nss-pem.git/0000775000000000000000000000000013261107033010106 5ustar nss-pem.git/COPYING0000664000000000000000000006223313232662053011155 0ustar MOZILLA PUBLIC LICENSE Version 1.1 --------------- 1. Definitions. 1.0.1. "Commercial Use" means distribution or otherwise making the Covered Code available to a third party. 1.1. "Contributor" means each entity that creates or contributes to the creation of Modifications. 1.2. "Contributor Version" means the combination of the Original Code, prior Modifications used by a Contributor, and the Modifications made by that particular Contributor. 1.3. "Covered Code" means the Original Code or Modifications or the combination of the Original Code and Modifications, in each case including portions thereof. 1.4. "Electronic Distribution Mechanism" means a mechanism generally accepted in the software development community for the electronic transfer of data. 1.5. "Executable" means Covered Code in any form other than Source Code. 1.6. "Initial Developer" means the individual or entity identified as the Initial Developer in the Source Code notice required by Exhibit A. 1.7. "Larger Work" means a work which combines Covered Code or portions thereof with code not governed by the terms of this License. 1.8. "License" means this document. 1.8.1. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently acquired, any and all of the rights conveyed herein. 1.9. "Modifications" means any addition to or deletion from the substance or structure of either the Original Code or any previous Modifications. When Covered Code is released as a series of files, a Modification is: A. Any addition to or deletion from the contents of a file containing Original Code or previous Modifications. B. Any new file that contains any part of the Original Code or previous Modifications. 1.10. "Original Code" means Source Code of computer software code which is described in the Source Code notice required by Exhibit A as Original Code, and which, at the time of its release under this License is not already Covered Code governed by this License. 1.10.1. "Patent Claims" means any patent claim(s), now owned or hereafter acquired, including without limitation, method, process, and apparatus claims, in any patent Licensable by grantor. 1.11. "Source Code" means the preferred form of the Covered Code for making modifications to it, including all modules it contains, plus any associated interface definition files, scripts used to control compilation and installation of an Executable, or source code differential comparisons against either the Original Code or another well known, available Covered Code of the Contributor's choice. The Source Code can be in a compressed or archival form, provided the appropriate decompression or de-archiving software is widely available for no charge. 1.12. "You" (or "Your") means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License or a future version of this License issued under Section 6.1. For legal entities, "You" includes any entity which controls, is controlled by, or is under common control with You. For purposes of this definition, "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. 2. Source Code License. 2.1. The Initial Developer Grant. The Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims: (a) under intellectual property rights (other than patent or trademark) Licensable by Initial Developer to use, reproduce, modify, display, perform, sublicense and distribute the Original Code (or portions thereof) with or without Modifications, and/or as part of a Larger Work; and (b) under Patents Claims infringed by the making, using or selling of Original Code, to make, have made, use, practice, sell, and offer for sale, and/or otherwise dispose of the Original Code (or portions thereof). (c) the licenses granted in this Section 2.1(a) and (b) are effective on the date Initial Developer first distributes Original Code under the terms of this License. (d) Notwithstanding Section 2.1(b) above, no patent license is granted: 1) for code that You delete from the Original Code; 2) separate from the Original Code; or 3) for infringements caused by: i) the modification of the Original Code or ii) the combination of the Original Code with other software or devices. 2.2. Contributor Grant. Subject to third party intellectual property claims, each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license (a) under intellectual property rights (other than patent or trademark) Licensable by Contributor, to use, reproduce, modify, display, perform, sublicense and distribute the Modifications created by such Contributor (or portions thereof) either on an unmodified basis, with other Modifications, as Covered Code and/or as part of a Larger Work; and (b) under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made, and/or otherwise dispose of: 1) Modifications made by that Contributor (or portions thereof); and 2) the combination of Modifications made by that Contributor with its Contributor Version (or portions of such combination). (c) the licenses granted in Sections 2.2(a) and 2.2(b) are effective on the date Contributor first makes Commercial Use of the Covered Code. (d) Notwithstanding Section 2.2(b) above, no patent license is granted: 1) for any code that Contributor has deleted from the Contributor Version; 2) separate from the Contributor Version; 3) for infringements caused by: i) third party modifications of Contributor Version or ii) the combination of Modifications made by that Contributor with other software (except as part of the Contributor Version) or other devices; or 4) under Patent Claims infringed by Covered Code in the absence of Modifications made by that Contributor. 3. Distribution Obligations. 3.1. Application of License. The Modifications which You create or to which You contribute are governed by the terms of this License, including without limitation Section 2.2. The Source Code version of Covered Code may be distributed only under the terms of this License or a future version of this License released under Section 6.1, and You must include a copy of this License with every copy of the Source Code You distribute. You may not offer or impose any terms on any Source Code version that alters or restricts the applicable version of this License or the recipients' rights hereunder. However, You may include an additional document offering the additional rights described in Section 3.5. 3.2. Availability of Source Code. Any Modification which You create or to which You contribute must be made available in Source Code form under the terms of this License either on the same media as an Executable version or via an accepted Electronic Distribution Mechanism to anyone to whom you made an Executable version available; and if made available via Electronic Distribution Mechanism, must remain available for at least twelve (12) months after the date it initially became available, or at least six (6) months after a subsequent version of that particular Modification has been made available to such recipients. You are responsible for ensuring that the Source Code version remains available even if the Electronic Distribution Mechanism is maintained by a third party. 3.3. Description of Modifications. You must cause all Covered Code to which You contribute to contain a file documenting the changes You made to create that Covered Code and the date of any change. You must include a prominent statement that the Modification is derived, directly or indirectly, from Original Code provided by the Initial Developer and including the name of the Initial Developer in (a) the Source Code, and (b) in any notice in an Executable version or related documentation in which You describe the origin or ownership of the Covered Code. 3.4. Intellectual Property Matters (a) Third Party Claims. If Contributor has knowledge that a license under a third party's intellectual property rights is required to exercise the rights granted by such Contributor under Sections 2.1 or 2.2, Contributor must include a text file with the Source Code distribution titled "LEGAL" which describes the claim and the party making the claim in sufficient detail that a recipient will know whom to contact. If Contributor obtains such knowledge after the Modification is made available as described in Section 3.2, Contributor shall promptly modify the LEGAL file in all copies Contributor makes available thereafter and shall take other steps (such as notifying appropriate mailing lists or newsgroups) reasonably calculated to inform those who received the Covered Code that new knowledge has been obtained. (b) Contributor APIs. If Contributor's Modifications include an application programming interface and Contributor has knowledge of patent licenses which are reasonably necessary to implement that API, Contributor must also include this information in the LEGAL file. (c) Representations. Contributor represents that, except as disclosed pursuant to Section 3.4(a) above, Contributor believes that Contributor's Modifications are Contributor's original creation(s) and/or Contributor has sufficient rights to grant the rights conveyed by this License. 3.5. Required Notices. You must duplicate the notice in Exhibit A in each file of the Source Code. If it is not possible to put such notice in a particular Source Code file due to its structure, then You must include such notice in a location (such as a relevant directory) where a user would be likely to look for such a notice. If You created one or more Modification(s) You may add your name as a Contributor to the notice described in Exhibit A. You must also duplicate this License in any documentation for the Source Code where You describe recipients' rights or ownership rights relating to Covered Code. You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Code. However, You may do so only on Your own behalf, and not on behalf of the Initial Developer or any Contributor. You must make it absolutely clear than any such warranty, support, indemnity or liability obligation is offered by You alone, and You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of warranty, support, indemnity or liability terms You offer. 3.6. Distribution of Executable Versions. You may distribute Covered Code in Executable form only if the requirements of Section 3.1-3.5 have been met for that Covered Code, and if You include a notice stating that the Source Code version of the Covered Code is available under the terms of this License, including a description of how and where You have fulfilled the obligations of Section 3.2. The notice must be conspicuously included in any notice in an Executable version, related documentation or collateral in which You describe recipients' rights relating to the Covered Code. You may distribute the Executable version of Covered Code or ownership rights under a license of Your choice, which may contain terms different from this License, provided that You are in compliance with the terms of this License and that the license for the Executable version does not attempt to limit or alter the recipient's rights in the Source Code version from the rights set forth in this License. If You distribute the Executable version under a different license You must make it absolutely clear that any terms which differ from this License are offered by You alone, not by the Initial Developer or any Contributor. You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of any such terms You offer. 3.7. Larger Works. You may create a Larger Work by combining Covered Code with other code not governed by the terms of this License and distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled for the Covered Code. 4. Inability to Comply Due to Statute or Regulation. If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Code due to statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible; and (b) describe the limitations and the code they affect. Such description must be included in the LEGAL file described in Section 3.4 and must be included with all distributions of the Source Code. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it. 5. Application of this License. This License applies to code to which the Initial Developer has attached the notice in Exhibit A and to related Covered Code. 6. Versions of the License. 6.1. New Versions. Netscape Communications Corporation ("Netscape") may publish revised and/or new versions of the License from time to time. Each version will be given a distinguishing version number. 6.2. Effect of New Versions. Once Covered Code has been published under a particular version of the License, You may always continue to use it under the terms of that version. You may also choose to use such Covered Code under the terms of any subsequent version of the License published by Netscape. No one other than Netscape has the right to modify the terms applicable to Covered Code created under this License. 6.3. Derivative Works. If You create or use a modified version of this License (which you may only do in order to apply it to code which is not already Covered Code governed by this License), You must (a) rename Your license so that the phrases "Mozilla", "MOZILLAPL", "MOZPL", "Netscape", "MPL", "NPL" or any confusingly similar phrase do not appear in your license (except to note that your license differs from this License) and (b) otherwise make it clear that Your version of the license contains terms which differ from the Mozilla Public License and Netscape Public License. (Filling in the name of the Initial Developer, Original Code or Contributor in the notice described in Exhibit A shall not of themselves be deemed to be modifications of this License.) 7. DISCLAIMER OF WARRANTY. COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. 8. TERMINATION. 8.1. This License and the rights granted hereunder will terminate automatically if You fail to comply with terms herein and fail to cure such breach within 30 days of becoming aware of the breach. All sublicenses to the Covered Code which are properly granted shall survive any termination of this License. Provisions which, by their nature, must remain in effect beyond the termination of this License shall survive. 8.2. If You initiate litigation by asserting a patent infringement claim (excluding declatory judgment actions) against Initial Developer or a Contributor (the Initial Developer or Contributor against whom You file such action is referred to as "Participant") alleging that: (a) such Participant's Contributor Version directly or indirectly infringes any patent, then any and all rights granted by such Participant to You under Sections 2.1 and/or 2.2 of this License shall, upon 60 days notice from Participant terminate prospectively, unless if within 60 days after receipt of notice You either: (i) agree in writing to pay Participant a mutually agreeable reasonable royalty for Your past and future use of Modifications made by such Participant, or (ii) withdraw Your litigation claim with respect to the Contributor Version against such Participant. If within 60 days of notice, a reasonable royalty and payment arrangement are not mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the rights granted by Participant to You under Sections 2.1 and/or 2.2 automatically terminate at the expiration of the 60 day notice period specified above. (b) any software, hardware, or device, other than such Participant's Contributor Version, directly or indirectly infringes any patent, then any rights granted to You by such Participant under Sections 2.1(b) and 2.2(b) are revoked effective as of the date You first made, used, sold, distributed, or had made, Modifications made by that Participant. 8.3. If You assert a patent infringement claim against Participant alleging that such Participant's Contributor Version directly or indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent infringement litigation, then the reasonable value of the licenses granted by such Participant under Sections 2.1 or 2.2 shall be taken into account in determining the amount or value of any payment or license. 8.4. In the event of termination under Sections 8.1 or 8.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or any distributor hereunder prior to termination shall survive termination. 9. LIMITATION OF LIABILITY. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. 10. U.S. GOVERNMENT END USERS. The Covered Code is a "commercial item," as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial computer software" and "commercial computer software documentation," as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire Covered Code with only those rights set forth herein. 11. MISCELLANEOUS. This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be governed by California law provisions (except to the extent applicable law, if any, provides otherwise), excluding its conflict-of-law provisions. With respect to disputes in which at least one party is a citizen of, or an entity chartered or registered to do business in the United States of America, any litigation relating to this License shall be subject to the jurisdiction of the Federal Courts of the Northern District of California, with venue lying in Santa Clara County, California, with the losing party responsible for costs, including without limitation, court costs and reasonable attorneys' fees and expenses. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not apply to this License. 12. RESPONSIBILITY FOR CLAIMS. As between Initial Developer and the Contributors, each party is responsible for claims and damages arising, directly or indirectly, out of its utilization of rights under this License and You agree to work with Initial Developer and Contributors to distribute such responsibility on an equitable basis. Nothing herein is intended or shall be deemed to constitute any admission of liability. 13. MULTIPLE-LICENSED CODE. Initial Developer may designate portions of the Covered Code as "Multiple-Licensed". "Multiple-Licensed" means that the Initial Developer permits you to utilize portions of the Covered Code under Your choice of the MPL or the alternative licenses, if any, specified by the Initial Developer in the file described in Exhibit A. EXHIBIT A -Mozilla Public License. ``The contents of this file are subject to the Mozilla Public License Version 1.1 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at https://www.mozilla.org/MPL/ Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. The Original Code is ______________________________________. The Initial Developer of the Original Code is ________________________. Portions created by ______________________ are Copyright (C) ______ _______________________. All Rights Reserved. Contributor(s): ______________________________________. Alternatively, the contents of this file may be used under the terms of the _____ license (the "[___] License"), in which case the provisions of [______] License are applicable instead of those above. If you wish to allow use of your version of this file only under the terms of the [____] License and not to allow others to use your version of this file under the MPL, indicate your decision by deleting the provisions above and replace them with the notice and other provisions required by the [___] License. If you do not delete the provisions above, a recipient may use your version of this file under either the MPL or the [___] License." [NOTE: The text of this Exhibit A may differ slightly from the text of the notices in the Source Code files of the Original Code. You should use the text of this Exhibit A rather than the text found in the Original Code Source Code for Your Modifications.] nss-pem.git/README0000664000000000000000000000027013232662053010773 0ustar nss-pem ======= PEM file reader for Network Security Services (NSS), implemented as a PKCS#11 module. Build Instructions ------------------ mkdir build cd build cmake ../src make -j nss-pem.git/debian/0000775000000000000000000000000013261141254011333 5ustar nss-pem.git/debian/README.source0000664000000000000000000000076313252724726013533 0ustar nss-pem ======= This source embeds src:nss because it needs some headers and static libs that the nss maintainer has refused to package, see bugs: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855879 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732201 if the situation changes and the files are packaged by src:nss then the embedded copy can be dropped. The files that libnsspem.so needs for its build are: private headers: alghmac.h blapi.h static libs: libfreebl.a nssb.a nssckfw.a nss-pem.git/debian/changelog0000664000000000000000000000106713261141254013211 0ustar nss-pem (1.0.3-0ubuntu2) bionic; urgency=medium * rules: Apply nss patches before build. * rules: When building with -O3, build with -Wno-error=maybe- uninitialized. -- Timo Aaltonen Wed, 04 Apr 2018 15:18:52 +0300 nss-pem (1.0.3-0ubuntu1) bionic; urgency=medium * Upload to bionic. (LP: #1751140) -- Timo Aaltonen Fri, 16 Mar 2018 14:11:02 +0200 nss-pem (1.0.3-1) unstable; urgency=medium * Initial release (Closes: #888820) -- Timo Aaltonen Fri, 16 Mar 2018 13:59:48 +0200 nss-pem.git/debian/compat0000664000000000000000000000000313232662053012535 0ustar 10 nss-pem.git/debian/control0000664000000000000000000000152013261135175012741 0ustar Source: nss-pem Section: libs Priority: optional Maintainer: Debian FreeIPA Team Uploaders: Timo Aaltonen Build-Depends: debhelper (>= 10), cmake, libnss3-dev, pkg-config, # src:nss quilt, libnspr4-dev (>= 2:4.12), zlib1g-dev, libsqlite3-dev (>= 3.3.9), libnss3-tools:native (>= 2:3.19-1-1~) Standards-Version: 4.1.2 Homepage: https://github.com/kdudka/nss-pem Vcs-Git: https://anonscm.debian.org/pkg-freeipa/nss-pem.git Vcs-Browser: https://anonscm.debian.org/cgit/pkg-freeipa/nss-pem.git Package: libnsspem Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Multi-Arch: same Description: PEM file reader for Network Security Services (NSS) This package provides a PEM file reader for Network Security Services (NSS), implemented as a PKCS#11 module. nss-pem.git/debian/copyright0000664000000000000000000001424013252730647013301 0ustar Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: nss-pem Source: https://github.com/kdudka/nss-pem Files: * Copyright: 1994-2000 Netscape Communications Corporation 2005 Rob Crittenden License: LGPL-2.1 or GPL-2 or MPL-1.1 Files: nss/* Copyright: 1994-2000 Netscape Communications Corporation. 2000-2018 The Mozilla Project 2007-2018 Mike Hommey License: MPL-2.0 On Debian systems, the complete text of the Mozilla Public License can be found in "/usr/share/common-licenses/MPL-2.0". Files: nss/nss/lib/jar/jzlib.h nss/nss/lib/zlib/* Copyright: 1995-2010 Jean-loup Gailly and Mark Adler License: BSD-3-clause Files: nss/nss/lib/dbm/* Copyright: 1987-1994 The Regents of the University of California License: BSD-3-clause Files: nss/nss/lib/sqlite/sqlite3.* Copyright: 2001 sqlite authors License: sqlite The author disclaims copyright to this source code. In place of a legal notice, here is a blessing: . May you do good and not evil. May you find forgiveness for yourself and forgive others. May you share freely, never taking more than you give. Files: nss/nss/coreconf/mkdepend/* Copyright: 1993-1998 The Open Group License: open-group Permission to use, copy, modify, distribute, and sell this software and its documentation for any purpose is hereby granted without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation. . The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. . Except as contained in this notice, the name of The Open Group shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization from The Open Group. Files: nss/nss/coreconf/mkdepend/ifparser.* Copyright: 1992 Network Computing Devices, Inc. License: ifparser Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Network Computing Devices may not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. Network Computing Devices makes no representations about the suitability of this software for any purpose. It is provided ``as is'' without express or implied warranty. . NETWORK COMPUTING DEVICES DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL NETWORK COMPUTING DEVICES BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Files: nss/nss/coreconf/mkdepend/imakemdep.h Copyright: 1993-1994 X Consortium License: X Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: . The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. . Except as contained in this notice, the name of the X Consortium shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization from the X Consortium. Files: debian/* Copyright: 2017 Timo Aaltonen License: LGPL-2.1 or GPL-2 or MPL-1.1 License: GPL-2 This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . On Debian systems, the complete text of the GNU General Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". License: LGPL-2.1 On Debian systems, the complete text of the GNU Lesser General Public License can be found in "/usr/share/common-licenses/LGPL-2.1". License: MPL-1.1 On Debian systems, the complete text of the Mozilla Public License can be found in "/usr/share/common-licenses/MPL-1.1". License: BSD-3-clause On Debian systems, the complete text of the BSD License can be found in "/usr/share/common-licenses/GPL-2". nss-pem.git/debian/get-nss.sh0000755000000000000000000000044413252671124013256 0ustar #!/bin/sh # clean old checkout git rm -rf nss rm -rf nss git clone https://anonscm.debian.org/git/pkg-mozilla/nss.git rm -rf nss/.git* VERSION=`dpkg-parsechangelog -l nss/debian/changelog | grep Version | sed 's/.* //'` git add nss git commit -m "Refresh nss Package version: $VERSION " nss-pem.git/debian/libnsspem.lintian-overrides0000664000000000000000000000030713252727564016725 0ustar # this is a module for libcurl-nss, not a library that others link to package-must-activate-ldconfig-trigger usr/lib/*/libnsspem.so shlib-without-versioned-soname usr/lib/*/libnsspem.so libnsspem.so nss-pem.git/debian/rules0000775000000000000000000000142513261141202012406 0ustar #!/usr/bin/make -f export DEB_CFLAGS_MAINT_APPEND += -I../nss/dist/private/nss export DEB_LDFLAGS_MAINT_APPEND += -L../nss/dist/lib/ %: dh $@ --builddirectory=build/ override_dh_auto_configure: mkdir build cd build && cmake \ -DCMAKE_INSTALL_PREFIX=/usr \ -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON \ -DLIB_INSTALL_DIR=/usr/lib/$(DEB_HOST_MULTIARCH) \ ../src override_dh_auto_build: (cd nss; QUILT_PATCHES=debian/patches quilt push -a; debian/rules build) dh_auto_build override_dh_clean: (cd nss; debian/rules clean) dh_clean gentarball: SOURCE=nss-pem gentarball: UV=$(shell dpkg-parsechangelog|awk '/^Version:/ {print $$2}'|sed 's/-.*$$//') gentarball: tar --transform 's,^,$(SOURCE)-$(UV)/,' \ --exclude './debian' --exclude-vcs \ -cJf ../$(SOURCE)_$(UV).orig.tar.xz . nss-pem.git/debian/source/0000775000000000000000000000000013261141246012634 5ustar nss-pem.git/debian/source/format0000664000000000000000000000000413261141246014041 0ustar 1.0 nss-pem.git/debian/watch0000664000000000000000000000013413232662053012365 0ustar version=4 https://github.com/kdudka/nss-pem/releases (?:.*/)?nss-pem-?(\d[\d\.]*)\.tar\.xz nss-pem.git/make-srpm.sh0000775000000000000000000000742413232662053012356 0ustar #/bin/bash # Version: MPL 1.1/GPL 2.0/LGPL 2.1 # # The contents of this file are subject to the Mozilla Public License Version # 1.1 (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # http://www.mozilla.org/MPL/ # # Software distributed under the License is distributed on an "AS IS" basis, # WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License # for the specific language governing rights and limitations under the # License. # # Alternatively, the contents of this file may be used under the terms of # either the GNU General Public License Version 2 or later (the "GPL"), or # the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), # in which case the provisions of the GPL or the LGPL are applicable instead # of those above. If you wish to allow use of your version of this file only # under the terms of either the GPL or the LGPL, and not to allow others to # use your version of this file under the terms of the MPL, indicate your # decision by deleting the provisions above and replace them with the notice # and other provisions required by the GPL or the LGPL. If you do not delete # the provisions above, a recipient may use your version of this file under # the terms of any one of the MPL, the GPL or the LGPL. SELF="$0" PKG="nss-pem" die() { echo "$SELF: error: $1" >&2 exit 1 } match() { grep "$@" > /dev/null } DST="`readlink -f "$PWD"`" REPO="`git rev-parse --show-toplevel`" test -d "$REPO" || die "not in a git repo" NV="`git describe --tags`" echo "$NV" | match "^$PKG-" || die "release tag not found" VER="`echo "$NV" | sed "s/^$PKG-//"`" TIMESTAMP="`git log --pretty="%cd" --date=iso -1 \ | tr -d ':-' | tr ' ' . | cut -d. -f 1,2`" VER="`echo "$VER" | sed "s/-.*-/.$TIMESTAMP./"`" BRANCH="`git rev-parse --abbrev-ref HEAD`" test -n "$BRANCH" || die "failed to get current branch name" test master = "${BRANCH}" || VER="${VER}.${BRANCH}" test -z "`git diff HEAD`" || VER="${VER}.dirty" NV="${PKG}-${VER}" printf "\n%s: preparing a release of \033[1;32m%s\033[0m\n\n" "$SELF" "$NV" TMP="`mktemp -d`" trap "echo --- $SELF: removing $TMP... 2>&1; rm -rf '$TMP'" EXIT cd "$TMP" >/dev/null || die "mktemp failed" # clone the repository git clone "$REPO" "$PKG" || die "git clone failed" cd "$PKG" || die "git clone failed" # run tests ( mkdir build && cd build && cmake ../src && make -j && make -j test) \ || die "'make test' has failed" SRC_TAR="${NV}.tar" SRC="${SRC_TAR}.xz" git archive --prefix="$NV/" --format="tar" HEAD -- . > "$SRC_TAR" \ || die "failed to export sources" xz -c "$SRC_TAR" > "$SRC" || die "failed to compress sources" SPEC="./$PKG.spec" cat > "$SPEC" << EOF Name: $PKG Version: $VER Release: 1%{?dist} Summary: PEM file reader for Network Security Services (NSS) License: MPLv1.1 URL: https://github.com/kdudka/nss-pem Source0: https://github.com/kdudka/nss-pem/releases/download/$NV/$SRC BuildRequires: cmake BuildRequires: nss-pkcs11-devel # TODO: make the nss-pem pkg conflict with all nss builds with bundled nss-pem # Conflicts: nss%{?_isa} < XXX %description PEM file reader for Network Security Services (NSS), implemented as a PKCS#11 module. %prep %setup -q %build mkdir build cd build %cmake ../src make %{?_smp_mflags} VERBOSE=yes %install cd build make install DESTDIR=%{buildroot} %check cd build ctest %{?_smp_mflags} --output-on-failure %files %{_libdir}/libnsspem.so %license COPYING EOF set -v rpmbuild -bs "$SPEC" \ --define "_sourcedir ." \ --define "_specdir ." \ --define "_srcrpmdir $DST" nss-pem.git/nss/0000775000000000000000000000000013261107056010716 5ustar nss-pem.git/nss/debian/0000775000000000000000000000000013261141254012136 5ustar nss-pem.git/nss/debian/changelog0000664000000000000000000011660613252671167014035 0ustar nss (2:3.35-2) unstable; urgency=medium * nss/lib/freebl/Makefile: Build Hacl_Poly1305_64.o on arm64. -- Mike Hommey Mon, 29 Jan 2018 13:51:18 +0900 nss (2:3.35-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Mon, 29 Jan 2018 10:59:06 +0900 nss (2:3.34.1-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Fri, 05 Jan 2018 20:15:40 +0900 nss (2:3.34-1) unstable; urgency=medium * New upstream release: - Really build without -maes on i386. Closes: #875694. * debian/libnss3.symbols: Add NSS_3_34 symbol version. -- Mike Hommey Sat, 18 Nov 2017 14:58:01 +0900 nss (2:3.33-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSS_3_33 and NSSUTIL_3.33 symbol versions. -- Mike Hommey Fri, 29 Sep 2017 06:49:26 +0900 nss (2:3.32-2) unstable; urgency=medium * nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc: Fix possibly uninitialized value 'curve'. bz#1389263. Closes: #871691. * lib/freebl/Makefile: Only build gcm.c and rijndael.c with -maes. Closes: #871700. -- Mike Hommey Mon, 28 Aug 2017 07:39:59 +0900 nss (2:3.32-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Thu, 10 Aug 2017 15:29:40 +0900 nss (2:3.31-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSS_3_31 and NSSUTIL_3.31 symbol versions. -- Mike Hommey Sat, 17 Jun 2017 06:41:41 +0900 nss (2:3.30.2-1) experimental; urgency=medium * New upstream release. -- Mike Hommey Fri, 19 May 2017 14:06:03 +0900 nss (2:3.30.1-1) experimental; urgency=medium * New upstream release. -- Mike Hommey Wed, 19 Apr 2017 20:09:48 +0900 nss (2:3.30-1) experimental; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSS_3.30 and NSS_3.30.0.1 symbol versions. -- Mike Hommey Sat, 18 Mar 2017 15:34:23 +0900 nss (2:3.29.1-1) experimental; urgency=medium * New upstream release. -- Mike Hommey Sat, 25 Feb 2017 09:27:44 +0900 nss (2:3.29-1) experimental; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSSUTIL_3.25 symbol version. -- Mike Hommey Mon, 13 Feb 2017 07:42:36 +0900 nss (2:3.28.1-1) experimental; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSS_3.28 symbol version. -- Mike Hommey Sun, 05 Feb 2017 15:01:47 +0900 nss (2:3.27.1-1) experimental; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSS_3.27 symbol version. -- Mike Hommey Sat, 19 Nov 2016 08:29:17 +0900 nss (2:3.26.2-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Sun, 30 Oct 2016 07:20:34 +0900 nss (2:3.26-2) unstable; urgency=medium * debian/libnss3.symbols: SSL_GetCipherSuiteInfo and SSL_GetChannelInfo need newer versions despite the symbol versions. -- Mike Hommey Wed, 21 Sep 2016 10:02:23 +0900 nss (2:3.26-1) unstable; urgency=medium * New upstream release. * debian/watch: Update such that uscan --download-version works. * debian/control, debian/libnss3-1d.*, debian/libnss3.symbols: Remove the libnss3-1d* transitional packages. * debian/rules: - Always set CCC to CXX. Thanks Helmut Grohne. Closes: #806292. - Override KERNEL when cross building for a different OS. Closes: #810579. * debian/control: Split Depends/Build-Depends/Conflicts. Thanks Guido Günther. Closes: #806634. -- Mike Hommey Tue, 16 Aug 2016 16:33:15 +0900 nss (2:3.25-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols, debian/rules: Add the new libfreeblpriv3 library. * debian/libnss3.symbols: Add NSS_3.24 and NSSUTIL_3.24 symbol versions. -- Mike Hommey Wed, 03 Aug 2016 10:23:13 +0900 nss (2:3.23-2) unstable; urgency=medium * debian/control, debian/rules: Leave it to dh_makeshlibs to do the right thing wrt ldconfig. This requires debhelper 9.20160403. Closes: #811124. -- Mike Hommey Sun, 03 Apr 2016 18:29:02 +0900 nss (2:3.23-1) unstable; urgency=medium * New upstream release. * Fixes mfsa2016-{35-36} also known as CVE-2016-1950 and CVE-2016-1979. * debian/control: Bump nspr build dependency to 2:4.12. * debian/libnss3.symbols: Add NSS_3.22 and NSS_3.23 symbol versions. -- Mike Hommey Wed, 09 Mar 2016 13:52:06 +0900 nss (2:3.21-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix FTBFS on x32. Closes: #699217 * Fix FTBFS on hppa. Closes: #808990 -- Adam Borowski Sun, 14 Feb 2016 14:46:40 +0100 nss (2:3.21-1) unstable; urgency=medium * New upstream release. * nss/lib/ssl/sslsock.c: Disable transitional scheme for SSL renegotiation. 5 years after the transition started, it shouldn't be necessary anymore. * nss/lib/ckfw/builtins/certdata.txt: Remove the SPI CA. * nss/lib/util/secload.c: Fix a warning introduced by our patch to this file. * debian/libnss3.symbols: Add NSS_3.21 symbol versions. -- Mike Hommey Wed, 25 Nov 2015 09:18:30 +0900 nss (2:3.20.1-1) unstable; urgency=high * New upstream release. * Fixes mfsa2015-133. also known as CVE-2015-7181 and CVE-2015-7182. -- Mike Hommey Wed, 04 Nov 2015 09:53:32 +0900 nss (2:3.20-1) unstable; urgency=medium * New upstream release. * Removed patch for __DATE__ and __TIME__ references from 2:3.19.1-1 because the parts that matter were applied upstream. * debian/rules: Move USE_64 to common make flags, and always use DEB_HOST_ARCH_BITS since it's even supported by dpkg in oldstable, now. * debian/libnss3.symbols: Add NSS_3.20 symbol versions. -- Mike Hommey Sat, 22 Aug 2015 09:02:11 +0900 nss (2:3.19.2-1) unstable; urgency=medium * New upstream release. * debian/rules: Force set OS_TEST to DEB_HOST_GNU_CPU to avoid it defaulting to `uname -m`. Thanks Helmut Grohne. Closes: #788452 -- Mike Hommey Sun, 21 Jun 2015 06:30:13 +0900 nss (2:3.19.1-2) unstable; urgency=medium * debian/control: Fix Vcs-Git url. * nss/cmd/shlibsign/manifest.mn: Fix missing LIBRARY_VERSION. * nss/cmd/shlibsign/shlibsign.c: Fix shlibsign on arm64. -- Mike Hommey Mon, 01 Jun 2015 16:25:07 +0900 nss (2:3.19.1-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols: - Add NSS_3.19.1 symbol versions. - Reorder and replace *@ with (symver). * debian/rules: - Pass multi-arch dir for NSPR_LIB_DIR. Closes: #722811. - Set umask when calling shlibsign, and rearrange how it's being called. - Build nsinstall separately and set things up for cross-compilations. - Use native shlibsign when cross-compiling. - Do not run FIPS check on cross-builds. * debian/control: Build depend on native libnss3-tools for cross builds. Closes: #682926. * debian/libnss3-tools.manpages, debian/rules: Install the manpages that are now provided upstream. Closes: #505382. * debian/control: Update Vcs-* urls. * debian/control: Bump Standards-Version to 3.9.6.0. No changes required. * nss/lib/ckfw/builtins/binst.c, nss/lib/ckfw/builtins/ckbiver.c, nss/lib/ckfw/builtins/manifest.mn, nss/lib/ckfw/capi/ckcapiver.c, nss/lib/ckfw/capi/manifest.mn, nss/lib/ckfw/nssmkey/ckmkver.c, nss/lib/ckfw/nssmkey/manifest.mn, nss/lib/freebl/freeblver.c, nss/lib/freebl/ldvector.c, nss/lib/freebl/manifest.mn, nss/lib/nss/manifest.mn, nss/lib/nss/nssinit.c, nss/lib/nss/nssver.c, nss/lib/smime/manifest.mn, nss/lib/smime/smimeutil.c, nss/lib/smime/smimever.c, nss/lib/softoken/legacydb/lginit.c, nss/lib/softoken/manifest.mn, nss/lib/softoken/pkcs11.c, nss/lib/softoken/softkver.c, nss/lib/ssl/manifest.mn, nss/lib/ssl/sslcon.c, nss/lib/ssl/sslver.c, nss/lib/util/secoid.c: Remove __DATE__ and __TIME__ references. * nss/cmd/shlibsign/Makefile, nss/cmd/shlibsign/manifest.mn, nss/cmd/shlibsign/shlibsign.c: Fix shlibsign to properly load the sotfoken module. * debian/rules: Remove debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/nss from LD_LIBRARY_PATH when executing shlibsign, which can be done now with the fix above. -- Mike Hommey Mon, 01 Jun 2015 09:47:58 +0900 nss (2:3.19-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSS_3.19 symbol versions. -- Mike Hommey Wed, 13 May 2015 10:47:10 +0900 nss (2:3.18-1) experimental; urgency=medium * New upstream release. Closes: #782874. * debian/libnss3.symbols: Add NSS_3.18 symbol versions. -- Mike Hommey Mon, 20 Apr 2015 08:50:46 +0900 nss (2:3.17.4-1) experimental; urgency=medium * New upstream release. * Acknowledge NMU. -- Mike Hommey Wed, 25 Feb 2015 16:52:33 +0900 nss (2:3.17.2-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix CVE-2014-1569. Closes: #773625. -- Matt Kraai Sun, 21 Dec 2014 19:46:52 -0800 nss (2:3.17.2-1) unstable; urgency=medium * New upstream release. -- Mike Hommey Sat, 18 Oct 2014 13:22:04 +0900 nss (2:3.17.1-1) unstable; urgency=high * New upstream release. - Fixes CVE-2014-1568. - Add support for ppc64el, with a non-broken patch. Closes: #745757. * debian/libnss3.symbols: Add NSSUTIL_3.17.1 symbol versions. -- Mike Hommey Wed, 24 Sep 2014 22:16:32 +0900 nss (2:3.17-1) unstable; urgency=medium * New upstream release. * nss/coreconf/Linux.mk: Actually add support for ppc64el. Closes: #745757. -- Mike Hommey Sun, 24 Aug 2014 08:41:37 +0900 nss (2:3.16.3-1.1) unstable; urgency=low * Non-maintainer upload to delayed. * Add support for ppc64el. Closes: #745757 -- Andreas Barth Mon, 18 Aug 2014 20:01:00 +0000 nss (2:3.16.3-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSS_3.16.2 symbol versions. -- Mike Hommey Sun, 13 Jul 2014 09:24:12 +0900 nss (2:3.16.1-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSS_3.16.1 symbol versions. -- Mike Hommey Sat, 07 Jun 2014 17:24:57 +0900 nss (2:3.16-1) unstable; urgency=medium * New upstream release. * debian/libnss3.symbols: Add NSS_3.16 symbol versions. * nss/lib/ckfw/builtins/certdata.txt: Remove CACert root certificates. -- Mike Hommey Fri, 21 Mar 2014 08:10:24 +0900 nss (2:3.15.4-2) unstable; urgency=high * Upstream release 3.15.4 fixed MFSA-2014-12, also known as CVE-2014-1490 and CVE-2014-1491. Bumping urgency as such. * debian/control, debian/libnss3-nssdb.*, debian/pkcs11.txt, debian/rules: Revert changes from 2:3.15.4-1. Reopens: #537866, Closes: #735329, #736061. -- Mike Hommey Wed, 05 Feb 2014 16:26:06 +0900 nss (2:3.15.4-1) unstable; urgency=low * New upstream release. * Acknowledge NMU. * debian/rules: Avoid long one-liner with semi-colons. * debian/patches/*: Refresh patches. * debian/copyright: Update. Closes: #730428. * debian/control, debian/libnss3-nssdb.*, debian/pkcs11.txt, debian/rules: Add shared cert and key databases. Thanks Timo Aaltonen. Closes: #537866. * debian/rules: Use DEB_HOST_ARCH instead of DEB_BUILD_ARCH. * debian/control: Mark libnss3-dev as Multi-Arch: same. Thanks Shawn Landden. Closes: #682925. * debian/libnss3.symbols: Add NSS_3.15.4 symbol versions. -- Mike Hommey Mon, 13 Jan 2014 10:46:04 +0900 nss (2:3.15.3.1-1.1) unstable; urgency=low * Non-Maintainer Upload - ship extra NSS utilities (Closes: #701141) -- Daniel Kahn Gillmor Sat, 04 Jan 2014 11:34:41 -0500 nss (2:3.15.3.1-1) unstable; urgency=high * New upstream release. - Distrusts AC DG Tresor SSL CA. -- Mike Hommey Sun, 15 Dec 2013 10:09:48 +0900 nss (2:3.15.3-1) unstable; urgency=high * New upstream release. - Fixes CVE-2013-1741, CVE-2013-5605, CVE-2013-5606. -- Mike Hommey Sat, 16 Nov 2013 08:50:45 +0900 nss (2:3.15.2-1) unstable; urgency=low * New upstream release. - Fixes CVE-2013-1739. Closes: #726473. -- Mike Hommey Mon, 21 Oct 2013 08:05:24 +0900 nss (2:3.15.1-1) unstable; urgency=low * New upstream release. * debian/patches/*: Refresh patches. * debian/patches/lower-dhe-priority.patch: Removed, as it was only necessary for Iceweasel 3.5, which is long gone. -- Mike Hommey Mon, 05 Aug 2013 14:41:14 +0900 nss (2:3.15-1) unstable; urgency=low * New upstream release. * debian/patches/*: Refresh patches and removed unused ones. * debian/rules: Adjusted to the new source layout. * debian/libnss3.symbols: Add NSS*_3.15 symbol versions. * debian/control: Bump nspr build dependency. -- Mike Hommey Sat, 15 Jun 2013 19:23:12 +0900 nss (2:3.14.3-1) unstable; urgency=high * New upstream release. - Fixes TLS timing attack (luck 13). Closes: #699888. * debian/libnss3.symbols: Add NSS_3.14.3 symbol version. * debian/control: Unbump sqlite3 build dependency, 3.14.3 lifted the need for sqlite 3.7.15. -- Mike Hommey Sun, 17 Mar 2013 15:01:06 +0100 nss (2:3.14.2-1) unstable; urgency=low * New upstream release. * debian/control: Bump sqlite3 build dependency. * debian/rules: Avoid installing freebl, softokn, nssckbi and nssdbm in two places. * debian/libnss3-1d.lintian-overrides.in: Stop preprocessing, it has nothing to preprocess anymore. * debian/libnss3.lintian-overrides.in: Fix not to contain a reference to the libnss3-1d package. -- Mike Hommey Fri, 15 Feb 2013 10:06:59 +0100 nss (2:3.14.1.with.ckbi.1.93-1) unstable; urgency=low * New upstream release. - Explicitly distrust two intermediate CA certificates mis-issued by TURKTRUST. * debian/patches/95_add_spi+cacert_ca_certs.patch: Refreshed. -- Mike Hommey Fri, 04 Jan 2013 11:16:33 +0100 nss (2:3.14.1-1) unstable; urgency=low * New upstream release. * debian/patches: Removed patches applied upstream, and refreshed the others. * debian/libnss3.symbols: Updated for new symbols. -- Mike Hommey Sun, 23 Dec 2012 17:40:21 +0100 nss (2:3.14-2) unstable; urgency=low * debian/nss-config.in: Fix nss-config when version is in the x.y form instead of x.y.z. -- Mike Hommey Fri, 07 Dec 2012 17:07:05 +0100 nss (2:3.14-1) unstable; urgency=low * New upstream release. * debian/patches: Removed patches applied upstream, and refreshed the others. * debian/libnss3.symbols: Updated for new symbols. -- Mike Hommey Thu, 01 Nov 2012 10:37:39 +0100 nss (2:3.13.6-1) unstable; urgency=low * New upstream release. * debian/rules: Use xz compression for binary packages. Thanks Ansgar Burchardt. Closes: #683835. -- Mike Hommey Fri, 31 Aug 2012 09:56:53 +0200 nss (2:3.13.5-1) unstable; urgency=low * New upstream release. -- Mike Hommey Fri, 15 Jun 2012 09:40:00 +0200 nss (2:3.13.4-3) unstable; urgency=low * debian/rules: Skip epoch when getting upstream version number. -- Mike Hommey Sun, 20 May 2012 07:36:11 +0200 nss (2:3.13.4-2) unstable; urgency=low * debian/control, debian/libnss3*, debian/rules, mozilla/security/coreconf/*, mozilla/security/nss/lib/*/manifest.mn: Move to unversioned library. ABI compatibility is ensured upstream, and the SO version, if it needed a change at any time, would be a change in the library name. There is no reason to keep making compatibility more difficult with other distros and upstream binary releases. While previous versions were one-way compatible (binaries built against other distros or upstream nspr could work on Debian), this approach works both ways. * debian/control: - Bump Standards-Version to 3.9.3.0. No changes required. - Force to build against libnspr4-dev >= 2:4.9 * Removed unapplied patches. * Adding an epoch to match the old libnss3 package that used to be in the Debian archive. -- Mike Hommey Thu, 17 May 2012 09:45:36 +0200 nss (3.13.4-1) unstable; urgency=low * New upstream release. - Changed __GNUC_MINOR__ use in pkcs11n.h. Closes: #650319. * mozilla/security/nss/cmd/certcgi/certcgi.c, mozilla/security/nss/cmd/digest/digest.c, mozilla/security/nss/cmd/signver/pk7print.c: Import patch from Moritz Muehlenhoff for hardened format strings. * debian/make.mk, debian/rules, debian/control: Enable hardening. Closes: #657325. * debian/libnss3-1d.lintian-overrides.in, debian/rules: Use wildcards in lintian override. Closes: #670013. * debian/compat, debian/control: Bump debian/compat to 9. This has the effect of using build-id for debug files, thus Closes: #670015. * debian/libnss3-1d.symbols: Add symbols for /usr/lib/nss/ libraries. -- Mike Hommey Sun, 29 Apr 2012 09:48:58 +0200 nss (3.13.3-1) unstable; urgency=low * New upstream release. * debian/libnss3-1d.symbols: Updated to fit new upstream. -- Mike Hommey Fri, 24 Feb 2012 09:56:10 +0100 nss (3.13.2~beta1-3) experimental; urgency=low * debian/libnss3-1d.symbols: Fix symbol version for the symbol added in -2. -- Mike Hommey Fri, 23 Dec 2011 19:20:23 +0100 nss (3.13.2~beta1-2) experimental; urgency=low * mozilla/security/nss/lib/ssl/*, mozilla/security/nss/cmd/tstclnt/tstclnt.c, mozilla/security/nss/tests/ssl/ssl.sh: Apply patches from bz#542832, required for Iceweasel 11. * debian/libnss3-1d.symbols: Add corresponding symbol. -- Mike Hommey Fri, 23 Dec 2011 17:54:03 +0100 nss (3.13.2~beta1-1) experimental; urgency=low * New upstream snapshot, picked from NSS_3_13_2_BETA1 cvs tag. * debian/libnss3-1d.symbols: Add NSS 3.13.2 symbols. -- Mike Hommey Fri, 23 Dec 2011 16:22:05 +0100 nss (3.13.1.with.ckbi.1.88-1) unstable; urgency=low * New upstream release. - Distrusts malaysian Digicert Sdn. Bhd CA certificate. - Addresses CVE-2011-3640 (Untrusted search path vulnerability). Closes: #647614. * debian/patches/*: Refreshed patches. * debian/libnss3-1d.symbols: Add NSS 3.13 symbols. -- Mike Hommey Sat, 05 Nov 2011 17:05:26 +0100 nss (3.12.11-3) unstable; urgency=high * mozilla/security/nss/lib/ckfw/builtins/certdata.*: Explicitely distrust various DigiNotar CAs: - DigiNotar Root CA - DigiNotar Services 1024 CA - DigiNotar Cyber CA - DigiNotar Cyber CA 2nd - DigiNotar PKIoverheid - DigiNotar PKIoverheid G2 -- Mike Hommey Sat, 03 Sep 2011 09:33:28 +0200 nss (3.12.11-2) unstable; urgency=high * mozilla/security/nss/lib/ckfw/builtins/certdata.*: Remove DigiNotar Root CA. -- Mike Hommey Wed, 31 Aug 2011 08:49:00 +0200 nss (3.12.11-1) unstable; urgency=low * New upstream release. * mozilla/security/nss/lib/ckfw/builtins/certdata.*, * mozilla/security/coreconf/{config,Linux}.mk: Refreshed. * debian/copyright: Update dbm license according to that in the source. Closes: #624310 -- Mike Hommey Fri, 12 Aug 2011 12:45:08 +0200 nss (3.12.10-3) unstable; urgency=low * debian/nss-config.in, debian/nss.pc.in, debian/rules: Return the multiarch path in nss-config and nss.pc. -- Mike Hommey Thu, 21 Jul 2011 18:08:48 +0200 nss (3.12.10-2) unstable; urgency=low * debian/control, debian/libnss3-1d.dirs, debian/libnss3-1d.lintian-overrides.in, debian/libnss3-dev.dirs, debian/libnss3-1d.links.in, debian/libnss3-dev.links.in, debian/rules: Switch to multi-arch while keeping backports easy. Closes: #497088. -- Mike Hommey Mon, 04 Jul 2011 11:24:18 +0200 nss (3.12.10-1) unstable; urgency=low * New upstream release. * mozilla/security/nss/lib/ckfw/builtins/certdata.*: Refreshed. * debian/control: Build depend on libnspr4-dev >= 4.8.8. * debian/libnss3-1d.symbols: Add new symbol version. -- Mike Hommey Wed, 25 May 2011 10:20:59 +0200 nss (3.12.9.with.ckbi.1.82-1) unstable; urgency=low * New upstream release. - Marks fraudulent Comodo certificates as untrusted. * mozilla/security/nss/lib/ckfw/builtins/certdata.*: Refreshed. -- Mike Hommey Thu, 24 Mar 2011 16:37:46 +0100 nss (3.12.9-2) unstable; urgency=low * Upload to unstable. * debian/rules: Fallback to DEB_BUILD_ARCH when dpkg-architecture does't support DEB_BUILD_ARCH_BITS. * debian/control: Lower build depends on dpkg-dev to (>= 1.13.19), which was the previous value. * mozilla/security/nss/lib/freebl/unix_rand.c: We don't need to prevent using netstat for entropy seeding. The seeding will stop before netstat if it could get data from /dev/urandom. * mozilla/security/coreconf/Linux.mk: We shouldn't need to special case mips64 anymore. * mozilla/security/nss/cmd/shlibsign/Makefile, debian/rules: Don't rely on patching the source to not create .chk files during build. -- Mike Hommey Sun, 06 Mar 2011 09:58:41 +0100 nss (3.12.9-1) experimental; urgency=low * New upstream release. -- Mike Hommey Sat, 15 Jan 2011 11:33:35 +0100 nss (3.12.9~beta2-1) experimental; urgency=low * New upstream snapshot, picked from NSS_3_12_9_BETA2 cvs tag. * debian/patches/*: Refresh patches. * debian/libnss3-1d.symbols: Add new symbol versions. * debian/rules: Bump shlibs. -- Mike Hommey Fri, 17 Dec 2010 15:01:31 +0100 nss (3.12.8-1) unstable; urgency=low * New upstream release. * debian/patches/*: Refresh patches. * debian/patches/series: + lower-dhe-priority.patch: Upstream patch from bz#583337 to lower DHE priority. Closes: #592315. -- Mike Hommey Thu, 07 Oct 2010 08:50:48 +0200 nss (3.12.8~b2-1) experimental; urgency=low * New upstream snapshot, picked from NSS_3_12_8_BETA2 cvs tag. * debian/patches/*: Refresh patches. -- Mike Hommey Mon, 23 Aug 2010 18:11:12 +0200 nss (3.12.7-1) unstable; urgency=low * New upstream release. * debian/patches/*: Refresh patches. * debian/control: - Bump Standards-Version to 3.9.1.0. - Build depend on libnspr4-dev >= 4.8.6. * debian/libnss3-1d.symbols: Simplify symbols file and add new symbols. * debian/rules: Bump shlibs. -- Mike Hommey Fri, 06 Aug 2010 13:55:14 +0200 nss (3.12.6-3) unstable; urgency=low * debian/rules: + Sign libnssdbm3.so. Closes: #588806. + Test that the FIPS mode can be properly enabled during build. * debian/control: + Remove conflicts with very old packages. + Bump Standards-Version to 3.9.0.0. -- Mike Hommey Mon, 12 Jul 2010 15:12:24 +0200 nss (3.12.6-2) unstable; urgency=low * debian/patches/series: + 00_ckbi_1.79.patch: New patch to update CKBI to 1.79. + 95_add_spi+cacert_ca_certs.patch: Refreshed against CKBI 1.79. -- Mike Hommey Fri, 09 Apr 2010 10:45:01 +0200 nss (3.12.6-1) unstable; urgency=low * New upstream release. * debian/patches/*: Refresh patches. * debian/libnss3-1d.symbols, debian/rules: Update symbols file with new symbols and bump shlibs. * debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch, debian/patches/series: Enable transitional scheme for ssl renegotiation. Closes: #561918. * debian/control: + Bump Standards-Version to 3.8.4.0. + Drop libnss3-1d dependency on dpkg. The versions it didn't really like were between oldstable and stable. + Don't allow different versions of libnss3-1d, libnss3-1d-dbg and libnss3-tools to be installed at the same time. + Add ${misc:Depends} to libnss3-1d-dbg dependencies. * debian/rules: Revert workaround for gcc 4.4 bug on powerpc with -Os. * debian/rules, debian/control, debian/compat: Simplify debian/rules by using dh. -- Mike Hommey Wed, 17 Mar 2010 20:33:32 +0100 nss (3.12.5-2) unstable; urgency=low * debian/control: + Remove build dependency on autotools-dev, we don't use it. + libnss3-dev depends on libnspr4-dev >= 4.6.6-1. 