\345\137\255\004\206\144\157\032\240 +\014\305\010\142\316\200\243\320\363\354\150\336\276\063\307\027 +\133\177\200\304\114\114\261\246\204\212\303\073\270\011\315\024 +\201\272\030\343\124\127\066\376\333\057\174\107\241\072\063\310 +\371\130\073\104\117\261\312\002\211\004\226\050\150\305\113\270 +\046\211\273\326\063\057\120\325\376\232\211\272\030\062\222\124 +\306\133\340\235\371\136\345\015\042\233\366\332\342\310\041\262 +\142\041\252\206\100\262\056\144\323\137\310\343\176\021\147\105 +\037\005\376\343\242\357\263\250\263\363\175\217\370\014\037\042 +\037\055\160\264\270\001\064\166\060\000\345\043\170\247\126\327 +\120\037\212\373\006\365\302\031\360\320 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "UCA Global G2 Root" +# Issuer: CN=UCA Global G2 Root,O=UniTrust,C=CN +# Serial Number:5d:df:b1:da:5a:a3:ed:5d:be:5a:65:20:65:03:90:ef +# Subject: CN=UCA Global G2 Root,O=UniTrust,C=CN +# Not Valid Before: Fri Mar 11 00:00:00 2016 +# Not Valid After : Mon Dec 31 00:00:00 2040 +# Fingerprint (SHA-256): 9B:EA:11:C9:76:FE:01:47:64:C1:BE:56:A6:F9:14:B5:A5:60:31:7A:BD:99:88:39:33:82:E5:16:1A:A0:49:3C +# Fingerprint (SHA1): 28:F9:78:16:19:7A:FF:18:25:18:AA:44:FE:C1:A0:CE:5C:B6:4C:8A +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "UCA Global G2 Root" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\050\371\170\026\031\172\377\030\045\030\252\104\376\301\240\316 +\134\266\114\212 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\200\376\360\304\112\360\134\142\062\237\034\272\170\251\120\370 +END +CKA_ISSUER MULTILINE_OCTAL +\060\075\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\033\060\031\006\003\125\004\003\014\022\125\103\101 +\040\107\154\157\142\141\154\040\107\062\040\122\157\157\164 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\135\337\261\332\132\243\355\135\276\132\145\040\145\003 +\220\357 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "UCA Extended Validation Root" +# +# Issuer: CN=UCA Extended Validation Root,O=UniTrust,C=CN +# Serial Number:4f:d2:2b:8f:f5:64:c8:33:9e:4f:34:58:66:23:70:60 +# Subject: CN=UCA Extended Validation Root,O=UniTrust,C=CN +# Not Valid Before: Fri Mar 13 00:00:00 2015 +# Not Valid After : Fri Dec 31 00:00:00 2038 +# Fingerprint (SHA-256): D4:3A:F9:B3:54:73:75:5C:96:84:FC:06:D7:D8:CB:70:EE:5C:28:E7:73:FB:29:4E:B4:1E:E7:17:22:92:4D:24 +# Fingerprint (SHA1): A3:A1:B0:6F:24:61:23:4A:E3:36:A5:C2:37:FC:A6:FF:DD:F0:D7:3A +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "UCA Extended Validation Root" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\045\060\043\006\003\125\004\003\014\034\125\103\101 +\040\105\170\164\145\156\144\145\144\040\126\141\154\151\144\141 +\164\151\157\156\040\122\157\157\164 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\045\060\043\006\003\125\004\003\014\034\125\103\101 +\040\105\170\164\145\156\144\145\144\040\126\141\154\151\144\141 +\164\151\157\156\040\122\157\157\164 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\117\322\053\217\365\144\310\063\236\117\064\130\146\043 +\160\140 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\132\060\202\003\102\240\003\002\001\002\002\020\117 +\322\053\217\365\144\310\063\236\117\064\130\146\043\160\140\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\107 +\061\013\060\011\006\003\125\004\006\023\002\103\116\061\021\060 +\017\006\003\125\004\012\014\010\125\156\151\124\162\165\163\164 +\061\045\060\043\006\003\125\004\003\014\034\125\103\101\040\105 +\170\164\145\156\144\145\144\040\126\141\154\151\144\141\164\151 +\157\156\040\122\157\157\164\060\036\027\015\061\065\060\063\061 +\063\060\060\060\060\060\060\132\027\015\063\070\061\062\063\061 +\060\060\060\060\060\060\132\060\107\061\013\060\011\006\003\125 +\004\006\023\002\103\116\061\021\060\017\006\003\125\004\012\014 +\010\125\156\151\124\162\165\163\164\061\045\060\043\006\003\125 +\004\003\014\034\125\103\101\040\105\170\164\145\156\144\145\144 +\040\126\141\154\151\144\141\164\151\157\156\040\122\157\157\164 +\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 +\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 +\000\251\011\007\050\023\002\260\231\340\144\252\036\103\026\172 +\163\261\221\240\165\076\250\372\343\070\000\172\354\211\152\040 +\017\213\305\260\233\063\003\132\206\306\130\206\325\301\205\273 +\117\306\234\100\115\312\276\356\151\226\270\255\201\060\232\174 +\222\005\353\005\053\232\110\320\270\166\076\226\310\040\273\322 +\260\361\217\330\254\105\106\377\252\147\140\264\167\176\152\037 +\074\032\122\172\004\075\007\074\205\015\204\320\037\166\012\367 +\152\024\337\162\343\064\174\127\116\126\001\076\171\361\252\051 +\073\154\372\370\217\155\115\310\065\337\256\353\334\044\356\171 +\105\247\205\266\005\210\336\210\135\045\174\227\144\147\011\331 +\277\132\025\005\206\363\011\036\354\130\062\063\021\363\167\144 +\260\166\037\344\020\065\027\033\362\016\261\154\244\052\243\163 +\374\011\037\036\062\031\123\021\347\331\263\054\056\166\056\241 +\243\336\176\152\210\011\350\362\007\212\370\262\315\020\347\342 +\163\100\223\273\010\321\077\341\374\013\224\263\045\357\174\246 +\327\321\257\237\377\226\232\365\221\173\230\013\167\324\176\350 +\007\322\142\265\225\071\343\363\361\155\017\016\145\204\212\143 +\124\305\200\266\340\236\113\175\107\046\247\001\010\135\321\210 +\236\327\303\062\104\372\202\112\012\150\124\177\070\123\003\314 +\244\000\063\144\121\131\013\243\202\221\172\136\354\026\302\363 +\052\346\142\332\052\333\131\142\020\045\112\052\201\013\107\007 +\103\006\160\207\322\372\223\021\051\172\110\115\353\224\307\160 +\115\257\147\325\121\261\200\040\001\001\264\172\010\246\220\177 +\116\340\357\007\101\207\257\152\245\136\213\373\317\120\262\232 +\124\257\303\211\272\130\055\365\060\230\261\066\162\071\176\111 +\004\375\051\247\114\171\344\005\127\333\224\271\026\123\215\106 +\263\035\225\141\127\126\177\257\360\026\133\141\130\157\066\120 +\021\013\330\254\053\225\026\032\016\037\010\315\066\064\145\020 +\142\146\325\200\137\024\040\137\055\014\240\170\012\150\326\054 +\327\351\157\053\322\112\005\223\374\236\157\153\147\377\210\361 +\116\245\151\112\122\067\005\352\306\026\215\322\304\231\321\202 +\053\073\272\065\165\367\121\121\130\363\310\007\335\344\264\003 +\177\002\003\001\000\001\243\102\060\100\060\035\006\003\125\035 +\016\004\026\004\024\331\164\072\344\060\075\015\367\022\334\176 +\132\005\237\036\064\232\367\341\024\060\017\006\003\125\035\023 +\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035 +\017\001\001\377\004\004\003\002\001\206\060\015\006\011\052\206 +\110\206\367\015\001\001\013\005\000\003\202\002\001\000\066\215 +\227\314\102\025\144\051\067\233\046\054\326\373\256\025\151\054 +\153\032\032\367\137\266\371\007\114\131\352\363\311\310\271\256 +\314\272\056\172\334\300\365\260\055\300\073\257\237\160\005\021 +\152\237\045\117\001\051\160\343\345\014\341\352\132\174\334\111 +\273\301\036\052\201\365\026\113\162\221\310\242\061\271\252\332 +\374\235\037\363\135\100\002\023\374\116\034\006\312\263\024\220 +\124\027\031\022\032\361\037\327\014\151\132\366\161\170\364\224 +\175\221\013\216\354\220\124\216\274\157\241\114\253\374\164\144 +\375\161\232\370\101\007\241\315\221\344\074\232\340\233\062\071 +\163\253\052\325\151\310\170\221\046\061\175\342\307\060\361\374 +\024\170\167\022\016\023\364\335\026\224\277\113\147\173\160\123 +\205\312\260\273\363\070\115\054\220\071\300\015\302\135\153\351 +\342\345\325\210\215\326\054\277\253\033\276\265\050\207\022\027 +\164\156\374\175\374\217\320\207\046\260\033\373\271\154\253\342 +\236\075\025\301\073\056\147\002\130\221\237\357\370\102\037\054 +\267\150\365\165\255\317\265\366\377\021\175\302\360\044\245\255 +\323\372\240\074\251\372\135\334\245\240\357\104\244\276\326\350 +\345\344\023\226\027\173\006\076\062\355\307\267\102\274\166\243 +\330\145\070\053\070\065\121\041\016\016\157\056\064\023\100\341 +\053\147\014\155\112\101\060\030\043\132\062\125\231\311\027\340 +\074\336\366\354\171\255\053\130\031\242\255\054\042\032\225\216 +\276\226\220\135\102\127\304\371\024\003\065\053\034\055\121\127 +\010\247\072\336\077\344\310\264\003\163\302\301\046\200\273\013 +\102\037\255\015\257\046\162\332\314\276\263\243\203\130\015\202 +\305\037\106\121\343\234\030\314\215\233\215\354\111\353\165\120 +\325\214\050\131\312\164\064\332\214\013\041\253\036\352\033\345 +\307\375\025\076\300\027\252\373\043\156\046\106\313\372\371\261 +\162\153\151\317\042\204\013\142\017\254\331\031\000\224\242\166 +\074\324\055\232\355\004\236\055\006\142\020\067\122\034\205\162 +\033\047\345\314\306\061\354\067\354\143\131\233\013\035\166\314 +\176\062\232\210\225\010\066\122\273\336\166\137\166\111\111\255 +\177\275\145\040\262\311\301\053\166\030\166\237\126\261 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "UCA Extended Validation Root" +# Issuer: CN=UCA Extended Validation Root,O=UniTrust,C=CN +# Serial Number:4f:d2:2b:8f:f5:64:c8:33:9e:4f:34:58:66:23:70:60 +# Subject: CN=UCA Extended Validation Root,O=UniTrust,C=CN +# Not Valid Before: Fri Mar 13 00:00:00 2015 +# Not Valid After : Fri Dec 31 00:00:00 2038 +# Fingerprint (SHA-256): D4:3A:F9:B3:54:73:75:5C:96:84:FC:06:D7:D8:CB:70:EE:5C:28:E7:73:FB:29:4E:B4:1E:E7:17:22:92:4D:24 +# Fingerprint (SHA1): A3:A1:B0:6F:24:61:23:4A:E3:36:A5:C2:37:FC:A6:FF:DD:F0:D7:3A +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "UCA Extended Validation Root" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\243\241\260\157\044\141\043\112\343\066\245\302\067\374\246\377 +\335\360\327\072 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\241\363\137\103\306\064\233\332\277\214\176\005\123\255\226\342 +END +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\045\060\043\006\003\125\004\003\014\034\125\103\101 +\040\105\170\164\145\156\144\145\144\040\126\141\154\151\144\141 +\164\151\157\156\040\122\157\157\164 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\117\322\053\217\365\144\310\063\236\117\064\130\146\043 +\160\140 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Certigna Root CA" +# +# Issuer: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR +# Serial Number:00:ca:e9:1b:89:f1:55:03:0d:a3:e6:41:6d:c4:e3:a6:e1 +# Subject: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR +# Not Valid Before: Tue Oct 01 08:32:27 2013 +# Not Valid After : Sat Oct 01 08:32:27 2033 +# Fingerprint (SHA-256): D4:8D:3D:23:EE:DB:50:A4:59:E5:51:97:60:1C:27:77:4B:9D:7B:18:C9:4D:5A:05:95:11:A1:02:50:B9:31:68 +# Fingerprint (SHA1): 2D:0D:52:14:FF:9E:AD:99:24:01:74:20:47:6E:6C:85:27:27:F5:43 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Certigna Root CA" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157 +\164\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060 +\060\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063 +\066\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164 +\151\147\156\141\040\122\157\157\164\040\103\101 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157 +\164\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060 +\060\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063 +\066\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164 +\151\147\156\141\040\122\157\157\164\040\103\101 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\021\000\312\351\033\211\361\125\003\015\243\346\101\155\304 +\343\246\341 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\006\133\060\202\004\103\240\003\002\001\002\002\021\000 +\312\351\033\211\361\125\003\015\243\346\101\155\304\343\246\341 +\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 +\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061\022 +\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157\164 +\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060\060 +\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063\066 +\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164\151 +\147\156\141\040\122\157\157\164\040\103\101\060\036\027\015\061 +\063\061\060\060\061\060\070\063\062\062\067\132\027\015\063\063 +\061\060\060\061\060\070\063\062\062\067\132\060\132\061\013\060 +\011\006\003\125\004\006\023\002\106\122\061\022\060\020\006\003 +\125\004\012\014\011\104\150\151\155\171\157\164\151\163\061\034 +\060\032\006\003\125\004\013\014\023\060\060\060\062\040\064\070 +\061\064\066\063\060\070\061\060\060\060\063\066\061\031\060\027 +\006\003\125\004\003\014\020\103\145\162\164\151\147\156\141\040 +\122\157\157\164\040\103\101\060\202\002\042\060\015\006\011\052 +\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 +\202\002\012\002\202\002\001\000\315\030\071\145\032\131\261\352 +\144\026\016\214\224\044\225\174\203\323\305\071\046\334\014\357 +\026\127\215\327\330\254\243\102\177\202\312\355\315\133\333\016 +\267\055\355\105\010\027\262\331\263\313\326\027\122\162\050\333 +\216\116\236\212\266\013\371\236\204\232\115\166\336\042\051\134 +\322\263\322\006\076\060\071\251\164\243\222\126\034\241\157\114 +\012\040\155\237\043\172\264\306\332\054\344\035\054\334\263\050 +\320\023\362\114\116\002\111\241\124\100\236\346\345\005\240\055 +\204\310\377\230\154\320\353\212\032\204\010\036\267\150\043\356 +\043\325\160\316\155\121\151\020\356\241\172\302\321\042\061\302 +\202\205\322\362\125\166\120\174\045\172\311\204\134\013\254\335 +\102\116\053\347\202\242\044\211\313\220\262\320\356\043\272\146 +\114\273\142\244\371\123\132\144\173\174\230\372\243\110\236\017 +\225\256\247\030\364\152\354\056\003\105\257\360\164\370\052\315 +\172\135\321\276\104\046\062\051\361\361\365\154\314\176\002\041 +\013\237\157\244\077\276\235\123\342\317\175\251\054\174\130\032 +\227\341\075\067\067\030\146\050\322\100\305\121\212\214\303\055 +\316\123\210\044\130\144\060\026\305\252\340\326\012\246\100\337 +\170\366\365\004\174\151\023\204\274\321\321\247\006\317\001\367 +\150\300\250\127\273\072\141\255\004\214\223\343\255\374\360\333 +\104\155\131\334\111\131\256\254\232\231\066\060\101\173\166\063 +\042\207\243\302\222\206\156\371\160\356\256\207\207\225\033\304 +\172\275\061\363\324\322\345\231\377\276\110\354\165\365\170\026 +\035\246\160\301\177\074\033\241\222\373\317\310\074\326\305\223 +\012\217\365\125\072\166\225\316\131\230\212\011\225\167\062\232 +\203\272\054\004\072\227\275\324\057\276\327\154\233\242\312\175 +\155\046\311\125\325\317\303\171\122\010\011\231\007\044\055\144 +\045\153\246\041\151\233\152\335\164\115\153\227\172\101\275\253 +\027\371\220\027\110\217\066\371\055\325\305\333\356\252\205\105 +\101\372\315\072\105\261\150\346\066\114\233\220\127\354\043\271 +\207\010\302\304\011\361\227\206\052\050\115\342\164\300\332\304 +\214\333\337\342\241\027\131\316\044\131\164\061\332\177\375\060 +\155\331\334\341\152\341\374\137\002\003\001\000\001\243\202\001 +\032\060\202\001\026\060\017\006\003\125\035\023\001\001\377\004 +\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 +\024\030\207\126\340\156\167\356\044\065\074\116\163\232\037\326 +\341\342\171\176\053\060\037\006\003\125\035\043\004\030\060\026 +\200\024\030\207\126\340\156\167\356\044\065\074\116\163\232\037 +\326\341\342\171\176\053\060\104\006\003\125\035\040\004\075\060 +\073\060\071\006\004\125\035\040\000\060\061\060\057\006\010\053 +\006\001\005\005\007\002\001\026\043\150\164\164\160\163\072\057 +\057\167\167\167\167\056\143\145\162\164\151\147\156\141\056\146 +\162\057\141\165\164\157\162\151\164\145\163\057\060\155\006\003 +\125\035\037\004\146\060\144\060\057\240\055\240\053\206\051\150 +\164\164\160\072\057\057\143\162\154\056\143\145\162\164\151\147 +\156\141\056\146\162\057\143\145\162\164\151\147\156\141\162\157 +\157\164\143\141\056\143\162\154\060\061\240\057\240\055\206\053 +\150\164\164\160\072\057\057\143\162\154\056\144\150\151\155\171 +\157\164\151\163\056\143\157\155\057\143\145\162\164\151\147\156 +\141\162\157\157\164\143\141\056\143\162\154\060\015\006\011\052 +\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\224 +\270\236\117\360\343\225\010\042\347\315\150\101\367\034\125\325 +\174\000\342\055\072\211\135\150\070\057\121\042\013\112\215\313 +\351\273\135\076\273\134\075\261\050\376\344\123\125\023\317\241 +\220\033\002\035\137\146\106\011\063\050\341\015\044\227\160\323 +\020\037\352\144\127\226\273\135\332\347\304\214\117\114\144\106 +\035\134\207\343\131\336\102\321\233\250\176\246\211\335\217\034 +\311\060\202\355\073\234\315\300\351\031\340\152\330\002\165\067 +\253\367\064\050\050\221\362\004\012\117\065\343\140\046\001\372 +\320\021\214\371\021\152\356\257\075\303\120\323\217\137\063\171 +\074\206\250\163\105\220\214\040\266\162\163\027\043\276\007\145 +\345\170\222\015\272\001\300\353\214\034\146\277\254\206\167\001 +\224\015\234\346\351\071\215\037\246\121\214\231\014\071\167\341 +\264\233\372\034\147\127\157\152\152\216\251\053\114\127\171\172 +\127\042\317\315\137\143\106\215\134\131\072\206\370\062\107\142 +\243\147\015\030\221\334\373\246\153\365\110\141\163\043\131\216 +\002\247\274\104\352\364\111\235\361\124\130\371\140\257\332\030 +\244\057\050\105\334\172\240\210\206\135\363\073\347\377\051\065 +\200\374\144\103\224\346\343\034\157\276\255\016\052\143\231\053 +\311\176\205\366\161\350\006\003\225\376\336\217\110\034\132\324 +\222\350\053\356\347\061\333\272\004\152\207\230\347\305\137\357 +\175\247\042\367\001\330\115\371\211\320\016\232\005\131\244\236 +\230\331\157\053\312\160\276\144\302\125\243\364\351\257\303\222 +\051\334\210\026\044\231\074\215\046\230\266\133\267\314\316\267 +\067\007\375\046\331\230\205\044\377\131\043\003\232\355\235\235 +\250\344\136\070\316\327\122\015\157\322\077\155\261\005\153\111 +\316\212\221\106\163\364\366\057\360\250\163\167\016\145\254\241 +\215\146\122\151\176\113\150\014\307\036\067\047\203\245\214\307 +\002\344\024\315\111\001\260\163\263\375\306\220\072\157\322\154 +\355\073\356\354\221\276\242\103\135\213\000\112\146\045\104\160 +\336\100\017\370\174\025\367\242\316\074\327\136\023\214\201\027 +\030\027\321\275\361\167\020\072\324\145\071\301\047\254\127\054 +\045\124\377\242\332\117\212\141\071\136\256\075\112\214\275 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Certigna Root CA" +# Issuer: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR +# Serial Number:00:ca:e9:1b:89:f1:55:03:0d:a3:e6:41:6d:c4:e3:a6:e1 +# Subject: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR +# Not Valid Before: Tue Oct 01 08:32:27 2013 +# Not Valid After : Sat Oct 01 08:32:27 2033 +# Fingerprint (SHA-256): D4:8D:3D:23:EE:DB:50:A4:59:E5:51:97:60:1C:27:77:4B:9D:7B:18:C9:4D:5A:05:95:11:A1:02:50:B9:31:68 +# Fingerprint (SHA1): 2D:0D:52:14:FF:9E:AD:99:24:01:74:20:47:6E:6C:85:27:27:F5:43 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Certigna Root CA" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\055\015\122\024\377\236\255\231\044\001\164\040\107\156\154\205 +\047\047\365\103 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\016\134\060\142\047\353\133\274\327\256\142\272\351\325\337\167 +END +CKA_ISSUER MULTILINE_OCTAL +\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157 +\164\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060 +\060\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063 +\066\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164 +\151\147\156\141\040\122\157\157\164\040\103\101 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\021\000\312\351\033\211\361\125\003\015\243\346\101\155\304 +\343\246\341 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "emSign Root CA - G1" +# +# Issuer: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Serial Number:31:f5:e4:62:0c:6c:58:ed:d6:d8 +# Subject: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 40:F6:AF:03:46:A9:9A:A1:CD:1D:55:5A:4E:9C:CE:62:C7:F9:63:46:03:EE:40:66:15:83:3D:C8:C8:D0:03:67 +# Fingerprint (SHA1): 8A:C7:AD:8F:73:AC:4E:C1:B5:75:4D:A5:40:F4:FC:CF:7C:B5:8E:8C +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "emSign Root CA - G1" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032\006 +\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157 +\164\040\103\101\040\055\040\107\061 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032\006 +\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157 +\164\040\103\101\040\055\040\107\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\012\061\365\344\142\014\154\130\355\326\330 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\224\060\202\002\174\240\003\002\001\002\002\012\061 +\365\344\142\014\154\130\355\326\330\060\015\006\011\052\206\110 +\206\367\015\001\001\013\005\000\060\147\061\013\060\011\006\003 +\125\004\006\023\002\111\116\061\023\060\021\006\003\125\004\013 +\023\012\145\155\123\151\147\156\040\120\113\111\061\045\060\043 +\006\003\125\004\012\023\034\145\115\165\144\150\162\141\040\124 +\145\143\150\156\157\154\157\147\151\145\163\040\114\151\155\151 +\164\145\144\061\034\060\032\006\003\125\004\003\023\023\145\155 +\123\151\147\156\040\122\157\157\164\040\103\101\040\055\040\107 +\061\060\036\027\015\061\070\060\062\061\070\061\070\063\060\060 +\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060\060 +\132\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116 +\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147 +\156\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034 +\145\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157 +\147\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032 +\006\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157 +\157\164\040\103\101\040\055\040\107\061\060\202\001\042\060\015 +\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001 +\017\000\060\202\001\012\002\202\001\001\000\223\113\273\351\146 +\212\356\235\133\325\064\223\320\033\036\303\347\236\270\144\063 +\177\143\170\150\264\315\056\161\165\327\233\040\306\115\051\274 +\266\150\140\212\367\041\232\126\065\132\363\166\275\330\315\232 +\377\223\126\113\245\131\006\241\223\064\051\335\026\064\165\116 +\362\201\264\307\226\116\255\031\025\122\112\376\074\160\165\160 +\315\257\053\253\025\232\063\074\252\263\213\252\315\103\375\365 +\352\160\377\355\317\021\073\224\316\116\062\026\323\043\100\052 +\167\263\257\074\001\054\154\355\231\054\213\331\116\151\230\262 +\367\217\101\260\062\170\141\326\015\137\303\372\242\100\222\035 +\134\027\346\160\076\065\347\242\267\302\142\342\253\244\070\114 +\265\071\065\157\352\003\151\372\072\124\150\205\155\326\362\057 +\103\125\036\221\015\016\330\325\152\244\226\321\023\074\054\170 +\120\350\072\222\322\027\126\345\065\032\100\034\076\215\054\355 +\071\337\102\340\203\101\164\337\243\315\302\206\140\110\150\343 +\151\013\124\000\213\344\166\151\041\015\171\116\064\010\136\024 +\302\314\261\267\255\327\174\160\212\307\205\002\003\001\000\001 +\243\102\060\100\060\035\006\003\125\035\016\004\026\004\024\373 +\357\015\206\236\260\343\335\251\271\361\041\027\177\076\374\360 +\167\053\032\060\016\006\003\125\035\017\001\001\377\004\004\003 +\002\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060 +\003\001\001\377\060\015\006\011\052\206\110\206\367\015\001\001 +\013\005\000\003\202\001\001\000\131\377\362\214\365\207\175\161 +\075\243\237\033\133\321\332\370\323\234\153\066\275\233\251\141 +\353\336\026\054\164\075\236\346\165\332\327\272\247\274\102\027 +\347\075\221\353\345\175\335\076\234\361\317\222\254\154\110\314 +\302\042\077\151\073\305\266\025\057\243\065\306\150\052\034\127 +\257\071\357\215\320\065\303\030\014\173\000\126\034\315\213\031 +\164\336\276\017\022\340\320\252\241\077\002\064\261\160\316\235 +\030\326\010\003\011\106\356\140\340\176\266\304\111\004\121\175 +\160\140\274\252\262\377\171\162\172\246\035\075\137\052\370\312 +\342\375\071\267\107\271\353\176\337\004\043\257\372\234\006\007 +\351\373\143\223\200\100\265\306\154\012\061\050\316\014\237\317 +\263\043\065\200\101\215\154\304\067\173\201\057\200\241\100\102 +\205\351\331\070\215\350\241\123\315\001\277\151\350\132\006\362 +\105\013\220\372\256\341\277\235\362\256\127\074\245\256\262\126 +\364\213\145\100\351\375\061\201\054\364\071\011\330\356\153\247 +\264\246\035\025\245\230\367\001\201\330\205\175\363\121\134\161 +\210\336\272\314\037\200\176\112 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "emSign Root CA - G1" +# Issuer: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Serial Number:31:f5:e4:62:0c:6c:58:ed:d6:d8 +# Subject: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 40:F6:AF:03:46:A9:9A:A1:CD:1D:55:5A:4E:9C:CE:62:C7:F9:63:46:03:EE:40:66:15:83:3D:C8:C8:D0:03:67 +# Fingerprint (SHA1): 8A:C7:AD:8F:73:AC:4E:C1:B5:75:4D:A5:40:F4:FC:CF:7C:B5:8E:8C +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "emSign Root CA - G1" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\212\307\255\217\163\254\116\301\265\165\115\245\100\364\374\317 +\174\265\216\214 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\234\102\204\127\335\313\013\247\056\225\255\266\363\332\274\254 +END +CKA_ISSUER MULTILINE_OCTAL +\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032\006 +\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157 +\164\040\103\101\040\055\040\107\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\012\061\365\344\142\014\154\130\355\326\330 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "emSign ECC Root CA - G3" +# +# Issuer: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Serial Number:3c:f6:07:a9:68:70:0e:da:8b:84 +# Subject: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 86:A1:EC:BA:08:9C:4A:8D:3B:BE:27:34:C6:12:BA:34:1D:81:3E:04:3C:F9:E8:A8:62:CD:5C:57:A3:6B:BE:6B +# Fingerprint (SHA1): 30:43:FA:4F:F2:57:DC:A0:C3:80:EE:2E:58:EA:78:B2:3F:E6:BB:C1 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "emSign ECC Root CA - G3" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\153\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\040\060\036\006 +\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103 +\040\122\157\157\164\040\103\101\040\055\040\107\063 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\153\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\040\060\036\006 +\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103 +\040\122\157\157\164\040\103\101\040\055\040\107\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\012\074\366\007\251\150\160\016\332\213\204 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\116\060\202\001\323\240\003\002\001\002\002\012\074 +\366\007\251\150\160\016\332\213\204\060\012\006\010\052\206\110 +\316\075\004\003\003\060\153\061\013\060\011\006\003\125\004\006 +\023\002\111\116\061\023\060\021\006\003\125\004\013\023\012\145 +\155\123\151\147\156\040\120\113\111\061\045\060\043\006\003\125 +\004\012\023\034\145\115\165\144\150\162\141\040\124\145\143\150 +\156\157\154\157\147\151\145\163\040\114\151\155\151\164\145\144 +\061\040\060\036\006\003\125\004\003\023\027\145\155\123\151\147 +\156\040\105\103\103\040\122\157\157\164\040\103\101\040\055\040 +\107\063\060\036\027\015\061\070\060\062\061\070\061\070\063\060 +\060\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060 +\060\132\060\153\061\013\060\011\006\003\125\004\006\023\002\111 +\116\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151 +\147\156\040\120\113\111\061\045\060\043\006\003\125\004\012\023 +\034\145\115\165\144\150\162\141\040\124\145\143\150\156\157\154 +\157\147\151\145\163\040\114\151\155\151\164\145\144\061\040\060 +\036\006\003\125\004\003\023\027\145\155\123\151\147\156\040\105 +\103\103\040\122\157\157\164\040\103\101\040\055\040\107\063\060 +\166\060\020\006\007\052\206\110\316\075\002\001\006\005\053\201 +\004\000\042\003\142\000\004\043\245\014\270\055\022\365\050\363 +\261\262\335\342\002\022\200\236\071\137\111\115\237\311\045\064 +\131\164\354\273\006\034\347\300\162\257\350\256\057\341\101\124 +\207\024\250\112\262\350\174\202\346\133\152\265\334\263\165\316 +\213\006\320\206\043\277\106\325\216\017\077\004\364\327\034\222 +\176\366\245\143\302\365\137\216\056\117\241\030\031\002\053\062 +\012\202\144\175\026\223\321\243\102\060\100\060\035\006\003\125 +\035\016\004\026\004\024\174\135\002\204\023\324\314\212\233\201 +\316\027\034\056\051\036\234\110\143\102\060\016\006\003\125\035 +\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035 +\023\001\001\377\004\005\060\003\001\001\377\060\012\006\010\052 +\206\110\316\075\004\003\003\003\151\000\060\146\002\061\000\276 +\363\141\317\002\020\035\144\225\007\270\030\156\210\205\005\057 +\203\010\027\220\312\037\212\114\350\015\033\172\261\255\325\201 +\011\107\357\073\254\010\004\174\134\231\261\355\107\007\322\002 +\061\000\235\272\125\374\251\112\350\355\355\346\166\001\102\173 +\310\370\140\331\215\121\213\125\073\373\214\173\353\145\011\303 +\370\226\315\107\250\202\362\026\125\167\044\176\022\020\225\004 +\054\243 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "emSign ECC Root CA - G3" +# Issuer: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Serial Number:3c:f6:07:a9:68:70:0e:da:8b:84 +# Subject: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 86:A1:EC:BA:08:9C:4A:8D:3B:BE:27:34:C6:12:BA:34:1D:81:3E:04:3C:F9:E8:A8:62:CD:5C:57:A3:6B:BE:6B +# Fingerprint (SHA1): 30:43:FA:4F:F2:57:DC:A0:C3:80:EE:2E:58:EA:78:B2:3F:E6:BB:C1 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "emSign ECC Root CA - G3" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\060\103\372\117\362\127\334\240\303\200\356\056\130\352\170\262 +\077\346\273\301 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\316\013\162\321\237\210\216\320\120\003\350\343\270\213\147\100 +END +CKA_ISSUER MULTILINE_OCTAL +\060\153\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\040\060\036\006 +\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103 +\040\122\157\157\164\040\103\101\040\055\040\107\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\012\074\366\007\251\150\160\016\332\213\204 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "emSign Root CA - C1" +# +# Issuer: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US +# Serial Number:00:ae:cf:00:ba:c4:cf:32:f8:43:b2 +# Subject: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 12:56:09:AA:30:1D:A0:A2:49:B9:7A:82:39:CB:6A:34:21:6F:44:DC:AC:9F:39:54:B1:42:92:F2:E8:C8:60:8F +# Fingerprint (SHA1): E7:2E:F1:DF:FC:B2:09:28:CF:5D:D4:D5:67:37:B1:51:CB:86:4F:01 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "emSign Root CA - C1" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006\003 +\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157\164 +\040\103\101\040\055\040\103\061 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006\003 +\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157\164 +\040\103\101\040\055\040\103\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\013\000\256\317\000\272\304\317\062\370\103\262 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\163\060\202\002\133\240\003\002\001\002\002\013\000 +\256\317\000\272\304\317\062\370\103\262\060\015\006\011\052\206 +\110\206\367\015\001\001\013\005\000\060\126\061\013\060\011\006 +\003\125\004\006\023\002\125\123\061\023\060\021\006\003\125\004 +\013\023\012\145\155\123\151\147\156\040\120\113\111\061\024\060 +\022\006\003\125\004\012\023\013\145\115\165\144\150\162\141\040 +\111\156\143\061\034\060\032\006\003\125\004\003\023\023\145\155 +\123\151\147\156\040\122\157\157\164\040\103\101\040\055\040\103 +\061\060\036\027\015\061\070\060\062\061\070\061\070\063\060\060 +\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060\060 +\132\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147 +\156\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013 +\145\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006 +\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157 +\164\040\103\101\040\055\040\103\061\060\202\001\042\060\015\006 +\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017 +\000\060\202\001\012\002\202\001\001\000\317\353\251\271\361\231 +\005\314\330\050\041\112\363\163\064\121\204\126\020\365\240\117 +\054\022\343\372\023\232\047\320\317\371\171\032\164\137\035\171 +\071\374\133\370\160\216\340\222\122\367\344\045\371\124\203\331 +\035\323\310\132\205\077\136\307\266\007\356\076\300\316\232\257 +\254\126\102\052\071\045\160\326\277\265\173\066\255\254\366\163 +\334\315\327\035\212\203\245\373\053\220\025\067\153\034\046\107 +\334\073\051\126\223\152\263\301\152\072\235\075\365\301\227\070 +\130\005\213\034\021\343\344\264\270\135\205\035\203\376\170\137 +\013\105\150\030\110\245\106\163\064\073\376\017\310\166\273\307 +\030\363\005\321\206\363\205\355\347\271\331\062\255\125\210\316 +\246\266\221\260\117\254\176\025\043\226\366\077\360\040\064\026 +\336\012\306\304\004\105\171\177\247\375\276\322\251\245\257\234 +\305\043\052\367\074\041\154\275\257\217\116\305\072\262\363\064 +\022\374\337\200\032\111\244\324\251\225\367\236\211\136\242\211 +\254\224\313\250\150\233\257\212\145\047\315\211\356\335\214\265 +\153\051\160\103\240\151\013\344\271\017\002\003\001\000\001\243 +\102\060\100\060\035\006\003\125\035\016\004\026\004\024\376\241 +\340\160\036\052\003\071\122\132\102\276\134\221\205\172\030\252 +\115\265\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003 +\001\001\377\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\003\202\001\001\000\302\112\126\372\025\041\173\050\242 +\351\345\035\373\370\055\304\071\226\101\114\073\047\054\304\154 +\030\025\200\306\254\257\107\131\057\046\013\343\066\260\357\073 +\376\103\227\111\062\231\022\025\133\337\021\051\377\253\123\370 +\273\301\170\017\254\234\123\257\127\275\150\214\075\151\063\360 +\243\240\043\143\073\144\147\042\104\255\325\161\313\126\052\170 +\222\243\117\022\061\066\066\342\336\376\000\304\243\140\017\047 +\255\240\260\212\265\066\172\122\241\275\047\364\040\047\142\350 +\115\224\044\023\344\012\004\351\074\253\056\310\103\011\112\306 +\141\004\345\111\064\176\323\304\310\365\017\300\252\351\272\124 +\136\363\143\053\117\117\120\324\376\271\173\231\214\075\300\056 +\274\002\053\323\304\100\344\212\007\061\036\233\316\046\231\023 +\373\021\352\232\042\014\021\031\307\136\033\201\120\060\310\226 +\022\156\347\313\101\177\221\073\242\107\267\124\200\033\334\000 +\314\232\220\352\303\303\120\006\142\014\060\300\025\110\247\250 +\131\174\341\256\042\242\342\012\172\017\372\142\253\122\114\341 +\361\337\312\276\203\015\102 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "emSign Root CA - C1" +# Issuer: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US +# Serial Number:00:ae:cf:00:ba:c4:cf:32:f8:43:b2 +# Subject: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 12:56:09:AA:30:1D:A0:A2:49:B9:7A:82:39:CB:6A:34:21:6F:44:DC:AC:9F:39:54:B1:42:92:F2:E8:C8:60:8F +# Fingerprint (SHA1): E7:2E:F1:DF:FC:B2:09:28:CF:5D:D4:D5:67:37:B1:51:CB:86:4F:01 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "emSign Root CA - C1" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\347\056\361\337\374\262\011\050\317\135\324\325\147\067\261\121 +\313\206\117\001 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\330\343\135\001\041\372\170\132\260\337\272\322\356\052\137\150 +END +CKA_ISSUER MULTILINE_OCTAL +\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006\003 +\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157\164 +\040\103\101\040\055\040\103\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\013\000\256\317\000\272\304\317\062\370\103\262 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "emSign ECC Root CA - C3" +# +# Issuer: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US +# Serial Number:7b:71:b6:82:56:b8:12:7c:9c:a8 +# Subject: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): BC:4D:80:9B:15:18:9D:78:DB:3E:1D:8C:F4:F9:72:6A:79:5D:A1:64:3C:A5:F1:35:8E:1D:DB:0E:DC:0D:7E:B3 +# Fingerprint (SHA1): B6:AF:43:C2:9B:81:53:7D:F6:EF:6B:C3:1F:1F:60:15:0C:EE:48:66 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "emSign ECC Root CA - C3" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006\003 +\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103\040 +\122\157\157\164\040\103\101\040\055\040\103\063 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006\003 +\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103\040 +\122\157\157\164\040\103\101\040\055\040\103\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\012\173\161\266\202\126\270\022\174\234\250 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\053\060\202\001\261\240\003\002\001\002\002\012\173 +\161\266\202\126\270\022\174\234\250\060\012\006\010\052\206\110 +\316\075\004\003\003\060\132\061\013\060\011\006\003\125\004\006 +\023\002\125\123\061\023\060\021\006\003\125\004\013\023\012\145 +\155\123\151\147\156\040\120\113\111\061\024\060\022\006\003\125 +\004\012\023\013\145\115\165\144\150\162\141\040\111\156\143\061 +\040\060\036\006\003\125\004\003\023\027\145\155\123\151\147\156 +\040\105\103\103\040\122\157\157\164\040\103\101\040\055\040\103 +\063\060\036\027\015\061\070\060\062\061\070\061\070\063\060\060 +\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060\060 +\132\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147 +\156\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013 +\145\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006 +\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103 +\040\122\157\157\164\040\103\101\040\055\040\103\063\060\166\060 +\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000 +\042\003\142\000\004\375\245\141\256\173\046\020\035\351\267\042 +\060\256\006\364\201\263\261\102\161\225\071\274\323\122\343\257 +\257\371\362\227\065\222\066\106\016\207\225\215\271\071\132\351 +\273\337\320\376\310\007\101\074\273\125\157\203\243\152\373\142 +\260\201\211\002\160\175\110\305\112\343\351\042\124\042\115\223 +\273\102\014\257\167\234\043\246\175\327\141\021\316\145\307\370 +\177\376\365\362\251\243\102\060\100\060\035\006\003\125\035\016 +\004\026\004\024\373\132\110\320\200\040\100\362\250\351\000\007 +\151\031\167\247\346\303\364\317\060\016\006\003\125\035\017\001 +\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023\001 +\001\377\004\005\060\003\001\001\377\060\012\006\010\052\206\110 +\316\075\004\003\003\003\150\000\060\145\002\061\000\264\330\057 +\002\211\375\266\114\142\272\103\116\023\204\162\265\256\335\034 +\336\326\265\334\126\217\130\100\132\055\336\040\114\042\203\312 +\223\250\176\356\022\100\307\326\207\117\370\337\205\002\060\034 +\024\144\344\174\226\203\021\234\260\321\132\141\113\246\017\111 +\323\000\374\241\374\344\245\377\177\255\327\060\320\307\167\177 +\276\201\007\125\060\120\040\024\365\127\070\012\250\061\121 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "emSign ECC Root CA - C3" +# Issuer: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US +# Serial Number:7b:71:b6:82:56:b8:12:7c:9c:a8 +# Subject: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): BC:4D:80:9B:15:18:9D:78:DB:3E:1D:8C:F4:F9:72:6A:79:5D:A1:64:3C:A5:F1:35:8E:1D:DB:0E:DC:0D:7E:B3 +# Fingerprint (SHA1): B6:AF:43:C2:9B:81:53:7D:F6:EF:6B:C3:1F:1F:60:15:0C:EE:48:66 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "emSign ECC Root CA - C3" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\266\257\103\302\233\201\123\175\366\357\153\303\037\037\140\025 +\014\356\110\146 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\076\123\263\243\201\356\327\020\370\323\260\035\027\222\365\325 +END +CKA_ISSUER MULTILINE_OCTAL +\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006\003 +\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103\040 +\122\157\157\164\040\103\101\040\055\040\103\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\012\173\161\266\202\126\270\022\174\234\250 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Hongkong Post Root CA 3" +# +# Issuer: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK +# Serial Number:08:16:5f:8a:4c:a5:ec:00:c9:93:40:df:c4:c6:ae:23:b8:1c:5a:a4 +# Subject: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK +# Not Valid Before: Sat Jun 03 02:29:46 2017 +# Not Valid After : Tue Jun 03 02:29:46 2042 +# Fingerprint (SHA-256): 5A:2F:C0:3F:0C:83:B0:90:BB:FA:40:60:4B:09:88:44:6C:76:36:18:3D:F9:84:6E:17:10:1A:44:7F:B8:EF:D6 +# Fingerprint (SHA1): 58:A2:D0:EC:20:52:81:5B:C1:F3:F8:64:02:24:4E:C2:8E:02:4B:02 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Hongkong Post Root CA 3" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\157\061\013\060\011\006\003\125\004\006\023\002\110\113\061 +\022\060\020\006\003\125\004\010\023\011\110\157\156\147\040\113 +\157\156\147\061\022\060\020\006\003\125\004\007\023\011\110\157 +\156\147\040\113\157\156\147\061\026\060\024\006\003\125\004\012 +\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164\061 +\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153\157 +\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101\040 +\063 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\157\061\013\060\011\006\003\125\004\006\023\002\110\113\061 +\022\060\020\006\003\125\004\010\023\011\110\157\156\147\040\113 +\157\156\147\061\022\060\020\006\003\125\004\007\023\011\110\157 +\156\147\040\113\157\156\147\061\026\060\024\006\003\125\004\012 +\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164\061 +\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153\157 +\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101\040 +\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\010\026\137\212\114\245\354\000\311\223\100\337\304\306 +\256\043\270\034\132\244 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\317\060\202\003\267\240\003\002\001\002\002\024\010 +\026\137\212\114\245\354\000\311\223\100\337\304\306\256\043\270 +\034\132\244\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\060\157\061\013\060\011\006\003\125\004\006\023\002\110 +\113\061\022\060\020\006\003\125\004\010\023\011\110\157\156\147 +\040\113\157\156\147\061\022\060\020\006\003\125\004\007\023\011 +\110\157\156\147\040\113\157\156\147\061\026\060\024\006\003\125 +\004\012\023\015\110\157\156\147\153\157\156\147\040\120\157\163 +\164\061\040\060\036\006\003\125\004\003\023\027\110\157\156\147 +\153\157\156\147\040\120\157\163\164\040\122\157\157\164\040\103 +\101\040\063\060\036\027\015\061\067\060\066\060\063\060\062\062 +\071\064\066\132\027\015\064\062\060\066\060\063\060\062\062\071 +\064\066\132\060\157\061\013\060\011\006\003\125\004\006\023\002 +\110\113\061\022\060\020\006\003\125\004\010\023\011\110\157\156 +\147\040\113\157\156\147\061\022\060\020\006\003\125\004\007\023 +\011\110\157\156\147\040\113\157\156\147\061\026\060\024\006\003 +\125\004\012\023\015\110\157\156\147\153\157\156\147\040\120\157 +\163\164\061\040\060\036\006\003\125\004\003\023\027\110\157\156 +\147\153\157\156\147\040\120\157\163\164\040\122\157\157\164\040 +\103\101\040\063\060\202\002\042\060\015\006\011\052\206\110\206 +\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 +\002\202\002\001\000\263\210\327\352\316\017\040\116\276\346\326 +\003\155\356\131\374\302\127\337\051\150\241\203\016\076\150\307 +\150\130\234\034\140\113\211\103\014\271\324\025\262\356\301\116 +\165\351\265\247\357\345\351\065\231\344\314\034\347\113\137\215 +\063\060\040\063\123\331\246\273\325\076\023\216\351\037\207\111 +\255\120\055\120\312\030\276\001\130\242\023\160\226\273\211\210 +\126\200\134\370\275\054\074\341\114\127\210\273\323\271\225\357 +\313\307\366\332\061\164\050\246\346\124\211\365\101\061\312\345 +\046\032\315\202\340\160\332\073\051\273\325\003\365\231\272\125 +\365\144\321\140\016\263\211\111\270\212\057\005\322\204\105\050 +\174\217\150\120\022\170\374\013\265\123\313\302\230\034\204\243 +\236\260\276\043\244\332\334\310\053\036\332\156\105\036\211\230 +\332\371\000\056\006\351\014\073\160\325\120\045\210\231\313\315 +\163\140\367\325\377\065\147\305\241\274\136\253\315\112\270\105 +\353\310\150\036\015\015\024\106\022\343\322\144\142\212\102\230 +\274\264\306\010\010\370\375\250\114\144\234\166\001\275\057\251 +\154\063\017\330\077\050\270\074\151\001\102\206\176\151\301\311 +\006\312\345\172\106\145\351\302\326\120\101\056\077\267\344\355 +\154\327\277\046\001\021\242\026\051\112\153\064\006\220\354\023 +\322\266\373\152\166\322\074\355\360\326\055\335\341\025\354\243 +\233\057\054\311\076\053\344\151\073\377\162\045\261\066\206\133 +\307\177\153\213\125\033\112\305\040\141\075\256\313\120\341\010 +\072\276\260\217\143\101\123\060\010\131\074\230\035\167\272\143 +\221\172\312\020\120\140\277\360\327\274\225\207\217\227\305\376 +\227\152\001\224\243\174\133\205\035\052\071\072\320\124\241\321 +\071\161\235\375\041\371\265\173\360\342\340\002\217\156\226\044 +\045\054\240\036\054\250\304\211\247\357\355\231\006\057\266\012 +\114\117\333\242\314\067\032\257\107\205\055\212\137\304\064\064 +\114\000\375\030\223\147\023\321\067\346\110\264\213\006\305\127 +\173\031\206\012\171\313\000\311\122\257\102\377\067\217\341\243 +\036\172\075\120\253\143\006\347\025\265\077\266\105\067\224\067 +\261\176\362\110\303\177\305\165\376\227\215\105\217\032\247\032 +\162\050\032\100\017\002\003\001\000\001\243\143\060\141\060\017 +\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 +\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 +\037\006\003\125\035\043\004\030\060\026\200\024\027\235\315\036 +\213\326\071\053\160\323\134\324\240\270\037\260\000\374\305\141 +\060\035\006\003\125\035\016\004\026\004\024\027\235\315\036\213 +\326\071\053\160\323\134\324\240\270\037\260\000\374\305\141\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202 +\002\001\000\126\325\173\156\346\042\001\322\102\233\030\325\016 +\327\146\043\134\343\376\240\307\222\322\351\224\255\113\242\306 +\354\022\174\164\325\110\322\131\024\231\300\353\271\321\353\364 +\110\060\133\255\247\127\163\231\251\323\345\267\321\056\131\044 +\130\334\150\056\056\142\330\152\344\160\013\055\040\120\040\244 +\062\225\321\000\230\273\323\375\367\062\362\111\256\306\172\340 +\107\276\156\316\313\243\162\072\055\151\135\313\310\350\105\071 +\324\372\102\301\021\114\167\135\222\373\152\377\130\104\345\353 +\201\236\257\240\231\255\276\251\001\146\313\070\035\074\337\103 +\037\364\115\156\264\272\027\106\374\175\375\207\201\171\152\015 +\063\017\372\057\370\024\271\200\263\135\115\252\227\341\371\344 +\030\305\370\325\070\214\046\074\375\362\050\342\356\132\111\210 +\054\337\171\075\216\236\220\074\275\101\112\072\335\133\366\232 +\264\316\077\045\060\177\062\175\242\003\224\320\334\172\241\122 +\336\156\223\215\030\046\375\125\254\275\217\233\322\317\257\347 +\206\054\313\037\011\157\243\157\251\204\324\163\277\115\241\164 +\033\116\043\140\362\314\016\252\177\244\234\114\045\250\262\146 +\073\070\377\331\224\060\366\162\204\276\150\125\020\017\306\163 +\054\026\151\223\007\376\261\105\355\273\242\125\152\260\332\265 +\112\002\045\047\205\327\267\267\206\104\026\211\154\200\053\076 +\227\251\234\325\176\125\114\306\336\105\020\034\352\351\073\237 +\003\123\356\356\172\001\002\026\170\324\350\302\276\106\166\210 +\023\077\042\273\110\022\035\122\000\264\002\176\041\032\036\234 +\045\364\363\075\136\036\322\034\371\263\055\266\367\067\134\306 +\313\041\116\260\367\231\107\030\205\301\053\272\125\256\006\352 +\320\007\262\334\253\320\202\226\165\316\322\120\376\231\347\317 +\057\237\347\166\321\141\052\373\041\273\061\320\252\237\107\244 +\262\042\312\026\072\120\127\304\133\103\147\305\145\142\003\111 +\001\353\103\331\330\370\236\255\317\261\143\016\105\364\240\132 +\054\233\055\305\246\300\255\250\107\364\047\114\070\015\056\033 +\111\073\122\364\350\210\203\053\124\050\324\362\065\122\264\062 +\203\142\151\144\014\221\234\237\227\352\164\026\375\037\021\006 +\232\233\364 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Hongkong Post Root CA 3" +# Issuer: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK +# Serial Number:08:16:5f:8a:4c:a5:ec:00:c9:93:40:df:c4:c6:ae:23:b8:1c:5a:a4 +# Subject: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK +# Not Valid Before: Sat Jun 03 02:29:46 2017 +# Not Valid After : Tue Jun 03 02:29:46 2042 +# Fingerprint (SHA-256): 5A:2F:C0:3F:0C:83:B0:90:BB:FA:40:60:4B:09:88:44:6C:76:36:18:3D:F9:84:6E:17:10:1A:44:7F:B8:EF:D6 +# Fingerprint (SHA1): 58:A2:D0:EC:20:52:81:5B:C1:F3:F8:64:02:24:4E:C2:8E:02:4B:02 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Hongkong Post Root CA 3" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\130\242\320\354\040\122\201\133\301\363\370\144\002\044\116\302 +\216\002\113\002 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\021\374\237\275\163\060\002\212\375\077\363\130\271\313\040\360 +END +CKA_ISSUER MULTILINE_OCTAL +\060\157\061\013\060\011\006\003\125\004\006\023\002\110\113\061 +\022\060\020\006\003\125\004\010\023\011\110\157\156\147\040\113 +\157\156\147\061\022\060\020\006\003\125\004\007\023\011\110\157 +\156\147\040\113\157\156\147\061\026\060\024\006\003\125\004\012 +\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164\061 +\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153\157 +\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101\040 +\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\010\026\137\212\114\245\354\000\311\223\100\337\304\306 +\256\043\270\034\132\244 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Entrust Root Certification Authority - G4" +# +# Issuer: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US +# Serial Number:00:d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58 +# Subject: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US +# Not Valid Before: Wed May 27 11:11:16 2015 +# Not Valid After : Sun Dec 27 11:41:16 2037 +# Fingerprint (SHA-256): DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88 +# Fingerprint (SHA1): 14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Entrust Root Certification Authority - G4" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 +\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 +\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 +\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 +\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 +\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 +\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 +\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 +\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 +\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 +\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 +\064 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 +\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 +\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 +\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 +\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 +\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 +\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 +\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 +\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 +\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 +\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 +\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\021\000\331\265\103\177\257\251\071\017\000\000\000\000\125 +\145\255\130 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\006\113\060\202\004\063\240\003\002\001\002\002\021\000 +\331\265\103\177\257\251\071\017\000\000\000\000\125\145\255\130 +\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 +\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165\163 +\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 +\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165\163 +\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162\155 +\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051\040 +\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111\156 +\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162\151 +\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060\060 +\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040\122 +\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157 +\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107\064 +\060\036\027\015\061\065\060\065\062\067\061\061\061\061\061\066 +\132\027\015\063\067\061\062\062\067\061\061\064\061\061\066\132 +\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 +\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 +\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 +\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 +\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 +\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 +\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 +\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 +\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 +\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 +\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 +\064\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 +\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 +\001\000\261\354\054\102\356\342\321\060\377\245\222\107\342\055 +\303\272\144\227\155\312\367\015\265\131\301\263\313\250\150\031 +\330\257\204\155\060\160\135\176\363\056\322\123\231\341\376\037 +\136\331\110\257\135\023\215\333\377\143\063\115\323\000\002\274 +\304\370\321\006\010\224\171\130\212\025\336\051\263\375\375\304 +\117\350\252\342\240\073\171\315\277\153\103\062\335\331\164\020 +\271\367\364\150\324\273\320\207\325\252\113\212\052\157\052\004 +\265\262\246\307\240\172\346\110\253\322\321\131\314\326\176\043 +\346\227\154\360\102\345\334\121\113\025\101\355\111\112\311\336 +\020\227\326\166\301\357\245\265\066\024\227\065\330\170\042\065 +\122\357\103\275\333\047\333\141\126\202\064\334\313\210\140\014 +\013\132\345\054\001\306\124\257\327\252\301\020\173\322\005\132 +\270\100\236\206\247\303\220\206\002\126\122\011\172\234\322\047 +\202\123\112\145\122\152\365\074\347\250\362\234\257\213\275\323 +\016\324\324\136\156\207\236\152\075\105\035\321\135\033\364\351 +\012\254\140\231\373\211\264\377\230\054\317\174\035\351\002\252 +\004\232\036\270\334\210\156\045\263\154\146\367\074\220\363\127 +\301\263\057\365\155\362\373\312\241\370\051\235\106\213\263\152 +\366\346\147\007\276\054\147\012\052\037\132\262\076\127\304\323 +\041\041\143\145\122\221\033\261\231\216\171\176\346\353\215\000 +\331\132\252\352\163\350\244\202\002\107\226\376\133\216\124\141 +\243\353\057\113\060\260\213\043\165\162\174\041\074\310\366\361 +\164\324\034\173\243\005\125\356\273\115\073\062\276\232\167\146 +\236\254\151\220\042\007\037\141\072\226\276\345\232\117\314\005 +\074\050\131\323\301\014\124\250\131\141\275\310\162\114\350\334 +\237\207\177\275\234\110\066\136\225\243\016\271\070\044\125\374 +\165\146\353\002\343\010\064\051\112\306\343\053\057\063\240\332 +\243\206\245\022\227\375\200\053\332\024\102\343\222\275\076\362 +\135\136\147\164\056\034\210\107\051\064\137\342\062\250\234\045 +\067\214\272\230\000\227\213\111\226\036\375\045\212\254\334\332 +\330\135\164\156\146\260\377\104\337\241\030\306\276\110\057\067 +\224\170\370\225\112\077\177\023\136\135\131\375\164\206\103\143 +\163\111\002\003\001\000\001\243\102\060\100\060\017\006\003\125 +\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003 +\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003 +\125\035\016\004\026\004\024\237\070\304\126\043\303\071\350\240 +\161\154\350\124\114\344\350\072\261\277\147\060\015\006\011\052 +\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\022 +\345\102\246\173\213\017\014\344\106\245\266\140\100\207\214\045 +\176\255\270\150\056\133\306\100\166\074\003\370\311\131\364\363 +\253\142\316\020\215\264\132\144\214\150\300\260\162\103\064\322 +\033\013\366\054\123\322\312\220\113\206\146\374\252\203\042\364 +\213\032\157\046\110\254\166\167\010\277\305\230\134\364\046\211 +\236\173\303\271\144\062\001\177\323\303\335\130\155\354\261\253 +\204\125\164\167\204\004\047\122\153\206\114\316\335\271\145\377 +\326\306\136\237\232\020\231\113\165\152\376\152\351\227\040\344 +\344\166\172\306\320\044\252\220\315\040\220\272\107\144\373\177 +\007\263\123\170\265\012\142\362\163\103\316\101\053\201\152\056 +\205\026\224\123\324\153\137\162\042\253\121\055\102\325\000\234 +\231\277\336\273\224\073\127\375\232\365\206\313\126\073\133\210 +\001\345\174\050\113\003\371\111\203\174\262\177\174\343\355\216 +\241\177\140\123\216\125\235\120\064\022\017\267\227\173\154\207 +\112\104\347\365\155\354\200\067\360\130\031\156\112\150\166\360 +\037\222\344\352\265\222\323\141\121\020\013\255\247\331\137\307 +\137\334\037\243\134\214\241\176\233\267\236\323\126\157\146\136 +\007\226\040\355\013\164\373\146\116\213\021\025\351\201\111\176 +\157\260\324\120\177\042\327\137\145\002\015\246\364\205\036\330 +\256\006\113\112\247\322\061\146\302\370\316\345\010\246\244\002 +\226\104\150\127\304\325\063\317\031\057\024\304\224\034\173\244 +\331\360\237\016\261\200\342\321\236\021\144\251\210\021\072\166 +\202\345\142\302\200\330\244\203\355\223\357\174\057\220\260\062 +\114\226\025\150\110\122\324\231\010\300\044\350\034\343\263\245 +\041\016\222\300\220\037\317\040\137\312\073\070\307\267\155\072 +\363\346\104\270\016\061\153\210\216\160\353\234\027\122\250\101 +\224\056\207\266\347\246\022\305\165\337\133\300\012\156\173\244 +\344\136\206\371\066\224\337\167\303\351\015\300\071\361\171\273 +\106\216\253\103\131\047\267\040\273\043\351\126\100\041\354\061 +\075\145\252\103\362\075\337\160\104\341\272\115\046\020\073\230 +\237\363\310\216\033\070\126\041\152\121\223\323\221\312\106\332 +\211\267\075\123\203\054\010\037\213\217\123\335\377\254\037 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE + +# Trust for "Entrust Root Certification Authority - G4" +# Issuer: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US +# Serial Number:00:d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58 +# Subject: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US +# Not Valid Before: Wed May 27 11:11:16 2015 +# Not Valid After : Sun Dec 27 11:41:16 2037 +# Fingerprint (SHA-256): DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88 +# Fingerprint (SHA1): 14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Entrust Root Certification Authority - G4" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\024\210\116\206\046\067\260\046\257\131\142\134\100\167\354\065 +\051\272\226\001 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\211\123\361\203\043\267\174\216\005\361\214\161\070\116\037\210 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 +\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 +\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 +\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 +\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 +\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 +\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 +\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 +\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 +\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 +\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 +\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\021\000\331\265\103\177\257\251\071\017\000\000\000\000\125 +\145\255\130 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff --git a/security/nss/lib/util/pkcs11n.h b/security/nss/lib/util/pkcs11n.h index 22e86b1e..b993ed68 100644 --- a/security/nss/lib/util/pkcs11n.h +++ b/security/nss/lib/util/pkcs11n.h @@ -93,6 +93,8 @@ #define CKA_NSS_JPAKE_X2S (CKA_NSS + 33) #define CKA_NSS_MOZILLA_CA_POLICY (CKA_NSS + 34) +#define CKA_NSS_SERVER_DISTRUST_AFTER (CKA_NSS + 35) +#define CKA_NSS_EMAIL_DISTRUST_AFTER (CKA_NSS + 36) /* * Trust attributes: From 6712ac7edbdda06f8f6efbdb798e2d7793230915 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Tue, 7 Jan 2020 22:30:39 +0800 Subject: [PATCH 09/15] cherry-picked mozilla NSS upstream changes (to rev 632864c9, which is on par with 3.21.4): bug1221620, bug1244324, bug1241034, bug1206283, bug1241037, bug1245528, bug1293334, bug1306103, bug1345089, bug1344380 --- security/nss/coreconf/Werror.mk | 6 ++ security/nss/lib/freebl/blapi.h | 6 ++ security/nss/lib/freebl/drbg.c | 27 +++++++-- security/nss/lib/nss/nss.h | 4 +- security/nss/lib/softoken/softkver.h | 4 +- security/nss/lib/ssl/ssl3con.c | 76 +++++++++++++++++++------ security/nss/lib/util/dersubr.c | 22 +++++--- security/nss/lib/util/nssb64d.c | 2 +- security/nss/lib/util/nssb64e.c | 13 +++++ security/nss/lib/util/nssutil.h | 4 +- security/nss/lib/util/secasn1d.c | 51 +++++++++++++---- security/nss/lib/util/utf8.c | 84 +++++++++++++++++++++++++--- 12 files changed, 245 insertions(+), 54 deletions(-) diff --git a/security/nss/coreconf/Werror.mk b/security/nss/coreconf/Werror.mk index 6e2588ce..80bf0790 100644 --- a/security/nss/coreconf/Werror.mk +++ b/security/nss/coreconf/Werror.mk @@ -61,6 +61,12 @@ ifndef WARNING_CFLAGS ifeq ($(NSS_ENABLE_WERROR),1) WARNING_CFLAGS += -Werror + # For gcc 6 and newer we need -Wno-error=misleading-indentation + # to prevent compiler errors caused by mixed whitespace. + CC_VERSION := $(subst ., ,$(shell $(CC) -dumpversion)) + ifeq (,$(filter 0 1 2 3 4 5,$(word 1,$(CC_VERSION)))) + WARNING_CFLAGS += -Wno-error=misleading-indentation + endif else # Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. # Use this to disable use of that #pragma and the warnings it suppresses. diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h index 8324714d..c0bf40a5 100644 --- a/security/nss/lib/freebl/blapi.h +++ b/security/nss/lib/freebl/blapi.h @@ -1444,6 +1444,12 @@ FIPS186Change_ReduceModQForDSA(const unsigned char *w, const unsigned char *q, unsigned char *xj); +/* To allow NIST KAT tests */ +extern SECStatus +PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len, + const PRUint8 *nonce, unsigned int nonce_len, + const PRUint8 *personal_string, unsigned int ps_len); + /* * The following functions are for FIPS poweron self test and FIPS algorithm * testing. diff --git a/security/nss/lib/freebl/drbg.c b/security/nss/lib/freebl/drbg.c index 391d4560..168bc009 100644 --- a/security/nss/lib/freebl/drbg.c +++ b/security/nss/lib/freebl/drbg.c @@ -96,7 +96,8 @@ struct RNGContextStr { * RNG_RandomUpdate. */ PRUint8 additionalDataCache[PRNG_ADDITONAL_DATA_CACHE_SIZE]; PRUint32 additionalAvail; - PRBool isValid; /* false if RNG reaches an invalid state */ + PRBool isValid; /* false if RNG reaches an invalid state */ + PRBool isKatTest; /* true if running NIST PRNG KAT tests */ }; typedef struct RNGContextStr RNGContext; @@ -149,7 +150,7 @@ prng_Hash_df(PRUint8 *requested_bytes, unsigned int no_of_bytes_to_return, /* - * Hash_DRBG Instantiate NIST SP 800-80 10.1.1.2 + * Hash_DRBG Instantiate NIST SP 800-90 10.1.1.2 * * NOTE: bytes & len are entropy || nonce || personalization_string. In * normal operation, NSS calculates them all together in a single call. @@ -157,9 +158,11 @@ prng_Hash_df(PRUint8 *requested_bytes, unsigned int no_of_bytes_to_return, static SECStatus prng_instantiate(RNGContext *rng, const PRUint8 *bytes, unsigned int len) { - if (len < PRNG_SEEDLEN) { - /* if the seedlen is to small, it's probably because we failed to get - * enough random data */ + if (!rng->isKatTest && len < PRNG_SEEDLEN) { + /* If the seedlen is too small, it's probably because we failed to get + * enough random data. + * This is stricter than NIST SP800-90A requires. Don't enforce it for + * tests. */ PORT_SetError(SEC_ERROR_NEED_RANDOM); return SECFailure; } @@ -272,7 +275,7 @@ prng_reseed_test(RNGContext *rng, const PRUint8 *entropy, #define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \ PRNG_ADD_BITS(dest, dest_len, add, len, carry) \ - PRNG_ADD_CARRY_ONLY(dest, dest_len - len, carry) + PRNG_ADD_CARRY_ONLY(dest, dest_len - len - 1, carry) /* * This function expands the internal state of the prng to fulfill any number @@ -423,6 +426,7 @@ static PRStatus rng_init(void) } /* the RNG is in a valid state */ globalrng->isValid = PR_TRUE; + globalrng->isKatTest = PR_FALSE; /* fetch one random value so that we can populate rng->oldV for our * continous random number test. */ @@ -667,6 +671,17 @@ RNG_RNGShutdown(void) * entropy we may have previously collected. */ RNGContext testContext; +SECStatus +PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len, + const PRUint8 *nonce, unsigned int nonce_len, + const PRUint8 *personal_string, unsigned int ps_len) +{ + testContext.isKatTest = PR_TRUE; + return PRNGTEST_Instantiate(entropy, entropy_len, + nonce, nonce_len, + personal_string, ps_len); +} + /* * Test vector API. Use NIST SP 800-90 general interface so one of the * other NIST SP 800-90 algorithms may be used in the future. diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 70951fa6..d362bcb9 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -36,10 +36,10 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define NSS_VERSION "3.21" _NSS_ECC_STRING _NSS_CUSTOMIZED +#define NSS_VERSION "3.21.4" _NSS_ECC_STRING _NSS_CUSTOMIZED #define NSS_VMAJOR 3 #define NSS_VMINOR 21 -#define NSS_VPATCH 0 +#define NSS_VPATCH 4 #define NSS_VBUILD 0 #define NSS_BETA PR_FALSE diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index c7e25e1b..c954c884 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -25,10 +25,10 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.21" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.21.4" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 #define SOFTOKEN_VMINOR 21 -#define SOFTOKEN_VPATCH 0 +#define SOFTOKEN_VPATCH 4 #define SOFTOKEN_VBUILD 0 #define SOFTOKEN_BETA PR_FALSE diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index ead786cf..61083fc1 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -9963,6 +9963,7 @@ ssl3_HandleDHClientKeyExchange(sslSocket *ss, CKM_DH_PKCS_DERIVE, target, CKA_DERIVE, 0, NULL); if (pms == NULL) { ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + rv = SECFailure; goto loser; } @@ -11867,6 +11868,13 @@ ssl_ConstantTimeEQ8(unsigned char a, unsigned char b) return DUPLICATE_MSB_TO_ALL_8(c); } +/* ssl_constantTimeSelect return a if mask is 0xFF and b if mask is 0x00 */ +static unsigned char +ssl_constantTimeSelect(unsigned char mask, unsigned char a, unsigned char b) +{ + return (mask & a) | (~mask & b); +} + static SECStatus ssl_RemoveSSLv3CBCPadding(sslBuffer *plaintext, unsigned int blockSize, @@ -11970,22 +11978,54 @@ ssl_CBCExtractMAC(sslBuffer *plaintext, /* scanStart contains the number of bytes that we can ignore because * the MAC's position can only vary by 255 bytes. */ unsigned scanStart = 0; - unsigned i, j, divSpoiler; + unsigned i, j; unsigned char rotateOffset; - if (originalLength > macSize + 255 + 1) + if (originalLength > macSize + 255 + 1) { scanStart = originalLength - (macSize + 255 + 1); + } - /* divSpoiler contains a multiple of macSize that is used to cause the - * modulo operation to be constant time. Without this, the time varies - * based on the amount of padding when running on Intel chips at least. - * - * The aim of right-shifting macSize is so that the compiler doesn't - * figure out that it can remove divSpoiler as that would require it - * to prove that macSize is always even, which I hope is beyond it. */ - divSpoiler = macSize >> 1; - divSpoiler <<= (sizeof(divSpoiler)-1)*8; - rotateOffset = (divSpoiler + macStart - scanStart) % macSize; + /* We want to compute + * rotateOffset = (macStart - scanStart) % macSize + * But the time to compute this varies based on the amount of padding. Thus + * we explicitely handle all mac sizes with (hopefully) constant time modulo + * using Barrett reduction: + * q := (rotateOffset * m) >> k + * rotateOffset -= q * n + * if (n <= rotateOffset) rotateOffset -= n + */ + rotateOffset = macStart - scanStart; + /* rotateOffset < 255 + 1 + 48 = 304 */ + if (macSize == 16) { + rotateOffset &= 15; + } else if (macSize == 20) { + /* + * Correctness: rotateOffset * ( 1/20 - 25/2^9 ) < 1 + * with rotateOffset <= 853 + */ + unsigned q = (rotateOffset * 25) >> 9; /* m = 25, k = 9 */ + rotateOffset -= q * 20; + rotateOffset -= ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, 20), + 20, 0); + } else if (macSize == 32) { + rotateOffset &= 31; + } else if (macSize == 48) { + /* + * Correctness: rotateOffset * ( 1/48 - 10/2^9 ) < 1 + * with rotateOffset < 768 + */ + unsigned q = (rotateOffset * 10) >> 9; /* m = 25, k = 9 */ + rotateOffset -= q * 48; + rotateOffset -= ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, 48), + 48, 0); + } else { + /* + * SHA384 (macSize == 48) is the largest we support. We should never + * get here. + */ + PORT_Assert(0); + rotateOffset = rotateOffset % macSize; + } memset(rotatedMac, 0, macSize); for (i = scanStart; i < originalLength;) { @@ -12001,12 +12041,16 @@ ssl_CBCExtractMAC(sslBuffer *plaintext, /* Now rotate the MAC. If we knew that the MAC fit into a CPU cache line * we could line-align |rotatedMac| and rotate in place. */ memset(out, 0, macSize); + rotateOffset = macSize - rotateOffset; + rotateOffset = ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, macSize), + 0, rotateOffset); for (i = 0; i < macSize; i++) { - unsigned char offset = - (divSpoiler + macSize - rotateOffset + i) % macSize; for (j = 0; j < macSize; j++) { - out[j] |= rotatedMac[i] & ssl_ConstantTimeEQ8(j, offset); - } + out[j] |= rotatedMac[i] & ssl_ConstantTimeEQ8(j, rotateOffset); + } + rotateOffset++; + rotateOffset = ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, macSize), + 0, rotateOffset); } } diff --git a/security/nss/lib/util/dersubr.c b/security/nss/lib/util/dersubr.c index 0f4c6d95..657dd9f0 100644 --- a/security/nss/lib/util/dersubr.c +++ b/security/nss/lib/util/dersubr.c @@ -179,10 +179,12 @@ long DER_GetInteger(const SECItem *it) { long ival = 0; - unsigned len = it->len; + PRBool negative = PR_FALSE; + unsigned int len = it->len; + unsigned int originalLength = len; unsigned char *cp = it->data; unsigned long overflow = 0x1ffUL << (((sizeof(ival) - 1) * 8) - 1); - unsigned long ofloinit; + unsigned long mask = 1; PORT_Assert(len); if (!len) { @@ -190,14 +192,15 @@ DER_GetInteger(const SECItem *it) return 0; } - if (*cp & 0x80) - ival = -1L; - ofloinit = ival & overflow; + if (*cp & 0x80) { + negative = PR_TRUE; + overflow <<= 1; + } while (len) { - if ((ival & overflow) != ofloinit) { + if ((ival & overflow) != 0) { PORT_SetError(SEC_ERROR_BAD_DER); - if (ival < 0) { + if (negative) { return LONG_MIN; } return LONG_MAX; @@ -206,6 +209,11 @@ DER_GetInteger(const SECItem *it) ival |= *cp++; --len; } + if (negative && ival && (overflow & ival) == 0) { + mask <<= ((originalLength * 8) - 1); + ival &= ~mask; + ival -= mask; + } return ival; } diff --git a/security/nss/lib/util/nssb64d.c b/security/nss/lib/util/nssb64d.c index 375fd508..0993ccbe 100644 --- a/security/nss/lib/util/nssb64d.c +++ b/security/nss/lib/util/nssb64d.c @@ -373,7 +373,7 @@ pl_base64_decode_flush (PLBase64Decoder *data) static PRUint32 PL_Base64MaxDecodedLength (PRUint32 size) { - return ((size * 3) / 4); + return size * 0.75; } diff --git a/security/nss/lib/util/nssb64e.c b/security/nss/lib/util/nssb64e.c index 5959982b..87a870c2 100644 --- a/security/nss/lib/util/nssb64e.c +++ b/security/nss/lib/util/nssb64e.c @@ -285,6 +285,11 @@ PL_Base64MaxEncodedLength (PRUint32 size, PRUint32 line_length) { PRUint32 tokens, tokens_per_line, full_lines, line_break_chars, remainder; + /* This is the maximum length we support. */ + if (size > 0x3fffffff) { + return 0; + } + tokens = (size + 2) / 3; if (line_length == 0) @@ -461,6 +466,10 @@ PL_Base64EncodeBuffer (const unsigned char *src, PRUint32 srclen, * How much space could we possibly need for encoding this input? */ need_length = PL_Base64MaxEncodedLength (srclen, line_length); + if (need_length == 0) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } /* * Make sure we have at least that much, if output buffer provided. @@ -643,6 +652,10 @@ NSSBase64_EncodeItem (PLArenaPool *arenaOpt, char *outStrOpt, } max_out_len = PL_Base64MaxEncodedLength (inItem->len, 64); + if (max_out_len == 0) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } if (arenaOpt != NULL) mark = PORT_ArenaMark (arenaOpt); diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index 0c8b480f..decd4bf1 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,10 +19,10 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.21" +#define NSSUTIL_VERSION "3.21.4" #define NSSUTIL_VMAJOR 3 #define NSSUTIL_VMINOR 21 -#define NSSUTIL_VPATCH 0 +#define NSSUTIL_VPATCH 4 #define NSSUTIL_VBUILD 0 #define NSSUTIL_BETA PR_FALSE diff --git a/security/nss/lib/util/secasn1d.c b/security/nss/lib/util/secasn1d.c index 7a5bcfd0..7628d65a 100644 --- a/security/nss/lib/util/secasn1d.c +++ b/security/nss/lib/util/secasn1d.c @@ -14,6 +14,8 @@ #define PR_Assert sec_asn1d_Assert #endif +#include + #include "secasn1.h" #include "secerr.h" @@ -1593,6 +1595,7 @@ sec_asn1d_parse_leaf (sec_asn1d_state *state, item = (SECItem *)(state->dest); if (item != NULL && item->data != NULL) { + unsigned long offset; /* Strip leading zeroes when target is unsigned integer */ if (state->underlying_kind == SEC_ASN1_INTEGER && /* INTEGER */ item->len == 0 && /* MSB */ @@ -1603,8 +1606,42 @@ sec_asn1d_parse_leaf (sec_asn1d_state *state, len--; } } - PORT_Memcpy (item->data + item->len, buf, len); - item->len += len; + offset = item->len; + if (state->underlying_kind == SEC_ASN1_BIT_STRING) { + // The previous bit string must have no unused bits. + if (item->len & 0x7) { + PORT_SetError (SEC_ERROR_BAD_DER); + state->top->status = decodeError; + return 0; + } + // If this is a bit string, the length is bits, not bytes. + offset = item->len >> 3; + } + if (state->underlying_kind == SEC_ASN1_BIT_STRING) { + unsigned long len_in_bits; + // Protect against overflow during the bytes-to-bits conversion. + if (len >= (ULONG_MAX >> 3) + 1) { + PORT_SetError (SEC_ERROR_BAD_DER); + state->top->status = decodeError; + return 0; + } + len_in_bits = (len << 3) - state->bit_string_unused_bits; + // Protect against overflow when computing the total length in bits. + if (UINT_MAX - item->len < len_in_bits) { + PORT_SetError (SEC_ERROR_BAD_DER); + state->top->status = decodeError; + return 0; + } + item->len += len_in_bits; + } else { + if (UINT_MAX - item->len < len) { + PORT_SetError (SEC_ERROR_BAD_DER); + state->top->status = decodeError; + return 0; + } + item->len += len; + } + PORT_Memcpy (item->data + offset, buf, len); } state->pending -= bufLen; if (state->pending == 0) @@ -1671,14 +1708,6 @@ sec_asn1d_parse_more_bit_string (sec_asn1d_state *state, } len = sec_asn1d_parse_leaf (state, buf, len); - if (state->place == beforeEndOfContents && state->dest != NULL) { - SECItem *item; - - item = (SECItem *)(state->dest); - if (item->len) - item->len = (item->len << 3) - state->bit_string_unused_bits; - } - return len; } @@ -2208,7 +2237,7 @@ sec_asn1d_concat_substrings (sec_asn1d_state *state) * All bit-string substrings except the last one should be * a clean multiple of 8 bits. */ - if (is_bit_string && (substring->next == NULL) + if (is_bit_string && (substring->next != NULL) && (substring->len & 0x7)) { PORT_SetError (SEC_ERROR_BAD_DER); state->top->status = decodeError; diff --git a/security/nss/lib/util/utf8.c b/security/nss/lib/util/utf8.c index 2895dc10..04ef2411 100644 --- a/security/nss/lib/util/utf8.c +++ b/security/nss/lib/util/utf8.c @@ -319,10 +319,10 @@ sec_port_ucs2_utf8_conversion_function } for( i = 0; i < inBufLen; i += 2 ) { - if( (inBuf[i+H_0] == 0x00) && ((inBuf[i+H_0] & 0x80) == 0x00) ) len += 1; + if( (inBuf[i+H_0] == 0x00) && ((inBuf[i+H_1] & 0x80) == 0x00) ) len += 1; else if( inBuf[i+H_0] < 0x08 ) len += 2; - else if( ((inBuf[i+0+H_0] & 0xDC) == 0xD8) ) { - if( ((inBuf[i+2+H_0] & 0xDC) == 0xDC) && ((inBufLen - i) > 2) ) { + else if( ((inBuf[i+0+H_0] & 0xFC) == 0xD8) ) { + if( ((inBufLen - i) > 2) && ((inBuf[i+2+H_0] & 0xFC) == 0xDC) ) { i += 2; len += 4; } else { @@ -356,10 +356,10 @@ sec_port_ucs2_utf8_conversion_function outBuf[len+1] = 0x80 | ((inBuf[i+H_1] & 0x3F) >> 0); len += 2; - } else if( (inBuf[i+H_0] & 0xDC) == 0xD8 ) { + } else if( (inBuf[i+H_0] & 0xFC) == 0xD8 ) { int abcde, BCDE; - PORT_Assert(((inBuf[i+2+H_0] & 0xDC) == 0xDC) && ((inBufLen - i) > 2)); + PORT_Assert(((inBufLen - i) > 2) && ((inBuf[i+2+H_0] & 0xFC) == 0xDC) ); /* D800-DBFF DC00-DFFF -> 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx */ /* 110110BC DEfghijk 110111lm nopqrstu -> @@ -852,6 +852,7 @@ struct ucs2 ucs2[] = { { 0x9000, "\xE9\x80\x80" }, { 0xA000, "\xEA\x80\x80" }, { 0xC000, "\xEC\x80\x80" }, + { 0xFB01, "\xEF\xAC\x81" }, { 0xFFFF, "\xEF\xBF\xBF" } }; @@ -1153,6 +1154,18 @@ char *utf8_bad[] = { "\xED\xA0\x80\xE0\xBF\xBF", }; +/* illegal UTF-16 sequences, 0-terminated */ +uint16_t utf16_bad[][3] = { + /* leading surrogate not followed by trailing surrogate */ + { 0xD800, 0, 0 }, + { 0xD800, 0x41, 0 }, + { 0xD800, 0xfe, 0 }, + { 0xD800, 0x3bb, 0 }, + { 0xD800, 0xD800, 0 }, + { 0xD800, 0xFEFF, 0 }, + { 0xD800, 0xFFFD, 0 }, +}; + static void dump_utf8 ( @@ -1220,6 +1233,18 @@ test_ucs4_chars rv = PR_FALSE; continue; } + + len = strlen(e->utf8) - 1; + result = sec_port_ucs4_utf8_conversion_function(PR_FALSE, + (unsigned char *)&e->c, sizeof(e->c), utf8 + sizeof(utf8) - len, len, + &len); + + if( result || len != strlen(e->utf8) ) { + fprintf(stdout, "Length computation error converting UCS-4 0x%08.8x" + " to UTF-8\n", e->c); + rv = PR_FALSE; + continue; + } } return rv; @@ -1277,6 +1302,18 @@ test_ucs2_chars rv = PR_FALSE; continue; } + + len = strlen(e->utf8) - 1; + result = sec_port_ucs2_utf8_conversion_function(PR_FALSE, + (unsigned char *)&e->c, sizeof(e->c), utf8 + sizeof(utf8) - len, len, + &len); + + if( result || len != strlen(e->utf8) ) { + fprintf(stdout, "Length computation error converting UCS-2 0x%04.4x" + " to UTF-8\n", e->c); + rv = PR_FALSE; + continue; + } } return rv; @@ -1426,6 +1463,38 @@ test_utf8_bad_chars return rv; } +static PRBool +test_utf16_bad_chars(void) +{ + PRBool rv = PR_TRUE; + int i; + + for( i = 0; i < sizeof(utf16_bad)/sizeof(utf16_bad[0]); ++i ) { + PRBool result; + unsigned char destbuf[18]; + unsigned int j, len, destlen; + uint16_t *buf; + + for( len = 0; utf16_bad[i][len] != 0; ++len ) + /* nothing */; + + buf = malloc(sizeof(uint16_t) * len); + for( j = 0; j < len; ++j ) + buf[j] = htons(utf16_bad[i][j]); + + result = sec_port_ucs2_utf8_conversion_function(PR_FALSE, + (unsigned char *)buf, sizeof(uint16_t) * len, destbuf, sizeof(destbuf), + &destlen); + if( result ) { + fprintf(stdout, "Failed to detect bad UTF-16 string conversion for " + "{0x%x,0x%x} (UTF-8 len = %u)\n", utf16_bad[i][0], utf16_bad[i][1], + destlen); + rv = PR_FALSE; + } + free(buf); + } +} + static PRBool test_iso88591_chars ( @@ -1576,7 +1645,7 @@ test_multichars exit(1); } - len = 0; + len = 1; for( i = 0; i < sizeof(ucs4)/sizeof(ucs4[0]); i++ ) { ucs4s[i] = ucs4[i].c; len += strlen(ucs4[i].utf8); @@ -1584,7 +1653,7 @@ test_multichars ucs4_utf8 = (char *)malloc(len); - len = 0; + len = 1; for( i = 0; i < sizeof(ucs2)/sizeof(ucs2[0]); i++ ) { ucs2s[i] = ucs2[i].c; len += strlen(ucs2[i].utf8); @@ -1781,6 +1850,7 @@ main test_ucs2_chars() && test_utf16_chars() && test_utf8_bad_chars() && + test_utf16_bad_chars() && test_iso88591_chars() && test_zeroes() && test_multichars() && From 1c9b432ff7e4952d8926188444331c030320b2cd Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Wed, 8 Jan 2020 07:39:56 +0800 Subject: [PATCH 10/15] ported changes from tenfourfox: M1357599, M923089+M1276618+M1278434, M1485864, M1520826, M1558548, #481-X25519, M1586176 with custom changes: - coreconf+makefiles: set NSS_NO_PKCS11_BYPASS by default (to disable, set NSS_PKCS11_BYPASS) and fix logic - curve25519_32: use PRuint32 instead of uint32_t - smime: fix decl on top of block - ssl3con: more VC6 fixes --- security/nss/coreconf/config.mk | 6 + security/nss/lib/certdb/genname.c | 30 +- security/nss/lib/cryptohi/seckey.c | 6 + security/nss/lib/freebl/dh.c | 3 +- security/nss/lib/freebl/ec.c | 13 +- security/nss/lib/freebl/ecl/Makefile | 4 +- security/nss/lib/freebl/ecl/curve25519_32.c | 393 ++++++++++++++++++++ security/nss/lib/freebl/manifest.mn | 2 +- security/nss/lib/freebl/mpi/mpi.c | 68 ++-- security/nss/lib/freebl/mpi/mpi.h | 3 +- security/nss/lib/freebl/rsapkcs.c | 76 ++-- security/nss/lib/pk11wrap/pk11akey.c | 21 +- security/nss/lib/pk11wrap/pk11cert.c | 4 +- security/nss/lib/pk11wrap/pk11pk12.c | 1 + security/nss/lib/smime/cmscinfo.c | 75 +++- security/nss/lib/smime/cmsdigdata.c | 4 +- security/nss/lib/smime/cmsencdata.c | 4 +- security/nss/lib/smime/cmsenvdata.c | 5 + security/nss/lib/smime/cmsmessage.c | 49 ++- security/nss/lib/smime/cmsudf.c | 2 +- security/nss/lib/softoken/legacydb/lgattr.c | 6 +- security/nss/lib/softoken/pkcs11c.c | 5 +- security/nss/lib/ssl/Makefile | 4 +- security/nss/lib/ssl/config.mk | 5 +- security/nss/lib/ssl/derive.c | 3 + security/nss/lib/ssl/ssl3con.c | 279 +++++++++----- security/nss/lib/ssl/ssl3ecc.c | 2 + security/nss/lib/ssl/sslenum.c | 1 + security/nss/lib/ssl/sslimpl.h | 6 +- security/nss/lib/ssl/sslinfo.c | 2 + security/nss/lib/ssl/sslproto.h | 1 + security/nss/lib/ssl/sslt.h | 3 +- security/nss/lib/util/quickder.c | 11 +- security/nss/lib/util/secoid.c | 12 +- security/nss/lib/util/secoidt.h | 4 + 35 files changed, 928 insertions(+), 185 deletions(-) create mode 100644 security/nss/lib/freebl/ecl/curve25519_32.c diff --git a/security/nss/coreconf/config.mk b/security/nss/coreconf/config.mk index afbef250..99fa3306 100644 --- a/security/nss/coreconf/config.mk +++ b/security/nss/coreconf/config.mk @@ -188,3 +188,9 @@ USE_UTIL_DIRECTLY = 1 # Hide old, deprecated, TLS cipher suite names when building NSS DEFINES += -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES + +# build with NO_PKCS11_BYPASS by default +ifndef NSS_PKCS11_BYPASS +DEFINES += -DNO_PKCS11_BYPASS +NSS_NO_PKCS11_BYPASS = 1 +endif diff --git a/security/nss/lib/certdb/genname.c b/security/nss/lib/certdb/genname.c index 6529a6a0..018f3e3b 100644 --- a/security/nss/lib/certdb/genname.c +++ b/security/nss/lib/certdb/genname.c @@ -1607,8 +1607,36 @@ done: "\x30\x05\x82\x03" ".nc" \ "\x30\x05\x82\x03" ".tf" \ +/* TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 */ + +#define TUBITAK1_SUBJECT_DN \ + "\x30\x81\xd2" \ + "\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02" \ + /* C */ "TR" \ + "\x31\x18\x30\x16\x06\x03\x55\x04\x07\x13\x0f" \ + /* L */ "Gebze - Kocaeli" \ + "\x31\x42\x30\x40\x06\x03\x55\x04\x0a\x13\x39" \ + /* O */ "Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK" \ + "\x31\x2d\x30\x2b\x06\x03\x55\x04\x0b\x13\x24" \ + /* OU */ "Kamu Sertifikasyon Merkezi - Kamu SM" \ + "\x31\x36\x30\x34\x06\x03\x55\x04\x03\x13\x2d" \ + /* CN */ "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" + +#define TUBITAK1_NAME_CONSTRAINTS \ + "\x30\x65\xa0\x63" \ + "\x30\x09\x82\x07" ".gov.tr" \ + "\x30\x09\x82\x07" ".k12.tr" \ + "\x30\x09\x82\x07" ".pol.tr" \ + "\x30\x09\x82\x07" ".mil.tr" \ + "\x30\x09\x82\x07" ".tsk.tr" \ + "\x30\x09\x82\x07" ".kep.tr" \ + "\x30\x09\x82\x07" ".bel.tr" \ + "\x30\x09\x82\x07" ".edu.tr" \ + "\x30\x09\x82\x07" ".org.tr" + static const SECItem builtInNameConstraints[][2] = { - NAME_CONSTRAINTS_ENTRY(ANSSI) + NAME_CONSTRAINTS_ENTRY(ANSSI), + NAME_CONSTRAINTS_ENTRY(TUBITAK1) }; SECStatus diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c index 1fcd4087..aebe9698 100644 --- a/security/nss/lib/cryptohi/seckey.c +++ b/security/nss/lib/cryptohi/seckey.c @@ -618,6 +618,12 @@ seckey_ExtractPublicKey(const CERTSubjectPublicKeyInfo *spki) if (rv == SECSuccess) return pubk; break; case SEC_OID_ANSIX962_EC_PUBLIC_KEY: + /* A basic sanity check on inputs. */ + if (spki->algorithm.parameters.len == 0 || newOs.len == 0) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + break; + } + pubk->keyType = ecKey; pubk->u.ec.size = 0; diff --git a/security/nss/lib/freebl/dh.c b/security/nss/lib/freebl/dh.c index 66c11013..cd9a7ac6 100644 --- a/security/nss/lib/freebl/dh.c +++ b/security/nss/lib/freebl/dh.c @@ -208,7 +208,8 @@ DH_Derive(SECItem *publicValue, unsigned int len = 0; unsigned int nb; unsigned char *secret = NULL; - if (!publicValue || !prime || !privateValue || !derivedSecret) { + if (!publicValue || !publicValue->len || !prime || !prime->len || + !privateValue || !privateValue->len || !derivedSecret) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c index 4435f91e..1c21551e 100644 --- a/security/nss/lib/freebl/ec.c +++ b/security/nss/lib/freebl/ec.c @@ -215,7 +215,8 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey, #endif MP_DIGITS(&k) = 0; - if (!ecParams || !privKey || !privKeyBytes || (privKeyLen < 0)) { + if (!ecParams || ecParams->name == ECCurve_noName || + !privKey || !privKeyBytes || privKeyLen <= 0) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } @@ -395,7 +396,7 @@ EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey) int len; unsigned char *privKeyBytes = NULL; - if (!ecParams) { + if (!ecParams || ecParams->name == ECCurve_noName || !privKey) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } @@ -437,7 +438,8 @@ EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue) mp_err err = MP_OKAY; int len; - if (!ecParams || !publicValue) { + if (!ecParams || ecParams->name == ECCurve_noName || + !publicValue || !publicValue->len) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } @@ -537,8 +539,9 @@ ECDH_Derive(SECItem *publicValue, int i; #endif - if (!publicValue || !ecParams || !privateValue || - !derivedSecret) { + if (!publicValue || !publicValue->len || + !ecParams || ecParams->name == ECCurve_noName || + !privateValue || !privateValue->len || !derivedSecret) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } diff --git a/security/nss/lib/freebl/ecl/Makefile b/security/nss/lib/freebl/ecl/Makefile index 8237d062..0656edfc 100644 --- a/security/nss/lib/freebl/ecl/Makefile +++ b/security/nss/lib/freebl/ecl/Makefile @@ -78,7 +78,8 @@ LIBOBJS = ecl.o ecl_curve.o ecl_mult.o ecl_gf.o \ ecp_aff.o ecp_jac.o ecp_mont.o \ ec_naf.o ecp_jm.o \ ecp_192.o ecp_224.o ecp_256.o ecp_384.o ecp_521.o \ - ecp_256_32.o + ecp_256_32.o \ + curve25519_32.o ifeq ($(ECL_USE_FP),1) LIBOBJS+= ecp_fp160.o ecp_fp192.o ecp_fp224.o ecp_fp.o endif @@ -131,6 +132,7 @@ ecp_256.o: ecp_256.c $(LIBHDRS) ecp_384.o: ecp_384.c $(LIBHDRS) ecp_521.o: ecp_521.c $(LIBHDRS) ecp_fp.o: ecp_fp.c $(LIBHDRS) +curve25519_32.o: curve25519_32.c $(LIBHDRS) ifeq ($(ECL_USE_FP),1) ecp_fp160.o: ecp_fp160.c ecp_fpinc.c $(LIBHDRS) ecp_fp192.o: ecp_fp192.c ecp_fpinc.c $(LIBHDRS) diff --git a/security/nss/lib/freebl/ecl/curve25519_32.c b/security/nss/lib/freebl/ecl/curve25519_32.c new file mode 100644 index 00000000..dfab270f --- /dev/null +++ b/security/nss/lib/freebl/ecl/curve25519_32.c @@ -0,0 +1,393 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Derived from public domain code by Matthew Dempsky and D. J. Bernstein. + */ + +#include "ecl-priv.h" +#include "mpi.h" + +#include + +#include "seccomon.h" +#include "secerr.h" +#include "prtypes.h" + +typedef PRUint32 elem[32]; + +/* + * Add two field elements. + * out = a + b + */ +static void +add(elem out, const elem a, const elem b) +{ + PRUint32 j; + PRUint32 u = 0; + for (j = 0; j < 31; ++j) { + u += a[j] + b[j]; + out[j] = u & 0xFF; + u >>= 8; + } + u += a[31] + b[31]; + out[31] = u; +} + +/* + * Subtract two field elements. + * out = a - b + */ +static void +sub(elem out, const elem a, const elem b) +{ + PRUint32 j; + PRUint32 u; + u = 218; + for (j = 0; j < 31; ++j) { + u += a[j] + 0xFF00 - b[j]; + out[j] = u & 0xFF; + u >>= 8; + } + u += a[31] - b[31]; + out[31] = u; +} + +/* + * "Squeeze" an element after multiplication (and square). + */ +static void +squeeze(elem a) +{ + PRUint32 j; + PRUint32 u; + u = 0; + for (j = 0; j < 31; ++j) { + u += a[j]; + a[j] = u & 0xFF; + u >>= 8; + } + u += a[31]; + a[31] = u & 0x7F; + u = 19 * (u >> 7); + for (j = 0; j < 31; ++j) { + u += a[j]; + a[j] = u & 0xFF; + u >>= 8; + } + a[31] += u; +} + +static const elem minusp = { 19, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 128 }; + +/* + * Reduce point a by 2^255-19 + */ +static void +reduce(elem a) +{ + elem aorig; + PRUint32 j; + PRUint32 negative; + + for (j = 0; j < 32; ++j) { + aorig[j] = a[j]; + } + add(a, a, minusp); + negative = 1 + ~((a[31] >> 7) & 1); + for (j = 0; j < 32; ++j) { + a[j] ^= negative & (aorig[j] ^ a[j]); + } +} + +/* + * Multiplication and squeeze + * out = a * b + */ +static void +mult(elem out, const elem a, const elem b) +{ + PRUint32 i; + PRUint32 j; + PRUint32 u; + + for (i = 0; i < 32; ++i) { + u = 0; + for (j = 0; j <= i; ++j) { + u += a[j] * b[i - j]; + } + for (j = i + 1; j < 32; ++j) { + u += 38 * a[j] * b[i + 32 - j]; + } + out[i] = u; + } + squeeze(out); +} + +/* + * Multiplication + * out = 121665 * a + */ +static void +mult121665(elem out, const elem a) +{ + PRUint32 j; + PRUint32 u; + + u = 0; + for (j = 0; j < 31; ++j) { + u += 121665 * a[j]; + out[j] = u & 0xFF; + u >>= 8; + } + u += 121665 * a[31]; + out[31] = u & 0x7F; + u = 19 * (u >> 7); + for (j = 0; j < 31; ++j) { + u += out[j]; + out[j] = u & 0xFF; + u >>= 8; + } + u += out[j]; + out[j] = u; +} + +/* + * Square a and squeeze the result. + * out = a * a + */ +static void +square(elem out, const elem a) +{ + PRUint32 i; + PRUint32 j; + PRUint32 u; + + for (i = 0; i < 32; ++i) { + u = 0; + for (j = 0; j < i - j; ++j) { + u += a[j] * a[i - j]; + } + for (j = i + 1; j < i + 32 - j; ++j) { + u += 38 * a[j] * a[i + 32 - j]; + } + u *= 2; + if ((i & 1) == 0) { + u += a[i / 2] * a[i / 2]; + u += 38 * a[i / 2 + 16] * a[i / 2 + 16]; + } + out[i] = u; + } + squeeze(out); +} + +/* + * Constant time swap between r and s depending on b + */ +static void +cswap(PRUint32 p[64], PRUint32 q[64], PRUint32 b) +{ + PRUint32 j; + PRUint32 swap = 1 + ~b; + + for (j = 0; j < 64; ++j) { + const PRUint32 t = swap & (p[j] ^ q[j]); + p[j] ^= t; + q[j] ^= t; + } +} + +/* + * Montgomery ladder + */ +static void +monty(elem x_2_out, elem z_2_out, + const elem point, const elem scalar) +{ + PRUint32 x_3[64] = { 0 }; + PRUint32 x_2[64] = { 0 }; + PRUint32 a0[64]; + PRUint32 a1[64]; + PRUint32 b0[64]; + PRUint32 b1[64]; + PRUint32 c1[64]; + PRUint32 r[32]; + PRUint32 s[32]; + PRUint32 t[32]; + PRUint32 u[32]; + PRUint32 swap = 0; + PRUint32 k_t = 0; + int j; + + for (j = 0; j < 32; ++j) { + x_3[j] = point[j]; + } + x_3[32] = 1; + x_2[0] = 1; + + for (j = 254; j >= 0; --j) { + k_t = (scalar[j >> 3] >> (j & 7)) & 1; + swap ^= k_t; + cswap(x_2, x_3, swap); + swap = k_t; + add(a0, x_2, x_2 + 32); + sub(a0 + 32, x_2, x_2 + 32); + add(a1, x_3, x_3 + 32); + sub(a1 + 32, x_3, x_3 + 32); + square(b0, a0); + square(b0 + 32, a0 + 32); + mult(b1, a1, a0 + 32); + mult(b1 + 32, a1 + 32, a0); + add(c1, b1, b1 + 32); + sub(c1 + 32, b1, b1 + 32); + square(r, c1 + 32); + sub(s, b0, b0 + 32); + mult121665(t, s); + add(u, t, b0); + mult(x_2, b0, b0 + 32); + mult(x_2 + 32, s, u); + square(x_3, c1); + mult(x_3 + 32, r, point); + } + + cswap(x_2, x_3, swap); + for (j = 0; j < 32; ++j) { + x_2_out[j] = x_2[j]; + } + for (j = 0; j < 32; ++j) { + z_2_out[j] = x_2[j + 32]; + } +} + +static void +recip(elem out, const elem z) +{ + elem z2; + elem z9; + elem z11; + elem z2_5_0; + elem z2_10_0; + elem z2_20_0; + elem z2_50_0; + elem z2_100_0; + elem t0; + elem t1; + int i; + + /* 2 */ square(z2, z); + /* 4 */ square(t1, z2); + /* 8 */ square(t0, t1); + /* 9 */ mult(z9, t0, z); + /* 11 */ mult(z11, z9, z2); + /* 22 */ square(t0, z11); + /* 2^5 - 2^0 = 31 */ mult(z2_5_0, t0, z9); + + /* 2^6 - 2^1 */ square(t0, z2_5_0); + /* 2^7 - 2^2 */ square(t1, t0); + /* 2^8 - 2^3 */ square(t0, t1); + /* 2^9 - 2^4 */ square(t1, t0); + /* 2^10 - 2^5 */ square(t0, t1); + /* 2^10 - 2^0 */ mult(z2_10_0, t0, z2_5_0); + + /* 2^11 - 2^1 */ square(t0, z2_10_0); + /* 2^12 - 2^2 */ square(t1, t0); + /* 2^20 - 2^10 */ + for (i = 2; i < 10; i += 2) { + square(t0, t1); + square(t1, t0); + } + /* 2^20 - 2^0 */ mult(z2_20_0, t1, z2_10_0); + + /* 2^21 - 2^1 */ square(t0, z2_20_0); + /* 2^22 - 2^2 */ square(t1, t0); + /* 2^40 - 2^20 */ + for (i = 2; i < 20; i += 2) { + square(t0, t1); + square(t1, t0); + } + /* 2^40 - 2^0 */ mult(t0, t1, z2_20_0); + + /* 2^41 - 2^1 */ square(t1, t0); + /* 2^42 - 2^2 */ square(t0, t1); + /* 2^50 - 2^10 */ + for (i = 2; i < 10; i += 2) { + square(t1, t0); + square(t0, t1); + } + /* 2^50 - 2^0 */ mult(z2_50_0, t0, z2_10_0); + + /* 2^51 - 2^1 */ square(t0, z2_50_0); + /* 2^52 - 2^2 */ square(t1, t0); + /* 2^100 - 2^50 */ + for (i = 2; i < 50; i += 2) { + square(t0, t1); + square(t1, t0); + } + /* 2^100 - 2^0 */ mult(z2_100_0, t1, z2_50_0); + + /* 2^101 - 2^1 */ square(t1, z2_100_0); + /* 2^102 - 2^2 */ square(t0, t1); + /* 2^200 - 2^100 */ + for (i = 2; i < 100; i += 2) { + square(t1, t0); + square(t0, t1); + } + /* 2^200 - 2^0 */ mult(t1, t0, z2_100_0); + + /* 2^201 - 2^1 */ square(t0, t1); + /* 2^202 - 2^2 */ square(t1, t0); + /* 2^250 - 2^50 */ + for (i = 2; i < 50; i += 2) { + square(t0, t1); + square(t1, t0); + } + /* 2^250 - 2^0 */ mult(t0, t1, z2_50_0); + + /* 2^251 - 2^1 */ square(t1, t0); + /* 2^252 - 2^2 */ square(t0, t1); + /* 2^253 - 2^3 */ square(t1, t0); + /* 2^254 - 2^4 */ square(t0, t1); + /* 2^255 - 2^5 */ square(t1, t0); + /* 2^255 - 21 */ mult(out, t1, z11); +} + +/* + * Computes q = Curve25519(p, s) + */ +SECStatus +ec_Curve25519_mul(PRUint8 *q, const PRUint8 *s, const PRUint8 *p) +{ + elem point = { 0 }; + elem x_2 = { 0 }; + elem z_2 = { 0 }; + elem X = { 0 }; + elem scalar = { 0 }; + PRUint32 i; + + /* read and mask scalar */ + for (i = 0; i < 32; ++i) { + scalar[i] = s[i]; + } + scalar[0] &= 0xF8; + scalar[31] &= 0x7F; + scalar[31] |= 64; + + /* read and mask point */ + for (i = 0; i < 32; ++i) { + point[i] = p[i]; + } + point[31] &= 0x7F; + + monty(x_2, z_2, point, scalar); + recip(z_2, z_2); + mult(X, x_2, z_2); + reduce(X); + for (i = 0; i < 32; ++i) { + q[i] = X[i]; + } + return 0; +} diff --git a/security/nss/lib/freebl/manifest.mn b/security/nss/lib/freebl/manifest.mn index 1137e852..22367809 100644 --- a/security/nss/lib/freebl/manifest.mn +++ b/security/nss/lib/freebl/manifest.mn @@ -73,7 +73,7 @@ ifndef NSS_DISABLE_ECC ECL_SRCS = ecl.c ecl_curve.c ecl_mult.c ecl_gf.c \ ecp_aff.c ecp_jac.c ecp_mont.c \ ec_naf.c ecp_jm.c ecp_256.c ecp_384.c ecp_521.c \ - ecp_256_32.c + ecp_256_32.c curve25519_32.c ifdef NSS_ECC_MORE_THAN_SUITE_B ECL_SRCS += ec2_aff.c ec2_mont.c ec2_proj.c \ ec2_163.c ec2_193.c ec2_233.c \ diff --git a/security/nss/lib/freebl/mpi/mpi.c b/security/nss/lib/freebl/mpi/mpi.c index 84f9b97b..2800edc0 100644 --- a/security/nss/lib/freebl/mpi/mpi.c +++ b/security/nss/lib/freebl/mpi/mpi.c @@ -2104,7 +2104,10 @@ mp_err s_mp_almost_inverse(const mp_int *a, const mp_int *p, mp_int *c) } } if (res >= 0) { - while (MP_SIGN(c) != MP_ZPOS) { + if (mp_cmp_mag(c, (mp_int *)p) >= 0) { + MP_CHECKOK(mp_div(c, p, NULL, c)); + } + if (MP_SIGN(c) != MP_ZPOS) { MP_CHECKOK( mp_add(c, p, c) ); } res = k; @@ -4788,38 +4791,61 @@ mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen) /* }}} */ /* {{{ mp_to_fixlen_octets(mp, str) */ -/* output a buffer of big endian octets exactly as long as requested. */ +/* output a buffer of big endian octets exactly as long as requested. + constant time on the value of mp. */ mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size length) { - int ix, pos = 