4.6.6-1 was the first version where the pkg-config file was nspr.pc instead of xulrunner-nspr.pc. Closes: #567134. * debian/patches/96_NSS_VersionCheck.patch, debian/patches/series: Remove runtime check of NSPR version in NSS_VersionCheck, which seems to be pointless. Closes: #567136. -- Mike Hommey Thu, 28 Jan 2010 12:12:35 +0100 nss (3.12.5-1) unstable; urgency=low * New upstream release. * debian/copyright: Modify with new location for the embedded copy of zlib. * debian/patches/*: + Adapt patches to new upstream. + Switch to quilt format * debian/source/format: Switch to 3.0 (quilt) format. * debian/rules, debian/control: Stop using dpatch. * debian/patches/38_intel_aes_executable_stack.patch: Removed. An upstream change in version 3.12.4 obsoleted it. * debian/rules: + Remove DEB_{BUILD,HOST}_* variables, they are not used. + Use DEB_BUILD_ARCH_BITS to determine whether to build with USE_64 or not. + Ship more tools in libnss3-tools. Closes: #526267. + Work around gcc 4.4 bug on powerpc with -Os. + Force non parallel build. There are too many race conditions in the build system to support parallel builds. Closes: #536248. + Bump shlibs. * debian/control: + Bump Standards-Version to 3.8.3.0. + Build-depend on dpkg-dev (>= 1.15.4) for DEB_BUILD_ARCH_BITS. + Stricter dependency between libnss3-dev and libnss3-1d. * debian/libnss3-1d.symbols: + Add new symbols. + Remove debian revision for symbols added in 3.12.4. * debian/patches/38_hurd.patch: Fix FTBFS on Hurd due to PATH_MAX usage in unix_rand.c. Closes: #550995. -- Mike Hommey Fri, 18 Dec 2009 11:48:14 +0100 nss (3.12.4-1) unstable; urgency=low * New upstream release. * debian/patches/38_kbsd.dpatch: + Use CHECK_FORK_PTHREAD on kfreebsd and hurd. Closes: #547301. + Adapt to upstream changes. * debian/patches/95_add_spi+cacert_ca_certs.dpatch, * debian/patches/81_sonames.dpatch: Adapt to upstream changes. * debian/libnss3-1d.symbols: Update symbols file with new symbols. * debian/rules: Bumped shlibs. -- Mike Hommey Sun, 11 Oct 2009 01:26:14 +0200 nss (3.12.3.1-1) unstable; urgency=low * New upstream release. * debian/patches/95_add_spi+cacert_ca_certs.dpatch, Adapted to upstream changes. -- Mike Hommey Fri, 21 Aug 2009 23:47:24 +0200 nss (3.12.3-1) unstable; urgency=low * New upstream release. * debian/watch: Updated to catch new upstream .bz2 tarballs. * debian/copyright: Add information about mozilla/security/corecond/mkdepend. * debian/patches/38_hurd.dpatch, debian/patches/38_kbsd.dpatch: Adapted to upstream changes. * debian/patches/85_security_load.dpatch: Load libsoftokn3.so from /usr/lib/nss when unable to load it from standard ld.so paths in shlibsign. * debian/rules: + Add debian/libnss3-1d/usr/lib/nss to LD_LIBRARY_PATH when running shlibsign during build. + Bumped shlibs. * debian/libnss3-1d.symbols: Update symbols file with new symbols. * debian/control: + Bumped Standards-Version to 3.8.1.0. No changes needed. + Put the libnss3-1d-dbg package in the "debug" section. + Correct libnss3-1d-dbg short description. + Remove redundant section on libnss3-1d. + Build-depend on proper version of debhelper for dh_lintian. * debian/*.lintian-overrides, debian/rules: Install some Lintian overrides with dh_lintian. * debian/patches/38_intel_aes_executable_stack.dpatch: Indicate that we don't need executable stack in intel-aes.s. * debian/patches/00list: Updated accordingly. -- Mike Hommey Sat, 18 Apr 2009 09:37:31 +0200 nss (3.12.2.with.ckbi.1.73-2) unstable; urgency=low * mozilla/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.h: Apply patch from upstream to fix alignment issues on sparc and ia64. Closes: #509930. -- Mike Hommey Mon, 06 Apr 2009 20:24:01 +0200 nss (3.12.2.with.ckbi.1.73-1) unstable; urgency=low * debian/patches/38_kbsd.dpatch: Brown paper bag fix for regression in previous release that led to FTBFS on i386 only. Closes: #513101. Thanks Steffen Joeris, Sebastian Andrzej Siewior and Petr Salinger. * debian/patches/95_add_spi+cacert_ca_certs.dpatch, debian/patches/80_security_tools.dpatch: Adapted to upstream changes. * debian/libnss3-1d.symbols: Update symbols file with new symbols. * debian/rules: Bumped shlibs. -- Mike Hommey Sat, 31 Jan 2009 16:41:26 +0100 nss (3.12.1-1) unstable; urgency=low * New upstream release. * debian/patches/95_add_spi+cacert_ca_certs.dpatch, debian/patches/38_mips64_build.dpatch, debian/patches/38_kbsd.dpatch: Adapted to upstream changes. * debian/libnss3-1d.symbols: Update symbols file with new symbols. * debian/rules: Bumped shlibs. -- Mike Hommey Sat, 20 Dec 2008 12:11:28 +0100 nss (3.12.0-5) unstable; urgency=low * debian/control: + Conflict with libnss3-0d >= 3.11.5, that has conflicting files in /usr/lib/nss. Older versions (those from etch) don't conflict. This makes updates from old testing smoother. Closes: #492332. + Build-depend on libsqlite3-dev >= 3.3.9, since API introduced in this version is used. Closes: #493191. -- Mike Hommey Sun, 03 Aug 2008 09:42:03 +0200 nss (3.12.0-4) unstable; urgency=low * debian/control: Remove conflict with libnss3-0d, it was only useful when libnss3-0d was a transitional package. Closes: #490995. -- Mike Hommey Wed, 16 Jul 2008 21:29:19 +0200 nss (3.12.0-3) unstable; urgency=low * debian/rules: + Enable ECC cypher suite. Closes: #490826. + Build with the same optimization level as upstream. -- Mike Hommey Mon, 14 Jul 2008 17:35:25 +0200 nss (3.12.0-2) unstable; urgency=low * debian/patches/95_add_spi+cacert_ca_certs.dpatch: + Add CAcert root and class 3 certificates to nssckbi module. + Add SPI Inc. certificate to nssckbi module. Thanks to Martin F Krafft for these. Closes: #309564. * debian/patches/00list: Updated accordingly. -- Mike Hommey Sat, 12 Jul 2008 18:26:09 +0200 nss (3.12.0-1) unstable; urgency=low * New upstream release. * debian/patches/92_ocsp.dpatch: Removed, as applied upstream. * debian/patches/00list: Updated accordingly. * debian/control: + Bumped Standards-Version to 3.8.0.1. No changes needed. + Added Vcs-Browser and Vcs-Git fields. + libnss3-dev don't need explicit version dependency on libnss3-1d. + libnss3-dev depends on libnspr4-dev. Closes: #488402. + Make the -dbg package less a hassle for manual installations with dpkg. + libnss3-1d depends on version of dpkg that either don't support symbols files or has fix for #474079. * debian/patches/85_security_load.dpatch: Load files from /usr/lib/nss if given reference path is only a filename, which happens when freebl is statically linked in a binary executable, such as signtool, and the executable is run from $PATH. When the executable is run using a full path, we must replace /bin/ in the path with /lib/ to find the libraries. Closes: #483774. * debian/libnss3-1d.symbols: Re-enable symbols file. -- Mike Hommey Sat, 05 Jul 2008 10:19:53 +0200 nss (3.12.0~rc3-3) unstable; urgency=low * debian/control: Make libnss3-0d conflict with old libnss3, which can still be installed on some systems, though it hasn't been in the archive since sarge. Closes: #485080. -- Mike Hommey Sun, 08 Jun 2008 14:11:13 +0200 nss (3.12.0~rc3-2) unstable; urgency=low * debian/patches/92_ocsp.dpatch: Apply patches from bz433594 and bz#433386, which are applied in upstream RC4 (and are the only changes), to fix crashes under some conditions with OCSP checks. * debian/patches/00list: Updated accordingly. * debian/libnss3-dev.links, debian/libnss3-1d.links: Don't install so files in the -dev package but in the library package. It will allow external applications linked against upstream nss to work on Debian with system nss libraries, and will avoid all browsers to have to implement symlinks themselves to allow some external plugins to work properly. * debian/control: Make libnss3-1d conflict with older versions of libnss3-dev and libnss3-dev need newer libnss3-1d accordingly. -- Mike Hommey Sat, 07 Jun 2008 11:57:55 +0200 nss (3.12.0~rc3-1) unstable; urgency=low * New upstream snapshot, picked from NSS_3_12_RC3 cvs tag. -- Mike Hommey Sun, 11 May 2008 16:58:17 +0200 nss (3.12.0~beta3-1) unstable; urgency=low * New upstream snapshot, picked from NSS_3_12_BETA3 cvs tag. * debian/control: Turn Homepage indications in descriptions into a control field. * debian/patches/91_build_pwdecrypt.dpatch: Enable building and installing pwdecrypt. Thanks Paul Wise. Closes: #472303. * debian/patches/00list: Updated accordingly. * debian/libnss3-1d.symbols: Update symbols file with new symbols and rename the file, so that it isn't used, as a workaround to #474079. Closes: #474007. * debian/rules: Bumped shlibs. -- Mike Hommey Tue, 08 Apr 2008 21:23:53 +0200 nss (3.12.0~beta2-1) unstable; urgency=low * New upstream snapshot, picked from NSS_3_12_BETA2 cvs tag. * debian/patches/10_3.11.7_symbol_fix.dpatch: Removed, as applied upstream. * debian/patches/38_kbsd.dpatch: Adapted to upstream changes. * debian/patches/81_sonames.dpatch: Add SO_VERSION to libnssutil3. * debian/libnss3-dev.links: Add link for libnssutil3. * debian/libnss3-1d.symbols: Update symbols file with new symbols. Note that SEC_StringToOID disappeared (well, was moved to nssutil), compared to version 3.12.0~1.9b1, but it was a new symbol, and isn't used anywhere. * debian/nss.pc.in, debian/nss-config.in: Add libnssutil3 support. * debian/rules: + Bumped shlibs. + Don't generate libsoftokn3.so.0d. * debian/control: + Remove transitional libnss3-0d package. + Bumped Standards-Version to 3.7.3.0. No changes needed. + Build depend on libnspr4-dev >= 4.7.0 (we *do* need the RTM version, and not the preceding betas) * debian/libnss3-0d.*: Removed. * debian/patches/85_security_load.dpatch: Load files from $ORIGIN/nss before those of $ORIGIN. Closes: #469079. * debian/patches/38_hurd.dpatch: Fix FTBFS on Hurd because of MAXPATHLEN. Closes: #419529. * debian/patches/00list: Updated accordingly. -- Mike Hommey Fri, 07 Mar 2008 21:27:54 +0100 nss (3.12.0~1.9b1-2) unstable; urgency=low * debian/control: libnss3-1-dbg needs to conflict with older libnss3-0d-dbg, as it overwrites so of its files. Closes: #455875. * debian/patches/90_realpath.dpatch: Use realpath() in loader_GetOriginalPathname, so that symlinks are properly followed when determining where the current library lives. * debian/patches/00list: Updated accordingly. * debian/patches/85_security_load.dpatch: When the module given by the caller contains a directory name, remove it so that the module can be properly loaded. Closes: #456296. -- Mike Hommey Sun, 16 Dec 2007 11:06:03 +0100 nss (3.12.0~1.9b1-1) unstable; urgency=low * New upstream snapshot, picked from FIREFOX_3_0b1_RELEASE cvs tag. * debian/copyright: Add licensing information about the recently added sqlite copy in the source tree. * debian/control: + Build depend on libsqlite3-dev. + Rename all -0d packages to -1d, but keep a transitional -0d package, since all libraries are compatible (except for the removed one). + Make libnss3-1d conflict with older libnss3-0d. * debian/patches/38_kbsd.dpatch, debian/patches/81_sonames.dpatch: Adapted to upstream changes. * debian/patches/81_sonames.dpatch: + Remove SO version from libsoftokn3, now it is not linked against anymore, but dlloaded. + Remove the hacks to have shlibsign and the signature verification code handle the SO version in the file name. + Bump SO version to 1d. * debian/rules: + Add NSS_USE_SYSTEM_SQLITE=1 to the make options. + Install libsoftokn3 and the new libnssdbm3 in /usr/lib/nss. + Run shlibsign on libsoftokn3 in /usr/lib/nss, without a SO version. + For some reason, build-stamp was missing in install-stamp dependencies. + Bumped shlibs because of new symbols, and pass -c4 to dpkg-gensymbols, so that it fails in all cases where the symbols file is not up to date. + Adapt upstream version pattern matching so that the ~1.9b1 part is removed. + Install .1d libraries in -1d packages. + Create a dummy libsoftokn3.so.0d library, installed in the libnss3-0d package. * debian/libnss3-0d.links: + Remove links in /usr/lib/xulrunner. The workaround they were implementing is going to be done another way. + Add .0d links to .1d libraries. * debian/libnss3-dev.links: + Don't put a symlink for libsoftokn3. + .so files now link to .1d libraries. * debian/patches/80_security_build.dpatch: Remove the hack to load libfreebl from /usr/lib/nss. * debian/patches/85_security_load.dpatch: Load modules from $ORIGIN/nss. * debian/patches/10_3.11.7_symbol_fix.dpatch: Fix a symbol version. Stolen from bz#325672. * debian/patches/00list: Updated accordingly. * debian/libnss3-0d.dirs: Renamed to libnss3-1d.dirs. -- Mike Hommey Sat, 08 Dec 2007 10:53:02 +0100 nss (3.11.7-1) unstable; urgency=low * New upstream release, picked from NSS_3_11_7_RTM cvs tag. * debian/patches/38_kbsd.dpatch: Also add support for the Hurd. Closes: #419529. * debian/rules: + Don't fail on clean with unpatched ruleset. Closes: #421542. + Bumped shlibs because of new symbols. * debian/patches/81_sonames.dpatch: Adapted to upstream changes. -- Mike Hommey Sun, 01 Jul 2007 11:29:06 +0200 nss (3.11.5-3) unstable; urgency=low * Upload to unstable. -- Mike Hommey Mon, 09 Apr 2007 20:37:25 +0200 nss (3.11.5-2) experimental; urgency=low * debian/rules: + Cleaner way to set the NSPR location. + Install libcrmf.a files in libnss3-dev. + binary-indep now does nothing. * debian/control: Make libnss3-dev an Arch: any package. * debian/nss.pc.in: + Remove libsoftokn3 from ld libraries. + Improvement in directories setting. * debian/libnss3-dev.dirs: Create /usr/bin. * debian/nss-config.in, debian/rules: Install a nss-config script into libnss3-dev. -- Mike Hommey Tue, 27 Mar 2007 20:41:11 +0200 nss (3.11.5-1) experimental; urgency=low * Initial release. (Closes: #416151) -- Mike Hommey Sun, 25 Mar 2007 23:56:17 +0200 nss-pem.git/nss/debian/compat0000664000000000000000000000000213252671167013347 0ustar 9 nss-pem.git/nss/debian/control0000664000000000000000000000625713252671167013566 0ustar Source: nss Section: libs Priority: optional Maintainer: Maintainers of Mozilla-related packages Uploaders: Mike Hommey Build-Depends: debhelper (>= 9.20160403), dpkg-dev (>= 1.17.14), libnspr4-dev (>= 2:4.12), zlib1g-dev, libsqlite3-dev (>= 3.3.9), libnss3-tools:native (>= 2:3.19-1-1~) Standards-Version: 3.9.6.0 Homepage: http://www.mozilla.org/projects/security/pki/nss/ Vcs-Git: https://anonscm.debian.org/git/pkg-mozilla/nss.git Vcs-Browser: https://anonscm.debian.org/cgit/pkg-mozilla/nss.git Package: libnss3 Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} Conflicts: libnss3-1d (<< 2:3.13.4-2) Multi-Arch: ${misc:Multi-Arch} Description: Network Security Service libraries This is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It can support SSLv2 and v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and other security standards. Package: libnss3-tools Section: admin Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: Network Security Service tools This is a set of tools on top of the Network Security Service libraries. This package includes: * certutil: manages certificate and key databases (cert7.db and key3.db) * modutil: manages the database of PKCS11 modules (secmod.db) * pk12util: imports/exports keys and certificates between the cert/key databases and files in PKCS12 format. * shlibsign: creates .chk files for use in FIPS mode. * signtool: creates digitally-signed jar archives containing files and/or code. * ssltap: proxy requests for an SSL server and display the contents of the messages exchanged between the client and server. Homepage: http://www.mozilla.org/projects/security/pki/nss/tools/ Package: libnss3-dev Section: libdevel Architecture: any Depends: ${misc:Depends}, libnss3 (= ${binary:Version}), libnspr4-dev (>= 4.6.6-1) Multi-Arch: ${misc:Multi-Arch} Description: Development files for the Network Security Service libraries This is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It can support SSLv2 and v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and other security standards. . Install this package if you wish to develop your own programs using the Network Security Service Libraries. Package: libnss3-dbg Section: debug Priority: extra Architecture: any Depends: ${misc:Depends}, libnss3 (= ${binary:Version}) | libnss3-tools (= ${binary:Version}) Conflicts: libnss3 (<< ${binary:Version}), libnss3 (>> ${binary:Version}), libnss3-tools (<< ${binary:Version}), libnss3-tools (>> ${binary:Version}) Multi-Arch: ${misc:Multi-Arch} Description: Debugging symbols for the Network Security Service libraries This is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It can support SSLv2 and v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and other security standards. . This package provides the debugging symbols for the library. nss-pem.git/nss/debian/copyright0000664000000000000000000006275413252671167014122 0ustar This package was debianized by Mike Hommey on Sun, 25 Mar 2007 19:36:42 +0200. It was downloaded from http://ftp.mozilla.org/pub/mozilla.org/security/nss/ Upstream Author: The Mozilla Project. The NSS library is licensed under the terms of the Mozilla Public License version 2.0, which terms can be found further below. The original code is copyright (c) 1994-2000 Netscape Communications Corporation. Some external libraries are also provided in the source tree with the following licensing terms: === zlib The nss/lib/zlib directory is licensed under the following terms: (C) 1995-2004 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. Jean-loup Gailly Mark Adler jloup@gzip.org madler@alumni.caltech.edu If you use the zlib library in a product, we would appreciate *not* receiving lengthy legal documents to sign. The sources are provided for free but without warranty of any kind. The library has been entirely written by Jean-loup Gailly and Mark Adler; it does not include third-party code. If you redistribute modified sources, we would appreciate that you include in the file ChangeLog history information documenting your changes. Please read the FAQ for more information on the distribution of modified source versions. === dbm The nss/lib/dbm directory, with few exceptions, is licensed under the following terms: Copyright (c) 1991, 1993, 1994 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. ***REMOVED*** - see ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change" 4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. === sqlite The nss/lib/sqlite/sqlite3.[ch] files contain a copy of sqlite with the following licensing terms: The author disclaims copyright to this source code. In place of a legal notice, here is a blessing: May you do good and not evil. May you find forgiveness for yourself and forgive others. May you share freely, never taking more than you give. === mkdepend The nss/coreconf/mkdepend directory contains a copy of mkdepend with the following licensing terms: cppsetup.c, def.h, include.c, main.c, mkdepend.man, parse.c, pr.c: Copyright (c) 1993, 1994, 1998 The Open Group Permission to use, copy, modify, distribute, and sell this software and its documentation for any purpose is hereby granted without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation. The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name of The Open Group shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization from The Open Group. ifparser.[ch]: Copyright 1992 Network Computing Devices, Inc. Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Network Computing Devices may not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. Network Computing Devices makes no representations about the suitability of this software for any purpose. It is provided ``as is'' without express or implied warranty. NETWORK COMPUTING DEVICES DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL NETWORK COMPUTING DEVICES BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. imakemdep.h: Copyright (c) 1993, 1994 X Consortium Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name of the X Consortium shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization from the X Consortium. === MPL Note on GPL Compatibility ------------------------- The MPL 2, section 3.3, permits you to combine NSS with code under the GNU General Public License (GPL) version 2, or any later version of that license, to make a Larger Work, and distribute the result under the GPL. The only condition is that you must also make NSS, and any changes you have made to it, available to recipients under the terms of the MPL 2 also. Anyone who receives the combined code from you does not have to continue to dual licence in this way, and may, if they wish, distribute under the terms of either of the two licences - either the MPL alone or the GPL alone. However, we discourage people from distributing copies of NSS under the GPL alone, because it means that any improvements they make cannot be reincorporated into the main version of NSS. There is never a need to do this for license compatibility reasons. Note on LGPL Compatibility -------------------------- The above also applies to combining MPLed code in a single library with code under the GNU Lesser General Public License (LGPL) version 2.1, or any later version of that license. If the LGPLed code and the MPLed code are not in the same library, then the copyleft coverage of the two licences does not overlap, so no issues arise. Mozilla Public License Version 2.0 ================================== 1. Definitions -------------- 1.1. "Contributor" means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software. 1.2. "Contributor Version" means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor's Contribution. 1.3. "Contribution" means Covered Software of a particular Contributor. 1.4. "Covered Software" means Source Code Form to which the initial Contributor has attached the notice in Exhibit A, the Executable Form of such Source Code Form, and Modifications of such Source Code Form, in each case including portions thereof. 1.5. "Incompatible With Secondary Licenses" means (a) that the initial Contributor has attached the notice described in Exhibit B to the Covered Software; or (b) that the Covered Software was made available under the terms of version 1.1 or earlier of the License, but not also under the terms of a Secondary License. 1.6. "Executable Form" means any form of the work other than Source Code Form. 1.7. "Larger Work" means a work that combines Covered Software with other material, in a separate file or files, that is not Covered Software. 1.8. "License" means this document. 1.9. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently, any and all of the rights conveyed by this License. 1.10. "Modifications" means any of the following: (a) any file in Source Code Form that results from an addition to, deletion from, or modification of the contents of Covered Software; or (b) any new file in Source Code Form that contains any Covered Software. 1.11. "Patent Claims" of a Contributor means any patent claim(s), including without limitation, method, process, and apparatus claims, in any patent Licensable by such Contributor that would be infringed, but for the grant of the License, by the making, using, selling, offering for sale, having made, import, or transfer of either its Contributions or its Contributor Version. 1.12. "Secondary License" means either the GNU General Public License, Version 2.0, the GNU Lesser General Public License, Version 2.1, the GNU Affero General Public License, Version 3.0, or any later versions of those licenses. 1.13. "Source Code Form" means the form of the work preferred for making modifications. 1.14. "You" (or "Your") means an individual or a legal entity exercising rights under this License. For legal entities, "You" includes any entity that controls, is controlled by, or is under common control with You. For purposes of this definition, "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. 2. License Grants and Conditions -------------------------------- 2.1. Grants Each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license: (a) under intellectual property rights (other than patent or trademark) Licensable by such Contributor to use, reproduce, make available, modify, display, perform, distribute, and otherwise exploit its Contributions, either on an unmodified basis, with Modifications, or as part of a Larger Work; and (b) under Patent Claims of such Contributor to make, use, sell, offer for sale, have made, import, and otherwise transfer either its Contributions or its Contributor Version. 2.2. Effective Date The licenses granted in Section 2.1 with respect to any Contribution become effective for each Contribution on the date the Contributor first distributes such Contribution. 2.3. Limitations on Grant Scope The licenses granted in this Section 2 are the only rights granted under this License. No additional rights or licenses will be implied from the distribution or licensing of Covered Software under this License. Notwithstanding Section 2.1(b) above, no patent license is granted by a Contributor: (a) for any code that a Contributor has removed from Covered Software; or (b) for infringements caused by: (i) Your and any other third party's modifications of Covered Software, or (ii) the combination of its Contributions with other software (except as part of its Contributor Version); or (c) under Patent Claims infringed by Covered Software in the absence of its Contributions. This License does not grant any rights in the trademarks, service marks, or logos of any Contributor (except as may be necessary to comply with the notice requirements in Section 3.4). 2.4. Subsequent Licenses No Contributor makes additional grants as a result of Your choice to distribute the Covered Software under a subsequent version of this License (see Section 10.2) or under the terms of a Secondary License (if permitted under the terms of Section 3.3). 2.5. Representation Each Contributor represents that the Contributor believes its Contributions are its original creation(s) or it has sufficient rights to grant the rights to its Contributions conveyed by this License. 2.6. Fair Use This License is not intended to limit any rights You have under applicable copyright doctrines of fair use, fair dealing, or other equivalents. 2.7. Conditions Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in Section 2.1. 3. Responsibilities ------------------- 3.1. Distribution of Source Form All distribution of Covered Software in Source Code Form, including any Modifications that You create or to which You contribute, must be under the terms of this License. You must inform recipients that the Source Code Form of the Covered Software is governed by the terms of this License, and how they can obtain a copy of this License. You may not attempt to alter or restrict the recipients' rights in the Source Code Form. 3.2. Distribution of Executable Form If You distribute Covered Software in Executable Form then: (a) such Covered Software must also be made available in Source Code Form, as described in Section 3.1, and You must inform recipients of the Executable Form how they can obtain a copy of such Source Code Form by reasonable means in a timely manner, at a charge no more than the cost of distribution to the recipient; and (b) You may distribute such Executable Form under the terms of this License, or sublicense it under different terms, provided that the license for the Executable Form does not attempt to limit or alter the recipients' rights in the Source Code Form under this License. 3.3. Distribution of a Larger Work You may create and distribute a Larger Work under terms of Your choice, provided that You also comply with the requirements of this License for the Covered Software. If the Larger Work is a combination of Covered Software with a work governed by one or more Secondary Licenses, and the Covered Software is not Incompatible With Secondary Licenses, this License permits You to additionally distribute such Covered Software under the terms of such Secondary License(s), so that the recipient of the Larger Work may, at their option, further distribute the Covered Software under the terms of either this License or such Secondary License(s). 3.4. Notices You may not remove or alter the substance of any license notices (including copyright notices, patent notices, disclaimers of warranty, or limitations of liability) contained within the Source Code Form of the Covered Software, except that You may alter any license notices to the extent required to remedy known factual inaccuracies. 3.5. Application of Additional Terms You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Software. However, You may do so only on Your own behalf, and not on behalf of any Contributor. You must make it absolutely clear that any such warranty, support, indemnity, or liability obligation is offered by You alone, and You hereby agree to indemnify every Contributor for any liability incurred by such Contributor as a result of warranty, support, indemnity or liability terms You offer. You may include additional disclaimers of warranty and limitations of liability specific to any jurisdiction. 4. Inability to Comply Due to Statute or Regulation --------------------------------------------------- If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Software due to statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible; and (b) describe the limitations and the code they affect. Such description must be placed in a text file included with all distributions of the Covered Software under this License. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it. 5. Termination -------------- 5.1. The rights granted under this License will terminate automatically if You fail to comply with any of its terms. However, if You become compliant, then the rights granted under this License from a particular Contributor are reinstated (a) provisionally, unless and until such Contributor explicitly and finally terminates Your grants, and (b) on an ongoing basis, if such Contributor fails to notify You of the non-compliance by some reasonable means prior to 60 days after You have come back into compliance. Moreover, Your grants from a particular Contributor are reinstated on an ongoing basis if such Contributor notifies You of the non-compliance by some reasonable means, this is the first time You have received notice of non-compliance with this License from such Contributor, and You become compliant prior to 30 days after Your receipt of the notice. 5.2. If You initiate litigation against any entity by asserting a patent infringement claim (excluding declaratory judgment actions, counter-claims, and cross-claims) alleging that a Contributor Version directly or indirectly infringes any patent, then the rights granted to You by any and all Contributors for the Covered Software under Section 2.1 of this License shall terminate. 5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or Your distributors under this License prior to termination shall survive termination. ************************************************************************ * * * 6. Disclaimer of Warranty * * ------------------------- * * * * Covered Software is provided under this License on an "as is" * * basis, without warranty of any kind, either expressed, implied, or * * statutory, including, without limitation, warranties that the * * Covered Software is free of defects, merchantable, fit for a * * particular purpose or non-infringing. The entire risk as to the * * quality and performance of the Covered Software is with You. * * Should any Covered Software prove defective in any respect, You * * (not any Contributor) assume the cost of any necessary servicing, * * repair, or correction. This disclaimer of warranty constitutes an * * essential part of this License. No use of any Covered Software is * * authorized under this License except under this disclaimer. * * * ************************************************************************ ************************************************************************ * * * 7. Limitation of Liability * * -------------------------- * * * * Under no circumstances and under no legal theory, whether tort * * (including negligence), contract, or otherwise, shall any * * Contributor, or anyone who distributes Covered Software as * * permitted above, be liable to You for any direct, indirect, * * special, incidental, or consequential damages of any character * * including, without limitation, damages for lost profits, loss of * * goodwill, work stoppage, computer failure or malfunction, or any * * and all other commercial damages or losses, even if such party * * shall have been informed of the possibility of such damages. This * * limitation of liability shall not apply to liability for death or * * personal injury resulting from such party's negligence to the * * extent applicable law prohibits such limitation. Some * * jurisdictions do not allow the exclusion or limitation of * * incidental or consequential damages, so this exclusion and * * limitation may not apply to You. * * * ************************************************************************ 8. Litigation ------------- Any litigation relating to this License may be brought only in the courts of a jurisdiction where the defendant maintains its principal place of business and such litigation shall be governed by laws of that jurisdiction, without reference to its conflict-of-law provisions. Nothing in this Section shall prevent a party's ability to bring cross-claims or counter-claims. 9. Miscellaneous ---------------- This License represents the complete agreement concerning the subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not be used to construe this License against a Contributor. 10. Versions of the License --------------------------- 10.1. New Versions Mozilla Foundation is the license steward. Except as provided in Section 10.3, no one other than the license steward has the right to modify or publish new versions of this License. Each version will be given a distinguishing version number. 10.2. Effect of New Versions You may distribute the Covered Software under the terms of the version of the License under which You originally received the Covered Software, or under the terms of any subsequent version published by the license steward. 10.3. Modified Versions If you create software not governed by this License, and you want to create a new license for such software, you may create and use a modified version of this License if you rename the license and remove any references to the name of the license steward (except to note that such modified license differs from this License). 10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses If You choose to distribute Source Code Form that is Incompatible With Secondary Licenses under the terms of this version of the License, the notice described in Exhibit B of this License must be attached. Exhibit A - Source Code Form License Notice ------------------------------------------- This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. If it is not possible or desirable to put the notice in a particular file, then You may include the notice in a location (such as a LICENSE file in a relevant directory) where a recipient would be likely to look for such a notice. You may add additional accurate notices of copyright ownership. Exhibit B - "Incompatible With Secondary Licenses" Notice --------------------------------------------------------- This Source Code Form is "Incompatible With Secondary Licenses", as defined by the Mozilla Public License, v. 2.0. nss-pem.git/nss/debian/libnss3-dbg.lintian-overrides0000664000000000000000000000024613252671167017642 0ustar # License says GPL 2 or subsequent, so pointing to the latest version is fine libnss3-dbg: copyright-refers-to-versionless-license-file usr/share/common-licenses/GPL nss-pem.git/nss/debian/libnss3-dev.dirs0000664000000000000000000000003013252671167015156 0ustar usr/bin usr/include/nss nss-pem.git/nss/debian/libnss3-dev.links.in0000664000000000000000000000014613252671167015752 0ustar usr/lib/@DEB_HOST_MULTIARCH@/pkgconfig/nss.pc usr/lib/@DEB_HOST_MULTIARCH@/pkgconfig/xulrunner-nss.pc nss-pem.git/nss/debian/libnss3-dev.lintian-overrides0000664000000000000000000000024613252671167017664 0ustar # License says GPL 2 or subsequent, so pointing to the latest version is fine libnss3-dev: copyright-refers-to-versionless-license-file usr/share/common-licenses/GPL nss-pem.git/nss/debian/libnss3-tools.dirs0000664000000000000000000000001013252671167015536 0ustar usr/bin nss-pem.git/nss/debian/libnss3-tools.lintian-overrides0000664000000000000000000000025013252671167020241 0ustar # License says GPL 2 or subsequent, so pointing to the latest version is fine libnss3-tools: copyright-refers-to-versionless-license-file usr/share/common-licenses/GPL nss-pem.git/nss/debian/libnss3-tools.manpages0000664000000000000000000000001513252671167016375 0ustar dist/man/*.1 nss-pem.git/nss/debian/libnss3.lintian-overrides.in0000664000000000000000000000143413252671167017515 0ustar # ABI compatibility is ensured upstream, and the SO version, if it needed # a change at any time, would be a change in the library name. There is # no reason to make compatibility more difficult with other distros and # upstream binary releases. libnss3: shlib-without-versioned-soname usr/lib/@DEB_HOST_MULTIARCH_WC@/libnss3.so libnss3.so libnss3: shlib-without-versioned-soname usr/lib/@DEB_HOST_MULTIARCH_WC@/libssl3.so libssl3.so libnss3: shlib-without-versioned-soname usr/lib/@DEB_HOST_MULTIARCH_WC@/libnssutil3.so libnssutil3.so libnss3: shlib-without-versioned-soname usr/lib/@DEB_HOST_MULTIARCH_WC@/libsmime3.so libsmime3.so # License says GPL 2 or subsequent, so pointing to the latest version is fine libnss3: copyright-refers-to-versionless-license-file usr/share/common-licenses/GPL nss-pem.git/nss/debian/libnss3.symbols0000664000000000000000000001073513252671167015146 0ustar libfreebl3.so libnss3 #MINVER# (symver)NSSRAWHASH_3.12.3 2:3.13.4-2~ (symver)NSSprivate_3.11 2:3.13.4-2~ libfreeblpriv3.so libnss3 #MINVER# (symver)NSSprivate_3.11 2:3.24 (symver)NSSprivate_3.16 2:3.24 libnss3.so libnss3 #MINVER# CERT_EncodeSubjectKeyID@NSS_3.12 2:3.13.4-2~ CERT_GetClassicOCSPDisabledPolicy@NSS_3.12 2:3.13.4-2~ CERT_GetClassicOCSPEnabledHardFailurePolicy@NSS_3.12 2:3.13.4-2~ CERT_GetClassicOCSPEnabledSoftFailurePolicy@NSS_3.12 2:3.13.4-2~ CERT_GetPKIXVerifyNistRevocationPolicy@NSS_3.12 2:3.13.4-2~ CERT_GetUsePKIXForValidation@NSS_3.12 2:3.13.4-2~ CERT_GetValidDNSPatternsFromCert@NSS_3.12 2:3.13.4-2~ CERT_NewTempCertificate@NSS_3.12 2:3.13.4-2~ CERT_SetOCSPTimeout@NSS_3.12 2:3.13.4-2~ CERT_SetUsePKIXForValidation@NSS_3.12 2:3.13.4-2~ HASH_GetType@NSS_3.12 2:3.13.4-2~ (symver)NSS_3.10 2:3.13.4-2~ (symver)NSS_3.10.2 2:3.13.4-2~ (symver)NSS_3.11 2:3.13.4-2~ (symver)NSS_3.11.1 2:3.13.4-2~ (symver)NSS_3.11.2 2:3.13.4-2~ (symver)NSS_3.11.7 2:3.13.4-2~ (symver)NSS_3.11.9 2:3.13.4-2~ (symver)NSS_3.12 2:3.13.4-2~ (symver)NSS_3.12.1 2:3.13.4-2~ (symver)NSS_3.12.10 2:3.13.4-2~ (symver)NSS_3.12.3 2:3.13.4-2~ (symver)NSS_3.12.4 2:3.13.4-2~ (symver)NSS_3.12.5 2:3.13.4-2~ (symver)NSS_3.12.6 2:3.13.4-2~ (symver)NSS_3.12.7 2:3.13.4-2~ (symver)NSS_3.12.9 2:3.13.4-2~ (symver)NSS_3.13 2:3.13.4-2~ (symver)NSS_3.13.2 2:3.13.4-2~ (symver)NSS_3.14 2:3.14 (symver)NSS_3.14.1 2:3.14.1~beta2 (symver)NSS_3.14.3 2:3.14.3 (symver)NSS_3.15 2:3.15 (symver)NSS_3.15.4 2:3.15.4 (symver)NSS_3.16.1 2:3.16.1 (symver)NSS_3.16.2 2:3.16.2 (symver)NSS_3.18 2:3.18 (symver)NSS_3.19 2:3.19 (symver)NSS_3.19.1 2:3.19.1 (symver)NSS_3.2 2:3.13.4-2~ (symver)NSS_3.2.1 2:3.13.4-2~ (symver)NSS_3.21 2:3.21 (symver)NSS_3.22 2:3.22 (symver)NSS_3.3 2:3.13.4-2~ (symver)NSS_3.3.1 2:3.13.4-2~ (symver)NSS_3.30 2:3.30 (symver)NSS_3.31 2:3.31 (symver)NSS_3.33 2:3.33 (symver)NSS_3.34 2:3.34 (symver)NSS_3.4 2:3.13.4-2~ (symver)NSS_3.5 2:3.13.4-2~ (symver)NSS_3.6 2:3.13.4-2~ (symver)NSS_3.7 2:3.13.4-2~ (symver)NSS_3.7.1 2:3.13.4-2~ (symver)NSS_3.8 2:3.13.4-2~ (symver)NSS_3.9 2:3.13.4-2~ (symver)NSS_3.9.2 2:3.13.4-2~ (symver)NSS_3.9.3 2:3.13.4-2~ NSS_InitWithMerge@NSS_3.12 2:3.13.4-2~ PK11_CreateGenericObject@NSS_3.12 2:3.13.4-2~ PK11_CreateMergeLog@NSS_3.12 2:3.13.4-2~ PK11_CreatePBEV2AlgorithmID@NSS_3.12 2:3.13.4-2~ PK11_DestroyMergeLog@NSS_3.12 2:3.13.4-2~ PK11_GetPBECryptoMechanism@NSS_3.12 2:3.13.4-2~ PK11_IsRemovable@NSS_3.12 2:3.13.4-2~ PK11_MergeTokens@NSS_3.12 2:3.13.4-2~ PK11_WriteRawAttribute@NSS_3.12 2:3.13.4-2~ SEC_PKCS5IsAlgorithmPBEAlgTag@NSS_3.12 2:3.13.4-2~ libnssckbi.so libnss3 #MINVER# (symver)NSS_3.1 2:3.13.4-2~ libnssdbm3.so libnss3 #MINVER# (symver)NSSDBM_3.12 2:3.13.4-2~ libnssutil3.so libnss3 #MINVER# (symver)NSSUTIL_3.12 2:3.13.4-2~ (symver)NSSUTIL_3.12.3 2:3.13.4-2~ (symver)NSSUTIL_3.12.5 2:3.13.4-2~ (symver)NSSUTIL_3.12.7 2:3.13.4-2~ (symver)NSSUTIL_3.13 2:3.13.4-2~ (symver)NSSUTIL_3.14 2:3.14 (symver)NSSUTIL_3.15 2:3.15 (symver)NSSUTIL_3.17.1 2:3.17.1 (symver)NSSUTIL_3.21 2:3.21 (symver)NSSUTIL_3.24 2:3.24 (symver)NSSUTIL_3.25 2:3.29 (symver)NSSUTIL_3.31 2:3.31 (symver)NSSUTIL_3.33 2:3.33 libsmime3.so libnss3 #MINVER# (symver)NSS_3.10 2:3.13.4-2~ (symver)NSS_3.12.10 2:3.13.4-2~ (symver)NSS_3.12.2 2:3.13.4-2~ (symver)NSS_3.13 2:3.13.4-2~ (symver)NSS_3.15 2:3.15 (symver)NSS_3.16 2:3.16 (symver)NSS_3.18 2:3.18 (symver)NSS_3.2 2:3.13.4-2~ (symver)NSS_3.2.1 2:3.13.4-2~ (symver)NSS_3.3 2:3.13.4-2~ (symver)NSS_3.4 2:3.13.4-2~ (symver)NSS_3.4.1 2:3.13.4-2~ (symver)NSS_3.6 2:3.13.4-2~ (symver)NSS_3.7 2:3.13.4-2~ (symver)NSS_3.7.2 2:3.13.4-2~ (symver)NSS_3.8 2:3.13.4-2~ (symver)NSS_3.9 2:3.13.4-2~ (symver)NSS_3.9.3 2:3.13.4-2~ libsoftokn3.so libnss3 #MINVER# (symver)NSS_3.4 2:3.13.4-2~ libssl3.so libnss3 #MINVER# (symver)NSS_3.11.4 2:3.13.4-2~ (symver)NSS_3.11.8 2:3.13.4-2~ (symver)NSS_3.12.10 2:3.13.4-2~ (symver)NSS_3.12.6 2:3.13.4-2~ (symver)NSS_3.13 2:3.13.4-2~ (symver)NSS_3.13.2 2:3.13.4-2~ (symver)NSS_3.14 2:3.14 (symver)NSS_3.15 2:3.15 (symver)NSS_3.15.4 2:3.15.4 (symver)NSS_3.2 2:3.13.4-2~ (symver)NSS_3.2.1 2:3.13.4-2~ (symver)NSS_3.20 2:3.20 (symver)NSS_3.21 2:3.21 (symver)NSS_3.22 2:3.22 (symver)NSS_3.23 2:3.23 (symver)NSS_3.24 2:3.24 (symver)NSS_3.27 2:3.27 (symver)NSS_3.28 2:3.28 (symver)NSS_3.30 2:3.30 (symver)NSS_3.30.0.1 2:3.30 (symver)NSS_3.33 2:3.33 (symver)NSS_3.4 2:3.13.4-2~ (symver)NSS_3.7.4 2:3.13.4-2~ SSL_GetCipherSuiteInfo@NSS_3.4 2:3.24 SSL_GetChannelInfo@NSS_3.4 2:3.26 nss-pem.git/nss/debian/make.mk0000664000000000000000000000172513252671167013424 0ustar lazy = $(eval $(1) = $$(if $$(___$(1)),,$$(eval ___$(1) := $(2)))$$(___$(1))) lc = $(subst A,a,$(subst B,b,$(subst C,c,$(subst D,d,$(subst E,e,$(subst F,f,$(subst G,g,$(subst H,h,$(subst I,i,$(subst J,j,$(subst K,k,$(subst L,l,$(subst M,m,$(subst N,n,$(subst O,o,$(subst P,p,$(subst Q,q,$(subst R,r,$(subst S,s,$(subst T,t,$(subst U,u,$(subst V,v,$(subst W,w,$(subst X,x,$(subst Y,y,$(subst Z,z,$1)))))))))))))))))))))))))) uc = $(subst a,A,$(subst b,B,$(subst c,C,$(subst d,D,$(subst e,E,$(subst f,F,$(subst g,G,$(subst h,H,$(subst i,I,$(subst j,J,$(subst k,K,$(subst l,L,$(subst m,M,$(subst n,N,$(subst o,O,$(subst p,P,$(subst q,Q,$(subst r,R,$(subst s,S,$(subst t,T,$(subst u,U,$(subst v,V,$(subst w,W,$(subst x,X,$(subst y,Y,$(subst z,Z,$1)))))))))))))))))))))))))) __VARS := $(.VARIABLES) dump: @$(foreach var,$(sort $(filter-out $(__VARS) __VARS preprocess ___%,$(.VARIABLES))),echo '$(var) = $(subst ','\'',$(subst \,\\,$($(var))))';) dump-%: @echo $($*) .PHONY: dump nss-pem.git/nss/debian/nss-config.in0000664000000000000000000000456213252671167014556 0ustar #!/bin/sh prefix=/usr major_version=@MOD_MAJOR_VERSION@ minor_version=@MOD_MINOR_VERSION@ patch_version=@MOD_PATCH_VERSION@ usage() { cat <&2 fi lib_ssl=yes lib_smime=yes lib_nss=yes lib_nssutil=yes while test $# -gt 0; do case "$1" in -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; *) optarg= ;; esac case $1 in --prefix=*) prefix=$optarg ;; --prefix) echo_prefix=yes ;; --exec-prefix=*) exec_prefix=$optarg ;; --exec-prefix) echo_exec_prefix=yes ;; --includedir=*) includedir=$optarg ;; --includedir) echo_includedir=yes ;; --libdir=*) libdir=$optarg ;; --libdir) echo_libdir=yes ;; --version) echo ${major_version}.${minor_version}.${patch_version} ;; --cflags) echo_cflags=yes ;; --libs) echo_libs=yes ;; ssl) lib_ssl=yes ;; smime) lib_smime=yes ;; nss) lib_nss=yes ;; nssutil) lib_nssutil=yes ;; *) usage 1 1>&2 ;; esac shift done # Set variables that may be dependent upon other variables if test -z "$exec_prefix"; then exec_prefix=${prefix} fi if test -z "$includedir"; then includedir=${prefix}/include/nss fi if test -z "$libdir"; then libdir=${exec_prefix}/lib/@DEB_HOST_MULTIARCH@ fi if test "$echo_prefix" = "yes"; then echo $prefix fi if test "$echo_exec_prefix" = "yes"; then echo $exec_prefix fi if test "$echo_includedir" = "yes"; then echo $includedir fi if test "$echo_libdir" = "yes"; then echo $libdir fi if test "$echo_cflags" = "yes"; then echo -I$includedir fi if test "$echo_libs" = "yes"; then libdirs="-L$libdir" if test -n "$lib_ssl"; then libdirs="$libdirs -lssl${major_version}" fi if test -n "$lib_smime"; then libdirs="$libdirs -lsmime${major_version}" fi if test -n "$lib_nss"; then libdirs="$libdirs -lnss${major_version}" fi if test -n "$lib_nssutil"; then libdirs="$libdirs -lnssutil${major_version}" fi echo $libdirs fi nss-pem.git/nss/debian/nss.pc.in0000664000000000000000000000043213252671167013704 0ustar prefix=/usr exec_prefix=${prefix} libdir=${exec_prefix}/lib/@DEB_HOST_MULTIARCH@ includedir=${prefix}/include/nss Name: NSS Description: Mozilla Network Security Services Version: @VERSION@ Requires: nspr Libs: -L${libdir} -lnss3 -lnssutil3 -lsmime3 -lssl3 Cflags: -I${includedir} nss-pem.git/nss/debian/patches/0000775000000000000000000000000013252671167013600 5ustar nss-pem.git/nss/debian/patches/38_hppa.patch0000664000000000000000000000113613252671167016064 0ustar Description: fix double definition of BYTE_ORDER on hppa Author: Helge Deller Bug-Debian: https://bugs.debian.org/808990 Index: nss/nss/lib/dbm/include/mcom_db.h =================================================================== --- nss.orig/nss/lib/dbm/include/mcom_db.h +++ nss/nss/lib/dbm/include/mcom_db.h @@ -110,7 +110,7 @@ typedef PRUint32 uint32; #endif /* !BYTE_ORDER */ #endif /* __sun */ -#if defined(__hpux) || defined(__hppa) +#if defined(__hpux) #define BYTE_ORDER BIG_ENDIAN #define BIG_ENDIAN 4321 #define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */ nss-pem.git/nss/debian/patches/38_hurd.patch0000664000000000000000000000337513252671167016105 0ustar ## 38_hurd.patch by ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Fix FTBFS on Hurd because of MAXPATHLEN Index: nss/nss/cmd/shlibsign/shlibsign.c =================================================================== --- nss.orig/nss/cmd/shlibsign/shlibsign.c +++ nss/nss/cmd/shlibsign/shlibsign.c @@ -725,7 +725,6 @@ main(int argc, char **argv) #ifdef USES_LINKS int ret; struct stat stat_buf; - char link_buf[MAXPATHLEN + 1]; char *link_file = NULL; #endif @@ -1068,10 +1067,22 @@ main(int argc, char **argv) } if (S_ISLNK(stat_buf.st_mode)) { char *dirpath, *dirend; - ret = readlink(input_file, link_buf, sizeof(link_buf) - 1); - if (ret < 0) { - perror(input_file); - goto cleanup; + char *link_buf = NULL; + size_t size = 64; + while (1) { + link_buf = realloc(link_buf, size); + if (!link_buf) { + perror(input_file); + goto cleanup; + } + ret = readlink(input_file, link_buf, size - 1); + if (ret < 0) { + perror(input_file); + goto cleanup; + } + if (ret < size - 1) + break; + size *= 2; } link_buf[ret] = 0; link_file = mkoutput(input_file); Index: nss/nss/lib/freebl/unix_rand.c =================================================================== --- nss.orig/nss/lib/freebl/unix_rand.c +++ nss/nss/lib/freebl/unix_rand.c @@ -843,6 +843,10 @@ RNG_FileForRNG(const char *fileName) #define _POSIX_PTHREAD_SEMANTICS #include +#ifndef PATH_MAX +#define PATH_MAX 1024 +#endif + PRBool ReadFileOK(char *dir, char *file) { nss-pem.git/nss/debian/patches/80_security_tools.patch0000664000000000000000000000154713252671167020226 0ustar ## 80_security_tools.patch by Mike Hommey ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Enable building of some NSS tools. ## DP: Disable rpath. Index: nss/nss/cmd/platlibs.mk =================================================================== --- nss.orig/nss/cmd/platlibs.mk +++ nss/nss/cmd/platlibs.mk @@ -8,6 +8,7 @@ ifeq ($(BUILD_SUN_PKG), 1) # set RPATH-type linker instructions here so they can be used in the shared # version and in the mixed (static nss libs/shared NSPR libs) version. +ifdef ENABLE_RPATH ifeq ($(OS_ARCH), SunOS) ifeq ($(USE_64), 1) EXTRA_SHARED_LIBS += -R '$$ORIGIN/../lib:/usr/lib/mps/secv1/64:/usr/lib/mps/64' @@ -31,6 +32,7 @@ DBMLIB = $(NULL) else DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) endif +endif ifeq ($(NSS_BUILD_UTIL_ONLY),1) SECTOOL_LIB = $(NULL) nss-pem.git/nss/debian/patches/85_security_load.patch0000664000000000000000000001420713252671167020007 0ustar ## 85_security_load.patch by Mike Hommey ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Load modules from $ORIGIN/nss. Index: nss/nss/cmd/shlibsign/shlibsign.c =================================================================== --- nss.orig/nss/cmd/shlibsign/shlibsign.c +++ nss/nss/cmd/shlibsign/shlibsign.c @@ -49,6 +49,9 @@ /* freebl headers */ #include "shsign.h" +/* nssutil headers */ +#include "secport.h" + #define NUM_ELEM(array) (sizeof(array) / sizeof(array[0])) CK_BBOOL true = CK_TRUE; CK_BBOOL false = CK_FALSE; @@ -706,7 +709,6 @@ main(int argc, char **argv) { PLOptState *optstate; char *program_name; - char *libname = NULL; PRLibrary *lib = NULL; PRFileDesc *fd; PRStatus rv = PR_SUCCESS; @@ -864,22 +866,21 @@ main(int argc, char **argv) return 1; } - /* Get the platform-dependent library name of the + /* Get the platform-dependent library of the * NSS cryptographic module. */ - libname = PR_GetLibraryName(NULL, "softokn3"); - assert(libname != NULL); - if (!libname) { - PR_fprintf(PR_STDERR, "getting softokn3 failed"); - goto cleanup; - } - lib = PR_LoadLibrary(libname); + lib = PORT_LoadLibraryFromOrigin( + SHLIB_PREFIX"nssutil"SHLIB_VERSION"."SHLIB_SUFFIX, + (PRFuncPtr) &PORT_Alloc, /* Use an arbitry unused function, as on some + * platforms, using PORT_LoadLibraryFromOrigin + * would only give a pointer in the PLT because + * of the function call. */ + SHLIB_PREFIX"softokn"SOFTOKEN_SHLIB_VERSION"."SHLIB_SUFFIX); assert(lib != NULL); if (!lib) { PR_fprintf(PR_STDERR, "loading softokn3 failed"); goto cleanup; } - PR_FreeLibraryName(libname); if (FIPSMODE) { /* FIPSMODE == FC_GetFunctionList */ Index: nss/nss/lib/pk11wrap/pk11load.c =================================================================== --- nss.orig/nss/lib/pk11wrap/pk11load.c +++ nss/nss/lib/pk11wrap/pk11load.c @@ -451,6 +451,13 @@ secmod_LoadPKCS11Module(SECMODModule *mo * unload the library if anything goes wrong from here on out... */ library = PR_LoadLibrary(mod->dllName); + if ((library == NULL) && + !rindex(mod->dllName, PR_GetDirectorySeparator())) { + library = PORT_LoadLibraryFromOrigin(my_shlib_name, + (PRFuncPtr) &softoken_LoadDSO, + mod->dllName); + } + mod->library = (void *)library; if (library == NULL) { Index: nss/nss/lib/util/secload.c =================================================================== --- nss.orig/nss/lib/util/secload.c +++ nss/nss/lib/util/secload.c @@ -65,14 +65,19 @@ loader_LoadLibInReferenceDir(const char* { PRLibrary* dlh = NULL; char* fullName = NULL; - char* c; + const char* c; PRLibSpec libSpec; /* Remove the trailing filename from referencePath and add the new one */ c = strrchr(referencePath, PR_GetDirectorySeparator()); + if (!c) { /* referencePath doesn't contain a / means that dladdr gave us argv[0] + * and program was called from $PATH. Hack to get libs from /usr/lib */ + referencePath = "/usr/lib/"; + c = &referencePath[8]; /* last / */ + } if (c) { size_t referencePathSize = 1 + c - referencePath; - fullName = (char*)PORT_Alloc(strlen(name) + referencePathSize + 1); + fullName = (char*)PORT_Alloc(strlen(name) + referencePathSize + 5); if (fullName) { memcpy(fullName, referencePath, referencePathSize); strcpy(fullName + referencePathSize, name); @@ -82,6 +87,12 @@ loader_LoadLibInReferenceDir(const char* #endif libSpec.type = PR_LibSpec_Pathname; libSpec.value.pathname = fullName; + if ((referencePathSize >= 4) && + (strncmp(fullName + referencePathSize - 4, "bin", 3) == 0)) { + memcpy(fullName + referencePathSize -4, "lib", 3); + } + strcpy(fullName + referencePathSize, "nss/"); + strcpy(fullName + referencePathSize + 4, name); dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL #ifdef PR_LD_ALT_SEARCH_PATH /* allow library's dependencies to be found in the same directory @@ -89,6 +100,10 @@ loader_LoadLibInReferenceDir(const char* | PR_LD_ALT_SEARCH_PATH #endif ); + if (! dlh) { + strcpy(fullName + referencePathSize, name); + dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL); + } PORT_Free(fullName); } } Index: nss/nss/cmd/shlibsign/Makefile =================================================================== --- nss.orig/nss/cmd/shlibsign/Makefile +++ nss/nss/cmd/shlibsign/Makefile @@ -30,6 +30,7 @@ EXTRA_LIBS += \ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \ + $(NSSUTIL_LIB_DIR)/$(IMPORT_LIB_PREFIX)nssutil3$(IMPORT_LIB_SUFFIX) \ $(NULL) else @@ -39,6 +40,8 @@ EXTRA_SHARED_LIBS += \ -lplc4 \ -lplds4 \ -lnspr4 \ + -L$(NSSUTIL_LIB_DIR) \ + -lnssutil3 \ $(NULL) endif Index: nss/nss/cmd/shlibsign/manifest.mn =================================================================== --- nss.orig/nss/cmd/shlibsign/manifest.mn +++ nss/nss/cmd/shlibsign/manifest.mn @@ -8,7 +8,13 @@ CORE_DEPTH = ../.. # MODULE public and private header directories are implicitly REQUIRED. MODULE = nss -DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" +LIBRARY_VERSION = 3 +SOFTOKEN_LIBRARY_VERSION = 3 + +DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" \ + -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\" \ + -DSOFTOKEN_SHLIB_VERSION=\"$(SOFTOKEN_LIBRARY_VERSION)\" + CSRCS = \ shlibsign.c \ nss-pem.git/nss/debian/patches/bz14324550000664000000000000000000000107313252671167014707 0ustar Index: nss/nss/lib/freebl/Makefile =================================================================== --- nss.orig/nss/lib/freebl/Makefile +++ nss/nss/lib/freebl/Makefile @@ -527,7 +527,12 @@ ifndef NSS_DISABLE_CHACHAPOLY EXTRA_SRCS += chacha20_vec.c endif else - EXTRA_SRCS += poly1305.c + ifeq ($(CPU_ARCH),aarch64) + EXTRA_SRCS += Hacl_Poly1305_64.c + else + EXTRA_SRCS += poly1305.c + endif + EXTRA_SRCS += chacha20.c VERIFIED_SRCS += Hacl_Chacha20.c endif # x86_64 nss-pem.git/nss/debian/patches/series0000664000000000000000000000012513252671167015013 0ustar 38_hurd.patch 80_security_tools.patch 85_security_load.patch 38_hppa.patch bz1432455 nss-pem.git/nss/debian/rules0000775000000000000000000001432713261141175013227 0ustar #!/usr/bin/make -f include debian/make.mk $(call lazy,DEB_BUILD_ARCH,$$(shell dpkg-architecture -qDEB_BUILD_ARCH)) $(call lazy,DEB_BUILD_GNU_TYPE,$$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)) $(call lazy,DEB_HOST_ARCH,$$(shell dpkg-architecture -qDEB_HOST_ARCH)) $(call lazy,DEB_HOST_ARCH_OS,$$(shell dpkg-architecture -qDEB_HOST_ARCH_OS)) $(call lazy,DEB_HOST_GNU_TYPE,$$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)) $(call lazy,DEB_HOST_GNU_CPU,$$(shell dpkg-architecture -qDEB_HOST_GNU_CPU)) $(call lazy,DEB_HOST_MULTIARCH,$$(shell dpkg-architecture -qDEB_HOST_MULTIARCH)) $(call lazy,CFLAGS,$$(shell dpkg-buildflags --get CFLAGS)) $(call lazy,CPPFLAGS,$$(shell dpkg-buildflags --get CPPFLAGS)) $(call lazy,LDFLAGS,$$(shell dpkg-buildflags --get LDFLAGS)) ifneq (,$(filter -O3,$(CFLAGS))) CFLAGS := $(CFLAGS) -Wno-error=maybe-uninitialized endif PREPROCESS_FILES := $(wildcard debian/*.in) $(PREPROCESS_FILES:.in=): %: %.in sed 's,/@DEB_HOST_MULTIARCH@,$(DEB_HOST_MULTIARCH:%=/%),g;$(EXTRA_REPLACES)' $< > $@ UPSTREAM_VERSION := $(shell dpkg-parsechangelog | sed -n 's/^Version: *\([0-9]*:\)\?\([^~]*\)\(~.*\)\?-.*$$/\2/ p') MOD_MAJOR_VERSION := $(word 1, $(subst ., ,$(UPSTREAM_VERSION))) MOD_MINOR_VERSION := $(word 2, $(subst ., ,$(UPSTREAM_VERSION))) MOD_PATCH_VERSION := $(or $(word 3, $(subst ., ,$(UPSTREAM_VERSION))),0) debian/nss.pc: EXTRA_REPLACES := s/@VERSION@/$(UPSTREAM_VERSION)/ debian/nss-config: EXTRA_REPLACES := s/@MOD_MAJOR_VERSION@/$(MOD_MAJOR_VERSION)/;s/@MOD_MINOR_VERSION@/$(MOD_MINOR_VERSION)/;s/@MOD_PATCH_VERSION@/$(MOD_PATCH_VERSION)/ debian/libnss3.lintian-overrides: EXTRA_REPLACES := s,/@DEB_HOST_MULTIARCH_WC@,$(DEB_HOST_MULTIARCH:%=/*),g TOOLCHAIN := ifneq ($(DEB_HOST_ARCH),$(DEB_BUILD_ARCH)) ifeq ($(origin CC),default) TOOLCHAIN += CC=$(DEB_HOST_GNU_TYPE)-gcc endif ifeq ($(origin CXX),default) CXX := $(DEB_HOST_GNU_TYPE)-g++ TOOLCHAIN += CXX=$(CXX) endif TOOLCHAIN += CCC=$(CXX) ifeq ($(origin RANLIB),default) TOOLCHAIN += RANLIB=$(DEB_HOST_GNU_TYPE)-ranlib endif TOOLCHAIN += OS_TEST=$(DEB_HOST_GNU_CPU) TOOLCHAIN += KERNEL=$(DEB_HOST_ARCH_OS) endif # $(foreach foo,$(list),$(call cmd,some command $(foo))) expands to # some command first-elem # some command second-elem # etc. # This avoid using a long one liner with semi colons. define cmd $(1) endef CFLAGS += -Wall -pipe DISTDIR := $(CURDIR)/dist COMMON_MAKE_FLAGS := \ SOURCE_PREFIX=$(DISTDIR) \ SOURCE_MD_DIR=$(DISTDIR) \ DIST=$(DISTDIR) \ OBJDIR_NAME=OBJS \ $(and $(filter 64,$(shell dpkg-architecture -qDEB_HOST_ARCH_BITS)),USE_64=1) \ $(and $(filter x32,$(shell dpkg-architecture -qDEB_HOST_ARCH)),USE_X32=1) \ $(NULL) NSS_TOOLS := \ certutil \ chktest \ cmsutil \ crlutil \ derdump \ httpserv \ modutil \ ocspclnt \ p7content \ p7env \ p7sign \ p7verify \ pk12util \ pk1sign \ pwdecrypt \ rsaperf \ selfserv \ shlibsign \ signtool \ signver \ ssltap \ strsclnt \ symkeyutil \ tstclnt \ vfychain \ vfyserv \ $(NULL) override_dh_auto_build: $(MAKE) -C nss/coreconf/nsinstall \ $(COMMON_MAKE_FLAGS) \ CC=$(DEB_BUILD_GNU_TYPE)-gcc \ ARCHFLAG= $(MAKE) -C nss \ all \ $(COMMON_MAKE_FLAGS) \ MOZILLA_CLIENT=1 \ NSPR_INCLUDE_DIR=/usr/include/nspr \ NSPR_LIB_DIR=/usr/lib/$(DEB_HOST_MULTIARCH) \ BUILD_OPT=1 \ NS_USE_GCC=1 \ OPTIMIZER="$(CFLAGS) $(CPPFLAGS)" \ LDFLAGS='$(LDFLAGS) $$(ARCHFLAG) $$(ZDEFS_FLAG)' \ DSO_LDOPTS='-shared $$(LDFLAGS)' \ NSS_USE_SYSTEM_SQLITE=1 \ NSS_ENABLE_ECC=1 \ CHECKLOC= \ $(TOOLCHAIN) override_dh_auto_clean: -$(MAKE) -C nss \ clobber \ $(COMMON_MAKE_FLAGS) \ BUILD_OPT=1 rm -rf $(DISTDIR) $(PREPROCESS_FILES:.in=) manpage = $(addsuffix .1,$(addprefix nss/doc/nroff/,$(1))) override_dh_auto_install: $(PREPROCESS_FILES:.in=) install -m 755 -d debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/nss debian/libnss3-dev/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig install -m 644 -t debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH) \ $(DISTDIR)/lib/libnss3.so \ $(DISTDIR)/lib/libnssutil3.so \ $(DISTDIR)/lib/libsmime3.so \ $(DISTDIR)/lib/libssl3.so install -m 644 -t debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/nss \ $(DISTDIR)/lib/libfreebl3.so \ $(DISTDIR)/lib/libfreeblpriv3.so \ $(DISTDIR)/lib/libsoftokn3.so \ $(DISTDIR)/lib/libnssdbm3.so \ $(DISTDIR)/lib/libnssckbi.so install -m 644 -t debian/libnss3-dev/usr/include/nss \ $(DISTDIR)/public/nss/* install -m 644 -t debian/libnss3-dev/usr/lib/$(DEB_HOST_MULTIARCH) \ $(DISTDIR)/lib/libcrmf.a install -m 644 -t debian/libnss3-dev/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig debian/nss.pc install -m 755 -t debian/libnss3-dev/usr/bin debian/nss-config install -m 755 -t debian/libnss3-tools/usr/bin $(addprefix $(DISTDIR)/bin/,$(NSS_TOOLS)) install -m 755 -d $(DISTDIR)/man install -m 644 -t $(DISTDIR)/man $(wildcard $(call manpage,$(NSS_TOOLS))) # these utilities are too generically-named, so we prefix them with nss- (see http://bugs.debian.org/701141) $(foreach bin, \ addbuiltin \ dbtest \ pp \ , \ $(call cmd,install -m 755 -T $(DISTDIR)/bin/$(bin) debian/libnss3-tools/usr/bin/nss-$(bin)) \ $(if $(wildcard $(call manpage,$(bin))),$(call cmd,install -m 644 -T $(call manpage,$(bin)) $(DISTDIR)/man/nss-$(bin).1))) ifeq ($(DEB_HOST_ARCH),$(DEB_BUILD_ARCH)) SHLIBSIGN = LD_LIBRARY_PATH=debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH) debian/libnss3-tools/usr/bin/shlibsign else SHLIBSIGN = shlibsign endif override_dh_strip: dh_strip -a --dbg-package=libnss3-dbg $(foreach lib,libsoftokn3.so libfreebl3.so libfreeblpriv3.so libnssdbm3.so, \ $(call cmd,umask 022; $(SHLIBSIGN) -v -i debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/nss/$(lib))) ifeq ($(DEB_HOST_ARCH),$(DEB_BUILD_ARCH)) # Check FIPS mode correctly works mkdir debian/tmp LD_LIBRARY_PATH=debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH):debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/nss debian/libnss3-tools/usr/bin/modutil -create -dbdir debian/tmp < /dev/null LD_LIBRARY_PATH=debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH):debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/nss debian/libnss3-tools/usr/bin/modutil -fips true -dbdir debian/tmp < /dev/null endif override_dh_makeshlibs: dh_makeshlibs -a -- -c4 ifneq (,$(DEB_HOST_MULTIARCH)) override_dh_gencontrol: dh_gencontrol -- -Vmisc:Multi-Arch=same endif override_dh_builddeb: dh_builddeb -- -Zxz %: dh $@ nss-pem.git/nss/debian/source/0000775000000000000000000000000013252671167013451 5ustar nss-pem.git/nss/debian/source/format0000664000000000000000000000001413252671167014657 0ustar 3.0 (quilt) nss-pem.git/nss/debian/watch0000664000000000000000000000024513252671167013203 0ustar version=3 opts=dirversionmangle=s/\.$// \ https://archive.mozilla.org/pub/security/nss/releases/NSS_(?:(\d)_(\d+)(?:_(\d+))?)_RTM/src/nss-([\d\.]+)\.tar\.(?:bz2|gz) nss-pem.git/nss/nss/0000775000000000000000000000000013252671170011524 5ustar nss-pem.git/nss/nss/.clang-format0000664000000000000000000000371313252671167014111 0ustar --- Language: Cpp # BasedOnStyle: Mozilla AccessModifierOffset: -2 AlignAfterOpenBracket: true AlignEscapedNewlinesLeft: false AlignOperands: true AlignTrailingComments: true AllowAllParametersOfDeclarationOnNextLine: false AllowShortBlocksOnASingleLine: false AllowShortCaseLabelsOnASingleLine: false AllowShortIfStatementsOnASingleLine: false AllowShortLoopsOnASingleLine: false AllowShortFunctionsOnASingleLine: All AlwaysBreakAfterDefinitionReturnType: true AlwaysBreakTemplateDeclarations: false AlwaysBreakBeforeMultilineStrings: false BreakBeforeBinaryOperators: false BreakBeforeTernaryOperators: true BreakConstructorInitializersBeforeComma: false BinPackParameters: true BinPackArguments: true ColumnLimit: 0 ConstructorInitializerAllOnOneLineOrOnePerLine: true ConstructorInitializerIndentWidth: 4 DerivePointerAlignment: true ExperimentalAutoDetectBinPacking: false IndentCaseLabels: true IndentWrappedFunctionNames: false IndentFunctionDeclarationAfterType: false MaxEmptyLinesToKeep: 1 KeepEmptyLinesAtTheStartOfBlocks: true NamespaceIndentation: None ObjCBlockIndentWidth: 2 ObjCSpaceAfterProperty: true ObjCSpaceBeforeProtocolList: false PenaltyBreakBeforeFirstCallParameter: 19 PenaltyBreakComment: 300 PenaltyBreakString: 1000 PenaltyBreakFirstLessLess: 120 PenaltyExcessCharacter: 1000000 PenaltyReturnTypeOnItsOwnLine: 200 PointerAlignment: Right SpacesBeforeTrailingComments: 1 Cpp11BracedListStyle: false Standard: Cpp03 IndentWidth: 4 TabWidth: 8 UseTab: Never BreakBeforeBraces: Linux SpacesInParentheses: false SpacesInSquareBrackets: false SpacesInAngles: false SpaceInEmptyParentheses: false SpacesInCStyleCastParentheses: false SpaceAfterCStyleCast: false SpacesInContainerLiterals: true SpaceBeforeAssignmentOperators: true ContinuationIndentWidth: 4 CommentPragmas: '^ IWYU pragma:' ForEachMacros: [ foreach, Q_FOREACH, BOOST_FOREACH ] SpaceBeforeParens: ControlStatements DisableFormat: false SortIncludes: false ... nss-pem.git/nss/nss/.hg_archival.txt0000664000000000000000000000021013252671167014611 0ustar repo: 9949429068caa6bb8827a8ceeaa7c605d722f47f node: 256ac50bbb6b863e75fd4a533fc24d23eaae269e branch: NSS_3_35_BRANCH tag: NSS_3_35_RTM nss-pem.git/nss/nss/.taskcluster.yml0000664000000000000000000000511013252671167014674 0ustar --- version: 0 metadata: name: "NSS Continuous Integration" description: "The Taskcluster task graph for the NSS tree" owner: "mozilla-taskcluster-maintenance@mozilla.com" source: {{{source}}} scopes: # Note the below scopes are insecure however these get overriden on the server # side to whatever scopes are set by mozilla-taskcluster. - queue:* - docker-worker:* - scheduler:* # Available mustache parameters (see the mozilla-taskcluster source): # # - owner: push user (email address) # - source: URL of this YAML file # - url: repository URL # - project: alias for the destination repository (basename of # the repo url) # - level: SCM level of the destination repository # (1 = try, 3 = core) # - revision: (short) hg revision of the head of the push # - revision_hash: (long) hg revision of the head of the push # - comment: comment of the push # - pushlog_id: id in the pushlog table of the repository # # and functions: # - as_slugid: convert a label into a slugId # - from_now: generate a timestamp at a fixed offset from now tasks: - taskId: '{{#as_slugid}}decision task{{/as_slugid}}' reruns: 3 task: created: '{{now}}' deadline: '{{#from_now}}1 day{{/from_now}}' expires: '{{#from_now}}14 days{{/from_now}}' metadata: owner: mozilla-taskcluster-maintenance@mozilla.com source: {{{source}}} name: "NSS Decision Task" description: | The task that creates all of the other tasks in the task graph workerType: "hg-worker" provisionerId: "aws-provisioner-v1" tags: createdForUser: {{owner}} routes: - "tc-treeherder-stage.v2.{{project}}.{{revision}}.{{pushlog_id}}" - "tc-treeherder.v2.{{project}}.{{revision}}.{{pushlog_id}}" payload: image: nssdev/nss-decision:0.0.2 env: TC_OWNER: {{owner}} TC_SOURCE: {{{source}}} TC_PROJECT: {{project}} TC_COMMENT: '{{comment}}' NSS_PUSHLOG_ID: '{{pushlog_id}}' NSS_HEAD_REPOSITORY: '{{{url}}}' NSS_HEAD_REVISION: '{{revision}}' maxRunTime: 1800 command: - bash - -cx - > bin/checkout.sh && nss/automation/taskcluster/scripts/extend_task_graph.sh features: taskclusterProxy: true extra: treeherder: symbol: D build: platform: nss-decision machine: platform: nss-decision nss-pem.git/nss/nss/COPYING0000664000000000000000000004326413252671167012576 0ustar NSS is available under the Mozilla Public License, version 2, a copy of which is below. Note on GPL Compatibility ------------------------- The MPL 2, section 3.3, permits you to combine NSS with code under the GNU General Public License (GPL) version 2, or any later version of that license, to make a Larger Work, and distribute the result under the GPL. The only condition is that you must also make NSS, and any changes you have made to it, available to recipients under the terms of the MPL 2 also. Anyone who receives the combined code from you does not have to continue to dual licence in this way, and may, if they wish, distribute under the terms of either of the two licences - either the MPL alone or the GPL alone. However, we discourage people from distributing copies of NSS under the GPL alone, because it means that any improvements they make cannot be reincorporated into the main version of NSS. There is never a need to do this for license compatibility reasons. Note on LGPL Compatibility -------------------------- The above also applies to combining MPLed code in a single library with code under the GNU Lesser General Public License (LGPL) version 2.1, or any later version of that license. If the LGPLed code and the MPLed code are not in the same library, then the copyleft coverage of the two licences does not overlap, so no issues arise. Mozilla Public License Version 2.0 ================================== 1. Definitions -------------- 1.1. "Contributor" means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software. 1.2. "Contributor Version" means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor's Contribution. 1.3. "Contribution" means Covered Software of a particular Contributor. 1.4. "Covered Software" means Source Code Form to which the initial Contributor has attached the notice in Exhibit A, the Executable Form of such Source Code Form, and Modifications of such Source Code Form, in each case including portions thereof. 1.5. "Incompatible With Secondary Licenses" means (a) that the initial Contributor has attached the notice described in Exhibit B to the Covered Software; or (b) that the Covered Software was made available under the terms of version 1.1 or earlier of the License, but not also under the terms of a Secondary License. 1.6. "Executable Form" means any form of the work other than Source Code Form. 1.7. "Larger Work" means a work that combines Covered Software with other material, in a separate file or files, that is not Covered Software. 1.8. "License" means this document. 1.9. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently, any and all of the rights conveyed by this License. 1.10. "Modifications" means any of the following: (a) any file in Source Code Form that results from an addition to, deletion from, or modification of the contents of Covered Software; or (b) any new file in Source Code Form that contains any Covered Software. 1.11. "Patent Claims" of a Contributor means any patent claim(s), including without limitation, method, process, and apparatus claims, in any patent Licensable by such Contributor that would be infringed, but for the grant of the License, by the making, using, selling, offering for sale, having made, import, or transfer of either its Contributions or its Contributor Version. 1.12. "Secondary License" means either the GNU General Public License, Version 2.0, the GNU Lesser General Public License, Version 2.1, the GNU Affero General Public License, Version 3.0, or any later versions of those licenses. 1.13. "Source Code Form" means the form of the work preferred for making modifications. 1.14. "You" (or "Your") means an individual or a legal entity exercising rights under this License. For legal entities, "You" includes any entity that controls, is controlled by, or is under common control with You. For purposes of this definition, "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. 2. License Grants and Conditions -------------------------------- 2.1. Grants Each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license: (a) under intellectual property rights (other than patent or trademark) Licensable by such Contributor to use, reproduce, make available, modify, display, perform, distribute, and otherwise exploit its Contributions, either on an unmodified basis, with Modifications, or as part of a Larger Work; and (b) under Patent Claims of such Contributor to make, use, sell, offer for sale, have made, import, and otherwise transfer either its Contributions or its Contributor Version. 2.2. Effective Date The licenses granted in Section 2.1 with respect to any Contribution become effective for each Contribution on the date the Contributor first distributes such Contribution. 2.3. Limitations on Grant Scope The licenses granted in this Section 2 are the only rights granted under this License. No additional rights or licenses will be implied from the distribution or licensing of Covered Software under this License. Notwithstanding Section 2.1(b) above, no patent license is granted by a Contributor: (a) for any code that a Contributor has removed from Covered Software; or (b) for infringements caused by: (i) Your and any other third party's modifications of Covered Software, or (ii) the combination of its Contributions with other software (except as part of its Contributor Version); or (c) under Patent Claims infringed by Covered Software in the absence of its Contributions. This License does not grant any rights in the trademarks, service marks, or logos of any Contributor (except as may be necessary to comply with the notice requirements in Section 3.4). 2.4. Subsequent Licenses No Contributor makes additional grants as a result of Your choice to distribute the Covered Software under a subsequent version of this License (see Section 10.2) or under the terms of a Secondary License (if permitted under the terms of Section 3.3). 2.5. Representation Each Contributor represents that the Contributor believes its Contributions are its original creation(s) or it has sufficient rights to grant the rights to its Contributions conveyed by this License. 2.6. Fair Use This License is not intended to limit any rights You have under applicable copyright doctrines of fair use, fair dealing, or other equivalents. 2.7. Conditions Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in Section 2.1. 3. Responsibilities ------------------- 3.1. Distribution of Source Form All distribution of Covered Software in Source Code Form, including any Modifications that You create or to which You contribute, must be under the terms of this License. You must inform recipients that the Source Code Form of the Covered Software is governed by the terms of this License, and how they can obtain a copy of this License. You may not attempt to alter or restrict the recipients' rights in the Source Code Form. 3.2. Distribution of Executable Form If You distribute Covered Software in Executable Form then: (a) such Covered Software must also be made available in Source Code Form, as described in Section 3.1, and You must inform recipients of the Executable Form how they can obtain a copy of such Source Code Form by reasonable means in a timely manner, at a charge no more than the cost of distribution to the recipient; and (b) You may distribute such Executable Form under the terms of this License, or sublicense it under different terms, provided that the license for the Executable Form does not attempt to limit or alter the recipients' rights in the Source Code Form under this License. 3.3. Distribution of a Larger Work You may create and distribute a Larger Work under terms of Your choice, provided that You also comply with the requirements of this License for the Covered Software. If the Larger Work is a combination of Covered Software with a work governed by one or more Secondary Licenses, and the Covered Software is not Incompatible With Secondary Licenses, this License permits You to additionally distribute such Covered Software under the terms of such Secondary License(s), so that the recipient of the Larger Work may, at their option, further distribute the Covered Software under the terms of either this License or such Secondary License(s). 3.4. Notices You may not remove or alter the substance of any license notices (including copyright notices, patent notices, disclaimers of warranty, or limitations of liability) contained within the Source Code Form of the Covered Software, except that You may alter any license notices to the extent required to remedy known factual inaccuracies. 3.5. Application of Additional Terms You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Software. However, You may do so only on Your own behalf, and not on behalf of any Contributor. You must make it absolutely clear that any such warranty, support, indemnity, or liability obligation is offered by You alone, and You hereby agree to indemnify every Contributor for any liability incurred by such Contributor as a result of warranty, support, indemnity or liability terms You offer. You may include additional disclaimers of warranty and limitations of liability specific to any jurisdiction. 4. Inability to Comply Due to Statute or Regulation --------------------------------------------------- If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Software due to statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible; and (b) describe the limitations and the code they affect. Such description must be placed in a text file included with all distributions of the Covered Software under this License. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it. 5. Termination -------------- 5.1. The rights granted under this License will terminate automatically if You fail to comply with any of its terms. However, if You become compliant, then the rights granted under this License from a particular Contributor are reinstated (a) provisionally, unless and until such Contributor explicitly and finally terminates Your grants, and (b) on an ongoing basis, if such Contributor fails to notify You of the non-compliance by some reasonable means prior to 60 days after You have come back into compliance. Moreover, Your grants from a particular Contributor are reinstated on an ongoing basis if such Contributor notifies You of the non-compliance by some reasonable means, this is the first time You have received notice of non-compliance with this License from such Contributor, and You become compliant prior to 30 days after Your receipt of the notice. 5.2. If You initiate litigation against any entity by asserting a patent infringement claim (excluding declaratory judgment actions, counter-claims, and cross-claims) alleging that a Contributor Version directly or indirectly infringes any patent, then the rights granted to You by any and all Contributors for the Covered Software under Section 2.1 of this License shall terminate. 5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or Your distributors under this License prior to termination shall survive termination. ************************************************************************ * * * 6. Disclaimer of Warranty * * ------------------------- * * * * Covered Software is provided under this License on an "as is" * * basis, without warranty of any kind, either expressed, implied, or * * statutory, including, without limitation, warranties that the * * Covered Software is free of defects, merchantable, fit for a * * particular purpose or non-infringing. The entire risk as to the * * quality and performance of the Covered Software is with You. * * Should any Covered Software prove defective in any respect, You * * (not any Contributor) assume the cost of any necessary servicing, * * repair, or correction. This disclaimer of warranty constitutes an * * essential part of this License. No use of any Covered Software is * * authorized under this License except under this disclaimer. * * * ************************************************************************ ************************************************************************ * * * 7. Limitation of Liability * * -------------------------- * * * * Under no circumstances and under no legal theory, whether tort * * (including negligence), contract, or otherwise, shall any * * Contributor, or anyone who distributes Covered Software as * * permitted above, be liable to You for any direct, indirect, * * special, incidental, or consequential damages of any character * * including, without limitation, damages for lost profits, loss of * * goodwill, work stoppage, computer failure or malfunction, or any * * and all other commercial damages or losses, even if such party * * shall have been informed of the possibility of such damages. This * * limitation of liability shall not apply to liability for death or * * personal injury resulting from such party's negligence to the * * extent applicable law prohibits such limitation. Some * * jurisdictions do not allow the exclusion or limitation of * * incidental or consequential damages, so this exclusion and * * limitation may not apply to You. * * * ************************************************************************ 8. Litigation ------------- Any litigation relating to this License may be brought only in the courts of a jurisdiction where the defendant maintains its principal place of business and such litigation shall be governed by laws of that jurisdiction, without reference to its conflict-of-law provisions. Nothing in this Section shall prevent a party's ability to bring cross-claims or counter-claims. 9. Miscellaneous ---------------- This License represents the complete agreement concerning the subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not be used to construe this License against a Contributor. 10. Versions of the License --------------------------- 10.1. New Versions Mozilla Foundation is the license steward. Except as provided in Section 10.3, no one other than the license steward has the right to modify or publish new versions of this License. Each version will be given a distinguishing version number. 10.2. Effect of New Versions You may distribute the Covered Software under the terms of the version of the License under which You originally received the Covered Software, or under the terms of any subsequent version published by the license steward. 10.3. Modified Versions If you create software not governed by this License, and you want to create a new license for such software, you may create and use a modified version of this License if you rename the license and remove any references to the name of the license steward (except to note that such modified license differs from this License). 10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses If You choose to distribute Source Code Form that is Incompatible With Secondary Licenses under the terms of this version of the License, the notice described in Exhibit B of this License must be attached. Exhibit A - Source Code Form License Notice ------------------------------------------- This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. If it is not possible or desirable to put the notice in a particular file, then You may include the notice in a location (such as a LICENSE file in a relevant directory) where a recipient would be likely to look for such a notice. You may add additional accurate notices of copyright ownership. Exhibit B - "Incompatible With Secondary Licenses" Notice --------------------------------------------------------- This Source Code Form is "Incompatible With Secondary Licenses", as defined by the Mozilla Public License, v. 2.0. nss-pem.git/nss/nss/Makefile0000664000000000000000000001162313252671167013175 0ustar #! gmake # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. ####################################################################### # (1) Include initial platform-independent assignments (MANDATORY). # ####################################################################### include manifest.mn ####################################################################### # (2) Include "global" configuration information. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/config.mk ####################################################################### # (3) Include "component" configuration information. (OPTIONAL) # ####################################################################### ####################################################################### # (4) Include "local" platform-dependent assignments (OPTIONAL). # ####################################################################### ifdef NSS_DISABLE_GTESTS DIRS := $(filter-out gtests,$(DIRS)) DIRS := $(filter-out cpputil,$(DIRS)) endif ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/rules.mk ####################################################################### # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # ####################################################################### nss_build_all: build_nspr all latest nss_clean_all: clobber_nspr clobber NSPR_CONFIG_STATUS = $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/config.status NSPR_CONFIGURE = $(CORE_DEPTH)/../nspr/configure # # Translate coreconf build options to NSPR configure options. # ifeq ($(OS_TARGET),Android) NSPR_CONFIGURE_OPTS += --with-android-ndk=$(ANDROID_NDK) \ --target=$(ANDROID_PREFIX) \ --with-android-version=$(OS_TARGET_RELEASE) \ --with-android-toolchain=$(ANDROID_TOOLCHAIN) \ --with-android-platform=$(ANDROID_SYSROOT) endif ifdef BUILD_OPT NSPR_CONFIGURE_OPTS += --disable-debug --enable-optimize endif ifdef USE_X32 NSPR_CONFIGURE_OPTS += --enable-x32 endif ifdef USE_64 NSPR_CONFIGURE_OPTS += --enable-64bit endif ifeq ($(OS_TARGET),WIN95) NSPR_CONFIGURE_OPTS += --enable-win32-target=WIN95 endif ifdef USE_DEBUG_RTL NSPR_CONFIGURE_OPTS += --enable-debug-rtl endif ifdef USE_STATIC_RTL NSPR_CONFIGURE_OPTS += --enable-static-rtl endif ifdef NS_USE_GCC NSPR_CONFIGURE_ENV = CC=gcc CXX=g++ endif ifdef CC NSPR_CONFIGURE_ENV = CC=$(CC) endif ifdef CCC NSPR_CONFIGURE_ENV += CXX=$(CCC) endif # Remove -arch definitions. NSPR can't handle that. NSPR_CONFIGURE_ENV := $(filter-out -arch x86_64,$(NSPR_CONFIGURE_ENV)) NSPR_CONFIGURE_ENV := $(filter-out -arch i386,$(NSPR_CONFIGURE_ENV)) NSPR_CONFIGURE_ENV := $(filter-out -arch ppc,$(NSPR_CONFIGURE_ENV)) # # Some pwd commands on Windows (for example, the pwd # command in Cygwin) return a pathname that begins # with a (forward) slash. When such a pathname is # passed to Windows build tools (for example, cl), it # is mistaken as a command-line option. If that is the case, # we use a relative pathname as NSPR's prefix on Windows. # USEABSPATH="YES" ifeq (,$(filter-out WIN%,$(OS_TARGET))) ifeq (,$(findstring :,$(shell pwd))) USEABSPATH="NO" endif endif ifeq ($(USEABSPATH),"YES") NSPR_PREFIX = $(shell pwd)/../dist/$(OBJDIR_NAME) else NSPR_PREFIX = $$(topsrcdir)/../dist/$(OBJDIR_NAME) endif ifndef NSS_GYP_PREFIX $(NSPR_CONFIG_STATUS): $(NSPR_CONFIGURE) mkdir -p $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) cd $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) ; \ $(NSPR_CONFIGURE_ENV) sh ../configure \ $(NSPR_CONFIGURE_OPTS) \ --with-dist-prefix='$(NSPR_PREFIX)' \ --with-dist-includedir='$(NSPR_PREFIX)/include' else $(NSPR_CONFIG_STATUS): $(NSPR_CONFIGURE) mkdir -p $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) cd $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) ; \ $(NSPR_CONFIGURE_ENV) sh ../configure \ $(NSPR_CONFIGURE_OPTS) \ --prefix='$(NSS_GYP_PREFIX)' endif build_nspr: $(NSPR_CONFIG_STATUS) $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install_nspr: build_nspr $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install clobber_nspr: $(NSPR_CONFIG_STATUS) $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) clobber build_docs: $(MAKE) -C $(CORE_DEPTH)/doc clean_docs: $(MAKE) -C $(CORE_DEPTH)/doc clean nss_RelEng_bld: import all package: $(MAKE) -C pkg publish latest: echo $(OBJDIR_NAME) > $(CORE_DEPTH)/../dist/latest nss-pem.git/nss/nss/automation/0000775000000000000000000000000013252671167013712 5ustar nss-pem.git/nss/nss/automation/abi-check/0000775000000000000000000000000013252671167015520 5ustar nss-pem.git/nss/nss/automation/abi-check/expected-report-libfreebl3.so.txt0000664000000000000000000000000013252671167024010 0ustar nss-pem.git/nss/nss/automation/abi-check/expected-report-libfreeblpriv3.so.txt0000664000000000000000000000000013252671167024711 0ustar nss-pem.git/nss/nss/automation/abi-check/expected-report-libnspr4.so.txt0000664000000000000000000000044113252671167023545 0ustar Functions changes summary: 1 Removed, 0 Changed, 0 Added function Variables changes summary: 0 Removed, 0 Changed, 0 Added variable 1 Removed function: 'function void PR_EXPERIMENTAL_ONLY_IN_4_17_GetOverlappedIOHandle(void**)' {PR_EXPERIMENTAL_ONLY_IN_4_17_GetOverlappedIOHandle} nss-pem.git/nss/nss/automation/abi-check/expected-report-libnss3.so.txt0000664000000000000000000000000013252671167023354 0ustar nss-pem.git/nss/nss/automation/abi-check/expected-report-libnssckbi.so.txt0000664000000000000000000000000013252671167024122 0ustar nss-pem.git/nss/nss/automation/abi-check/expected-report-libnssdbm3.so.txt0000664000000000000000000000000013252671167024037 0ustar nss-pem.git/nss/nss/automation/abi-check/expected-report-libnsssysinit.so.txt0000664000000000000000000000000013252671167024714 0ustar nss-pem.git/nss/nss/automation/abi-check/expected-report-libnssutil3.so.txt0000664000000000000000000000000013252671167024252 0ustar nss-pem.git/nss/nss/automation/abi-check/expected-report-libplc4.so.txt0000664000000000000000000000000013252671167023330 0ustar nss-pem.git/nss/nss/automation/abi-check/expected-report-libplds4.so.txt0000664000000000000000000000000013252671167023514 0ustar nss-pem.git/nss/nss/automation/abi-check/expected-report-libsmime3.so.txt0000664000000000000000000000000013252671167023663 0ustar nss-pem.git/nss/nss/automation/abi-check/expected-report-libsoftokn3.so.txt0000664000000000000000000000000013252671167024234 0ustar nss-pem.git/nss/nss/automation/abi-check/expected-report-libssl3.so.txt0000664000000000000000000000022613252671167023364 0ustar Functions changes summary: 0 Removed, 0 Changed (5 filtered out), 0 Added function Variables changes summary: 0 Removed, 0 Changed, 0 Added variable nss-pem.git/nss/nss/automation/abi-check/previous-nss-release0000664000000000000000000000002013252671167021526 0ustar NSS_3_34_BRANCH nss-pem.git/nss/nss/automation/buildbot-slave/0000775000000000000000000000000013252671167016626 5ustar nss-pem.git/nss/nss/automation/buildbot-slave/bbenv-example.sh0000664000000000000000000000264013252671167021711 0ustar #! /bin/bash # Each buildbot-slave requires a bbenv.sh file that defines # machine specific variables. This is an example file. HOST=$(hostname | cut -d. -f1) export HOST # if your machine's IP isn't registered in DNS, # you must set appropriate environment variables # that can be resolved locally. # For example, if localhost.localdomain works on your system, set: #HOST=localhost #DOMSUF=localdomain #export DOMSUF ARCH=$(uname -s) ulimit -c unlimited 2> /dev/null export NSPR_LOG_MODULES="pkix:1" #export JAVA_HOME_32= #export JAVA_HOME_64= #enable if you have PKITS data #export PKITS_DATA=$HOME/pkits/data/ NSS_BUILD_TARGET="clean nss_build_all" JSS_BUILD_TARGET="clean all" MAKE=gmake AWK=awk PATCH=patch if [ "${ARCH}" = "SunOS" ]; then AWK=nawk PATCH=gpatch ARCH=SunOS/$(uname -p) fi if [ "${ARCH}" = "Linux" -a -f /etc/system-release ]; then VERSION=`sed -e 's; release ;;' -e 's; (.*)$;;' -e 's;Red Hat Enterprise Linux Server;RHEL;' -e 's;Red Hat Enterprise Linux Workstation;RHEL;' /etc/system-release` ARCH=Linux/${VERSION} echo ${ARCH} fi PROCESSOR=$(uname -p) if [ "${PROCESSOR}" = "ppc64" ]; then ARCH="${ARCH}/ppc64" fi if [ "${PROCESSOR}" = "powerpc" ]; then ARCH="${ARCH}/ppc" fi PORT_64_DBG=8543 PORT_64_OPT=8544 PORT_32_DBG=8545 PORT_32_OPT=8546 if [ "${NSS_TESTS}" = "memleak" ]; then PORT_64_DBG=8547 PORT_64_OPT=8548 PORT_32_DBG=8549 PORT_32_OPT=8550 fi nss-pem.git/nss/nss/automation/buildbot-slave/build.sh0000775000000000000000000003241313252671167020267 0ustar #! /bin/bash # Ensure a failure of the first command inside a pipe # won't be hidden by commands later in the pipe. # (e.g. as in ./dosomething | grep) set -o pipefail proc_args() { while [ -n "$1" ]; do OPT=$(echo $1 | cut -d= -f1) VAL=$(echo $1 | cut -d= -f2) case $OPT in "--build-nss") BUILD_NSS=1 ;; "--test-nss") TEST_NSS=1 ;; "--check-abi") CHECK_ABI=1 ;; "--build-jss") BUILD_JSS=1 ;; "--test-jss") TEST_JSS=1 ;; "--memtest") NSS_TESTS="memleak" export NSS_TESTS ;; "--nojsssign") NO_JSS_SIGN=1 ;; *) echo "Usage: $0 ..." echo " --memtest - run the memory leak tests" echo " --nojsssign - try to sign jss" echo " --build-nss" echo " --build-jss" echo " --test-nss" echo " --test-jss" echo " --check-abi" exit 1 ;; esac shift done } set_env() { TOPDIR=$(pwd) HGDIR=$(pwd)$(echo "/hg") OUTPUTDIR=$(pwd)$(echo "/output") LOG_ALL="${OUTPUTDIR}/all.log" LOG_TMP="${OUTPUTDIR}/tmp.log" echo "hello" |grep --line-buffered hello >/dev/null 2>&1 [ $? -eq 0 ] && GREP_BUFFER="--line-buffered" } print_log() { DATE=$(date "+TB [%Y-%m-%d %H:%M:%S]") echo "${DATE} $*" echo "${DATE} $*" >> ${LOG_ALL} } print_result() { TESTNAME=$1 RET=$2 EXP=$3 if [ ${RET} -eq ${EXP} ]; then print_log "${TESTNAME} PASSED" else print_log "${TESTNAME} FAILED" fi } print_env() { print_log "######## Environment variables ########" uname -a | tee -a ${LOG_ALL} if [ -e "/etc/redhat-release" ]; then cat "/etc/redhat-release" | tee -a ${LOG_ALL} fi # don't print the MAIL command, it might contain a password env | grep -v "^MAIL=" | tee -a ${LOG_ALL} } set_cycle() { BITS=$1 OPT=$2 if [ "${BITS}" = "64" ]; then USE_64=1 JAVA_HOME=${JAVA_HOME_64} PORT_DBG=${PORT_64_DBG} PORT_OPT=${PORT_64_OPT} else USE_64= JAVA_HOME=${JAVA_HOME_32} PORT_DBG=${PORT_32_DBG} PORT_OPT=${PORT_32_OPT} fi export USE_64 export JAVA_HOME BUILD_OPT= if [ "${OPT}" = "OPT" ]; then BUILD_OPT=1 XPCLASS=xpclass.jar PORT=${PORT_OPT} else BUILD_OPT= XPCLASS=xpclass_dbg.jar PORT=${PORT_DBG} fi export BUILD_OPT PORT_JSS_SERVER=$(expr ${PORT} + 20) PORT_JSSE_SERVER=$(expr ${PORT} + 40) export PORT export PORT_JSS_SERVER export PORT_JSSE_SERVER } build_nss() { print_log "######## NSS - build - ${BITS} bits - ${OPT} ########" print_log "$ cd ${HGDIR}/nss" cd ${HGDIR}/nss print_log "$ ${MAKE} ${NSS_BUILD_TARGET}" #${MAKE} ${NSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL} | grep ${GREP_BUFFER} "^${MAKE}" ${MAKE} ${NSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL} RET=$? print_result "NSS - build - ${BITS} bits - ${OPT}" ${RET} 0 if [ ${RET} -eq 0 ]; then return 0 else tail -100 ${LOG_ALL} return ${RET} fi } build_jss() { print_log "######## JSS - build - ${BITS} bits - ${OPT} ########" print_log "$ cd ${HGDIR}/jss" cd ${HGDIR}/jss print_log "$ ${MAKE} ${JSS_BUILD_TARGET}" #${MAKE} ${JSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL} | grep ${GREP_BUFFER} "^${MAKE}" ${MAKE} ${JSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL} RET=$? print_result "JSS build - ${BITS} bits - ${OPT}" ${RET} 0 [ ${RET} -eq 0 ] || return ${RET} print_log "$ cd ${HGDIR}/dist" cd ${HGDIR}/dist if [ -z "${NO_JSS_SIGN}" ]; then print_log "cat ${TOPDIR}/keystore.pw | ${JAVA_HOME}/bin/jarsigner -keystore ${TOPDIR}/keystore -internalsf ${XPCLASS} jssdsa" cat ${TOPDIR}/keystore.pw | ${JAVA_HOME}/bin/jarsigner -keystore ${TOPDIR}/keystore -internalsf ${XPCLASS} jssdsa >> ${LOG_ALL} 2>&1 RET=$? print_result "JSS - sign JAR files - ${BITS} bits - ${OPT}" ${RET} 0 [ ${RET} -eq 0 ] || return ${RET} fi print_log "${JAVA_HOME}/bin/jarsigner -verify -certs ${XPCLASS}" ${JAVA_HOME}/bin/jarsigner -verify -certs ${XPCLASS} >> ${LOG_ALL} 2>&1 RET=$? print_result "JSS - verify JAR files - ${BITS} bits - ${OPT}" ${RET} 0 [ ${RET} -eq 0 ] || return ${RET} return 0 } test_nss() { print_log "######## NSS - tests - ${BITS} bits - ${OPT} ########" if [ "${OS_TARGET}" = "Android" ]; then print_log "$ cd ${HGDIR}/nss/tests/remote" cd ${HGDIR}/nss/tests/remote print_log "$ make test_android" make test_android 2>&1 | tee ${LOG_TMP} | grep ${GREP_BUFFER} ": #" OUTPUTFILE=${HGDIR}/tests_results/security/*.1/output.log else print_log "$ cd ${HGDIR}/nss/tests" cd ${HGDIR}/nss/tests print_log "$ ./all.sh" ./all.sh 2>&1 | tee ${LOG_TMP} | egrep ${GREP_BUFFER} ": #|^\[.{10}\] " OUTPUTFILE=${LOG_TMP} fi cat ${LOG_TMP} >> ${LOG_ALL} tail -n2 ${HGDIR}/tests_results/security/*.1/results.html | grep END_OF_TEST >> ${LOG_ALL} RET=$? print_log "######## details of detected failures (if any) ########" grep -B50 FAILED ${OUTPUTFILE} [ $? -eq 1 ] || RET=1 print_result "NSS - tests - ${BITS} bits - ${OPT}" ${RET} 0 return ${RET} } check_abi() { print_log "######## NSS ABI CHECK - ${BITS} bits - ${OPT} ########" print_log "######## creating temporary HG clones ########" rm -rf ${HGDIR}/baseline mkdir ${HGDIR}/baseline BASE_NSS=`cat ${HGDIR}/nss/automation/abi-check/previous-nss-release` hg clone -u "${BASE_NSS}" "${HGDIR}/nss" "${HGDIR}/baseline/nss" if [ $? -ne 0 ]; then echo "invalid tag in automation/abi-check/previous-nss-release" return 1 fi BASE_NSPR=NSPR_$(head -1 ${HGDIR}/baseline/nss/automation/release/nspr-version.txt | cut -d . -f 1-2 | tr . _)_BRANCH hg clone -u "${BASE_NSPR}" "${HGDIR}/nspr" "${HGDIR}/baseline/nspr" if [ $? -ne 0 ]; then echo "nonexisting tag ${BASE_NSPR} derived from ${BASE_NSS} automation/release/nspr-version.txt" # Assume that version hasn't been released yet, fall back to trunk pushd "${HGDIR}/baseline/nspr" hg update default popd fi print_log "######## building baseline NSPR/NSS ########" pushd ${HGDIR}/baseline/nss print_log "$ ${MAKE} ${NSS_BUILD_TARGET}" ${MAKE} ${NSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL} RET=$? print_result "NSS - build - ${BITS} bits - ${OPT}" ${RET} 0 if [ ${RET} -ne 0 ]; then tail -100 ${LOG_ALL} return ${RET} fi popd ABI_PROBLEM_FOUND=0 ABI_REPORT=${OUTPUTDIR}/abi-diff.txt rm -f ${ABI_REPORT} PREVDIST=${HGDIR}/baseline/dist NEWDIST=${HGDIR}/dist ALL_SOs="libfreebl3.so libfreeblpriv3.so libnspr4.so libnss3.so libnssckbi.so libnssdbm3.so libnsssysinit.so libnssutil3.so libplc4.so libplds4.so libsmime3.so libsoftokn3.so libssl3.so" for SO in ${ALL_SOs}; do if [ ! -f ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt ]; then touch ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt fi abidiff --hd1 $PREVDIST/public/ --hd2 $NEWDIST/public \ $PREVDIST/*/lib/$SO $NEWDIST/*/lib/$SO \ > ${HGDIR}/nss/automation/abi-check/new-report-$SO.txt if [ $? -ne 0 ]; then ABI_PROBLEM_FOUND=1 print_log "FAILED to run abidiff {$PREVDIST , $NEWDIST} for $SO, or failed writing to ${HGDIR}/nss/automation/abi-check/new-report-$SO.txt" fi if [ ! -f ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt ]; then ABI_PROBLEM_FOUND=1 print_log "FAILED to access report file: ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt" fi diff -wB -u ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt \ ${HGDIR}/nss/automation/abi-check/new-report-$SO.txt >> ${ABI_REPORT} if [ ! -f ${ABI_REPORT} ]; then ABI_PROBLEM_FOUND=1 print_log "FAILED to compare exepcted and new report: ${HGDIR}/nss/automation/abi-check/new-report-$SO.txt" fi done if [ -s ${ABI_REPORT} ]; then print_log "FAILED: there are new unexpected ABI changes" cat ${ABI_REPORT} return 1 elif [ $ABI_PROBLEM_FOUND -ne 0 ]; then print_log "FAILED: failure executing the ABI checks" cat ${ABI_REPORT} return 1 fi return 0 } test_jss() { print_log "######## JSS - tests - ${BITS} bits - ${OPT} ########" print_log "$ cd ${HGDIR}/jss" cd ${HGDIR}/jss print_log "$ ${MAKE} platform" PLATFORM=$(${MAKE} platform) print_log "PLATFORM=${PLATFORM}" print_log "$ cd ${HGDIR}/jss/org/mozilla/jss/tests" cd ${HGDIR}/jss/org/mozilla/jss/tests print_log "$ perl all.pl dist ${HGDIR}/dist/${PLATFORM}" perl all.pl dist ${HGDIR}/dist/${PLATFORM} 2>&1 | tee ${LOG_TMP} cat ${LOG_TMP} >> ${LOG_ALL} tail -n2 ${LOG_TMP} | grep JSSTEST_RATE > /dev/null RET=$? grep FAIL ${LOG_TMP} [ $? -eq 1 ] || RET=1 print_result "JSS - tests - ${BITS} bits - ${OPT}" ${RET} 0 return ${RET} } create_objdir_dist_link() { # compute relevant 'dist' OBJDIR_NAME subdirectory names for JSS and NSS OS_TARGET=`uname -s` OS_RELEASE=`uname -r | sed 's/-.*//' | sed 's/-.*//' | cut -d . -f1,2` CPU_TAG=_`uname -m` # OBJDIR_NAME_COMPILER appears to be defined for NSS but not JSS OBJDIR_NAME_COMPILER=_cc LIBC_TAG=_glibc IMPL_STRATEGY=_PTH if [ "${RUN_BITS}" = "64" ]; then OBJDIR_TAG=_${RUN_BITS}_${RUN_OPT}.OBJ else OBJDIR_TAG=_${RUN_OPT}.OBJ fi # define NSS_OBJDIR_NAME NSS_OBJDIR_NAME=${OS_TARGET}${OS_RELEASE}${CPU_TAG}${OBJDIR_NAME_COMPILER} NSS_OBJDIR_NAME=${NSS_OBJDIR_NAME}${LIBC_TAG}${IMPL_STRATEGY}${OBJDIR_TAG} print_log "create_objdir_dist_link(): NSS_OBJDIR_NAME='${NSS_OBJDIR_NAME}'" # define JSS_OBJDIR_NAME JSS_OBJDIR_NAME=${OS_TARGET}${OS_RELEASE}${CPU_TAG} JSS_OBJDIR_NAME=${JSS_OBJDIR_NAME}${LIBC_TAG}${IMPL_STRATEGY}${OBJDIR_TAG} print_log "create_objdir_dist_link(): JSS_OBJDIR_NAME='${JSS_OBJDIR_NAME}'" if [ -e "${HGDIR}/dist/${NSS_OBJDIR_NAME}" ]; then SOURCE=${HGDIR}/dist/${NSS_OBJDIR_NAME} TARGET=${HGDIR}/dist/${JSS_OBJDIR_NAME} ln -s ${SOURCE} ${TARGET} >/dev/null 2>&1 fi } build_and_test() { if [ -n "${BUILD_NSS}" ]; then build_nss [ $? -eq 0 ] || return 1 fi if [ -n "${TEST_NSS}" ]; then test_nss [ $? -eq 0 ] || return 1 fi if [ -n "${CHECK_ABI}" ]; then check_abi [ $? -eq 0 ] || return 1 fi if [ -n "${BUILD_JSS}" ]; then create_objdir_dist_link build_jss [ $? -eq 0 ] || return 1 fi if [ -n "${TEST_JSS}" ]; then test_jss [ $? -eq 0 ] || return 1 fi return 0 } run_cycle() { print_env build_and_test RET=$? grep ^TinderboxPrint ${LOG_ALL} return ${RET} } prepare() { rm -rf ${OUTPUTDIR}.oldest >/dev/null 2>&1 mv ${OUTPUTDIR}.older ${OUTPUTDIR}.oldest >/dev/null 2>&1 mv ${OUTPUTDIR}.old ${OUTPUTDIR}.older >/dev/null 2>&1 mv ${OUTPUTDIR}.last ${OUTPUTDIR}.old >/dev/null 2>&1 mv ${OUTPUTDIR} ${OUTPUTDIR}.last >/dev/null 2>&1 mkdir -p ${OUTPUTDIR} # Remove temporary test files from previous jobs, that weren't cleaned up # by move_results(), e.g. caused by unexpected interruptions. rm -rf ${HGDIR}/tests_results/ cd ${HGDIR}/nss if [ -n "${FEWER_STRESS_ITERATIONS}" ]; then sed -i 's/-c_1000_/-c_500_/g' tests/ssl/sslstress.txt fi return 0 } move_results() { cd ${HGDIR} if [ -n "${TEST_NSS}" ]; then mv -f tests_results ${OUTPUTDIR} fi tar -c -z --dereference -f ${OUTPUTDIR}/dist.tgz dist rm -rf dist } run_all() { set_cycle ${BITS} ${OPT} prepare run_cycle RESULT=$? print_log "### result of run_cycle is ${RESULT}" move_results return ${RESULT} } main() { VALID=0 RET=1 FAIL=0 for BITS in 32 64; do echo ${RUN_BITS} | grep ${BITS} > /dev/null [ $? -eq 0 ] || continue for OPT in DBG OPT; do echo ${RUN_OPT} | grep ${OPT} > /dev/null [ $? -eq 0 ] || continue VALID=1 set_env run_all RET=$? print_log "### result of run_all is ${RET}" if [ ${RET} -ne 0 ]; then FAIL=${RET} fi done done if [ ${VALID} -ne 1 ]; then echo "Need to set valid bits/opt values." return 1 fi return ${FAIL} } #function killallsub() #{ # FINAL_RET=$? # for proc in `jobs -p` # do # kill -9 $proc # done # return ${FINAL_RET} #} #trap killallsub EXIT #IS_RUNNING_FILE="./build-is-running" #if [ -a $IS_RUNNING_FILE ]; then # echo "exiting, because old job is still running" # exit 1 #fi #touch $IS_RUNNING_FILE echo "tinderbox args: $0 $@" . ${ENVVARS} proc_args "$@" main RET=$? print_log "### result of main is ${RET}" #rm $IS_RUNNING_FILE exit ${RET} nss-pem.git/nss/nss/automation/buildbot-slave/reboot.bat0000664000000000000000000000015613252671167020612 0ustar IF EXIST ..\buildbot-is-building ( del ..\buildbot-is-building shutdown /r /t 0 timeout /t 120 ) nss-pem.git/nss/nss/automation/buildbot-slave/startbuild.bat0000664000000000000000000000051713252671167021476 0ustar echo running > ..\buildbot-is-building echo running: "%MOZILLABUILD%\msys\bin\bash" -c "hg/nss/automation/buildbot-slave/build.sh %*" "%MOZILLABUILD%\msys\bin\bash" -c "hg/nss/automation/buildbot-slave/build.sh %*" if %errorlevel% neq 0 ( set EXITCODE=1 ) else ( set EXITCODE=0 ) del ..\buildbot-is-building exit /b %EXITCODE% nss-pem.git/nss/nss/automation/clang-format/0000775000000000000000000000000013252671167016264 5ustar nss-pem.git/nss/nss/automation/clang-format/Dockerfile0000664000000000000000000000105413252671167020256 0ustar FROM ubuntu:16.04 MAINTAINER Franziskus Kiefer RUN useradd -d /home/worker -s /bin/bash -m worker WORKDIR /home/worker # Install dependencies. ADD setup.sh /tmp/setup.sh RUN bash /tmp/setup.sh # Change user. USER worker # Env variables. ENV HOME /home/worker ENV SHELL /bin/bash ENV USER worker ENV LOGNAME worker ENV HOSTNAME taskcluster-worker ENV LANG en_US.UTF-8 ENV LC_ALL en_US.UTF-8 ENV HOST localhost ENV DOMSUF localdomain # Entrypoint. ENTRYPOINT ["/home/worker/nss/automation/clang-format/run_clang_format.sh"] nss-pem.git/nss/nss/automation/clang-format/run_clang_format.sh0000775000000000000000000000321613252671167022145 0ustar #!/usr/bin/env bash if [[ $(id -u) -eq 0 ]]; then # Drop privileges by re-running this script. # Note: this mangles arguments, better to avoid running scripts as root. exec su worker -c "$0 $*" fi set -e # Apply clang-format on the provided folder and verify that this doesn't change any file. # If any file differs after formatting, the script eventually exits with 1. # Any differences between formatted and unformatted files is printed to stdout to give a hint what's wrong. # Includes a default set of directories NOT to clang-format on. blacklist=( "./automation" \ "./coreconf" \ "./doc" \ "./pkg" \ "./tests" \ "./lib/libpkix" \ "./lib/zlib" \ "./lib/sqlite" \ "./gtests/google_test" \ "./out" \ ) top=$(cd "$(dirname $0)/../.."; pwd -P) if [ $# -gt 0 ]; then dirs=("$@") else cd "$top" dirs=($(find . -maxdepth 2 -mindepth 1 -type d ! -path '*/.*' -print)) fi format_folder() { for black in "${blacklist[@]}"; do if [[ "$1" == "$black"* ]]; then echo "skip $1" return 1 fi done return 0 } for dir in "${dirs[@]}"; do if format_folder "$dir"; then c="${dir//[^\/]}" echo "formatting $dir ..." depth=() if [ "${#c}" == "1" ]; then depth+=(-maxdepth 1) fi find "$dir" "${depth[@]}" -type f \( -name '*.[ch]' -o -name '*.cc' \) -exec clang-format -i {} \+ fi done TMPFILE=$(mktemp /tmp/$(basename $0).XXXXXX) trap 'rm -f $TMPFILE' exit if [[ -d "$top/.hg" ]]; then hg diff --git "$top" | tee $TMPFILE else git -C "$top" diff | tee $TMPFILE fi [[ ! -s $TMPFILE ]] nss-pem.git/nss/nss/automation/clang-format/setup.sh0000664000000000000000000000216713252671167017766 0ustar #!/usr/bin/env bash set -v -e -x # Update packages. export DEBIAN_FRONTEND=noninteractive apt-get -y update && apt-get -y upgrade # Install packages. apt_packages=() apt_packages+=('ca-certificates') apt_packages+=('curl') apt_packages+=('xz-utils') apt_packages+=('mercurial') apt_packages+=('git') apt_packages+=('locales') apt-get install -y --no-install-recommends ${apt_packages[@]} # Download clang. curl -L https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz -o clang.tar.xz curl -L https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig -o clang.tar.xz.sig # Verify the signature. gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D gpg --verify clang.tar.xz.sig # Install into /usr/local/. tar xJvf *.tar.xz -C /usr/local --strip-components=1 # Cleanup. function cleanup() { rm -f clang.tar.xz clang.tar.xz.sig } trap cleanup ERR EXIT locale-gen en_US.UTF-8 dpkg-reconfigure locales # Cleanup. rm -rf ~/.ccache ~/.cache apt-get autoremove -y apt-get clean apt-get autoclean # We're done. Remove this script. rm $0 nss-pem.git/nss/nss/automation/ossfuzz/0000775000000000000000000000000013252671167015435 5ustar nss-pem.git/nss/nss/automation/ossfuzz/build.sh0000775000000000000000000000333013252671167017072 0ustar #!