0; - unsigned int bytes; + int ix, jx; + unsigned int bytes; - ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); + ARGCHK(mp != NULL, MP_BADARG); + ARGCHK(str != NULL, MP_BADARG); + ARGCHK(!SIGN(mp), MP_BADARG); + ARGCHK(length > 0, MP_BADARG); - bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes <= length, MP_BADARG); + /* Constant time on the value of mp. Don't use mp_unsigned_octet_size. */ + bytes = USED(mp) * MP_DIGIT_SIZE; - /* place any needed leading zeros */ - for (;length > bytes; --length) { - *str++ = 0; + /* If the output is shorter than the native size of mp, then check that any + * bytes not written have zero values. This check isn't constant time on + * the assumption that timing-sensitive callers can guarantee that mp fits + * in the allocated space. */ + ix = USED(mp) - 1; + if (bytes > length) { + unsigned int zeros = bytes - length; + + while (zeros >= MP_DIGIT_SIZE) { + ARGCHK(DIGIT(mp, ix) == 0, MP_BADARG); + zeros -= MP_DIGIT_SIZE; + ix--; + } + + if (zeros > 0) { + mp_digit d = DIGIT(mp, ix); + mp_digit m = (mp_digit)~0 << ((MP_DIGIT_SIZE - zeros) * CHAR_BIT); + ARGCHK((d & m) == 0, MP_BADARG); + for (jx = MP_DIGIT_SIZE - zeros - 1; jx >= 0; jx--) { + *str++ = d >> (jx * CHAR_BIT); + } + ix--; + } + } else if (bytes < length) { + /* Place any needed leading zeros. */ + unsigned int zeros = length - bytes; + memset(str, 0, zeros); + str += zeros; } - /* Iterate over each digit... */ - for(ix = USED(mp) - 1; ix >= 0; ix--) { - mp_digit d = DIGIT(mp, ix); - int jx; + /* Iterate over each whole digit... */ + for (; ix >= 0; ix--) { + mp_digit d = DIGIT(mp, ix); /* Unpack digit bytes, high order first */ - for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) { - unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT)); - if (!pos && !x) /* suppress leading zeros */ - continue; - str[pos++] = x; + for (jx = MP_DIGIT_SIZE - 1; jx >= 0; jx--) { + *str++ = d >> (jx * CHAR_BIT); } } - if (!pos) - str[pos++] = 0; return MP_OKAY; } /* end mp_to_fixlen_octets() */ /* }}} */ diff --git a/security/nss/lib/freebl/mpi/mpi.h b/security/nss/lib/freebl/mpi/mpi.h index b1b45d25..89a6f678 100644 --- a/security/nss/lib/freebl/mpi/mpi.h +++ b/security/nss/lib/freebl/mpi/mpi.h @@ -125,7 +125,8 @@ typedef int mp_sword; #define MP_WORD_MAX UINT_MAX #endif -#define MP_DIGIT_BIT (CHAR_BIT*sizeof(mp_digit)) +#define MP_DIGIT_SIZE sizeof(mp_digit) +#define MP_DIGIT_BIT (CHAR_BIT * MP_DIGIT_SIZE) #define MP_WORD_BIT (CHAR_BIT*sizeof(mp_word)) #define MP_RADIX (1+(mp_word)MP_DIGIT_MAX) diff --git a/security/nss/lib/freebl/rsapkcs.c b/security/nss/lib/freebl/rsapkcs.c index c1e3d54d..49a2a505 100644 --- a/security/nss/lib/freebl/rsapkcs.c +++ b/security/nss/lib/freebl/rsapkcs.c @@ -907,48 +907,56 @@ RSA_DecryptBlock(RSAPrivateKey * key, const unsigned char * input, unsigned int inputLen) { - SECStatus rv; + PRInt8 rv; unsigned int modulusLen = rsa_modulusLen(&key->modulus); unsigned int i; - unsigned char * buffer; + unsigned char *buffer = NULL; + unsigned int outLen = 0; + unsigned int copyOutLen = modulusLen - 11; - if (inputLen != modulusLen) - goto failure; - - buffer = (unsigned char *)PORT_Alloc(modulusLen + 1); - if (!buffer) - goto failure; - - rv = RSA_PrivateKeyOp(key, buffer, input); - if (rv != SECSuccess) - goto loser; - - /* XXX(rsleevi): Constant time */ - if (buffer[0] != RSA_BLOCK_FIRST_OCTET || - buffer[1] != (unsigned char)RSA_BlockPublic) { - goto loser; + if (inputLen != modulusLen || modulusLen < 10) { + return SECFailure; } - *outputLen = 0; - for (i = 2; i < modulusLen; i++) { - if (buffer[i] == RSA_BLOCK_AFTER_PAD_OCTET) { - *outputLen = modulusLen - i - 1; - break; - } - } - if (*outputLen == 0) - goto loser; - if (*outputLen > maxOutputLen) - goto loser; - PORT_Memcpy(output, buffer + modulusLen - *outputLen, *outputLen); + if (copyOutLen > maxOutputLen) { + copyOutLen = maxOutputLen; + } + + // Allocate enough space to decrypt + copyOutLen to allow copying outLen later. + buffer = PORT_ZAlloc(modulusLen + 1 + copyOutLen); + if (!buffer) { + return SECFailure; + } + + // rv is 0 if everything is going well and 1 if an error occurs. + rv = RSA_PrivateKeyOp(key, buffer, input) != SECSuccess; + rv |= (buffer[0] != RSA_BLOCK_FIRST_OCTET) | + (buffer[1] != (unsigned char)RSA_BlockPublic); + + // There have to be at least 8 bytes of padding. + for (i = 2; i < 10; i++) { + rv |= buffer[i] == RSA_BLOCK_AFTER_PAD_OCTET; + } + + for (i = 10; i < modulusLen; i++) { + unsigned int newLen = modulusLen - i - 1; + unsigned int c = (buffer[i] == RSA_BLOCK_AFTER_PAD_OCTET) & (outLen == 0); + outLen = constantTimeCondition(c, newLen, outLen); + } + rv |= outLen == 0; + rv |= outLen > maxOutputLen; + + // Note that output is set even if SECFailure is returned. + PORT_Memcpy(output, buffer + modulusLen - outLen, copyOutLen); + *outputLen = constantTimeCondition(outLen > maxOutputLen, maxOutputLen, + outLen); PORT_Free(buffer); - return SECSuccess; -loser: - PORT_Free(buffer); -failure: - return SECFailure; + for (i = 1; i < sizeof(rv) * 8; i <<= 1) { + rv |= rv << i; + } + return (SECStatus)rv; } /* diff --git a/security/nss/lib/pk11wrap/pk11akey.c b/security/nss/lib/pk11wrap/pk11akey.c index b0604de3..9fa7c9d8 100644 --- a/security/nss/lib/pk11wrap/pk11akey.c +++ b/security/nss/lib/pk11wrap/pk11akey.c @@ -164,7 +164,6 @@ PK11_ImportPublicKey(PK11SlotInfo *slot, SECKEYPublicKey *pubKey, keyType = CKK_EC; PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));attrs++; PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));attrs++; - signedattr = attrs; PK11_SETATTRS(attrs, CKA_EC_PARAMS, pubKey->u.ec.DEREncodedParams.data, pubKey->u.ec.DEREncodedParams.len); attrs++; @@ -195,10 +194,14 @@ PK11_ImportPublicKey(PK11SlotInfo *slot, SECKEYPublicKey *pubKey, } templateCount = attrs - theTemplate; - signedcount = attrs - signedattr; PORT_Assert(templateCount <= (sizeof(theTemplate)/sizeof(CK_ATTRIBUTE))); - for (attrs=signedattr; signedcount; attrs++, signedcount--) { - pk11_SignedToUnsigned(attrs); + + if (pubKey->keyType != ecKey) { + PORT_Assert(signedattr); + signedcount = attrs - signedattr; + for (attrs = signedattr; signedcount; attrs++, signedcount--) { + pk11_SignedToUnsigned(attrs); + } } rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION, theTemplate, templateCount, isToken, &objectID); @@ -956,9 +959,13 @@ pk11_loadPrivKeyWithFlags(PK11SlotInfo *slot,SECKEYPrivateKey *privKey, &cktrue, &ckfalse); /* Not everyone can handle zero padded key values, give - * them the raw data as unsigned */ - for (ap=attrs; extra_count; ap++, extra_count--) { - pk11_SignedToUnsigned(ap); + * them the raw data as unsigned. The exception is EC, + * where the values are encoded or zero-preserving + * per-RFC5915 */ + if (privKey->keyType != ecKey) { + for (ap = attrs; extra_count; ap++, extra_count--) { + pk11_SignedToUnsigned(ap); + } } /* now Store the puppies */ diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index e29b4e21..15984488 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -172,7 +172,9 @@ PK11_IsUserCert(PK11SlotInfo *slot, CERTCertificate *cert, SECKEY_DestroyPublicKey(pubKey); return PR_FALSE; } - pk11_SignedToUnsigned(&theTemplate); + if (pubKey->keyType != ecKey) { + pk11_SignedToUnsigned(&theTemplate); + } if (pk11_FindObjectByTemplate(slot,&theTemplate,1) != CK_INVALID_HANDLE) { SECKEY_DestroyPublicKey(pubKey); return PR_TRUE; diff --git a/security/nss/lib/pk11wrap/pk11pk12.c b/security/nss/lib/pk11wrap/pk11pk12.c index e5a0a21c..a3176b2e 100644 --- a/security/nss/lib/pk11wrap/pk11pk12.c +++ b/security/nss/lib/pk11wrap/pk11pk12.c @@ -282,6 +282,7 @@ PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk, PK11_SETATTRS(attrs, CKA_PRIVATE, isPrivate ? &cktrue : &ckfalse, sizeof(CK_BBOOL) ); attrs++; + PORT_Assert(lpk->keyType != ecKey); /* see bug 1558548 if this is needed */ switch (lpk->keyType) { case rsaKey: keyType = CKK_RSA; diff --git a/security/nss/lib/smime/cmscinfo.c b/security/nss/lib/smime/cmscinfo.c index b6f1d0a6..021fd230 100644 --- a/security/nss/lib/smime/cmscinfo.c +++ b/security/nss/lib/smime/cmscinfo.c @@ -53,6 +53,10 @@ NSS_CMSContentInfo_Destroy(NSSCMSContentInfo *cinfo) { SECOidTag kind; + if (cinfo == NULL) { + return; + } + kind = NSS_CMSContentInfo_GetContentTypeTag(cinfo); switch (kind) { case SEC_OID_PKCS7_ENVELOPED_DATA: @@ -88,7 +92,13 @@ NSSCMSContentInfo * NSS_CMSContentInfo_GetChildContentInfo(NSSCMSContentInfo *cinfo) { NSSCMSContentInfo * ccinfo = NULL; - SECOidTag tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo); + SECOidTag tag; + + if (cinfo == NULL) { + return NULL; + } + + tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo); switch (tag) { case SEC_OID_PKCS7_SIGNED_DATA: if (cinfo->content.signedData != NULL) { @@ -129,6 +139,9 @@ SECStatus NSS_CMSContentInfo_SetDontStream(NSSCMSContentInfo *cinfo, PRBool dontStream) { SECStatus rv; + if (cinfo == NULL) { + return SECFailure; + } rv = NSS_CMSContentInfo_Private_Init(cinfo); if (rv != SECSuccess) { @@ -146,6 +159,9 @@ SECStatus NSS_CMSContentInfo_SetContent(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, SECOidTag type, void *ptr) { SECStatus rv; + if (cinfo == NULL || cmsg == NULL) { + return SECFailure; + } cinfo->contentTypeTag = SECOID_FindOIDByTag(type); if (cinfo->contentTypeTag == NULL) @@ -227,9 +243,15 @@ NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentIn void * NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo) { - SECOidTag tag = cinfo->contentTypeTag - ? cinfo->contentTypeTag->offset - : SEC_OID_UNKNOWN; + SECOidTag tag; + + if (cinfo == NULL) { + return NULL; + } + + tag = cinfo->contentTypeTag + ? cinfo->contentTypeTag->offset + : SEC_OID_UNKNOWN; switch (tag) { case SEC_OID_PKCS7_DATA: case SEC_OID_PKCS7_SIGNED_DATA: @@ -255,6 +277,10 @@ NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo) SECOidTag tag; SECItem *pItem = NULL; + if (cinfo == NULL) { + return NULL; + } + tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo); if (NSS_CMSType_IsData(tag)) { pItem = cinfo->content.data; @@ -278,6 +304,10 @@ NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo) SECOidTag NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo) { + if (cinfo == NULL) { + return SEC_OID_UNKNOWN; + } + if (cinfo->contentTypeTag == NULL) cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType)); @@ -290,6 +320,10 @@ NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo) SECItem * NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo) { + if (cinfo == NULL) { + return NULL; + } + if (cinfo->contentTypeTag == NULL) cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType)); @@ -306,6 +340,10 @@ NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo) SECOidTag NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo) { + if (cinfo == NULL) { + return SEC_OID_UNKNOWN; + } + if (cinfo->contentEncAlgTag == SEC_OID_UNKNOWN) cinfo->contentEncAlgTag = SECOID_GetAlgorithmTag(&(cinfo->contentEncAlg)); @@ -318,6 +356,10 @@ NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo) SECAlgorithmID * NSS_CMSContentInfo_GetContentEncAlg(NSSCMSContentInfo *cinfo) { + if (cinfo == NULL) { + return NULL; + } + return &(cinfo->contentEncAlg); } @@ -326,6 +368,9 @@ NSS_CMSContentInfo_SetContentEncAlg(PLArenaPool *poolp, NSSCMSContentInfo *cinfo SECOidTag bulkalgtag, SECItem *parameters, int keysize) { SECStatus rv; + if (cinfo == NULL) { + return SECFailure; + } rv = SECOID_SetAlgorithmID(poolp, &(cinfo->contentEncAlg), bulkalgtag, parameters); if (rv != SECSuccess) @@ -339,6 +384,9 @@ NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cin SECAlgorithmID *algid, int keysize) { SECStatus rv; + if (cinfo == NULL) { + return SECFailure; + } rv = SECOID_CopyAlgorithmID(poolp, &(cinfo->contentEncAlg), algid); if (rv != SECSuccess) @@ -351,14 +399,23 @@ NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cin void NSS_CMSContentInfo_SetBulkKey(NSSCMSContentInfo *cinfo, PK11SymKey *bulkkey) { - cinfo->bulkkey = PK11_ReferenceSymKey(bulkkey); - cinfo->keysize = PK11_GetKeyStrength(cinfo->bulkkey, &(cinfo->contentEncAlg)); + if (cinfo == NULL) { + return; + } + + if (bulkkey == NULL) { + cinfo->bulkkey = NULL; + cinfo->keysize = 0; + } else { + cinfo->bulkkey = PK11_ReferenceSymKey(bulkkey); + cinfo->keysize = PK11_GetKeyStrength(cinfo->bulkkey, &(cinfo->contentEncAlg)); + } } PK11SymKey * NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo) { - if (cinfo->bulkkey == NULL) + if (cinfo == NULL || cinfo->bulkkey == NULL) return NULL; return PK11_ReferenceSymKey(cinfo->bulkkey); @@ -367,5 +424,9 @@ NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo) int NSS_CMSContentInfo_GetBulkKeySize(NSSCMSContentInfo *cinfo) { + if (cinfo == NULL) { + return 0; + } + return cinfo->keysize; } diff --git a/security/nss/lib/smime/cmsdigdata.c b/security/nss/lib/smime/cmsdigdata.c index e37f7f5f..a8c17509 100644 --- a/security/nss/lib/smime/cmsdigdata.c +++ b/security/nss/lib/smime/cmsdigdata.c @@ -56,7 +56,9 @@ void NSS_CMSDigestedData_Destroy(NSSCMSDigestedData *digd) { /* everything's in a pool, so don't worry about the storage */ - NSS_CMSContentInfo_Destroy(&(digd->contentInfo)); + if (digd != NULL) { + NSS_CMSContentInfo_Destroy(&(digd->contentInfo)); + } return; } diff --git a/security/nss/lib/smime/cmsencdata.c b/security/nss/lib/smime/cmsencdata.c index 61ff6a18..d084bbeb 100644 --- a/security/nss/lib/smime/cmsencdata.c +++ b/security/nss/lib/smime/cmsencdata.c @@ -86,7 +86,9 @@ void NSS_CMSEncryptedData_Destroy(NSSCMSEncryptedData *encd) { /* everything's in a pool, so don't worry about the storage */ - NSS_CMSContentInfo_Destroy(&(encd->contentInfo)); + if (encd != NULL) { + NSS_CMSContentInfo_Destroy(&(encd->contentInfo)); + } return; } diff --git a/security/nss/lib/smime/cmsenvdata.c b/security/nss/lib/smime/cmsenvdata.c index 279faff4..1f5c6ef4 100644 --- a/security/nss/lib/smime/cmsenvdata.c +++ b/security/nss/lib/smime/cmsenvdata.c @@ -144,6 +144,11 @@ NSS_CMSEnvelopedData_Encode_BeforeStart(NSSCMSEnvelopedData *envd) poolp = envd->cmsg->poolp; cinfo = &(envd->contentInfo); + if (cinfo == NULL) { + PORT_SetError(SEC_ERROR_BAD_DATA); + goto loser; + } + recipientinfos = envd->recipientInfos; if (recipientinfos == NULL) { PORT_SetError(SEC_ERROR_BAD_DATA); diff --git a/security/nss/lib/smime/cmsmessage.c b/security/nss/lib/smime/cmsmessage.c index a44fb0b5..36a852dc 100644 --- a/security/nss/lib/smime/cmsmessage.c +++ b/security/nss/lib/smime/cmsmessage.c @@ -73,6 +73,10 @@ NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg, NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg, SECAlgorithmID **detached_digestalgs, SECItem **detached_digests) { + if (cmsg == NULL) { + return; + } + if (pwfn) PK11_SetPasswordFunc(pwfn); cmsg->pwfn_arg = pwfn_arg; @@ -88,6 +92,9 @@ NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg, void NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg) { + if (cmsg == NULL) + return; + PORT_Assert (cmsg->refCount > 0); if (cmsg->refCount <= 0) /* oops */ return; @@ -127,6 +134,10 @@ NSS_CMSMessage_Copy(NSSCMSMessage *cmsg) PLArenaPool * NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg) { + if (cmsg == NULL) { + return NULL; + } + return cmsg->poolp; } @@ -136,6 +147,10 @@ NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg) NSSCMSContentInfo * NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg) { + if (cmsg == NULL) { + return NULL; + } + return &(cmsg->contentInfo); } @@ -147,9 +162,16 @@ NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg) SECItem * NSS_CMSMessage_GetContent(NSSCMSMessage *cmsg) { + NSSCMSContentInfo *cinfo; + SECItem *pItem; + + if (cmsg == NULL) { + return NULL; + } + /* this is a shortcut */ - NSSCMSContentInfo * cinfo = NSS_CMSMessage_GetContentInfo(cmsg); - SECItem * pItem = NSS_CMSContentInfo_GetInnerContent(cinfo); + cinfo = NSS_CMSMessage_GetContentInfo(cmsg); + pItem = NSS_CMSContentInfo_GetInnerContent(cinfo); return pItem; } @@ -164,6 +186,10 @@ NSS_CMSMessage_ContentLevelCount(NSSCMSMessage *cmsg) int count = 0; NSSCMSContentInfo *cinfo; + if (cmsg == NULL) { + return 0; + } + /* walk down the chain of contentinfos */ for (cinfo = &(cmsg->contentInfo); cinfo != NULL; ) { count++; @@ -183,6 +209,10 @@ NSS_CMSMessage_ContentLevel(NSSCMSMessage *cmsg, int n) int count = 0; NSSCMSContentInfo *cinfo; + if (cmsg == NULL) { + return NULL; + } + /* walk down the chain of contentinfos */ for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n; cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) { count++; @@ -199,6 +229,10 @@ NSS_CMSMessage_ContainsCertsOrCrls(NSSCMSMessage *cmsg) { NSSCMSContentInfo *cinfo; + if (cmsg == NULL) { + return PR_FALSE; + } + /* descend into CMS message */ for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) { if (!NSS_CMSType_IsData(NSS_CMSContentInfo_GetContentTypeTag(cinfo))) @@ -219,6 +253,10 @@ NSS_CMSMessage_IsEncrypted(NSSCMSMessage *cmsg) { NSSCMSContentInfo *cinfo; + if (cmsg == NULL) { + return PR_FALSE; + } + /* walk down the chain of contentinfos */ for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) { @@ -249,11 +287,18 @@ NSS_CMSMessage_IsSigned(NSSCMSMessage *cmsg) { NSSCMSContentInfo *cinfo; + if (cmsg == NULL) { + return PR_FALSE; + } + /* walk down the chain of contentinfos */ for (cinfo = &(cmsg->contentInfo); cinfo != NULL; cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) { switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) { case SEC_OID_PKCS7_SIGNED_DATA: + if (cinfo->content.signedData == NULL) { + return PR_FALSE; + } if (!NSS_CMSArray_IsEmpty((void **)cinfo->content.signedData->signerInfos)) return PR_TRUE; break; diff --git a/security/nss/lib/smime/cmsudf.c b/security/nss/lib/smime/cmsudf.c index 472b6d66..23d9273b 100644 --- a/security/nss/lib/smime/cmsudf.c +++ b/security/nss/lib/smime/cmsudf.c @@ -240,7 +240,7 @@ NSS_CMSGenericWrapperData_Destroy(SECOidTag type, NSSCMSGenericWrapperData *gd) { const nsscmstypeInfo *typeInfo = nss_cmstype_lookup(type); - if (typeInfo && typeInfo->destroy) { + if (typeInfo && typeInfo->destroy && (gd != NULL)) { (*typeInfo->destroy)(gd); } diff --git a/security/nss/lib/softoken/legacydb/lgattr.c b/security/nss/lib/softoken/legacydb/lgattr.c index 429ef872..b9ff13ef 100644 --- a/security/nss/lib/softoken/legacydb/lgattr.c +++ b/security/nss/lib/softoken/legacydb/lgattr.c @@ -960,9 +960,9 @@ lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type, case CKA_UNWRAP: return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr); case CKA_VALUE: - return lg_CopyPrivAttrSigned(attribute, type, - key->u.ec.privateValue.data, - key->u.ec.privateValue.len, sdbpw); + return lg_CopyPrivAttribute(attribute, type, + key->u.ec.privateValue.data, + key->u.ec.privateValue.len, sdbpw); case CKA_EC_PARAMS: return lg_CopyAttributeSigned(attribute, type, key->u.ec.ecParams.DEREncoding.data, diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index b0e9a6e6..01297812 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -1159,8 +1159,7 @@ CK_RV NSC_EncryptUpdate(CK_SESSION_HANDLE hSession, } /* encrypt the current padded data */ rv = (*context->update)(context->cipherInfo, pEncryptedPart, - &padoutlen, context->blockSize, context->padBuf, - context->blockSize); + &padoutlen, maxout, context->padBuf, context->blockSize); if (rv != SECSuccess) { return sftk_MapCryptError(PORT_GetError()); } @@ -6973,7 +6972,7 @@ key_and_mac_derive_fail: rv = ECDH_Derive(&ecPoint, &privKey->u.ec.ecParams, &ecScalar, withCofactor, &tmp); - PORT_Free(ecScalar.data); + PORT_ZFree(ecScalar.data, ecScalar.len); ecScalar.data = NULL; if (privKey != sourceKey->objectInfo) { nsslowkey_DestroyPrivateKey(privKey); diff --git a/security/nss/lib/ssl/Makefile b/security/nss/lib/ssl/Makefile index d56cbf29..d618a1f3 100644 --- a/security/nss/lib/ssl/Makefile +++ b/security/nss/lib/ssl/Makefile @@ -57,7 +57,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk export:: private_export -ifndef NSS_NO_PKCS11_BYPASS +#ifndef NSS_NO_PKCS11_BYPASS # indicates dependency on freebl static lib $(SHARED_LIBRARY): $(CRYPTOLIB) -endif +#endif diff --git a/security/nss/lib/ssl/config.mk b/security/nss/lib/ssl/config.mk index 40b1c301..ae77f5f9 100644 --- a/security/nss/lib/ssl/config.mk +++ b/security/nss/lib/ssl/config.mk @@ -14,13 +14,14 @@ endif ifdef NSS_NO_PKCS11_BYPASS DEFINES += -DNO_PKCS11_BYPASS -else +#else +endif CRYPTOLIB=$(SOFTOKEN_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) EXTRA_LIBS += \ $(CRYPTOLIB) \ $(NULL) -endif +#endif ifeq (,$(filter-out WIN%,$(OS_TARGET))) diff --git a/security/nss/lib/ssl/derive.c b/security/nss/lib/ssl/derive.c index 8b58b800..4220ed7d 100644 --- a/security/nss/lib/ssl/derive.c +++ b/security/nss/lib/ssl/derive.c @@ -23,6 +23,9 @@ #include "sslerr.h" #ifndef NO_PKCS11_BYPASS + +#error not patched for SHA384, see bug 923089 + /* make this a macro! */ #ifdef NOT_A_MACRO static void diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 61083fc1..7486185c 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -38,6 +38,17 @@ #include "zlib.h" #endif +#ifdef _MSC_VER +#if _MSC_VER < 1900 +#define inline +#endif + +#if _MSC_VER <= 1200 +typedef signed int intptr_t; +typedef unsigned int uintptr_t; +#endif +#endif /* defined(_MSC_VER) */ + #ifndef PK11_SETATTRS #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ (x)->pValue=(v); (x)->ulValueLen = (l); @@ -97,6 +108,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { #ifndef NSS_DISABLE_ECC { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around @@ -294,6 +306,7 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = { {cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0}, {cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0}, {cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8}, + {cipher_aes_256_gcm, calg_aes_gcm, 32,32, type_aead, 4, 0,16, 8}, {cipher_camellia_128_gcm, calg_camellia_gcm, 16,16, type_aead, 4, 0,16, 8}, {cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0}, }; @@ -419,8 +432,10 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa}, {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa}, + {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa}, {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa}, + {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_rsa}, // XXX: ssl_hash_sha384 hardcoded, see TenFourFox issue 480 {TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, cipher_camellia_128_gcm, mac_aead, kea_ecdhe_rsa}, {TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, cipher_camellia_128_gcm, mac_aead, kea_ecdhe_ecdsa}, @@ -502,6 +517,7 @@ static const SSLCipher2Mech alg2Mech[] = { #define mmech_md5_hmac CKM_MD5_HMAC #define mmech_sha_hmac CKM_SHA_1_HMAC #define mmech_sha256_hmac CKM_SHA256_HMAC +#define mmech_sha384_hmac CKM_SHA384_HMAC static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */ /* pad_size is only used for SSL 3.0 MAC. See RFC 6101 Sec. 5.2.3.1. */ @@ -513,6 +529,7 @@ static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */ {hmac_sha, mmech_sha_hmac, 0, SHA1_LENGTH}, {hmac_sha256, mmech_sha256_hmac, 0, SHA256_LENGTH}, { mac_aead, mmech_invalid, 0, 0 }, + {hmac_sha384, mmech_sha384_hmac, 0, SHA384_LENGTH}, }; /* indexed by SSL3BulkCipher */ @@ -674,6 +691,7 @@ ssl3_CipherSuiteAllowedForVersionRange( case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: case TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256: case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: + case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: case TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: @@ -2258,6 +2276,7 @@ ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms) #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11 && pwSpec->msItem.len && pwSpec->msItem.data) { /* Double Bypass succeeded in extracting the master_secret */ +#error not patched for SHA384, see bug 923089 const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; PRBool isTLS = (PRBool)(kea_def->tls_keygen || (pwSpec->version > SSL_LIBRARY_VERSION_3_0)); @@ -2392,6 +2411,7 @@ ssl3_ComputeRecordMAC( case ssl_hmac_sha256: /* used with TLS */ hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); break; +#error does not yet support SHA384, see bug 923089 default: break; } @@ -3636,6 +3656,55 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf) return SECSuccess; } +/* XXX: These are stubs for TenFourFox issue 480, based on bug 923089. + Instead of using the prf_hash field, these simply check the cipher. + If we add a whole lot of new ciphers, we should probably just bite the + bullet and add the hash field, but for now just hard-code them IN BOTH + PLACES. + + We get away with this because the code actually just maps ssl_hash_sha256 + and _none to SHA-256, and the only other value is SHA-384 for our + exception ciphers. */ + +inline static CK_MECHANISM_TYPE +ssl3_GetTls12PrfHashMechanism(sslSocket *ss) +{ +#if(0) +// For reference + switch (ss->ssl3.hs.suite_def->prf_hash) { + case ssl_hash_sha384: + return CKM_SHA384; + case ssl_hash_sha256: + case ssl_hash_none: + /* ssl_hash_none is for pre-1.2 suites, which use SHA-256. */ + return CKM_SHA256; + default: + PORT_Assert(0); + } + return CKM_SHA256; +#else + if (ss->ssl3.hs.cipher_suite == TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) + return CKM_SHA384; + return CKM_SHA256; +#endif +} + +inline static SSLHashType +ssl3_GetSuitePrfHash(sslSocket *ss) { +#if(0) +// For reference + /* ssl_hash_none is for pre-1.2 suites, which use SHA-256. */ + if (ss->ssl3.hs.suite_def->prf_hash == ssl_hash_none) { + return ssl_hash_sha256; + } + return ss->ssl3.hs.suite_def->prf_hash; +#else + if (ss->ssl3.hs.cipher_suite == TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) + return ssl_hash_sha384; + return ssl_hash_sha256; +#endif +} + /* This method completes the derivation of the MS from the PMS. ** ** 1. Derive the MS, if possible, else return an error. @@ -3753,7 +3822,7 @@ ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms, master_params.RandomInfo.pServerRandom = sr; master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH; if (isTLS12) { - master_params.prfHashMechanism = CKM_SHA256; + master_params.prfHashMechanism = ssl3_GetTls12PrfHashMechanism(ss); master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS); } else { /* prfHashMechanism is not relevant with this PRF */ @@ -3811,8 +3880,8 @@ tls_ComputeExtendedMasterSecretInt(sslSocket *ss, PK11SymKey *pms, } if (pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) { - /* TLS 1.2 */ - extended_master_params.prfHashMechanism = CKM_SHA256; + /* TLS 1.2+ */ + extended_master_params.prfHashMechanism = ssl3_GetTls12PrfHashMechanism(ss); key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; } else { /* TLS < 1.2 */ @@ -3998,7 +4067,7 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss) if (isTLS12) { key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; - key_material_params.prfHashMechanism = CKM_SHA256; + key_material_params.prfHashMechanism = ssl3_GetTls12PrfHashMechanism(ss); key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS); } else if (isTLS) { key_derive = CKM_TLS_KEY_AND_MAC_DERIVE; @@ -4076,11 +4145,14 @@ ssl3_InitHandshakeHashes(sslSocket *ss) if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { /* If we ever support ciphersuites where the PRF hash isn't SHA-256 * then this will need to be updated. */ +// We don't build with the bypass enabled, but this is here in case we need to. +#error handling for TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is incomplete ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(HASH_AlgSHA256); if (!ss->ssl3.hs.sha_obj) { ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); return SECFailure; } +#error see bug 923089 ss->ssl3.hs.sha_clone = (void (*)(void *, void *))SHA256_Clone; ss->ssl3.hs.hashType = handshake_hash_single; ss->ssl3.hs.sha_obj->begin(ss->ssl3.hs.sha_cx); @@ -4099,9 +4171,20 @@ ssl3_InitHandshakeHashes(sslSocket *ss) * that the master secret will wind up in ... */ if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { - /* If we ever support ciphersuites where the PRF hash isn't SHA-256 - * then this will need to be updated. */ - ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA256); + /* determine the hash from the prf */ + const SECOidData *hash_oid = + SECOID_FindOIDByMechanism(ssl3_GetTls12PrfHashMechanism(ss)); + + /* Get the PKCS #11 mechanism for the Hash from the cipher suite (prf_hash) + * Convert that to the OidTag. We can then use that OidTag to create our + * PK11Context */ + PORT_Assert(hash_oid != NULL); + if (hash_oid == NULL) { + ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); + return SECFailure; + } + + ss->ssl3.hs.sha = PK11_CreateDigestContext(hash_oid->offset); if (ss->ssl3.hs.sha == NULL) { ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); return SECFailure; @@ -4422,6 +4505,12 @@ ssl3_AppendSignatureAndHashAlgorithm( sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash) { PRUint8 serialized[2]; + SECOidTag hashAlg = ssl3_TLSHashAlgorithmToOID(sigAndHash->hashAlg); + if (hashAlg == SEC_OID_UNKNOWN) { + PORT_Assert(0); + PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); + return SECFailure; + } serialized[0] = (PRUint8)sigAndHash->hashAlg; serialized[1] = (PRUint8)sigAndHash->sigAlg; @@ -4755,6 +4844,8 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, /* If we ever support ciphersuites where the PRF hash isn't SHA-256 * then this will need to be updated. */ hashes->hashAlg = ssl_hash_sha256; +// We don't build with the bypass enabled, but this is here in case we need to. +#error handling for TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is incomplete rv = SECSuccess; } else if (ss->opt.bypassPKCS11) { /* compute them without PKCS11 */ @@ -4862,9 +4953,8 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, rv = SECFailure; goto tls12_loser; } - /* If we ever support ciphersuites where the PRF hash isn't SHA-256 - * then this will need to be updated. */ - hashes->hashAlg = ssl_hash_sha256; + + hashes->hashAlg = ssl3_GetSuitePrfHash(ss); rv = SECSuccess; tls12_loser: @@ -6285,7 +6375,26 @@ loser: +/* Once a cipher suite has been selected, make sure that the necessary secondary + * information is properly set. */ +static SECStatus +ssl3_SetCipherSuite(sslSocket *ss, ssl3CipherSuite chosenSuite) +{ + ss->ssl3.hs.cipher_suite = chosenSuite; + ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef(chosenSuite); + if (!ss->ssl3.hs.suite_def) { + PORT_Assert(0); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + // XXX? + ss->ssl3.hs.kea_def = &kea_defs[ss->ssl3.hs.suite_def->key_exchange_alg]; + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; + + /* Now we've have a cipher suite, initialize the handshake hashes. */ + return ssl3_InitHandshakeHashes(ss); +} /* Called from ssl3_HandleServerHelloDone(). */ static SECStatus @@ -6526,13 +6635,6 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version; isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); - rv = ssl3_InitHandshakeHashes(ss); - if (rv != SECSuccess) { - desc = internal_error; - errCode = PORT_GetError(); - goto alert_loser; - } - rv = ssl3_ConsumeHandshake( ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length); if (rv != SECSuccess) { @@ -6581,13 +6683,12 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) errCode = SSL_ERROR_NO_CYPHER_OVERLAP; goto alert_loser; } - ss->ssl3.hs.cipher_suite = (ssl3CipherSuite)temp; - ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef((ssl3CipherSuite)temp); - ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; - PORT_Assert(ss->ssl3.hs.suite_def); - if (!ss->ssl3.hs.suite_def) { - PORT_SetError(errCode = SEC_ERROR_LIBRARY_FAILURE); - goto loser; /* we don't send alerts for our screw-ups. */ + + rv = ssl3_SetCipherSuite(ss, (ssl3CipherSuite)temp); + if (rv != SECSuccess) { + desc = internal_error; + errCode = PORT_GetError(); + goto alert_loser; } /* find selected compression method in our list. */ @@ -7172,7 +7273,7 @@ done: /* Destroys the backup handshake hash context if we don't need it. Note that * this function selects the hash algorithm for client authentication * signatures; ssl3_SendCertificateVerify uses the presence of the backup hash - * to determine whether to use SHA-1 or SHA-256. */ + * to determine whether to use SHA-1, or the PRF hash of the cipher suite. */ static void ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, const SECItem *algorithms) @@ -7181,7 +7282,7 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, SSLSignType sigAlg; PRBool preferSha1; PRBool supportsSha1 = PR_FALSE; - PRBool supportsSha256 = PR_FALSE; + PRBool supportsHandshakeHash = PR_FALSE; PRBool needBackupHash = PR_FALSE; unsigned int i; @@ -7205,15 +7306,17 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, if (algorithms->data[i+1] == sigAlg) { if (algorithms->data[i] == ssl_hash_sha1) { supportsSha1 = PR_TRUE; - } else if (algorithms->data[i] == ssl_hash_sha256) { - supportsSha256 = PR_TRUE; - } - } + } else if (algorithms->data[i] == ssl_hash_sha256 || algorithms->data[i] == ssl_hash_sha384) { + /* XXX: This is wrong, but works. If we implement prf_hash, + we should fix it. See bug 923089. */ + supportsHandshakeHash = PR_TRUE; + } + } } - /* If either the server does not support SHA-256 or the client key prefers + /* If either the server does not support the handshake hash or the client key prefers * SHA-1, leave the backup hash. */ - if (supportsSha1 && (preferSha1 || !supportsSha256)) { + if (supportsSha1 && (preferSha1 || !supportsHandshakeHash)) { needBackupHash = PR_TRUE; } @@ -8240,14 +8343,16 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (!suite->enabled) break; #endif - /* Double check that the cached cipher suite is in the client's list */ + /* Double check that the cached cipher suite is in the client's + * list. If it isn't, fall through and start a new session. */ for (i = 0; i + 1 < suites.len; i += 2) { PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; if (suite_i == suite->cipher_suite) { - ss->ssl3.hs.cipher_suite = suite->cipher_suite; - ss->ssl3.hs.suite_def = - ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); - ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; + if (ssl3_SetCipherSuite(ss, suite_i) != SECSuccess) { + desc = internal_error; + errCode = PORT_GetError(); + goto alert_loser; + } /* Use the cached compression method. */ ss->ssl3.hs.compression = sid->u.ssl3.compression; @@ -8290,10 +8395,11 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) for (i = 0; i + 1 < suites.len; i += 2) { PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; if (suite_i == suite->cipher_suite) { - ss->ssl3.hs.cipher_suite = suite->cipher_suite; - ss->ssl3.hs.suite_def = - ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); - ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; + if (ssl3_SetCipherSuite(ss, suite_i) != SECSuccess) { + desc = internal_error; + errCode = PORT_GetError(); + goto alert_loser; + } goto suite_found; } } @@ -8807,13 +8913,6 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) } ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version; - rv = ssl3_InitHandshakeHashes(ss); - if (rv != SECSuccess) { - desc = internal_error; - errCode = PORT_GetError(); - goto alert_loser; - } - /* if we get a non-zero SID, just ignore it. */ if (length != SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length + rand_length) { @@ -8867,10 +8966,11 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) for (i = 0; i+2 < suite_length; i += 3) { PRUint32 suite_i = (suites[i] << 16)|(suites[i+1] << 8)|suites[i+2]; if (suite_i == suite->cipher_suite) { - ss->ssl3.hs.cipher_suite = suite->cipher_suite; - ss->ssl3.hs.suite_def = - ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); - ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; + if (ssl3_SetCipherSuite(ss, suite_i) != SECSuccess) { + desc = internal_error; + errCode = PORT_GetError(); + goto alert_loser; + } goto suite_found; } } @@ -9419,6 +9519,8 @@ ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf, unsigned maxLen, PRUint32 *len) { unsigned int i; + /* We only track a single hash, the one that is the basis for the PRF. */ + SSLHashType suiteHashAlg = ssl3_GetSuitePrfHash(ss); PORT_Assert(maxLen >= ss->ssl3.signatureAlgorithmCount * 2); if (maxLen < ss->ssl3.signatureAlgorithmCount * 2) { @@ -9430,9 +9532,9 @@ ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf, for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { const SSLSignatureAndHashAlg *alg = &ss->ssl3.signatureAlgorithms[i]; /* Note that we don't support a handshake hash with anything other than - * SHA-256, so asking for a signature from clients for something else - * would be inviting disaster. */ - if (alg->hashAlg == ssl_hash_sha256) { + * the PRF hash, so asking for a signature from clients for something + * else would be inviting disaster. */ + if (alg->hashAlg == suiteHashAlg) { buf[(*len)++] = (PRUint8)alg->hashAlg; buf[(*len)++] = (PRUint8)alg->sigAlg; } @@ -9713,6 +9815,24 @@ ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec, return pms; } +static void +ssl3_CSwapPK11SymKey(PK11SymKey **x, PK11SymKey **y, PRBool c) +{ + uintptr_t x_ptr = (uintptr_t)*x; + uintptr_t y_ptr = (uintptr_t)*y; + uintptr_t mask = (uintptr_t)c; + uintptr_t tmp; + unsigned int i; + for (i = 1; i < sizeof(uintptr_t) * 8; i <<= 1) { + mask |= mask << i; + } + tmp = (x_ptr ^ y_ptr) & mask; + x_ptr = x_ptr ^ tmp; + y_ptr = y_ptr ^ tmp; + *x = (PK11SymKey *)x_ptr; + *y = (PK11SymKey *)y_ptr; +} + /* Note: The Bleichenbacher attack on PKCS#1 necessitates that we NEVER * return any indication of failure of the Client Key Exchange message, * where that failure is caused by the content of the client's message. @@ -9808,6 +9928,7 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, rv = PK11_GenerateRandom(rsaPmsBuf, sizeof rsaPmsBuf); } } +#error not patched for SHA384, see bug 923089 /* have PMS, build MS without PKCS11 */ rv = ssl3_MasterSecretDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS, PR_TRUE); @@ -9820,13 +9941,9 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, } else #endif { - PK11SymKey *tmpPms[2] = {NULL, NULL}; - PK11SlotInfo *slot; - int useFauxPms = 0; -#define currentPms tmpPms[!useFauxPms] -#define unusedPms tmpPms[useFauxPms] -#define realPms tmpPms[1] -#define fauxPms tmpPms[0] + PK11SymKey *pms = NULL; + PK11SymKey *fauxPms = NULL; + PK11SlotInfo *slot = NULL; #ifndef NO_PKCS11_BYPASS double_bypass: @@ -9886,29 +10003,28 @@ double_bypass: * the unwrap. Rather, it is the mechanism with which the * unwrapped pms will be used. */ - realPms = PK11_PubUnwrapSymKey(serverKey, &enc_pms, - CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, 0); + pms = PK11_PubUnwrapSymKey(serverKey, &enc_pms, + CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, 0); + /* Temporarily use the PMS if unwrapping the real PMS fails. */ - useFauxPms |= (realPms == NULL); + ssl3_CSwapPK11SymKey(&pms, &fauxPms, pms == NULL); /* Attempt to derive the MS from the PMS. This is the only way to * check the version field in the RSA PMS. If this fails, we * then use the faux PMS in place of the PMS. Note that this * operation should never fail if we are using the faux PMS * since it is correctly formatted. */ - rv = ssl3_ComputeMasterSecret(ss, currentPms, NULL); - /* If we succeeded, then select the true PMS and discard the - * FPMS. Else, select the FPMS and select the true PMS */ - useFauxPms |= (rv != SECSuccess); - - if (unusedPms) { - PK11_FreeSymKey(unusedPms); - } + rv = ssl3_ComputeMasterSecret(ss, pms, NULL); + /* If we succeeded, then select the true PMS, else select the FPMS. */ + ssl3_CSwapPK11SymKey(&pms, &fauxPms, (rv != SECSuccess) & (fauxPms != NULL)); /* This step will derive the MS from the PMS, among other things. */ - rv = ssl3_InitPendingCipherSpec(ss, currentPms); - PK11_FreeSymKey(currentPms); + rv = ssl3_InitPendingCipherSpec(ss, pms); + + /* Clear both PMS. */ + PK11_FreeSymKey(pms); + PK11_FreeSymKey(fauxPms); } if (rv != SECSuccess) { @@ -9916,11 +10032,6 @@ double_bypass: return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */ } -#undef currentPms -#undef unusedPms -#undef realPms -#undef fauxPms - return SECSuccess; } @@ -10886,7 +10997,7 @@ done: } static SECStatus -ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, +ssl3_ComputeTLSFinished(sslSocket *ss, ssl3CipherSpec *spec, PRBool isServer, const SSL3Hashes * hashes, TLSFinished * tlsFinished) @@ -10909,7 +11020,7 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) { tls_mac_params.prfMechanism = CKM_TLS_PRF; } else { - tls_mac_params.prfMechanism = CKM_SHA256; + tls_mac_params.prfMechanism = ssl3_GetTls12PrfHashMechanism(ss); } tls_mac_params.ulMacLength = 12; tls_mac_params.ulServerOrClient = isServer ? 1 : 2; @@ -11111,7 +11222,7 @@ ssl3_SendFinished(sslSocket *ss, PRInt32 flags) isTLS = (PRBool)(cwSpec->version > SSL_LIBRARY_VERSION_3_0); rv = ssl3_ComputeHandshakeHashes(ss, cwSpec, &hashes, sender); if (isTLS && rv == SECSuccess) { - rv = ssl3_ComputeTLSFinished(cwSpec, isServer, &hashes, &tlsFinished); + rv = ssl3_ComputeTLSFinished(ss, cwSpec, isServer, &hashes, &tlsFinished); } ssl_ReleaseSpecReadLock(ss); if (rv != SECSuccess) { @@ -11282,7 +11393,7 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED); return SECFailure; } - rv = ssl3_ComputeTLSFinished(ss->ssl3.crSpec, !isServer, + rv = ssl3_ComputeTLSFinished(ss, ss->ssl3.crSpec, !isServer, hashes, &tlsFinished); if (!isServer) ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished; diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index 4aac635c..fc4f91d2 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -931,6 +931,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, @@ -952,6 +953,7 @@ static const ssl3CipherSuite ecSuites[] = { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c index 3b09b5bd..8d04c153 100644 --- a/security/nss/lib/ssl/sslenum.c +++ b/security/nss/lib/ssl/sslenum.c @@ -50,6 +50,7 @@ const PRUint16 SSL_ImplementedCiphers[] = { #ifndef NSS_DISABLE_ECC TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index de4f64db..28d80f16 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -64,6 +64,7 @@ typedef SSLSignType SSL3SignType; #define hmac_md5 ssl_hmac_md5 #define hmac_sha ssl_hmac_sha #define hmac_sha256 ssl_hmac_sha256 +#define hmac_sha384 ssl_hmac_sha384 #define mac_aead ssl_mac_aead #define SET_ERROR_CODE /* reminder */ @@ -292,7 +293,7 @@ typedef struct { } ssl3CipherSuiteCfg; #ifndef NSS_DISABLE_ECC -#define ssl_V3_SUITES_IMPLEMENTED 66 +#define ssl_V3_SUITES_IMPLEMENTED 67 #else #define ssl_V3_SUITES_IMPLEMENTED 40 #endif /* NSS_DISABLE_ECC */ @@ -478,6 +479,7 @@ typedef enum { cipher_camellia_256, cipher_seed, cipher_aes_128_gcm, + cipher_aes_256_gcm, cipher_camellia_128_gcm, cipher_missing /* reserved for no such supported cipher */ /* This enum must match ssl3_cipherName[] in ssl3con.c. */ @@ -596,7 +598,7 @@ typedef struct { ssl3KeyMaterial client; ssl3KeyMaterial server; SECItem msItem; - unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; + unsigned char key_block[NUM_MIXERS * HASH_LENGTH_MAX]; unsigned char raw_master_secret[56]; SECItem srvVirtName; /* for server: name that was negotiated * with a client. For client - is diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c index f631ec40..41ea6aee 100644 --- a/security/nss/lib/ssl/sslinfo.c +++ b/security/nss/lib/ssl/sslinfo.c @@ -160,6 +160,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, #define B_0 0, 0, 0 #define M_AEAD_128 "AEAD", ssl_mac_aead, 128 +#define M_SHA384 "SHA384", ssl_hmac_sha384, 384 #define M_SHA256 "SHA256", ssl_hmac_sha256, 256 #define M_SHA "SHA1", ssl_mac_sha, 160 #define M_MD5 "MD5", ssl_mac_md5, 128 @@ -216,6 +217,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = { #ifndef NSS_DISABLE_ECC /* ECC cipher suites */ {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, +{0,CS(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_ECDHE, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, }, {0,CS(TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, {0,CS(TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, diff --git a/security/nss/lib/ssl/sslproto.h b/security/nss/lib/ssl/sslproto.h index 246447b7..055d89e3 100644 --- a/security/nss/lib/ssl/sslproto.h +++ b/security/nss/lib/ssl/sslproto.h @@ -258,6 +258,7 @@ #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B #define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F +#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 #define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h index 6f5d609e..cc0d9d2c 100644 --- a/security/nss/lib/ssl/sslt.h +++ b/security/nss/lib/ssl/sslt.h @@ -115,7 +115,8 @@ typedef enum { ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */ ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */ ssl_hmac_sha256 = 5, - ssl_mac_aead = 6 + ssl_mac_aead = 6, + ssl_hmac_sha384 = 7 } SSLMACAlgorithm; typedef enum { diff --git a/security/nss/lib/util/quickder.c b/security/nss/lib/util/quickder.c index fe72b293..40e38c51 100644 --- a/security/nss/lib/util/quickder.c +++ b/security/nss/lib/util/quickder.c @@ -870,8 +870,15 @@ static SECStatus DecodeItem(void* dest, break; } - case SEC_ASN1_BIT_STRING: - { + case SEC_ASN1_BIT_STRING: { + /* Can't be 8 or more spare bits, or any spare bits + * if there are no octets. */ + if (temp.data[0] >= 8 || (temp.data[0] > 0 && temp.len == 1)) { + PORT_SetError(SEC_ERROR_BAD_DER); + rv = SECFailure; + break; + } + /* change the length in the SECItem to be the number of bits */ temp.len = (temp.len-1)*8 - (temp.data[0] & 0x7); diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c index 942abab9..ad15d0b0 100644 --- a/security/nss/lib/util/secoid.c +++ b/security/nss/lib/util/secoid.c @@ -466,6 +466,7 @@ CONST_OID aes128_OFB[] = { AES, 3 }; CONST_OID aes128_CFB[] = { AES, 4 }; #endif CONST_OID aes128_KEY_WRAP[] = { AES, 5 }; +CONST_OID aes128_GCM[] = { AES, 6 }; CONST_OID aes192_ECB[] = { AES, 21 }; CONST_OID aes192_CBC[] = { AES, 22 }; @@ -474,6 +475,7 @@ CONST_OID aes192_OFB[] = { AES, 23 }; CONST_OID aes192_CFB[] = { AES, 24 }; #endif CONST_OID aes192_KEY_WRAP[] = { AES, 25 }; +CONST_OID aes192_GCM[] = { AES, 26 }; CONST_OID aes256_ECB[] = { AES, 41 }; CONST_OID aes256_CBC[] = { AES, 42 }; @@ -482,6 +484,7 @@ CONST_OID aes256_OFB[] = { AES, 43 }; CONST_OID aes256_CFB[] = { AES, 44 }; #endif CONST_OID aes256_KEY_WRAP[] = { AES, 45 }; +CONST_OID aes256_GCM[] = { AES, 46 }; CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2}; CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3}; @@ -1639,7 +1642,14 @@ const static SECOidData oids[SEC_OID_TOTAL] = { "Microsoft Trust List Signing", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), OD( x520Name, SEC_OID_AVA_NAME, - "X520 Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ) + "X520 Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), + + OD( aes128_GCM, SEC_OID_AES_128_GCM, + "AES-128-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ), + OD( aes192_GCM, SEC_OID_AES_192_GCM, + "AES-192-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ), + OD( aes256_GCM, SEC_OID_AES_256_GCM, + "AES-256-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ) }; /* PRIVATE EXTENDED SECOID Table diff --git a/security/nss/lib/util/secoidt.h b/security/nss/lib/util/secoidt.h index 747450ed..13fb7de0 100644 --- a/security/nss/lib/util/secoidt.h +++ b/security/nss/lib/util/secoidt.h @@ -443,6 +443,10 @@ typedef enum { /* The 'name' attribute type in X.520 */ SEC_OID_AVA_NAME = 317, + SEC_OID_AES_128_GCM = 318, + SEC_OID_AES_192_GCM = 319, + SEC_OID_AES_256_GCM = 320, + SEC_OID_TOTAL } SECOidTag; From cd62ee110247da0275e5e1d61dfefb3cf267e80f Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Thu, 9 Jan 2020 00:31:35 +0800 Subject: [PATCH 11/15] ssl3con: add missing AES-256-GCM in ssl3_cipherName --- security/nss/lib/ssl/ssl3con.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 7486185c..2a2faf71 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -550,6 +550,7 @@ const char * const ssl3_cipherName[] = { "Camellia-256", "SEED-CBC", "AES-128-GCM", + "AES-256-GCM", "Camellia-128-GCM", "missing" }; From 9ab743b4d6c20939caffd149ddc7a6be8a9777a9 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Mon, 27 Jan 2020 12:16:12 +0800 Subject: [PATCH 12/15] [NSS] sqlite3: turn explicitly linked InterlockedCompareExchange to dynamic loading with emulation, should work on Win95, and remove usage of GetFileAttributesExW which is not exist on NT 3.51 --- security/nss/lib/sqlite/sqlite3.c | 96 ++++++++++++++++++++++--------- 1 file changed, 69 insertions(+), 27 deletions(-) diff --git a/security/nss/lib/sqlite/sqlite3.c b/security/nss/lib/sqlite/sqlite3.c index 8f261e80..90f6bb9b 100644 --- a/security/nss/lib/sqlite/sqlite3.c +++ b/security/nss/lib/sqlite/sqlite3.c @@ -18318,6 +18318,51 @@ static int winMutexNotheld(sqlite3_mutex *p){ #endif +typedef PVOID WINAPI interlocked_cmp_xchg_t(PVOID *dest, PVOID exc, PVOID comperand); + +/* Sorry mate, but we haven't got InterlockedCompareExchange in Win95! */ +static PVOID WINAPI +interlocked_cmp_xchg(PVOID *dest, PVOID exc, PVOID comperand) +{ + static LONG spinlock = 0; + PVOID result; + DWORD dwSleep = 0; + + /* Acqire spinlock (yielding control to other threads if cant aquire for the moment) */ + while(InterlockedExchange(&spinlock, 1)) + { + // Using Sleep(0) can cause a priority inversion. + // Sleep(0) only yields the processor if there's + // another thread of the same priority that's + // ready to run. If a high-priority thread is + // trying to acquire the lock, which is held by + // a low-priority thread, then the low-priority + // thread may never get scheduled and hence never + // free the lock. NT attempts to avoid priority + // inversions by temporarily boosting the priority + // of low-priority runnable threads, but the problem + // can still occur if there's a medium-priority + // thread that's always runnable. If Sleep(1) is used, + // then the thread unconditionally yields the CPU. We + // only do this for the second and subsequent even + // iterations, since a millisecond is a long time to wait + // if the thread can be scheduled in again sooner + // (~100,000 instructions). + // Avoid priority inversion: 0, 1, 0, 1,... + Sleep(dwSleep); + dwSleep = !dwSleep; + } + result = *dest; + if (result == comperand) + *dest = exc; + /* Release spinlock */ + spinlock = 0; + return result; +} + +static interlocked_cmp_xchg_t *ixchg; + + /* ** Initialize and deinitialize the mutex subsystem. */ @@ -18340,8 +18385,15 @@ static long winMutex_lock = 0; SQLITE_API void sqlite3_win32_sleep(DWORD milliseconds); /* os_win.c */ static int winMutexInit(void){ + if (!ixchg) + { + /* Sorely, Win95 has no InterlockedCompareExchange API (Win98 has), so we have to use emulation */ + HANDLE kernel = GetModuleHandleA("kernel32.dll"); + if (!kernel || (ixchg = (interlocked_cmp_xchg_t *)GetProcAddress(kernel, "InterlockedCompareExchange")) == NULL) + ixchg = interlocked_cmp_xchg; + } /* The first to increment to 1 does actual initialization */ - if( InterlockedCompareExchange(&winMutex_lock, 1, 0)==0 ){ + if( ixchg(&winMutex_lock, 1, 0)==0 ){ int i; for(i=0; i Date: Mon, 27 Jan 2020 12:53:45 +0800 Subject: [PATCH 13/15] [NSS] sqlite3: fix CP_UTF8 not working in Win95 and NT3.51 --- security/nss/lib/sqlite/sqlite3.c | 165 +++++++++++++++++++++++++++++- 1 file changed, 161 insertions(+), 4 deletions(-) diff --git a/security/nss/lib/sqlite/sqlite3.c b/security/nss/lib/sqlite/sqlite3.c index 90f6bb9b..86f376cc 100644 --- a/security/nss/lib/sqlite/sqlite3.c +++ b/security/nss/lib/sqlite/sqlite3.c @@ -31418,6 +31418,163 @@ SQLITE_PRIVATE void sqlite3MemSetDefault(void){ } #endif /* SQLITE_WIN32_MALLOC */ +/*** UTF16<-->UTF8 functions minicking MultiByteToWideChar/WideCharToMultiByte ***/ +int utf8GetMaskIndex(unsigned char n) { + if((unsigned char)(n + 2) < 0xc2) return 1; // 00~10111111, fe, ff + if(n < 0xe0) return 2; // 110xxxxx + if(n < 0xf0) return 3; // 1110xxxx + if(n < 0xf8) return 4; // 11110xxx + if(n < 0xfc) return 5; // 111110xx + return 6; // 1111110x +} + +int wc2Utf8Len(wchar_t ** n, int *len) { + wchar_t *ch = *n, ch2; + int qch; + if((0xD800 <= *ch && *ch <= 0xDBFF) && *len) { + ch2 = *(ch + 1); + if(0xDC00 <= ch2 && ch2 <= 0xDFFF) { + qch = 0x10000 + (((*ch - 0xD800) & 0x3ff) << 10) + ((ch2 - 0xDC00) & 0x3ff); + (*n)++; + (*len)--; + } + } + else + qch = (int) *ch; + + if (qch <= 0x7f) return 1; + else if (qch <= 0x7ff) return 2; + else if (qch <= 0xffff) return 3; + else if (qch <= 0x1fffff) return 4; + else if (qch <= 0x3ffffff) return 5; + else return 6; +} + +int Utf8ToWideChar(unsigned int unused1, unsigned long unused2, char *sb, int ss, wchar_t * wb, int ws) { + static const unsigned char utf8mask[] = { 0, 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01 }; + char *p = (char *)(sb); + char *e = (char *)(sb + ss); + wchar_t *w = wb; + int cnt = 0, t, qch; + + if (ss < 1) { + ss = lstrlenA(sb); + e = (char *)(sb + ss); + } + + if (wb && ws) { + for (; p < e; ++w) { + t = utf8GetMaskIndex(*p); + qch = (*p++ & utf8mask[t]); + while(p < e && --t) + qch <<= 6, qch |= (*p++) & 0x3f; + if(qch < 0x10000) { + if(cnt <= ws) + *w = (wchar_t) qch; + cnt++; + } else { + if (cnt + 2 <= ws) { + *w++ = (wchar_t) (0xD800 + (((qch - 0x10000) >> 10) & 0x3ff)), + *w = (wchar_t) (0xDC00 + (((qch - 0x10000)) & 0x3ff)); + } + cnt += 2; + } + } + if(cnt < ws) { + *(wb+cnt) = 0; + return cnt; + } else { + *(wb+ws) = 0; + return ws; + } + } else { + for (t; p < e;) { + t = utf8GetMaskIndex(*p); + qch = (*p++ & utf8mask[t]); + while (p < e && --t) + qch <<= 6, qch |= (*p++) & 0x3f; + if (qch < 0x10000) + cnt++; + else + cnt += 2; + } + return cnt+1; + } +} + +int WideCharToUtf8(unsigned int unused1, unsigned long unused2, wchar_t * wb, int ws, char *sb, int ss) { + wchar_t *p = (wchar_t *)(wb); + wchar_t *e = (wchar_t *)(wb + ws); + wchar_t *oldp; + char *s = sb; + int cnt = 0, qch, t; + + if (ws < 1) { + ws = lstrlenW(wb); + e = (wchar_t *)(wb + ws); + } + + if (sb && ss) { + for (t; p < e; ++p) { + oldp = p; + t = wc2Utf8Len(&p, &ws); + + if (p != oldp) { /* unicode surrogates encountered */ + qch = 0x10000 + (((*oldp - 0xD800) & 0x3ff) << 10) + ((*p - 0xDC00) & 0x3ff); + } else + qch = *p; + + if (qch <= 0x7f) + *s++ = (char) (qch), + cnt++; + else if (qch <= 0x7ff) + *s++ = 0xc0 | (char) (qch >> 6), + *s++ = 0x80 | (char) (qch & 0x3f), + cnt += 2; + else if (qch <= 0xffff) + *s++ = 0xe0 | (char) (qch >> 12), + *s++ = 0x80 | (char) ((qch >> 6) & 0x3f), + *s++ = 0x80 | (char) (qch & 0x3f), + cnt += 3; + else if (qch <= 0x1fffff) + *s++ = 0xf0 | (char) (qch >> 18), + *s++ = 0x80 | (char) ((qch >> 12) & 0x3f), + *s++ = 0x80 | (char) ((qch >> 6) & 0x3f), + *s++ = 0x80 | (char) (qch & 0x3f), + cnt += 4; + else if (qch <= 0x3ffffff) + *s++ = 0xf8 | (char) (qch >> 24), + *s++ = 0x80 | (char) ((qch >> 18) & 0x3f), + *s++ = 0x80 | (char) ((qch >> 12) & 0x3f), + *s++ = 0x80 | (char) ((qch >> 6) & 0x3f), + *s++ = 0x80 | (char) (qch & 0x3f), + cnt += 5; + else + *s++ = 0xfc | (char) (qch >> 30), + *s++ = 0x80 | (char) ((qch >> 24) & 0x3f), + *s++ = 0x80 | (char) ((qch >> 18) & 0x3f), + *s++ = 0x80 | (char) ((qch >> 12) & 0x3f), + *s++ = 0x80 | (char) ((qch >> 6) & 0x3f), + *s++ = 0x80 | (char) (qch & 0x3f), + cnt += 6; + } + if(cnt < ss) { + *(sb+cnt) = 0; + return cnt; + } else { + *(sb+ss) = 0; + return ss; + } + } else { + for (t; p < e; ++p) { + t = wc2Utf8Len(&p, &ws); + cnt += t; + } + return cnt+1; + } +} +/*** Ends ***/ + /* ** Convert a UTF-8 string to Microsoft Unicode (UTF-16?). ** @@ -31427,7 +31584,7 @@ static LPWSTR utf8ToUnicode(const char *zFilename){ int nChar; LPWSTR zWideFilename; - nChar = osMultiByteToWideChar(CP_UTF8, 0, zFilename, -1, NULL, 0); + nChar = Utf8ToWideChar(CP_UTF8, 0, zFilename, -1, NULL, 0); if( nChar==0 ){ return 0; } @@ -31435,7 +31592,7 @@ static LPWSTR utf8ToUnicode(const char *zFilename){ if( zWideFilename==0 ){ return 0; } - nChar = osMultiByteToWideChar(CP_UTF8, 0, zFilename, -1, zWideFilename, + nChar = Utf8ToWideChar(CP_UTF8, 0, zFilename, -1, zWideFilename, nChar); if( nChar==0 ){ sqlite3_free(zWideFilename); @@ -31452,7 +31609,7 @@ static char *unicodeToUtf8(LPCWSTR zWideFilename){ int nByte; char *zFilename; - nByte = osWideCharToMultiByte(CP_UTF8, 0, zWideFilename, -1, 0, 0, 0, 0); + nByte = WideCharToUtf8(CP_UTF8, 0, zWideFilename, -1, 0, 0, 0, 0); if( nByte == 0 ){ return 0; } @@ -31460,7 +31617,7 @@ static char *unicodeToUtf8(LPCWSTR zWideFilename){ if( zFilename==0 ){ return 0; } - nByte = osWideCharToMultiByte(CP_UTF8, 0, zWideFilename, -1, zFilename, nByte, + nByte = WideCharToUtf8(CP_UTF8, 0, zWideFilename, -1, zFilename, nByte, 0, 0); if( nByte == 0 ){ sqlite3_free(zFilename); From db2c36920504e182562d3f4a4423e1e188c939c0 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Fri, 31 Jan 2020 15:54:04 +0800 Subject: [PATCH 14/15] import NSS mozilla upstream changes in order to implement ChaCha20-Poly1305 support: bug917571, bug1227905, bug1255443, bug1265196 --- security/nss/cmd/bltest/blapitest.c | 174 ++++- .../cmd/bltest/tests/chacha20_poly1305/aad0 | 1 + .../tests/chacha20_poly1305/ciphertext0 | 1 + .../tests/chacha20_poly1305/ciphertext1 | 1 + .../cmd/bltest/tests/chacha20_poly1305/key0 | 1 + .../cmd/bltest/tests/chacha20_poly1305/key1 | 1 + .../bltest/tests/chacha20_poly1305/numtests | 1 + .../bltest/tests/chacha20_poly1305/plaintext0 | 1 + .../bltest/tests/chacha20_poly1305/plaintext1 | 1 + security/nss/cmd/ssltap/ssltap.c | 4 + security/nss/lib/dbm/include/cdefs.h | 126 ++++ security/nss/lib/dbm/include/mpool.h | 97 +++ security/nss/lib/freebl/Makefile | 25 + security/nss/lib/freebl/blapi.h | 29 + security/nss/lib/freebl/blapit.h | 2 + security/nss/lib/freebl/chacha20.c | 111 ++++ security/nss/lib/freebl/chacha20.h | 26 + security/nss/lib/freebl/chacha20_vec.c | 278 ++++++++ security/nss/lib/freebl/chacha20poly1305.c | 175 +++++ security/nss/lib/freebl/chacha20poly1305.h | 15 + security/nss/lib/freebl/ldvector.c | 10 +- security/nss/lib/freebl/loader.c | 56 ++ security/nss/lib/freebl/loader.h | 29 +- security/nss/lib/freebl/manifest.mn | 2 + ...ly1305-donna-x64-sse2-incremental-source.c | 623 ++++++++++++++++++ security/nss/lib/freebl/poly1305.c | 261 ++++++++ security/nss/lib/freebl/poly1305.h | 28 + security/nss/lib/pk11wrap/pk11mech.c | 7 + security/nss/lib/softoken/pkcs11.c | 3 + security/nss/lib/softoken/pkcs11c.c | 124 ++++ security/nss/lib/softoken/pkcs11i.h | 12 + security/nss/lib/ssl/manifest.mn | 2 +- security/nss/lib/ssl/ssl3con.c | 106 ++- security/nss/lib/ssl/ssl3ecc.c | 4 + security/nss/lib/ssl/sslenum.c | 3 + security/nss/lib/ssl/sslimpl.h | 6 +- security/nss/lib/ssl/sslinfo.c | 4 + security/nss/lib/ssl/sslproto.h | 4 + security/nss/lib/ssl/sslt.h | 3 +- security/nss/lib/util/pkcs11n.h | 13 + security/nss/lib/util/secoid.c | 6 +- security/nss/lib/util/secoidt.h | 2 + security/nss/tests/cipher/cipher.txt | 2 + security/nss/tests/ssl/ssl.sh | 12 +- security/nss/tests/ssl/sslcov.txt | 1 + 45 files changed, 2356 insertions(+), 37 deletions(-) create mode 100644 security/nss/cmd/bltest/tests/chacha20_poly1305/aad0 create mode 100644 security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext0 create mode 100644 security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext1 create mode 100644 security/nss/cmd/bltest/tests/chacha20_poly1305/key0 create mode 100644 security/nss/cmd/bltest/tests/chacha20_poly1305/key1 create mode 100644 security/nss/cmd/bltest/tests/chacha20_poly1305/numtests create mode 100644 security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext0 create mode 100644 security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext1 create mode 100644 security/nss/lib/dbm/include/cdefs.h create mode 100644 security/nss/lib/dbm/include/mpool.h create mode 100644 security/nss/lib/freebl/chacha20.c create mode 100644 security/nss/lib/freebl/chacha20.h create mode 100644 security/nss/lib/freebl/chacha20_vec.c create mode 100644 security/nss/lib/freebl/chacha20poly1305.c create mode 100644 security/nss/lib/freebl/chacha20poly1305.h create mode 100644 security/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c create mode 100644 security/nss/lib/freebl/poly1305.c create mode 100644 security/nss/lib/freebl/poly1305.h diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c index 204814d8..74de908d 100644 --- a/security/nss/cmd/bltest/blapitest.c +++ b/security/nss/cmd/bltest/blapitest.c @@ -613,6 +613,17 @@ typedef SECStatus (* bltestSymmCipherFn)(void *cx, const unsigned char *input, unsigned int inputLen); +typedef SECStatus (* bltestAEADFn)(void *cx, + unsigned char *output, + unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, + unsigned int inputLen, + const unsigned char *nonce, + unsigned int nonceLen, + const unsigned char *ad, + unsigned int adLen); + typedef SECStatus (* bltestPubKeyCipherFn)(void *key, SECItem *output, const SECItem *input); @@ -646,6 +657,7 @@ typedef enum { bltestCAMELLIA_CBC, /* . */ bltestSEED_ECB, /* SEED algorithm */ bltestSEED_CBC, /* SEED algorithm */ + bltestCHACHA20, /* ChaCha20 + Poly1305 */ bltestRSA, /* Public Key Ciphers */ bltestRSA_OAEP, /* . (Public Key Enc.) */ bltestRSA_PSS, /* . (Public Key Sig.) */ @@ -685,6 +697,7 @@ static char *mode_strings[] = "camellia_cbc", "seed_ecb", "seed_cbc", + "chacha20_poly1305", "rsa", "rsa_oaep", "rsa_pss", @@ -805,6 +818,7 @@ struct bltestCipherInfoStr { /* Cipher function (encrypt/decrypt/sign/verify/hash) */ union { bltestSymmCipherFn symmkeyCipher; + bltestAEADFn aeadCipher; bltestPubKeyCipherFn pubkeyCipher; bltestHashCipherFn hashCipher; } cipher; @@ -826,13 +840,29 @@ is_symmkeyCipher(bltestCipherMode mode) return PR_FALSE; } +PRBool +is_aeadCipher(bltestCipherMode mode) +{ + /* change as needed! */ + switch (mode) { + case bltestCHACHA20: + return PR_TRUE; + default: + return PR_FALSE; + } +} + PRBool is_authCipher(bltestCipherMode mode) { /* change as needed! */ - if (mode == bltestAES_GCM) - return PR_TRUE; - return PR_FALSE; + switch (mode) { + case bltestAES_GCM: + case bltestCHACHA20: + return PR_TRUE; + default: + return PR_FALSE; + } } @@ -840,11 +870,14 @@ PRBool is_singleShotCipher(bltestCipherMode mode) { /* change as needed! */ - if (mode == bltestAES_GCM) - return PR_TRUE; - if (mode == bltestAES_CTS) - return PR_TRUE; - return PR_FALSE; + switch (mode) { + case bltestAES_GCM: + case bltestAES_CTS: + case bltestCHACHA20: + return PR_TRUE; + default: + return PR_FALSE; + } } PRBool @@ -878,16 +911,24 @@ PRBool cipher_requires_IV(bltestCipherMode mode) { /* change as needed! */ - if (mode == bltestDES_CBC || mode == bltestDES_EDE_CBC || - mode == bltestRC2_CBC || + switch (mode) { + case bltestDES_CBC: + case bltestDES_EDE_CBC: + case bltestRC2_CBC: #ifdef NSS_SOFTOKEN_DOES_RC5 - mode == bltestRC5_CBC || + case bltestRC5_CBC: #endif - mode == bltestAES_CBC || mode == bltestAES_CTS || - mode == bltestAES_CTR || mode == bltestAES_GCM || - mode == bltestCAMELLIA_CBC || mode == bltestSEED_CBC) - return PR_TRUE; - return PR_FALSE; + case bltestAES_CBC: + case bltestAES_CTS: + case bltestAES_CTR: + case bltestAES_GCM: + case bltestCAMELLIA_CBC: + case bltestSEED_CBC: + case bltestCHACHA20: + return PR_TRUE; + default: + return PR_FALSE; + } } SECStatus finishIO(bltestIO *output, PRFileDesc *file); @@ -1126,6 +1167,30 @@ aes_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, input, inputLen); } +SECStatus +chacha20_poly1305_Encrypt(void *cx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen) +{ + return ChaCha20Poly1305_Seal((ChaCha20Poly1305Context *)cx, output, + outputLen, maxOutputLen, input, inputLen, + nonce, nonceLen, ad, adLen); +} + +SECStatus +chacha20_poly1305_Decrypt(void *cx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen) +{ + return ChaCha20Poly1305_Open((ChaCha20Poly1305Context *)cx, output, + outputLen, maxOutputLen, input, inputLen, + nonce, nonceLen, ad, adLen); +} + SECStatus camellia_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, @@ -1575,6 +1640,21 @@ bltest_seed_init(bltestCipherInfo *cipherInfo, PRBool encrypt) return SECSuccess; } +SECStatus +bltest_chacha20_init(bltestCipherInfo *cipherInfo, PRBool encrypt) +{ + const unsigned int tagLen = 16; + const bltestSymmKeyParams *sk = &cipherInfo->params.sk; + cipherInfo->cx = ChaCha20Poly1305_CreateContext(sk->key.buf.data, + sk->key.buf.len, tagLen); + + if (encrypt) + cipherInfo->cipher.aeadCipher = chacha20_poly1305_Encrypt; + else + cipherInfo->cipher.aeadCipher = chacha20_poly1305_Decrypt; + return SECSuccess; +} + SECStatus bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) { @@ -2226,6 +2306,11 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt) cipherInfo->input.pBuf.len); return bltest_seed_init(cipherInfo, encrypt); break; + case bltestCHACHA20: + outlen = cipherInfo->input.pBuf.len + (encrypt ? 