/bin/bash -eu # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. # ################################################################################ # List of targets disabled for oss-fuzz. declare -A disabled=([pkcs8]=1) # List of targets we want to fuzz in TLS and non-TLS mode. declare -A tls_targets=([tls-client]=1 [tls-server]=1 [dtls-client]=1 [dtls-server]=1) # Helper function that copies a fuzzer binary and its seed corpus. copy_fuzzer() { local fuzzer=$1 local name=$2 # Copy the binary. cp ../dist/Debug/bin/$fuzzer $OUT/$name # Zip and copy the corpus, if any. if [ -d "$SRC/nss-corpus/$name" ]; then zip $OUT/${name}_seed_corpus.zip $SRC/nss-corpus/$name/* else zip $OUT/${name}_seed_corpus.zip $SRC/nss-corpus/*/* fi } # Copy libFuzzer options cp fuzz/options/*.options $OUT/ # Build the library (non-TLS fuzzing mode). CXX="$CXX -stdlib=libc++" LDFLAGS="$CFLAGS" \ ./build.sh -c -v --fuzz=oss --fuzz --disable-tests # Copy fuzzing targets. for fuzzer in $(find ../dist/Debug/bin -name "nssfuzz-*" -printf "%f\n"); do name=${fuzzer:8} if [ -z "${disabled[$name]:-}" ]; then [ -n "${tls_targets[$name]:-}" ] && name="${name}-no_fuzzer_mode" copy_fuzzer $fuzzer $name fi done # Build the library again (TLS fuzzing mode). CXX="$CXX -stdlib=libc++" LDFLAGS="$CFLAGS" \ ./build.sh -c -v --fuzz=oss --fuzz=tls --disable-tests # Copy dual mode targets in TLS mode. for name in "${!tls_targets[@]}"; do if [ -z "${disabled[$name]:-}" ]; then copy_fuzzer nssfuzz-$name $name fi done nss-pem.git/nss/nss/automation/release/0000775000000000000000000000000013252671167015332 5ustar nss-pem.git/nss/nss/automation/release/nspr-version.txt0000664000000000000000000000047613252671167020547 0ustar 4.18 # The first line of this file must contain the human readable NSPR # version number, which is the minimum required version of NSPR # that is supported by this version of NSS. # # This information is used by release automation, # when creating an NSS source archive. # # All other lines in this file are ignored. nss-pem.git/nss/nss/automation/release/nss-release-helper.py0000775000000000000000000003135413252671167021413 0ustar #!/usr/bin/python # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. import os import sys import datetime import shutil import glob from optparse import OptionParser from subprocess import check_call from subprocess import check_output nssutil_h = "lib/util/nssutil.h" softkver_h = "lib/softoken/softkver.h" nss_h = "lib/nss/nss.h" nssckbi_h = "lib/ckfw/builtins/nssckbi.h" abi_base_version_file = "automation/abi-check/previous-nss-release" abi_report_files = ['automation/abi-check/expected-report-libfreebl3.so.txt', 'automation/abi-check/expected-report-libfreeblpriv3.so.txt', 'automation/abi-check/expected-report-libnspr4.so.txt', 'automation/abi-check/expected-report-libnss3.so.txt', 'automation/abi-check/expected-report-libnssckbi.so.txt', 'automation/abi-check/expected-report-libnssdbm3.so.txt', 'automation/abi-check/expected-report-libnsssysinit.so.txt', 'automation/abi-check/expected-report-libnssutil3.so.txt', 'automation/abi-check/expected-report-libplc4.so.txt', 'automation/abi-check/expected-report-libplds4.so.txt', 'automation/abi-check/expected-report-libsmime3.so.txt', 'automation/abi-check/expected-report-libsoftokn3.so.txt', 'automation/abi-check/expected-report-libssl3.so.txt'] def check_call_noisy(cmd, *args, **kwargs): print "Executing command:", cmd check_call(cmd, *args, **kwargs) o = OptionParser(usage="client.py [options] remove_beta | set_beta | print_library_versions | print_root_ca_version | set_root_ca_version | set_version_to_minor_release | set_version_to_patch_release | set_release_candidate_number | set_4_digit_release_number | create_nss_release_archive") try: options, args = o.parse_args() action = args[0] except IndexError: o.print_help() sys.exit(2) def exit_with_failure(what): print "failure: ", what sys.exit(2) def check_files_exist(): if (not os.path.exists(nssutil_h) or not os.path.exists(softkver_h) or not os.path.exists(nss_h) or not os.path.exists(nssckbi_h)): exit_with_failure("cannot find expected header files, must run from inside NSS hg directory") def sed_inplace(sed_expression, filename): backup_file = filename + '.tmp' check_call_noisy(["sed", "-i.tmp", sed_expression, filename]) os.remove(backup_file) def toggle_beta_status(is_beta): check_files_exist() if (is_beta): print "adding Beta status to version numbers" sed_inplace('s/^\(#define *NSSUTIL_VERSION *\"[0-9.]\+\)\" *$/\\1 Beta\"/', nssutil_h) sed_inplace('s/^\(#define *NSSUTIL_BETA *\)PR_FALSE *$/\\1PR_TRUE/', nssutil_h) sed_inplace('s/^\(#define *SOFTOKEN_VERSION *\"[0-9.]\+\" *SOFTOKEN_ECC_STRING\) *$/\\1 \" Beta"/', softkver_h) sed_inplace('s/^\(#define *SOFTOKEN_BETA *\)PR_FALSE *$/\\1PR_TRUE/', softkver_h) sed_inplace('s/^\(#define *NSS_VERSION *\"[0-9.]\+\" *_NSS_CUSTOMIZED\) *$/\\1 \" Beta"/', nss_h) sed_inplace('s/^\(#define *NSS_BETA *\)PR_FALSE *$/\\1PR_TRUE/', nss_h) else: print "removing Beta status from version numbers" sed_inplace('s/^\(#define *NSSUTIL_VERSION *\"[0-9.]\+\) *Beta\" *$/\\1\"/', nssutil_h) sed_inplace('s/^\(#define *NSSUTIL_BETA *\)PR_TRUE *$/\\1PR_FALSE/', nssutil_h) sed_inplace('s/^\(#define *SOFTOKEN_VERSION *\"[0-9.]\+\" *SOFTOKEN_ECC_STRING\) *\" *Beta\" *$/\\1/', softkver_h) sed_inplace('s/^\(#define *SOFTOKEN_BETA *\)PR_TRUE *$/\\1PR_FALSE/', softkver_h) sed_inplace('s/^\(#define *NSS_VERSION *\"[0-9.]\+\" *_NSS_CUSTOMIZED\) *\" *Beta\" *$/\\1/', nss_h) sed_inplace('s/^\(#define *NSS_BETA *\)PR_TRUE *$/\\1PR_FALSE/', nss_h) print "please run 'hg stat' and 'hg diff' to verify the files have been verified correctly" def print_beta_versions(): check_call_noisy(["egrep", "#define *NSSUTIL_VERSION|#define *NSSUTIL_BETA", nssutil_h]) check_call_noisy(["egrep", "#define *SOFTOKEN_VERSION|#define *SOFTOKEN_BETA", softkver_h]) check_call_noisy(["egrep", "#define *NSS_VERSION|#define *NSS_BETA", nss_h]) def remove_beta_status(): print "--- removing beta flags. Existing versions were:" print_beta_versions() toggle_beta_status(False) print "--- finished modifications, new versions are:" print_beta_versions() def set_beta_status(): print "--- adding beta flags. Existing versions were:" print_beta_versions() toggle_beta_status(True) print "--- finished modifications, new versions are:" print_beta_versions() def print_library_versions(): check_files_exist() check_call_noisy(["egrep", "#define *NSSUTIL_VERSION|#define NSSUTIL_VMAJOR|#define *NSSUTIL_VMINOR|#define *NSSUTIL_VPATCH|#define *NSSUTIL_VBUILD|#define *NSSUTIL_BETA", nssutil_h]) check_call_noisy(["egrep", "#define *SOFTOKEN_VERSION|#define SOFTOKEN_VMAJOR|#define *SOFTOKEN_VMINOR|#define *SOFTOKEN_VPATCH|#define *SOFTOKEN_VBUILD|#define *SOFTOKEN_BETA", softkver_h]) check_call_noisy(["egrep", "#define *NSS_VERSION|#define NSS_VMAJOR|#define *NSS_VMINOR|#define *NSS_VPATCH|#define *NSS_VBUILD|#define *NSS_BETA", nss_h]) def print_root_ca_version(): check_files_exist() check_call_noisy(["grep", "define *NSS_BUILTINS_LIBRARY_VERSION", nssckbi_h]) def ensure_arguments_after_action(how_many, usage): if (len(sys.argv) != (2+how_many)): exit_with_failure("incorrect number of arguments, expected parameters are:\n" + usage) def set_major_versions(major): sed_inplace('s/^\(#define *NSSUTIL_VMAJOR *\).*$/\\1' + major + '/', nssutil_h) sed_inplace('s/^\(#define *SOFTOKEN_VMAJOR *\).*$/\\1' + major + '/', softkver_h) sed_inplace('s/^\(#define *NSS_VMAJOR *\).*$/\\1' + major + '/', nss_h) def set_minor_versions(minor): sed_inplace('s/^\(#define *NSSUTIL_VMINOR *\).*$/\\1' + minor + '/', nssutil_h) sed_inplace('s/^\(#define *SOFTOKEN_VMINOR *\).*$/\\1' + minor + '/', softkver_h) sed_inplace('s/^\(#define *NSS_VMINOR *\).*$/\\1' + minor + '/', nss_h) def set_patch_versions(patch): sed_inplace('s/^\(#define *NSSUTIL_VPATCH *\).*$/\\1' + patch + '/', nssutil_h) sed_inplace('s/^\(#define *SOFTOKEN_VPATCH *\).*$/\\1' + patch + '/', softkver_h) sed_inplace('s/^\(#define *NSS_VPATCH *\).*$/\\1' + patch + '/', nss_h) def set_build_versions(build): sed_inplace('s/^\(#define *NSSUTIL_VBUILD *\).*$/\\1' + build + '/', nssutil_h) sed_inplace('s/^\(#define *SOFTOKEN_VBUILD *\).*$/\\1' + build + '/', softkver_h) sed_inplace('s/^\(#define *NSS_VBUILD *\).*$/\\1' + build + '/', nss_h) def set_full_lib_versions(version): sed_inplace('s/^\(#define *NSSUTIL_VERSION *\"\)\([0-9.]\+\)\(.*\)$/\\1' + version + '\\3/', nssutil_h) sed_inplace('s/^\(#define *SOFTOKEN_VERSION *\"\)\([0-9.]\+\)\(.*\)$/\\1' + version + '\\3/', softkver_h) sed_inplace('s/^\(#define *NSS_VERSION *\"\)\([0-9.]\+\)\(.*\)$/\\1' + version + '\\3/', nss_h) def set_root_ca_version(): ensure_arguments_after_action(2, "major_version minor_version") major = args[1].strip() minor = args[2].strip() version = major + '.' + minor sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION *\"\).*$/\\1' + version + '/', nssckbi_h) sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION_MAJOR *\).*$/\\1' + major + '/', nssckbi_h) sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION_MINOR *\).*$/\\1' + minor + '/', nssckbi_h) def set_all_lib_versions(version, major, minor, patch, build): grep_major = check_output(['grep', 'define.*NSS_VMAJOR', nss_h]) grep_minor = check_output(['grep', 'define.*NSS_VMINOR', nss_h]) old_major = int(grep_major.split()[2]); old_minor = int(grep_minor.split()[2]); new_major = int(major) new_minor = int(minor) if (old_major < new_major or (old_major == new_major and old_minor < new_minor)): print "You're increasing the minor (or major) version:" print "- erasing ABI comparison expectations" new_branch = "NSS_" + str(old_major) + "_" + str(old_minor) + "_BRANCH" print "- setting reference branch to the branch of the previous version: " + new_branch with open(abi_base_version_file, "w") as abi_base: abi_base.write("%s\n" % new_branch) for report_file in abi_report_files: with open(report_file, "w") as report_file_handle: report_file_handle.truncate() set_full_lib_versions(version) set_major_versions(major) set_minor_versions(minor) set_patch_versions(patch) set_build_versions(build) def set_version_to_minor_release(): ensure_arguments_after_action(2, "major_version minor_version") major = args[1].strip() minor = args[2].strip() version = major + '.' + minor patch = "0" build = "0" set_all_lib_versions(version, major, minor, patch, build) def set_version_to_patch_release(): ensure_arguments_after_action(3, "major_version minor_version patch_release") major = args[1].strip() minor = args[2].strip() patch = args[3].strip() version = major + '.' + minor + '.' + patch build = "0" set_all_lib_versions(version, major, minor, patch, build) def set_release_candidate_number(): ensure_arguments_after_action(1, "release_candidate_number") build = args[1].strip() set_build_versions(build) def set_4_digit_release_number(): ensure_arguments_after_action(4, "major_version minor_version patch_release 4th_digit_release_number") major = args[1].strip() minor = args[2].strip() patch = args[3].strip() build = args[4].strip() version = major + '.' + minor + '.' + patch + '.' + build set_all_lib_versions(version, major, minor, patch, build) def create_nss_release_archive(): ensure_arguments_after_action(3, "nss_release_version nss_hg_release_tag path_to_stage_directory") nssrel = args[1].strip() #e.g. 3.19.3 nssreltag = args[2].strip() #e.g. NSS_3_19_3_RTM stagedir = args[3].strip() #e.g. ../stage with open('automation/release/nspr-version.txt') as nspr_version_file: nsprrel = next(nspr_version_file).strip() nspr_tar = "nspr-" + nsprrel + ".tar.gz" nsprtar_with_path= stagedir + "/v" + nsprrel + "/src/" + nspr_tar if (not os.path.exists(nsprtar_with_path)): exit_with_failure("cannot find nspr archive at expected location " + nsprtar_with_path) nss_stagedir= stagedir + "/" + nssreltag + "/src" if (os.path.exists(nss_stagedir)): exit_with_failure("nss stage directory already exists: " + nss_stagedir) nss_tar = "nss-" + nssrel + ".tar.gz" check_call_noisy(["mkdir", "-p", nss_stagedir]) check_call_noisy(["hg", "archive", "-r", nssreltag, "--prefix=nss-" + nssrel + "/nss", stagedir + "/" + nssreltag + "/src/" + nss_tar, "-X", ".hgtags"]) check_call_noisy(["tar", "-xz", "-C", nss_stagedir, "-f", nsprtar_with_path]) print "changing to directory " + nss_stagedir os.chdir(nss_stagedir) check_call_noisy(["tar", "-xz", "-f", nss_tar]) check_call_noisy(["mv", "-i", "nspr-" + nsprrel + "/nspr", "nss-" + nssrel + "/"]) check_call_noisy(["rmdir", "nspr-" + nsprrel]) nss_nspr_tar = "nss-" + nssrel + "-with-nspr-" + nsprrel + ".tar.gz" check_call_noisy(["tar", "-cz", "--remove-files", "-f", nss_nspr_tar, "nss-" + nssrel]) check_call("sha1sum " + nss_tar + " " + nss_nspr_tar + " > SHA1SUMS", shell=True) check_call("sha256sum " + nss_tar + " " + nss_nspr_tar + " > SHA256SUMS", shell=True) print "created directory " + nss_stagedir + " with files:" check_call_noisy(["ls", "-l"]) if action in ('remove_beta'): remove_beta_status() elif action in ('set_beta'): set_beta_status() elif action in ('print_library_versions'): print_library_versions() elif action in ('print_root_ca_version'): print_root_ca_version() elif action in ('set_root_ca_version'): set_root_ca_version() # x.y version number - 2 parameters elif action in ('set_version_to_minor_release'): set_version_to_minor_release() # x.y.z version number - 3 parameters elif action in ('set_version_to_patch_release'): set_version_to_patch_release() # change the release candidate number, usually increased by one, # usually if previous release candiate had a bug # 1 parameter elif action in ('set_release_candidate_number'): set_release_candidate_number() # use the build/release candiate number in the identifying version number # 4 parameters elif action in ('set_4_digit_release_number'): set_4_digit_release_number() elif action in ('create_nss_release_archive'): create_nss_release_archive() else: o.print_help() sys.exit(2) sys.exit(0) nss-pem.git/nss/nss/automation/taskcluster/0000775000000000000000000000000013252671167016256 5ustar nss-pem.git/nss/nss/automation/taskcluster/docker/0000775000000000000000000000000013252671167017525 5ustar nss-pem.git/nss/nss/automation/taskcluster/docker/Dockerfile0000664000000000000000000000125713252671167021524 0ustar FROM ubuntu:16.04 MAINTAINER Tim Taubert RUN useradd -d /home/worker -s /bin/bash -m worker WORKDIR /home/worker # Add build and test scripts. ADD bin /home/worker/bin RUN chmod +x /home/worker/bin/* # Install dependencies. ADD setup.sh /tmp/setup.sh RUN bash /tmp/setup.sh # Change user. USER worker # Env variables. ENV HOME /home/worker ENV SHELL /bin/bash ENV USER worker ENV LOGNAME worker ENV HOSTNAME taskcluster-worker ENV LANG en_US.UTF-8 ENV LC_ALL en_US.UTF-8 ENV HOST localhost ENV DOMSUF localdomain # Rust + Go ENV PATH "${PATH}:/home/worker/.cargo/bin/:/usr/lib/go-1.6/bin" # Set a default command for debugging. CMD ["/bin/bash", "--login"] nss-pem.git/nss/nss/automation/taskcluster/docker/bin/0000775000000000000000000000000013252671167020275 5ustar nss-pem.git/nss/nss/automation/taskcluster/docker/bin/checkout.sh0000664000000000000000000000062113252671167022435 0ustar #!/usr/bin/env bash set -v -e -x if [ $(id -u) = 0 ]; then # Drop privileges by re-running this script. exec su worker $0 fi # Default values for testing. REVISION=${NSS_HEAD_REVISION:-default} REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss} # Clone NSS. for i in 0 2 5; do sleep $i hg clone -r $REVISION $REPOSITORY nss && exit 0 rm -rf nss done exit 1 nss-pem.git/nss/nss/automation/taskcluster/docker/setup.sh0000664000000000000000000000413113252671167021220 0ustar #!/usr/bin/env bash set -v -e -x # Update packages. export DEBIAN_FRONTEND=noninteractive apt-get -y update && apt-get -y upgrade # Need this to add keys for PPAs below. apt-get install -y --no-install-recommends apt-utils apt_packages=() apt_packages+=('build-essential') apt_packages+=('ca-certificates') apt_packages+=('curl') apt_packages+=('npm') apt_packages+=('git') apt_packages+=('golang-1.6') apt_packages+=('libxml2-utils') apt_packages+=('locales') apt_packages+=('ninja-build') apt_packages+=('pkg-config') apt_packages+=('zlib1g-dev') # 32-bit builds apt_packages+=('lib32z1-dev') apt_packages+=('gcc-multilib') apt_packages+=('g++-multilib') # ct-verif and sanitizers apt_packages+=('valgrind') # Latest Mercurial. apt_packages+=('mercurial') apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" > /etc/apt/sources.list.d/mercurial.list # gcc 4.8 and 6 apt_packages+=('g++-6') apt_packages+=('g++-4.8') apt_packages+=('g++-6-multilib') apt_packages+=('g++-4.8-multilib') apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 60C317803A41BA51845E371A1E9377A2BA9EF27F echo "deb http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu xenial main" > /etc/apt/sources.list.d/toolchain.list # Install packages. apt-get -y update apt-get install -y --no-install-recommends ${apt_packages[@]} # Download clang. curl -LO https://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz curl -LO https://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig # Verify the signature. gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D gpg --verify *.tar.xz.sig # Install into /usr/local/. tar xJvf *.tar.xz -C /usr/local --strip-components=1 # Cleanup. rm *.tar.xz* # Install latest Rust (stable). su worker -c "curl https://sh.rustup.rs -sSf | sh -s -- -y" locale-gen en_US.UTF-8 dpkg-reconfigure locales # Cleanup. rm -rf ~/.ccache ~/.cache apt-get autoremove -y apt-get clean apt-get autoclean rm $0 nss-pem.git/nss/nss/automation/taskcluster/docker-aarch64/0000775000000000000000000000000013252671167020753 5ustar nss-pem.git/nss/nss/automation/taskcluster/docker-aarch64/Dockerfile0000664000000000000000000000122013252671167022740 0ustar FROM franziskus/xenial:aarch64 MAINTAINER Franziskus Kiefer RUN useradd -d /home/worker -s /bin/bash -m worker WORKDIR /home/worker # Add build and test scripts. ADD bin /home/worker/bin RUN chmod +x /home/worker/bin/* # Install dependencies. ADD setup.sh /tmp/setup.sh RUN bash /tmp/setup.sh # Change user. # USER worker # See bug 1347473. # Env variables. ENV HOME /home/worker ENV SHELL /bin/bash ENV USER worker ENV LOGNAME worker ENV HOSTNAME taskcluster-worker ENV LANG en_US.UTF-8 ENV LC_ALL en_US.UTF-8 ENV HOST localhost ENV DOMSUF localdomain # Set a default command for debugging. CMD ["/bin/bash", "--login"] nss-pem.git/nss/nss/automation/taskcluster/docker-aarch64/bin/0000775000000000000000000000000013252671167021523 5ustar nss-pem.git/nss/nss/automation/taskcluster/docker-aarch64/bin/checkout.sh0000775000000000000000000000062113252671167023666 0ustar #!/usr/bin/env bash set -v -e -x if [ $(id -u) = 0 ]; then # Drop privileges by re-running this script. exec su worker $0 fi # Default values for testing. REVISION=${NSS_HEAD_REVISION:-default} REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss} # Clone NSS. for i in 0 2 5; do sleep $i hg clone -r $REVISION $REPOSITORY nss && exit 0 rm -rf nss done exit 1 nss-pem.git/nss/nss/automation/taskcluster/docker-aarch64/setup.sh0000775000000000000000000000213113252671167022447 0ustar #!/usr/bin/env bash set -v -e -x export DEBIAN_FRONTEND=noninteractive apt-get -y update apt-get -y install software-properties-common # Add more repos add-apt-repository "deb http://ports.ubuntu.com/ xenial main restricted universe multiverse" add-apt-repository "deb http://ports.ubuntu.com/ xenial-security main restricted universe multiverse" add-apt-repository "deb http://ports.ubuntu.com/ xenial-updates main restricted universe multiverse" add-apt-repository "deb http://ports.ubuntu.com/ xenial-backports main restricted universe multiverse" # Update. apt-get -y update apt-get -y dist-upgrade apt_packages=() apt_packages+=('build-essential') apt_packages+=('ca-certificates') apt_packages+=('curl') apt_packages+=('libxml2-utils') apt_packages+=('zlib1g-dev') apt_packages+=('ninja-build') apt_packages+=('gyp') apt_packages+=('mercurial') apt_packages+=('locales') # Install packages. apt-get install -y --no-install-recommends ${apt_packages[@]} locale-gen en_US.UTF-8 dpkg-reconfigure locales # Cleanup. rm -rf ~/.ccache ~/.cache apt-get autoremove -y apt-get clean apt-get autoclean rm $0 nss-pem.git/nss/nss/automation/taskcluster/docker-arm/0000775000000000000000000000000013252671167020302 5ustar nss-pem.git/nss/nss/automation/taskcluster/docker-arm/Dockerfile0000664000000000000000000000113613252671167022275 0ustar FROM armv7/armhf-ubuntu:16.04 MAINTAINER Franziskus Kiefer RUN useradd -d /home/worker -s /bin/bash -m worker WORKDIR /home/worker # Add build and test scripts. ADD bin /home/worker/bin RUN chmod +x /home/worker/bin/* # Install dependencies. ADD setup.sh /tmp/setup.sh RUN bash /tmp/setup.sh # Env variables. ENV HOME /home/worker ENV SHELL /bin/bash ENV USER worker ENV LOGNAME worker ENV HOSTNAME taskcluster-worker ENV LANG en_US.UTF-8 ENV LC_ALL en_US.UTF-8 ENV HOST localhost ENV DOMSUF localdomain # Set a default command for debugging. CMD ["/bin/bash", "--login"] nss-pem.git/nss/nss/automation/taskcluster/docker-arm/bin/0000775000000000000000000000000013252671167021052 5ustar nss-pem.git/nss/nss/automation/taskcluster/docker-arm/bin/checkout.sh0000775000000000000000000000105713252671167023221 0ustar #!/usr/bin/env bash set -v -e -x if [ $(id -u) = 0 ]; then # set up fake uname if [ ! -f /bin/uname-real ]; then mv /bin/uname /bin/uname-real ln -s /home/worker/bin/uname.sh /bin/uname fi # Drop privileges by re-running this script. exec su worker $0 fi # Default values for testing. REVISION=${NSS_HEAD_REVISION:-default} REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss} # Clone NSS. for i in 0 2 5; do sleep $i hg clone -r $REVISION $REPOSITORY nss && exit 0 rm -rf nss done exit 1 nss-pem.git/nss/nss/automation/taskcluster/docker-arm/bin/uname.sh0000775000000000000000000000042013252671167022512 0ustar #!/bin/bash args=`getopt rmvs $*` set -- $args for i do if [ "$i" == "-v" ]; then /bin/uname-real -v fi if [ "$i" == "-r" ]; then echo "4.4.16-v7+" fi if [ "$i" == "-m" ]; then echo "armv7l" fi if [ "$i" == "-s" ]; then echo "Linux" fi donenss-pem.git/nss/nss/automation/taskcluster/docker-arm/setup.sh0000775000000000000000000000125213252671167022001 0ustar #!/usr/bin/env bash set -v -e -x export DEBIAN_FRONTEND=noninteractive # Update. apt-get -y update apt-get -y dist-upgrade apt_packages=() apt_packages+=('build-essential') apt_packages+=('ca-certificates') apt_packages+=('curl') apt_packages+=('locales') apt_packages+=('python-dev') apt_packages+=('python-pip') apt_packages+=('python-setuptools') apt_packages+=('zlib1g-dev') # Install packages. apt-get install -y --no-install-recommends ${apt_packages[@]} # Latest Mercurial. pip install --upgrade pip pip install Mercurial locale-gen en_US.UTF-8 dpkg-reconfigure locales # Cleanup. rm -rf ~/.ccache ~/.cache apt-get autoremove -y apt-get clean apt-get autoclean rm $0 nss-pem.git/nss/nss/automation/taskcluster/docker-clang-3.9/0000775000000000000000000000000013252671167021116 5ustar nss-pem.git/nss/nss/automation/taskcluster/docker-clang-3.9/Dockerfile0000664000000000000000000000114213252671167023106 0ustar FROM ubuntu:16.04 MAINTAINER Tim Taubert RUN useradd -d /home/worker -s /bin/bash -m worker WORKDIR /home/worker # Add build and test scripts. ADD bin /home/worker/bin RUN chmod +x /home/worker/bin/* # Install dependencies. ADD setup.sh /tmp/setup.sh RUN bash /tmp/setup.sh # Change user. USER worker # Env variables. ENV HOME /home/worker ENV SHELL /bin/bash ENV USER worker ENV LOGNAME worker ENV HOSTNAME taskcluster-worker ENV LANG en_US.UTF-8 ENV LC_ALL en_US.UTF-8 ENV HOST localhost ENV DOMSUF localdomain # Set a default command for debugging. CMD ["/bin/bash", "--login"] nss-pem.git/nss/nss/automation/taskcluster/docker-clang-3.9/bin/0000775000000000000000000000000013252671167021666 5ustar nss-pem.git/nss/nss/automation/taskcluster/docker-clang-3.9/bin/checkout.sh0000664000000000000000000000062113252671167024026 0ustar #!/usr/bin/env bash set -v -e -x if [ $(id -u) = 0 ]; then # Drop privileges by re-running this script. exec su worker $0 fi # Default values for testing. REVISION=${NSS_HEAD_REVISION:-default} REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss} # Clone NSS. for i in 0 2 5; do sleep $i hg clone -r $REVISION $REPOSITORY nss && exit 0 rm -rf nss done exit 1 nss-pem.git/nss/nss/automation/taskcluster/docker-clang-3.9/setup.sh0000664000000000000000000000246013252671167022614 0ustar #!/usr/bin/env bash set -v -e -x # Update packages. export DEBIAN_FRONTEND=noninteractive apt-get -y update && apt-get -y upgrade # Need this to add keys for PPAs below. apt-get install -y --no-install-recommends apt-utils apt_packages=() apt_packages+=('ca-certificates') apt_packages+=('curl') apt_packages+=('locales') apt_packages+=('xz-utils') # Latest Mercurial. apt_packages+=('mercurial') apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" > /etc/apt/sources.list.d/mercurial.list # Install packages. apt-get -y update apt-get install -y --no-install-recommends ${apt_packages[@]} # Download clang. curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig # Verify the signature. gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D gpg --verify *.tar.xz.sig # Install into /usr/local/. tar xJvf *.tar.xz -C /usr/local --strip-components=1 # Cleanup. rm *.tar.xz* locale-gen en_US.UTF-8 dpkg-reconfigure locales # Cleanup. rm -rf ~/.ccache ~/.cache apt-get autoremove -y apt-get clean apt-get autoclean rm $0 nss-pem.git/nss/nss/automation/taskcluster/docker-decision/0000775000000000000000000000000013252671167021320 5ustar nss-pem.git/nss/nss/automation/taskcluster/docker-decision/Dockerfile0000664000000000000000000000114213252671167023310 0ustar FROM ubuntu:16.04 MAINTAINER Tim Taubert RUN useradd -d /home/worker -s /bin/bash -m worker WORKDIR /home/worker # Add build and test scripts. ADD bin /home/worker/bin RUN chmod +x /home/worker/bin/* # Install dependencies. ADD setup.sh /tmp/setup.sh RUN bash /tmp/setup.sh # Change user. USER worker # Env variables. ENV HOME /home/worker ENV SHELL /bin/bash ENV USER worker ENV LOGNAME worker ENV HOSTNAME taskcluster-worker ENV LANG en_US.UTF-8 ENV LC_ALL en_US.UTF-8 ENV HOST localhost ENV DOMSUF localdomain # Set a default command for debugging. CMD ["/bin/bash", "--login"] nss-pem.git/nss/nss/automation/taskcluster/docker-decision/bin/0000775000000000000000000000000013252671167022070 5ustar nss-pem.git/nss/nss/automation/taskcluster/docker-decision/bin/checkout.sh0000664000000000000000000000045413252671167024234 0ustar #!/usr/bin/env bash set -v -e -x # Default values for testing. REVISION=${NSS_HEAD_REVISION:-default} REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss} # Clone NSS. for i in 0 2 5; do sleep $i hg clone -r $REVISION $REPOSITORY nss && exit 0 rm -rf nss done exit 1 nss-pem.git/nss/nss/automation/taskcluster/docker-decision/setup.sh0000664000000000000000000000154113252671167023015 0ustar #!/usr/bin/env bash set -v -e -x # Update packages. export DEBIAN_FRONTEND=noninteractive apt-get -y update && apt-get -y upgrade # Need those to install newer packages below. apt-get install -y --no-install-recommends apt-utils curl ca-certificates locales # Latest Mercurial. apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" > /etc/apt/sources.list.d/mercurial.list # Install packages. apt-get -y update && apt-get install -y --no-install-recommends mercurial # Latest Node.JS. curl -sL https://deb.nodesource.com/setup_6.x | bash - apt-get install -y --no-install-recommends nodejs locale-gen en_US.UTF-8 dpkg-reconfigure locales # Cleanup. rm -rf ~/.ccache ~/.cache apt-get autoremove -y apt-get clean apt-get autoclean rm $0 nss-pem.git/nss/nss/automation/taskcluster/docker-fuzz/0000775000000000000000000000000013252671167020521 5ustar nss-pem.git/nss/nss/automation/taskcluster/docker-fuzz/Dockerfile0000664000000000000000000000127213252671167022515 0ustar FROM ubuntu:16.04 MAINTAINER Tim Taubert RUN useradd -d /home/worker -s /bin/bash -m worker WORKDIR /home/worker # Add build and test scripts. ADD bin /home/worker/bin RUN chmod +x /home/worker/bin/* # Install dependencies. ADD setup.sh /tmp/setup.sh RUN bash /tmp/setup.sh # Change user. USER worker # Env variables. ENV HOME /home/worker ENV SHELL /bin/bash ENV USER worker ENV LOGNAME worker ENV HOSTNAME taskcluster-worker ENV LANG en_US.UTF-8 ENV LC_ALL en_US.UTF-8 ENV HOST localhost ENV DOMSUF localdomain # LLVM 4.0 ENV PATH "${PATH}:/home/worker/third_party/llvm-build/Release+Asserts/bin/" # Set a default command for debugging. CMD ["/bin/bash", "--login"] nss-pem.git/nss/nss/automation/taskcluster/docker-fuzz/bin/0000775000000000000000000000000013252671167021271 5ustar nss-pem.git/nss/nss/automation/taskcluster/docker-fuzz/bin/checkout.sh0000664000000000000000000000062113252671167023431 0ustar #!/usr/bin/env bash set -v -e -x if [ $(id -u) = 0 ]; then # Drop privileges by re-running this script. exec su worker $0 fi # Default values for testing. REVISION=${NSS_HEAD_REVISION:-default} REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss} # Clone NSS. for i in 0 2 5; do sleep $i hg clone -r $REVISION $REPOSITORY nss && exit 0 rm -rf nss done exit 1 nss-pem.git/nss/nss/automation/taskcluster/docker-fuzz/setup.sh0000664000000000000000000000275413252671167022225 0ustar #!/usr/bin/env bash set -v -e -x # Update packages. export DEBIAN_FRONTEND=noninteractive apt-get -y update && apt-get -y upgrade # Need this to add keys for PPAs below. apt-get install -y --no-install-recommends apt-utils apt_packages=() apt_packages+=('build-essential') apt_packages+=('ca-certificates') apt_packages+=('curl') apt_packages+=('git') apt_packages+=('gyp') apt_packages+=('libssl-dev') apt_packages+=('libxml2-utils') apt_packages+=('locales') apt_packages+=('ninja-build') apt_packages+=('pkg-config') apt_packages+=('zlib1g-dev') # 32-bit builds apt_packages+=('gcc-multilib') apt_packages+=('g++-multilib') # Latest Mercurial. apt_packages+=('mercurial') apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" > /etc/apt/sources.list.d/mercurial.list # Install packages. apt-get -y update apt-get install -y --no-install-recommends ${apt_packages[@]} # 32-bit builds dpkg --add-architecture i386 apt-get -y update apt-get install -y --no-install-recommends libssl-dev:i386 # Install LLVM/clang-4.0. mkdir clang-tmp git clone -n --depth 1 https://chromium.googlesource.com/chromium/src/tools/clang clang-tmp/clang git -C clang-tmp/clang checkout HEAD scripts/update.py clang-tmp/clang/scripts/update.py rm -fr clang-tmp locale-gen en_US.UTF-8 dpkg-reconfigure locales # Cleanup. rm -rf ~/.ccache ~/.cache apt-get autoremove -y apt-get clean apt-get autoclean rm $0 nss-pem.git/nss/nss/automation/taskcluster/docker-gcc-4.4/0000775000000000000000000000000013252671167020562 5ustar nss-pem.git/nss/nss/automation/taskcluster/docker-gcc-4.4/Dockerfile0000664000000000000000000000114213252671167022552 0ustar FROM ubuntu:14.04 MAINTAINER Tim Taubert RUN useradd -d /home/worker -s /bin/bash -m worker WORKDIR /home/worker # Add build and test scripts. ADD bin /home/worker/bin RUN chmod +x /home/worker/bin/* # Install dependencies. ADD setup.sh /tmp/setup.sh RUN bash /tmp/setup.sh # Change user. USER worker # Env variables. ENV HOME /home/worker ENV SHELL /bin/bash ENV USER worker ENV LOGNAME worker ENV HOSTNAME taskcluster-worker ENV LANG en_US.UTF-8 ENV LC_ALL en_US.UTF-8 ENV HOST localhost ENV DOMSUF localdomain # Set a default command for debugging. CMD ["/bin/bash", "--login"] nss-pem.git/nss/nss/automation/taskcluster/docker-gcc-4.4/bin/0000775000000000000000000000000013252671167021332 5ustar nss-pem.git/nss/nss/automation/taskcluster/docker-gcc-4.4/bin/checkout.sh0000664000000000000000000000062113252671167023472 0ustar #!/usr/bin/env bash set -v -e -x if [ $(id -u) = 0 ]; then # Drop privileges by re-running this script. exec su worker $0 fi # Default values for testing. REVISION=${NSS_HEAD_REVISION:-default} REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss} # Clone NSS. for i in 0 2 5; do sleep $i hg clone -r $REVISION $REPOSITORY nss && exit 0 rm -rf nss done exit 1 nss-pem.git/nss/nss/automation/taskcluster/docker-gcc-4.4/setup.sh0000664000000000000000000000111513252671167022254 0ustar #!/usr/bin/env bash set -v -e -x # Update packages. export DEBIAN_FRONTEND=noninteractive apt-get -y update && apt-get -y upgrade apt_packages=() apt_packages+=('ca-certificates') apt_packages+=('g++-4.4') apt_packages+=('gcc-4.4') apt_packages+=('locales') apt_packages+=('make') apt_packages+=('mercurial') apt_packages+=('zlib1g-dev') # Install packages. apt-get -y update apt-get install -y --no-install-recommends ${apt_packages[@]} locale-gen en_US.UTF-8 dpkg-reconfigure locales # Cleanup. rm -rf ~/.ccache ~/.cache apt-get autoremove -y apt-get clean apt-get autoclean rm $0 nss-pem.git/nss/nss/automation/taskcluster/docker-hacl/0000775000000000000000000000000013252671167020432 5ustar nss-pem.git/nss/nss/automation/taskcluster/docker-hacl/Dockerfile0000664000000000000000000000157613252671167022435 0ustar FROM ubuntu:xenial MAINTAINER Franziskus Kiefer # Based on the HACL* image from Benjamin Beurdouche and # the original F* formula with Daniel Fabian # Pinned versions of HACL* (F* and KreMLin are pinned as submodules) ENV haclrepo https://github.com/mitls/hacl-star.git # Define versions of dependencies ENV opamv 4.04.2 ENV haclversion dcd48329d535727dbde93877b124c5ec4a7a2b20 # Install required packages and set versions ADD setup.sh /tmp/setup.sh RUN bash /tmp/setup.sh # Create user, add scripts. RUN useradd -ms /bin/bash worker WORKDIR /home/worker ADD bin /home/worker/bin RUN chmod +x /home/worker/bin/* USER worker # Build F*, HACL*, verify. Install a few more dependencies. ENV OPAMYES true ENV PATH "/home/worker/hacl-star/dependencies/z3/bin:$PATH" ADD setup-user.sh /tmp/setup-user.sh ADD license.txt /tmp/license.txt RUN bash /tmp/setup-user.sh nss-pem.git/nss/nss/automation/taskcluster/docker-hacl/bin/0000775000000000000000000000000013252671167021202 5ustar nss-pem.git/nss/nss/automation/taskcluster/docker-hacl/bin/checkout.sh0000775000000000000000000000062113252671167023345 0ustar #!/usr/bin/env bash set -v -e -x if [ $(id -u) = 0 ]; then # Drop privileges by re-running this script. exec su worker $0 fi # Default values for testing. REVISION=${NSS_HEAD_REVISION:-default} REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss} # Clone NSS. for i in 0 2 5; do sleep $i hg clone -r $REVISION $REPOSITORY nss && exit 0 rm -rf nss done exit 1 nss-pem.git/nss/nss/automation/taskcluster/docker-hacl/license.txt0000664000000000000000000000115213252671167022614 0ustar /* Copyright 2016-2017 INRIA and Microsoft Corporation * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ nss-pem.git/nss/nss/automation/taskcluster/docker-hacl/setup-user.sh0000664000000000000000000000176013252671167023106 0ustar #!/usr/bin/env bash set -v -e -x # Prepare build (OCaml packages) opam init echo ". /home/worker/.opam/opam-init/init.sh > /dev/null 2> /dev/null || true" >> .bashrc opam switch -v ${opamv} opam install ocamlfind batteries sqlite3 fileutils yojson ppx_deriving_yojson zarith pprint menhir ulex process fix wasm stdint # Get the HACL* code git clone ${haclrepo} hacl-star git -C hacl-star checkout ${haclversion} # Prepare submodules, and build, verify, test, and extract c code # This caches the extracted c code (pins the HACL* version). All we need to do # on CI now is comparing the code in this docker image with the one in NSS. opam config exec -- make -C hacl-star prepare -j$(nproc) make -C hacl-star verify-nss -j$(nproc) make -C hacl-star -f Makefile.build snapshots/nss -j$(nproc) KOPTS="-funroll-loops 5" make -C hacl-star/code/curve25519 test -j$(nproc) make -C hacl-star/code/salsa-family test -j$(nproc) make -C hacl-star/code/poly1305 test -j$(nproc) # Cleanup. rm -rf ~/.ccache ~/.cache nss-pem.git/nss/nss/automation/taskcluster/docker-hacl/setup.sh0000664000000000000000000000174613252671167022136 0ustar #!/usr/bin/env bash set -v -e -x # Update packages. export DEBIAN_FRONTEND=noninteractive apt-get -qq update apt-get install --yes libssl-dev libsqlite3-dev g++-5 gcc-5 m4 make opam pkg-config python libgmp3-dev cmake curl libtool-bin autoconf wget locales update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-5 200 update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-5 200 # Get clang-format-3.9 curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig # Verify the signature. gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D gpg --verify *.tar.xz.sig # Install into /usr/local/. tar xJvf *.tar.xz -C /usr/local --strip-components=1 # Cleanup. rm *.tar.xz* locale-gen en_US.UTF-8 dpkg-reconfigure locales # Cleanup. rm -rf ~/.ccache ~/.cache apt-get autoremove -y apt-get clean apt-get autoclean nss-pem.git/nss/nss/automation/taskcluster/graph/0000775000000000000000000000000013252671167017357 5ustar nss-pem.git/nss/nss/automation/taskcluster/graph/npm-shrinkwrap.json0000664000000000000000000017216713252671167023250 0ustar { "name": "decision-task", "version": "0.0.1", "dependencies": { "amqplib": { "version": "0.4.2", "from": "amqplib@>=0.4.1 <0.5.0", "resolved": "https://registry.npmjs.org/amqplib/-/amqplib-0.4.2.tgz", "dependencies": { "isarray": { "version": "0.0.1", "from": "isarray@0.0.1", "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz" }, "readable-stream": { "version": "1.1.14", "from": "readable-stream@>=1.0.0 <2.0.0 >=1.1.9", "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz" } } }, "ansi-regex": { "version": "2.0.0", "from": "ansi-regex@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.0.0.tgz" }, "ansi-styles": { "version": "2.2.1", "from": "ansi-styles@>=2.1.0 <3.0.0", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz" }, "anymatch": { "version": "1.3.0", "from": "anymatch@>=1.3.0 <2.0.0", "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-1.3.0.tgz" }, "argparse": { "version": "1.0.9", "from": "argparse@>=1.0.7 <2.0.0", "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.9.tgz" }, "arr-diff": { "version": "2.0.0", "from": "arr-diff@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/arr-diff/-/arr-diff-2.0.0.tgz" }, "arr-flatten": { "version": "1.0.1", "from": "arr-flatten@>=1.0.1 <2.0.0", "resolved": "https://registry.npmjs.org/arr-flatten/-/arr-flatten-1.0.1.tgz" }, "array-find-index": { "version": "1.0.2", "from": "array-find-index@>=1.0.1 <2.0.0", "resolved": "https://registry.npmjs.org/array-find-index/-/array-find-index-1.0.2.tgz" }, "array-uniq": { "version": "1.0.3", "from": "array-uniq@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/array-uniq/-/array-uniq-1.0.3.tgz" }, "array-unique": { "version": "0.2.1", "from": "array-unique@>=0.2.1 <0.3.0", "resolved": "https://registry.npmjs.org/array-unique/-/array-unique-0.2.1.tgz" }, "arrify": { "version": "1.0.1", "from": "arrify@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz" }, "asap": { "version": "1.0.0", "from": "asap@>=1.0.0 <1.1.0", "resolved": "https://registry.npmjs.org/asap/-/asap-1.0.0.tgz" }, "asn1": { "version": "0.2.3", "from": "asn1@>=0.2.3 <0.3.0", "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz" }, "assert-plus": { "version": "0.2.0", "from": "assert-plus@>=0.2.0 <0.3.0", "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-0.2.0.tgz" }, "async": { "version": "2.1.1", "from": "async@*", "resolved": "https://registry.npmjs.org/async/-/async-2.1.1.tgz" }, "async-each": { "version": "1.0.1", "from": "async-each@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/async-each/-/async-each-1.0.1.tgz" }, "asynckit": { "version": "0.4.0", "from": "asynckit@>=0.4.0 <0.5.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz" }, "aws-sign2": { "version": "0.6.0", "from": "aws-sign2@>=0.6.0 <0.7.0", "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.6.0.tgz" }, "aws4": { "version": "1.5.0", "from": "aws4@>=1.2.1 <2.0.0", "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.5.0.tgz" }, "babel-cli": { "version": "6.16.0", "from": "babel-cli@>=6.14.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-cli/-/babel-cli-6.16.0.tgz" }, "babel-code-frame": { "version": "6.16.0", "from": "babel-code-frame@>=6.16.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-code-frame/-/babel-code-frame-6.16.0.tgz" }, "babel-compile": { "version": "2.0.0", "from": "babel-compile@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/babel-compile/-/babel-compile-2.0.0.tgz" }, "babel-core": { "version": "6.17.0", "from": "babel-core@>=6.16.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-core/-/babel-core-6.17.0.tgz" }, "babel-generator": { "version": "6.17.0", "from": "babel-generator@>=6.17.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-generator/-/babel-generator-6.17.0.tgz" }, "babel-helper-call-delegate": { "version": "6.8.0", "from": "babel-helper-call-delegate@>=6.8.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-helper-call-delegate/-/babel-helper-call-delegate-6.8.0.tgz" }, "babel-helper-define-map": { "version": "6.9.0", "from": "babel-helper-define-map@>=6.9.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-helper-define-map/-/babel-helper-define-map-6.9.0.tgz" }, "babel-helper-function-name": { "version": "6.8.0", "from": "babel-helper-function-name@>=6.8.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-helper-function-name/-/babel-helper-function-name-6.8.0.tgz" }, "babel-helper-get-function-arity": { "version": "6.8.0", "from": "babel-helper-get-function-arity@>=6.8.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-helper-get-function-arity/-/babel-helper-get-function-arity-6.8.0.tgz" }, "babel-helper-hoist-variables": { "version": "6.8.0", "from": "babel-helper-hoist-variables@>=6.8.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-helper-hoist-variables/-/babel-helper-hoist-variables-6.8.0.tgz" }, "babel-helper-optimise-call-expression": { "version": "6.8.0", "from": "babel-helper-optimise-call-expression@>=6.8.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-helper-optimise-call-expression/-/babel-helper-optimise-call-expression-6.8.0.tgz" }, "babel-helper-regex": { "version": "6.9.0", "from": "babel-helper-regex@>=6.8.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-helper-regex/-/babel-helper-regex-6.9.0.tgz" }, "babel-helper-remap-async-to-generator": { "version": "6.16.2", "from": "babel-helper-remap-async-to-generator@>=6.16.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-helper-remap-async-to-generator/-/babel-helper-remap-async-to-generator-6.16.2.tgz" }, "babel-helper-replace-supers": { "version": "6.16.0", "from": "babel-helper-replace-supers@>=6.14.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-helper-replace-supers/-/babel-helper-replace-supers-6.16.0.tgz" }, "babel-helpers": { "version": "6.16.0", "from": "babel-helpers@>=6.16.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-helpers/-/babel-helpers-6.16.0.tgz" }, "babel-messages": { "version": "6.8.0", "from": "babel-messages@>=6.8.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-messages/-/babel-messages-6.8.0.tgz" }, "babel-plugin-check-es2015-constants": { "version": "6.8.0", "from": "babel-plugin-check-es2015-constants@>=6.3.13 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-check-es2015-constants/-/babel-plugin-check-es2015-constants-6.8.0.tgz" }, "babel-plugin-syntax-async-functions": { "version": "6.13.0", "from": "babel-plugin-syntax-async-functions@>=6.8.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-syntax-async-functions/-/babel-plugin-syntax-async-functions-6.13.0.tgz" }, "babel-plugin-transform-async-to-generator": { "version": "6.16.0", "from": "babel-plugin-transform-async-to-generator@>=6.8.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-async-to-generator/-/babel-plugin-transform-async-to-generator-6.16.0.tgz" }, "babel-plugin-transform-es2015-arrow-functions": { "version": "6.8.0", "from": "babel-plugin-transform-es2015-arrow-functions@>=6.3.13 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-arrow-functions/-/babel-plugin-transform-es2015-arrow-functions-6.8.0.tgz" }, "babel-plugin-transform-es2015-block-scoped-functions": { "version": "6.8.0", "from": "babel-plugin-transform-es2015-block-scoped-functions@>=6.3.13 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-block-scoped-functions/-/babel-plugin-transform-es2015-block-scoped-functions-6.8.0.tgz" }, "babel-plugin-transform-es2015-block-scoping": { "version": "6.15.0", "from": "babel-plugin-transform-es2015-block-scoping@>=6.14.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-block-scoping/-/babel-plugin-transform-es2015-block-scoping-6.15.0.tgz" }, "babel-plugin-transform-es2015-classes": { "version": "6.14.0", "from": "babel-plugin-transform-es2015-classes@>=6.14.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-classes/-/babel-plugin-transform-es2015-classes-6.14.0.tgz" }, "babel-plugin-transform-es2015-computed-properties": { "version": "6.8.0", "from": "babel-plugin-transform-es2015-computed-properties@>=6.3.13 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-computed-properties/-/babel-plugin-transform-es2015-computed-properties-6.8.0.tgz" }, "babel-plugin-transform-es2015-destructuring": { "version": "6.16.0", "from": "babel-plugin-transform-es2015-destructuring@>=6.16.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-destructuring/-/babel-plugin-transform-es2015-destructuring-6.16.0.tgz" }, "babel-plugin-transform-es2015-duplicate-keys": { "version": "6.8.0", "from": "babel-plugin-transform-es2015-duplicate-keys@>=6.6.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-duplicate-keys/-/babel-plugin-transform-es2015-duplicate-keys-6.8.0.tgz" }, "babel-plugin-transform-es2015-for-of": { "version": "6.8.0", "from": "babel-plugin-transform-es2015-for-of@>=6.6.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-for-of/-/babel-plugin-transform-es2015-for-of-6.8.0.tgz" }, "babel-plugin-transform-es2015-function-name": { "version": "6.9.0", "from": "babel-plugin-transform-es2015-function-name@>=6.9.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-function-name/-/babel-plugin-transform-es2015-function-name-6.9.0.tgz" }, "babel-plugin-transform-es2015-literals": { "version": "6.8.0", "from": "babel-plugin-transform-es2015-literals@>=6.3.13 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-literals/-/babel-plugin-transform-es2015-literals-6.8.0.tgz" }, "babel-plugin-transform-es2015-modules-amd": { "version": "6.8.0", "from": "babel-plugin-transform-es2015-modules-amd@>=6.8.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-modules-amd/-/babel-plugin-transform-es2015-modules-amd-6.8.0.tgz" }, "babel-plugin-transform-es2015-modules-commonjs": { "version": "6.16.0", "from": "babel-plugin-transform-es2015-modules-commonjs@>=6.16.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-modules-commonjs/-/babel-plugin-transform-es2015-modules-commonjs-6.16.0.tgz" }, "babel-plugin-transform-es2015-modules-systemjs": { "version": "6.14.0", "from": "babel-plugin-transform-es2015-modules-systemjs@>=6.14.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-modules-systemjs/-/babel-plugin-transform-es2015-modules-systemjs-6.14.0.tgz" }, "babel-plugin-transform-es2015-modules-umd": { "version": "6.12.0", "from": "babel-plugin-transform-es2015-modules-umd@>=6.12.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-modules-umd/-/babel-plugin-transform-es2015-modules-umd-6.12.0.tgz" }, "babel-plugin-transform-es2015-object-super": { "version": "6.8.0", "from": "babel-plugin-transform-es2015-object-super@>=6.3.13 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-object-super/-/babel-plugin-transform-es2015-object-super-6.8.0.tgz" }, "babel-plugin-transform-es2015-parameters": { "version": "6.17.0", "from": "babel-plugin-transform-es2015-parameters@>=6.16.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-parameters/-/babel-plugin-transform-es2015-parameters-6.17.0.tgz" }, "babel-plugin-transform-es2015-shorthand-properties": { "version": "6.8.0", "from": "babel-plugin-transform-es2015-shorthand-properties@>=6.3.13 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-shorthand-properties/-/babel-plugin-transform-es2015-shorthand-properties-6.8.0.tgz" }, "babel-plugin-transform-es2015-spread": { "version": "6.8.0", "from": "babel-plugin-transform-es2015-spread@>=6.3.13 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-spread/-/babel-plugin-transform-es2015-spread-6.8.0.tgz" }, "babel-plugin-transform-es2015-sticky-regex": { "version": "6.8.0", "from": "babel-plugin-transform-es2015-sticky-regex@>=6.3.13 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-sticky-regex/-/babel-plugin-transform-es2015-sticky-regex-6.8.0.tgz" }, "babel-plugin-transform-es2015-template-literals": { "version": "6.8.0", "from": "babel-plugin-transform-es2015-template-literals@>=6.6.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-template-literals/-/babel-plugin-transform-es2015-template-literals-6.8.0.tgz" }, "babel-plugin-transform-es2015-typeof-symbol": { "version": "6.8.0", "from": "babel-plugin-transform-es2015-typeof-symbol@>=6.6.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-typeof-symbol/-/babel-plugin-transform-es2015-typeof-symbol-6.8.0.tgz" }, "babel-plugin-transform-es2015-unicode-regex": { "version": "6.11.0", "from": "babel-plugin-transform-es2015-unicode-regex@>=6.3.13 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-unicode-regex/-/babel-plugin-transform-es2015-unicode-regex-6.11.0.tgz" }, "babel-plugin-transform-regenerator": { "version": "6.16.1", "from": "babel-plugin-transform-regenerator@>=6.16.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-regenerator/-/babel-plugin-transform-regenerator-6.16.1.tgz" }, "babel-plugin-transform-runtime": { "version": "6.15.0", "from": "babel-plugin-transform-runtime@>=6.9.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-runtime/-/babel-plugin-transform-runtime-6.15.0.tgz" }, "babel-plugin-transform-strict-mode": { "version": "6.11.3", "from": "babel-plugin-transform-strict-mode@>=6.8.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-plugin-transform-strict-mode/-/babel-plugin-transform-strict-mode-6.11.3.tgz" }, "babel-polyfill": { "version": "6.16.0", "from": "babel-polyfill@>=6.16.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-polyfill/-/babel-polyfill-6.16.0.tgz" }, "babel-preset-es2015": { "version": "6.16.0", "from": "babel-preset-es2015@>=6.9.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-preset-es2015/-/babel-preset-es2015-6.16.0.tgz" }, "babel-preset-taskcluster": { "version": "3.0.0", "from": "babel-preset-taskcluster@>=3.0.0 <4.0.0", "resolved": "https://registry.npmjs.org/babel-preset-taskcluster/-/babel-preset-taskcluster-3.0.0.tgz" }, "babel-register": { "version": "6.16.3", "from": "babel-register@>=6.16.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-register/-/babel-register-6.16.3.tgz" }, "babel-runtime": { "version": "6.11.6", "from": "babel-runtime@>=6.11.6 <7.0.0", "resolved": "https://registry.npmjs.org/babel-runtime/-/babel-runtime-6.11.6.tgz" }, "babel-template": { "version": "6.16.0", "from": "babel-template@>=6.16.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-template/-/babel-template-6.16.0.tgz" }, "babel-traverse": { "version": "6.16.0", "from": "babel-traverse@>=6.16.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-traverse/-/babel-traverse-6.16.0.tgz" }, "babel-types": { "version": "6.16.0", "from": "babel-types@>=6.16.0 <7.0.0", "resolved": "https://registry.npmjs.org/babel-types/-/babel-types-6.16.0.tgz" }, "babylon": { "version": "6.11.6", "from": "babylon@>=6.11.0 <7.0.0", "resolved": "https://registry.npmjs.org/babylon/-/babylon-6.11.6.tgz" }, "balanced-match": { "version": "0.4.2", "from": "balanced-match@>=0.4.1 <0.5.0", "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-0.4.2.tgz" }, "bcrypt-pbkdf": { "version": "1.0.0", "from": "bcrypt-pbkdf@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.0.tgz" }, "bin-version": { "version": "1.0.4", "from": "bin-version@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/bin-version/-/bin-version-1.0.4.tgz" }, "bin-version-check": { "version": "2.1.0", "from": "bin-version-check@>=2.1.0 <3.0.0", "resolved": "https://registry.npmjs.org/bin-version-check/-/bin-version-check-2.1.0.tgz" }, "binary-extensions": { "version": "1.7.0", "from": "binary-extensions@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-1.7.0.tgz" }, "bitsyntax": { "version": "0.0.4", "from": "bitsyntax@>=0.0.4 <0.1.0", "resolved": "https://registry.npmjs.org/bitsyntax/-/bitsyntax-0.0.4.tgz" }, "bl": { "version": "1.1.2", "from": "bl@>=1.1.2 <1.2.0", "resolved": "https://registry.npmjs.org/bl/-/bl-1.1.2.tgz", "dependencies": { "readable-stream": { "version": "2.0.6", "from": "readable-stream@>=2.0.5 <2.1.0", "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.0.6.tgz" } } }, "boom": { "version": "2.10.1", "from": "boom@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/boom/-/boom-2.10.1.tgz" }, "brace-expansion": { "version": "1.1.6", "from": "brace-expansion@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.6.tgz" }, "braces": { "version": "1.8.5", "from": "braces@>=1.8.2 <2.0.0", "resolved": "https://registry.npmjs.org/braces/-/braces-1.8.5.tgz" }, "buffer-more-ints": { "version": "0.0.2", "from": "buffer-more-ints@0.0.2", "resolved": "https://registry.npmjs.org/buffer-more-ints/-/buffer-more-ints-0.0.2.tgz" }, "buffer-shims": { "version": "1.0.0", "from": "buffer-shims@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/buffer-shims/-/buffer-shims-1.0.0.tgz" }, "builtin-modules": { "version": "1.1.1", "from": "builtin-modules@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-1.1.1.tgz" }, "camelcase": { "version": "2.1.1", "from": "camelcase@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-2.1.1.tgz" }, "camelcase-keys": { "version": "2.1.0", "from": "camelcase-keys@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/camelcase-keys/-/camelcase-keys-2.1.0.tgz" }, "caseless": { "version": "0.11.0", "from": "caseless@>=0.11.0 <0.12.0", "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.11.0.tgz" }, "chalk": { "version": "1.1.1", "from": "chalk@1.1.1", "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.1.tgz" }, "chokidar": { "version": "1.6.0", "from": "chokidar@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-1.6.0.tgz" }, "combined-stream": { "version": "1.0.5", "from": "combined-stream@>=1.0.5 <1.1.0", "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.5.tgz" }, "commander": { "version": "2.9.0", "from": "commander@>=2.8.1 <3.0.0", "resolved": "https://registry.npmjs.org/commander/-/commander-2.9.0.tgz" }, "component-emitter": { "version": "1.2.1", "from": "component-emitter@>=1.2.0 <1.3.0", "resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.2.1.tgz" }, "concat-map": { "version": "0.0.1", "from": "concat-map@0.0.1", "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz" }, "convert-source-map": { "version": "1.3.0", "from": "convert-source-map@>=1.1.0 <2.0.0", "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.3.0.tgz" }, "cookiejar": { "version": "2.0.6", "from": "cookiejar@2.0.6", "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.0.6.tgz" }, "core-js": { "version": "2.4.1", "from": "core-js@>=2.4.0 <3.0.0", "resolved": "https://registry.npmjs.org/core-js/-/core-js-2.4.1.tgz" }, "core-util-is": { "version": "1.0.2", "from": "core-util-is@>=1.0.0 <1.1.0", "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz" }, "cryptiles": { "version": "2.0.5", "from": "cryptiles@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/cryptiles/-/cryptiles-2.0.5.tgz" }, "currently-unhandled": { "version": "0.4.1", "from": "currently-unhandled@>=0.4.1 <0.5.0", "resolved": "https://registry.npmjs.org/currently-unhandled/-/currently-unhandled-0.4.1.tgz" }, "dashdash": { "version": "1.14.0", "from": "dashdash@>=1.12.0 <2.0.0", "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.0.tgz", "dependencies": { "assert-plus": { "version": "1.0.0", "from": "assert-plus@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz" } } }, "debug": { "version": "2.2.0", "from": "debug@>=2.1.1 <3.0.0", "resolved": "https://registry.npmjs.org/debug/-/debug-2.2.0.tgz" }, "decamelize": { "version": "1.2.0", "from": "decamelize@>=1.1.2 <2.0.0", "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz" }, "delayed-stream": { "version": "1.0.0", "from": "delayed-stream@>=1.0.0 <1.1.0", "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz" }, "detect-indent": { "version": "3.0.1", "from": "detect-indent@>=3.0.1 <4.0.0", "resolved": "https://registry.npmjs.org/detect-indent/-/detect-indent-3.0.1.tgz" }, "ecc-jsbn": { "version": "0.1.1", "from": "ecc-jsbn@>=0.1.1 <0.2.0", "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz" }, "error-ex": { "version": "1.3.0", "from": "error-ex@>=1.2.0 <2.0.0", "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.0.tgz" }, "escape-string-regexp": { "version": "1.0.5", "from": "escape-string-regexp@>=1.0.2 <2.0.0", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz" }, "esprima": { "version": "2.7.3", "from": "esprima@>=2.6.0 <3.0.0", "resolved": "https://registry.npmjs.org/esprima/-/esprima-2.7.3.tgz" }, "esutils": { "version": "2.0.2", "from": "esutils@>=2.0.2 <3.0.0", "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.2.tgz" }, "eventsource": { "version": "0.1.6", "from": "eventsource@>=0.1.6 <0.2.0", "resolved": "https://registry.npmjs.org/eventsource/-/eventsource-0.1.6.tgz" }, "expand-brackets": { "version": "0.1.5", "from": "expand-brackets@>=0.1.4 <0.2.0", "resolved": "https://registry.npmjs.org/expand-brackets/-/expand-brackets-0.1.5.tgz" }, "expand-range": { "version": "1.8.2", "from": "expand-range@>=1.8.1 <2.0.0", "resolved": "https://registry.npmjs.org/expand-range/-/expand-range-1.8.2.tgz" }, "extend": { "version": "3.0.0", "from": "extend@>=3.0.0 <3.1.0", "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.0.tgz" }, "extglob": { "version": "0.3.2", "from": "extglob@>=0.3.1 <0.4.0", "resolved": "https://registry.npmjs.org/extglob/-/extglob-0.3.2.tgz" }, "extsprintf": { "version": "1.0.2", "from": "extsprintf@1.0.2", "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.0.2.tgz" }, "faye-websocket": { "version": "0.11.0", "from": "faye-websocket@>=0.11.0 <0.12.0", "resolved": "https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.0.tgz" }, "filename-regex": { "version": "2.0.0", "from": "filename-regex@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/filename-regex/-/filename-regex-2.0.0.tgz" }, "fill-range": { "version": "2.2.3", "from": "fill-range@>=2.1.0 <3.0.0", "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-2.2.3.tgz" }, "find-up": { "version": "1.1.2", "from": "find-up@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/find-up/-/find-up-1.1.2.tgz", "dependencies": { "path-exists": { "version": "2.1.0", "from": "path-exists@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-2.1.0.tgz" } } }, "find-versions": { "version": "1.2.1", "from": "find-versions@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/find-versions/-/find-versions-1.2.1.tgz" }, "flatmap": { "version": "0.0.3", "from": "flatmap@0.0.3", "resolved": "https://registry.npmjs.org/flatmap/-/flatmap-0.0.3.tgz" }, "for-in": { "version": "0.1.6", "from": "for-in@>=0.1.5 <0.2.0", "resolved": "https://registry.npmjs.org/for-in/-/for-in-0.1.6.tgz" }, "for-own": { "version": "0.1.4", "from": "for-own@>=0.1.3 <0.2.0", "resolved": "https://registry.npmjs.org/for-own/-/for-own-0.1.4.tgz" }, "forever-agent": { "version": "0.6.1", "from": "forever-agent@>=0.6.1 <0.7.0", "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz" }, "form-data": { "version": "2.0.0", "from": "form-data@>=2.0.0 <2.1.0", "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.0.0.tgz" }, "formidable": { "version": "1.0.17", "from": "formidable@>=1.0.14 <1.1.0", "resolved": "https://registry.npmjs.org/formidable/-/formidable-1.0.17.tgz" }, "fs-readdir-recursive": { "version": "0.1.2", "from": "fs-readdir-recursive@>=0.1.0 <0.2.0", "resolved": "https://registry.npmjs.org/fs-readdir-recursive/-/fs-readdir-recursive-0.1.2.tgz" }, "fs-walk": { "version": "0.0.1", "from": "fs-walk@0.0.1", "resolved": "https://registry.npmjs.org/fs-walk/-/fs-walk-0.0.1.tgz" }, "fs.realpath": { "version": "1.0.0", "from": "fs.realpath@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz" }, "generate-function": { "version": "2.0.0", "from": "generate-function@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/generate-function/-/generate-function-2.0.0.tgz" }, "generate-object-property": { "version": "1.2.0", "from": "generate-object-property@>=1.1.0 <2.0.0", "resolved": "https://registry.npmjs.org/generate-object-property/-/generate-object-property-1.2.0.tgz" }, "get-stdin": { "version": "4.0.1", "from": "get-stdin@>=4.0.1 <5.0.0", "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-4.0.1.tgz" }, "getpass": { "version": "0.1.6", "from": "getpass@>=0.1.1 <0.2.0", "resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.6.tgz", "dependencies": { "assert-plus": { "version": "1.0.0", "from": "assert-plus@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz" } } }, "glob": { "version": "5.0.15", "from": "glob@>=5.0.5 <6.0.0", "resolved": "https://registry.npmjs.org/glob/-/glob-5.0.15.tgz" }, "glob-base": { "version": "0.3.0", "from": "glob-base@>=0.3.0 <0.4.0", "resolved": "https://registry.npmjs.org/glob-base/-/glob-base-0.3.0.tgz" }, "glob-parent": { "version": "2.0.0", "from": "glob-parent@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-2.0.0.tgz" }, "globals": { "version": "8.18.0", "from": "globals@>=8.3.0 <9.0.0", "resolved": "https://registry.npmjs.org/globals/-/globals-8.18.0.tgz" }, "graceful-fs": { "version": "4.1.9", "from": "graceful-fs@>=4.1.2 <5.0.0", "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.9.tgz" }, "graceful-readlink": { "version": "1.0.1", "from": "graceful-readlink@>=1.0.0", "resolved": "https://registry.npmjs.org/graceful-readlink/-/graceful-readlink-1.0.1.tgz" }, "har-validator": { "version": "2.0.6", "from": "har-validator@>=2.0.6 <2.1.0", "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-2.0.6.tgz" }, "has-ansi": { "version": "2.0.0", "from": "has-ansi@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz" }, "hawk": { "version": "3.1.3", "from": "hawk@>=3.1.3 <3.2.0", "resolved": "https://registry.npmjs.org/hawk/-/hawk-3.1.3.tgz" }, "hoek": { "version": "2.16.3", "from": "hoek@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz" }, "home-or-tmp": { "version": "1.0.0", "from": "home-or-tmp@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/home-or-tmp/-/home-or-tmp-1.0.0.tgz" }, "hosted-git-info": { "version": "2.1.5", "from": "hosted-git-info@>=2.1.4 <3.0.0", "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.1.5.tgz" }, "http-signature": { "version": "1.1.1", "from": "http-signature@>=1.1.0 <1.2.0", "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.1.1.tgz" }, "indent-string": { "version": "2.1.0", "from": "indent-string@>=2.1.0 <3.0.0", "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-2.1.0.tgz", "dependencies": { "repeating": { "version": "2.0.1", "from": "repeating@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/repeating/-/repeating-2.0.1.tgz" } } }, "inflight": { "version": "1.0.6", "from": "inflight@>=1.0.4 <2.0.0", "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz" }, "inherits": { "version": "2.0.3", "from": "inherits@>=2.0.1 <3.0.0", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz" }, "intersect": { "version": "1.0.1", "from": "intersect@>=1.0.1 <2.0.0", "resolved": "https://registry.npmjs.org/intersect/-/intersect-1.0.1.tgz" }, "invariant": { "version": "2.2.1", "from": "invariant@>=2.2.0 <3.0.0", "resolved": "https://registry.npmjs.org/invariant/-/invariant-2.2.1.tgz" }, "is-arrayish": { "version": "0.2.1", "from": "is-arrayish@>=0.2.1 <0.3.0", "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz" }, "is-binary-path": { "version": "1.0.1", "from": "is-binary-path@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-1.0.1.tgz" }, "is-buffer": { "version": "1.1.4", "from": "is-buffer@>=1.0.2 <2.0.0", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.4.tgz" }, "is-builtin-module": { "version": "1.0.0", "from": "is-builtin-module@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-1.0.0.tgz" }, "is-dotfile": { "version": "1.0.2", "from": "is-dotfile@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/is-dotfile/-/is-dotfile-1.0.2.tgz" }, "is-equal-shallow": { "version": "0.1.3", "from": "is-equal-shallow@>=0.1.3 <0.2.0", "resolved": "https://registry.npmjs.org/is-equal-shallow/-/is-equal-shallow-0.1.3.tgz" }, "is-extendable": { "version": "0.1.1", "from": "is-extendable@>=0.1.1 <0.2.0", "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz" }, "is-extglob": { "version": "1.0.0", "from": "is-extglob@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-1.0.0.tgz" }, "is-finite": { "version": "1.0.2", "from": "is-finite@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/is-finite/-/is-finite-1.0.2.tgz" }, "is-glob": { "version": "2.0.1", "from": "is-glob@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-2.0.1.tgz" }, "is-my-json-valid": { "version": "2.15.0", "from": "is-my-json-valid@>=2.12.4 <3.0.0", "resolved": "https://registry.npmjs.org/is-my-json-valid/-/is-my-json-valid-2.15.0.tgz" }, "is-number": { "version": "2.1.0", "from": "is-number@>=2.1.0 <3.0.0", "resolved": "https://registry.npmjs.org/is-number/-/is-number-2.1.0.tgz" }, "is-posix-bracket": { "version": "0.1.1", "from": "is-posix-bracket@>=0.1.0 <0.2.0", "resolved": "https://registry.npmjs.org/is-posix-bracket/-/is-posix-bracket-0.1.1.tgz" }, "is-primitive": { "version": "2.0.0", "from": "is-primitive@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/is-primitive/-/is-primitive-2.0.0.tgz" }, "is-property": { "version": "1.0.2", "from": "is-property@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/is-property/-/is-property-1.0.2.tgz" }, "is-typedarray": { "version": "1.0.0", "from": "is-typedarray@>=1.0.0 <1.1.0", "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz" }, "is-utf8": { "version": "0.2.1", "from": "is-utf8@>=0.2.0 <0.3.0", "resolved": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz" }, "isarray": { "version": "1.0.0", "from": "isarray@1.0.0", "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz" }, "isobject": { "version": "2.1.0", "from": "isobject@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/isobject/-/isobject-2.1.0.tgz" }, "isstream": { "version": "0.1.2", "from": "isstream@>=0.1.2 <0.2.0", "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz" }, "jodid25519": { "version": "1.0.2", "from": "jodid25519@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/jodid25519/-/jodid25519-1.0.2.tgz" }, "js-tokens": { "version": "2.0.0", "from": "js-tokens@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-2.0.0.tgz" }, "js-yaml": { "version": "3.6.1", "from": "js-yaml@>=3.6.1 <4.0.0", "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.6.1.tgz" }, "jsbn": { "version": "0.1.0", "from": "jsbn@>=0.1.0 <0.2.0", "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.0.tgz" }, "jsesc": { "version": "1.3.0", "from": "jsesc@>=1.3.0 <2.0.0", "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-1.3.0.tgz" }, "json-schema": { "version": "0.2.3", "from": "json-schema@0.2.3", "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz" }, "json-stringify-safe": { "version": "5.0.1", "from": "json-stringify-safe@>=5.0.1 <5.1.0", "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz" }, "json3": { "version": "3.3.2", "from": "json3@>=3.3.2 <4.0.0", "resolved": "https://registry.npmjs.org/json3/-/json3-3.3.2.tgz" }, "json5": { "version": "0.4.0", "from": "json5@>=0.4.0 <0.5.0", "resolved": "https://registry.npmjs.org/json5/-/json5-0.4.0.tgz" }, "jsonpointer": { "version": "4.0.0", "from": "jsonpointer@>=4.0.0 <5.0.0", "resolved": "https://registry.npmjs.org/jsonpointer/-/jsonpointer-4.0.0.tgz" }, "jsprim": { "version": "1.3.1", "from": "jsprim@>=1.2.2 <2.0.0", "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.3.1.tgz" }, "kind-of": { "version": "3.0.4", "from": "kind-of@>=3.0.2 <4.0.0", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.0.4.tgz" }, "load-json-file": { "version": "1.1.0", "from": "load-json-file@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-1.1.0.tgz" }, "lodash": { "version": "4.16.4", "from": "lodash@>=4.2.0 <5.0.0", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.16.4.tgz" }, "log-symbols": { "version": "1.0.2", "from": "log-symbols@>=1.0.2 <2.0.0", "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-1.0.2.tgz" }, "loose-envify": { "version": "1.2.0", "from": "loose-envify@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.2.0.tgz", "dependencies": { "js-tokens": { "version": "1.0.3", "from": "js-tokens@>=1.0.1 <2.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-1.0.3.tgz" } } }, "loud-rejection": { "version": "1.6.0", "from": "loud-rejection@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/loud-rejection/-/loud-rejection-1.6.0.tgz" }, "map-obj": { "version": "1.0.1", "from": "map-obj@>=1.0.1 <2.0.0", "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-1.0.1.tgz" }, "meow": { "version": "3.7.0", "from": "meow@>=3.5.0 <4.0.0", "resolved": "https://registry.npmjs.org/meow/-/meow-3.7.0.tgz" }, "merge": { "version": "1.2.0", "from": "merge@>=1.2.0 <2.0.0", "resolved": "https://registry.npmjs.org/merge/-/merge-1.2.0.tgz" }, "methods": { "version": "1.1.2", "from": "methods@>=1.1.1 <1.2.0", "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz" }, "micromatch": { "version": "2.3.11", "from": "micromatch@>=2.1.5 <3.0.0", "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-2.3.11.tgz" }, "mime": { "version": "1.3.4", "from": "mime@1.3.4", "resolved": "https://registry.npmjs.org/mime/-/mime-1.3.4.tgz" }, "mime-db": { "version": "1.24.0", "from": "mime-db@>=1.24.0 <1.25.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.24.0.tgz" }, "mime-types": { "version": "2.1.12", "from": "mime-types@>=2.1.7 <2.2.0", "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.12.tgz" }, "minimatch": { "version": "3.0.3", "from": "minimatch@>=3.0.2 <4.0.0", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.3.tgz" }, "minimist": { "version": "1.2.0", "from": "minimist@>=1.2.0 <2.0.0", "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz" }, "mkdirp": { "version": "0.5.1", "from": "mkdirp@>=0.5.1 <0.6.0", "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz", "dependencies": { "minimist": { "version": "0.0.8", "from": "minimist@0.0.8", "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz" } } }, "ms": { "version": "0.7.1", "from": "ms@0.7.1", "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.1.tgz" }, "node-uuid": { "version": "1.4.7", "from": "node-uuid@>=1.4.7 <1.5.0", "resolved": "https://registry.npmjs.org/node-uuid/-/node-uuid-1.4.7.tgz" }, "normalize-package-data": { "version": "2.3.5", "from": "normalize-package-data@>=2.3.4 <3.0.0", "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.3.5.tgz" }, "normalize-path": { "version": "2.0.1", "from": "normalize-path@>=2.0.1 <3.0.0", "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-2.0.1.tgz" }, "number-is-nan": { "version": "1.0.1", "from": "number-is-nan@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/number-is-nan/-/number-is-nan-1.0.1.tgz" }, "oauth-sign": { "version": "0.8.2", "from": "oauth-sign@>=0.8.1 <0.9.0", "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.8.2.tgz" }, "object-assign": { "version": "4.1.0", "from": "object-assign@>=4.0.1 <5.0.0", "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.0.tgz" }, "object.omit": { "version": "2.0.0", "from": "object.omit@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/object.omit/-/object.omit-2.0.0.tgz" }, "once": { "version": "1.4.0", "from": "once@>=1.3.0 <2.0.0", "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz" }, "original": { "version": "1.0.0", "from": "original@>=0.0.5", "resolved": "https://registry.npmjs.org/original/-/original-1.0.0.tgz", "dependencies": { "url-parse": { "version": "1.0.5", "from": "url-parse@>=1.0.0 <1.1.0", "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.0.5.tgz" } } }, "os-tmpdir": { "version": "1.0.2", "from": "os-tmpdir@>=1.0.1 <2.0.0", "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz" }, "output-file-sync": { "version": "1.1.2", "from": "output-file-sync@>=1.1.0 <2.0.0", "resolved": "https://registry.npmjs.org/output-file-sync/-/output-file-sync-1.1.2.tgz" }, "parse-glob": { "version": "3.0.4", "from": "parse-glob@>=3.0.4 <4.0.0", "resolved": "https://registry.npmjs.org/parse-glob/-/parse-glob-3.0.4.tgz" }, "parse-json": { "version": "2.2.0", "from": "parse-json@>=2.2.0 <3.0.0", "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-2.2.0.tgz" }, "path-exists": { "version": "1.0.0", "from": "path-exists@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-1.0.0.tgz" }, "path-is-absolute": { "version": "1.0.1", "from": "path-is-absolute@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz" }, "path-type": { "version": "1.1.0", "from": "path-type@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/path-type/-/path-type-1.1.0.tgz" }, "pify": { "version": "2.3.0", "from": "pify@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz" }, "pinkie": { "version": "2.0.4", "from": "pinkie@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/pinkie/-/pinkie-2.0.4.tgz" }, "pinkie-promise": { "version": "2.0.1", "from": "pinkie-promise@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz" }, "preserve": { "version": "0.2.0", "from": "preserve@>=0.2.0 <0.3.0", "resolved": "https://registry.npmjs.org/preserve/-/preserve-0.2.0.tgz" }, "private": { "version": "0.1.6", "from": "private@>=0.1.6 <0.2.0", "resolved": "https://registry.npmjs.org/private/-/private-0.1.6.tgz" }, "process-nextick-args": { "version": "1.0.7", "from": "process-nextick-args@>=1.0.6 <1.1.0", "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-1.0.7.tgz" }, "promise": { "version": "6.1.0", "from": "promise@>=6.1.0 <7.0.0", "resolved": "https://registry.npmjs.org/promise/-/promise-6.1.0.tgz" }, "qs": { "version": "6.2.1", "from": "qs@>=6.2.0 <6.3.0", "resolved": "https://registry.npmjs.org/qs/-/qs-6.2.1.tgz" }, "querystringify": { "version": "0.0.4", "from": "querystringify@>=0.0.0 <0.1.0", "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-0.0.4.tgz" }, "randomatic": { "version": "1.1.5", "from": "randomatic@>=1.1.3 <2.0.0", "resolved": "https://registry.npmjs.org/randomatic/-/randomatic-1.1.5.tgz" }, "read-pkg": { "version": "1.1.0", "from": "read-pkg@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-1.1.0.tgz" }, "read-pkg-up": { "version": "1.0.1", "from": "read-pkg-up@>=1.0.1 <2.0.0", "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-1.0.1.tgz" }, "readable-stream": { "version": "2.1.5", "from": "readable-stream@>=2.0.2 <3.0.0", "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.1.5.tgz" }, "readdirp": { "version": "2.1.0", "from": "readdirp@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-2.1.0.tgz" }, "redent": { "version": "1.0.0", "from": "redent@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/redent/-/redent-1.0.0.tgz" }, "reduce-component": { "version": "1.0.1", "from": "reduce-component@1.0.1", "resolved": "https://registry.npmjs.org/reduce-component/-/reduce-component-1.0.1.tgz" }, "regenerate": { "version": "1.3.1", "from": "regenerate@>=1.2.1 <2.0.0", "resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.3.1.tgz" }, "regenerator-runtime": { "version": "0.9.5", "from": "regenerator-runtime@>=0.9.5 <0.10.0", "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.9.5.tgz" }, "regex-cache": { "version": "0.4.3", "from": "regex-cache@>=0.4.2 <0.5.0", "resolved": "https://registry.npmjs.org/regex-cache/-/regex-cache-0.4.3.tgz" }, "regexpu-core": { "version": "2.0.0", "from": "regexpu-core@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/regexpu-core/-/regexpu-core-2.0.0.tgz" }, "regjsgen": { "version": "0.2.0", "from": "regjsgen@>=0.2.0 <0.3.0", "resolved": "https://registry.npmjs.org/regjsgen/-/regjsgen-0.2.0.tgz" }, "regjsparser": { "version": "0.1.5", "from": "regjsparser@>=0.1.4 <0.2.0", "resolved": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.1.5.tgz", "dependencies": { "jsesc": { "version": "0.5.0", "from": "jsesc@>=0.5.0 <0.6.0", "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz" } } }, "repeat-element": { "version": "1.1.2", "from": "repeat-element@>=1.1.2 <2.0.0", "resolved": "https://registry.npmjs.org/repeat-element/-/repeat-element-1.1.2.tgz" }, "repeat-string": { "version": "1.5.4", "from": "repeat-string@>=1.5.2 <2.0.0", "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.5.4.tgz" }, "repeating": { "version": "1.1.3", "from": "repeating@>=1.1.0 <2.0.0", "resolved": "https://registry.npmjs.org/repeating/-/repeating-1.1.3.tgz" }, "request": { "version": "2.75.0", "from": "request@>=2.65.0 <3.0.0", "resolved": "https://registry.npmjs.org/request/-/request-2.75.0.tgz" }, "requires-port": { "version": "1.0.0", "from": "requires-port@>=1.0.0 <1.1.0", "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz" }, "rimraf": { "version": "2.5.4", "from": "rimraf@>=2.4.3 <3.0.0", "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.5.4.tgz", "dependencies": { "glob": { "version": "7.1.1", "from": "glob@>=7.0.5 <8.0.0", "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.1.tgz" } } }, "semver": { "version": "4.3.6", "from": "semver@>=4.0.3 <5.0.0", "resolved": "https://registry.npmjs.org/semver/-/semver-4.3.6.tgz" }, "semver-regex": { "version": "1.0.0", "from": "semver-regex@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/semver-regex/-/semver-regex-1.0.0.tgz" }, "semver-truncate": { "version": "1.1.2", "from": "semver-truncate@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/semver-truncate/-/semver-truncate-1.1.2.tgz", "dependencies": { "semver": { "version": "5.3.0", "from": "semver@>=5.3.0 <6.0.0", "resolved": "https://registry.npmjs.org/semver/-/semver-5.3.0.tgz" } } }, "set-immediate-shim": { "version": "1.0.1", "from": "set-immediate-shim@>=1.0.1 <2.0.0", "resolved": "https://registry.npmjs.org/set-immediate-shim/-/set-immediate-shim-1.0.1.tgz" }, "shebang-regex": { "version": "1.0.0", "from": "shebang-regex@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz" }, "signal-exit": { "version": "3.0.1", "from": "signal-exit@>=3.0.0 <4.0.0", "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.1.tgz" }, "slash": { "version": "1.0.0", "from": "slash@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/slash/-/slash-1.0.0.tgz" }, "slugid": { "version": "1.1.0", "from": "slugid@>=1.1.0 <2.0.0", "resolved": "https://registry.npmjs.org/slugid/-/slugid-1.1.0.tgz" }, "sntp": { "version": "1.0.9", "from": "sntp@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/sntp/-/sntp-1.0.9.tgz" }, "sockjs-client": { "version": "1.1.1", "from": "sockjs-client@>=1.0.3 <2.0.0", "resolved": "https://registry.npmjs.org/sockjs-client/-/sockjs-client-1.1.1.tgz" }, "source-map": { "version": "0.5.6", "from": "source-map@>=0.5.0 <0.6.0", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.6.tgz" }, "source-map-support": { "version": "0.4.3", "from": "source-map-support@>=0.4.2 <0.5.0", "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.4.3.tgz" }, "spdx-correct": { "version": "1.0.2", "from": "spdx-correct@>=1.0.0 <1.1.0", "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-1.0.2.tgz" }, "spdx-expression-parse": { "version": "1.0.4", "from": "spdx-expression-parse@>=1.0.0 <1.1.0", "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-1.0.4.tgz" }, "spdx-license-ids": { "version": "1.2.2", "from": "spdx-license-ids@>=1.0.2 <2.0.0", "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-1.2.2.tgz" }, "sprintf-js": { "version": "1.0.3", "from": "sprintf-js@>=1.0.2 <1.1.0", "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz" }, "sshpk": { "version": "1.10.1", "from": "sshpk@>=1.7.0 <2.0.0", "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.10.1.tgz", "dependencies": { "assert-plus": { "version": "1.0.0", "from": "assert-plus@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz" } } }, "string_decoder": { "version": "0.10.31", "from": "string_decoder@>=0.10.0 <0.11.0", "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz" }, "stringstream": { "version": "0.0.5", "from": "stringstream@>=0.0.4 <0.1.0", "resolved": "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz" }, "strip-ansi": { "version": "3.0.1", "from": "strip-ansi@>=3.0.0 <4.0.0", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz" }, "strip-bom": { "version": "2.0.0", "from": "strip-bom@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-2.0.0.tgz" }, "strip-indent": { "version": "1.0.1", "from": "strip-indent@>=1.0.1 <2.0.0", "resolved": "https://registry.npmjs.org/strip-indent/-/strip-indent-1.0.1.tgz" }, "superagent": { "version": "1.7.2", "from": "superagent@>=1.7.0 <1.8.0", "resolved": "https://registry.npmjs.org/superagent/-/superagent-1.7.2.tgz", "dependencies": { "async": { "version": "0.9.2", "from": "async@>=0.9.0 <0.10.0", "resolved": "https://registry.npmjs.org/async/-/async-0.9.2.tgz" }, "combined-stream": { "version": "0.0.7", "from": "combined-stream@>=0.0.4 <0.1.0", "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-0.0.7.tgz" }, "delayed-stream": { "version": "0.0.5", "from": "delayed-stream@0.0.5", "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-0.0.5.tgz" }, "form-data": { "version": "0.2.0", "from": "form-data@0.2.0", "resolved": "https://registry.npmjs.org/form-data/-/form-data-0.2.0.tgz" }, "isarray": { "version": "0.0.1", "from": "isarray@0.0.1", "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz" }, "mime-db": { "version": "1.12.0", "from": "mime-db@>=1.12.0 <1.13.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.12.0.tgz" }, "mime-types": { "version": "2.0.14", "from": "mime-types@>=2.0.3 <2.1.0", "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.0.14.tgz" }, "qs": { "version": "2.3.3", "from": "qs@2.3.3", "resolved": "https://registry.npmjs.org/qs/-/qs-2.3.3.tgz" }, "readable-stream": { "version": "1.0.27-1", "from": "readable-stream@1.0.27-1", "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.27-1.tgz" } } }, "superagent-hawk": { "version": "0.0.6", "from": "superagent-hawk@>=0.0.6 <0.0.7", "resolved": "https://registry.npmjs.org/superagent-hawk/-/superagent-hawk-0.0.6.tgz", "dependencies": { "boom": { "version": "0.4.2", "from": "boom@>=0.4.0 <0.5.0", "resolved": "https://registry.npmjs.org/boom/-/boom-0.4.2.tgz" }, "cryptiles": { "version": "0.2.2", "from": "cryptiles@>=0.2.0 <0.3.0", "resolved": "https://registry.npmjs.org/cryptiles/-/cryptiles-0.2.2.tgz" }, "hawk": { "version": "1.0.0", "from": "hawk@>=1.0.0 <1.1.0", "resolved": "https://registry.npmjs.org/hawk/-/hawk-1.0.0.tgz" }, "hoek": { "version": "0.9.1", "from": "hoek@>=0.9.0 <0.10.0", "resolved": "https://registry.npmjs.org/hoek/-/hoek-0.9.1.tgz" }, "qs": { "version": "0.6.6", "from": "qs@>=0.6.6 <0.7.0", "resolved": "https://registry.npmjs.org/qs/-/qs-0.6.6.tgz" }, "sntp": { "version": "0.2.4", "from": "sntp@>=0.2.0 <0.3.0", "resolved": "https://registry.npmjs.org/sntp/-/sntp-0.2.4.tgz" } } }, "superagent-promise": { "version": "0.2.0", "from": "superagent-promise@>=0.2.0 <0.3.0", "resolved": "https://registry.npmjs.org/superagent-promise/-/superagent-promise-0.2.0.tgz" }, "supports-color": { "version": "2.0.0", "from": "supports-color@>=2.0.0 <3.0.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz" }, "taskcluster-client": { "version": "1.4.0", "from": "taskcluster-client@>=1.2.1 <2.0.0", "resolved": "https://registry.npmjs.org/taskcluster-client/-/taskcluster-client-1.4.0.tgz", "dependencies": { "hawk": { "version": "2.3.1", "from": "hawk@>=2.3.1 <3.0.0", "resolved": "https://registry.npmjs.org/hawk/-/hawk-2.3.1.tgz" }, "lodash": { "version": "3.10.1", "from": "lodash@>=3.6.0 <4.0.0", "resolved": "https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz" } } }, "to-fast-properties": { "version": "1.0.2", "from": "to-fast-properties@>=1.0.1 <2.0.0", "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-1.0.2.tgz" }, "tough-cookie": { "version": "2.3.1", "from": "tough-cookie@>=2.3.0 <2.4.0", "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.1.tgz" }, "trim-newlines": { "version": "1.0.0", "from": "trim-newlines@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/trim-newlines/-/trim-newlines-1.0.0.tgz" }, "tunnel-agent": { "version": "0.4.3", "from": "tunnel-agent@>=0.4.1 <0.5.0", "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.4.3.tgz" }, "tweetnacl": { "version": "0.14.3", "from": "tweetnacl@>=0.14.0 <0.15.0", "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.3.tgz" }, "url-join": { "version": "0.0.1", "from": "url-join@>=0.0.1 <0.0.2", "resolved": "https://registry.npmjs.org/url-join/-/url-join-0.0.1.tgz" }, "url-parse": { "version": "1.1.6", "from": "url-parse@>=1.1.1 <2.0.0", "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.1.6.tgz" }, "user-home": { "version": "1.1.1", "from": "user-home@>=1.1.1 <2.0.0", "resolved": "https://registry.npmjs.org/user-home/-/user-home-1.1.1.tgz" }, "util-deprecate": { "version": "1.0.2", "from": "util-deprecate@>=1.0.1 <1.1.0", "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz" }, "uuid": { "version": "2.0.3", "from": "uuid@>=2.0.1 <3.0.0", "resolved": "https://registry.npmjs.org/uuid/-/uuid-2.0.3.tgz" }, "v8flags": { "version": "2.0.11", "from": "v8flags@>=2.0.10 <3.0.0", "resolved": "https://registry.npmjs.org/v8flags/-/v8flags-2.0.11.tgz" }, "validate-npm-package-license": { "version": "3.0.1", "from": "validate-npm-package-license@>=3.0.1 <4.0.0", "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.1.tgz" }, "verror": { "version": "1.3.6", "from": "verror@1.3.6", "resolved": "https://registry.npmjs.org/verror/-/verror-1.3.6.tgz" }, "websocket-driver": { "version": "0.6.5", "from": "websocket-driver@>=0.5.1", "resolved": "https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.6.5.tgz" }, "websocket-extensions": { "version": "0.1.1", "from": "websocket-extensions@>=0.1.1", "resolved": "https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.1.tgz" }, "when": { "version": "3.6.4", "from": "when@>=3.6.2 <3.7.0", "resolved": "https://registry.npmjs.org/when/-/when-3.6.4.tgz" }, "wrappy": { "version": "1.0.2", "from": "wrappy@>=1.0.0 <2.0.0", "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz" }, "xtend": { "version": "4.0.1", "from": "xtend@>=4.0.0 <5.0.0", "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.1.tgz" } } } nss-pem.git/nss/nss/automation/taskcluster/graph/package.json0000664000000000000000000000114513252671167021646 0ustar { "name": "decision-task", "version": "0.0.1", "private": true, "author": "Tim Taubert ", "description": "Decision Task for NSS", "scripts": { "compile": "babel-compile -p taskcluster src:lib", "install": "npm run compile" }, "dependencies": { "babel-cli": "^6.14.0", "babel-compile": "^2.0.0", "babel-preset-taskcluster": "^3.0.0", "babel-runtime": "^6.11.6", "flatmap": "0.0.3", "intersect": "^1.0.1", "js-yaml": "^3.6.1", "merge": "^1.2.0", "minimist": "^1.2.0", "slugid": "^1.1.0", "taskcluster-client": "^1.2.1" } } nss-pem.git/nss/nss/automation/taskcluster/graph/src/0000775000000000000000000000000013252671167020146 5ustar nss-pem.git/nss/nss/automation/taskcluster/graph/src/context_hash.js0000664000000000000000000000324713252671167023201 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ import fs from "fs"; import path from "path"; import crypto from "crypto"; import flatmap from "flatmap"; // Compute the SHA-256 digest. function sha256(data) { let hash = crypto.createHash("sha256"); hash.update(data); return hash.digest("hex"); } // Recursively collect a list of all files of a given directory. function collectFilesInDirectory(dir) { return flatmap(fs.readdirSync(dir), entry => { let entry_path = path.join(dir, entry); if (fs.lstatSync(entry_path).isDirectory()) { return collectFilesInDirectory(entry_path); } return [entry_path]; }); } // A list of hashes for each file in the given path. function collectFileHashes(context_path) { let root = path.join(__dirname, "../../../.."); let dir = path.join(root, context_path); let files = collectFilesInDirectory(dir).sort(); return files.map(file => { return sha256(file + "|" + fs.readFileSync(file, "utf-8")); }); } // Compute a context hash for the given context path. export default function (context_path) { // Regenerate all images when the image_builder changes. let hashes = collectFileHashes("automation/taskcluster/image_builder"); // Regenerate images when the image itself changes. hashes = hashes.concat(collectFileHashes(context_path)); // Generate a new prefix every month to ensure the image stays buildable. let now = new Date(); let prefix = `${now.getUTCFullYear()}-${now.getUTCMonth() + 1}:`; return sha256(prefix + hashes.join(",")); } nss-pem.git/nss/nss/automation/taskcluster/graph/src/extend.js0000664000000000000000000006550013252671167022001 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ import merge from "./merge"; import * as queue from "./queue"; const LINUX_IMAGE = { name: "linux", path: "automation/taskcluster/docker" }; const LINUX_CLANG39_IMAGE = { name: "linux-clang-3.9", path: "automation/taskcluster/docker-clang-3.9" }; const LINUX_GCC44_IMAGE = { name: "linux-gcc-4.4", path: "automation/taskcluster/docker-gcc-4.4" }; const FUZZ_IMAGE = { name: "fuzz", path: "automation/taskcluster/docker-fuzz" }; const HACL_GEN_IMAGE = { name: "hacl", path: "automation/taskcluster/docker-hacl" }; const WINDOWS_CHECKOUT_CMD = "bash -c \"hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss || " + "(sleep 2; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss) || " + "(sleep 5; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss)\""; const MAC_CHECKOUT_CMD = ["bash", "-c", "hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss || " + "(sleep 2; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss) || " + "(sleep 5; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss)"]; /*****************************************************************************/ queue.filter(task => { if (task.group == "Builds") { // Remove extra builds on {A,UB}San and ARM. if (task.collection == "asan" || task.platform == "aarch64") { return false; } // Make modular builds only on Linux make. if (task.symbol == "modular" && task.collection != "make") { return false; } } if (task.tests == "bogo" || task.tests == "interop") { // No windows if (task.platform == "windows2012-64" || task.platform == "windows2012-32") { return false; } // No ARM; TODO: enable if (task.platform == "aarch64") { return false; } // No mac if (task.platform == "mac") { return false; } } if (task.tests == "fips" && task.platform == "mac") { return false; } // Only old make builds have -Ddisable_libpkix=0 and can run chain tests. if (task.tests == "chains" && task.collection != "make") { return false; } if (task.group == "Test") { // Don't run test builds on old make platforms, and not for fips gyp. if (task.collection == "make" || task.collection == "fips") { return false; } } // Don't run additional hardware tests on ARM (we don't have anything there). if (task.group == "Cipher" && task.platform == "aarch64" && task.env && (task.env.NSS_DISABLE_PCLMUL == "1" || task.env.NSS_DISABLE_HW_AES == "1" || task.env.NSS_DISABLE_AVX == "1")) { return false; } return true; }); queue.map(task => { if (task.collection == "asan") { // CRMF and FIPS tests still leak, unfortunately. if (task.tests == "crmf") { task.env.ASAN_OPTIONS = "detect_leaks=0"; } } // We don't run FIPS SSL tests if (task.tests == "ssl") { if (!task.env) { task.env = {}; } task.env.NSS_SSL_TESTS = "crl iopr policy"; } // Windows is slow. if (task.platform == "windows2012-64" && task.tests == "chains") { task.maxRunTime = 7200; } return task; }); /*****************************************************************************/ export default async function main() { await scheduleLinux("Linux 32 (opt)", { platform: "linux32", image: LINUX_IMAGE }, "-m32 --opt"); await scheduleLinux("Linux 32 (debug)", { platform: "linux32", collection: "debug", image: LINUX_IMAGE }, "-m32"); await scheduleLinux("Linux 64 (opt)", { platform: "linux64", image: LINUX_IMAGE }, "--opt"); await scheduleLinux("Linux 64 (debug)", { platform: "linux64", collection: "debug", image: LINUX_IMAGE }); await scheduleLinux("Linux 64 (debug, make)", { env: {USE_64: "1"}, platform: "linux64", image: LINUX_IMAGE, collection: "make", command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh" ], }); await scheduleLinux("Linux 64 (opt, make)", { env: {USE_64: "1", BUILD_OPT: "1"}, platform: "linux64", image: LINUX_IMAGE, collection: "make", command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh" ], }); await scheduleLinux("Linux 32 (debug, make)", { platform: "linux32", image: LINUX_IMAGE, collection: "make", command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh" ], }); await scheduleLinux("Linux 64 (ASan, debug)", { env: { UBSAN_OPTIONS: "print_stacktrace=1", NSS_DISABLE_ARENA_FREE_LIST: "1", NSS_DISABLE_UNLOAD: "1", CC: "clang", CCC: "clang++", }, platform: "linux64", collection: "asan", image: LINUX_IMAGE, features: ["allowPtrace"], }, "--ubsan --asan"); await scheduleLinux("Linux 64 (FIPS opt)", { platform: "linux64", collection: "fips", image: LINUX_IMAGE, }, "--enable-fips --opt"); await scheduleWindows("Windows 2012 64 (debug, make)", { platform: "windows2012-64", collection: "make", env: {USE_64: "1"} }, "build.sh"); await scheduleWindows("Windows 2012 32 (debug, make)", { platform: "windows2012-32", collection: "make" }, "build.sh"); await scheduleWindows("Windows 2012 64 (opt)", { platform: "windows2012-64", }, "build_gyp.sh --opt"); await scheduleWindows("Windows 2012 64 (debug)", { platform: "windows2012-64", collection: "debug" }, "build_gyp.sh"); await scheduleWindows("Windows 2012 32 (opt)", { platform: "windows2012-32", }, "build_gyp.sh --opt -m32"); await scheduleWindows("Windows 2012 32 (debug)", { platform: "windows2012-32", collection: "debug" }, "build_gyp.sh -m32"); await scheduleFuzzing(); await scheduleFuzzing32(); await scheduleTools(); let aarch64_base = { image: "franziskus/nss-aarch64-ci", provisioner: "localprovisioner", workerType: "nss-aarch64", platform: "aarch64", maxRunTime: 7200 }; await scheduleLinux("Linux AArch64 (debug)", merge({ command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh" ], collection: "debug", }, aarch64_base) ); await scheduleLinux("Linux AArch64 (opt)", merge({ command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh --opt" ], collection: "opt", }, aarch64_base) ); await scheduleMac("Mac (opt)", {collection: "opt"}, "--opt"); await scheduleMac("Mac (debug)", {collection: "debug"}); } async function scheduleMac(name, base, args = "") { let mac_base = merge(base, { env: { PATH: "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin", NSS_TASKCLUSTER_MAC: "1", DOMSUF: "localdomain", HOST: "localhost", }, provisioner: "localprovisioner", workerType: "nss-macos-10-12", platform: "mac" }); // Build base definition. let build_base = merge({ command: [ MAC_CHECKOUT_CMD, ["bash", "-c", "nss/automation/taskcluster/scripts/build_gyp.sh", args] ], provisioner: "localprovisioner", workerType: "nss-macos-10-12", platform: "mac", maxRunTime: 7200, artifacts: [{ expires: 24 * 7, type: "directory", path: "public" }], kind: "build", symbol: "B" }, mac_base); // The task that builds NSPR+NSS. let task_build = queue.scheduleTask(merge(build_base, {name})); // The task that generates certificates. let task_cert = queue.scheduleTask(merge(build_base, { name: "Certificates", command: [ MAC_CHECKOUT_CMD, ["bash", "-c", "nss/automation/taskcluster/scripts/gen_certs.sh"] ], parent: task_build, symbol: "Certs" })); // Schedule tests. scheduleTests(task_build, task_cert, merge(mac_base, { command: [ MAC_CHECKOUT_CMD, ["bash", "-c", "nss/automation/taskcluster/scripts/run_tests.sh"] ] })); return queue.submit(); } /*****************************************************************************/ async function scheduleLinux(name, base, args = "") { // Build base definition. let build_base = merge({ command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh " + args ], artifacts: { public: { expires: 24 * 7, type: "directory", path: "/home/worker/artifacts" } }, kind: "build", symbol: "B" }, base); // The task that builds NSPR+NSS. let task_build = queue.scheduleTask(merge(build_base, {name})); // Make builds run FIPS tests, which need an extra FIPS build. if (base.collection == "make") { let extra_build = queue.scheduleTask(merge(build_base, { env: { NSS_FORCE_FIPS: "1" }, group: "FIPS", name: `${name} w/ NSS_FORCE_FIPS` })); // The task that generates certificates. let task_cert = queue.scheduleTask(merge(build_base, { name: "Certificates", command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/gen_certs.sh" ], parent: extra_build, symbol: "Certs-F", group: "FIPS", })); // Schedule FIPS tests. queue.scheduleTask(merge(base, { parent: task_cert, name: "FIPS", command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh" ], cycle: "standard", kind: "test", name: "FIPS tests", symbol: "Tests-F", tests: "fips", group: "FIPS" })); } // The task that generates certificates. let task_cert = queue.scheduleTask(merge(build_base, { name: "Certificates", command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/gen_certs.sh" ], parent: task_build, symbol: "Certs" })); // Schedule tests. scheduleTests(task_build, task_cert, merge(base, { command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh" ] })); // Extra builds. let extra_base = merge({group: "Builds"}, build_base); queue.scheduleTask(merge(extra_base, { name: `${name} w/ clang-4.0`, env: { CC: "clang", CCC: "clang++", }, symbol: "clang-4.0" })); queue.scheduleTask(merge(extra_base, { name: `${name} w/ gcc-4.4`, image: LINUX_GCC44_IMAGE, env: { USE_64: "1", CC: "gcc-4.4", CCC: "g++-4.4", // gcc-4.6 introduced nullptr. NSS_DISABLE_GTESTS: "1", }, // Use the old Makefile-based build system, GYP doesn't have a proper GCC // version check for __int128 support. It's mainly meant to cover RHEL6. command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh", ], symbol: "gcc-4.4" })); queue.scheduleTask(merge(extra_base, { name: `${name} w/ gcc-4.8`, env: { CC: "gcc-4.8", CCC: "g++-4.8" }, symbol: "gcc-4.8" })); queue.scheduleTask(merge(extra_base, { name: `${name} w/ gcc-6.1`, env: { CC: "gcc-6", CCC: "g++-6" }, symbol: "gcc-6.1" })); queue.scheduleTask(merge(extra_base, { name: `${name} w/ modular builds`, env: {NSS_BUILD_MODULAR: "1"}, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh", ], symbol: "modular" })); await scheduleTestBuilds(merge(base, {group: "Test"}), args); return queue.submit(); } /*****************************************************************************/ function scheduleFuzzingRun(base, name, target, max_len, symbol = null, corpus = null) { const MAX_FUZZ_TIME = 300; queue.scheduleTask(merge(base, { name, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/fuzz.sh " + `${target} nss/fuzz/corpus/${corpus || target} ` + `-max_total_time=${MAX_FUZZ_TIME} ` + `-max_len=${max_len}` ], symbol: symbol || name })); } async function scheduleFuzzing() { let base = { env: { ASAN_OPTIONS: "allocator_may_return_null=1:detect_stack_use_after_return=1", UBSAN_OPTIONS: "print_stacktrace=1", NSS_DISABLE_ARENA_FREE_LIST: "1", NSS_DISABLE_UNLOAD: "1", CC: "clang", CCC: "clang++" }, features: ["allowPtrace"], platform: "linux64", collection: "fuzz", image: FUZZ_IMAGE }; // Build base definition. let build_base = merge({ command: [ "/bin/bash", "-c", "bin/checkout.sh && " + "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz" ], artifacts: { public: { expires: 24 * 7, type: "directory", path: "/home/worker/artifacts" } }, kind: "build", symbol: "B" }, base); // The task that builds NSPR+NSS. let task_build = queue.scheduleTask(merge(build_base, { name: "Linux x64 (debug, fuzz)" })); // The task that builds NSPR+NSS (TLS fuzzing mode). let task_build_tls = queue.scheduleTask(merge(build_base, { name: "Linux x64 (debug, TLS fuzz)", symbol: "B", group: "TLS", command: [ "/bin/bash", "-c", "bin/checkout.sh && " + "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz=tls" ], })); // Schedule tests. queue.scheduleTask(merge(base, { parent: task_build_tls, name: "Gtests", command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh" ], env: {GTESTFILTER: "*Fuzz*"}, tests: "ssl_gtests gtests", cycle: "standard", symbol: "Gtest", kind: "test" })); // Schedule fuzzing runs. let run_base = merge(base, {parent: task_build, kind: "test"}); scheduleFuzzingRun(run_base, "CertDN", "certDN", 4096); scheduleFuzzingRun(run_base, "QuickDER", "quickder", 10000); // Schedule MPI fuzzing runs. let mpi_base = merge(run_base, {group: "MPI"}); let mpi_names = ["add", "addmod", "div", "mod", "mulmod", "sqr", "sqrmod", "sub", "submod"]; for (let name of mpi_names) { scheduleFuzzingRun(mpi_base, `MPI (${name})`, `mpi-${name}`, 4096, name); } scheduleFuzzingRun(mpi_base, `MPI (invmod)`, `mpi-invmod`, 256, "invmod"); scheduleFuzzingRun(mpi_base, `MPI (expmod)`, `mpi-expmod`, 2048, "expmod"); // Schedule TLS fuzzing runs (non-fuzzing mode). let tls_base = merge(run_base, {group: "TLS"}); scheduleFuzzingRun(tls_base, "TLS Client", "tls-client", 20000, "client-nfm", "tls-client-no_fuzzer_mode"); scheduleFuzzingRun(tls_base, "TLS Server", "tls-server", 20000, "server-nfm", "tls-server-no_fuzzer_mode"); scheduleFuzzingRun(tls_base, "DTLS Client", "dtls-client", 20000, "dtls-client-nfm", "dtls-client-no_fuzzer_mode"); scheduleFuzzingRun(tls_base, "DTLS Server", "dtls-server", 20000, "dtls-server-nfm", "dtls-server-no_fuzzer_mode"); // Schedule TLS fuzzing runs (fuzzing mode). let tls_fm_base = merge(tls_base, {parent: task_build_tls}); scheduleFuzzingRun(tls_fm_base, "TLS Client", "tls-client", 20000, "client"); scheduleFuzzingRun(tls_fm_base, "TLS Server", "tls-server", 20000, "server"); scheduleFuzzingRun(tls_fm_base, "DTLS Client", "dtls-client", 20000, "dtls-client"); scheduleFuzzingRun(tls_fm_base, "DTLS Server", "dtls-server", 20000, "dtls-server"); return queue.submit(); } async function scheduleFuzzing32() { let base = { env: { ASAN_OPTIONS: "allocator_may_return_null=1:detect_stack_use_after_return=1", UBSAN_OPTIONS: "print_stacktrace=1", NSS_DISABLE_ARENA_FREE_LIST: "1", NSS_DISABLE_UNLOAD: "1", CC: "clang", CCC: "clang++" }, features: ["allowPtrace"], platform: "linux32", collection: "fuzz", image: FUZZ_IMAGE }; // Build base definition. let build_base = merge({ command: [ "/bin/bash", "-c", "bin/checkout.sh && " + "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz -m32" ], artifacts: { public: { expires: 24 * 7, type: "directory", path: "/home/worker/artifacts" } }, kind: "build", symbol: "B" }, base); // The task that builds NSPR+NSS. let task_build = queue.scheduleTask(merge(build_base, { name: "Linux 32 (debug, fuzz)" })); // The task that builds NSPR+NSS (TLS fuzzing mode). let task_build_tls = queue.scheduleTask(merge(build_base, { name: "Linux 32 (debug, TLS fuzz)", symbol: "B", group: "TLS", command: [ "/bin/bash", "-c", "bin/checkout.sh && " + "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz=tls -m32" ], })); // Schedule tests. queue.scheduleTask(merge(base, { parent: task_build_tls, name: "Gtests", command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh" ], env: {GTESTFILTER: "*Fuzz*"}, tests: "ssl_gtests gtests", cycle: "standard", symbol: "Gtest", kind: "test" })); // Schedule fuzzing runs. let run_base = merge(base, {parent: task_build, kind: "test"}); scheduleFuzzingRun(run_base, "CertDN", "certDN", 4096); scheduleFuzzingRun(run_base, "QuickDER", "quickder", 10000); // Schedule MPI fuzzing runs. let mpi_base = merge(run_base, {group: "MPI"}); let mpi_names = ["add", "addmod", "div", "expmod", "mod", "mulmod", "sqr", "sqrmod", "sub", "submod"]; for (let name of mpi_names) { scheduleFuzzingRun(mpi_base, `MPI (${name})`, `mpi-${name}`, 4096, name); } scheduleFuzzingRun(mpi_base, `MPI (invmod)`, `mpi-invmod`, 256, "invmod"); // Schedule TLS fuzzing runs (non-fuzzing mode). let tls_base = merge(run_base, {group: "TLS"}); scheduleFuzzingRun(tls_base, "TLS Client", "tls-client", 20000, "client-nfm", "tls-client-no_fuzzer_mode"); scheduleFuzzingRun(tls_base, "TLS Server", "tls-server", 20000, "server-nfm", "tls-server-no_fuzzer_mode"); scheduleFuzzingRun(tls_base, "DTLS Client", "dtls-client", 20000, "dtls-client-nfm", "dtls-client-no_fuzzer_mode"); scheduleFuzzingRun(tls_base, "DTLS Server", "dtls-server", 20000, "dtls-server-nfm", "dtls-server-no_fuzzer_mode"); // Schedule TLS fuzzing runs (fuzzing mode). let tls_fm_base = merge(tls_base, {parent: task_build_tls}); scheduleFuzzingRun(tls_fm_base, "TLS Client", "tls-client", 20000, "client"); scheduleFuzzingRun(tls_fm_base, "TLS Server", "tls-server", 20000, "server"); scheduleFuzzingRun(tls_fm_base, "DTLS Client", "dtls-client", 20000, "dtls-client"); scheduleFuzzingRun(tls_fm_base, "DTLS Server", "dtls-server", 20000, "dtls-server"); return queue.submit(); } /*****************************************************************************/ async function scheduleTestBuilds(base, args = "") { // Build base definition. let build = merge({ command: [ "/bin/bash", "-c", "bin/checkout.sh && " + "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --test --ct-verif " + args ], artifacts: { public: { expires: 24 * 7, type: "directory", path: "/home/worker/artifacts" } }, kind: "build", symbol: "B", name: "Linux 64 (debug, test)" }, base); // The task that builds NSPR+NSS. let task_build = queue.scheduleTask(build); // Schedule tests. queue.scheduleTask(merge(base, { parent: task_build, name: "mpi", command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh" ], tests: "mpi", cycle: "standard", symbol: "mpi", kind: "test" })); queue.scheduleTask(merge(base, { parent: task_build, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh" ], name: "Gtests", symbol: "Gtest", tests: "gtests", cycle: "standard", kind: "test" })); return queue.submit(); } /*****************************************************************************/ async function scheduleWindows(name, base, build_script) { base = merge(base, { workerType: "nss-win2012r2", env: { PATH: "c:\\mozilla-build\\python;c:\\mozilla-build\\msys\\local\\bin;" + "c:\\mozilla-build\\7zip;c:\\mozilla-build\\info-zip;" + "c:\\mozilla-build\\python\\Scripts;c:\\mozilla-build\\yasm;" + "c:\\mozilla-build\\msys\\bin;c:\\Windows\\system32;" + "c:\\mozilla-build\\upx391w;c:\\mozilla-build\\moztools-x64\\bin;" + "c:\\mozilla-build\\wget", DOMSUF: "localdomain", HOST: "localhost", } }); // Build base definition. let build_base = merge(base, { command: [ WINDOWS_CHECKOUT_CMD, `bash -c 'nss/automation/taskcluster/windows/${build_script}'` ], artifacts: [{ expires: 24 * 7, type: "directory", path: "public\\build" }], kind: "build", symbol: "B" }); // Make builds run FIPS tests, which need an extra FIPS build. if (base.collection == "make") { let extra_build = queue.scheduleTask(merge(build_base, { env: { NSS_FORCE_FIPS: "1" }, group: "FIPS", name: `${name} w/ NSS_FORCE_FIPS` })); // The task that generates certificates. let task_cert = queue.scheduleTask(merge(build_base, { name: "Certificates", command: [ WINDOWS_CHECKOUT_CMD, "bash -c nss/automation/taskcluster/windows/gen_certs.sh" ], parent: extra_build, symbol: "Certs-F", group: "FIPS", })); // Schedule FIPS tests. queue.scheduleTask(merge(base, { parent: task_cert, name: "FIPS", command: [ WINDOWS_CHECKOUT_CMD, "bash -c nss/automation/taskcluster/windows/run_tests.sh" ], cycle: "standard", kind: "test", name: "FIPS tests", symbol: "Tests-F", tests: "fips", group: "FIPS" })); } // The task that builds NSPR+NSS. let task_build = queue.scheduleTask(merge(build_base, {name})); // The task that generates certificates. let task_cert = queue.scheduleTask(merge(build_base, { name: "Certificates", command: [ WINDOWS_CHECKOUT_CMD, "bash -c nss/automation/taskcluster/windows/gen_certs.sh" ], parent: task_build, symbol: "Certs" })); // Schedule tests. scheduleTests(task_build, task_cert, merge(base, { command: [ WINDOWS_CHECKOUT_CMD, "bash -c nss/automation/taskcluster/windows/run_tests.sh" ] })); return queue.submit(); } /*****************************************************************************/ function scheduleTests(task_build, task_cert, test_base) { test_base = merge({kind: "test"}, test_base); // Schedule tests that do NOT need certificates. let no_cert_base = merge(test_base, {parent: task_build}); queue.scheduleTask(merge(no_cert_base, { name: "Gtests", symbol: "Gtest", tests: "ssl_gtests gtests", cycle: "standard" })); queue.scheduleTask(merge(no_cert_base, { name: "Bogo tests", symbol: "Bogo", tests: "bogo", cycle: "standard" })); queue.scheduleTask(merge(no_cert_base, { name: "Interop tests", symbol: "Interop", tests: "interop", cycle: "standard" })); queue.scheduleTask(merge(no_cert_base, { name: "Chains tests", symbol: "Chains", tests: "chains" })); queue.scheduleTask(merge(no_cert_base, { name: "Cipher tests", symbol: "Default", tests: "cipher", group: "Cipher" })); queue.scheduleTask(merge(no_cert_base, { name: "Cipher tests", symbol: "NoAESNI", tests: "cipher", env: {NSS_DISABLE_HW_AES: "1"}, group: "Cipher" })); queue.scheduleTask(merge(no_cert_base, { name: "Cipher tests", symbol: "NoPCLMUL", tests: "cipher", env: {NSS_DISABLE_PCLMUL: "1"}, group: "Cipher" })); queue.scheduleTask(merge(no_cert_base, { name: "Cipher tests", symbol: "NoAVX", tests: "cipher", env: {NSS_DISABLE_AVX: "1"}, group: "Cipher" })); queue.scheduleTask(merge(no_cert_base, { name: "EC tests", symbol: "EC", tests: "ec" })); queue.scheduleTask(merge(no_cert_base, { name: "Lowhash tests", symbol: "Lowhash", tests: "lowhash" })); queue.scheduleTask(merge(no_cert_base, { name: "SDR tests", symbol: "SDR", tests: "sdr" })); // Schedule tests that need certificates. let cert_base = merge(test_base, {parent: task_cert}); queue.scheduleTask(merge(cert_base, { name: "CRMF tests", symbol: "CRMF", tests: "crmf" })); queue.scheduleTask(merge(cert_base, { name: "DB tests", symbol: "DB", tests: "dbtests" })); queue.scheduleTask(merge(cert_base, { name: "Merge tests", symbol: "Merge", tests: "merge" })); queue.scheduleTask(merge(cert_base, { name: "S/MIME tests", symbol: "SMIME", tests: "smime" })); queue.scheduleTask(merge(cert_base, { name: "Tools tests", symbol: "Tools", tests: "tools" })); // SSL tests, need certificates too. let ssl_base = merge(cert_base, {tests: "ssl", group: "SSL"}); queue.scheduleTask(merge(ssl_base, { name: "SSL tests (standard)", symbol: "standard", cycle: "standard" })); queue.scheduleTask(merge(ssl_base, { name: "SSL tests (pkix)", symbol: "pkix", cycle: "pkix" })); queue.scheduleTask(merge(ssl_base, { name: "SSL tests (sharedb)", symbol: "sharedb", cycle: "sharedb" })); queue.scheduleTask(merge(ssl_base, { name: "SSL tests (upgradedb)", symbol: "upgradedb", cycle: "upgradedb" })); } /*****************************************************************************/ async function scheduleTools() { let base = { platform: "nss-tools", kind: "test" }; queue.scheduleTask(merge(base, { symbol: "clang-format-3.9", name: "clang-format-3.9", image: LINUX_CLANG39_IMAGE, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/clang-format/run_clang_format.sh" ] })); queue.scheduleTask(merge(base, { symbol: "scan-build-4.0", name: "scan-build-4.0", image: LINUX_IMAGE, env: { USE_64: "1", CC: "clang", CCC: "clang++", }, artifacts: { public: { expires: 24 * 7, type: "directory", path: "/home/worker/artifacts" } }, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/run_scan_build.sh" ] })); queue.scheduleTask(merge(base, { symbol: "hacl", name: "hacl", image: HACL_GEN_IMAGE, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/run_hacl.sh" ] })); return queue.submit(); } nss-pem.git/nss/nss/automation/taskcluster/graph/src/image_builder.js0000664000000000000000000000353313252671167023300 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ import * as queue from "./queue"; import context_hash from "./context_hash"; import taskcluster from "taskcluster-client"; async function taskHasImageArtifact(taskId) { let queue = new taskcluster.Queue(); let {artifacts} = await queue.listLatestArtifacts(taskId); return artifacts.some(artifact => artifact.name == "public/image.tar"); } async function findTaskWithImageArtifact(ns) { let index = new taskcluster.Index(); let {taskId} = await index.findTask(ns); let has_image = await taskHasImageArtifact(taskId); return has_image ? taskId : null; } export async function findTask({name, path}) { let hash = await context_hash(path); let ns = `docker.images.v1.