16 : 0); + SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, outlen); + return bltest_chacha20_init(cipherInfo, encrypt); + break; case bltestRSA: case bltestRSA_OAEP: case bltestRSA_PSS: @@ -2376,6 +2461,55 @@ cipherDoOp(bltestCipherInfo *cipherInfo) } } TIMEFINISH(cipherInfo->optime, 1.0); + } else if (is_aeadCipher(cipherInfo->mode)) { + const unsigned char *input = cipherInfo->input.pBuf.data; + unsigned int inputLen = cipherInfo->input.pBuf.len; + unsigned char *output = cipherInfo->output.pBuf.data; + unsigned int outputLen; + bltestSymmKeyParams *sk = &cipherInfo->params.sk; + bltestAuthSymmKeyParams *ask = &cipherInfo->params.ask; + + TIMESTART(); + rv = (*cipherInfo->cipher.aeadCipher)( + cipherInfo->cx, + output, &outputLen, maxLen, + input, inputLen, + sk->iv.buf.data, sk->iv.buf.len, + ask->aad.buf.data, ask->aad.buf.len); + CHECKERROR(rv, __LINE__); + cipherInfo->output.pBuf.len = outputLen; + TIMEFINISH(cipherInfo->optime, 1.0); + + cipherInfo->repetitions = 0; + if (cipherInfo->repetitionsToPerfom != 0) { + TIMESTART(); + for (i=0; irepetitionsToPerfom; i++, + cipherInfo->repetitions++) { + rv = (*cipherInfo->cipher.aeadCipher)( + cipherInfo->cx, + output, &outputLen, maxLen, + input, inputLen, + sk->iv.buf.data, sk->iv.buf.len, + ask->aad.buf.data, ask->aad.buf.len); + CHECKERROR(rv, __LINE__); + } + } else { + int opsBetweenChecks = 0; + TIMEMARK(cipherInfo->seconds); + while (! (TIMETOFINISH())) { + int j = 0; + for (;j < opsBetweenChecks;j++) { + (*cipherInfo->cipher.aeadCipher)( + cipherInfo->cx, + output, &outputLen, maxLen, + input, inputLen, + sk->iv.buf.data, sk->iv.buf.len, + ask->aad.buf.data, ask->aad.buf.len); + } + cipherInfo->repetitions += j; + } + } + TIMEFINISH(cipherInfo->optime, 1.0); } else if (is_pubkeyCipher(cipherInfo->mode)) { TIMESTART(); rv = (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, @@ -2477,6 +2611,10 @@ cipherFinish(bltestCipherInfo *cipherInfo) case bltestSEED_CBC: SEED_DestroyContext((SEEDContext *)cipherInfo->cx, PR_TRUE); break; + case bltestCHACHA20: + ChaCha20Poly1305_DestroyContext((ChaCha20Poly1305Context *) + cipherInfo->cx, PR_TRUE); + break; case bltestRC2_ECB: case bltestRC2_CBC: RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE); @@ -2808,6 +2946,7 @@ get_params(PLArenaPool *arena, bltestParams *params, #endif switch (mode) { case bltestAES_GCM: + case bltestCHACHA20: sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "aad", j); load_file_data(arena, ¶ms->ask.aad, filename, bltestBinary); case bltestDES_CBC: @@ -3753,7 +3892,8 @@ print_usage: /* Set up an encryption key. */ keysize = 0; file = NULL; - if (is_symmkeyCipher(cipherInfo->mode)) { + if (is_symmkeyCipher(cipherInfo->mode) || + is_aeadCipher(cipherInfo->mode)) { char *keystr = NULL; /* if key is on command line */ if (bltest.options[opt_Key].activated) { if (bltest.options[opt_CmdLine].activated) { diff --git a/security/nss/cmd/bltest/tests/chacha20_poly1305/aad0 b/security/nss/cmd/bltest/tests/chacha20_poly1305/aad0 new file mode 100644 index 00000000..a420ef18 --- /dev/null +++ b/security/nss/cmd/bltest/tests/chacha20_poly1305/aad0 @@ -0,0 +1 @@ +PQRSÀÁÂÃÄÅÆÇ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext0 b/security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext0 new file mode 100644 index 00000000..a06f68b5 --- /dev/null +++ b/security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext0 @@ -0,0 +1 @@ +0xqNNGSOYNt7hq+8U+9+wqSt7VEpbgj+qeK1pzbuYtY9vqRejKlnEoL6+2naknKLGnHeCp4GCykF1qW2fs07NpLdvX8td4uMmAOu4ygJG1j6syTk+tZ1lFWFgItIMde8P/Te8I5Lep3ldtJlhs7GS2EWGuELWU8J4mp+kC7L0GAGkQ== diff --git a/security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext1 b/security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext1 new file mode 100644 index 00000000..e7f0d010 --- /dev/null +++ b/security/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext1 @@ -0,0 +1 @@ +ZKCGFXWGGvRg8GLHm+ZDvV6AXP00XPOJ8QhnCsdsjLJMbPwYdV1D7qCe6U44LSawvbe3PDIbAQDU8Dt/NViUzzMvgw5xC5fOmMioSr0LlIEUrRduAI0zvWD5grH/N8hVl5egbvTw72HBhjJOKzUGODYGkHtqfAKw+fYVe1PIZ+S5Fmx2e4BNRqWbUhbN56TpkEDFpAQzIl7igqGwoGxSPq9FNNf4P6EVWwBHcYy8VGoNBysEs1ZO6htCInP1SCcaC7IxYFP6dpkZVevWMVlDTs67TkZtrloQc6ZydicJehBJ5hfZHTYQlPpo8P93mHEwMFvqui7aBN+Ze3FNbG8sKaatXLQCKwJwm+6tnWeJDLsiOSM2/qGFHzg= diff --git a/security/nss/cmd/bltest/tests/chacha20_poly1305/key0 b/security/nss/cmd/bltest/tests/chacha20_poly1305/key0 new file mode 100644 index 00000000..503ecb84 --- /dev/null +++ b/security/nss/cmd/bltest/tests/chacha20_poly1305/key0 @@ -0,0 +1 @@ +€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/chacha20_poly1305/key1 b/security/nss/cmd/bltest/tests/chacha20_poly1305/key1 new file mode 100644 index 00000000..002bf1b4 --- /dev/null +++ b/security/nss/cmd/bltest/tests/chacha20_poly1305/key1 @@ -0,0 +1 @@ +’@¥ëUÓŠó3ˆ†öµðG9Á@+€ Ê\¼ puÀ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/chacha20_poly1305/numtests b/security/nss/cmd/bltest/tests/chacha20_poly1305/numtests new file mode 100644 index 00000000..0cfbf088 --- /dev/null +++ b/security/nss/cmd/bltest/tests/chacha20_poly1305/numtests @@ -0,0 +1 @@ +2 diff --git a/security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext0 b/security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext0 new file mode 100644 index 00000000..74c22290 --- /dev/null +++ b/security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext0 @@ -0,0 +1 @@ +Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it. \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext1 b/security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext1 new file mode 100644 index 00000000..029317d8 --- /dev/null +++ b/security/nss/cmd/bltest/tests/chacha20_poly1305/plaintext1 @@ -0,0 +1 @@ +Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as /“work in progress./†\ No newline at end of file diff --git a/security/nss/cmd/ssltap/ssltap.c b/security/nss/cmd/ssltap/ssltap.c index 8ea465ef..29b91910 100644 --- a/security/nss/cmd/ssltap/ssltap.c +++ b/security/nss/cmd/ssltap/ssltap.c @@ -443,6 +443,10 @@ const char * V2CipherString(int cs_int) case 0x00C02C: cs_str = "TLS/ECDHE-ECDSA/AES256-GCM/SHA384"; break; case 0x00C02F: cs_str = "TLS/ECDHE-RSA/AES128-GCM/SHA256"; break; + case 0x00CCA8: cs_str = "TLS/ECDHE-RSA/CHACHA20-POLY1305/SHA256"; break; + case 0x00CCA9: cs_str = "TLS/ECDHE-ECDSA/CHACHA20-POLY1305/SHA256"; break; + case 0x00CCAA: cs_str = "TLS/DHE-RSA/CHACHA20-POLY1305/SHA256"; break; + case 0x00FEFF: cs_str = "SSL3/RSA-FIPS/3DESEDE-CBC/SHA"; break; case 0x00FEFE: cs_str = "SSL3/RSA-FIPS/DES-CBC/SHA"; break; case 0x00FFE1: cs_str = "SSL3/RSA-FIPS/DES56-CBC/SHA"; break; diff --git a/security/nss/lib/dbm/include/cdefs.h b/security/nss/lib/dbm/include/cdefs.h new file mode 100644 index 00000000..6df5a80e --- /dev/null +++ b/security/nss/lib/dbm/include/cdefs.h @@ -0,0 +1,126 @@ +/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Berkeley Software Design, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. ***REMOVED*** - see + * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)cdefs.h 8.7 (Berkeley) 1/21/94 + */ + +#ifndef _CDEFS_H_ +#define _CDEFS_H_ + +#if defined(__cplusplus) +#define __BEGIN_DECLS extern "C" { +#define __END_DECLS } +#else +#define __BEGIN_DECLS +#define __END_DECLS +#endif + +/* + * The __CONCAT macro is used to concatenate parts of symbol names, e.g. + * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo. + * The __CONCAT macro is a bit tricky -- make sure you don't put spaces + * in between its arguments. __CONCAT can also concatenate double-quoted + * strings produced by the __STRING macro, but this only works with ANSI C. + */ +#if defined(__STDC__) || defined(__cplusplus) || defined(_WINDOWS) || defined(XP_OS2) +#define __P(protos) protos /* full-blown ANSI C */ +#define __CONCAT(x,y) x ## y +#define __STRING(x) #x + +/* On HP-UX 11.00, defines __const. */ +#ifndef __const +#define __const const /* define reserved names to standard */ +#endif /* __const */ +#define __signed signed +#define __volatile volatile +#ifndef _WINDOWS +#if defined(__cplusplus) +#define __inline inline /* convert to C++ keyword */ +#else +#if !defined(__GNUC__) && !defined(__MWERKS__) +#define __inline /* delete GCC keyword */ +#endif /* !__GNUC__ */ +#endif /* !__cplusplus */ +#endif /* !_WINDOWS */ + +#else /* !(__STDC__ || __cplusplus) */ +#define __P(protos) () /* traditional C preprocessor */ +#define __CONCAT(x,y) x/**/y +#define __STRING(x) "x" + +#ifndef __GNUC__ +#define __const /* delete pseudo-ANSI C keywords */ +#define __inline +#define __signed +#define __volatile +/* + * In non-ANSI C environments, new programs will want ANSI-only C keywords + * deleted from the program and old programs will want them left alone. + * When using a compiler other than gcc, programs using the ANSI C keywords + * const, inline etc. as normal identifiers should define -DNO_ANSI_KEYWORDS. + * When using "gcc -traditional", we assume that this is the intent; if + * __GNUC__ is defined but __STDC__ is not, we leave the new keywords alone. + */ +#ifndef NO_ANSI_KEYWORDS +#define const /* delete ANSI C keywords */ +#define inline +#define signed +#define volatile +#endif +#endif /* !__GNUC__ */ +#endif /* !(__STDC__ || __cplusplus) */ + +/* + * GCC1 and some versions of GCC2 declare dead (non-returning) and + * pure (no side effects) functions using "volatile" and "const"; + * unfortunately, these then cause warnings under "-ansi -pedantic". + * GCC2 uses a new, peculiar __attribute__((attrs)) style. All of + * these work for GNU C++ (modulo a slight glitch in the C++ grammar + * in the distribution version of 2.5.5). + */ +#if !defined(__GNUC__) || __GNUC__ < 2 || __GNUC_MINOR__ < 5 +#define __attribute__(x) /* delete __attribute__ if non-gcc or gcc1 */ +#if defined(__GNUC__) && !defined(__STRICT_ANSI__) +#define __dead __volatile +#define __pure __const +#endif +#endif + +/* Delete pseudo-keywords wherever they are not available or needed. */ +#ifndef __dead +#define __dead +#define __pure +#endif + +#endif /* !_CDEFS_H_ */ diff --git a/security/nss/lib/dbm/include/mpool.h b/security/nss/lib/dbm/include/mpool.h new file mode 100644 index 00000000..0483d243 --- /dev/null +++ b/security/nss/lib/dbm/include/mpool.h @@ -0,0 +1,97 @@ +/*- + * Copyright (c) 1991, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. ***REMOVED*** - see + * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)mpool.h 8.2 (Berkeley) 7/14/94 + */ + +#include + +/* + * The memory pool scheme is a simple one. Each in-memory page is referenced + * by a bucket which is threaded in up to two of three ways. All active pages + * are threaded on a hash chain (hashed by page number) and an lru chain. + * Inactive pages are threaded on a free chain. Each reference to a memory + * pool is handed an opaque MPOOL cookie which stores all of this information. + */ +#define HASHSIZE 128 +#define HASHKEY(pgno) ((pgno - 1) % HASHSIZE) + +/* The BKT structures are the elements of the queues. */ +typedef struct _bkt { + CIRCLEQ_ENTRY(_bkt) hq; /* hash queue */ + CIRCLEQ_ENTRY(_bkt) q; /* lru queue */ + void *page; /* page */ + pgno_t pgno; /* page number */ + +#define MPOOL_DIRTY 0x01 /* page needs to be written */ +#define MPOOL_PINNED 0x02 /* page is pinned into memory */ + uint8 flags; /* flags */ +} BKT; + +typedef struct MPOOL { + CIRCLEQ_HEAD(_lqh, _bkt) lqh; /* lru queue head */ + /* hash queue array */ + CIRCLEQ_HEAD(_hqh, _bkt) hqh[HASHSIZE]; + pgno_t curcache; /* current number of cached pages */ + pgno_t maxcache; /* max number of cached pages */ + pgno_t npages; /* number of pages in the file */ + uint32 pagesize; /* file page size */ + int fd; /* file descriptor */ + /* page in conversion routine */ + void (*pgin) (void *, pgno_t, void *); + /* page out conversion routine */ + void (*pgout) (void *, pgno_t, void *); + void *pgcookie; /* cookie for page in/out routines */ +#ifdef STATISTICS + uint32 cachehit; + uint32 cachemiss; + uint32 pagealloc; + uint32 pageflush; + uint32 pageget; + uint32 pagenew; + uint32 pageput; + uint32 pageread; + uint32 pagewrite; +#endif +} MPOOL; + +__BEGIN_DECLS +MPOOL *mpool_open (void *, int, pgno_t, pgno_t); +void mpool_filter (MPOOL *, void (*)(void *, pgno_t, void *), + void (*)(void *, pgno_t, void *), void *); +void *mpool_new (MPOOL *, pgno_t *); +void *mpool_get (MPOOL *, pgno_t, uint); +int mpool_put (MPOOL *, void *, uint); +int mpool_sync (MPOOL *); +int mpool_close (MPOOL *); +#ifdef STATISTICS +void mpool_stat (MPOOL *); +#endif +__END_DECLS diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile index ab0b1e57..d9f876be 100644 --- a/security/nss/lib/freebl/Makefile +++ b/security/nss/lib/freebl/Makefile @@ -479,6 +479,31 @@ ifndef NSS_DISABLE_ECC endif endif +# poly1305-donna-x64-sse2-incremental-source.c requires __int128 support +# in GCC 4.6.0. +ifeq ($(CC_NAME),clang) + HAVE_INT128_SUPPORT = 1 +else ifeq (1,$(CC_IS_GCC)) + ifneq (,$(filter 4.6 4.7 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION)))) + HAVE_INT128_SUPPORT = 1 + endif + ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION)))) + HAVE_INT128_SUPPORT = 1 + endif +endif + +ifeq ($(CPU_ARCH),x86_64) + ifdef HAVE_INT128_SUPPORT + EXTRA_SRCS += poly1305-donna-x64-sse2-incremental-source.c + else + EXTRA_SRCS += poly1305.c + endif + EXTRA_SRCS += chacha20_vec.c +else + EXTRA_SRCS += poly1305.c + EXTRA_SRCS += chacha20.c +endif # x86_64 + ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # ####################################################################### diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h index c0bf40a5..4c631c72 100644 --- a/security/nss/lib/freebl/blapi.h +++ b/security/nss/lib/freebl/blapi.h @@ -986,6 +986,35 @@ Camellia_Decrypt(CamelliaContext *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen); +/******************************************/ +/* +** ChaCha20+Poly1305 AEAD +*/ + +extern SECStatus ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx, + const unsigned char *key, + unsigned int keyLen, + unsigned int tagLen); + +extern ChaCha20Poly1305Context *ChaCha20Poly1305_CreateContext( + const unsigned char *key, unsigned int keyLen, unsigned int tagLen); + +extern void ChaCha20Poly1305_DestroyContext(ChaCha20Poly1305Context *ctx, + PRBool freeit); + +extern SECStatus ChaCha20Poly1305_Seal( + const ChaCha20Poly1305Context *ctx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen); + +extern SECStatus ChaCha20Poly1305_Open( + const ChaCha20Poly1305Context *ctx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen); /******************************************/ /* diff --git a/security/nss/lib/freebl/blapit.h b/security/nss/lib/freebl/blapit.h index 8e172d42..eacf48a7 100644 --- a/security/nss/lib/freebl/blapit.h +++ b/security/nss/lib/freebl/blapit.h @@ -222,6 +222,7 @@ struct SHA256ContextStr ; struct SHA512ContextStr ; struct AESKeyWrapContextStr ; struct SEEDContextStr ; +struct ChaCha20Poly1305ContextStr; typedef struct DESContextStr DESContext; typedef struct RC2ContextStr RC2Context; @@ -240,6 +241,7 @@ typedef struct SHA512ContextStr SHA512Context; typedef struct SHA512ContextStr SHA384Context; typedef struct AESKeyWrapContextStr AESKeyWrapContext; typedef struct SEEDContextStr SEEDContext; +typedef struct ChaCha20Poly1305ContextStr ChaCha20Poly1305Context; /*************************************************************************** ** RSA Public and Private Key structures diff --git a/security/nss/lib/freebl/chacha20.c b/security/nss/lib/freebl/chacha20.c new file mode 100644 index 00000000..687be663 --- /dev/null +++ b/security/nss/lib/freebl/chacha20.c @@ -0,0 +1,111 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Adopted from the public domain code in NaCl by djb. */ + +#include +#include + +#include "prtypes.h" +#include "secport.h" +#include "chacha20.h" + +#if defined(_MSC_VER) +#pragma intrinsic(_lrotl) +#define ROTL32(x, n) _lrotl(x, n) +#else +#define ROTL32(x, n) ((x << n) | (x >> ((8 * sizeof x) - n))) +#endif + +#define ROTATE(v, c) ROTL32((v), (c)) + +#define U32TO8_LITTLE(p, v) \ + { (p)[0] = ((v) ) & 0xff; (p)[1] = ((v) >> 8) & 0xff; \ + (p)[2] = ((v) >> 16) & 0xff; (p)[3] = ((v) >> 24) & 0xff; } +#define U8TO32_LITTLE(p) \ + (((PRUint32)((p)[0]) ) | ((PRUint32)((p)[1]) << 8) | \ + ((PRUint32)((p)[2]) << 16) | ((PRUint32)((p)[3]) << 24)) + +#define QUARTERROUND(x, a, b, c, d) \ + x[a] = x[a] + x[b]; x[d] = ROTATE(x[d] ^ x[a], 16); \ + x[c] = x[c] + x[d]; x[b] = ROTATE(x[b] ^ x[c], 12); \ + x[a] = x[a] + x[b]; x[d] = ROTATE(x[d] ^ x[a], 8); \ + x[c] = x[c] + x[d]; x[b] = ROTATE(x[b] ^ x[c], 7); + +static void +ChaChaCore(unsigned char output[64], const PRUint32 input[16], int num_rounds) +{ + PRUint32 x[16]; + int i; + + PORT_Memcpy(x, input, sizeof(PRUint32) * 16); + for (i = num_rounds; i > 0; i -= 2) { + QUARTERROUND(x, 0, 4, 8, 12) + QUARTERROUND(x, 1, 5, 9, 13) + QUARTERROUND(x, 2, 6, 10, 14) + QUARTERROUND(x, 3, 7, 11, 15) + QUARTERROUND(x, 0, 5, 10, 15) + QUARTERROUND(x, 1, 6, 11, 12) + QUARTERROUND(x, 2, 7, 8, 13) + QUARTERROUND(x, 3, 4, 9, 14) + } + + for (i = 0; i < 16; ++i) { + x[i] = x[i] + input[i]; + } + for (i = 0; i < 16; ++i) { + U32TO8_LITTLE(output + 4 * i, x[i]); + } +} + +static const unsigned char sigma[16] = "expand 32-byte k"; + +void +ChaCha20XOR(unsigned char *out, const unsigned char *in, unsigned int inLen, + const unsigned char key[32], const unsigned char nonce[12], + uint32_t counter) +{ + unsigned char block[64]; + PRUint32 input[16]; + unsigned int i; + + input[4] = U8TO32_LITTLE(key + 0); + input[5] = U8TO32_LITTLE(key + 4); + input[6] = U8TO32_LITTLE(key + 8); + input[7] = U8TO32_LITTLE(key + 12); + + input[8] = U8TO32_LITTLE(key + 16); + input[9] = U8TO32_LITTLE(key + 20); + input[10] = U8TO32_LITTLE(key + 24); + input[11] = U8TO32_LITTLE(key + 28); + + input[0] = U8TO32_LITTLE(sigma + 0); + input[1] = U8TO32_LITTLE(sigma + 4); + input[2] = U8TO32_LITTLE(sigma + 8); + input[3] = U8TO32_LITTLE(sigma + 12); + + input[12] = counter; + input[13] = U8TO32_LITTLE(nonce + 0); + input[14] = U8TO32_LITTLE(nonce + 4); + input[15] = U8TO32_LITTLE(nonce + 8); + + while (inLen >= 64) { + ChaChaCore(block, input, 20); + for (i = 0; i < 64; i++) { + out[i] = in[i] ^ block[i]; + } + + input[12]++; + inLen -= 64; + in += 64; + out += 64; + } + + if (inLen > 0) { + ChaChaCore(block, input, 20); + for (i = 0; i < inLen; i++) { + out[i] = in[i] ^ block[i]; + } + } +} diff --git a/security/nss/lib/freebl/chacha20.h b/security/nss/lib/freebl/chacha20.h new file mode 100644 index 00000000..7e396fa8 --- /dev/null +++ b/security/nss/lib/freebl/chacha20.h @@ -0,0 +1,26 @@ +/* + * chacha20.h - header file for ChaCha20 implementation. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef FREEBL_CHACHA20_H_ +#define FREEBL_CHACHA20_H_ + +#if defined(_MSC_VER) && _MSC_VER < 1600 +#include "prtypes.h" +typedef PRUint32 uint32_t; +typedef PRUint64 uint64_t; +#else +#include +#endif + +/* ChaCha20XOR encrypts |inLen| bytes from |in| with the given key and + * nonce and writes the result to |out|, which may be equal to |in|. The + * initial block counter is specified by |counter|. */ +extern void ChaCha20XOR(unsigned char *out, const unsigned char *in, + unsigned int inLen, const unsigned char key[32], + const unsigned char nonce[12], uint32_t counter); + +#endif /* FREEBL_CHACHA20_H_ */ diff --git a/security/nss/lib/freebl/chacha20_vec.c b/security/nss/lib/freebl/chacha20_vec.c new file mode 100644 index 00000000..352b70d3 --- /dev/null +++ b/security/nss/lib/freebl/chacha20_vec.c @@ -0,0 +1,278 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* This implementation is by Ted Krovetz and was submitted to SUPERCOP and + * marked as public domain. It was been altered to allow for non-aligned inputs + * and to allow the block counter to be passed in specifically. */ + +#include + +#include "chacha20.h" + +#ifndef CHACHA_RNDS +#define CHACHA_RNDS 20 /* 8 (high speed), 20 (conservative), 12 (middle) */ +#endif + +/* Architecture-neutral way to specify 16-byte vector of ints */ +typedef unsigned vec __attribute__ ((vector_size (16))); + +/* This implementation is designed for Neon, SSE and AltiVec machines. The + * following specify how to do certain vector operations efficiently on + * each architecture, using intrinsics. + * This implementation supports parallel processing of multiple blocks, + * including potentially using general-purpose registers. + */ +#if __ARM_NEON__ +#include +#define GPR_TOO 1 +#define VBPI 2 +#define ONE (vec)vsetq_lane_u32(1,vdupq_n_u32(0),0) +#define LOAD(m) (vec)(*((vec*)(m))) +#define STORE(m,r) (*((vec*)(m))) = (r) +#define ROTV1(x) (vec)vextq_u32((uint32x4_t)x,(uint32x4_t)x,1) +#define ROTV2(x) (vec)vextq_u32((uint32x4_t)x,(uint32x4_t)x,2) +#define ROTV3(x) (vec)vextq_u32((uint32x4_t)x,(uint32x4_t)x,3) +#define ROTW16(x) (vec)vrev32q_u16((uint16x8_t)x) +#if __clang__ +#define ROTW7(x) (x << ((vec){ 7, 7, 7, 7})) ^ (x >> ((vec){25,25,25,25})) +#define ROTW8(x) (x << ((vec){ 8, 8, 8, 8})) ^ (x >> ((vec){24,24,24,24})) +#define ROTW12(x) (x << ((vec){12,12,12,12})) ^ (x >> ((vec){20,20,20,20})) +#else +#define ROTW7(x) (vec)vsriq_n_u32(vshlq_n_u32((uint32x4_t)x,7),(uint32x4_t)x,25) +#define ROTW8(x) (vec)vsriq_n_u32(vshlq_n_u32((uint32x4_t)x,8),(uint32x4_t)x,24) +#define ROTW12(x) (vec)vsriq_n_u32(vshlq_n_u32((uint32x4_t)x,12),(uint32x4_t)x,20) +#endif +#elif __SSE2__ +#include +#define GPR_TOO 0 +#if __clang__ +#define VBPI 4 +#else +#define VBPI 3 +#endif +#define ONE (vec)_mm_set_epi32(0,0,0,1) +#define LOAD(m) (vec)_mm_loadu_si128((__m128i*)(m)) +#define STORE(m,r) _mm_storeu_si128((__m128i*)(m), (__m128i) (r)) +#define ROTV1(x) (vec)_mm_shuffle_epi32((__m128i)x,_MM_SHUFFLE(0,3,2,1)) +#define ROTV2(x) (vec)_mm_shuffle_epi32((__m128i)x,_MM_SHUFFLE(1,0,3,2)) +#define ROTV3(x) (vec)_mm_shuffle_epi32((__m128i)x,_MM_SHUFFLE(2,1,0,3)) +#define ROTW7(x) (vec)(_mm_slli_epi32((__m128i)x, 7) ^ _mm_srli_epi32((__m128i)x,25)) +#define ROTW12(x) (vec)(_mm_slli_epi32((__m128i)x,12) ^ _mm_srli_epi32((__m128i)x,20)) +#if __SSSE3__ +#include +#define ROTW8(x) (vec)_mm_shuffle_epi8((__m128i)x,_mm_set_epi8(14,13,12,15,10,9,8,11,6,5,4,7,2,1,0,3)) +#define ROTW16(x) (vec)_mm_shuffle_epi8((__m128i)x,_mm_set_epi8(13,12,15,14,9,8,11,10,5,4,7,6,1,0,3,2)) +#else +#define ROTW8(x) (vec)(_mm_slli_epi32((__m128i)x, 8) ^ _mm_srli_epi32((__m128i)x,24)) +#define ROTW16(x) (vec)(_mm_slli_epi32((__m128i)x,16) ^ _mm_srli_epi32((__m128i)x,16)) +#endif +#else +#error -- Implementation supports only machines with neon or SSE2 +#endif + +#ifndef REVV_BE +#define REVV_BE(x) (x) +#endif + +#ifndef REVW_BE +#define REVW_BE(x) (x) +#endif + +#define BPI (VBPI + GPR_TOO) /* Blocks computed per loop iteration */ + +#define DQROUND_VECTORS(a,b,c,d) \ + a += b; d ^= a; d = ROTW16(d); \ + c += d; b ^= c; b = ROTW12(b); \ + a += b; d ^= a; d = ROTW8(d); \ + c += d; b ^= c; b = ROTW7(b); \ + b = ROTV1(b); c = ROTV2(c); d = ROTV3(d); \ + a += b; d ^= a; d = ROTW16(d); \ + c += d; b ^= c; b = ROTW12(b); \ + a += b; d ^= a; d = ROTW8(d); \ + c += d; b ^= c; b = ROTW7(b); \ + b = ROTV3(b); c = ROTV2(c); d = ROTV1(d); + +#define QROUND_WORDS(a,b,c,d) \ + a = a+b; d ^= a; d = d<<16 | d>>16; \ + c = c+d; b ^= c; b = b<<12 | b>>20; \ + a = a+b; d ^= a; d = d<< 8 | d>>24; \ + c = c+d; b ^= c; b = b<< 7 | b>>25; + +#define WRITE_XOR(in, op, d, v0, v1, v2, v3) \ + STORE(op + d + 0, LOAD(in + d + 0) ^ REVV_BE(v0)); \ + STORE(op + d + 4, LOAD(in + d + 4) ^ REVV_BE(v1)); \ + STORE(op + d + 8, LOAD(in + d + 8) ^ REVV_BE(v2)); \ + STORE(op + d +12, LOAD(in + d +12) ^ REVV_BE(v3)); + +void +ChaCha20XOR(unsigned char *out, const unsigned char *in, unsigned int inlen, + const unsigned char key[32], const unsigned char nonce[12], + uint32_t counter) +{ + unsigned iters, i, *op=(unsigned *)out, *ip=(unsigned *)in, *kp; +#if defined(__ARM_NEON__) + unsigned *np; +#endif + vec s0, s1, s2, s3; +#if !defined(__ARM_NEON__) && !defined(__SSE2__) + __attribute__ ((aligned (16))) unsigned key[8], nonce[4]; +#endif + __attribute__ ((aligned (16))) unsigned chacha_const[] = + {0x61707865,0x3320646E,0x79622D32,0x6B206574}; +#if defined(__ARM_NEON__) || defined(__SSE2__) + kp = (unsigned *)key; +#else + ((vec *)key)[0] = REVV_BE(((vec *)key)[0]); + ((vec *)key)[1] = REVV_BE(((vec *)key)[1]); + ((unsigned *)nonce)[0] = REVW_BE(((unsigned *)nonce)[0]); + ((unsigned *)nonce)[1] = REVW_BE(((unsigned *)nonce)[1]); + ((unsigned *)nonce)[2] = REVW_BE(((unsigned *)nonce)[2]); + ((unsigned *)nonce)[3] = REVW_BE(((unsigned *)nonce)[3]); + kp = (unsigned *)key; + np = (unsigned *)nonce; +#endif +#if defined(__ARM_NEON__) + np = (unsigned*) nonce; +#endif + s0 = LOAD(chacha_const); + s1 = LOAD(&((vec*)kp)[0]); + s2 = LOAD(&((vec*)kp)[1]); + s3 = (vec) { + counter, + ((uint32_t*)nonce)[0], + ((uint32_t*)nonce)[1], + ((uint32_t*)nonce)[2] + }; + + for (iters = 0; iters < inlen/(BPI*64); iters++) { +#if GPR_TOO + register unsigned x0, x1, x2, x3, x4, x5, x6, x7, x8, + x9, x10, x11, x12, x13, x14, x15; +#endif +#if VBPI > 2 + vec v8,v9,v10,v11; +#endif +#if VBPI > 3 + vec v12,v13,v14,v15; +#endif + + vec v0,v1,v2,v3,v4,v5,v6,v7; + v4 = v0 = s0; v5 = v1 = s1; v6 = v2 = s2; v3 = s3; + v7 = v3 + ONE; +#if VBPI > 2 + v8 = v4; v9 = v5; v10 = v6; + v11 = v7 + ONE; +#endif +#if VBPI > 3 + v12 = v8; v13 = v9; v14 = v10; + v15 = v11 + ONE; +#endif +#if GPR_TOO + x0 = chacha_const[0]; x1 = chacha_const[1]; + x2 = chacha_const[2]; x3 = chacha_const[3]; + x4 = kp[0]; x5 = kp[1]; x6 = kp[2]; x7 = kp[3]; + x8 = kp[4]; x9 = kp[5]; x10 = kp[6]; x11 = kp[7]; + x12 = counter+BPI*iters+(BPI-1); x13 = np[0]; + x14 = np[1]; x15 = np[2]; +#endif + for (i = CHACHA_RNDS/2; i; i--) { + DQROUND_VECTORS(v0,v1,v2,v3) + DQROUND_VECTORS(v4,v5,v6,v7) +#if VBPI > 2 + DQROUND_VECTORS(v8,v9,v10,v11) +#endif +#if VBPI > 3 + DQROUND_VECTORS(v12,v13,v14,v15) +#endif +#if GPR_TOO + QROUND_WORDS( x0, x4, x8,x12) + QROUND_WORDS( x1, x5, x9,x13) + QROUND_WORDS( x2, x6,x10,x14) + QROUND_WORDS( x3, x7,x11,x15) + QROUND_WORDS( x0, x5,x10,x15) + QROUND_WORDS( x1, x6,x11,x12) + QROUND_WORDS( x2, x7, x8,x13) + QROUND_WORDS( x3, x4, x9,x14) +#endif + } + + WRITE_XOR(ip, op, 0, v0+s0, v1+s1, v2+s2, v3+s3) + s3 += ONE; + WRITE_XOR(ip, op, 16, v4+s0, v5+s1, v6+s2, v7+s3) + s3 += ONE; +#if VBPI > 2 + WRITE_XOR(ip, op, 32, v8+s0, v9+s1, v10+s2, v11+s3) + s3 += ONE; +#endif +#if VBPI > 3 + WRITE_XOR(ip, op, 48, v12+s0, v13+s1, v14+s2, v15+s3) + s3 += ONE; +#endif + ip += VBPI*16; + op += VBPI*16; +#if GPR_TOO + op[0] = REVW_BE(REVW_BE(ip[0]) ^ (x0 + chacha_const[0])); + op[1] = REVW_BE(REVW_BE(ip[1]) ^ (x1 + chacha_const[1])); + op[2] = REVW_BE(REVW_BE(ip[2]) ^ (x2 + chacha_const[2])); + op[3] = REVW_BE(REVW_BE(ip[3]) ^ (x3 + chacha_const[3])); + op[4] = REVW_BE(REVW_BE(ip[4]) ^ (x4 + kp[0])); + op[5] = REVW_BE(REVW_BE(ip[5]) ^ (x5 + kp[1])); + op[6] = REVW_BE(REVW_BE(ip[6]) ^ (x6 + kp[2])); + op[7] = REVW_BE(REVW_BE(ip[7]) ^ (x7 + kp[3])); + op[8] = REVW_BE(REVW_BE(ip[8]) ^ (x8 + kp[4])); + op[9] = REVW_BE(REVW_BE(ip[9]) ^ (x9 + kp[5])); + op[10] = REVW_BE(REVW_BE(ip[10]) ^ (x10 + kp[6])); + op[11] = REVW_BE(REVW_BE(ip[11]) ^ (x11 + kp[7])); + op[12] = REVW_BE(REVW_BE(ip[12]) ^ (x12 + counter+BPI*iters+(BPI-1))); + op[13] = REVW_BE(REVW_BE(ip[13]) ^ (x13 + np[0])); + op[14] = REVW_BE(REVW_BE(ip[14]) ^ (x14 + np[1])); + op[15] = REVW_BE(REVW_BE(ip[15]) ^ (x15 + np[2])); + s3 += ONE; + ip += 16; + op += 16; +#endif + } + + for (iters = inlen%(BPI*64)/64; iters != 0; iters--) { + vec v0 = s0, v1 = s1, v2 = s2, v3 = s3; + for (i = CHACHA_RNDS/2; i; i--) { + DQROUND_VECTORS(v0,v1,v2,v3); + } + WRITE_XOR(ip, op, 0, v0+s0, v1+s1, v2+s2, v3+s3) + s3 += ONE; + ip += 16; + op += 16; + } + + inlen = inlen % 64; + if (inlen) { + __attribute__ ((aligned (16))) vec buf[4]; + vec v0,v1,v2,v3; + v0 = s0; v1 = s1; v2 = s2; v3 = s3; + for (i = CHACHA_RNDS/2; i; i--) { + DQROUND_VECTORS(v0,v1,v2,v3); + } + + if (inlen >= 16) { + STORE(op + 0, LOAD(ip + 0) ^ REVV_BE(v0 + s0)); + if (inlen >= 32) { + STORE(op + 4, LOAD(ip + 4) ^ REVV_BE(v1 + s1)); + if (inlen >= 48) { + STORE(op + 8, LOAD(ip + 8) ^ REVV_BE(v2 + s2)); + buf[3] = REVV_BE(v3 + s3); + } else { + buf[2] = REVV_BE(v2 + s2); + } + } else { + buf[1] = REVV_BE(v1 + s1); + } + } else { + buf[0] = REVV_BE(v0 + s0); + } + + for (i=inlen & ~15; i +#include + +#include "seccomon.h" +#include "secerr.h" +#include "blapit.h" +#include "poly1305.h" +#include "chacha20.h" +#include "chacha20poly1305.h" + +/* Poly1305Do writes the Poly1305 authenticator of the given additional data + * and ciphertext to |out|. */ +static void +Poly1305Do(unsigned char *out, const unsigned char *ad, unsigned int adLen, + const unsigned char *ciphertext, unsigned int ciphertextLen, + const unsigned char key[32]) +{ + poly1305_state state; + unsigned int j; + unsigned char lengthBytes[8]; + static const unsigned char zeros[15]; + unsigned int i; + + Poly1305Init(&state, key); + Poly1305Update(&state, ad, adLen); + if (adLen % 16 > 0) { + Poly1305Update(&state, zeros, 16 - adLen % 16); + } + Poly1305Update(&state, ciphertext, ciphertextLen); + if (ciphertextLen % 16 > 0) { + Poly1305Update(&state, zeros, 16 - ciphertextLen % 16); + } + j = adLen; + for (i = 0; i < sizeof(lengthBytes); i++) { + lengthBytes[i] = j; + j >>= 8; + } + Poly1305Update(&state, lengthBytes, sizeof(lengthBytes)); + j = ciphertextLen; + for (i = 0; i < sizeof(lengthBytes); i++) { + lengthBytes[i] = j; + j >>= 8; + } + Poly1305Update(&state, lengthBytes, sizeof(lengthBytes)); + Poly1305Finish(&state, out); +} + +SECStatus +ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx, + const unsigned char *key, unsigned int keyLen, + unsigned int tagLen) +{ + if (keyLen != 32) { + PORT_SetError(SEC_ERROR_BAD_KEY); + return SECFailure; + } + if (tagLen == 0 || tagLen > 16) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + + PORT_Memcpy(ctx->key, key, sizeof(ctx->key)); + ctx->tagLen = tagLen; + + return SECSuccess; +} + +ChaCha20Poly1305Context * +ChaCha20Poly1305_CreateContext(const unsigned char *key, unsigned