${process.env.TC_PROJECT}.${name}.hash.${hash}`; return findTaskWithImageArtifact(ns).catch(() => null); } export async function buildTask({name, path}) { let hash = await context_hash(path); let ns = `docker.images.v1.${process.env.TC_PROJECT}.${name}.hash.${hash}`; return { name: "Image Builder", image: "nssdev/image_builder:0.1.5", routes: ["index." + ns], env: { NSS_HEAD_REPOSITORY: process.env.NSS_HEAD_REPOSITORY, NSS_HEAD_REVISION: process.env.NSS_HEAD_REVISION, PROJECT: process.env.TC_PROJECT, CONTEXT_PATH: path, HASH: hash }, artifacts: { "public/image.tar": { type: "file", expires: 24 * 90, path: "/artifacts/image.tar" } }, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build_image.sh" ], platform: "nss-decision", features: ["dind"], maxRunTime: 7200, kind: "build", symbol: "I" }; } nss-pem.git/nss/nss/automation/taskcluster/graph/src/index.js0000664000000000000000000000066713252671167021624 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ import * as try_syntax from "./try_syntax"; import extend from "./extend"; // Init try syntax filter. if (process.env.TC_PROJECT == "nss-try") { try_syntax.initFilter(); } // Extend the task graph. extend().catch(console.error); nss-pem.git/nss/nss/automation/taskcluster/graph/src/merge.js0000664000000000000000000000053213252671167021603 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ import {recursive as merge} from "merge"; // We always want to clone. export default function (...args) { return merge(true, ...args); } nss-pem.git/nss/nss/automation/taskcluster/graph/src/queue.js0000664000000000000000000001340513252671167021633 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ import {clone} from "merge"; import merge from "./merge"; import slugid from "slugid"; import taskcluster from "taskcluster-client"; import * as image_builder from "./image_builder"; let maps = []; let filters = []; let tasks = new Map(); let image_tasks = new Map(); let queue = new taskcluster.Queue({ baseUrl: "http://taskcluster/queue/v1" }); function fromNow(hours) { let d = new Date(); d.setHours(d.getHours() + (hours|0)); return d.toJSON(); } function parseRoutes(routes) { let rv = [ `tc-treeherder.v2.${process.env.TC_PROJECT}.${process.env.NSS_HEAD_REVISION}.${process.env.NSS_PUSHLOG_ID}`, ...routes ]; // Notify about failures (except on try). if (process.env.TC_PROJECT != "nss-try") { rv.push(`notify.email.${process.env.TC_OWNER}.on-failed`, `notify.email.${process.env.TC_OWNER}.on-exception`); } return rv; } function parseFeatures(list) { return list.reduce((map, feature) => { map[feature] = true; return map; }, {}); } function parseArtifacts(artifacts) { let copy = clone(artifacts); Object.keys(copy).forEach(key => { copy[key].expires = fromNow(copy[key].expires); }); return copy; } function parseCollection(name) { let collection = {}; collection[name] = true; return collection; } function parseTreeherder(def) { let treeherder = { build: { platform: def.platform }, machine: { platform: def.platform }, symbol: def.symbol, jobKind: def.kind }; if (def.group) { treeherder.groupSymbol = def.group; } if (def.collection) { treeherder.collection = parseCollection(def.collection); } if (def.tier) { treeherder.tier = def.tier; } return treeherder; } function convertTask(def) { let scopes = []; let dependencies = []; let env = merge({ NSS_HEAD_REPOSITORY: process.env.NSS_HEAD_REPOSITORY, NSS_HEAD_REVISION: process.env.NSS_HEAD_REVISION }, def.env || {}); if (def.parent) { dependencies.push(def.parent); env.TC_PARENT_TASK_ID = def.parent; } if (def.tests) { env.NSS_TESTS = def.tests; } if (def.cycle) { env.NSS_CYCLES = def.cycle; } let payload = { env, command: def.command, maxRunTime: def.maxRunTime || 3600 }; if (def.image) { payload.image = def.image; } if (def.artifacts) { payload.artifacts = parseArtifacts(def.artifacts); } if (def.features) { payload.features = parseFeatures(def.features); if (payload.features.allowPtrace) { scopes.push("docker-worker:feature:allowPtrace"); } } return { provisionerId: def.provisioner || "aws-provisioner-v1", workerType: def.workerType || "hg-worker", schedulerId: "task-graph-scheduler", scopes, created: fromNow(0), deadline: fromNow(24), dependencies, routes: parseRoutes(def.routes || []), metadata: { name: def.name, description: def.name, owner: process.env.TC_OWNER, source: process.env.TC_SOURCE }, payload, extra: { treeherder: parseTreeherder(def) } }; } export function map(fun) { maps.push(fun); } export function filter(fun) { filters.push(fun); } export function scheduleTask(def) { let taskId = slugid.v4(); tasks.set(taskId, merge({}, def)); return taskId; } export async function submit() { let promises = new Map(); for (let [taskId, task] of tasks) { // Allow filtering tasks before we schedule them. if (!filters.every(filter => filter(task))) { continue; } // Allow changing tasks before we schedule them. maps.forEach(map => { task = map(merge({}, task)) }); let log_id = `${task.name} @ ${task.platform}[${task.collection || "opt"}]`; console.log(`+ Submitting ${log_id}.`); let parent = task.parent; // Convert the task definition. task = await convertTask(task); // Convert the docker image definition. let image_def = task.payload.image; if (image_def && image_def.hasOwnProperty("path")) { let key = `${image_def.name}:${image_def.path}`; let data = {}; // Check the cache first. if (image_tasks.has(key)) { data = image_tasks.get(key); } else { data.taskId = await image_builder.findTask(image_def); data.isPending = !data.taskId; // No task found. if (data.isPending) { let image_task = await image_builder.buildTask(image_def); // Schedule a new image builder task immediately. data.taskId = slugid.v4(); try { await queue.createTask(data.taskId, convertTask(image_task)); } catch (e) { console.error("! FAIL: Scheduling image builder task failed."); continue; /* Skip this task on failure. */ } } // Store in cache. image_tasks.set(key, data); } if (data.isPending) { task.dependencies.push(data.taskId); } task.payload.image = { path: "public/image.tar", taskId: data.taskId, type: "task-image" }; } // Wait for the parent task to be created before scheduling dependants. let predecessor = parent ? promises.get(parent) : Promise.resolve(); promises.set(taskId, predecessor.then(() => { // Schedule the task. return queue.createTask(taskId, task).catch(err => { console.error(`! FAIL: Scheduling ${log_id} failed.`, err); }); })); } // Wait for all requests to finish. if (promises.length) { await Promise.all([...promises.values()]); console.log("=== Total:", promises.length, "tasks. ==="); } tasks.clear(); } nss-pem.git/nss/nss/automation/taskcluster/graph/src/try_syntax.js0000664000000000000000000001203313252671167022727 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ import * as queue from "./queue"; import intersect from "intersect"; import parse_args from "minimist"; function parseOptions(opts) { opts = parse_args(opts.split(/\s+/), { default: {build: "do", platform: "all", unittests: "none", tools: "none"}, alias: {b: "build", p: "platform", u: "unittests", t: "tools", e: "extra-builds"}, string: ["build", "platform", "unittests", "tools", "extra-builds"] }); // Parse build types (d=debug, o=opt). let builds = intersect(opts.build.split(""), ["d", "o"]); // If the given value is nonsense default to debug and opt builds. if (builds.length == 0) { builds = ["d", "o"]; } // Parse platforms. let allPlatforms = ["linux", "linux64", "linux64-asan", "linux64-fips", "win", "win64", "win-make", "win64-make", "linux64-make", "linux-make", "linux-fuzz", "linux64-fuzz", "aarch64", "mac"]; let platforms = intersect(opts.platform.split(/\s*,\s*/), allPlatforms); // If the given value is nonsense or "none" default to all platforms. if (platforms.length == 0 && opts.platform != "none") { platforms = allPlatforms; } // Parse unit tests. let aliases = {"gtests": "gtest"}; let allUnitTests = ["bogo", "crmf", "chains", "cipher", "db", "ec", "fips", "gtest", "interop", "lowhash", "merge", "sdr", "smime", "tools", "ssl", "mpi", "scert", "spki"]; let unittests = intersect(opts.unittests.split(/\s*,\s*/).map(t => { return aliases[t] || t; }), allUnitTests); // If the given value is "all" run all tests. // If it's nonsense then don't run any tests. if (opts.unittests == "all") { unittests = allUnitTests; } else if (unittests.length == 0) { unittests = []; } // Parse tools. let allTools = ["clang-format", "scan-build", "hacl"]; let tools = intersect(opts.tools.split(/\s*,\s*/), allTools); // If the given value is "all" run all tools. // If it's nonsense then don't run any tools. if (opts.tools == "all") { tools = allTools; } else if (tools.length == 0) { tools = []; } return { builds: builds, platforms: platforms, unittests: unittests, extra: (opts.e == "all"), tools: tools }; } function filter(opts) { return function (task) { // Filter tools. We can immediately return here as those // are not affected by platform or build type selectors. if (task.platform == "nss-tools") { return opts.tools.some(tool => { return task.symbol.toLowerCase().startsWith(tool); }); } // Filter unit tests. if (task.tests) { let found = opts.unittests.some(test => { if (task.group && task.group.toLowerCase() == "ssl" && test == "ssl") { return true; } if (task.group && task.group.toLowerCase() == "cipher" && test == "cipher") { return true; } return task.symbol.toLowerCase().startsWith(test); }); if (!found) { return false; } } // Filter extra builds. if (task.group == "Builds" && !opts.extra) { return false; } let coll = name => name == (task.collection || "opt"); // Filter by platform. let found = opts.platforms.some(platform => { let aliases = { "linux": "linux32", "linux-fuzz": "linux32", "linux64-asan": "linux64", "linux64-fips": "linux64", "linux64-fuzz": "linux64", "linux64-make": "linux64", "linux-make": "linux32", "win64-make": "windows2012-64", "win-make": "windows2012-32", "win64": "windows2012-64", "win": "windows2012-32" }; // Check the platform name. let keep = (task.platform == (aliases[platform] || platform)); // Additional checks. if (platform == "linux64-asan") { keep &= coll("asan"); } else if (platform == "linux64-fips") { keep &= coll("fips"); } else if (platform == "linux64-make" || platform == "linux-make" || platform == "win64-make" || platform == "win-make") { keep &= coll("make"); } else if (platform == "linux64-fuzz" || platform == "linux-fuzz") { keep &= coll("fuzz"); } else { keep &= coll("opt") || coll("debug"); } return keep; }); if (!found) { return false; } // Finally, filter by build type. let isDebug = coll("debug") || coll("asan") || coll("make") || coll("fuzz"); return (isDebug && opts.builds.includes("d")) || (!isDebug && opts.builds.includes("o")); } } export function initFilter() { let comment = process.env.TC_COMMENT || ""; // Check for try syntax in changeset comment. let match = comment.match(/^\s*try:\s*(.*)\s*$/); // Add try syntax filter. if (match) { queue.filter(filter(parseOptions(match[1]))); } } nss-pem.git/nss/nss/automation/taskcluster/image_builder/0000775000000000000000000000000013252671167021046 5ustar nss-pem.git/nss/nss/automation/taskcluster/image_builder/Dockerfile0000664000000000000000000000153613252671167023045 0ustar FROM ubuntu:16.04 MAINTAINER Tim Taubert WORKDIR /home/worker ENV DEBIAN_FRONTEND noninteractive RUN apt-get update && apt-get install -y apt-transport-https apt-utils RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 && \ sh -c "echo deb https://get.docker.io/ubuntu docker main \ > /etc/apt/sources.list.d/docker.list" RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE && \ sh -c "echo deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main \ > /etc/apt/sources.list.d/mercurial.list" RUN apt-get update && apt-get install -y \ lxc-docker-1.6.1 \ mercurial ADD bin /home/worker/bin RUN chmod +x /home/worker/bin/* # Set a default command useful for debugging CMD ["/bin/bash", "--login"] nss-pem.git/nss/nss/automation/taskcluster/image_builder/VERSION0000664000000000000000000000000613252671167022112 0ustar 0.1.5 nss-pem.git/nss/nss/automation/taskcluster/image_builder/bin/0000775000000000000000000000000013252671167021616 5ustar nss-pem.git/nss/nss/automation/taskcluster/image_builder/bin/checkout.sh0000664000000000000000000000045413252671167023762 0ustar #!/usr/bin/env bash set -v -e -x # Default values for testing. REVISION=${NSS_HEAD_REVISION:-default} REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss} # Clone NSS. for i in 0 2 5; do sleep $i hg clone -r $REVISION $REPOSITORY nss && exit 0 rm -rf nss done exit 1 nss-pem.git/nss/nss/automation/taskcluster/scripts/0000775000000000000000000000000013252671167017745 5ustar nss-pem.git/nss/nss/automation/taskcluster/scripts/build.sh0000775000000000000000000000073213252671167021405 0ustar #!/usr/bin/env bash source $(dirname "$0")/tools.sh if [ -n "$NSS_BUILD_MODULAR" ]; then $(dirname "$0")/build_nspr.sh || exit $? $(dirname "$0")/build_util.sh || exit $? $(dirname "$0")/build_softoken.sh || exit $? $(dirname "$0")/build_nss.sh || exit $? exit fi # Clone NSPR if needed. hg_clone https://hg.mozilla.org/projects/nspr ./nspr default # Build. make -C nss nss_build_all # Package. mkdir artifacts tar cvfjh artifacts/dist.tar.bz2 dist nss-pem.git/nss/nss/automation/taskcluster/scripts/build_gyp.sh0000775000000000000000000000052513252671167022264 0ustar #!/usr/bin/env bash source $(dirname "$0")/tools.sh # Clone NSPR if needed. hg_clone https://hg.mozilla.org/projects/nspr ./nspr default # Build. nss/build.sh -g -v "$@" # Package. if [[ $(uname) = "Darwin" ]]; then mkdir -p public tar cvfjh public/dist.tar.bz2 dist else mkdir artifacts tar cvfjh artifacts/dist.tar.bz2 dist fi nss-pem.git/nss/nss/automation/taskcluster/scripts/build_image.sh0000775000000000000000000000133213252671167022544 0ustar #!/bin/bash -vex set -x -e -v # Prefix errors with taskcluster error prefix so that they are parsed by Treeherder raise_error() { echo echo "[taskcluster-image-build:error] $1" exit 1 } # Ensure that the PROJECT is specified so the image can be indexed test -n "$PROJECT" || raise_error "Project must be provided." test -n "$HASH" || raise_error "Context Hash must be provided." CONTEXT_PATH=/home/worker/nss/$CONTEXT_PATH test -d $CONTEXT_PATH || raise_error "Context Path $CONTEXT_PATH does not exist." test -f "$CONTEXT_PATH/Dockerfile" || raise_error "Dockerfile must be present in $CONTEXT_PATH." docker build -t $PROJECT:$HASH $CONTEXT_PATH mkdir /artifacts docker save $PROJECT:$HASH > /artifacts/image.tar nss-pem.git/nss/nss/automation/taskcluster/scripts/build_nspr.sh0000775000000000000000000000050613252671167022446 0ustar #!/usr/bin/env bash set -v -e -x source $(dirname $0)/tools.sh # Clone NSPR if needed. hg_clone https://hg.mozilla.org/projects/nspr nspr default # Build. rm -rf dist make -C nss build_nspr # Package. test -d artifacts || mkdir artifacts rm -rf dist-nspr mv dist dist-nspr tar cvfjh artifacts/dist-nspr.tar.bz2 dist-nspr nss-pem.git/nss/nss/automation/taskcluster/scripts/build_nss.sh0000775000000000000000000000207613252671167022273 0ustar #!/usr/bin/env bash set -v -e -x source $(dirname $0)/tools.sh source $(dirname $0)/split.sh test -d dist-softoken || { echo "run build_softoken.sh first" 1>&2; exit 1; } rm -rf nss-nss split_nss nss nss-nss # Build. export NSS_BUILD_WITHOUT_SOFTOKEN=1 export NSS_USE_SYSTEM_FREEBL=1 platform=`make -s -C nss platform` export NSPR_LIB_DIR="$PWD/dist-nspr/$platform/lib" export NSSUTIL_LIB_DIR="$PWD/dist-util/$platform/lib" export FREEBL_LIB_DIR="$PWD/dist-softoken/$platform/lib" export SOFTOKEN_LIB_DIR="$PWD/dist-softoken/$platform/lib" export FREEBL_LIBS=-lfreebl export NSS_NO_PKCS11_BYPASS=1 export FREEBL_NO_DEPEND=1 export LIBRARY_PATH="$PWD/dist-nspr/$platform/lib:$PWD/dist-util/$platform/lib:$PWD/dist-softoken/$platform/lib" export LD_LIBRARY_PATH="$LIBRARY_PATH:$LD_LIBRARY_PATH" export INCLUDES="-I$PWD/dist-nspr/$platform/include -I$PWD/dist-util/public/nss -I$PWD/dist-softoken/public/nss" rm -rf dist make -C nss-nss nss_build_all # Package. test -d artifacts || mkdir artifacts rm -rf dist-nss mv dist dist-nss tar cvfjh artifacts/dist-nss.tar.bz2 dist-nss nss-pem.git/nss/nss/automation/taskcluster/scripts/build_softoken.sh0000775000000000000000000000144113252671167023313 0ustar #!/usr/bin/env bash set -v -e -x source $(dirname $0)/tools.sh source $(dirname $0)/split.sh test -d dist-util || { echo "run build_util.sh first" 1>&2; exit 1; } rm -rf nss-softoken split_softoken nss nss-softoken # Build. platform=`make -s -C nss platform` export LIBRARY_PATH="$PWD/dist-nspr/$platform/lib:$PWD/dist-util/$platform/lib" export LD_LIBRARY_PATH="$LIBRARY_PATH:$LD_LIBRARY_PATH" export INCLUDES="-I$PWD/dist-nspr/$platform/include -I$PWD/dist-util/public/nss" export NSS_BUILD_SOFTOKEN_ONLY=1 rm -rf dist make -C nss-softoken nss_build_all mv dist/private/nss/blapi.h dist/public/nss mv dist/private/nss/alghmac.h dist/public/nss # Package. test -d artifacts || mkdir artifacts rm -rf dist-softoken mv dist dist-softoken tar cvfjh artifacts/dist-softoken.tar.bz2 dist-softoken nss-pem.git/nss/nss/automation/taskcluster/scripts/build_util.sh0000775000000000000000000000104213252671167022435 0ustar #!/usr/bin/env bash set -v -e -x source $(dirname $0)/tools.sh source $(dirname $0)/split.sh rm -rf nss-util split_util nss nss-util # Build. platform=`make -s -C nss platform` export LIBRARY_PATH="$PWD/dist-nspr/$platform/lib" export LD_LIBRARY_PATH="$LIBRARY_PATH:$LD_LIBRARY_PATH" export INCLUDES="-I$PWD/dist-nspr/$platform/include" export NSS_BUILD_UTIL_ONLY=1 rm -rf dist make -C nss-util nss_build_all # Package. test -d artifacts || mkdir artifacts rm -rf dist-util mv dist dist-util tar cvfjh artifacts/dist-util.tar.bz2 dist-util nss-pem.git/nss/nss/automation/taskcluster/scripts/extend_task_graph.sh0000775000000000000000000000032713252671167024000 0ustar #!/usr/bin/env bash source $(dirname "$0")/tools.sh mkdir -p /home/worker/artifacts # Install Node.JS dependencies. cd nss/automation/taskcluster/graph/ && npm install # Extend the task graph. node lib/index.js nss-pem.git/nss/nss/automation/taskcluster/scripts/fuzz.sh0000775000000000000000000000100713252671167021300 0ustar #!/usr/bin/env bash source $(dirname "$0")/tools.sh type="$1" shift # Fetch artifact if needed. fetch_dist # Clone corpus. ./nss/fuzz/config/clone_corpus.sh # Ensure we have a corpus. if [ ! -d "nss/fuzz/corpus/$type" ]; then mkdir -p nss/fuzz/corpus/$type set +x # Create a corpus out of what we have. for f in $(find nss/fuzz/corpus -type f); do cp $f "nss/fuzz/corpus/$type" done set -x fi # Fetch objdir name. objdir=$(cat dist/latest) # Run nssfuzz. dist/$objdir/bin/nssfuzz-"$type" "$@" nss-pem.git/nss/nss/automation/taskcluster/scripts/gen_certs.sh0000775000000000000000000000076413252671167022264 0ustar #!/usr/bin/env bash source $(dirname "$0")/tools.sh # Fetch artifact if needed. fetch_dist # Generate certificates. NSS_TESTS=cert NSS_CYCLES="standard pkix sharedb" $(dirname $0)/run_tests.sh # Reset test counter so that test runs pick up our certificates. echo 1 > tests_results/security/localhost # Package. if [[ $(uname) = "Darwin" ]]; then mkdir -p public tar cvfjh public/dist.tar.bz2 dist tests_results else mkdir artifacts tar cvfjh artifacts/dist.tar.bz2 dist tests_results fi nss-pem.git/nss/nss/automation/taskcluster/scripts/run_hacl.sh0000775000000000000000000000233313252671167022100 0ustar #!/usr/bin/env bash if [[ $(id -u) -eq 0 ]]; then # Drop privileges by re-running this script. # Note: this mangles arguments, better to avoid running scripts as root. exec su worker -c "$0 $*" fi set -e -x -v # The docker image this is running in has the HACL* and NSS sources. # The extracted C code from HACL* is already generated and the HACL* tests were # successfully executed. # Verify Poly1305 (doesn't work in docker image build) make verify -C ~/hacl-star/code/poly1305 -j$(nproc) # Add license header to specs spec_files=($(find ~/hacl-star/specs -type f -name '*.fst')) for f in "${spec_files[@]}"; do cat /tmp/license.txt "$f" > /tmp/tmpfile && mv /tmp/tmpfile "$f" done # Format the extracted C code. cd ~/hacl-star/snapshots/nss cp ~/nss/.clang-format . find . -type f -name '*.[ch]' -exec clang-format -i {} \+ # These diff commands will return 1 if there are differences and stop the script. files=($(find ~/nss/lib/freebl/verified/ -type f -name '*.[ch]')) for f in "${files[@]}"; do diff $f $(basename "$f") done # Check that the specs didn't change either. cd ~/hacl-star/specs files=($(find ~/nss/lib/freebl/verified/specs -type f)) for f in "${files[@]}"; do diff $f $(basename "$f") done nss-pem.git/nss/nss/automation/taskcluster/scripts/run_scan_build.sh0000775000000000000000000000244113252671167023274 0ustar #!/usr/bin/env bash source $(dirname "$0")/tools.sh # Clone NSPR if needed. if [ ! -d "nspr" ]; then hg_clone https://hg.mozilla.org/projects/nspr ./nspr default fi # Build. cd nss make nss_build_all # What we want to scan. # key: directory to scan # value: number of errors expected in that directory declare -A scan=( \ [lib/base]=0 \ [lib/certdb]=0 \ [lib/certhigh]=0 \ [lib/ckfw]=0 \ [lib/crmf]=0 \ [lib/cryptohi]=0 \ [lib/dev]=0 \ [lib/freebl]=0 \ [lib/nss]=0 \ [lib/ssl]=0 \ [lib/util]=0 \ ) # remove .OBJ directories to force a rebuild of just the select few for i in "${!scan[@]}"; do find "$i" -name "*.OBJ" -exec rm -rf {} \+ done # run scan-build (only building affected directories) scan-build -o /home/worker/artifacts --use-cc=$CC --use-c++=$CCC make nss_build_all && cd .. # print errors we found set +v +x STATUS=0 for i in "${!scan[@]}"; do n=$(grep -Rn "$i" /home/worker/artifacts/*/report-*.html | wc -l) if [ $n -ne ${scan[$i]} ]; then STATUS=1 echo "$(date '+%T') WARNING - TEST-UNEXPECTED-FAIL: $i contains $n scan-build errors" elif [ $n -ne 0 ]; then echo "$(date '+%T') WARNING - TEST-EXPECTED-FAIL: $i contains $n scan-build errors" fi done exit $STATUS nss-pem.git/nss/nss/automation/taskcluster/scripts/run_tests.sh0000775000000000000000000000020413252671167022326 0ustar #!/usr/bin/env bash source $(dirname "$0")/tools.sh # Fetch artifact if needed. fetch_dist # Run tests. cd nss/tests && ./all.sh nss-pem.git/nss/nss/automation/taskcluster/scripts/split.sh0000664000000000000000000001141713252671167021440 0ustar copy_top() { srcdir_="$1" dstdir_="$2" files=`find "$srcdir_" -maxdepth 1 -mindepth 1 -type f` for f in $files; do cp -p "$f" "$dstdir_" done } split_util() { nssdir="$1" dstdir="$2" # Prepare a source tree only containing files to build nss-util: # # nss/dbm full directory # nss/coreconf full directory # nss top files only # nss/lib top files only # nss/lib/util full directory # Copy everything. cp -R $nssdir $dstdir # Remove subdirectories that we don't want. rm -rf $dstdir/cmd rm -rf $dstdir/lib rm -rf $dstdir/automation rm -rf $dstdir/doc # Start with an empty cmd lib directories to be filled selectively. mkdir $dstdir/cmd cp $nssdir/cmd/Makefile $dstdir/cmd cp $nssdir/cmd/manifest.mn $dstdir/cmd cp $nssdir/cmd/platlibs.mk $dstdir/cmd cp $nssdir/cmd/platrules.mk $dstdir/cmd # Copy some files at the top and the util subdirectory recursively. mkdir $dstdir/lib cp $nssdir/lib/Makefile $dstdir/lib cp $nssdir/lib/manifest.mn $dstdir/lib cp -R $nssdir/lib/util $dstdir/lib/util } split_softoken() { nssdir="$1" dstdir="$2" # Prepare a source tree only containing files to build nss-softoken: # # nss/dbm full directory # nss/coreconf full directory # nss top files only # nss/lib top files only # nss/lib/freebl full directory # nss/lib/softoken full directory # nss/lib/softoken/dbm full directory # Copy everything. cp -R $nssdir $dstdir # Skip gtests when building. sed '/^DIRS = /s/ cpputil gtests$//' $nssdir/manifest.mn > $dstdir/manifest.mn-t && mv $dstdir/manifest.mn-t $dstdir/manifest.mn # Remove subdirectories that we don't want. rm -rf $dstdir/cmd rm -rf $dstdir/tests rm -rf $dstdir/lib rm -rf $dstdir/pkg rm -rf $dstdir/automation rm -rf $dstdir/gtests rm -rf $dstdir/cpputil rm -rf $dstdir/doc # Start with an empty lib directory and copy only what we need. mkdir $dstdir/lib copy_top $nssdir/lib $dstdir/lib cp -R $nssdir/lib/dbm $dstdir/lib/dbm cp -R $nssdir/lib/freebl $dstdir/lib/freebl cp -R $nssdir/lib/softoken $dstdir/lib/softoken cp -R $nssdir/lib/sqlite $dstdir/lib/sqlite mkdir $dstdir/cmd copy_top $nssdir/cmd $dstdir/cmd cp -R $nssdir/cmd/bltest $dstdir/cmd/bltest cp -R $nssdir/cmd/ecperf $dstdir/cmd/ecperf cp -R $nssdir/cmd/fbectest $dstdir/cmd/fbectest cp -R $nssdir/cmd/fipstest $dstdir/cmd/fipstest cp -R $nssdir/cmd/lib $dstdir/cmd/lib cp -R $nssdir/cmd/lowhashtest $dstdir/cmd/lowhashtest cp -R $nssdir/cmd/shlibsign $dstdir/cmd/shlibsign mkdir $dstdir/tests copy_top $nssdir/tests $dstdir/tests cp -R $nssdir/tests/cipher $dstdir/tests/cipher cp -R $nssdir/tests/common $dstdir/tests/common cp -R $nssdir/tests/ec $dstdir/tests/ec cp -R $nssdir/tests/lowhash $dstdir/tests/lowhash cp $nssdir/lib/util/verref.h $dstdir/lib/freebl cp $nssdir/lib/util/verref.h $dstdir/lib/softoken cp $nssdir/lib/util/verref.h $dstdir/lib/softoken/legacydb } split_nss() { nssdir="$1" dstdir="$2" # Prepare a source tree only containing files to build nss: # # nss/dbm full directory # nss/coreconf full directory # nss top files only # nss/lib top files only # nss/lib/freebl full directory # nss/lib/softoken full directory # nss/lib/softoken/dbm full directory # Copy everything. cp -R $nssdir $dstdir # Remove subdirectories that we don't want. rm -rf $dstdir/lib/freebl rm -rf $dstdir/lib/softoken rm -rf $dstdir/lib/util rm -rf $dstdir/cmd/bltest rm -rf $dstdir/cmd/fipstest rm -rf $dstdir/cmd/rsaperf_low # Copy these headers until the upstream bug is accepted # Upstream https://bugzilla.mozilla.org/show_bug.cgi?id=820207 cp $nssdir/lib/softoken/lowkeyi.h $dstdir/cmd/rsaperf cp $nssdir/lib/softoken/lowkeyti.h $dstdir/cmd/rsaperf # Copy verref.h which will be needed later during the build phase. cp $nssdir/lib/util/verref.h $dstdir/lib/ckfw/builtins/verref.h cp $nssdir/lib/util/verref.h $dstdir/lib/nss/verref.h cp $nssdir/lib/util/verref.h $dstdir/lib/smime/verref.h cp $nssdir/lib/util/verref.h $dstdir/lib/ssl/verref.h cp $nssdir/lib/util/templates.c $dstdir/lib/nss/templates.c # FIXME: Skip util_gtest because it links with libnssutil.a. Note # that we can't use libnssutil3.so instead, because util_gtest # depends on internal symbols not exported from the shared library. sed '/ util_gtest \\/d' $dstdir/gtests/manifest.mn > $dstdir/gtests/manifest.mn-t && mv $dstdir/gtests/manifest.mn-t $dstdir/gtests/manifest.mn } nss-pem.git/nss/nss/automation/taskcluster/scripts/tools.sh0000664000000000000000000000161613252671167021445 0ustar #!/usr/bin/env bash set -v -e -x if [[ $(id -u) -eq 0 ]]; then # Drop privileges by re-running this script. # Note: this mangles arguments, better to avoid running scripts as root. exec su worker -c "$0 $*" fi # Usage: hg_clone repo dir [revision=@] hg_clone() { repo=$1 dir=$2 rev=${3:-@} if [ -d "$dir" ]; then hg pull -R "$dir" -ur "$rev" "$repo" && return rm -rf "$dir" fi for i in 0 2 5; do sleep $i hg clone -r "$rev" "$repo" "$dir" && return rm -rf "$dir" done exit 1 } fetch_dist() { url=https://queue.taskcluster.net/v1/task/$TC_PARENT_TASK_ID/artifacts/public/dist.tar.bz2 if [ ! -d "dist" ]; then for i in 0 2 5; do sleep $i curl --retry 3 -Lo dist.tar.bz2 $url && tar xvjf dist.tar.bz2 && return rm -fr dist.tar.bz2 dist done exit 1 fi } nss-pem.git/nss/nss/automation/taskcluster/windows/0000775000000000000000000000000013252671167017750 5ustar nss-pem.git/nss/nss/automation/taskcluster/windows/build.sh0000664000000000000000000000047313252671167021407 0ustar #!/usr/bin/env bash set -v -e -x # Set up the toolchain. if [ "$USE_64" = 1 ]; then source $(dirname $0)/setup64.sh else source $(dirname $0)/setup32.sh fi # Clone NSPR. hg_clone https://hg.mozilla.org/projects/nspr nspr default # Build. make -C nss nss_build_all # Package. 7z a public/build/dist.7z dist nss-pem.git/nss/nss/automation/taskcluster/windows/build_gyp.sh0000664000000000000000000000130613252671167022262 0ustar #!/usr/bin/env bash set -v -e -x # Set up the toolchain. if [[ "$@" == *"-m32"* ]]; then source $(dirname $0)/setup32.sh else source $(dirname $0)/setup64.sh fi # Install GYP. cd gyp python -m virtualenv test-env test-env/Scripts/python setup.py install test-env/Scripts/python -m pip install --upgrade pip test-env/Scripts/pip install --upgrade setuptools cd .. export GYP_MSVS_OVERRIDE_PATH="${VSPATH}" export GYP_MSVS_VERSION="2015" export GYP="${PWD}/gyp/test-env/Scripts/gyp" # Fool GYP. touch "${VSPATH}/VC/vcvarsall.bat" # Clone NSPR. hg_clone https://hg.mozilla.org/projects/nspr nspr default # Build with gyp. GYP=${GYP} ./nss/build.sh -g -v "$@" # Package. 7z a public/build/dist.7z dist nss-pem.git/nss/nss/automation/taskcluster/windows/gen_certs.sh0000664000000000000000000000101713252671167022254 0ustar #!/usr/bin/env bash set -v -e -x # Set up the toolchain. source $(dirname $0)/setup.sh # Fetch artifact. wget -t 3 --retry-connrefused -w 5 --random-wait https://queue.taskcluster.net/v1/task/$TC_PARENT_TASK_ID/artifacts/public/build/dist.7z -O dist.7z 7z x dist.7z # Generate certificates. NSS_TESTS=cert NSS_CYCLES="standard pkix sharedb" nss/tests/all.sh # Reset test counter so that test runs pick up our certificates. echo 1 > tests_results/security/localhost # Package. 7z a public/build/dist.7z dist tests_results nss-pem.git/nss/nss/automation/taskcluster/windows/releng.manifest0000664000000000000000000000160313252671167022754 0ustar [ { "version": "Visual Studio 2017 15.4.2 / SDK 10.0.15063.0", "size": 303146863, "digest": "18700889e6b5e81613b9cf57ce4e0d46a6ee45bb4c5c33bae2604a5275326128775b8a032a1eb178c5db973746d565340c4e36d98375789e1d5bd836ab16ba58", "algorithm": "sha512", "filename": "vs2017_15.4.2.zip", "unpack": true }, { "version": "Ninja 1.7.1", "size": 184821, "digest": "e4f9a1ae624a2630e75264ba37d396d9c7407d6e6aea3763056210ba6e1387908bd31cf4037a6a3661a418e86c4d2761e0c333e6a3bd0d66549d2b0d72d3f43b", "algorithm": "sha512", "filename": "ninja171.zip", "unpack": true }, { "size": 13063963, "visibility": "public", "digest": "47a19f8f863eab3414abab2b9e9bd901ab896c799b3d9254b456b2f59374b085b99de805e21069a0819f01eecb3f43f7e2395a8c644c04bcbfa5711261cca29d", "algorithm": "sha512", "filename": "gyp-2017-05-23.zip", "unpack": true } ] nss-pem.git/nss/nss/automation/taskcluster/windows/run_tests.sh0000664000000000000000000000046413252671167022336 0ustar #!/usr/bin/env bash set -v -e -x # Set up the toolchain. source $(dirname $0)/setup.sh # Fetch artifact. wget -t 3 --retry-connrefused -w 5 --random-wait https://queue.taskcluster.net/v1/task/$TC_PARENT_TASK_ID/artifacts/public/build/dist.7z -O dist.7z 7z x dist.7z # Run tests. cd nss/tests && ./all.sh nss-pem.git/nss/nss/automation/taskcluster/windows/setup.sh0000664000000000000000000000157313252671167021452 0ustar #!/usr/bin/env bash set -v -e -x export VSPATH="$(pwd)/vs2017_15.4.2" export NINJA_PATH="$(pwd)/ninja/bin" export WINDOWSSDKDIR="${VSPATH}/SDK" export VS90COMNTOOLS="${VSPATH}/VC" export INCLUDE="${VSPATH}/VC/include:${VSPATH}/SDK/Include/10.0.15063.0/ucrt:${VSPATH}/SDK/Include/10.0.15063.0/shared:${VSPATH}/SDK/Include/10.0.15063.0/um" # Usage: hg_clone repo dir [revision=@] hg_clone() { repo=$1 dir=$2 rev=${3:-@} for i in 0 2 5; do sleep $i hg clone -r "$rev" "$repo" "$dir" && return rm -rf "$dir" done exit 1 } hg_clone https://hg.mozilla.org/build/tools tools default tools/scripts/tooltool/tooltool_wrapper.sh $(dirname $0)/releng.manifest https://tooltool.mozilla-releng.net/ non-existant-file.sh /c/mozilla-build/python/python.exe /c/builds/tooltool.py --authentication-file /c/builds/relengapi.tok -c /c/builds/tooltool_cache nss-pem.git/nss/nss/automation/taskcluster/windows/setup32.sh0000664000000000000000000000104113252671167021605 0ustar #!/usr/bin/env bash set -v -e -x source $(dirname $0)/setup.sh export WIN32_REDIST_DIR="${VSPATH}/VC/redist/x86/Microsoft.VC141.CRT" export WIN_UCRT_REDIST_DIR="${VSPATH}/SDK/Redist/ucrt/DLLs/x86" export PATH="${NINJA_PATH}:${VSPATH}/VC/bin/Hostx64/x86:${VSPATH}/VC/bin/Hostx64/x64:${VSPATH}/VC/Hostx86/x86:${VSPATH}/SDK/bin/10.0.15063.0/x64:${VSPATH}/VC/redist/x86/Microsoft.VC141.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x86:${PATH}" export LIB="${VSPATH}/VC/lib/x86:${VSPATH}/SDK/lib/10.0.15063.0/ucrt/x86:${VSPATH}/SDK/lib/10.0.15063.0/um/x86" nss-pem.git/nss/nss/automation/taskcluster/windows/setup64.sh0000664000000000000000000000101013252671167021606 0ustar #!/usr/bin/env bash set -v -e -x source $(dirname $0)/setup.sh export WIN32_REDIST_DIR="${VSPATH}/VC/redist/x64/Microsoft.VC141.CRT" export WIN_UCRT_REDIST_DIR="${VSPATH}/SDK/Redist/ucrt/DLLs/x64" export PATH="${NINJA_PATH}:${VSPATH}/VC/bin/Hostx64/x64:${VSPATH}/VC/bin/Hostx86/x86:${VSPATH}/SDK/bin/10.0.15063.0/x64:${VSPATH}/VC/redist/x64/Microsoft.VC141.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x64:${PATH}" export LIB="${VSPATH}/VC/lib/x64:${VSPATH}/SDK/lib/10.0.15063.0/ucrt/x64:${VSPATH}/SDK/lib/10.0.15063.0/um/x64" nss-pem.git/nss/nss/build.sh0000775000000000000000000001365513252671167013202 0ustar #!/usr/bin/env bash # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. ################################################################################ # # This script builds NSS with gyp and ninja. # # This build system is still under development. It does not yet support all # the features or platforms that NSS supports. set -e cwd=$(cd $(dirname $0); pwd -P) source "$cwd"/coreconf/nspr.sh source "$cwd"/coreconf/sanitizers.sh GYP=${GYP:-gyp} # Usage info show_help() { cat "$cwd"/help.txt } run_verbose() { if [ "$verbose" = 1 ]; then echo "$@" exec 3>&1 else exec 3>/dev/null fi "$@" 1>&3 2>&3 exec 3>&- } if [ -n "$CCC" ] && [ -z "$CXX" ]; then export CXX="$CCC" fi opt_build=0 build_64=0 clean=0 rebuild_gyp=0 rebuild_nspr=0 target=Debug verbose=0 fuzz=0 fuzz_tls=0 fuzz_oss=0 no_local_nspr=0 armhf=0 gyp_params=(--depth="$cwd" --generator-output=".") nspr_params=() ninja_params=() # try to guess sensible defaults arch=$(python "$cwd"/coreconf/detect_host_arch.py) if [ "$arch" = "x64" -o "$arch" = "aarch64" ]; then build_64=1 elif [ "$arch" = "arm" ]; then armhf=1 fi # parse command line arguments while [ $# -gt 0 ]; do case $1 in -c) clean=1 ;; -cc) clean_only=1 ;; --gyp|-g) rebuild_gyp=1 ;; --nspr) nspr_clean; rebuild_nspr=1 ;; -j) ninja_params+=(-j "$2"); shift ;; -v) ninja_params+=(-v); verbose=1 ;; --test) gyp_params+=(-Dtest_build=1) ;; --clang) export CC=clang; export CCC=clang++; export CXX=clang++ ;; --gcc) export CC=gcc; export CCC=g++; export CXX=g++ ;; --fuzz) fuzz=1 ;; --fuzz=oss) fuzz=1; fuzz_oss=1 ;; --fuzz=tls) fuzz=1; fuzz_tls=1 ;; --scan-build) enable_scanbuild ;; --scan-build=?*) enable_scanbuild "${1#*=}" ;; --opt|-o) opt_build=1 ;; -m32|--m32) build_64=0 ;; --asan) enable_sanitizer asan ;; --msan) enable_sanitizer msan ;; --ubsan) enable_ubsan ;; --ubsan=?*) enable_ubsan "${1#*=}" ;; --sancov) enable_sancov ;; --sancov=?*) enable_sancov "${1#*=}" ;; --pprof) gyp_params+=(-Duse_pprof=1) ;; --ct-verif) gyp_params+=(-Dct_verif=1) ;; --disable-tests) gyp_params+=(-Ddisable_tests=1) ;; --no-zdefs) gyp_params+=(-Dno_zdefs=1) ;; --system-sqlite) gyp_params+=(-Duse_system_sqlite=1) ;; --with-nspr=?*) set_nspr_path "${1#*=}"; no_local_nspr=1 ;; --system-nspr) set_nspr_path "/usr/include/nspr/:"; no_local_nspr=1 ;; --enable-libpkix) gyp_params+=(-Ddisable_libpkix=0) ;; --enable-fips) gyp_params+=(-Ddisable_fips=0) ;; *) show_help; exit 2 ;; esac shift done if [ "$opt_build" = 1 ]; then target=Release else target=Debug fi if [ "$build_64" = 1 ]; then nspr_params+=(--enable-64bit) elif [ ! "$armhf" = 1 ]; then gyp_params+=(-Dtarget_arch=ia32) fi if [ "$fuzz" = 1 ]; then source "$cwd"/coreconf/fuzz.sh fi # set paths target_dir="$cwd"/out/$target mkdir -p "$target_dir" dist_dir="$cwd"/../dist dist_dir=$(mkdir -p "$dist_dir"; cd "$dist_dir"; pwd -P) gyp_params+=(-Dnss_dist_dir="$dist_dir") # -c = clean first if [ "$clean" = 1 -o "$clean_only" = 1 ]; then nspr_clean rm -rf "$cwd"/out rm -rf "$dist_dir" # -cc = only clean, don't build if [ "$clean_only" = 1 ]; then echo "Cleaned" exit 0 fi fi # This saves a canonical representation of arguments that we are passing to gyp # or the NSPR build so that we can work out if a rebuild is needed. # Caveat: This can fail for arguments that are position-dependent. # e.g., "-e 2 -f 1" and "-e 1 -f 2" canonicalize the same. check_config() { local newconf="$1".new oldconf="$1" shift mkdir -p $(dirname "$newconf") echo CC="$CC" >"$newconf" echo CCC="$CCC" >>"$newconf" echo CXX="$CXX" >>"$newconf" for i in "$@"; do echo $i; done | sort >>"$newconf" # Note: The following diff fails if $oldconf isn't there as well, which # happens if we don't have a previous successful build. ! diff -q "$newconf" "$oldconf" >/dev/null 2>&1 } gyp_config="$cwd"/out/gyp_config nspr_config="$cwd"/out/$target/nspr_config # If we don't have a build directory make sure that we rebuild. if [ ! -d "$target_dir" ]; then rebuild_nspr=1 rebuild_gyp=1 elif [ ! -d "$dist_dir"/$target ]; then rebuild_nspr=1 fi # Update NSPR ${C,CXX,LD}FLAGS. nspr_set_flags $sanitizer_flags if check_config "$nspr_config" "${nspr_params[@]}" \ nspr_cflags="$nspr_cflags" \ nspr_cxxflags="$nspr_cxxflags" \ nspr_ldflags="$nspr_ldflags"; then rebuild_nspr=1 fi # Forward sanitizer flags. if [ ! -z "$sanitizer_flags" ]; then gyp_params+=(-Dsanitizer_flags="$sanitizer_flags") fi if check_config "$gyp_config" "${gyp_params[@]}"; then rebuild_gyp=1 fi # save the chosen target mkdir -p "$dist_dir" echo $target > "$dist_dir"/latest if [[ "$rebuild_nspr" = 1 && "$no_local_nspr" = 0 ]]; then nspr_build "${nspr_params[@]}" mv -f "$nspr_config".new "$nspr_config" fi if [ "$rebuild_gyp" = 1 ]; then if ! hash ${GYP} 2> /dev/null; then echo "Please install gyp" 1>&2 exit 1 fi # These extra arguments aren't used in determining whether to rebuild. obj_dir="$dist_dir"/$target gyp_params+=(-Dnss_dist_obj_dir=$obj_dir) if [ "$no_local_nspr" = 0 ]; then set_nspr_path "$obj_dir/include/nspr:$obj_dir/lib" fi run_verbose run_scanbuild ${GYP} -f ninja "${gyp_params[@]}" "$cwd"/nss.gyp mv -f "$gyp_config".new "$gyp_config" fi # Run ninja. if hash ninja 2>/dev/null; then ninja=ninja elif hash ninja-build 2>/dev/null; then ninja=ninja-build else echo "Please install ninja" 1>&2 exit 1 fi run_scanbuild $ninja -C "$target_dir" "${ninja_params[@]}" nss-pem.git/nss/nss/cmd/0000775000000000000000000000000013261107036012262 5ustar nss-pem.git/nss/nss/cmd/Makefile0000664000000000000000000000161513252671167013740 0ustar #! gmake # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. CORE_DEPTH = .. DEPTH = .. include manifest.mn include $(CORE_DEPTH)/coreconf/config.mk ifdef BUILD_LIBPKIX_TESTS DIRS += libpkix endif ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1) BLTEST_SRCDIR = ECPERF_SRCDIR = FREEBL_ECTEST_SRCDIR = FIPSTEST_SRCDIR = SHLIBSIGN_SRCDIR = else BLTEST_SRCDIR = bltest ECPERF_SRCDIR = ecperf FREEBL_ECTEST_SRCDIR = fbectest FIPSTEST_SRCDIR = fipstest SHLIBSIGN_SRCDIR = shlibsign endif LOWHASHTEST_SRCDIR= ifeq ($(FREEBL_LOWHASH),1) LOWHASHTEST_SRCDIR = lowhashtest # Add the lowhashtest directory to DIRS. endif INCLUDES += \ -I$(DIST)/../public/security \ -I./include \ $(NULL) include $(CORE_DEPTH)/coreconf/rules.mk symbols:: @echo "TARGETS = $(TARGETS)" nss-pem.git/nss/nss/cmd/addbuiltin/0000775000000000000000000000000013252703344014405 5ustar nss-pem.git/nss/nss/cmd/addbuiltin/Makefile0000664000000000000000000000354113252671167016057 0ustar #! gmake # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. ####################################################################### # (1) Include initial platform-independent assignments (MANDATORY). # ####################################################################### include manifest.mn ####################################################################### # (2) Include "global" configuration information. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/config.mk ####################################################################### # (3) Include "component" configuration information. (OPTIONAL) # ####################################################################### ####################################################################### # (4) Include "local" platform-dependent assignments (OPTIONAL). # ####################################################################### include ../platlibs.mk ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/rules.mk ####################################################################### # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # ####################################################################### include ../platrules.mk nss-pem.git/nss/nss/cmd/addbuiltin/addbuiltin.c0000664000000000000000000004771013252671167016710 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* * Tool for converting builtin CA certs. */ #include "nssrenam.h" #include "nss.h" #include "cert.h" #include "certdb.h" #include "secutil.h" #include "pk11func.h" #if defined(WIN32) #include #include #endif void dumpbytes(unsigned char *buf, int len) { int i; for (i = 0; i < len; i++) { if ((i != 0) && ((i & 0xf) == 0)) { printf("\n"); } printf("\\%03o", buf[i]); } printf("\n"); } int hasPositiveTrust(unsigned int trust) { if (trust & CERTDB_TRUSTED) { if (trust & CERTDB_TRUSTED_CA) { return PR_TRUE; } else { return PR_FALSE; } } else { if (trust & CERTDB_TRUSTED_CA) { return PR_TRUE; } else if (trust & CERTDB_VALID_CA) { return PR_TRUE; } else if (trust & CERTDB_TERMINAL_RECORD) { return PR_FALSE; } else { return PR_FALSE; } } return PR_FALSE; } char * getTrustString(unsigned int trust) { if (trust & CERTDB_TRUSTED) { if (trust & CERTDB_TRUSTED_CA) { return "CKT_NSS_TRUSTED_DELEGATOR"; } else { return "CKT_NSS_TRUSTED"; } } else { if (trust & CERTDB_TRUSTED_CA) { return "CKT_NSS_TRUSTED_DELEGATOR"; } else if (trust & CERTDB_VALID_CA) { return "CKT_NSS_VALID_DELEGATOR"; } else if (trust & CERTDB_TERMINAL_RECORD) { return "CKT_NSS_NOT_TRUSTED"; } else { return "CKT_NSS_MUST_VERIFY_TRUST"; } } return "CKT_NSS_TRUST_UNKNOWN"; /* not reached */ } static const SEC_ASN1Template serialTemplate[] = { { SEC_ASN1_INTEGER, offsetof(CERTCertificate, serialNumber) }, { 0 } }; void print_crl_info(CERTName *name, SECItem *serial) { PRBool saveWrapeState = SECU_GetWrapEnabled(); SECU_EnableWrap(PR_FALSE); SECU_PrintNameQuotesOptional(stdout, name, "# Issuer", 0, PR_FALSE); printf("\n"); SECU_PrintInteger(stdout, serial, "# Serial Number", 0); SECU_EnableWrap(saveWrapeState); } static SECStatus ConvertCRLEntry(SECItem *sdder, PRInt32 crlentry, char *nickname) { int rv; PLArenaPool *arena = NULL; CERTSignedCrl *newCrl = NULL; CERTCrlEntry *entry; CERTName *name = NULL; SECItem *derName = NULL; SECItem *serial = NULL; rv = SEC_ERROR_NO_MEMORY; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) return rv; newCrl = CERT_DecodeDERCrlWithFlags(arena, sdder, SEC_CRL_TYPE, CRL_DECODE_DEFAULT_OPTIONS); if (!newCrl) return SECFailure; name = &newCrl->crl.name; derName = &newCrl->crl.derName; if (newCrl->crl.entries != NULL) { PRInt32 iv = 0; while ((entry = newCrl->crl.entries[iv++]) != NULL) { if (crlentry == iv) { serial = &entry->serialNumber; break; } } } if (!name || !derName || !serial) return SECFailure; printf("\n# Distrust \"%s\"\n", nickname); print_crl_info(name, serial); printf("CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST\n"); printf("CKA_TOKEN CK_BBOOL CK_TRUE\n"); printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n"); printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"); printf("CKA_LABEL UTF8 \"%s\"\n", nickname); printf("CKA_ISSUER MULTILINE_OCTAL\n"); dumpbytes(derName->data, derName->len); printf("END\n"); printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n"); printf("\\002\\%03o", serial->len); /* 002: type integer; len >=3 digits */ dumpbytes(serial->data, serial->len); printf("END\n"); printf("CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED\n"); printf("CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED\n"); printf("CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED\n"); printf("CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE\n"); PORT_FreeArena(arena, PR_FALSE); return rv; } void print_info(SECItem *sdder, CERTCertificate *c) { PRBool saveWrapeState = SECU_GetWrapEnabled(); SECU_EnableWrap(PR_FALSE); SECU_PrintNameQuotesOptional(stdout, &c->issuer, "# Issuer", 0, PR_FALSE); printf("\n"); SECU_PrintInteger(stdout, &c->serialNumber, "# Serial Number", 0); SECU_PrintNameQuotesOptional(stdout, &c->subject, "# Subject", 0, PR_FALSE); printf("\n"); SECU_PrintTimeChoice(stdout, &c->validity.notBefore, "# Not Valid Before", 0); SECU_PrintTimeChoice(stdout, &c->validity.notAfter, "# Not Valid After ", 0); SECU_PrintFingerprints(stdout, sdder, "# Fingerprint", 0); SECU_EnableWrap(saveWrapeState); } static SECStatus ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust, PRBool excludeCert, PRBool excludeHash) { SECStatus rv = SECSuccess; CERTCertificate *cert; unsigned char sha1_hash[SHA1_LENGTH]; unsigned char md5_hash[MD5_LENGTH]; SECItem *serial = NULL; PRBool step_up = PR_FALSE; const char *trust_info; cert = CERT_DecodeDERCertificate(sdder, PR_FALSE, nickname); if (!cert) { return SECFailure; } serial = SEC_ASN1EncodeItem(NULL, NULL, cert, serialTemplate); if (!serial) { return SECFailure; } if (!excludeCert) { printf("\n#\n# Certificate \"%s\"\n#\n", nickname); print_info(sdder, cert); printf("CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n"); printf("CKA_TOKEN CK_BBOOL CK_TRUE\n"); printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n"); printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"); printf("CKA_LABEL UTF8 \"%s\"\n", nickname); printf("CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n"); printf("CKA_SUBJECT MULTILINE_OCTAL\n"); dumpbytes(cert->derSubject.data, cert->derSubject.len); printf("END\n"); printf("CKA_ID UTF8 \"0\"\n"); printf("CKA_ISSUER MULTILINE_OCTAL\n"); dumpbytes(cert->derIssuer.data, cert->derIssuer.len); printf("END\n"); printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n"); dumpbytes(serial->data, serial->len); printf("END\n"); printf("CKA_VALUE MULTILINE_OCTAL\n"); dumpbytes(sdder->data, sdder->len); printf("END\n"); if (hasPositiveTrust(trust->sslFlags) || hasPositiveTrust(trust->emailFlags) || hasPositiveTrust(trust->objectSigningFlags)) { printf("CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE\n"); } } if ((trust->sslFlags | trust->emailFlags | trust->objectSigningFlags) == CERTDB_TERMINAL_RECORD) trust_info = "Distrust"; else trust_info = "Trust for"; printf("\n# %s \"%s\"\n", trust_info, nickname); print_info(sdder, cert); printf("CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST\n"); printf("CKA_TOKEN CK_BBOOL CK_TRUE\n"); printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n"); printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"); printf("CKA_LABEL UTF8 \"%s\"\n", nickname); if (!excludeHash) { PK11_HashBuf(SEC_OID_SHA1, sha1_hash, sdder->data, sdder->len); printf("CKA_CERT_SHA1_HASH MULTILINE_OCTAL\n"); dumpbytes(sha1_hash, SHA1_LENGTH); printf("END\n"); PK11_HashBuf(SEC_OID_MD5, md5_hash, sdder->data, sdder->len); printf("CKA_CERT_MD5_HASH MULTILINE_OCTAL\n"); dumpbytes(md5_hash, MD5_LENGTH); printf("END\n"); } printf("CKA_ISSUER MULTILINE_OCTAL\n"); dumpbytes(cert->derIssuer.data, cert->derIssuer.len); printf("END\n"); printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n"); dumpbytes(serial->data, serial->len); printf("END\n"); printf("CKA_TRUST_SERVER_AUTH CK_TRUST %s\n", getTrustString(trust->sslFlags)); printf("CKA_TRUST_EMAIL_PROTECTION CK_TRUST %s\n", getTrustString(trust->emailFlags)); printf("CKA_TRUST_CODE_SIGNING CK_TRUST %s\n", getTrustString(trust->objectSigningFlags)); #ifdef notdef printf("CKA_TRUST_CLIENT_AUTH CK_TRUST CKT_NSS_TRUSTED\n"); printf("CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n"); printf("CKA_TRUST_NON_REPUDIATION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n"); printf("CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n"); printf("CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n"); printf("CKA_TRUST_KEY_AGREEMENT CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n"); printf("CKA_TRUST_KEY_CERT_SIGN CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n"); #endif step_up = (trust->sslFlags & CERTDB_GOVT_APPROVED_CA); printf("CKA_TRUST_STEP_UP_APPROVED CK_BBOOL %s\n", step_up ? "CK_TRUE" : "CK_FALSE"); PORT_Free(sdder->data); return (rv); } void printheader() { printf("# \n" "# This Source Code Form is subject to the terms of the Mozilla Public\n" "# License, v. 2.0. If a copy of the MPL was not distributed with this\n" "# file, You can obtain one at http://mozilla.org/MPL/2.0/.