int keyLen, + unsigned int tagLen) +{ + ChaCha20Poly1305Context *ctx; + + ctx = PORT_New(ChaCha20Poly1305Context); + if (ctx == NULL) { + return NULL; + } + + if (ChaCha20Poly1305_InitContext(ctx, key, keyLen, tagLen) != SECSuccess) { + PORT_Free(ctx); + ctx = NULL; + } + + return ctx; +} + +void +ChaCha20Poly1305_DestroyContext(ChaCha20Poly1305Context *ctx, PRBool freeit) +{ + PORT_Memset(ctx, 0, sizeof(*ctx)); + if (freeit) { + PORT_Free(ctx); + } +} + +SECStatus +ChaCha20Poly1305_Seal(const ChaCha20Poly1305Context *ctx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen) +{ + unsigned char block[64]; + unsigned char tag[16]; + + if (nonceLen != 12) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + *outputLen = inputLen + ctx->tagLen; + if (maxOutputLen < *outputLen) { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + + PORT_Memset(block, 0, sizeof(block)); + // Generate a block of keystream. The first 32 bytes will be the poly1305 + // key. The remainder of the block is discarded. + ChaCha20XOR(block, block, sizeof(block), ctx->key, nonce, 0); + ChaCha20XOR(output, input, inputLen, ctx->key, nonce, 1); + + Poly1305Do(tag, ad, adLen, output, inputLen, block); + PORT_Memcpy(output + inputLen, tag, ctx->tagLen); + + return SECSuccess; +} + +SECStatus +ChaCha20Poly1305_Open(const ChaCha20Poly1305Context *ctx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen) +{ + unsigned char block[64]; + unsigned char tag[16]; + unsigned int ciphertextLen; + + if (nonceLen != 12) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + if (inputLen < ctx->tagLen) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + ciphertextLen = inputLen - ctx->tagLen; + *outputLen = ciphertextLen; + if (maxOutputLen < *outputLen) { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + + PORT_Memset(block, 0, sizeof(block)); + // Generate a block of keystream. The first 32 bytes will be the poly1305 + // key. The remainder of the block is discarded. + ChaCha20XOR(block, block, sizeof(block), ctx->key, nonce, 0); + Poly1305Do(tag, ad, adLen, input, ciphertextLen, block); + if (NSS_SecureMemcmp(tag, &input[ciphertextLen], ctx->tagLen) != 0) { + PORT_SetError(SEC_ERROR_BAD_DATA); + return SECFailure; + } + + ChaCha20XOR(output, input, ciphertextLen, ctx->key, nonce, 1); + + return SECSuccess; +} diff --git a/security/nss/lib/freebl/chacha20poly1305.h b/security/nss/lib/freebl/chacha20poly1305.h new file mode 100644 index 00000000..c77632aa --- /dev/null +++ b/security/nss/lib/freebl/chacha20poly1305.h @@ -0,0 +1,15 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef _CHACHA20_POLY1305_H_ +#define _CHACHA20_POLY1305_H_ 1 + +/* ChaCha20Poly1305ContextStr saves the key and tag length for a + * ChaCha20+Poly1305 AEAD operation. */ +struct ChaCha20Poly1305ContextStr { + unsigned char key[32]; + unsigned char tagLen; +}; + +#endif /* _CHACHA20_POLY1305_H_ */ diff --git a/security/nss/lib/freebl/ldvector.c b/security/nss/lib/freebl/ldvector.c index 1d9affec..e11e4f6a 100644 --- a/security/nss/lib/freebl/ldvector.c +++ b/security/nss/lib/freebl/ldvector.c @@ -286,9 +286,17 @@ static const struct FREEBLVectorStr vector = EC_FillParams, EC_DecodeParams, - EC_CopyParams + EC_CopyParams, /* End of Version 3.017 */ + + ChaCha20Poly1305_InitContext, + ChaCha20Poly1305_CreateContext, + ChaCha20Poly1305_DestroyContext, + ChaCha20Poly1305_Seal, + ChaCha20Poly1305_Open + + /* End of Version 3.018 */ }; const FREEBLVector * diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c index 9105a690..821aa19a 100644 --- a/security/nss/lib/freebl/loader.c +++ b/security/nss/lib/freebl/loader.c @@ -2128,3 +2128,59 @@ SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, return (vector->p_EC_CopyParams)(arena, dstParams, srcParams); } +SECStatus +ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx, + const unsigned char *key, unsigned int keyLen, + unsigned int tagLen) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_ChaCha20Poly1305_InitContext)(ctx, key, keyLen, tagLen); +} + +ChaCha20Poly1305Context * +ChaCha20Poly1305_CreateContext(const unsigned char *key, unsigned int keyLen, + unsigned int tagLen) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return NULL; + return (vector->p_ChaCha20Poly1305_CreateContext)(key, keyLen, tagLen); +} + +void +ChaCha20Poly1305_DestroyContext(ChaCha20Poly1305Context *ctx, PRBool freeit) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return; + (vector->p_ChaCha20Poly1305_DestroyContext)(ctx, freeit); +} + +SECStatus +ChaCha20Poly1305_Seal(const ChaCha20Poly1305Context *ctx, + unsigned char *output, unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_ChaCha20Poly1305_Seal)( + ctx, output, outputLen, maxOutputLen, input, inputLen, + nonce, nonceLen, ad, adLen); +} + +SECStatus +ChaCha20Poly1305_Open(const ChaCha20Poly1305Context *ctx, + unsigned char *output, unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_ChaCha20Poly1305_Open)( + ctx, output, outputLen, maxOutputLen, input, inputLen, + nonce, nonceLen, ad, adLen); +} diff --git a/security/nss/lib/freebl/loader.h b/security/nss/lib/freebl/loader.h index 65cfd76d..9f533efd 100644 --- a/security/nss/lib/freebl/loader.h +++ b/security/nss/lib/freebl/loader.h @@ -10,7 +10,7 @@ #include "blapi.h" -#define FREEBL_VERSION 0x0311 +#define FREEBL_VERSION 0x0312 struct FREEBLVectorStr { @@ -707,6 +707,33 @@ struct FREEBLVectorStr { /* Version 3.017 came to here */ + SECStatus (* p_ChaCha20Poly1305_InitContext)(ChaCha20Poly1305Context *ctx, + const unsigned char *key, + unsigned int keyLen, + unsigned int tagLen); + + ChaCha20Poly1305Context *(* p_ChaCha20Poly1305_CreateContext)( + const unsigned char *key, unsigned int keyLen, unsigned int tagLen); + + void (* p_ChaCha20Poly1305_DestroyContext)(ChaCha20Poly1305Context *ctx, + PRBool freeit); + + SECStatus (* p_ChaCha20Poly1305_Seal)( + const ChaCha20Poly1305Context *ctx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen); + + SECStatus (* p_ChaCha20Poly1305_Open)( + const ChaCha20Poly1305Context *ctx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen, + const unsigned char *nonce, unsigned int nonceLen, + const unsigned char *ad, unsigned int adLen); + + /* Version 3.018 came to here */ + /* Add new function pointers at the end of this struct and bump * FREEBL_VERSION at the beginning of this file. */ }; diff --git a/security/nss/lib/freebl/manifest.mn b/security/nss/lib/freebl/manifest.mn index 22367809..e666b78c 100644 --- a/security/nss/lib/freebl/manifest.mn +++ b/security/nss/lib/freebl/manifest.mn @@ -56,6 +56,7 @@ EXPORTS = \ PRIVATE_EXPORTS = \ alghmac.h \ blapi.h \ + chacha20poly1305.h \ hmacct.h \ secmpi.h \ secrng.h \ @@ -101,6 +102,7 @@ CSRCS = \ desblapi.c \ des.c \ drbg.c \ + chacha20poly1305.c \ cts.c \ ctr.c \ gcm.c \ diff --git a/security/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c b/security/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c new file mode 100644 index 00000000..38cbf35f --- /dev/null +++ b/security/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c @@ -0,0 +1,623 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* This implementation of poly1305 is by Andrew Moon + * (https://github.com/floodyberry/poly1305-donna) and released as public + * domain. It implements SIMD vectorization based on the algorithm described in + * http://cr.yp.to/papers.html#neoncrypto. Unrolled to 2 powers, i.e. 64 byte + * block size. */ + +#include +#include + +#include "poly1305.h" + +#define ALIGN(x) __attribute__((aligned(x))) +#define INLINE inline +#define U8TO64_LE(m) (*(uint64_t*)(m)) +#define U8TO32_LE(m) (*(uint32_t*)(m)) +#define U64TO8_LE(m,v) (*(uint64_t*)(m)) = v + +typedef __m128i xmmi; +typedef unsigned __int128 uint128_t; + +static const uint32_t ALIGN(16) poly1305_x64_sse2_message_mask[4] = {(1 << 26) - 1, 0, (1 << 26) - 1, 0}; +static const uint32_t ALIGN(16) poly1305_x64_sse2_5[4] = {5, 0, 5, 0}; +static const uint32_t ALIGN(16) poly1305_x64_sse2_1shl128[4] = {(1 << 24), 0, (1 << 24), 0}; + +static uint128_t INLINE +add128(uint128_t a, uint128_t b) { + return a + b; +} + +static uint128_t INLINE +add128_64(uint128_t a, uint64_t b) { + return a + b; +} + +static uint128_t INLINE +mul64x64_128(uint64_t a, uint64_t b) { + return (uint128_t)a * b; +} + +static uint64_t INLINE +lo128(uint128_t a) { + return (uint64_t)a; +} + +static uint64_t INLINE +shr128(uint128_t v, const int shift) { + return (uint64_t)(v >> shift); +} + +static uint64_t INLINE +shr128_pair(uint64_t hi, uint64_t lo, const int shift) { + return (uint64_t)((((uint128_t)hi << 64) | lo) >> shift); +} + +typedef struct poly1305_power_t { + union { + xmmi v; + uint64_t u[2]; + uint32_t d[4]; + } R20,R21,R22,R23,R24,S21,S22,S23,S24; +} poly1305_power; + +typedef struct poly1305_state_internal_t { + poly1305_power P[2]; /* 288 bytes, top 32 bit halves unused = 144 bytes of free storage */ + union { + xmmi H[5]; /* 80 bytes */ + uint64_t HH[10]; + }; + /* uint64_t r0,r1,r2; [24 bytes] */ + /* uint64_t pad0,pad1; [16 bytes] */ + uint64_t started; /* 8 bytes */ + uint64_t leftover; /* 8 bytes */ + uint8_t buffer[64]; /* 64 bytes */ +} poly1305_state_internal; /* 448 bytes total + 63 bytes for alignment = 511 bytes raw */ + +static poly1305_state_internal INLINE +*poly1305_aligned_state(poly1305_state *state) { + return (poly1305_state_internal *)(((uint64_t)state + 63) & ~63); +} + +/* copy 0-63 bytes */ +static void INLINE +poly1305_block_copy(uint8_t *dst, const uint8_t *src, size_t bytes) { + size_t offset = src - dst; + if (bytes & 32) { + _mm_storeu_si128((xmmi *)(dst + 0), _mm_loadu_si128((xmmi *)(dst + offset + 0))); + _mm_storeu_si128((xmmi *)(dst + 16), _mm_loadu_si128((xmmi *)(dst + offset + 16))); + dst += 32; + } + if (bytes & 16) { _mm_storeu_si128((xmmi *)dst, _mm_loadu_si128((xmmi *)(dst + offset))); dst += 16; } + if (bytes & 8) { *(uint64_t *)dst = *(uint64_t *)(dst + offset); dst += 8; } + if (bytes & 4) { *(uint32_t *)dst = *(uint32_t *)(dst + offset); dst += 4; } + if (bytes & 2) { *(uint16_t *)dst = *(uint16_t *)(dst + offset); dst += 2; } + if (bytes & 1) { *( uint8_t *)dst = *( uint8_t *)(dst + offset); } +} + +/* zero 0-15 bytes */ +static void INLINE +poly1305_block_zero(uint8_t *dst, size_t bytes) { + if (bytes & 8) { *(uint64_t *)dst = 0; dst += 8; } + if (bytes & 4) { *(uint32_t *)dst = 0; dst += 4; } + if (bytes & 2) { *(uint16_t *)dst = 0; dst += 2; } + if (bytes & 1) { *( uint8_t *)dst = 0; } +} + +static size_t INLINE +poly1305_min(size_t a, size_t b) { + return (a < b) ? a : b; +} + +void +Poly1305Init(poly1305_state *state, const unsigned char key[32]) { + poly1305_state_internal *st = poly1305_aligned_state(state); + poly1305_power *p; + uint64_t r0,r1,r2; + uint64_t t0,t1; + + /* clamp key */ + t0 = U8TO64_LE(key + 0); + t1 = U8TO64_LE(key + 8); + r0 = t0 & 0xffc0fffffff; t0 >>= 44; t0 |= t1 << 20; + r1 = t0 & 0xfffffc0ffff; t1 >>= 24; + r2 = t1 & 0x00ffffffc0f; + + /* store r in un-used space of st->P[1] */ + p = &st->P[1]; + p->R20.d[1] = (uint32_t)(r0 ); + p->R20.d[3] = (uint32_t)(r0 >> 32); + p->R21.d[1] = (uint32_t)(r1 ); + p->R21.d[3] = (uint32_t)(r1 >> 32); + p->R22.d[1] = (uint32_t)(r2 ); + p->R22.d[3] = (uint32_t)(r2 >> 32); + + /* store pad */ + p->R23.d[1] = U8TO32_LE(key + 16); + p->R23.d[3] = U8TO32_LE(key + 20); + p->R24.d[1] = U8TO32_LE(key + 24); + p->R24.d[3] = U8TO32_LE(key + 28); + + /* H = 0 */ + st->H[0] = _mm_setzero_si128(); + st->H[1] = _mm_setzero_si128(); + st->H[2] = _mm_setzero_si128(); + st->H[3] = _mm_setzero_si128(); + st->H[4] = _mm_setzero_si128(); + + st->started = 0; + st->leftover = 0; +} + +static void +poly1305_first_block(poly1305_state_internal *st, const uint8_t *m) { + const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask); + const xmmi FIVE = _mm_load_si128((xmmi*)poly1305_x64_sse2_5); + const xmmi HIBIT = _mm_load_si128((xmmi*)poly1305_x64_sse2_1shl128); + xmmi T5,T6; + poly1305_power *p; + uint128_t d[3]; + uint64_t r0,r1,r2; + uint64_t r20,r21,r22,s22; + uint64_t pad0,pad1; + uint64_t c; + uint64_t i; + + /* pull out stored info */ + p = &st->P[1]; + + r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1]; + r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1]; + r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1]; + pad0 = ((uint64_t)p->R23.d[3] << 32) | (uint64_t)p->R23.d[1]; + pad1 = ((uint64_t)p->R24.d[3] << 32) | (uint64_t)p->R24.d[1]; + + /* compute powers r^2,r^4 */ + r20 = r0; + r21 = r1; + r22 = r2; + for (i = 0; i < 2; i++) { + s22 = r22 * (5 << 2); + + d[0] = add128(mul64x64_128(r20, r20), mul64x64_128(r21 * 2, s22)); + d[1] = add128(mul64x64_128(r22, s22), mul64x64_128(r20 * 2, r21)); + d[2] = add128(mul64x64_128(r21, r21), mul64x64_128(r22 * 2, r20)); + + r20 = lo128(d[0]) & 0xfffffffffff; c = shr128(d[0], 44); + d[1] = add128_64(d[1], c); r21 = lo128(d[1]) & 0xfffffffffff; c = shr128(d[1], 44); + d[2] = add128_64(d[2], c); r22 = lo128(d[2]) & 0x3ffffffffff; c = shr128(d[2], 42); + r20 += c * 5; c = (r20 >> 44); r20 = r20 & 0xfffffffffff; + r21 += c; + + p->R20.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)( r20 ) & 0x3ffffff), _MM_SHUFFLE(1,0,1,0)); + p->R21.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r20 >> 26) | (r21 << 18)) & 0x3ffffff), _MM_SHUFFLE(1,0,1,0)); + p->R22.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r21 >> 8) ) & 0x3ffffff), _MM_SHUFFLE(1,0,1,0)); + p->R23.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r21 >> 34) | (r22 << 10)) & 0x3ffffff), _MM_SHUFFLE(1,0,1,0)); + p->R24.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r22 >> 16) ) ), _MM_SHUFFLE(1,0,1,0)); + p->S21.v = _mm_mul_epu32(p->R21.v, FIVE); + p->S22.v = _mm_mul_epu32(p->R22.v, FIVE); + p->S23.v = _mm_mul_epu32(p->R23.v, FIVE); + p->S24.v = _mm_mul_epu32(p->R24.v, FIVE); + p--; + } + + /* put saved info back */ + p = &st->P[1]; + p->R20.d[1] = (uint32_t)(r0 ); + p->R20.d[3] = (uint32_t)(r0 >> 32); + p->R21.d[1] = (uint32_t)(r1 ); + p->R21.d[3] = (uint32_t)(r1 >> 32); + p->R22.d[1] = (uint32_t)(r2 ); + p->R22.d[3] = (uint32_t)(r2 >> 32); + p->R23.d[1] = (uint32_t)(pad0 ); + p->R23.d[3] = (uint32_t)(pad0 >> 32); + p->R24.d[1] = (uint32_t)(pad1 ); + p->R24.d[3] = (uint32_t)(pad1 >> 32); + + /* H = [Mx,My] */ + T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16))); + T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24))); + st->H[0] = _mm_and_si128(MMASK, T5); + st->H[1] = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); + st->H[2] = _mm_and_si128(MMASK, T5); + st->H[3] = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + st->H[4] = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT); +} + +static void +poly1305_blocks(poly1305_state_internal *st, const uint8_t *m, size_t bytes) { + const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask); + const xmmi FIVE = _mm_load_si128((xmmi*)poly1305_x64_sse2_5); + const xmmi HIBIT = _mm_load_si128((xmmi*)poly1305_x64_sse2_1shl128); + + poly1305_power *p; + xmmi H0,H1,H2,H3,H4; + xmmi T0,T1,T2,T3,T4,T5,T6; + xmmi M0,M1,M2,M3,M4; + xmmi C1,C2; + + H0 = st->H[0]; + H1 = st->H[1]; + H2 = st->H[2]; + H3 = st->H[3]; + H4 = st->H[4]; + + while (bytes >= 64) { + /* H *= [r^4,r^4] */ + p = &st->P[0]; + T0 = _mm_mul_epu32(H0, p->R20.v); + T1 = _mm_mul_epu32(H0, p->R21.v); + T2 = _mm_mul_epu32(H0, p->R22.v); + T3 = _mm_mul_epu32(H0, p->R23.v); + T4 = _mm_mul_epu32(H0, p->R24.v); + T5 = _mm_mul_epu32(H1, p->S24.v); T6 = _mm_mul_epu32(H1, p->R20.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H2, p->S23.v); T6 = _mm_mul_epu32(H2, p->S24.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H3, p->S22.v); T6 = _mm_mul_epu32(H3, p->S23.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H4, p->S21.v); T6 = _mm_mul_epu32(H4, p->S22.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H1, p->R21.v); T6 = _mm_mul_epu32(H1, p->R22.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H2, p->R20.v); T6 = _mm_mul_epu32(H2, p->R21.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H3, p->S24.v); T6 = _mm_mul_epu32(H3, p->R20.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H4, p->S23.v); T6 = _mm_mul_epu32(H4, p->S24.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H1, p->R23.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H2, p->R22.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H3, p->R21.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H4, p->R20.v); T4 = _mm_add_epi64(T4, T5); + + /* H += [Mx,My]*[r^2,r^2] */ + T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16))); + T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24))); + M0 = _mm_and_si128(MMASK, T5); + M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); + M2 = _mm_and_si128(MMASK, T5); + M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT); + + p = &st->P[1]; + T5 = _mm_mul_epu32(M0, p->R20.v); T6 = _mm_mul_epu32(M0, p->R21.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(M1, p->S24.v); T6 = _mm_mul_epu32(M1, p->R20.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(M2, p->S23.v); T6 = _mm_mul_epu32(M2, p->S24.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(M3, p->S22.v); T6 = _mm_mul_epu32(M3, p->S23.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(M4, p->S21.v); T6 = _mm_mul_epu32(M4, p->S22.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(M0, p->R22.v); T6 = _mm_mul_epu32(M0, p->R23.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(M1, p->R21.v); T6 = _mm_mul_epu32(M1, p->R22.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(M2, p->R20.v); T6 = _mm_mul_epu32(M2, p->R21.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(M3, p->S24.v); T6 = _mm_mul_epu32(M3, p->R20.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(M4, p->S23.v); T6 = _mm_mul_epu32(M4, p->S24.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(M0, p->R24.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(M1, p->R23.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(M2, p->R22.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(M3, p->R21.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(M4, p->R20.v); T4 = _mm_add_epi64(T4, T5); + + /* H += [Mx,My] */ + T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 32)), _mm_loadl_epi64((xmmi *)(m + 48))); + T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 40)), _mm_loadl_epi64((xmmi *)(m + 56))); + M0 = _mm_and_si128(MMASK, T5); + M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); + M2 = _mm_and_si128(MMASK, T5); + M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT); + + T0 = _mm_add_epi64(T0, M0); + T1 = _mm_add_epi64(T1, M1); + T2 = _mm_add_epi64(T2, M2); + T3 = _mm_add_epi64(T3, M3); + T4 = _mm_add_epi64(T4, M4); + + /* reduce */ + C1 = _mm_srli_epi64(T0, 26); C2 = _mm_srli_epi64(T3, 26); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_and_si128(T3, MMASK); T1 = _mm_add_epi64(T1, C1); T4 = _mm_add_epi64(T4, C2); + C1 = _mm_srli_epi64(T1, 26); C2 = _mm_srli_epi64(T4, 26); T1 = _mm_and_si128(T1, MMASK); T4 = _mm_and_si128(T4, MMASK); T2 = _mm_add_epi64(T2, C1); T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE)); + C1 = _mm_srli_epi64(T2, 26); C2 = _mm_srli_epi64(T0, 26); T2 = _mm_and_si128(T2, MMASK); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_add_epi64(T3, C1); T1 = _mm_add_epi64(T1, C2); + C1 = _mm_srli_epi64(T3, 26); T3 = _mm_and_si128(T3, MMASK); T4 = _mm_add_epi64(T4, C1); + + /* H = (H*[r^4,r^4] + [Mx,My]*[r^2,r^2] + [Mx,My]) */ + H0 = T0; + H1 = T1; + H2 = T2; + H3 = T3; + H4 = T4; + + m += 64; + bytes -= 64; + } + + st->H[0] = H0; + st->H[1] = H1; + st->H[2] = H2; + st->H[3] = H3; + st->H[4] = H4; +} + +static size_t +poly1305_combine(poly1305_state_internal *st, const uint8_t *m, size_t bytes) { + const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask); + const xmmi HIBIT = _mm_load_si128((xmmi*)poly1305_x64_sse2_1shl128); + const xmmi FIVE = _mm_load_si128((xmmi*)poly1305_x64_sse2_5); + + poly1305_power *p; + xmmi H0,H1,H2,H3,H4; + xmmi M0,M1,M2,M3,M4; + xmmi T0,T1,T2,T3,T4,T5,T6; + xmmi C1,C2; + + uint64_t r0,r1,r2; + uint64_t t0,t1,t2,t3,t4; + uint64_t c; + size_t consumed = 0; + + H0 = st->H[0]; + H1 = st->H[1]; + H2 = st->H[2]; + H3 = st->H[3]; + H4 = st->H[4]; + + /* p = [r^2,r^2] */ + p = &st->P[1]; + + if (bytes >= 32) { + /* H *= [r^2,r^2] */ + T0 = _mm_mul_epu32(H0, p->R20.v); + T1 = _mm_mul_epu32(H0, p->R21.v); + T2 = _mm_mul_epu32(H0, p->R22.v); + T3 = _mm_mul_epu32(H0, p->R23.v); + T4 = _mm_mul_epu32(H0, p->R24.v); + T5 = _mm_mul_epu32(H1, p->S24.v); T6 = _mm_mul_epu32(H1, p->R20.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H2, p->S23.v); T6 = _mm_mul_epu32(H2, p->S24.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H3, p->S22.v); T6 = _mm_mul_epu32(H3, p->S23.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H4, p->S21.v); T6 = _mm_mul_epu32(H4, p->S22.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H1, p->R21.v); T6 = _mm_mul_epu32(H1, p->R22.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H2, p->R20.v); T6 = _mm_mul_epu32(H2, p->R21.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H3, p->S24.v); T6 = _mm_mul_epu32(H3, p->R20.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H4, p->S23.v); T6 = _mm_mul_epu32(H4, p->S24.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H1, p->R23.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H2, p->R22.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H3, p->R21.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H4, p->R20.v); T4 = _mm_add_epi64(T4, T5); + + /* H += [Mx,My] */ + T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16))); + T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24))); + M0 = _mm_and_si128(MMASK, T5); + M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); + M2 = _mm_and_si128(MMASK, T5); + M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); + M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT); + + T0 = _mm_add_epi64(T0, M0); + T1 = _mm_add_epi64(T1, M1); + T2 = _mm_add_epi64(T2, M2); + T3 = _mm_add_epi64(T3, M3); + T4 = _mm_add_epi64(T4, M4); + + /* reduce */ + C1 = _mm_srli_epi64(T0, 26); C2 = _mm_srli_epi64(T3, 26); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_and_si128(T3, MMASK); T1 = _mm_add_epi64(T1, C1); T4 = _mm_add_epi64(T4, C2); + C1 = _mm_srli_epi64(T1, 26); C2 = _mm_srli_epi64(T4, 26); T1 = _mm_and_si128(T1, MMASK); T4 = _mm_and_si128(T4, MMASK); T2 = _mm_add_epi64(T2, C1); T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE)); + C1 = _mm_srli_epi64(T2, 26); C2 = _mm_srli_epi64(T0, 26); T2 = _mm_and_si128(T2, MMASK); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_add_epi64(T3, C1); T1 = _mm_add_epi64(T1, C2); + C1 = _mm_srli_epi64(T3, 26); T3 = _mm_and_si128(T3, MMASK); T4 = _mm_add_epi64(T4, C1); + + /* H = (H*[r^2,r^2] + [Mx,My]) */ + H0 = T0; + H1 = T1; + H2 = T2; + H3 = T3; + H4 = T4; + + consumed = 32; + } + + /* finalize, H *= [r^2,r] */ + r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1]; + r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1]; + r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1]; + + p->R20.d[2] = (uint32_t)( r0 ) & 0x3ffffff; + p->R21.d[2] = (uint32_t)((r0 >> 26) | (r1 << 18)) & 0x3ffffff; + p->R22.d[2] = (uint32_t)((r1 >> 8) ) & 0x3ffffff; + p->R23.d[2] = (uint32_t)((r1 >> 34) | (r2 << 10)) & 0x3ffffff; + p->R24.d[2] = (uint32_t)((r2 >> 16) ) ; + p->S21.d[2] = p->R21.d[2] * 5; + p->S22.d[2] = p->R22.d[2] * 5; + p->S23.d[2] = p->R23.d[2] * 5; + p->S24.d[2] = p->R24.d[2] * 5; + + /* H *= [r^2,r] */ + T0 = _mm_mul_epu32(H0, p->R20.v); + T1 = _mm_mul_epu32(H0, p->R21.v); + T2 = _mm_mul_epu32(H0, p->R22.v); + T3 = _mm_mul_epu32(H0, p->R23.v); + T4 = _mm_mul_epu32(H0, p->R24.v); + T5 = _mm_mul_epu32(H1, p->S24.v); T6 = _mm_mul_epu32(H1, p->R20.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H2, p->S23.v); T6 = _mm_mul_epu32(H2, p->S24.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H3, p->S22.v); T6 = _mm_mul_epu32(H3, p->S23.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H4, p->S21.v); T6 = _mm_mul_epu32(H4, p->S22.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); + T5 = _mm_mul_epu32(H1, p->R21.v); T6 = _mm_mul_epu32(H1, p->R22.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H2, p->R20.v); T6 = _mm_mul_epu32(H2, p->R21.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H3, p->S24.v); T6 = _mm_mul_epu32(H3, p->R20.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H4, p->S23.v); T6 = _mm_mul_epu32(H4, p->S24.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); + T5 = _mm_mul_epu32(H1, p->R23.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H2, p->R22.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H3, p->R21.v); T4 = _mm_add_epi64(T4, T5); + T5 = _mm_mul_epu32(H4, p->R20.v); T4 = _mm_add_epi64(T4, T5); + + C1 = _mm_srli_epi64(T0, 26); C2 = _mm_srli_epi64(T3, 26); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_and_si128(T3, MMASK); T1 = _mm_add_epi64(T1, C1); T4 = _mm_add_epi64(T4, C2); + C1 = _mm_srli_epi64(T1, 26); C2 = _mm_srli_epi64(T4, 26); T1 = _mm_and_si128(T1, MMASK); T4 = _mm_and_si128(T4, MMASK); T2 = _mm_add_epi64(T2, C1); T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE)); + C1 = _mm_srli_epi64(T2, 26); C2 = _mm_srli_epi64(T0, 26); T2 = _mm_and_si128(T2, MMASK); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_add_epi64(T3, C1); T1 = _mm_add_epi64(T1, C2); + C1 = _mm_srli_epi64(T3, 26); T3 = _mm_and_si128(T3, MMASK); T4 = _mm_add_epi64(T4, C1); + + /* H = H[0]+H[1] */ + H0 = _mm_add_epi64(T0, _mm_srli_si128(T0, 8)); + H1 = _mm_add_epi64(T1, _mm_srli_si128(T1, 8)); + H2 = _mm_add_epi64(T2, _mm_srli_si128(T2, 8)); + H3 = _mm_add_epi64(T3, _mm_srli_si128(T3, 8)); + H4 = _mm_add_epi64(T4, _mm_srli_si128(T4, 8)); + + t0 = _mm_cvtsi128_si32(H0) ; c = (t0 >> 26); t0 &= 0x3ffffff; + t1 = _mm_cvtsi128_si32(H1) + c; c = (t1 >> 26); t1 &= 0x3ffffff; + t2 = _mm_cvtsi128_si32(H2) + c; c = (t2 >> 26); t2 &= 0x3ffffff; + t3 = _mm_cvtsi128_si32(H3) + c; c = (t3 >> 26); t3 &= 0x3ffffff; + t4 = _mm_cvtsi128_si32(H4) + c; c = (t4 >> 26); t4 &= 0x3ffffff; + t0 = t0 + (c * 5); c = (t0 >> 26); t0 &= 0x3ffffff; + t1 = t1 + c; + + st->HH[0] = ((t0 ) | (t1 << 26) ) & 0xfffffffffffull; + st->HH[1] = ((t1 >> 18) | (t2 << 8) | (t3 << 34)) & 0xfffffffffffull; + st->HH[2] = ((t3 >> 10) | (t4 << 16) ) & 0x3ffffffffffull; + + return consumed; +} + +void +Poly1305Update(poly1305_state *state, const unsigned char *m, size_t bytes) { + poly1305_state_internal *st = poly1305_aligned_state(state); + size_t want; + + /* need at least 32 initial bytes to start the accelerated branch */ + if (!st->started) { + if ((st->leftover == 0) && (bytes > 32)) { + poly1305_first_block(st, m); + m += 32; + bytes -= 32; + } else { + want = poly1305_min(32 - st->leftover, bytes); + poly1305_block_copy(st->buffer + st->leftover, m, want); + bytes -= want; + m += want; + st->leftover += want; + if ((st->leftover < 32) || (bytes == 0)) + return; + poly1305_first_block(st, st->buffer); + st->leftover = 0; + } + st->started = 1; + } + + /* handle leftover */ + if (st->leftover) { + want = poly1305_min(64 - st->leftover, bytes); + poly1305_block_copy(st->buffer + st->leftover, m, want); + bytes -= want; + m += want; + st->leftover += want; + if (st->leftover < 64) + return; + poly1305_blocks(st, st->buffer, 64); + st->leftover = 0; + } + + /* process 64 byte blocks */ + if (bytes >= 64) { + want = (bytes & ~63); + poly1305_blocks(st, m, want); + m += want; + bytes -= want; + } + + if (bytes) { + poly1305_block_copy(st->buffer + st->leftover, m, bytes); + st->leftover += bytes; + } +} + +void +Poly1305Finish(poly1305_state *state, unsigned char mac[16]) { + poly1305_state_internal *st = poly1305_aligned_state(state); + size_t leftover = st->leftover; + uint8_t *m = st->buffer; + uint128_t d[3]; + uint64_t h0,h1,h2; + uint64_t t0,t1; + uint64_t g0,g1,g2,c,nc; + uint64_t r0,r1,r2,s1,s2; + poly1305_power *p; + + if (st->started) { + size_t consumed = poly1305_combine(st, m, leftover); + leftover -= consumed; + m += consumed; + } + + /* st->HH will either be 0 or have the combined result */ + h0 = st->HH[0]; + h1 = st->HH[1]; + h2 = st->HH[2]; + + p = &st->P[1]; + r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1]; + r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1]; + r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1]; + s1 = r1 * (5 << 2); + s2 = r2 * (5 << 2); + + if (leftover < 16) + goto poly1305_donna_atmost15bytes; + +poly1305_donna_atleast16bytes: + t0 = U8TO64_LE(m + 0); + t1 = U8TO64_LE(m + 8); + h0 += t0 & 0xfffffffffff; + t0 = shr128_pair(t1, t0, 44); + h1 += t0 & 0xfffffffffff; + h2 += (t1 >> 24) | ((uint64_t)1 << 40); + +poly1305_donna_mul: + d[0] = add128(add128(mul64x64_128(h0, r0), mul64x64_128(h1, s2)), mul64x64_128(h2, s1)); + d[1] = add128(add128(mul64x64_128(h0, r1), mul64x64_128(h1, r0)), mul64x64_128(h2, s2)); + d[2] = add128(add128(mul64x64_128(h0, r2), mul64x64_128(h1, r1)), mul64x64_128(h2, r0)); + h0 = lo128(d[0]) & 0xfffffffffff; c = shr128(d[0], 44); + d[1] = add128_64(d[1], c); h1 = lo128(d[1]) & 0xfffffffffff; c = shr128(d[1], 44); + d[2] = add128_64(d[2], c); h2 = lo128(d[2]) & 0x3ffffffffff; c = shr128(d[2], 42); + h0 += c * 5; + + m += 16; + leftover -= 16; + if (leftover >= 16) goto poly1305_donna_atleast16bytes; + + /* final bytes */ +poly1305_donna_atmost15bytes: + if (!leftover) goto poly1305_donna_finish; + + m[leftover++] = 1; + poly1305_block_zero(m + leftover, 16 - leftover); + leftover = 16; + + t0 = U8TO64_LE(m+0); + t1 = U8TO64_LE(m+8); + h0 += t0 & 0xfffffffffff; t0 = shr128_pair(t1, t0, 44); + h1 += t0 & 0xfffffffffff; + h2 += (t1 >> 24); + + goto poly1305_donna_mul; + +poly1305_donna_finish: + c = (h0 >> 44); h0 &= 0xfffffffffff; + h1 += c; c = (h1 >> 44); h1 &= 0xfffffffffff; + h2 += c; c = (h2 >> 42); h2 &= 0x3ffffffffff; + h0 += c * 5; + + g0 = h0 + 5; c = (g0 >> 44); g0 &= 0xfffffffffff; + g1 = h1 + c; c = (g1 >> 44); g1 &= 0xfffffffffff; + g2 = h2 + c - ((uint64_t)1 << 42); + + c = (g2 >> 63) - 1; + nc = ~c; + h0 = (h0 & nc) | (g0 & c); + h1 = (h1 & nc) | (g1 & c); + h2 = (h2 & nc) | (g2 & c); + + /* pad */ + t0 = ((uint64_t)p->R23.d[3] << 32) | (uint64_t)p->R23.d[1]; + t1 = ((uint64_t)p->R24.d[3] << 32) | (uint64_t)p->R24.d[1]; + h0 += (t0 & 0xfffffffffff) ; c = (h0 >> 44); h0 &= 0xfffffffffff; t0 = shr128_pair(t1, t0, 44); + h1 += (t0 & 0xfffffffffff) + c; c = (h1 >> 44); h1 &= 0xfffffffffff; t1 = (t1 >> 24); + h2 += (t1 ) + c; + + U64TO8_LE(mac + 0, ((h0 ) | (h1 << 44))); + U64TO8_LE(mac + 8, ((h1 >> 20) | (h2 << 24))); +} diff --git a/security/nss/lib/freebl/poly1305.c b/security/nss/lib/freebl/poly1305.c new file mode 100644 index 00000000..da0ab6d7 --- /dev/null +++ b/security/nss/lib/freebl/poly1305.c @@ -0,0 +1,261 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* This implementation of poly1305 is by Andrew Moon + * (https://github.com/floodyberry/poly1305-donna) and released as public + * domain. */ + +#include + +#include "poly1305.h" + +#if defined(_MSC_VER) && _MSC_VER < 1600 +#include "prtypes.h" +typedef PRUint32 uint32_t; +typedef PRUint64 uint64_t; +#else +#include +#endif + +#if defined(NSS_X86) || defined(NSS_X64) +/* We can assume little-endian. */ +static uint32_t U8TO32_LE(const unsigned char *m) { + uint32_t r; + memcpy(&r, m, sizeof(r)); + return r; +} + +static void U32TO8_LE(unsigned char *m, uint32_t v) { + memcpy(m, &v, sizeof(v)); +} +#else +static uint32_t U8TO32_LE(const unsigned char *m) { + return (uint32_t)m[0] | + (uint32_t)m[1] << 8 | + (uint32_t)m[2] << 16 | + (uint32_t)m[3] << 24; +} + +static void U32TO8_LE(unsigned char *m, uint32_t v) { + m[0] = v; + m[1] = v >> 8; + m[2] = v >> 16; + m[3] = v >> 24; +} +#endif + +static uint64_t +mul32x32_64(uint32_t a, uint32_t b) { + return (uint64_t)a * b; +} + +struct poly1305_state_st { + uint32_t r0,r1,r2,r3,r4; + uint32_t s1,s2,s3,s4; + uint32_t h0,h1,h2,h3,h4; + unsigned char buf[16]; + unsigned int buf_used; + unsigned char key[16]; +}; + +/* update updates |state| given some amount of input data. This function may + * only be called with a |len| that is not a multiple of 16 at the end of the + * data. Otherwise the input must be buffered into 16 byte blocks. */ +static void update(struct poly1305_state_st *state, const unsigned char *in, + size_t len) { + uint32_t t0,t1,t2,t3; + uint64_t t[5]; + uint32_t b; + uint64_t c; + size_t j; + unsigned char mp[16]; + + if (len < 16) + goto poly1305_donna_atmost15bytes; + +poly1305_donna_16bytes: + t0 = U8TO32_LE(in); + t1 = U8TO32_LE(in+4); + t2 = U8TO32_LE(in+8); + t3 = U8TO32_LE(in+12); + + in += 16; + len -= 16; + + state->h0 += t0 & 0x3ffffff; + state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; + state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; + state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; + state->h4 += (t3 >> 8) | (1 << 24); + +poly1305_donna_mul: + t[0] = mul32x32_64(state->h0,state->r0) + + mul32x32_64(state->h1,state->s4) + + mul32x32_64(state->h2,state->s3) + + mul32x32_64(state->h3,state->s2) + + mul32x32_64(state->h4,state->s1); + t[1] = mul32x32_64(state->h0,state->r1) + + mul32x32_64(state->h1,state->r0) + + mul32x32_64(state->h2,state->s4) + + mul32x32_64(state->h3,state->s3) + + mul32x32_64(state->h4,state->s2); + t[2] = mul32x32_64(state->h0,state->r2) + + mul32x32_64(state->h1,state->r1) + + mul32x32_64(state->h2,state->r0) + + mul32x32_64(state->h3,state->s4) + + mul32x32_64(state->h4,state->s3); + t[3] = mul32x32_64(state->h0,state->r3) + + mul32x32_64(state->h1,state->r2) + + mul32x32_64(state->h2,state->r1) + + mul32x32_64(state->h3,state->r0) + + mul32x32_64(state->h4,state->s4); + t[4] = mul32x32_64(state->h0,state->r4) + + mul32x32_64(state->h1,state->r3) + + mul32x32_64(state->h2,state->r2) + + mul32x32_64(state->h3,state->r1) + + mul32x32_64(state->h4,state->r0); + + state->h0 = (uint32_t)t[0] & 0x3ffffff; c = (t[0] >> 26); + t[1] += c; state->h1 = (uint32_t)t[1] & 0x3ffffff; b = (uint32_t)(t[1] >> 26); + t[2] += b; state->h2 = (uint32_t)t[2] & 0x3ffffff; b = (uint32_t)(t[2] >> 26); + t[3] += b; state->h3 = (uint32_t)t[3] & 0x3ffffff; b = (uint32_t)(t[3] >> 26); + t[4] += b; state->h4 = (uint32_t)t[4] & 0x3ffffff; b = (uint32_t)(t[4] >> 26); + state->h0 += b * 5; + + if (len >= 16) + goto poly1305_donna_16bytes; + + /* final bytes */ +poly1305_donna_atmost15bytes: + if (!len) + return; + + for (j = 0; j < len; j++) + mp[j] = in[j]; + mp[j++] = 1; + for (; j < 16; j++) + mp[j] = 0; + len = 0; + + t0 = U8TO32_LE(mp+0); + t1 = U8TO32_LE(mp+4); + t2 = U8TO32_LE(mp+8); + t3 = U8TO32_LE(mp+12); + + state->h0 += t0 & 0x3ffffff; + state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; + state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; + state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; + state->h4 += (t3 >> 8); + + goto poly1305_donna_mul; +} + +void Poly1305Init(poly1305_state *statep, const unsigned char key[32]) { + struct poly1305_state_st *state = (struct poly1305_state_st*) statep; + uint32_t t0,t1,t2,t3; + + t0 = U8TO32_LE(key+0); + t1 = U8TO32_LE(key+4); + t2 = U8TO32_LE(key+8); + t3 = U8TO32_LE(key+12); + + /* precompute multipliers */ + state->r0 = t0 & 0x3ffffff; t0 >>= 26; t0 |= t1 << 6; + state->r1 = t0 & 0x3ffff03; t1 >>= 20; t1 |= t2 << 12; + state->r2 = t1 & 0x3ffc0ff; t2 >>= 14; t2 |= t3 << 18; + state->r3 = t2 & 0x3f03fff; t3 >>= 8; + state->r4 = t3 & 0x00fffff; + + state->s1 = state->r1 * 5; + state->s2 = state->r2 * 5; + state->s3 = state->r3 * 5; + state->s4 = state->r4 * 5; + + /* init state */ + state->h0 = 0; + state->h1 = 0; + state->h2 = 0; + state->h3 = 0; + state->h4 = 0; + + state->buf_used = 0; + memcpy(state->key, key + 16, sizeof(state->key)); +} + +void Poly1305Update(poly1305_state *statep, const unsigned char *in, + size_t in_len) { + unsigned int i; + struct poly1305_state_st *state = (struct poly1305_state_st*) statep; + + if (state->buf_used) { + unsigned int todo = 16 - state->buf_used; + if (todo > in_len) + todo = in_len; + for (i = 0; i < todo; i++) + state->buf[state->buf_used + i] = in[i]; + state->buf_used += todo; + in_len -= todo; + in += todo; + + if (state->buf_used == 16) { + update(state, state->buf, 16); + state->buf_used = 0; + } + } + + if (in_len >= 16) { + size_t todo = in_len & ~0xf; + update(state, in, todo); + in += todo; + in_len &= 0xf; + } + + if (in_len) { + for (i = 0; i < in_len; i++) + state->buf[i] = in[i]; + state->buf_used = in_len; + } +} + +void Poly1305Finish(poly1305_state *statep, unsigned char mac[16]) { + struct poly1305_state_st *state = (struct poly1305_state_st*) statep; + uint64_t f0,f1,f2,f3; + uint32_t g0,g1,g2,g3,g4; + uint32_t b, nb; + + if (state->buf_used) + update(state, state->buf, state->buf_used); + + b = state->h0 >> 26; state->h0 = state->h0 & 0x3ffffff; + state->h1 += b; b = state->h1 >> 26; state->h1 = state->h1 & 0x3ffffff; + state->h2 += b; b = state->h2 >> 26; state->h2 = state->h2 & 0x3ffffff; + state->h3 += b; b = state->h3 >> 26; state->h3 = state->h3 & 0x3ffffff; + state->h4 += b; b = state->h4 >> 26; state->h4 = state->h4 & 0x3ffffff; + state->h0 += b * 5; + + g0 = state->h0 + 5; b = g0 >> 26; g0 &= 0x3ffffff; + g1 = state->h1 + b; b = g1 >> 26; g1 &= 0x3ffffff; + g2 = state->h2 + b; b = g2 >> 26; g2 &= 0x3ffffff; + g3 = state->h3 + b; b = g3 >> 26; g3 &= 0x3ffffff; + g4 = state->h4 + b - (1 << 26); + + b = (g4 >> 31) - 1; + nb = ~b; + state->h0 = (state->h0 & nb) | (g0 & b); + state->h1 = (state->h1 & nb) | (g1 & b); + state->h2 = (state->h2 & nb) | (g2 & b); + state->h3 = (state->h3 & nb) | (g3 & b); + state->h4 = (state->h4 & nb) | (g4 & b); + + f0 = ((state->h0 ) | (state->h1 << 26)) + (uint64_t)U8TO32_LE(&state->key[0]); + f1 = ((state->h1 >> 6) | (state->h2 << 20)) + (uint64_t)U8TO32_LE(&state->key[4]); + f2 = ((state->h2 >> 12) | (state->h3 << 14)) + (uint64_t)U8TO32_LE(&state->key[8]); + f3 = ((state->h3 >> 18) | (state->h4 << 8)) + (uint64_t)U8TO32_LE(&state->key[12]); + + U32TO8_LE(&mac[ 0], (uint32_t)f0); f1 += (f0 >> 32); + U32TO8_LE(&mac[ 4], (uint32_t)f1); f2 += (f1 >> 32); + U32TO8_LE(&mac[ 8], (uint32_t)f2); f3 += (f2 >> 32); + U32TO8_LE(&mac[12], (uint32_t)f3); +} diff --git a/security/nss/lib/freebl/poly1305.h b/security/nss/lib/freebl/poly1305.h new file mode 100644 index 00000000..0a463483 --- /dev/null +++ b/security/nss/lib/freebl/poly1305.h @@ -0,0 +1,28 @@ +/* + * poly1305.h - header file for Poly1305 implementation. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef FREEBL_POLY1305_H_ +#define FREEBL_POLY1305_H_ + +typedef unsigned char poly1305_state[512]; + +/* Poly1305Init sets up |state| so that it can be used to calculate an + * authentication tag with the one-time key |key|. Note that |key| is a + * one-time key and therefore there is no `reset' method because that would + * enable several messages to be authenticated with the same key. */ +extern void Poly1305Init(poly1305_state* state, const unsigned char key[32]); + +/* Poly1305Update processes |in_len| bytes from |in|. It can be called zero or + * more times after poly1305_init. */ +extern void Poly1305Update(poly1305_state* state, const unsigned char* in, + size_t inLen); + +/* Poly1305Finish completes the poly1305 calculation and writes a 16 byte + * authentication tag to |mac|. */ +extern void Poly1305Finish(poly1305_state* state, unsigned char mac[16]); + +#endif /* FREEBL_POLY1305_H_ */ diff --git a/security/nss/lib/pk11wrap/pk11mech.c b/security/nss/lib/pk11wrap/pk11mech.c index f70c3094..0b4e8a8d 100644 --- a/security/nss/lib/pk11wrap/pk11mech.c +++ b/security/nss/lib/pk11wrap/pk11mech.c @@ -152,6 +152,8 @@ PK11_GetKeyMechanism(CK_KEY_TYPE type) return CKM_SEED_CBC; case CKK_CAMELLIA: return CKM_CAMELLIA_CBC; + case CKK_NSS_CHACHA20: + return CKM_NSS_CHACHA20_POLY1305; case CKK_AES: return CKM_AES_CBC; case CKK_DES: @@ -220,6 +222,9 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len) case CKM_CAMELLIA_KEY_GEN: case CKM_CAMELLIA_GCM: return CKK_CAMELLIA; + case CKM_NSS_CHACHA20_POLY1305: + case CKM_NSS_CHACHA20_KEY_GEN: + return CKK_NSS_CHACHA20; case CKM_AES_ECB: case CKM_AES_CBC: case CKM_AES_CCM: @@ -433,6 +438,8 @@ PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size) case CKM_CAMELLIA_KEY_GEN: case CKM_CAMELLIA_GCM: return CKM_CAMELLIA_KEY_GEN; + case CKM_NSS_CHACHA20_POLY1305: + return CKM_NSS_CHACHA20_KEY_GEN; case CKM_AES_ECB: case CKM_AES_CBC: case CKM_AES_CCM: diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 4fd7aecc..8008d1f0 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -371,6 +371,9 @@ static const struct mechanismList mechanisms[] = { {CKM_SEED_MAC, {16, 16, CKF_SN_VR}, PR_TRUE}, {CKM_SEED_MAC_GENERAL, {16, 16, CKF_SN_VR}, PR_TRUE}, {CKM_SEED_CBC_PAD, {16, 16, CKF_EN_DE_WR_UN}, PR_TRUE}, + /* ------------------------- ChaCha20 Operations ---------------------- */ + {CKM_NSS_CHACHA20_KEY_GEN, {32, 32, CKF_GENERATE}, PR_TRUE}, + {CKM_NSS_CHACHA20_POLY1305,{32, 32, CKF_EN_DE}, PR_TRUE}, /* ------------------------- Hashing Operations ----------------------- */ {CKM_MD2, {0, 0, CKF_DIGEST}, PR_FALSE}, {CKM_MD2_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 01297812..b0d422db 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -664,6 +664,97 @@ sftk_RSADecryptOAEP(SFTKOAEPDecryptInfo *info, unsigned char *output, return rv; } +static SFTKChaCha20Poly1305Info * +sftk_ChaCha20Poly1305_CreateContext(const unsigned char *key, + unsigned int keyLen, + const CK_NSS_AEAD_PARAMS *params) +{ + SFTKChaCha20Poly1305Info *ctx; + + if (params->ulNonceLen != sizeof(ctx->nonce)) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return NULL; + } + + ctx = PORT_New(SFTKChaCha20Poly1305Info); + if (ctx == NULL) { + return NULL; + } + + if (ChaCha20Poly1305_InitContext(&ctx->freeblCtx, key, keyLen, + params->ulTagLen) != SECSuccess) { + PORT_Free(ctx); + return NULL; + } + + PORT_Memcpy(ctx->nonce, params->pNonce, sizeof(ctx->nonce)); + + if (params->ulAADLen > sizeof(ctx->ad)) { + /* Need to allocate an overflow buffer for the additional data. */ + ctx->adOverflow = (unsigned char *)PORT_Alloc(params->ulAADLen); + if (!ctx->adOverflow) { + PORT_Free(ctx); + return NULL; + } + PORT_Memcpy(ctx->adOverflow, params->pAAD, params->ulAADLen); + } else { + ctx->adOverflow = NULL; + PORT_Memcpy(ctx->ad, params->pAAD, params->ulAADLen); + } + ctx->adLen = params->ulAADLen; + + return ctx; +} + +static void +sftk_ChaCha20Poly1305_DestroyContext(SFTKChaCha20Poly1305Info *ctx, + PRBool freeit) +{ + ChaCha20Poly1305_DestroyContext(&ctx->freeblCtx, PR_FALSE); + if (ctx->adOverflow != NULL) { + PORT_Free(ctx->adOverflow); + ctx->adOverflow = NULL; + } + ctx->adLen = 0; + if (freeit) { + PORT_Free(ctx); + } +} + +static SECStatus +sftk_ChaCha20Poly1305_Encrypt(const SFTKChaCha20Poly1305Info *ctx, + unsigned char *output, unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen) +{ + const unsigned char *ad = ctx->adOverflow; + + if (ad == NULL) { + ad = ctx->ad; + } + + return ChaCha20Poly1305_Seal(&ctx->freeblCtx, output, outputLen, + maxOutputLen, input, inputLen, ctx->nonce, + sizeof(ctx->nonce), ad, ctx->adLen); +} + +static SECStatus +sftk_ChaCha20Poly1305_Decrypt(const SFTKChaCha20Poly1305Info *ctx, + unsigned char *output, unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen) +{ + const unsigned char *ad = ctx->adOverflow; + + if (ad == NULL) { + ad = ctx->ad; + } + + return ChaCha20Poly1305_Open(&ctx->freeblCtx, output, outputLen, + maxOutputLen, input, inputLen, ctx->nonce, + sizeof(ctx->nonce), ad, ctx->adLen); +} + /** NSC_CryptInit initializes an encryption/Decryption operation. * * Always called by NSC_EncryptInit, NSC_DecryptInit, NSC_WrapKey,NSC_UnwrapKey. @@ -1057,6 +1148,34 @@ finish_des: context->destroy = (SFTKDestroy) AES_DestroyContext; break; + case CKM_NSS_CHACHA20_POLY1305: + if (pMechanism->ulParameterLen != sizeof(CK_NSS_AEAD_PARAMS)) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + context->multi = PR_FALSE; + if (key_type != CKK_NSS_CHACHA20) { + crv = CKR_KEY_TYPE_INCONSISTENT; + break; + } + att = sftk_FindAttribute(key,CKA_VALUE); + if (att == NULL) { + crv = CKR_KEY_HANDLE_INVALID; + break; + } + context->cipherInfo = sftk_ChaCha20Poly1305_CreateContext( + (unsigned char*) att->attrib.pValue, att->attrib.ulValueLen, + (CK_NSS_AEAD_PARAMS*) pMechanism->pParameter); + sftk_FreeAttribute(att); + if (context->cipherInfo == NULL) { + crv = sftk_MapCryptError(PORT_GetError()); + break; + } + context->update = (SFTKCipher) (isEncrypt ? sftk_ChaCha20Poly1305_Encrypt : + sftk_ChaCha20Poly1305_Decrypt); + context->destroy = (SFTKDestroy) sftk_ChaCha20Poly1305_DestroyContext; + break; + case CKM_NETSCAPE_AES_KEY_WRAP_PAD: context->doPad = PR_TRUE; /* fall thru */ @@ -3653,6 +3772,10 @@ nsc_SetupBulkKeyGen(CK_MECHANISM_TYPE mechanism, CK_KEY_TYPE *key_type, *key_type = CKK_AES; if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; break; + case CKM_NSS_CHACHA20_KEY_GEN: + *key_type = CKK_NSS_CHACHA20; + if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; + break; default: PORT_Assert(0); crv = CKR_MECHANISM_INVALID; @@ -3899,6 +4022,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, case CKM_SEED_KEY_GEN: case CKM_CAMELLIA_KEY_GEN: case CKM_AES_KEY_GEN: + case CKM_NSS_CHACHA20_KEY_GEN: #if NSS_SOFTOKEN_DOES_RC5 case CKM_RC5_KEY_GEN: #endif diff --git a/security/nss/lib/softoken/pkcs11i.h b/security/nss/lib/softoken/pkcs11i.h index 1023a001..8f16357c 100644 --- a/security/nss/lib/softoken/pkcs11i.h +++ b/security/nss/lib/softoken/pkcs11i.h @@ -14,6 +14,7 @@ #include "pkcs11t.h" #include "sftkdbt.h" +#include "chacha20poly1305.h" #include "hasht.h" /* @@ -104,6 +105,7 @@ typedef struct SFTKHashSignInfoStr SFTKHashSignInfo; typedef struct SFTKOAEPEncryptInfoStr SFTKOAEPEncryptInfo; typedef struct SFTKOAEPDecryptInfoStr SFTKOAEPDecryptInfo; typedef struct SFTKSSLMACInfoStr SFTKSSLMACInfo; +typedef struct SFTKChaCha20Poly1305InfoStr SFTKChaCha20Poly1305Info; typedef struct SFTKItemTemplateStr SFTKItemTemplate; /* define function pointer typdefs for pointer tables */ @@ -399,6 +401,16 @@ struct SFTKSSLMACInfoStr { unsigned int keySize; }; +/* SFTKChaCha20Poly1305Info saves the key, tag length, nonce, + * and additional data for a ChaCha20+Poly1305 AEAD operation. */ +struct SFTKChaCha20Poly1305InfoStr { + ChaCha20Poly1305Context freeblCtx; + unsigned char nonce[12]; + unsigned char ad[16]; + unsigned char *adOverflow; + unsigned int adLen; +}; + /* * Template based on SECItems, suitable for passing as arrays */ diff --git a/security/nss/lib/ssl/manifest.mn b/security/nss/lib/ssl/manifest.mn index 4d46d46b..371a571d 100644 --- a/security/nss/lib/ssl/manifest.mn +++ b/security/nss/lib/ssl/manifest.mn @@ -50,4 +50,4 @@ LIBRARY_NAME = ssl LIBRARY_VERSION = 3 # This part of the code, including all sub-dirs, can be optimized for size -export ALLOW_OPT_CODE_SIZE = 1 +#export ALLOW_OPT_CODE_SIZE = 1 diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 2a2faf71..a14e1caf 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -111,6 +111,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around * bug 946147. */ @@ -127,6 +129,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { #endif /* NSS_DISABLE_ECC */ { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE, PR_FALSE}, { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, @@ -307,6 +310,7 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = { {cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0}, {cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8}, {cipher_aes_256_gcm, calg_aes_gcm, 32,32, type_aead, 4, 0,16, 8}, + {cipher_chacha20, calg_chacha20, 32,32, type_aead, 12, 0,16, 0}, {cipher_camellia_128_gcm, calg_camellia_gcm, 16,16, type_aead, 4, 0,16, 8}, {cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0}, }; @@ -443,6 +447,10 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss}, {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss}, + {TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_dhe_rsa}, + {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_rsa}, + {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa}, + #ifndef NSS_DISABLE_ECC {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa}, {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa}, @@ -507,6 +515,7 @@ static const SSLCipher2Mech alg2Mech[] = { { calg_camellia , CKM_CAMELLIA_CBC }, { calg_seed , CKM_SEED_CBC }, { calg_aes_gcm , CKM_AES_GCM }, + { calg_chacha20 , CKM_NSS_CHACHA20_POLY1305 }, { calg_camellia_gcm , CKM_CAMELLIA_GCM }, /* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */ }; @@ -551,6 +560,7 @@ const char * const ssl3_cipherName[] = { "SEED-CBC", "AES-128-GCM", "AES-256-GCM", + "ChaCha20-Ploy1305", "Camellia-128-GCM", "missing" }; @@ -696,6 +706,9 @@ ssl3_CipherSuiteAllowedForVersionRange( case TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: + case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: + case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: + case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2; /* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and @@ -1811,6 +1824,7 @@ ssl3_InitPendingContextsBypass(sslSocket *ss) case ssl_calg_idea: case ssl_calg_fortezza: case ssl_calg_aes_gcm: + case ssl_calg_chacha20: break; } @@ -1933,8 +1947,9 @@ ssl3_CipherGCM(ssl3KeyMaterial *keys, CK_GCM_PARAMS gcmParams; CK_MECHANISM_TYPE mechanism; - static const int tagSize = 16; - static const int explicitNonceLen = 8; + const int tagSize = bulk_cipher_defs[cipher_aes_128_gcm].tag_size; + const int explicitNonceLen = + bulk_cipher_defs[cipher_aes_128_gcm].explicit_nonce_size; /* See https://tools.ietf.org/html/rfc5288#section-3 for details of how the * nonce is formed. */ @@ -2009,8 +2024,9 @@ ssl3_CipherGCMBypass(ssl3KeyMaterial *keys, SSLCipher encode, decode; SSLDestroy destroy; - static const int tagSize = 16; - static const int explicitNonceLen = 8; + const int tagSize = bulk_cipher_defs[cipher_aes_128_gcm].tag_size; + const int explicitNonceLen = + bulk_cipher_defs[cipher_aes_128_gcm].explicit_nonce_size; /* See https://tools.ietf.org/html/rfc5288#section-3 for details of how the * nonce is formed. */ @@ -2084,6 +2100,55 @@ ssl3_CipherGCMBypass(ssl3KeyMaterial *keys, } #endif +static SECStatus +ssl3_ChaCha20Poly1305(ssl3KeyMaterial *keys, PRBool doDecrypt, + unsigned char *out, int *outlen, int maxout, + const unsigned char *in, int inlen, + const unsigned char *additionalData, + int additionalDataLen, SSLCipherAlgorithm calg) +{ + size_t i; + SECItem param; + SECStatus rv = SECFailure; + unsigned int uOutLen; + unsigned char nonce[12]; + CK_NSS_AEAD_PARAMS aeadParams; + + const int tagSize = bulk_cipher_defs[cipher_chacha20].tag_size; + + /* See + * https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305-04#section-2 + * for details of how the nonce is formed. */ + PORT_Memcpy(nonce, keys->write_iv, 12); + + /* XOR the last 8 bytes of the IV with the sequence number. */ + PORT_Assert(additionalDataLen >= 8); + for (i = 0; i < 8; ++i) { + nonce[4 + i] ^= additionalData[i]; + } + + param.type = siBuffer; + param.len = sizeof(aeadParams); + param.data = (unsigned char *)&aeadParams; + memset(&aeadParams, 0, sizeof(aeadParams)); + aeadParams.pNonce = nonce; + aeadParams.ulNonceLen = sizeof(nonce); + aeadParams.pAAD = (unsigned char *)additionalData; + aeadParams.ulAADLen = additionalDataLen; + aeadParams.ulTagLen = tagSize; + + if (doDecrypt) { + rv = PK11_Decrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, ¶m, + out, &uOutLen, maxout, in, inlen); + } else { + rv = PK11_Encrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, ¶m, + out, &uOutLen, maxout, in, inlen); + } + *outlen = (int)uOutLen; + + return rv; +} + /* Initialize encryption and MAC contexts for pending spec. * Master Secret already is derived. * Caller holds Spec write lock. @@ -2123,7 +2188,18 @@ ssl3_InitPendingContextsPKCS11(sslSocket *ss) pwSpec->destroy = NULL; pwSpec->encodeContext = NULL; pwSpec->decodeContext = NULL; - pwSpec->aead = ssl3_CipherGCM; + switch (calg) { + case calg_aes_gcm: + case calg_camellia_gcm: + pwSpec->aead = ssl3_CipherGCM; + break; + case calg_chacha20: + pwSpec->aead = ssl3_ChaCha20Poly1305; + break; + default: + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } return SECSuccess; } @@ -2236,6 +2312,23 @@ fail: return SECFailure; } +/* Returns whether we can bypass PKCS#11 for a given cipher algorithm. + * + * We do not support PKCS#11 bypass for ChaCha20/Poly1305. + */ +#ifndef NO_PKCS11_BYPASS +static PRBool +ssl3_CanBypassCipher(SSLCipherAlgorithm calg) +{ + switch (calg) { + case calg_chacha20: + return PR_FALSE; + default: + return PR_TRUE; + } +} +#endif + /* Complete the initialization of all keys, ciphers, MACs and their contexts * for the pending Cipher Spec. * Called from: ssl3_SendClientKeyExchange (for Full handshake) @@ -2275,7 +2368,8 @@ ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms) } } #ifndef NO_PKCS11_BYPASS - if (ss->opt.bypassPKCS11 && pwSpec->msItem.len && pwSpec->msItem.data) { + if (ss->opt.bypassPKCS11 && pwSpec->msItem.len && pwSpec->msItem.data && + ssl3_CanBypassCipher(ss->ssl3.pwSpec->cipher_def->calg)) { /* Double Bypass succeeded in extracting the master_secret */ #error not patched for SHA384, see bug 923089 const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index fc4f91d2..b5f36adf 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -921,6 +921,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 0 /* end of list marker */ @@ -934,6 +935,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, 0 /* end of list marker */ @@ -947,6 +949,7 @@ static const ssl3CipherSuite ecSuites[] = { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, @@ -956,6 +959,7 @@ static const ssl3CipherSuite ecSuites[] = { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c index 8d04c153..6bf9d70c 100644 --- a/security/nss/lib/ssl/sslenum.c +++ b/security/nss/lib/ssl/sslenum.c @@ -53,6 +53,8 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. */ @@ -69,6 +71,7 @@ const PRUint16 SSL_ImplementedCiphers[] = { #endif /* NSS_DISABLE_ECC */ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index 28d80f16..c4eeb736 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -57,6 +57,7 @@ typedef SSLSignType SSL3SignType; #define calg_seed ssl_calg_seed #define calg_aes_gcm ssl_calg_aes_gcm #define calg_camellia_gcm ssl_calg_camellia_gcm +#define calg_chacha20 ssl_calg_chacha20 #define mac_null ssl_mac_null #define mac_md5 ssl_mac_md5 @@ -293,9 +294,9 @@ typedef struct { } ssl3CipherSuiteCfg; #ifndef NSS_DISABLE_ECC -#define ssl_V3_SUITES_IMPLEMENTED 67 +#define ssl_V3_SUITES_IMPLEMENTED 70 #else -#define ssl_V3_SUITES_IMPLEMENTED 40 +#define ssl_V3_SUITES_IMPLEMENTED 41 #endif /* NSS_DISABLE_ECC */ #define MAX_DTLS_SRTP_CIPHER_SUITES 4 @@ -480,6 +481,7 @@ typedef enum { cipher_seed, cipher_aes_128_gcm, cipher_aes_256_gcm, + cipher_chacha20, cipher_camellia_128_gcm, cipher_missing /* reserved for no such supported cipher */ /* This enum must match ssl3_cipherName[] in ssl3con.c. */ diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c index 41ea6aee..969a2942 100644 --- a/security/nss/lib/ssl/sslinfo.c +++ b/security/nss/lib/ssl/sslinfo.c @@ -149,6 +149,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, #define C_SJ "SKIPJACK", calg_sj #define C_AESGCM "AES-GCM", calg_aes_gcm #define C_CAMELLIAGCM "CAMELLIA-GCM", calg_camellia_gcm +#define C_CHACHA20 "CHACHA20POLY1305", calg_chacha20 #define B_256 256, 256, 256 #define B_128 128, 128, 128 @@ -169,6 +170,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, static const SSLCipherSuiteInfo suiteInfo[] = { /* <------ Cipher suite --------------------> */ {0,CS(TLS_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_RSA, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, +{0,CS(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256), S_RSA, K_DHE, C_CHACHA20, B_256, M_AEAD_128, 0, 0, 0 }, {0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, }, {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, }, @@ -234,6 +236,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = { {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, }, {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, {0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, }, +{0,CS(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256), S_ECDSA, K_ECDHE, C_CHACHA20, B_256, M_AEAD_128, 0, 0, 0 }, {0,CS(TLS_ECDH_RSA_WITH_NULL_SHA), S_RSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, }, {0,CS(TLS_ECDH_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDH, C_RC4, B_128, M_SHA, 0, 0, 0, }, @@ -247,6 +250,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = { {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, }, {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, }, +{0,CS(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256), S_RSA, K_ECDHE, C_CHACHA20, B_256, M_AEAD_128, 0, 0, 0 }, #endif /* NSS_DISABLE_ECC */ /* SSL 2 table */ diff --git a/security/nss/lib/ssl/sslproto.h b/security/nss/lib/ssl/sslproto.h index 055d89e3..f90f77f7 100644 --- a/security/nss/lib/ssl/sslproto.h +++ b/security/nss/lib/ssl/sslproto.h @@ -264,6 +264,10 @@ #define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 #define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A +#define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 +#define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 +#define TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA + /* Netscape "experimental" cipher suites. */ #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0 #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1 diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h index cc0d9d2c..7560bd46 100644 --- a/security/nss/lib/ssl/sslt.h +++ b/security/nss/lib/ssl/sslt.h @@ -105,7 +105,8 @@ typedef enum { ssl_calg_camellia = 8, ssl_calg_seed = 9, ssl_calg_aes_gcm = 10, - ssl_calg_camellia_gcm = 11 + ssl_calg_chacha20 = 11, + ssl_calg_camellia_gcm = 12 } SSLCipherAlgorithm; typedef enum { diff --git a/security/nss/lib/util/pkcs11n.h b/security/nss/lib/util/pkcs11n.h index b993ed68..55a81082 100644 --- a/security/nss/lib/util/pkcs11n.h +++ b/security/nss/lib/util/pkcs11n.h @@ -51,6 +51,8 @@ #define CKK_NSS_JPAKE_ROUND1 (CKK_NSS + 2) #define CKK_NSS_JPAKE_ROUND2 (CKK_NSS + 3) +#define CKK_NSS_CHACHA20 (CKK_NSS + 4) + /* * NSS-defined certificate types * @@ -222,6 +224,9 @@ #define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE (CKM_NSS + 25) #define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH (CKM_NSS + 26) +#define CKM_NSS_CHACHA20_KEY_GEN (CKM_NSS + 27) +#define CKM_NSS_CHACHA20_POLY1305 (CKM_NSS + 28) + /* * HISTORICAL: * Do not attempt to use these. They are only used by NETSCAPE's internal @@ -289,6 +294,14 @@ typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS { CK_ULONG ulHeaderLen; /* in */ } CK_NSS_MAC_CONSTANT_TIME_PARAMS; +typedef struct CK_NSS_AEAD_PARAMS { + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceLen; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulTagLen; +} CK_NSS_AEAD_PARAMS; + /* * NSS-defined return values * diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c index ad15d0b0..20d6e7d1 100644 --- a/security/nss/lib/util/secoid.c +++ b/security/nss/lib/util/secoid.c @@ -582,8 +582,10 @@ CONST_OID evIncorporationCountry[] = { EV_NAME_ATTRIBUTE, 3 }; #define OI(x) { siDEROID, (unsigned char *)x, sizeof x } #ifndef SECOID_NO_STRINGS #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext } +#define ODE(tag,desc,mech,ext) { { siDEROID, NULL, 0 }, tag, desc, mech, ext } #else #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, 0, mech, ext } +#define ODE(tag,desc,mech,ext) { { siDEROID, NULL, 0 }, tag, 0, mech, ext } #endif #if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL) @@ -1649,7 +1651,9 @@ const static SECOidData oids[SEC_OID_TOTAL] = { OD( aes192_GCM, SEC_OID_AES_192_GCM, "AES-192-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ), OD( aes256_GCM, SEC_OID_AES_256_GCM, - "AES-256-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ) + "AES-256-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ), + ODE( SEC_OID_CHACHA20_POLY1305, + "ChaCha20-Poly1305", CKM_NSS_CHACHA20_POLY1305, INVALID_CERT_EXTENSION ), }; /* PRIVATE EXTENDED SECOID Table diff --git a/security/nss/lib/util/secoidt.h b/security/nss/lib/util/secoidt.h index 13fb7de0..05683322 100644 --- a/security/nss/lib/util/secoidt.h +++ b/security/nss/lib/util/secoidt.h @@ -447,6 +447,8 @@ typedef enum { SEC_OID_AES_192_GCM = 319, SEC_OID_AES_256_GCM = 320, + SEC_OID_CHACHA20_POLY1305 = 321, + SEC_OID_TOTAL } SECOidTag; diff --git a/security/nss/tests/cipher/cipher.txt b/security/nss/tests/cipher/cipher.txt index 6728d179..447a3ebd 100644 --- a/security/nss/tests/cipher/cipher.txt +++ b/security/nss/tests/cipher/cipher.txt @@ -31,6 +31,8 @@ 0 seed_ecb_-D SEED_ECB_Decrypt 0 seed_cbc_-E SEED_CBC_Encrypt 0 seed_cbc_-D SEED_CBC_Decrypt + 0 chacha20_poly1305_-E ChaCha20_Poly1305_Encrypt + 0 chacha20_poly1305_-D ChaCha20_Poly1305_Decrypt 0 rc2_ecb_-E RC2_ECB_Encrypt 0 rc2_ecb_-D RC2_ECB_Decrypt 0 rc2_cbc_-E RC2_CBC_Encrypt diff --git a/security/nss/tests/ssl/ssl.sh b/security/nss/tests/ssl/ssl.sh index 1bfb4b74..608e5c77 100644 --- a/security/nss/tests/ssl/ssl.sh +++ b/security/nss/tests/ssl/ssl.sh @@ -84,12 +84,14 @@ ssl_init() if [ -z "$NSS_DISABLE_ECC" ] ; then ECC_STRING=" - with ECC" + # List of cipher suites to test, including ECC cipher suites. + CIPHER_SUITES="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C027:C02B:C02F:CCA8:CCA9:CCAA:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz" else ECC_STRING="" + # List of cipher suites to test, excluding ECC cipher suites. + CIPHER_SUITES="-c ABCDEF:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2:CCAAcdefgijklmnvyz" fi - CSHORT="-c ABCDEF:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz" - CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C027:C02B:C02F:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz" if [ "${OS_ARCH}" != "WINNT" ]; then ulimit -n 1000 # make sure we have enough file descriptors @@ -259,11 +261,7 @@ ssl_cov() html_head "SSL Cipher Coverage $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING" testname="" - if [ -z "$NSS_DISABLE_ECC" ] ; then - sparam="$CLONG" - else - sparam="$CSHORT" - fi + sparam="$CIPHER_SUITES" mixed=0 start_selfserv # Launch the server diff --git a/security/nss/tests/ssl/sslcov.txt b/security/nss/tests/ssl/sslcov.txt index f24318ea..a023d210 100644 --- a/security/nss/tests/ssl/sslcov.txt +++ b/security/nss/tests/ssl/sslcov.txt @@ -101,6 +101,7 @@ noECC TLS12 :009C TLS12_RSA_WITH_AES_128_GCM_SHA256 noECC TLS12 :009E TLS12_DHE_RSA_WITH_AES_128_GCM_SHA256 noECC TLS12 :00A2 TLS12_DHE_DSS_WITH_AES_128_GCM_SHA256 + noECC TLS12 :CCAA TLS12_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 # # ECC ciphers (TLS) # From bc91a4081b48ae3b90f332e41b4b537e3e2da02c Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Fri, 31 Jan 2020 22:04:14 +0800 Subject: [PATCH 15/15] NSS: fix typo in ssl3_cipherName --- security/nss/lib/ssl/ssl3con.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index a14e1caf..2914e15f 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -560,7 +560,7 @@ const char * const ssl3_cipherName[] = { "SEED-CBC", "AES-128-GCM", "AES-256-GCM", - "ChaCha20-Ploy1305", + "ChaCha20-Poly1305", "Camellia-128-GCM", "missing" };