\n" "#\n" "# certdata.txt\n" "#\n" "# This file contains the object definitions for the certs and other\n" "# information \"built into\" NSS.\n" "#\n" "# Object definitions:\n" "#\n" "# Certificates\n" "#\n" "# -- Attribute -- -- type -- -- value --\n" "# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n" "# CKA_TOKEN CK_BBOOL CK_TRUE\n" "# CKA_PRIVATE CK_BBOOL CK_FALSE\n" "# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n" "# CKA_LABEL UTF8 (varies)\n" "# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n" "# CKA_SUBJECT DER+base64 (varies)\n" "# CKA_ID byte array (varies)\n" "# CKA_ISSUER DER+base64 (varies)\n" "# CKA_SERIAL_NUMBER DER+base64 (varies)\n" "# CKA_VALUE DER+base64 (varies)\n" "# CKA_NSS_EMAIL ASCII7 (unused here)\n" "#\n" "# Trust\n" "#\n" "# -- Attribute -- -- type -- -- value --\n" "# CKA_CLASS CK_OBJECT_CLASS CKO_TRUST\n" "# CKA_TOKEN CK_BBOOL CK_TRUE\n" "# CKA_PRIVATE CK_BBOOL CK_FALSE\n" "# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n" "# CKA_LABEL UTF8 (varies)\n" "# CKA_ISSUER DER+base64 (varies)\n" "# CKA_SERIAL_NUMBER DER+base64 (varies)\n" "# CKA_CERT_HASH binary+base64 (varies)\n" "# CKA_EXPIRES CK_DATE (not used here)\n" "# CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST (varies)\n" "# CKA_TRUST_NON_REPUDIATION CK_TRUST (varies)\n" "# CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST (varies)\n" "# CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST (varies)\n" "# CKA_TRUST_KEY_AGREEMENT CK_TRUST (varies)\n" "# CKA_TRUST_KEY_CERT_SIGN CK_TRUST (varies)\n" "# CKA_TRUST_CRL_SIGN CK_TRUST (varies)\n" "# CKA_TRUST_SERVER_AUTH CK_TRUST (varies)\n" "# CKA_TRUST_CLIENT_AUTH CK_TRUST (varies)\n" "# CKA_TRUST_CODE_SIGNING CK_TRUST (varies)\n" "# CKA_TRUST_EMAIL_PROTECTION CK_TRUST (varies)\n" "# CKA_TRUST_IPSEC_END_SYSTEM CK_TRUST (varies)\n" "# CKA_TRUST_IPSEC_TUNNEL CK_TRUST (varies)\n" "# CKA_TRUST_IPSEC_USER CK_TRUST (varies)\n" "# CKA_TRUST_TIME_STAMPING CK_TRUST (varies)\n" "# (other trust attributes can be defined)\n" "#\n" "\n" "#\n" "# The object to tell NSS that this is a root list and we don't\n" "# have to go looking for others.\n" "#\n" "BEGINDATA\n" "CKA_CLASS CK_OBJECT_CLASS CKO_NSS_BUILTIN_ROOT_LIST\n" "CKA_TOKEN CK_BBOOL CK_TRUE\n" "CKA_PRIVATE CK_BBOOL CK_FALSE\n" "CKA_MODIFIABLE CK_BBOOL CK_FALSE\n" "CKA_LABEL UTF8 \"Mozilla Builtin Roots\"\n"); } static void Usage(char *progName) { fprintf(stderr, "%s -t trust -n nickname [-i certfile] [-c] [-h]\n", progName); fprintf(stderr, "\tRead a der-encoded cert from certfile or stdin, and output\n" "\tit to stdout in a format suitable for the builtin root module.\n" "\tExample: %s -n MyCA -t \"C,C,C\" -i myca.der >> certdata.txt\n", progName); fprintf(stderr, "%s -D -n label [-i certfile]\n", progName); fprintf(stderr, "\tRead a der-encoded cert from certfile or stdin, and output\n" "\ta distrust record.\n" "\t(-D is equivalent to -t p,p,p -c -h)\n"); fprintf(stderr, "%s -C -e crl-entry-number -n label [-i crlfile]\n", progName); fprintf(stderr, "\tRead a CRL from crlfile or stdin, and output\n" "\ta distrust record (issuer+serial).\n" "\t(-C implies -c -h)\n"); fprintf(stderr, "%-15s trust flags (cCTpPuw).\n", "-t trust"); fprintf(stderr, "%-15s nickname to assign to builtin cert, or\n", "-n nickname"); fprintf(stderr, "%-15s a label for the distrust record.\n", ""); fprintf(stderr, "%-15s exclude the certificate (only add a trust record)\n", "-c"); fprintf(stderr, "%-15s exclude hash from trust record\n", "-h"); fprintf(stderr, "%-15s (useful to distrust any matching issuer/serial)\n", ""); fprintf(stderr, "%-15s (not allowed when adding positive trust)\n", ""); fprintf(stderr, "%-15s a CRL entry number, as shown by \"crlutil -S\"\n", "-e"); fprintf(stderr, "%-15s input file to read (default stdin)\n", "-i file"); fprintf(stderr, "%-15s (pipe through atob if the cert is b64-encoded)\n", ""); exit(-1); } enum { opt_Input = 0, opt_Nickname, opt_Trust, opt_Distrust, opt_ExcludeCert, opt_ExcludeHash, opt_DistrustCRL, opt_CRLEnry }; static secuCommandFlag addbuiltin_options[] = { { /* opt_Input */ 'i', PR_TRUE, 0, PR_FALSE }, { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE }, { /* opt_Trust */ 't', PR_TRUE, 0, PR_FALSE }, { /* opt_Distrust */ 'D', PR_FALSE, 0, PR_FALSE }, { /* opt_ExcludeCert */ 'c', PR_FALSE, 0, PR_FALSE }, { /* opt_ExcludeHash */ 'h', PR_FALSE, 0, PR_FALSE }, { /* opt_DistrustCRL */ 'C', PR_FALSE, 0, PR_FALSE }, { /* opt_CRLEnry */ 'e', PR_TRUE, 0, PR_FALSE }, }; int main(int argc, char **argv) { SECStatus rv; char *nickname = NULL; char *trusts = NULL; char *progName; PRFileDesc *infile; CERTCertTrust trust = { 0 }; SECItem derItem = { 0 }; PRInt32 crlentry = 0; PRInt32 mutuallyExclusiveOpts = 0; PRBool decodeTrust = PR_FALSE; secuCommand addbuiltin = { 0 }; addbuiltin.numOptions = sizeof(addbuiltin_options) / sizeof(secuCommandFlag); addbuiltin.options = addbuiltin_options; progName = strrchr(argv[0], '/'); progName = progName ? progName + 1 : argv[0]; rv = SECU_ParseCommandLine(argc, argv, progName, &addbuiltin); if (rv != SECSuccess) Usage(progName); if (addbuiltin.options[opt_Trust].activated) ++mutuallyExclusiveOpts; if (addbuiltin.options[opt_Distrust].activated) ++mutuallyExclusiveOpts; if (addbuiltin.options[opt_DistrustCRL].activated) ++mutuallyExclusiveOpts; if (mutuallyExclusiveOpts != 1) { fprintf(stderr, "%s: you must specify exactly one of -t or -D or -C\n", progName); Usage(progName); } if (addbuiltin.options[opt_DistrustCRL].activated) { if (!addbuiltin.options[opt_CRLEnry].activated) { fprintf(stderr, "%s: you must specify the CRL entry number.\n", progName); Usage(progName); } else { crlentry = atoi(addbuiltin.options[opt_CRLEnry].arg); if (crlentry < 1) { fprintf(stderr, "%s: The CRL entry number must be > 0.\n", progName); Usage(progName); } } } if (!addbuiltin.options[opt_Nickname].activated) { fprintf(stderr, "%s: you must specify parameter -n (a nickname or a label).\n", progName); Usage(progName); } if (addbuiltin.options[opt_Input].activated) { infile = PR_Open(addbuiltin.options[opt_Input].arg, PR_RDONLY, 00660); if (!infile) { fprintf(stderr, "%s: failed to open input file.\n", progName); exit(1); } } else { #if defined(WIN32) /* If we're going to read binary data from stdin, we must put stdin ** into O_BINARY mode or else incoming \r\n's will become \n's, ** and latin-1 characters will be altered. */ int smrv = _setmode(_fileno(stdin), _O_BINARY); if (smrv == -1) { fprintf(stderr, "%s: Cannot change stdin to binary mode. Use -i option instead.\n", progName); exit(1); } #endif infile = PR_STDIN; } #if defined(WIN32) /* We must put stdout into O_BINARY mode or else the output will include ** carriage returns. */ { int smrv = _setmode(_fileno(stdout), _O_BINARY); if (smrv == -1) { fprintf(stderr, "%s: Cannot change stdout to binary mode.\n", progName); exit(1); } } #endif nickname = strdup(addbuiltin.options[opt_Nickname].arg); NSS_NoDB_Init(NULL); if (addbuiltin.options[opt_Distrust].activated || addbuiltin.options[opt_DistrustCRL].activated) { addbuiltin.options[opt_ExcludeCert].activated = PR_TRUE; addbuiltin.options[opt_ExcludeHash].activated = PR_TRUE; } if (addbuiltin.options[opt_Distrust].activated) { trusts = strdup("p,p,p"); decodeTrust = PR_TRUE; } else if (addbuiltin.options[opt_Trust].activated) { trusts = strdup(addbuiltin.options[opt_Trust].arg); decodeTrust = PR_TRUE; } if (decodeTrust) { rv = CERT_DecodeTrustString(&trust, trusts); if (rv) { fprintf(stderr, "%s: incorrectly formatted trust string.\n", progName); Usage(progName); } } if (addbuiltin.options[opt_Trust].activated && addbuiltin.options[opt_ExcludeHash].activated) { if ((trust.sslFlags | trust.emailFlags | trust.objectSigningFlags) != CERTDB_TERMINAL_RECORD) { fprintf(stderr, "%s: Excluding the hash only allowed with distrust.\n", progName); Usage(progName); } } SECU_FileToItem(&derItem, infile); /*printheader();*/ if (addbuiltin.options[opt_DistrustCRL].activated) { rv = ConvertCRLEntry(&derItem, crlentry, nickname); } else { rv = ConvertCertificate(&derItem, nickname, &trust, addbuiltin.options[opt_ExcludeCert].activated, addbuiltin.options[opt_ExcludeHash].activated); if (rv) { fprintf(stderr, "%s: failed to convert certificate.\n", progName); exit(1); } } if (NSS_Shutdown() != SECSuccess) { exit(1); } return (SECSuccess); } nss-pem.git/nss/nss/cmd/addbuiltin/addbuiltin.gyp0000664000000000000000000000104513252671167017254 0ustar # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. { 'includes': [ '../../coreconf/config.gypi', '../../cmd/platlibs.gypi' ], 'targets': [ { 'target_name': 'addbuiltin', 'type': 'executable', 'sources': [ 'addbuiltin.c' ], 'dependencies': [ '<(DEPTH)/exports.gyp:nss_exports' ] } ], 'variables': { 'module': 'nss' } }nss-pem.git/nss/nss/cmd/addbuiltin/manifest.mn0000664000000000000000000000077413252671167016566 0ustar # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. CORE_DEPTH = ../.. # MODULE public and private header directories are implicitly REQUIRED. MODULE = nss CSRCS = \ addbuiltin.c \ $(NULL) # The MODULE is always implicitly required. # Listing it here in REQUIRES makes it appear twice in the cc command line. REQUIRES = seccmd PROGRAM = addbuiltin nss-pem.git/nss/nss/cmd/atob/0000775000000000000000000000000013252703344013213 5ustar nss-pem.git/nss/nss/cmd/atob/Makefile0000664000000000000000000000354013252671167014664 0ustar #! gmake # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. ####################################################################### # (1) Include initial platform-independent assignments (MANDATORY). # ####################################################################### include manifest.mn ####################################################################### # (2) Include "global" configuration information. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/config.mk ####################################################################### # (3) Include "component" configuration information. (OPTIONAL) # ####################################################################### ####################################################################### # (4) Include "local" platform-dependent assignments (OPTIONAL). # ####################################################################### include ../platlibs.mk ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/rules.mk ####################################################################### # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # ####################################################################### include ../platrules.mk nss-pem.git/nss/nss/cmd/atob/atob.c0000664000000000000000000001052513252671167014316 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "plgetopt.h" #include "secutil.h" #include "nssb64.h" #include #if defined(XP_WIN) || (defined(__sun) && !defined(SVR4)) #if !defined(WIN32) extern int fread(char *, size_t, size_t, FILE *); extern int fwrite(char *, size_t, size_t, FILE *); extern int fprintf(FILE *, char *, ...); #endif #endif #if defined(WIN32) #include "fcntl.h" #include "io.h" #endif static PRInt32 output_binary(void *arg, const unsigned char *obuf, PRInt32 size) { FILE *outFile = arg; int nb; nb = fwrite(obuf, 1, size, outFile); if (nb != size) { PORT_SetError(SEC_ERROR_IO); return -1; } return nb; } static PRBool isBase64Char(char c) { return ((c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') || c == '+' || c == '/' || c == '='); } static SECStatus decode_file(FILE *outFile, FILE *inFile) { NSSBase64Decoder *cx; SECStatus status = SECFailure; char ibuf[4096]; const char *ptr; cx = NSSBase64Decoder_Create(output_binary, outFile); if (!cx) { return -1; } for (;;) { if (feof(inFile)) break; if (!fgets(ibuf, sizeof(ibuf), inFile)) { if (ferror(inFile)) { PORT_SetError(SEC_ERROR_IO); goto loser; } /* eof */ break; } for (ptr = ibuf; *ptr; ++ptr) { char c = *ptr; if (c == '\n' || c == '\r') { break; /* found end of line */ } if (!isBase64Char(c)) { ptr = ibuf; /* ignore line */ break; } } if (ibuf == ptr) { continue; /* skip empty or non-base64 line */ } status = NSSBase64Decoder_Update(cx, ibuf, ptr - ibuf); if (status != SECSuccess) goto loser; } return NSSBase64Decoder_Destroy(cx, PR_FALSE); loser: (void)NSSBase64Decoder_Destroy(cx, PR_TRUE); return status; } static void Usage(char *progName) { fprintf(stderr, "Usage: %s [-i input] [-o output]\n", progName); fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", "-i input"); fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", "-o output"); exit(-1); } int main(int argc, char **argv) { char *progName; SECStatus rv; FILE *inFile, *outFile; PLOptState *optstate; PLOptStatus status; inFile = 0; outFile = 0; progName = strrchr(argv[0], '/'); progName = progName ? progName + 1 : argv[0]; /* Parse command line arguments */ optstate = PL_CreateOptState(argc, argv, "?hi:o:"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': case 'h': Usage(progName); break; case 'i': inFile = fopen(optstate->value, "r"); if (!inFile) { fprintf(stderr, "%s: unable to open \"%s\" for reading\n", progName, optstate->value); return -1; } break; case 'o': outFile = fopen(optstate->value, "wb"); if (!outFile) { fprintf(stderr, "%s: unable to open \"%s\" for writing\n", progName, optstate->value); return -1; } break; } } if (!inFile) inFile = stdin; if (!outFile) { #if defined(WIN32) int smrv = _setmode(_fileno(stdout), _O_BINARY); if (smrv == -1) { fprintf(stderr, "%s: Cannot change stdout to binary mode. Use -o option instead.\n", progName); return smrv; } #endif outFile = stdout; } rv = decode_file(outFile, inFile); if (rv != SECSuccess) { fprintf(stderr, "%s: lossage: error=%d errno=%d\n", progName, PORT_GetError(), errno); return -1; } return 0; } nss-pem.git/nss/nss/cmd/atob/atob.gyp0000664000000000000000000000120713252671167014670 0ustar # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. { 'includes': [ '../../coreconf/config.gypi', '../../cmd/platlibs.gypi' ], 'targets': [ { 'target_name': 'atob', 'type': 'executable', 'sources': [ 'atob.c' ], 'dependencies': [ '<(DEPTH)/exports.gyp:dbm_exports', '<(DEPTH)/exports.gyp:nss_exports' ] } ], 'target_defaults': { 'defines': [ 'NSPR20' ] }, 'variables': { 'module': 'nss' } }nss-pem.git/nss/nss/cmd/atob/manifest.mn0000664000000000000000000000112313252671167015361 0ustar # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. CORE_DEPTH = ../.. # MODULE public and private header directories are implicitly REQUIRED. MODULE = nss # This next line is used by .mk files # and gets translated into $LINCS in manifest.mnw # The MODULE is always implicitly required. # Listing it here in REQUIRES makes it appear twice in the cc command line. REQUIRES = seccmd dbm DEFINES = -DNSPR20 CSRCS = atob.c PROGRAM = atob nss-pem.git/nss/nss/cmd/bltest/0000775000000000000000000000000013252703344013563 5ustar nss-pem.git/nss/nss/cmd/bltest/Makefile0000664000000000000000000000377013252671167015241 0ustar #! gmake # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. ####################################################################### # (1) Include initial platform-independent assignments (MANDATORY). # ####################################################################### include manifest.mn #MKPROG = purify -cache-dir=/u/mcgreer/pcache -best-effort \ # -always-use-cache-dir $(CC) ####################################################################### # (2) Include "global" configuration information. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/config.mk ####################################################################### # (3) Include "component" configuration information. (OPTIONAL) # ####################################################################### ####################################################################### # (4) Include "local" platform-dependent assignments (OPTIONAL). # ####################################################################### include ../platlibs.mk #EXTRA_SHARED_LIBS += \ # -L/usr/lib \ # -lposix4 \ # $(NULL) ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/rules.mk ####################################################################### # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # ####################################################################### include ../platrules.mk nss-pem.git/nss/nss/cmd/bltest/blapitest.c0000664000000000000000000043653113252671167015741 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include #include #include "blapi.h" #include "secrng.h" #include "prmem.h" #include "prprf.h" #include "prtime.h" #include "prsystem.h" #include "plstr.h" #include "nssb64.h" #include "basicutil.h" #include "plgetopt.h" #include "softoken.h" #include "nspr.h" #include "secport.h" #include "secoid.h" #include "nssutil.h" #include "ecl-curve.h" #include "pkcs1_vectors.h" SECStatus EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams); SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, const ECParams *srcParams); char *progName; char *testdir = NULL; #define BLTEST_DEFAULT_CHUNKSIZE 4096 #define WORDSIZE sizeof(unsigned long) #define CHECKERROR(rv, ln) \ if (rv) { \ PRErrorCode prerror = PR_GetError(); \ PR_fprintf(PR_STDERR, "%s: ERR %d (%s) at line %d.\n", progName, \ prerror, PORT_ErrorToString(prerror), ln); \ exit(-1); \ } /* Macros for performance timing. */ #define TIMESTART() \ time1 = PR_IntervalNow(); #define TIMEFINISH(time, reps) \ time2 = (PRIntervalTime)(PR_IntervalNow() - time1); \ time1 = PR_IntervalToMilliseconds(time2); \ time = ((double)(time1)) / reps; #define TIMEMARK(seconds) \ time1 = PR_SecondsToInterval(seconds); \ { \ PRInt64 tmp; \ if (time2 == 0) { \ time2 = 1; \ } \ LL_DIV(tmp, time1, time2); \ if (tmp < 10) { \ if (tmp == 0) { \ opsBetweenChecks = 1; \ } else { \ LL_L2I(opsBetweenChecks, tmp); \ } \ } else { \ opsBetweenChecks = 10; \ } \ } \ time2 = time1; \ time1 = PR_IntervalNow(); #define TIMETOFINISH() \ PR_IntervalNow() - time1 >= time2 static void Usage() { #define PRINTUSAGE(subject, option, predicate) \ fprintf(stderr, "%10s %s\t%s\n", subject, option, predicate); fprintf(stderr, "\n"); PRINTUSAGE(progName, "[-DEHSVR]", "List available cipher modes"); /* XXX */ fprintf(stderr, "\n"); PRINTUSAGE(progName, "-E -m mode ", "Encrypt a buffer"); PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]"); PRINTUSAGE("", "", "[-b bufsize] [-g keysize] [-e exp] [-r rounds]"); PRINTUSAGE("", "", "[-w wordsize] [-p repetitions | -5 time_interval]"); PRINTUSAGE("", "", "[-4 th_num]"); PRINTUSAGE("", "-m", "cipher mode to use"); PRINTUSAGE("", "-i", "file which contains input buffer"); PRINTUSAGE("", "-o", "file for output buffer"); PRINTUSAGE("", "-k", "file which contains key"); PRINTUSAGE("", "-v", "file which contains initialization vector"); PRINTUSAGE("", "-b", "size of input buffer"); PRINTUSAGE("", "-g", "key size (in bytes)"); PRINTUSAGE("", "-p", "do performance test"); PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads"); PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)"); PRINTUSAGE("", "--aad", "File with contains additional auth data"); PRINTUSAGE("(rsa)", "-e", "rsa public exponent"); PRINTUSAGE("(rc5)", "-r", "number of rounds"); PRINTUSAGE("(rc5)", "-w", "wordsize (32 or 64)"); fprintf(stderr, "\n"); PRINTUSAGE(progName, "-D -m mode", "Decrypt a buffer"); PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]"); PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]"); PRINTUSAGE("", "-m", "cipher mode to use"); PRINTUSAGE("", "-i", "file which contains input buffer"); PRINTUSAGE("", "-o", "file for output buffer"); PRINTUSAGE("", "-k", "file which contains key"); PRINTUSAGE("", "-v", "file which contains initialization vector"); PRINTUSAGE("", "-p", "do performance test"); PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads"); PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)"); PRINTUSAGE("", "--aad", "File with contains additional auth data"); fprintf(stderr, "\n"); PRINTUSAGE(progName, "-H -m mode", "Hash a buffer"); PRINTUSAGE("", "", "[-i plaintext] [-o hash]"); PRINTUSAGE("", "", "[-b bufsize]"); PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]"); PRINTUSAGE("", "-m", "cipher mode to use"); PRINTUSAGE("", "-i", "file which contains input buffer"); PRINTUSAGE("", "-o", "file for hash"); PRINTUSAGE("", "-b", "size of input buffer"); PRINTUSAGE("", "-p", "do performance test"); PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads"); PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)"); fprintf(stderr, "\n"); PRINTUSAGE(progName, "-S -m mode", "Sign a buffer"); PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]"); PRINTUSAGE("", "", "[-b bufsize]"); PRINTUSAGE("", "", "[-n curvename]"); PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]"); PRINTUSAGE("", "-m", "cipher mode to use"); PRINTUSAGE("", "-i", "file which contains input buffer"); PRINTUSAGE("", "-o", "file for signature"); PRINTUSAGE("", "-k", "file which contains key"); PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:"); PRINTUSAGE("", "", " nistp256, nistp384, nistp521"); PRINTUSAGE("", "-p", "do performance test"); PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads"); PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)"); fprintf(stderr, "\n"); PRINTUSAGE(progName, "-V -m mode", "Verify a signed buffer"); PRINTUSAGE("", "", "[-i plaintext] [-s signature] [-k key]"); PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]"); PRINTUSAGE("", "-m", "cipher mode to use"); PRINTUSAGE("", "-i", "file which contains input buffer"); PRINTUSAGE("", "-s", "file which contains signature of input buffer"); PRINTUSAGE("", "-k", "file which contains key"); PRINTUSAGE("", "-p", "do performance test"); PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads"); PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)"); fprintf(stderr, "\n"); PRINTUSAGE(progName, "-N -m mode -b bufsize", "Create a nonce plaintext and key"); PRINTUSAGE("", "", "[-g keysize] [-u cxreps]"); PRINTUSAGE("", "-g", "key size (in bytes)"); PRINTUSAGE("", "-u", "number of repetitions of context creation"); fprintf(stderr, "\n"); PRINTUSAGE(progName, "-R [-g keysize] [-e exp]", "Test the RSA populate key function"); PRINTUSAGE("", "", "[-r repetitions]"); PRINTUSAGE("", "-g", "key size (in bytes)"); PRINTUSAGE("", "-e", "rsa public exponent"); PRINTUSAGE("", "-r", "repetitions of the test"); fprintf(stderr, "\n"); PRINTUSAGE(progName, "-F", "Run the FIPS self-test"); fprintf(stderr, "\n"); PRINTUSAGE(progName, "-T [-m mode1,mode2...]", "Run the BLAPI self-test"); fprintf(stderr, "\n"); exit(1); } /* Helper functions for ascii<-->binary conversion/reading/writing */ /* XXX argh */ struct item_with_arena { SECItem *item; PLArenaPool *arena; }; static PRInt32 get_binary(void *arg, const unsigned char *ibuf, PRInt32 size) { struct item_with_arena *it = arg; SECItem *binary = it->item; SECItem *tmp; int index; if (binary->data == NULL) { tmp = SECITEM_AllocItem(it->arena, NULL, size); binary->data = tmp->data; binary->len = tmp->len; index = 0; } else { SECITEM_ReallocItem(NULL, binary, binary->len, binary->len + size); index = binary->len; } PORT_Memcpy(&binary->data[index], ibuf, size); return binary->len; } static SECStatus atob(SECItem *ascii, SECItem *binary, PLArenaPool *arena) { SECStatus status; NSSBase64Decoder *cx; struct item_with_arena it; int len; binary->data = NULL; binary->len = 0; it.item = binary; it.arena = arena; len = (strncmp((const char *)&ascii->data[ascii->len - 2], "\r\n", 2)) ? ascii->len : ascii->len - 2; cx = NSSBase64Decoder_Create(get_binary, &it); status = NSSBase64Decoder_Update(cx, (const char *)ascii->data, len); status = NSSBase64Decoder_Destroy(cx, PR_FALSE); return status; } static PRInt32 output_ascii(void *arg, const char *obuf, PRInt32 size) { PRFileDesc *outfile = arg; PRInt32 nb = PR_Write(outfile, obuf, size); if (nb != size) { PORT_SetError(SEC_ERROR_IO); return -1; } return nb; } static SECStatus btoa_file(SECItem *binary, PRFileDesc *outfile) { SECStatus status; NSSBase64Encoder *cx; if (binary->len == 0) return SECSuccess; cx = NSSBase64Encoder_Create(output_ascii, outfile); status = NSSBase64Encoder_Update(cx, binary->data, binary->len); status = NSSBase64Encoder_Destroy(cx, PR_FALSE); status = PR_Write(outfile, "\r\n", 2); return status; } SECStatus hex_from_2char(unsigned char *c2, unsigned char *byteval) { int i; unsigned char offset; *byteval = 0; for (i = 0; i < 2; i++) { if (c2[i] >= '0' && c2[i] <= '9') { offset = c2[i] - '0'; *byteval |= offset << 4 * (1 - i); } else if (c2[i] >= 'a' && c2[i] <= 'f') { offset = c2[i] - 'a'; *byteval |= (offset + 10) << 4 * (1 - i); } else if (c2[i] >= 'A' && c2[i] <= 'F') { offset = c2[i] - 'A'; *byteval |= (offset + 10) << 4 * (1 - i); } else { return SECFailure; } } return SECSuccess; } SECStatus char2_from_hex(unsigned char byteval, char *c2) { int i; unsigned char offset; for (i = 0; i < 2; i++) { offset = (byteval >> 4 * (1 - i)) & 0x0f; if (offset < 10) { c2[i] = '0' + offset; } else { c2[i] = 'A' + offset - 10; } } return SECSuccess; } void serialize_key(SECItem *it, int ni, PRFileDesc *file) { unsigned char len[4]; int i; NSSBase64Encoder *cx; cx = NSSBase64Encoder_Create(output_ascii, file); for (i = 0; i < ni; i++, it++) { len[0] = (it->len >> 24) & 0xff; len[1] = (it->len >> 16) & 0xff; len[2] = (it->len >> 8) & 0xff; len[3] = (it->len & 0xff); NSSBase64Encoder_Update(cx, len, 4); NSSBase64Encoder_Update(cx, it->data, it->len); } NSSBase64Encoder_Destroy(cx, PR_FALSE); PR_Write(file, "\r\n", 2); } void key_from_filedata(PLArenaPool *arena, SECItem *it, int ns, int ni, SECItem *filedata) { int fpos = 0; int i, len; unsigned char *buf = filedata->data; for (i = 0; i < ni; i++) { len = (buf[fpos++] & 0xff) << 24; len |= (buf[fpos++] & 0xff) << 16; len |= (buf[fpos++] & 0xff) << 8; len |= (buf[fpos++] & 0xff); if (ns <= i) { if (len > 0) { it->len = len; it->data = PORT_ArenaAlloc(arena, it->len); PORT_Memcpy(it->data, &buf[fpos], it->len); } else { it->len = 0; it->data = NULL; } it++; } fpos += len; } } static RSAPrivateKey * rsakey_from_filedata(PLArenaPool *arena, SECItem *filedata) { RSAPrivateKey *key; key = (RSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(RSAPrivateKey)); key->arena = arena; key_from_filedata(arena, &key->version, 0, 9, filedata); return key; } static PQGParams * pqg_from_filedata(PLArenaPool *arena, SECItem *filedata) { PQGParams *pqg; pqg = (PQGParams *)PORT_ArenaZAlloc(arena, sizeof(PQGParams)); pqg->arena = arena; key_from_filedata(arena, &pqg->prime, 0, 3, filedata); return pqg; } static DSAPrivateKey * dsakey_from_filedata(PLArenaPool *arena, SECItem *filedata) { DSAPrivateKey *key; key = (DSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DSAPrivateKey)); key->params.arena = arena; key_from_filedata(arena, &key->params.prime, 0, 5, filedata); return key; } static ECPrivateKey * eckey_from_filedata(PLArenaPool *arena, SECItem *filedata) { ECPrivateKey *key; SECStatus rv; ECParams *tmpECParams = NULL; key = (ECPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(ECPrivateKey)); /* read and convert params */ key->ecParams.arena = arena; key_from_filedata(arena, &key->ecParams.DEREncoding, 0, 1, filedata); rv = SECOID_Init(); CHECKERROR(rv, __LINE__); rv = EC_DecodeParams(&key->ecParams.DEREncoding, &tmpECParams); CHECKERROR(rv, __LINE__); rv = EC_CopyParams(key->ecParams.arena, &key->ecParams, tmpECParams); CHECKERROR(rv, __LINE__); rv = SECOID_Shutdown(); CHECKERROR(rv, __LINE__); PORT_FreeArena(tmpECParams->arena, PR_TRUE); /* read key */ key_from_filedata(arena, &key->publicValue, 1, 3, filedata); return key; } typedef struct curveNameTagPairStr { char *curveName; SECOidTag curveOidTag; } CurveNameTagPair; static CurveNameTagPair nameTagPair[] = { { "sect163k1", SEC_OID_SECG_EC_SECT163K1 }, { "nistk163", SEC_OID_SECG_EC_SECT163K1 }, { "sect163r1", SEC_OID_SECG_EC_SECT163R1 }, { "sect163r2", SEC_OID_SECG_EC_SECT163R2 }, { "nistb163", SEC_OID_SECG_EC_SECT163R2 }, { "sect193r1", SEC_OID_SECG_EC_SECT193R1 }, { "sect193r2", SEC_OID_SECG_EC_SECT193R2 }, { "sect233k1", SEC_OID_SECG_EC_SECT233K1 }, { "nistk233", SEC_OID_SECG_EC_SECT233K1 }, { "sect233r1", SEC_OID_SECG_EC_SECT233R1 }, { "nistb233", SEC_OID_SECG_EC_SECT233R1 }, { "sect239k1", SEC_OID_SECG_EC_SECT239K1 }, { "sect283k1", SEC_OID_SECG_EC_SECT283K1 }, { "nistk283", SEC_OID_SECG_EC_SECT283K1 }, { "sect283r1", SEC_OID_SECG_EC_SECT283R1 }, { "nistb283", SEC_OID_SECG_EC_SECT283R1 }, { "sect409k1", SEC_OID_SECG_EC_SECT409K1 }, { "nistk409", SEC_OID_SECG_EC_SECT409K1 }, { "sect409r1", SEC_OID_SECG_EC_SECT409R1 }, { "nistb409", SEC_OID_SECG_EC_SECT409R1 }, { "sect571k1", SEC_OID_SECG_EC_SECT571K1 }, { "nistk571", SEC_OID_SECG_EC_SECT571K1 }, { "sect571r1", SEC_OID_SECG_EC_SECT571R1 }, { "nistb571", SEC_OID_SECG_EC_SECT571R1 }, { "secp160k1", SEC_OID_SECG_EC_SECP160K1 }, { "secp160r1", SEC_OID_SECG_EC_SECP160R1 }, { "secp160r2", SEC_OID_SECG_EC_SECP160R2 }, { "secp192k1", SEC_OID_SECG_EC_SECP192K1 }, { "secp192r1", SEC_OID_SECG_EC_SECP192R1 }, { "nistp192", SEC_OID_SECG_EC_SECP192R1 }, { "secp224k1", SEC_OID_SECG_EC_SECP224K1 }, { "secp224r1", SEC_OID_SECG_EC_SECP224R1 }, { "nistp224", SEC_OID_SECG_EC_SECP224R1 }, { "secp256k1", SEC_OID_SECG_EC_SECP256K1 }, { "secp256r1", SEC_OID_SECG_EC_SECP256R1 }, { "nistp256", SEC_OID_SECG_EC_SECP256R1 }, { "secp384r1", SEC_OID_SECG_EC_SECP384R1 }, { "nistp384", SEC_OID_SECG_EC_SECP384R1 }, { "secp521r1", SEC_OID_SECG_EC_SECP521R1 }, { "nistp521", SEC_OID_SECG_EC_SECP521R1 }, { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 }, { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 }, { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 }, { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 }, { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 }, { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 }, { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 }, { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 }, { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 }, { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 }, { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 }, { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 }, { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 }, { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 }, { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 }, { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 }, { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 }, { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 }, { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 }, { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 }, { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 }, { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 }, { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 }, { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 }, { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 }, { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 }, { "secp112r1", SEC_OID_SECG_EC_SECP112R1 }, { "secp112r2", SEC_OID_SECG_EC_SECP112R2 }, { "secp128r1", SEC_OID_SECG_EC_SECP128R1 }, { "secp128r2", SEC_OID_SECG_EC_SECP128R2 }, { "sect113r1", SEC_OID_SECG_EC_SECT113R1 }, { "sect113r2", SEC_OID_SECG_EC_SECT113R2 }, { "sect131r1", SEC_OID_SECG_EC_SECT131R1 }, { "sect131r2", SEC_OID_SECG_EC_SECT131R2 }, { "curve25519", SEC_OID_CURVE25519 }, }; static SECItem * getECParams(const char *curve) { SECItem *ecparams; SECOidData *oidData = NULL; SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */ int i, numCurves; if (curve != NULL) { numCurves = sizeof(nameTagPair) / sizeof(CurveNameTagPair); for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); i++) { if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) curveOidTag = nameTagPair[i].curveOidTag; } } /* Return NULL if curve name is not recognized */ if ((curveOidTag == SEC_OID_UNKNOWN) || (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) { fprintf(stderr, "Unrecognized elliptic curve %s\n", curve); return NULL; } ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len)); /* * ecparams->data needs to contain the ASN encoding of an object ID (OID) * representing the named curve. The actual OID is in * oidData->oid.data so we simply prepend 0x06 and OID length */ ecparams->data[0] = SEC_ASN1_OBJECT_ID; ecparams->data[1] = oidData->oid.len; memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len); return ecparams; } static void dump_pqg(PQGParams *pqg) { SECU_PrintInteger(stdout, &pqg->prime, "PRIME:", 0); SECU_PrintInteger(stdout, &pqg->subPrime, "SUBPRIME:", 0); SECU_PrintInteger(stdout, &pqg->base, "BASE:", 0); } static void dump_dsakey(DSAPrivateKey *key) { dump_pqg(&key->params); SECU_PrintInteger(stdout, &key->publicValue, "PUBLIC VALUE:", 0); SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0); } static void dump_ecp(ECParams *ecp) { /* TODO other fields */ SECU_PrintInteger(stdout, &ecp->base, "BASE POINT:", 0); } static void dump_eckey(ECPrivateKey *key) { dump_ecp(&key->ecParams); SECU_PrintInteger(stdout, &key->publicValue, "PUBLIC VALUE:", 0); SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0); } static void dump_rsakey(RSAPrivateKey *key) { SECU_PrintInteger(stdout, &key->version, "VERSION:", 0); SECU_PrintInteger(stdout, &key->modulus, "MODULUS:", 0); SECU_PrintInteger(stdout, &key->publicExponent, "PUBLIC EXP:", 0); SECU_PrintInteger(stdout, &key->privateExponent, "PRIVATE EXP:", 0); SECU_PrintInteger(stdout, &key->prime1, "CRT PRIME 1:", 0); SECU_PrintInteger(stdout, &key->prime2, "CRT PRIME 2:", 0); SECU_PrintInteger(stdout, &key->exponent1, "CRT EXP 1:", 0); SECU_PrintInteger(stdout, &key->exponent2, "CRT EXP 2:", 0); SECU_PrintInteger(stdout, &key->coefficient, "CRT COEFFICIENT:", 0); } typedef enum { bltestBase64Encoded, /* Base64 encoded ASCII */ bltestBinary, /* straight binary */ bltestHexSpaceDelim, /* 0x12 0x34 0xab 0xCD ... */ bltestHexStream /* 1234abCD ... */ } bltestIOMode; typedef struct { SECItem buf; SECItem pBuf; bltestIOMode mode; PRFileDesc *file; } bltestIO; typedef SECStatus (*bltestSymmCipherFn)(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen); typedef SECStatus (*bltestAEADFn)(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen, const unsigned char *nonce, unsigned int nonceLen, const unsigned char *ad, unsigned int adLen); typedef SECStatus (*bltestPubKeyCipherFn)(void *key, SECItem *output, const SECItem *input); typedef SECStatus (*bltestHashCipherFn)(unsigned char *dest, const unsigned char *src, PRUint32 src_length); /* Note: Algorithms are grouped in order to support is_symmkeyCipher / * is_pubkeyCipher / is_hashCipher / is_sigCipher */ typedef enum { bltestINVALID = -1, bltestDES_ECB, /* Symmetric Key Ciphers */ bltestDES_CBC, /* . */ bltestDES_EDE_ECB, /* . */ bltestDES_EDE_CBC, /* . */ bltestRC2_ECB, /* . */ bltestRC2_CBC, /* . */ bltestRC4, /* . */ #ifdef NSS_SOFTOKEN_DOES_RC5 bltestRC5_ECB, /* . */ bltestRC5_CBC, /* . */ #endif bltestAES_ECB, /* . */ bltestAES_CBC, /* . */ bltestAES_CTS, /* . */ bltestAES_CTR, /* . */ bltestAES_GCM, /* . */ bltestCAMELLIA_ECB, /* . */ bltestCAMELLIA_CBC, /* . */ bltestSEED_ECB, /* SEED algorithm */ bltestSEED_CBC, /* SEED algorithm */ bltestCHACHA20, /* ChaCha20 + Poly1305 */ bltestRSA, /* Public Key Ciphers */ bltestRSA_OAEP, /* . (Public Key Enc.) */ bltestRSA_PSS, /* . (Public Key Sig.) */ bltestECDSA, /* . (Public Key Sig.) */ bltestDSA, /* . (Public Key Sig.) */ bltestMD2, /* Hash algorithms */ bltestMD5, /* . */ bltestSHA1, /* . */ bltestSHA224, /* . */ bltestSHA256, /* . */ bltestSHA384, /* . */ bltestSHA512, /* . */ NUMMODES } bltestCipherMode; static char *mode_strings[] = { "des_ecb", "des_cbc", "des3_ecb", "des3_cbc", "rc2_ecb", "rc2_cbc", "rc4", #ifdef NSS_SOFTOKEN_DOES_RC5 "rc5_ecb", "rc5_cbc", #endif "aes_ecb", "aes_cbc", "aes_cts", "aes_ctr", "aes_gcm", "camellia_ecb", "camellia_cbc", "seed_ecb", "seed_cbc", "chacha20_poly1305", "rsa", "rsa_oaep", "rsa_pss", "ecdsa", /*"pqg",*/ "dsa", "md2", "md5", "sha1", "sha224", "sha256", "sha384", "sha512", }; typedef struct { bltestIO key; bltestIO iv; } bltestSymmKeyParams; typedef struct { bltestSymmKeyParams sk; /* must be first */ bltestIO aad; } bltestAuthSymmKeyParams; typedef struct { bltestIO key; bltestIO iv; int rounds; int wordsize; } bltestRC5Params; typedef struct { bltestIO key; int keysizeInBits; /* OAEP & PSS */ HASH_HashType hashAlg; HASH_HashType maskHashAlg; bltestIO seed; /* salt if PSS */ } bltestRSAParams; typedef struct { bltestIO pqgdata; unsigned int keysize; bltestIO keyseed; bltestIO sigseed; PQGParams *pqg; } bltestDSAParams; typedef struct { char *curveName; bltestIO sigseed; } bltestECDSAParams; typedef struct { bltestIO key; void *privKey; void *pubKey; bltestIO sig; /* if doing verify, the signature (which may come * from sigfile. */ union { bltestRSAParams rsa; bltestDSAParams dsa; bltestECDSAParams ecdsa; } cipherParams; } bltestAsymKeyParams; typedef struct { bltestIO key; /* unused */ PRBool restart; } bltestHashParams; typedef union { bltestIO key; bltestSymmKeyParams sk; bltestAuthSymmKeyParams ask; bltestRC5Params rc5; bltestAsymKeyParams asymk; bltestHashParams hash; } bltestParams; typedef struct bltestCipherInfoStr bltestCipherInfo; struct bltestCipherInfoStr { PLArenaPool *arena; /* link to next in multithreaded test */ bltestCipherInfo *next; PRThread *cipherThread; /* MonteCarlo test flag*/ PRBool mCarlo; /* cipher context */ void *cx; /* I/O streams */ bltestIO input; bltestIO output; /* Cipher-specific parameters */ bltestParams params; /* Cipher mode */ bltestCipherMode mode; /* Cipher function (encrypt/decrypt/sign/verify/hash) */ union { bltestSymmCipherFn symmkeyCipher; bltestAEADFn aeadCipher; bltestPubKeyCipherFn pubkeyCipher; bltestHashCipherFn hashCipher; } cipher; /* performance testing */ int repetitionsToPerfom; int seconds; int repetitions; int cxreps; double cxtime; double optime; }; PRBool is_symmkeyCipher(bltestCipherMode mode) { /* change as needed! */ if (mode >= bltestDES_ECB && mode <= bltestSEED_CBC) return PR_TRUE; return PR_FALSE; } PRBool is_aeadCipher(bltestCipherMode mode) { /* change as needed! */ switch (mode) { case bltestCHACHA20: return PR_TRUE; default: return PR_FALSE; } } PRBool is_authCipher(bltestCipherMode mode) { /* change as needed! */ switch (mode) { case bltestAES_GCM: case bltestCHACHA20: return PR_TRUE; default: return PR_FALSE; } } PRBool is_singleShotCipher(bltestCipherMode mode) { /* change as needed! */ switch (mode) { case bltestAES_GCM: case bltestAES_CTS: case bltestCHACHA20: return PR_TRUE; default: return PR_FALSE; } } PRBool is_pubkeyCipher(bltestCipherMode mode) { /* change as needed! */ if (mode >= bltestRSA && mode <= bltestDSA) return PR_TRUE; return PR_FALSE; } PRBool is_hashCipher(bltestCipherMode mode) { /* change as needed! */ if (mode >= bltestMD2 && mode <= bltestSHA512) return PR_TRUE; return PR_FALSE; } PRBool is_sigCipher(bltestCipherMode mode) { /* change as needed! */ if (mode >= bltestRSA_PSS && mode <= bltestDSA) return PR_TRUE; return PR_FALSE; } PRBool cipher_requires_IV(bltestCipherMode mode) { /* change as needed! */ switch (mode) { case bltestDES_CBC: case bltestDES_EDE_CBC: case bltestRC2_CBC: #ifdef NSS_SOFTOKEN_DOES_RC5 case bltestRC5_CBC: #endif case bltestAES_CBC: case bltestAES_CTS: case bltestAES_CTR: case bltestAES_GCM: case bltestCAMELLIA_CBC: case bltestSEED_CBC: case bltestCHACHA20: return PR_TRUE; default: return PR_FALSE; } } SECStatus finishIO(bltestIO *output, PRFileDesc *file); SECStatus setupIO(PLArenaPool *arena, bltestIO *input, PRFileDesc *file, char *str, int numBytes) { SECStatus rv = SECSuccess; SECItem fileData; SECItem *in; unsigned char *tok; unsigned int i, j; PRBool needToFreeFile = PR_FALSE; if (file && (numBytes == 0 || file == PR_STDIN)) { /* grabbing data from a file */ rv = SECU_FileToItem(&fileData, file); if (rv != SECSuccess) return SECFailure; in = &fileData; needToFreeFile = PR_TRUE; } else if (str) { /* grabbing data from command line */ fileData.data = (unsigned char *)str; fileData.len = PL_strlen(str); in = &fileData; } else if (file) { /* create nonce */ SECITEM_AllocItem(arena, &input->buf, numBytes); RNG_GenerateGlobalRandomBytes(input->buf.data, numBytes); return finishIO(input, file); } else { return SECFailure; } switch (input->mode) { case bltestBase64Encoded: if (in->len == 0) { input->buf.data = NULL; input->buf.len = 0; break; } rv = atob(in, &input->buf, arena); break; case bltestBinary: if (in->len == 0) { input->buf.data = NULL; input->buf.len = 0; break; } if (in->data[in->len - 1] == '\n') --in->len; if (in->data[in->len - 1] == '\r') --in->len; rv = SECITEM_CopyItem(arena, &input->buf, in); break; case bltestHexSpaceDelim: SECITEM_AllocItem(arena, &input->buf, in->len / 5); for (i = 0, j = 0; i < in->len; i += 5, j++) { tok = &in->data[i]; if (tok[0] != '0' || tok[1] != 'x' || tok[4] != ' ') /* bad hex token */ break; rv = hex_from_2char(&tok[2], input->buf.data + j); if (rv) break; } break; case bltestHexStream: SECITEM_AllocItem(arena, &input->buf, in->len / 2); for (i = 0, j = 0; i < in->len; i += 2, j++) { tok = &in->data[i]; rv = hex_from_2char(tok, input->buf.data + j); if (rv) break; } break; } if (needToFreeFile) SECITEM_FreeItem(&fileData, PR_FALSE); return rv; } SECStatus finishIO(bltestIO *output, PRFileDesc *file) { SECStatus rv = SECSuccess; PRInt32 nb; unsigned char byteval; SECItem *it; char hexstr[5]; unsigned int i; if (output->pBuf.len > 0) { it = &output->pBuf; } else { it = &output->buf; } switch (output->mode) { case bltestBase64Encoded: rv = btoa_file(it, file); break; case bltestBinary: nb = PR_Write(file, it->data, it->len); rv = (nb == (PRInt32)it->len) ? SECSuccess : SECFailure; break; case bltestHexSpaceDelim: hexstr[0] = '0'; hexstr[1] = 'x'; hexstr[4] = ' '; for (i = 0; i < it->len; i++) { byteval = it->data[i]; rv = char2_from_hex(byteval, hexstr + 2); nb = PR_Write(file, hexstr, 5); if (rv) break; } PR_Write(file, "\n", 1); break; case bltestHexStream: for (i = 0; i < it->len; i++) { byteval = it->data[i]; rv = char2_from_hex(byteval, hexstr); if (rv) break; nb = PR_Write(file, hexstr, 2); } PR_Write(file, "\n", 1); break; } return rv; } SECStatus bltestCopyIO(PLArenaPool *arena, bltestIO *dest, bltestIO *src) { if (SECITEM_CopyItem(arena, &dest->buf, &src->buf) != SECSuccess) { return SECFailure; } if (src->pBuf.len > 0) { dest->pBuf.len = src->pBuf.len; dest->pBuf.data = dest->buf.data + (src->pBuf.data - src->buf.data); } dest->mode = src->mode; dest->file = src->file; return SECSuccess; } void misalignBuffer(PLArenaPool *arena, bltestIO *io, int off) { ptrdiff_t offset = (ptrdiff_t)io->buf.data % WORDSIZE; int length = io->buf.len; if (offset != off) { SECITEM_ReallocItemV2(arena, &io->buf, length + 2 * WORDSIZE); /* offset may have changed? */ offset = (ptrdiff_t)io->buf.data % WORDSIZE; if (offset != off) { memmove(io->buf.data + off, io->buf.data, length); io->pBuf.data = io->buf.data + off; io->pBuf.len = length; } else { io->pBuf.data = io->buf.data; io->pBuf.len = length; } } else { io->pBuf.data = io->buf.data; io->pBuf.len = length; } } SECStatus des_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen) { return DES_Encrypt((DESContext *)cx, output, outputLen, maxOutputLen, input, inputLen); } SECStatus des_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen) { return DES_Decrypt((DESContext *)cx, output, outputLen, maxOutputLen, input, inputLen); } SECStatus rc2_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen) { return RC2_Encrypt((RC2Context *)cx, output, outputLen, maxOutputLen, input, inputLen); } SECStatus rc2_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen) { return RC2_Decrypt((RC2Context *)cx, output, outputLen, maxOutputLen, input, inputLen); } SECStatus rc4_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen) { return RC4_Encrypt((RC4Context *)cx, output, outputLen, maxOutputLen, input, inputLen); } SECStatus rc4_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen) { return RC4_Decrypt((RC4Context *)cx, output, outputLen, maxOutputLen, input, inputLen); } SECStatus aes_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen) { return AES_Encrypt((AESContext *)cx, output, outputLen, maxOutputLen, input, inputLen); } SECStatus aes_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen) { return AES_Decrypt((AESContext *)cx, output, outputLen, maxOutputLen, input, inputLen); } SECStatus chacha20_poly1305_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen, const unsigned char *nonce, unsigned int nonceLen, const unsigned char *ad, unsigned int adLen) { return ChaCha20Poly1305_Seal((ChaCha20Poly1305Context *)cx, output, outputLen, maxOutputLen, input, inputLen, nonce, nonceLen, ad, adLen); } SECStatus chacha20_poly1305_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen, const unsigned char *nonce, unsigned int nonceLen, const unsigned char *ad, unsigned int adLen) { return ChaCha20Poly1305_Open((ChaCha20Poly1305Context *)cx, output, outputLen, maxOutputLen, input, inputLen, nonce, nonceLen, ad, adLen); } SECStatus camellia_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen) { return Camellia_Encrypt((CamelliaContext *)cx, output, outputLen, maxOutputLen, input, inputLen); } SECStatus camellia_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen) { return Camellia_Decrypt((CamelliaContext *)cx, output, outputLen, maxOutputLen, input, inputLen); } SECStatus seed_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen) { return SEED_Encrypt((SEEDContext *)cx, output, outputLen, maxOutputLen, input, inputLen); } SECStatus seed_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen) { return SEED_Decrypt((SEEDContext *)cx, output, outputLen, maxOutputLen, input, inputLen); } SECStatus rsa_PublicKeyOp(void *cx, SECItem *output, const SECItem *input) { bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx; RSAPublicKey *pubKey = (RSAPublicKey *)params->pubKey; SECStatus rv = RSA_PublicKeyOp(pubKey, output->data, input->data); if (rv == SECSuccess) { output->len = pubKey->modulus.data[0] ? pubKey->modulus.len : pubKey->modulus.len - 1; } return rv; } SECStatus rsa_PrivateKeyOp(void *cx, SECItem *output, const SECItem *input) { bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx; RSAPrivateKey *privKey = (RSAPrivateKey *)params->privKey; SECStatus rv = RSA_PrivateKeyOp(privKey, output->data, input->data); if (rv == SECSuccess) { output->len = privKey->modulus.data[0] ? privKey->modulus.len : privKey->modulus.len - 1; } return rv; } SECStatus rsa_signDigestPSS(void *cx, SECItem *output, const SECItem *input) { bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx; bltestRSAParams *rsaParams = ¶ms->cipherParams.rsa; return RSA_SignPSS((RSAPrivateKey *)params->privKey, rsaParams->hashAlg, rsaParams->maskHashAlg, rsaParams->seed.buf.data, rsaParams->seed.buf.len, output->data, &output->len, output->len, input->data, input->len); } SECStatus rsa_verifyDigestPSS(void *cx, SECItem *output, const SECItem *input) { bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx; bltestRSAParams *rsaParams = ¶ms->cipherParams.rsa; return RSA_CheckSignPSS((RSAPublicKey *)params->pubKey, rsaParams->hashAlg, rsaParams->maskHashAlg, rsaParams->seed.buf.len, output->data, output->len, input->data, input->len); } SECStatus rsa_encryptOAEP(void *cx, SECItem *output, const SECItem *input) { bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx; bltestRSAParams *rsaParams = ¶ms->cipherParams.rsa; return RSA_EncryptOAEP((RSAPublicKey *)params->pubKey, rsaParams->hashAlg, rsaParams->maskHashAlg, NULL, 0, rsaParams->seed.buf.data, rsaParams->seed.buf.len, output->data, &output->len, output->len, input->data, input->len); } SECStatus rsa_decryptOAEP(void *cx, SECItem *output, const SECItem *input) { bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx; bltestRSAParams *rsaParams = ¶ms->cipherParams.rsa; return RSA_DecryptOAEP((RSAPrivateKey *)params->privKey, rsaParams->hashAlg, rsaParams->maskHashAlg, NULL, 0, output->data, &output->len, output->len, input->data, input->len); } SECStatus dsa_signDigest(void *cx, SECItem *output, const SECItem *input) { bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx; if (params->cipherParams.dsa.sigseed.buf.len > 0) { return DSA_SignDigestWithSeed((DSAPrivateKey *)params->privKey, output, input, params->cipherParams.dsa.sigseed.buf.data); } return DSA_SignDigest((DSAPrivateKey *)params->privKey, output, input); } SECStatus dsa_verifyDigest(void *cx, SECItem *output, const SECItem *input) { bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx; return DSA_VerifyDigest((DSAPublicKey *)params->pubKey, output, input); } SECStatus ecdsa_signDigest(void *cx, SECItem *output, const SECItem *input) { bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx; if (params->cipherParams.ecdsa.sigseed.buf.len > 0) { return ECDSA_SignDigestWithSeed( (ECPrivateKey *)params->privKey, output, input, params->cipherParams.ecdsa.sigseed.buf.data, params->cipherParams.ecdsa.sigseed.buf.len); } return ECDSA_SignDigest((ECPrivateKey *)params->privKey, output, input); } SECStatus ecdsa_verifyDigest(void *cx, SECItem *output, const SECItem *input) { bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx; return ECDSA_VerifyDigest((ECPublicKey *)params->pubKey, output, input); } SECStatus bltest_des_init(bltestCipherInfo *cipherInfo, PRBool encrypt) { PRIntervalTime time1, time2; bltestSymmKeyParams *desp = &cipherInfo->params.sk; int minorMode; int i; switch (cipherInfo->mode) { case bltestDES_ECB: minorMode = NSS_DES; break; case bltestDES_CBC: minorMode = NSS_DES_CBC; break; case bltestDES_EDE_ECB: minorMode = NSS_DES_EDE3; break; case bltestDES_EDE_CBC: minorMode = NSS_DES_EDE3_CBC; break; default: return SECFailure; } cipherInfo->cx = (void *)DES_CreateContext(desp->key.buf.data, desp->iv.buf.data, minorMode, encrypt); if (cipherInfo->cxreps > 0) { DESContext **dummycx; dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(DESContext *)); TIMESTART(); for (i = 0; i < cipherInfo->cxreps; i++) { dummycx[i] = (void *)DES_CreateContext(desp->key.buf.data, desp->iv.buf.data, minorMode, encrypt); } TIMEFINISH(cipherInfo->cxtime, 1.0); for (i = 0; i < cipherInfo->cxreps; i++) { DES_DestroyContext(dummycx[i], PR_TRUE); } PORT_Free(dummycx); } if (encrypt) cipherInfo->cipher.symmkeyCipher = des_Encrypt; else cipherInfo->cipher.symmkeyCipher = des_Decrypt; return SECSuccess; } SECStatus bltest_rc2_init(bltestCipherInfo *cipherInfo, PRBool encrypt) { PRIntervalTime time1, time2; bltestSymmKeyParams *rc2p = &cipherInfo->params.sk; int minorMode; int i; switch (cipherInfo->mode) { case bltestRC2_ECB: minorMode = NSS_RC2; break; case bltestRC2_CBC: minorMode = NSS_RC2_CBC; break; default: return SECFailure; } cipherInfo->cx = (void *)RC2_CreateContext(rc2p->key.buf.data, rc2p->key.buf.len, rc2p->iv.buf.data, minorMode, rc2p->key.buf.len); if (cipherInfo->cxreps > 0) { RC2Context **dummycx; dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC2Context *)); TIMESTART(); for (i = 0; i < cipherInfo->cxreps; i++) { dummycx[i] = (void *)RC2_CreateContext(rc2p->key.buf.data, rc2p->key.buf.len, rc2p->iv.buf.data, minorMode, rc2p->key.buf.len); } TIMEFINISH(cipherInfo->cxtime, 1.0); for (i = 0; i < cipherInfo->cxreps; i++) { RC2_DestroyContext(dummycx[i], PR_TRUE); } PORT_Free(dummycx); } if (encrypt) cipherInfo->cipher.symmkeyCipher = rc2_Encrypt; else cipherInfo->cipher.symmkeyCipher = rc2_Decrypt; return SECSuccess; } SECStatus bltest_rc4_init(bltestCipherInfo *cipherInfo, PRBool encrypt) { PRIntervalTime time1, time2; int i; bltestSymmKeyParams *rc4p = &cipherInfo->params.sk; cipherInfo->cx = (void *)RC4_CreateContext(rc4p->key.buf.data, rc4p->key.buf.len); if (cipherInfo->cxreps > 0) { RC4Context **dummycx; dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC4Context *)); TIMESTART(); for (i = 0; i < cipherInfo->cxreps; i++) { dummycx[i] = (void *)RC4_CreateContext(rc4p->key.buf.data, rc4p->key.buf.len); } TIMEFINISH(cipherInfo->cxtime, 1.0); for (i = 0; i < cipherInfo->cxreps; i++) { RC4_DestroyContext(dummycx[i], PR_TRUE); } PORT_Free(dummycx); } if (encrypt) cipherInfo->cipher.symmkeyCipher = rc4_Encrypt; else cipherInfo->cipher.symmkeyCipher = rc4_Decrypt; return SECSuccess; } SECStatus bltest_rc5_init(bltestCipherInfo *cipherInfo, PRBool encrypt) { #ifdef NSS_SOFTOKEN_DOES_RC5 PRIntervalTime time1, time2; bltestRC5Params *rc5p = &cipherInfo->params.rc5; int minorMode; switch (cipherInfo->mode) { case bltestRC5_ECB: minorMode = NSS_RC5; break; case bltestRC5_CBC: minorMode = NSS_RC5_CBC; break; default: return SECFailure; } TIMESTART(); cipherInfo->cx = (void *)RC5_CreateContext(&rc5p->key.buf, rc5p->rounds, rc5p->wordsize, rc5p->iv.buf.data, minorMode); TIMEFINISH(cipherInfo->cxtime, 1.0); if (encrypt) cipherInfo->cipher.symmkeyCipher = RC5_Encrypt; else cipherInfo->cipher.symmkeyCipher = RC5_Decrypt; return SECSuccess; #else return SECFailure; #endif } SECStatus bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt) { bltestSymmKeyParams *aesp = &cipherInfo->params.sk; bltestAuthSymmKeyParams *gcmp = &cipherInfo->params.ask; int minorMode; int i; int keylen = aesp->key.buf.len; unsigned int blocklen = AES_BLOCK_SIZE; PRIntervalTime time1, time2; unsigned char *params; int len; CK_AES_CTR_PARAMS ctrParams; CK_GCM_PARAMS gcmParams; params = aesp->iv.buf.data; switch (cipherInfo->mode) { case bltestAES_ECB: minorMode = NSS_AES; break; case bltestAES_CBC: minorMode = NSS_AES_CBC; break; case bltestAES_CTS: minorMode = NSS_AES_CTS; break; case bltestAES_CTR: minorMode = NSS_AES_CTR; ctrParams.ulCounterBits = 32; len = PR_MIN(aesp->iv.buf.len, blocklen); PORT_Memset(ctrParams.cb, 0, blocklen); PORT_Memcpy(ctrParams.cb, aesp->iv.buf.data, len); params = (unsigned char *)&ctrParams; break; case bltestAES_GCM: minorMode = NSS_AES_GCM; gcmParams.pIv = gcmp->sk.iv.buf.data; gcmParams.ulIvLen = gcmp->sk.iv.buf.len; gcmParams.pAAD = gcmp->aad.buf.data; gcmParams.ulAADLen = gcmp->aad.buf.len; gcmParams.ulTagBits = blocklen * 8; params = (unsigned char *)&gcmParams; break; default: return SECFailure; } cipherInfo->cx = (void *)AES_CreateContext(aesp->key.buf.data, params, minorMode, encrypt, keylen, blocklen); if (cipherInfo->cxreps > 0) { AESContext **dummycx; dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(AESContext *)); TIMESTART(); for (i = 0; i < cipherInfo->cxreps; i++) { dummycx[i] = (void *)AES_CreateContext(aesp->key.buf.data, params, minorMode, encrypt, keylen, blocklen); } TIMEFINISH(cipherInfo->cxtime, 1.0); for (i = 0; i < cipherInfo->cxreps; i++) { AES_DestroyContext(dummycx[i], PR_TRUE); } PORT_Free(dummycx); } if (encrypt) cipherInfo->cipher.symmkeyCipher = aes_Encrypt; else cipherInfo->cipher.symmkeyCipher = aes_Decrypt; return SECSuccess; } SECStatus bltest_camellia_init(bltestCipherInfo *cipherInfo, PRBool encrypt) { bltestSymmKeyParams *camelliap = &cipherInfo->params.sk; int minorMode; int i; int keylen = camelliap->key.buf.len; PRIntervalTime time1, time2; switch (cipherInfo->mode) { case bltestCAMELLIA_ECB: minorMode = NSS_CAMELLIA; break; case bltestCAMELLIA_CBC: minorMode = NSS_CAMELLIA_CBC; break; default: return SECFailure; } cipherInfo->cx = (void *)Camellia_CreateContext(camelliap->key.buf.data, camelliap->iv.buf.data, minorMode, encrypt, keylen); if (cipherInfo->cxreps > 0) { CamelliaContext **dummycx; dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(CamelliaContext *)); TIMESTART(); for (i = 0; i < cipherInfo->cxreps; i++) { dummycx[i] = (void *)Camellia_CreateContext(camelliap->key.buf.data, camelliap->iv.buf.data, minorMode, encrypt, keylen); } TIMEFINISH(cipherInfo->cxtime, 1.0); for (i = 0; i < cipherInfo->cxreps; i++) { Camellia_DestroyContext(dummycx[i], PR_TRUE); } PORT_Free(dummycx); } if (encrypt) cipherInfo->cipher.symmkeyCipher = camellia_Encrypt; else cipherInfo->cipher.symmkeyCipher = camellia_Decrypt; return SECSuccess; } SECStatus bltest_seed_init(bltestCipherInfo *cipherInfo, PRBool encrypt) { PRIntervalTime time1, time2; bltestSymmKeyParams *seedp = &cipherInfo->params.sk; int minorMode; int i; switch (cipherInfo->mode) { case bltestSEED_ECB: minorMode = NSS_SEED; break; case bltestSEED_CBC: minorMode = NSS_SEED_CBC; break; default: return SECFailure; } cipherInfo->cx = (void *)SEED_CreateContext(seedp->key.buf.data, seedp->iv.buf.data, minorMode, encrypt); if (cipherInfo->cxreps > 0) { SEEDContext **dummycx; dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(SEEDContext *)); TIMESTART(); for (i = 0; i < cipherInfo->cxreps; i++) { dummycx[i] = (void *)SEED_CreateContext(seedp->key.buf.data, seedp->iv.buf.data, minorMode, encrypt); } TIMEFINISH(cipherInfo->cxtime, 1.0); for (i = 0; i < cipherInfo->cxreps; i++) { SEED_DestroyContext(dummycx[i], PR_TRUE); } PORT_Free(dummycx); } if (encrypt) cipherInfo->cipher.symmkeyCipher = seed_Encrypt; else cipherInfo->cipher.symmkeyCipher = seed_Decrypt; return SECSuccess; } SECStatus bltest_chacha20_init(bltestCipherInfo *cipherInfo, PRBool encrypt) { const unsigned int tagLen = 16; const bltestSymmKeyParams *sk = &cipherInfo->params.sk; cipherInfo->cx = ChaCha20Poly1305_CreateContext(sk->key.buf.data, sk->key.buf.len, tagLen); if (encrypt) cipherInfo->cipher.aeadCipher = chacha20_poly1305_Encrypt; else cipherInfo->cipher.aeadCipher = chacha20_poly1305_Decrypt; return SECSuccess; } SECStatus bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) { int i; RSAPrivateKey **dummyKey; RSAPrivateKey *privKey; RSAPublicKey *pubKey; PRIntervalTime time1, time2; bltestAsymKeyParams *asymk = &cipherInfo->params.asymk; bltestRSAParams *rsap = &asymk->cipherParams.rsa; /* RSA key gen was done during parameter setup */ cipherInfo->cx = asymk; privKey = (RSAPrivateKey *)asymk->privKey; /* For performance testing */ if (cipherInfo->cxreps > 0) { /* Create space for n private key objects */ dummyKey = (RSAPrivateKey **)PORT_Alloc(cipherInfo->cxreps * sizeof(RSAPrivateKey *)); /* Time n keygens, storing in the array */ TIMESTART(); for (i = 0; i < cipherInfo->cxreps; i++) dummyKey[i] = RSA_NewKey(rsap->keysizeInBits, &privKey->publicExponent); TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps); /* Free the n key objects */ for (i = 0; i < cipherInfo->cxreps; i++) PORT_FreeArena(dummyKey[i]->arena, PR_TRUE); PORT_Free(dummyKey); } if ((encrypt && !is_sigCipher(cipherInfo->mode)) || (!encrypt && is_sigCipher(cipherInfo->mode))) { /* Have to convert private key to public key. Memory * is freed with private key's arena */ pubKey = (RSAPublicKey *)PORT_ArenaAlloc(privKey->arena, sizeof(RSAPublicKey)); pubKey->modulus.len = privKey->modulus.len; pubKey->modulus.data = privKey->modulus.data; pubKey->publicExponent.len = privKey->publicExponent.len; pubKey->publicExponent.data = privKey->publicExponent.data; asymk->pubKey = (void *)pubKey; } switch (cipherInfo->mode) { case bltestRSA: cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_PublicKeyOp : rsa_PrivateKeyOp; break; case bltestRSA_PSS: cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_signDigestPSS : rsa_verifyDigestPSS; break; case bltestRSA_OAEP: cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_encryptOAEP : rsa_decryptOAEP; break; default: break; } return SECSuccess; } SECStatus blapi_pqg_param_gen(unsigned int keysize, PQGParams **pqg, PQGVerify **vfy) { if (keysize < 1024) { int j = PQG_PBITS_TO_INDEX(keysize); return PQG_ParamGen(j, pqg, vfy); } return PQG_ParamGenV2(keysize, 0, 0, pqg, vfy); } SECStatus bltest_pqg_init(bltestDSAParams *dsap) { SECStatus rv, res; PQGVerify *vfy = NULL; rv = blapi_pqg_param_gen(dsap->keysize, &dsap->pqg, &vfy); CHECKERROR(rv, __LINE__); rv = PQG_VerifyParams(dsap->pqg, vfy, &res); CHECKERROR(res, __LINE__); CHECKERROR(rv, __LINE__); return rv; } SECStatus bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) { int i; DSAPrivateKey **dummyKey; PQGParams *dummypqg; PRIntervalTime time1, time2; bltestAsymKeyParams *asymk = &cipherInfo->params.asymk; bltestDSAParams *dsap = &asymk->cipherParams.dsa; PQGVerify *ignore = NULL; cipherInfo->cx = asymk; /* For performance testing */ if (cipherInfo->cxreps > 0) { /* Create space for n private key objects */ dummyKey = (DSAPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps * sizeof(DSAPrivateKey *)); /* Time n keygens, storing in the array */ TIMESTART(); for (i = 0; i < cipherInfo->cxreps; i++) { dummypqg = NULL; blapi_pqg_param_gen(dsap->keysize, &dummypqg, &ignore); DSA_NewKey(dummypqg, &dummyKey[i]); } TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps); /* Free the n key objects */ for (i = 0; i < cipherInfo->cxreps; i++) PORT_FreeArena(dummyKey[i]->params.arena, PR_TRUE); PORT_Free(dummyKey); } if (!dsap->pqg && dsap->pqgdata.buf.len > 0) { dsap->pqg = pqg_from_filedata(cipherInfo->arena, &dsap->pqgdata.buf); } if (!asymk->privKey && asymk->key.buf.len > 0) { asymk->privKey = dsakey_from_filedata(cipherInfo->arena, &asymk->key.buf); } if (encrypt) { cipherInfo->cipher.pubkeyCipher = dsa_signDigest; } else { /* Have to convert private key to public key. Memory * is freed with private key's arena */ DSAPublicKey *pubkey; DSAPrivateKey *key = (DSAPrivateKey *)asymk->privKey; pubkey = (DSAPublicKey *)PORT_ArenaZAlloc(key->params.arena, sizeof(DSAPublicKey)); pubkey->params.prime.len = key->params.prime.len; pubkey->params.prime.data = key->params.prime.data; pubkey->params.subPrime.len = key->params.subPrime.len; pubkey->params.subPrime.data = key->params.subPrime.data; pubkey->params.base.len = key->params.base.len; pubkey->params.base.data = key->params.base.data; pubkey->publicValue.len = key->publicValue.len; pubkey->publicValue.data = key->publicValue.data; asymk->pubKey = pubkey; cipherInfo->cipher.pubkeyCipher = dsa_verifyDigest; } return SECSuccess; } SECStatus bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) { int i; ECPrivateKey **dummyKey; PRIntervalTime time1, time2; bltestAsymKeyParams *asymk = &cipherInfo->params.asymk; cipherInfo->cx = asymk; /* For performance testing */ if (cipherInfo->cxreps > 0) { /* Create space for n private key objects */ dummyKey = (ECPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps * sizeof(ECPrivateKey *)); /* Time n keygens, storing in the array */ TIMESTART(); for (i = 0; i < cipherInfo->cxreps; i++) { EC_NewKey(&((ECPrivateKey *)asymk->privKey)->ecParams, &dummyKey[i]); } TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps); /* Free the n key objects */ for (i = 0; i < cipherInfo->cxreps; i++) PORT_FreeArena(dummyKey[i]->ecParams.arena, PR_TRUE); PORT_Free(dummyKey); } if (!asymk->privKey && asymk->key.buf.len > 0) { asymk->privKey = eckey_from_filedata(cipherInfo->arena, &asymk->key.buf); } if (encrypt) { cipherInfo->cipher.pubkeyCipher = ecdsa_signDigest; } else { /* Have to convert private key to public key. Memory * is freed with private key's arena */ ECPublicKey *pubkey; ECPrivateKey *key = (ECPrivateKey *)asymk->privKey; pubkey = (ECPublicKey *)PORT_ArenaZAlloc(key->ecParams.arena, sizeof(ECPublicKey)); pubkey->ecParams.type = key->ecParams.type; pubkey->ecParams.fieldID.size = key->ecParams.fieldID.size; pubkey->ecParams.fieldID.type = key->ecParams.fieldID.type; pubkey->ecParams.fieldID.u.prime.len = key->ecParams.fieldID.u.prime.len; pubkey->ecParams.fieldID.u.prime.data = key->ecParams.fieldID.u.prime.data; pubkey->ecParams.fieldID.k1 = key->ecParams.fieldID.k1; pubkey->ecParams.fieldID.k2 = key->ecParams.fieldID.k2; pubkey->ecParams.fieldID.k3 = key->ecParams.fieldID.k3; pubkey->ecParams.curve.a.len = key->ecParams.curve.a.len; pubkey->ecParams.curve.a.data = key->ecParams.curve.a.data; pubkey->ecParams.curve.b.len = key->ecParams.curve.b.len; pubkey->ecParams.curve.b.data = key->ecParams.curve.b.data; pubkey->ecParams.curve.seed.len = key->ecParams.curve.seed.len; pubkey->ecParams.curve.seed.data = key->ecParams.curve.seed.data; pubkey->ecParams.base.len = key->ecParams.base.len; pubkey->ecParams.base.data = key->ecParams.base.data; pubkey->ecParams.order.len = key->ecParams.order.len; pubkey->ecParams.order.data = key->ecParams.order.data; pubkey->ecParams.cofactor = key->ecParams.cofactor; pubkey->ecParams.DEREncoding.len = key->ecParams.DEREncoding.len; pubkey->ecParams.DEREncoding.data = key->ecParams.DEREncoding.data; pubkey->ecParams.name = key->ecParams.name; pubkey->publicValue.len = key->publicValue.len; pubkey->publicValue.data = key->publicValue.data; asymk->pubKey = pubkey; cipherInfo->cipher.pubkeyCipher = ecdsa_verifyDigest; } return SECSuccess; } /* XXX unfortunately, this is not defined in blapi.h */ SECStatus md2_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length) { unsigned int len; MD2Context *cx = MD2_NewContext(); if (cx == NULL) return SECFailure; MD2_Begin(cx); MD2_Update(cx, src, src_length); MD2_End(cx, dest, &len, MD2_LENGTH); MD2_DestroyContext(cx, PR_TRUE); return SECSuccess; } SECStatus md2_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length) { MD2Context *cx, *cx_cpy; unsigned char *cxbytes; unsigned int len; unsigned int i, quarter; SECStatus rv = SECSuccess; cx = MD2_NewContext(); MD2_Begin(cx); /* divide message by 4, restarting 3 times */ quarter = (src_length + 3) / 4; for (i = 0; i < 4 && src_length > 0; i++) { MD2_Update(cx, src + i * quarter, PR_MIN(quarter, src_length)); len = MD2_FlattenSize(cx); cxbytes = PORT_Alloc(len); MD2_Flatten(cx, cxbytes); cx_cpy = MD2_Resurrect(cxbytes, NULL); if (!cx_cpy) { PR_fprintf(PR_STDERR, "%s: MD2_Resurrect failed!\n", progName); goto finish; } rv = PORT_Memcmp(cx, cx_cpy, len); if (rv) { MD2_DestroyContext(cx_cpy, PR_TRUE); PR_fprintf(PR_STDERR, "%s: MD2_restart failed!\n", progName); goto finish; } MD2_DestroyContext(cx_cpy, PR_TRUE); PORT_Free(cxbytes); src_length -= quarter; } MD2_End(cx, dest, &len, MD2_LENGTH); finish: MD2_DestroyContext(cx, PR_TRUE); return rv; } SECStatus md5_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length) { SECStatus rv = SECSuccess; MD5Context *cx, *cx_cpy; unsigned char *cxbytes; unsigned int len; unsigned int i, quarter; cx = MD5_NewContext(); MD5_Begin(cx); /* divide message by 4, restarting 3 times */ quarter = (src_length + 3) / 4; for (i = 0; i < 4 && src_length > 0; i++) { MD5_Update(cx, src + i * quarter, PR_MIN(quarter, src_length)); len = MD5_FlattenSize(cx); cxbytes = PORT_Alloc(len); MD5_Flatten(cx, cxbytes); cx_cpy = MD5_Resurrect(cxbytes, NULL); if (!cx_cpy) { PR_fprintf(PR_STDERR, "%s: MD5_Resurrect failed!\n", progName); rv = SECFailure; goto finish; } rv = PORT_Memcmp(cx, cx_cpy, len); if (rv) { MD5_DestroyContext(cx_cpy, PR_TRUE); PR_fprintf(PR_STDERR, "%s: MD5_restart failed!\n", progName); goto finish; } MD5_DestroyContext(cx_cpy, PR_TRUE); PORT_Free(cxbytes); src_length -= quarter; } MD5_End(cx, dest, &len, MD5_LENGTH); finish: MD5_DestroyContext(cx, PR_TRUE); return rv; } SECStatus sha1_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length) { SECStatus rv = SECSuccess; SHA1Context *cx, *cx_cpy; unsigned char *cxbytes; unsigned int len; unsigned int i, quarter; cx = SHA1_NewContext(); SHA1_Begin(cx); /* divide message by 4, restarting 3 times */ quarter = (src_length + 3) / 4; for (i = 0; i < 4 && src_length > 0; i++) { SHA1_Update(cx, src + i * quarter, PR_MIN(quarter, src_length)); len = SHA1_FlattenSize(cx); cxbytes = PORT_Alloc(len); SHA1_Flatten(cx, cxbytes); cx_cpy = SHA1_Resurrect(cxbytes, NULL); if (!cx_cpy) { PR_fprintf(PR_STDERR, "%s: SHA1_Resurrect failed!\n", progName); rv = SECFailure; goto finish; } rv = PORT_Memcmp(cx, cx_cpy, len); if (rv) { SHA1_DestroyContext(cx_cpy, PR_TRUE); PR_fprintf(PR_STDERR, "%s: SHA1_restart failed!\n", progName); goto finish; } SHA1_DestroyContext(cx_cpy, PR_TRUE); PORT_Free(cxbytes); src_length -= quarter; } SHA1_End(cx, dest, &len, MD5_LENGTH); finish: SHA1_DestroyContext(cx, PR_TRUE); return rv; } SECStatus SHA224_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length) { SECStatus rv = SECSuccess; SHA224Context *cx, *cx_cpy; unsigned char *cxbytes; unsigned int len; unsigned int i, quarter; cx = SHA224_NewContext(); SHA224_Begin(cx); /* divide message by 4, restarting 3 times */ quarter = (src_length + 3) / 4; for (i = 0; i < 4 && src_length > 0; i++) { SHA224_Update(cx, src + i * quarter, PR_MIN(quarter, src_length)); len = SHA224_FlattenSize(cx); cxbytes = PORT_Alloc(len); SHA224_Flatten(cx, cxbytes); cx_cpy = SHA224_Resurrect(cxbytes, NULL); if (!cx_cpy) { PR_fprintf(PR_STDERR, "%s: SHA224_Resurrect failed!\n", progName); rv = SECFailure; goto finish; } rv = PORT_Memcmp(cx, cx_cpy, len); if (rv) { SHA224_DestroyContext(cx_cpy, PR_TRUE); PR_fprintf(PR_STDERR, "%s: SHA224_restart failed!\n", progName); goto finish; } SHA224_DestroyContext(cx_cpy, PR_TRUE); PORT_Free(cxbytes); src_length -= quarter; } SHA224_End(cx, dest, &len, MD5_LENGTH); finish: SHA224_DestroyContext(cx, PR_TRUE); return rv; } SECStatus SHA256_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length) { SECStatus rv = SECSuccess; SHA256Context *cx, *cx_cpy; unsigned char *cxbytes; unsigned int len; unsigned int i, quarter; cx = SHA256_NewContext(); SHA256_Begin(cx); /* divide message by 4, restarting 3 times */ quarter = (src_length + 3) / 4; for (i = 0; i < 4 && src_length > 0; i++) { SHA256_Update(cx, src + i * quarter, PR_MIN(quarter, src_length)); len = SHA256_FlattenSize(cx); cxbytes = PORT_Alloc(len); SHA256_Flatten(cx, cxbytes); cx_cpy = SHA256_Resurrect(cxbytes, NULL); if (!cx_cpy) { PR_fprintf(PR_STDERR, "%s: SHA256_Resurrect failed!\n", progName); rv = SECFailure; goto finish; } rv = PORT_Memcmp(cx, cx_cpy, len); if (rv) { SHA256_DestroyContext(cx_cpy, PR_TRUE); PR_fprintf(PR_STDERR, "%s: SHA256_restart failed!\n", progName); goto finish; } SHA256_DestroyContext(cx_cpy, PR_TRUE); PORT_Free(cxbytes); src_length -= quarter; } SHA256_End(cx, dest, &len, MD5_LENGTH); finish: SHA256_DestroyContext(cx, PR_TRUE); return rv; } SECStatus SHA384_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length) { SECStatus rv = SECSuccess; SHA384Context *cx, *cx_cpy; unsigned char *cxbytes; unsigned int len; unsigned int i, quarter; cx = SHA384_NewContext(); SHA384_Begin(cx); /* divide message by 4, restarting 3 times */ quarter = (src_length + 3) / 4; for (i = 0; i < 4 && src_length > 0; i++) { SHA384_Update(cx, src + i * quarter, PR_MIN(quarter, src_length)); len = SHA384_FlattenSize(cx); cxbytes = PORT_Alloc(len); SHA384_Flatten(cx, cxbytes); cx_cpy = SHA384_Resurrect(cxbytes, NULL); if (!cx_cpy) { PR_fprintf(PR_STDERR, "%s: SHA384_Resurrect failed!\n", progName); rv = SECFailure; goto finish; } rv = PORT_Memcmp(cx, cx_cpy, len); if (rv) { SHA384_DestroyContext(cx_cpy, PR_TRUE); PR_fprintf(PR_STDERR, "%s: SHA384_restart failed!\n", progName); goto finish; } SHA384_DestroyContext(cx_cpy, PR_TRUE); PORT_Free(cxbytes); src_length -= quarter; } SHA384_End(cx, dest, &len, MD5_LENGTH); finish: SHA384_DestroyContext(cx, PR_TRUE); return rv; } SECStatus SHA512_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length) { SECStatus rv = SECSuccess; SHA512Context *cx, *cx_cpy; unsigned char *cxbytes; unsigned int len; unsigned int i, quarter; cx = SHA512_NewContext(); SHA512_Begin(cx); /* divide message by 4, restarting 3 times */ quarter = (src_length + 3) / 4; for (i = 0; i < 4 && src_length > 0; i++) { SHA512_Update(cx, src + i * quarter, PR_MIN(quarter, src_length)); len = SHA512_FlattenSize(cx); cxbytes = PORT_Alloc(len); SHA512_Flatten(cx, cxbytes); cx_cpy = SHA512_Resurrect(cxbytes, NULL); if (!cx_cpy) { PR_fprintf(PR_STDERR, "%s: SHA512_Resurrect failed!\n", progName); rv = SECFailure; goto finish; } rv = PORT_Memcmp(cx, cx_cpy, len); if (rv) { SHA512_DestroyContext(cx_cpy, PR_TRUE); PR_fprintf(PR_STDERR, "%s: SHA512_restart failed!\n", progName); goto finish; } SHA512_DestroyContext(cx_cpy, PR_TRUE); PORT_Free(cxbytes); src_length -= quarter; } SHA512_End(cx, dest, &len, MD5_LENGTH); finish: SHA512_DestroyContext(cx, PR_TRUE); return rv; } SECStatus pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file, int keysize, int exponent, char *curveName) { int i; SECStatus rv = SECSuccess; bltestAsymKeyParams *asymk = &cipherInfo->params.asymk; bltestRSAParams *rsap; RSAPrivateKey **rsaKey = NULL; bltestDSAParams *dsap; DSAPrivateKey **dsaKey = NULL; SECItem *tmpECParamsDER; ECParams *tmpECParams = NULL; SECItem ecSerialize[3]; ECPrivateKey **ecKey = NULL; switch (cipherInfo->mode) { case bltestRSA: case bltestRSA_PSS: case bltestRSA_OAEP: rsap = &asymk->cipherParams.rsa; rsaKey = (RSAPrivateKey **)&asymk->privKey; if (keysize > 0) { SECItem expitem = { 0, 0, 0 }; SECITEM_AllocItem(cipherInfo->arena, &expitem, sizeof(int)); for (i = 1; i <= sizeof(int); i++) expitem.data[i - 1] = exponent >> (8 * (sizeof(int) - i)); *rsaKey = RSA_NewKey(keysize * 8, &expitem); serialize_key(&(*rsaKey)->version, 9, file); rsap->keysizeInBits = keysize * 8; } else { setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0); *rsaKey = rsakey_from_filedata(cipherInfo->arena, &asymk->key.buf); rsap->keysizeInBits = (*rsaKey)->modulus.len * 8; } break; case bltestDSA: dsap = &asymk->cipherParams.dsa; dsaKey = (DSAPrivateKey **)&asymk->privKey; if (keysize > 0) { dsap->keysize = keysize * 8; if (!dsap->pqg) bltest_pqg_init(dsap); rv = DSA_NewKey(dsap->pqg, dsaKey); CHECKERROR(rv, __LINE__); serialize_key(&(*dsaKey)->params.prime, 5, file); } else { setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0); *dsaKey = dsakey_from_filedata(cipherInfo->arena, &asymk->key.buf); dsap->keysize = (*dsaKey)->params.prime.len * 8; } break; case bltestECDSA: ecKey = (ECPrivateKey **)&asymk->privKey; if (curveName != NULL) { tmpECParamsDER = getECParams(curveName); rv = SECOID_Init(); CHECKERROR(rv, __LINE__); rv = EC_DecodeParams(tmpECParamsDER, &tmpECParams) == SECFailure; CHECKERROR(rv, __LINE__); rv = EC_NewKey(tmpECParams, ecKey); CHECKERROR(rv, __LINE__); ecSerialize[0].type = tmpECParamsDER->type; ecSerialize[0].data = tmpECParamsDER->data; ecSerialize[0].len = tmpECParamsDER->len; ecSerialize[1].type = (*ecKey)->publicValue.type; ecSerialize[1].data = (*ecKey)->publicValue.data; ecSerialize[1].len = (*ecKey)->publicValue.len; ecSerialize[2].type = (*ecKey)->privateValue.type; ecSerialize[2].data = (*ecKey)->privateValue.data; ecSerialize[2].len = (*ecKey)->privateValue.len; serialize_key(&(ecSerialize[0]), 3, file); SECITEM_FreeItem(tmpECParamsDER, PR_TRUE); PORT_FreeArena(tmpECParams->arena, PR_TRUE); rv = SECOID_Shutdown(); CHECKERROR(rv, __LINE__); } else { setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0); *ecKey = eckey_from_filedata(cipherInfo->arena, &asymk->key.buf); } break; default: return SECFailure; } return SECSuccess; } SECStatus cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt) { PRBool restart; int outlen; switch (cipherInfo->mode) { case bltestDES_ECB: case bltestDES_CBC: case bltestDES_EDE_ECB: case bltestDES_EDE_CBC: SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, cipherInfo->input.pBuf.len); return bltest_des_init(cipherInfo, encrypt); break; case bltestRC2_ECB: case bltestRC2_CBC: SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, cipherInfo->input.pBuf.len); return bltest_rc2_init(cipherInfo, encrypt); break; case bltestRC4: SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, cipherInfo->input.pBuf.len); return bltest_rc4_init(cipherInfo, encrypt); break; #ifdef NSS_SOFTOKEN_DOES_RC5 case bltestRC5_ECB: case bltestRC5_CBC: SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, cipherInfo->input.pBuf.len); #endif return bltest_rc5_init(cipherInfo, encrypt); break; case bltestAES_ECB: case bltestAES_CBC: case bltestAES_CTS: case bltestAES_CTR: case bltestAES_GCM: outlen = cipherInfo->input.pBuf.len; if (cipherInfo->mode == bltestAES_GCM && encrypt) { outlen += 16; } SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, outlen); return bltest_aes_init(cipherInfo, encrypt); break; case bltestCAMELLIA_ECB: case bltestCAMELLIA_CBC: SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, cipherInfo->input.pBuf.len); return bltest_camellia_init(cipherInfo, encrypt); break; case bltestSEED_ECB: case bltestSEED_CBC: SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, cipherInfo->input.pBuf.len); return bltest_seed_init(cipherInfo, encrypt); break; case bltestCHACHA20: outlen = cipherInfo->input.pBuf.len + (encrypt ? 16 : 0); SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, outlen); return bltest_chacha20_init(cipherInfo, encrypt); break; case bltestRSA: case bltestRSA_OAEP: case bltestRSA_PSS: if (encrypt || cipherInfo->mode != bltestRSA_PSS) { /* Don't allocate a buffer for PSS in verify mode, as no actual * output is produced. */ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, RSA_MAX_MODULUS_BITS / 8); } return bltest_rsa_init(cipherInfo, encrypt); break; case bltestDSA: if (encrypt) { SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, DSA_MAX_SIGNATURE_LEN); } return bltest_dsa_init(cipherInfo, encrypt); break; case bltestECDSA: if (encrypt) { SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, 2 * MAX_ECKEY_LEN); } return bltest_ecdsa_init(cipherInfo, encrypt); break; case bltestMD2: restart = cipherInfo->params.hash.restart; SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, MD2_LENGTH); cipherInfo->cipher.hashCipher = (restart) ? md2_restart : md2_HashBuf; return SECSuccess; break; case bltestMD5: restart = cipherInfo->params.hash.restart; SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, MD5_LENGTH); cipherInfo->cipher.hashCipher = (restart) ? md5_restart : MD5_HashBuf; return SECSuccess; break; case bltestSHA1: restart = cipherInfo->params.hash.restart; SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, SHA1_LENGTH); cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf; return SECSuccess; break; case bltestSHA224: restart = cipherInfo->params.hash.restart; SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, SHA224_LENGTH); cipherInfo->cipher.hashCipher = (restart) ? SHA224_restart : SHA224_HashBuf; return SECSuccess; break; case bltestSHA256: restart = cipherInfo->params.hash.restart; SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, SHA256_LENGTH); cipherInfo->cipher.hashCipher = (restart) ? SHA256_restart : SHA256_HashBuf; return SECSuccess; break; case bltestSHA384: restart = cipherInfo->params.hash.restart; SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, SHA384_LENGTH); cipherInfo->cipher.hashCipher = (restart) ? SHA384_restart : SHA384_HashBuf; return SECSuccess; break; case bltestSHA512: restart = cipherInfo->params.hash.restart; SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, SHA512_LENGTH); cipherInfo->cipher.hashCipher = (restart) ? SHA512_restart : SHA512_HashBuf; return SECSuccess; break; default: return SECFailure; } return SECSuccess; } SECStatus cipherDoOp(bltestCipherInfo *cipherInfo) { PRIntervalTime time1, time2; SECStatus rv = SECSuccess; int i; unsigned int len; unsigned int maxLen = cipherInfo->output.pBuf.len; unsigned char *dummyOut; dummyOut = PORT_Alloc(maxLen); if (is_symmkeyCipher(cipherInfo->mode)) { const unsigned char *input = cipherInfo->input.pBuf.data; unsigned int inputLen = is_singleShotCipher(cipherInfo->mode) ? cipherInfo->input.pBuf.len : PR_MIN(cipherInfo->input.pBuf.len, 16); unsigned char *output = cipherInfo->output.pBuf.data; unsigned int outputLen = maxLen; unsigned int totalOutputLen = 0; TIMESTART(); rv = (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx, output, &len, outputLen, input, inputLen); CHECKERROR(rv, __LINE__); totalOutputLen += len; if (cipherInfo->input.pBuf.len > inputLen) { input += inputLen; inputLen = cipherInfo->input.pBuf.len - inputLen; output += len; outputLen -= len; rv = (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx, output, &len, outputLen, input, inputLen); CHECKERROR(rv, __LINE__); totalOutputLen += len; } cipherInfo->output.pBuf.len = totalOutputLen; TIMEFINISH(cipherInfo->optime, 1.0); cipherInfo->repetitions = 0; if (cipherInfo->repetitionsToPerfom != 0) { TIMESTART(); for (i = 0; i < cipherInfo->repetitionsToPerfom; i++, cipherInfo->repetitions++) { (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx, dummyOut, &len, maxLen, cipherInfo->input.pBuf.data, cipherInfo->input.pBuf.len); CHECKERROR(rv, __LINE__); } } else { int opsBetweenChecks = 0; TIMEMARK(cipherInfo->seconds); while (!(TIMETOFINISH())) { int j = 0; for (; j < opsBetweenChecks; j++) { (*cipherInfo->cipher.symmkeyCipher)( cipherInfo->cx, dummyOut, &len, maxLen, cipherInfo->input.pBuf.data, cipherInfo->input.pBuf.len); } cipherInfo->repetitions += j; } } TIMEFINISH(cipherInfo->optime, 1.0); } else if (is_aeadCipher(cipherInfo->mode)) { const unsigned char *input = cipherInfo->input.pBuf.data; unsigned int inputLen = cipherInfo->input.pBuf.len; unsigned char *output = cipherInfo->output.pBuf.data; unsigned int outputLen; bltestSymmKeyParams *sk = &cipherInfo->params.sk; bltestAuthSymmKeyParams *ask = &cipherInfo->params.ask; TIMESTART(); rv = (*cipherInfo->cipher.aeadCipher)( cipherInfo->cx, output, &outputLen, maxLen, input, inputLen, sk->iv.buf.data, sk->iv.buf.len, ask->aad.buf.data, ask->aad.buf.len); CHECKERROR(rv, __LINE__); cipherInfo->output.pBuf.len = outputLen; TIMEFINISH(cipherInfo->optime, 1.0); cipherInfo->repetitions = 0; if (cipherInfo->repetitionsToPerfom != 0) { TIMESTART(); for (i = 0; i < cipherInfo->repetitionsToPerfom; i++, cipherInfo->repetitions++) { rv = (*cipherInfo->cipher.aeadCipher)( cipherInfo->cx, output, &outputLen, maxLen, input, inputLen, sk->iv.buf.data, sk->iv.buf.len, ask->aad.buf.data, ask->aad.buf.len); CHECKERROR(rv, __LINE__); } } else { int opsBetweenChecks = 0; TIMEMARK(cipherInfo->seconds); while (!(TIMETOFINISH())) { int j = 0; for (; j < opsBetweenChecks; j++) { (*cipherInfo->cipher.aeadCipher)( cipherInfo->cx, output, &outputLen, maxLen, input, inputLen, sk->iv.buf.data, sk->iv.buf.len, ask->aad.buf.data, ask->aad.buf.len); } cipherInfo->repetitions += j; } } TIMEFINISH(cipherInfo->optime, 1.0); } else if (is_pubkeyCipher(cipherInfo->mode)) { TIMESTART(); rv = (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, &cipherInfo->output.pBuf, &cipherInfo->input.pBuf); TIMEFINISH(cipherInfo->optime, 1.0); CHECKERROR(rv, __LINE__); cipherInfo->repetitions = 0; if (cipherInfo->repetitionsToPerfom != 0) { TIMESTART(); for (i = 0; i < cipherInfo->repetitionsToPerfom; i++, cipherInfo->repetitions++) { SECItem dummy; dummy.data = dummyOut; dummy.len = maxLen; (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, &dummy, &cipherInfo->input.pBuf); CHECKERROR(rv, __LINE__); } } else { int opsBetweenChecks = 0; TIMEMARK(cipherInfo->seconds); while (!(TIMETOFINISH())) { int j = 0; for (; j < opsBetweenChecks; j++) { SECItem dummy; dummy.data = dummyOut; dummy.len = maxLen; (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, &dummy, &cipherInfo->input.pBuf); CHECKERROR(rv, __LINE__); } cipherInfo->repetitions += j; } } TIMEFINISH(cipherInfo->optime, 1.0); } else if (is_hashCipher(cipherInfo->mode)) { TIMESTART(); rv = (*cipherInfo->cipher.hashCipher)(cipherInfo->output.pBuf.data, cipherInfo->input.pBuf.data, cipherInfo->input.pBuf.len); TIMEFINISH(cipherInfo->optime, 1.0); CHECKERROR(rv, __LINE__); cipherInfo->repetitions = 0; if (cipherInfo->repetitionsToPerfom != 0) { TIMESTART(); for (i = 0; i < cipherInfo->repetitionsToPerfom; i++, cipherInfo->repetitions++) { (*cipherInfo->cipher.hashCipher)(dummyOut, cipherInfo->input.pBuf.data, cipherInfo->input.pBuf.len); CHECKERROR(rv, __LINE__); } } else { int opsBetweenChecks = 0; TIMEMARK(cipherInfo->seconds); while (!(TIMETOFINISH())) { int j = 0; for (; j < opsBetweenChecks; j++) { bltestIO *input = &cipherInfo->input; (*cipherInfo->cipher.hashCipher)(dummyOut, input->pBuf.data, input->pBuf.len); CHECKERROR(rv, __LINE__); } cipherInfo->repetitions += j; } } TIMEFINISH(cipherInfo->optime, 1.0); } PORT_Free(dummyOut); return rv; } SECStatus cipherFinish(bltestCipherInfo *cipherInfo) { SECStatus rv = SECSuccess; switch (cipherInfo->mode) { case bltestDES_ECB: case bltestDES_CBC: case bltestDES_EDE_ECB: case bltestDES_EDE_CBC: DES_DestroyContext((DESContext *)cipherInfo->cx, PR_TRUE); break; case bltestAES_GCM: case bltestAES_ECB: case bltestAES_CBC: case bltestAES_CTS: case bltestAES_CTR: AES_DestroyContext((AESContext *)cipherInfo->cx, PR_TRUE); break; case bltestCAMELLIA_ECB: case bltestCAMELLIA_CBC: Camellia_DestroyContext((CamelliaContext *)cipherInfo->cx, PR_TRUE); break; case bltestSEED_ECB: case bltestSEED_CBC: SEED_DestroyContext((SEEDContext *)cipherInfo->cx, PR_TRUE); break; case bltestCHACHA20: ChaCha20Poly1305_DestroyContext((ChaCha20Poly1305Context *) cipherInfo->cx, PR_TRUE); break; case bltestRC2_ECB: case bltestRC2_CBC: RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE); break; case bltestRC4: RC4_DestroyContext((RC4Context *)cipherInfo->cx, PR_TRUE); break; #ifdef NSS_SOFTOKEN_DOES_RC5 case bltestRC5_ECB: case bltestRC5_CBC: RC5_DestroyContext((RC5Context *)cipherInfo->cx, PR_TRUE); break; #endif case bltestRSA: /* keys are alloc'ed within cipherInfo's arena, */ case bltestRSA_PSS: /* will be freed with it. */ case bltestRSA_OAEP: case bltestDSA: case bltestECDSA: case bltestMD2: /* hash contexts are ephemeral */ case bltestMD5: case bltestSHA1: case bltestSHA224: case bltestSHA256: case bltestSHA384: case bltestSHA512: return SECSuccess; break; default: return SECFailure; } return rv; } void print_exponent(SECItem *exp) { int i; int e = 0; if (exp->len <= 4) { for (i = exp->len; i >= 0; --i) e |= exp->data[exp->len - i] << 8 * (i - 1); fprintf(stdout, "%12d", e); } else { e = 8 * exp->len; fprintf(stdout, "~2**%-8d", e); } } static void splitToReportUnit(PRInt64 res, int *resArr, int *del, int size) { PRInt64 remaining = res, tmp = 0; PRInt64 Ldel; int i = -1; while (remaining > 0 && ++i < size) { LL_I2L(Ldel, del[i]); LL_MOD(tmp, remaining, Ldel); LL_L2I(resArr[i], tmp); LL_DIV(remaining, remaining, Ldel); } } static char * getHighUnitBytes(PRInt64 res) { int spl[] = { 0, 0, 0, 0 }; int del[] = { 1024, 1024, 1024, 1024 }; char *marks[] = { "b", "Kb", "Mb", "Gb" }; int i = 3; splitToReportUnit(res, spl, del, 4); for (; i > 0; i--) { if (spl[i] != 0) { break; } } return PR_smprintf("%d%s", spl[i], marks[i]); } static void printPR_smpString(const char *sformat, char *reportStr, const char *nformat, PRInt64 rNum) { if (reportStr) { fprintf(stdout, sformat, reportStr); PR_smprintf_free(reportStr); } else { fprintf(stdout, nformat, rNum); } } static char * getHighUnitOps(PRInt64 res) { int spl[] = { 0, 0, 0, 0 }; int del[] = { 1000, 1000, 1000, 1000 }; char *marks[] = { "", "T", "M", "B" }; int i = 3; splitToReportUnit(res, spl, del, 4); for (; i > 0; i--) { if (spl[i] != 0) { break; } } return PR_smprintf("%d%s", spl[i], marks[i]); } void dump_performance_info(bltestCipherInfo *infoList, double totalTimeInt, PRBool encrypt, PRBool cxonly) { bltestCipherInfo *info = infoList; PRInt64 totalIn = 0; PRBool td = PR_TRUE; int repetitions = 0; int cxreps = 0; double cxtime = 0; double optime = 0; while (info != NULL) { repetitions += info->repetitions; cxreps += info->cxreps; cxtime += info->cxtime; optime += info->optime; totalIn += (PRInt64)info->input.buf.len * (PRInt64)info->repetitions; info = info->next; } info = infoList; fprintf(stdout, "#%9s", "mode"); fprintf(stdout, "%12s", "in"); print_td: switch (info->mode) { case bltestDES_ECB: case bltestDES_CBC: case bltestDES_EDE_ECB: case bltestDES_EDE_CBC: case bltestAES_ECB: case bltestAES_CBC: case bltestAES_CTS: case bltestAES_CTR: case bltestAES_GCM: case bltestCAMELLIA_ECB: case bltestCAMELLIA_CBC: case bltestSEED_ECB: case bltestSEED_CBC: case bltestRC2_ECB: case bltestRC2_CBC: case bltestRC4: if (td) fprintf(stdout, "%8s", "symmkey"); else fprintf(stdout, "%8d", 8 * info->params.sk.key.buf.len); break; #ifdef NSS_SOFTOKEN_DOES_RC5 case bltestRC5_ECB: case bltestRC5_CBC: if (info->params.sk.key.buf.len > 0) printf("symmetric key(bytes)=%d,", info->params.sk.key.buf.len); if (info->rounds > 0) printf("rounds=%d,", info->params.rc5.rounds); if (info->wordsize > 0) printf("wordsize(bytes)=%d,", info->params.rc5.wordsize); break; #endif case bltestRSA: case bltestRSA_PSS: case bltestRSA_OAEP: if (td) { fprintf(stdout, "%8s", "rsa_mod"); fprintf(stdout, "%12s", "rsa_pe"); } else { bltestAsymKeyParams *asymk = &info->params.asymk; fprintf(stdout, "%8d", asymk->cipherParams.rsa.keysizeInBits); print_exponent( &((RSAPrivateKey *)asymk->privKey)->publicExponent); } break; case bltestDSA: if (td) { fprintf(stdout, "%8s", "pqg_mod"); } else { fprintf(stdout, "%8d", info->params.asymk.cipherParams.dsa.keysize); } break; case bltestECDSA: if (td) { fprintf(stdout, "%12s", "ec_curve"); } else { ECPrivateKey *key = (ECPrivateKey *)info->params.asymk.privKey; ECCurveName curveName = key->ecParams.name; fprintf(stdout, "%12s", ecCurve_map[curveName] ? ecCurve_map[curveName]->text : "Unsupported curve"); } break; case bltestMD2: case bltestMD5: case bltestSHA1: case bltestSHA256: case bltestSHA384: case bltestSHA512: default: break; } if (!td) { PRInt64 totalThroughPut; printPR_smpString("%8s", getHighUnitOps(repetitions), "%8d", repetitions); printPR_smpString("%8s", getHighUnitOps(cxreps), "%8d", cxreps); fprintf(stdout, "%12.3f", cxtime); fprintf(stdout, "%12.3f", optime); fprintf(stdout, "%12.03f", totalTimeInt / 1000); totalThroughPut = (PRInt64)(totalIn / totalTimeInt * 1000); printPR_smpString("%12s", getHighUnitBytes(totalThroughPut), "%12d", totalThroughPut); fprintf(stdout, "\n"); return; } fprintf(stdout, "%8s", "opreps"); fprintf(stdout, "%8s", "cxreps"); fprintf(stdout, "%12s", "context"); fprintf(stdout, "%12s", "op"); fprintf(stdout, "%12s", "time(sec)"); fprintf(stdout, "%12s", "thrgput"); fprintf(stdout, "\n"); fprintf(stdout, "%8s", mode_strings[info->mode]); fprintf(stdout, "_%c", (cxonly) ? 'c' : (encrypt) ? 'e' : 'd'); printPR_smpString("%12s", getHighUnitBytes(totalIn), "%12d", totalIn); td = !td; goto print_td; } void printmodes() { bltestCipherMode mode; int nummodes = sizeof(mode_strings) / sizeof(char *); fprintf(stderr, "%s: Available modes (specify with -m):\n", progName); for (mode = 0; mode < nummodes; mode++) fprintf(stderr, "%s\n", mode_strings[mode]); } bltestCipherMode get_mode(const char *modestring) { bltestCipherMode mode; int nummodes = sizeof(mode_strings) / sizeof(char *); for (mode = 0; mode < nummodes; mode++) if (PL_strcmp(modestring, mode_strings[mode]) == 0) return mode; fprintf(stderr, "%s: invalid mode: %s\n", progName, modestring); return bltestINVALID; } void load_file_data(PLArenaPool *arena, bltestIO *data, char *fn, bltestIOMode ioMode) { PRFileDesc *file; data->mode = ioMode; data->file = NULL; /* don't use -- not saving anything */ data->pBuf.data = NULL; data->pBuf.len = 0; file = PR_Open(fn, PR_RDONLY, 00660); if (file) { setupIO(arena, data, file, NULL, 0); PR_Close(file); } } HASH_HashType mode_str_to_hash_alg(const SECItem *modeStr) { bltestCipherMode mode; char *tempModeStr = NULL; if (!modeStr || modeStr->len == 0) return HASH_AlgNULL; tempModeStr = PORT_Alloc(modeStr->len + 1); if (!tempModeStr) return HASH_AlgNULL; memcpy(tempModeStr, modeStr->data, modeStr->len); tempModeStr[modeStr->len] = '\0'; mode = get_mode(tempModeStr); PORT_Free(tempModeStr); switch (mode) { case bltestMD2: return HASH_AlgMD2; case bltestMD5: return HASH_AlgMD5; case bltestSHA1: return HASH_AlgSHA1; case bltestSHA224: return HASH_AlgSHA224; case bltestSHA256: return HASH_AlgSHA256; case bltestSHA384: return HASH_AlgSHA384; case bltestSHA512: return HASH_AlgSHA512; default: return HASH_AlgNULL; } } void get_params(PLArenaPool *arena, bltestParams *params, bltestCipherMode mode, int j) { char filename[256]; char *modestr = mode_strings[mode]; bltestIO tempIO; #ifdef NSS_SOFTOKEN_DOES_RC5 FILE *file; char *mark, *param, *val; int index = 0; #endif switch (mode) { case bltestAES_GCM: case bltestCHACHA20: sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "aad", j); load_file_data(arena, ¶ms->ask.aad, filename, bltestBinary); case bltestDES_CBC: case bltestDES_EDE_CBC: case bltestRC2_CBC: case bltestAES_CBC: case bltestAES_CTS: case bltestAES_CTR: case bltestCAMELLIA_CBC: case bltestSEED_CBC: sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j); load_file_data(arena, ¶ms->sk.iv, filename, bltestBinary); case bltestDES_ECB: case bltestDES_EDE_ECB: case bltestRC2_ECB: case bltestRC4: case bltestAES_ECB: case bltestCAMELLIA_ECB: case bltestSEED_ECB: sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); load_file_data(arena, ¶ms->sk.key, filename, bltestBinary); break; #ifdef NSS_SOFTOKEN_DOES_RC5 case bltestRC5_ECB: case bltestRC5_CBC: sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j); load_file_data(arena, ¶ms->sk.iv, filename, bltestBinary); sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); load_file_data(arena, ¶ms->sk.key, filename, bltestBinary); sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "params", j); file = fopen(filename, "r"); if (!file) return; param = malloc(100); len = fread(param, 1, 100, file); while (index < len) { mark = PL_strchr(param, '='); *mark = '\0'; val = mark + 1; mark = PL_strchr(val, '\n'); *mark = '\0'; if (PL_strcmp(param, "rounds") == 0) { params->rc5.rounds = atoi(val); } else if (PL_strcmp(param, "wordsize") == 0) { params->rc5.wordsize = atoi(val); } index += PL_strlen(param) + PL_strlen(val) + 2; param = mark + 1; } break; #endif case bltestRSA_PSS: sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j); load_file_data(arena, ¶ms->asymk.sig, filename, bltestBase64Encoded); /* fall through */ case bltestRSA_OAEP: sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "seed", j); load_file_data(arena, ¶ms->asymk.cipherParams.rsa.seed, filename, bltestBase64Encoded); sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "hash", j); load_file_data(arena, &tempIO, filename, bltestBinary); params->asymk.cipherParams.rsa.hashAlg = mode_str_to_hash_alg(&tempIO.buf); sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "maskhash", j); load_file_data(arena, &tempIO, filename, bltestBinary); params->asymk.cipherParams.rsa.maskHashAlg = mode_str_to_hash_alg(&tempIO.buf); /* fall through */ case bltestRSA: sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); load_file_data(arena, ¶ms->asymk.key, filename, bltestBase64Encoded); params->asymk.privKey = (void *)rsakey_from_filedata(arena, ¶ms->asymk.key.buf); break; case bltestDSA: sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); load_file_data(arena, ¶ms->asymk.key, filename, bltestBase64Encoded); params->asymk.privKey = (void *)dsakey_from_filedata(arena, ¶ms->asymk.key.buf); sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "pqg", j); load_file_data(arena, ¶ms->asymk.cipherParams.dsa.pqgdata, filename, bltestBase64Encoded); params->asymk.cipherParams.dsa.pqg = pqg_from_filedata(arena, ¶ms->asymk.cipherParams.dsa.pqgdata.buf); sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "keyseed", j); load_file_data(arena, ¶ms->asymk.cipherParams.dsa.keyseed, filename, bltestBase64Encoded); sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j); load_file_data(arena, ¶ms->asymk.cipherParams.dsa.sigseed, filename, bltestBase64Encoded); sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j); load_file_data(arena, ¶ms->asymk.sig, filename, bltestBase64Encoded); break; case bltestECDSA: sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); load_file_data(arena, ¶ms->asymk.key, filename, bltestBase64Encoded); params->asymk.privKey = (void *)eckey_from_filedata(arena, ¶ms->asymk.key.buf); sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j); load_file_data(arena, ¶ms->asymk.cipherParams.ecdsa.sigseed, filename, bltestBase64Encoded); sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j); load_file_data(arena, ¶ms->asymk.sig, filename, bltestBase64Encoded); break; case bltestMD2: case bltestMD5: case bltestSHA1: case bltestSHA224: case bltestSHA256: case bltestSHA384: case bltestSHA512: /*params->hash.restart = PR_TRUE;*/ params->hash.restart = PR_FALSE; break; default: break; } } SECStatus verify_self_test(bltestIO *result, bltestIO *cmp, bltestCipherMode mode, PRBool forward, SECStatus sigstatus) { PRBool equal; char *modestr = mode_strings[mode]; equal = SECITEM_ItemsAreEqual(&result->pBuf, &cmp->buf); if (is_sigCipher(mode)) { if (forward) { if (equal) { printf("Signature self-test for %s passed.\n", modestr); } else { printf("Signature self-test for %s failed!\n", modestr); } return equal ? SECSuccess : SECFailure; } else { if (sigstatus == SECSuccess) { printf("Verification self-test for %s passed.\n", modestr); } else { printf("Verification self-test for %s failed!\n", modestr); } return sigstatus; } } else if (is_hashCipher(mode)) { if (equal) { printf("Hash self-test for %s passed.\n", modestr); } else { printf("Hash self-test for %s failed!\n", modestr); } } else { if (forward) { if (equal) { printf("Encryption self-test for %s passed.\n", modestr); } else { printf("Encryption self-test for %s failed!\n", modestr); } } else { if (equal) { printf("Decryption self-test for %s passed.\n", modestr); } else { printf("Decryption self-test for %s failed!\n", modestr); } } } return equal ? SECSuccess : SECFailure; } static SECStatus ReadFileToItem(PLArenaPool *arena, SECItem *dst, const char *filename) { SECItem tmp = { siBuffer, NULL, 0 }; PRFileDesc *file; SECStatus rv; file = PR_Open(filename, PR_RDONLY, 00660); if (!file) { return SECFailure; } rv = SECU_FileToItem(&tmp, file); rv |= SECITEM_CopyItem(arena, dst, &tmp); SECITEM_FreeItem(&tmp, PR_FALSE); PR_Close(file); return rv; } static SECStatus blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, PRBool encrypt, PRBool decrypt) { bltestCipherInfo cipherInfo; bltestIO pt, ct; bltestCipherMode mode; bltestParams *params; unsigned int i, j, nummodes, numtests; char *modestr; char filename[256]; PLArenaPool *arena; SECItem item; SECStatus rv = SECSuccess, srv; PORT_Memset(&cipherInfo, 0, sizeof(cipherInfo)); arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); cipherInfo.arena = arena; nummodes = (numModes == 0) ? NUMMODES : numModes; for (i = 0; i < nummodes; i++) { if (numModes > 0) mode = modes[i]; else mode = i; if (mode == bltestINVALID) { fprintf(stderr, "%s: Skipping invalid mode.\n", progName); continue; } modestr = mode_strings[mode]; cipherInfo.mode = mode; params = &cipherInfo.params; /* get the number of tests in the directory */ sprintf(filename, "%s/tests/%s/%s", testdir, modestr, "numtests"); if (ReadFileToItem(arena, &item, filename) != SECSuccess) { fprintf(stderr, "%s: Cannot read file %s.\n", progName, filename); rv = SECFailure; continue; } /* loop over the tests in the directory */ numtests = 0; for (j = 0; j < item.len; j++) { if (!isdigit(item.data[j])) { break; } numtests *= 10; numtests += (int)(item.data[j] - '0'); } for (j = 0; j < numtests; j++) { sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "plaintext", j); load_file_data(arena, &pt, filename, is_sigCipher(mode) ? bltestBase64Encoded : bltestBinary); sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j); load_file_data(arena, &ct, filename, bltestBase64Encoded); get_params(arena, params, mode, j); /* Forward Operation (Encrypt/Sign/Hash) ** Align the input buffer (plaintext) according to request ** then perform operation and compare to ciphertext */ if (encrypt) { rv |= bltestCopyIO(arena, &cipherInfo.input, &pt); misalignBuffer(arena, &cipherInfo.input, inoff); memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf); rv |= cipherInit(&cipherInfo, PR_TRUE); misalignBuffer(arena, &cipherInfo.output, outoff); rv |= cipherDoOp(&cipherInfo); rv |= cipherFinish(&cipherInfo); rv |= verify_self_test(&cipherInfo.output, &ct, mode, PR_TRUE, SECSuccess); /* If testing hash, only one op to test */ if (is_hashCipher(mode)) continue; if (is_sigCipher(mode)) { /* Verify operations support detached signature files. For ** consistency between tests that run Sign/Verify back to ** back (eg: self-tests) and tests that are only running ** verify operations, copy the output into the sig buf, ** and then copy the sig buf back out when verifying. For ** self-tests, this is unnecessary copying, but for ** verify-only operations, this ensures that the output ** buffer is properly configured */ rv |= bltestCopyIO(arena, ¶ms->asymk.sig, &cipherInfo.output); } } if (!decrypt) continue; /* Reverse Operation (Decrypt/Verify) ** Align the input buffer (ciphertext) according to request ** then perform operation and compare to plaintext */ if (is_sigCipher(mode)) { rv |= bltestCopyIO(arena, &cipherInfo.input, &pt); rv |= bltestCopyIO(arena, &cipherInfo.output, ¶ms->asymk.sig); } else { rv |= bltestCopyIO(arena, &cipherInfo.input, &ct); memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf); } misalignBuffer(arena, &cipherInfo.input, inoff); rv |= cipherInit(&cipherInfo, PR_FALSE); misalignBuffer(arena, &cipherInfo.output, outoff); srv = SECSuccess; srv |= cipherDoOp(&cipherInfo); rv |= cipherFinish(&cipherInfo); rv |= verify_self_test(&cipherInfo.output, &pt, mode, PR_FALSE, srv); } } PORT_FreeArena(arena, PR_FALSE); return rv; } SECStatus dump_file(bltestCipherMode mode, char *filename) { bltestIO keydata; PLArenaPool *arena = NULL; arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); if (!arena) { return SECFailure; } if (mode == bltestRSA || mode == bltestRSA_PSS || mode == bltestRSA_OAEP) { RSAPrivateKey *key; load_file_data(arena, &keydata, filename, bltestBase64Encoded); key = rsakey_from_filedata(arena, &keydata.buf); dump_rsakey(key); } else if (mode == bltestDSA) { #if 0 PQGParams *pqg; get_file_data(filename, &item, PR_TRUE); pqg = pqg_from_filedata(&item); dump_pqg(pqg); #endif DSAPrivateKey *key; load_file_data(arena, &keydata, filename, bltestBase64Encoded); key = dsakey_from_filedata(arena, &keydata.buf); dump_dsakey(key); } else if (mode == bltestECDSA) { ECPrivateKey *key; load_file_data(arena, &keydata, filename, bltestBase64Encoded); key = eckey_from_filedata(arena, &keydata.buf); dump_eckey(key); } PORT_FreeArena(arena, PR_FALSE); return SECFailure; } void ThreadExecTest(void *data) { bltestCipherInfo *cipherInfo = (bltestCipherInfo *)data; if (cipherInfo->mCarlo == PR_TRUE) { int mciter; for (mciter = 0; mciter < 10000; mciter++) { cipherDoOp(cipherInfo); memcpy(cipherInfo->input.buf.data, cipherInfo->output.buf.data, cipherInfo->input.buf.len); } } else { cipherDoOp(cipherInfo); } cipherFinish(cipherInfo); } static void rsaPrivKeyReset(RSAPrivateKey *tstKey) { PLArenaPool *arena; tstKey->version.data = NULL; tstKey->version.len = 0; tstKey->modulus.data = NULL; tstKey->modulus.len = 0; tstKey->publicExponent.data = NULL; tstKey->publicExponent.len = 0; tstKey->privateExponent.data = NULL; tstKey->privateExponent.len = 0; tstKey->prime1.data = NULL; tstKey->prime1.len = 0; tstKey->prime2.data = NULL; tstKey->prime2.len = 0; tstKey->exponent1.data = NULL; tstKey->exponent1.len = 0; tstKey->exponent2.data = NULL; tstKey->exponent2.len = 0; tstKey->coefficient.data = NULL; tstKey->coefficient.len = 0; arena = tstKey->arena; tstKey->arena = NULL; if (arena) { PORT_FreeArena(arena, PR_TRUE); } } #define RSA_TEST_EQUAL(comp) \ if (!SECITEM_ItemsAreEqual(&(src->comp), &(dest->comp))) { \ fprintf(stderr, "key->" #comp " not equal"); \ if (src->comp.len != dest->comp.len) { \ fprintf(stderr, "src_len = %d, dest_len = %d", \ src->comp.len, dest->comp.len); \ } \ fprintf(stderr, "\n"); \ areEqual = PR_FALSE; \ } static PRBool rsaPrivKeysAreEqual(RSAPrivateKey *src, RSAPrivateKey *dest) { PRBool areEqual = PR_TRUE; RSA_TEST_EQUAL(modulus) RSA_TEST_EQUAL(publicExponent) RSA_TEST_EQUAL(privateExponent) RSA_TEST_EQUAL(prime1) RSA_TEST_EQUAL(prime2) RSA_TEST_EQUAL(exponent1) RSA_TEST_EQUAL(exponent2) RSA_TEST_EQUAL(coefficient) if (!areEqual) { fprintf(stderr, "original key:\n"); dump_rsakey(src); fprintf(stderr, "recreated key:\n"); dump_rsakey(dest); } return areEqual; } static int doRSAPopulateTestKV() { RSAPrivateKey tstKey = { 0 }; SECStatus rv; int failed = 0; int i; tstKey.arena = NULL; /* Test public exponent, private exponent, modulus cases from * pkcs1v15sign-vectors.txt. Some are valid PKCS#1 keys but not valid RSA * ones (de = 1 mod lcm(p − 1, q − 1)) */ for (i = 0; i < PR_ARRAY_SIZE(PKCS1_VECTORS); ++i) { struct pkcs1_test_vector *v = &PKCS1_VECTORS[i]; rsaPrivKeyReset(&tstKey); tstKey.privateExponent.data = v->d; tstKey.privateExponent.len = v->d_len; tstKey.publicExponent.data = v->e; tstKey.publicExponent.len = v->e_len; tstKey.modulus.data = v->n; tstKey.modulus.len = v->n_len; rv = RSA_PopulatePrivateKey(&tstKey); if (rv != SECSuccess) { fprintf(stderr, "RSA Populate failed: pkcs1v15sign-vector %d\n", i); failed = 1; } else if (memcmp(v->q, tstKey.prime1.data, v->q_len) || tstKey.prime1.len != v->q_len) { fprintf(stderr, "RSA Populate key mismatch: pkcs1v15sign-vector %d q\n", i); failed = 1; } else if (memcmp(v->p, tstKey.prime2.data, v->p_len) || tstKey.prime1.len != v->p_len) { fprintf(stderr, "RSA Populate key mismatch: pkcs1v15sign-vector %d p\n", i); failed = 1; } else { fprintf(stderr, "RSA Populate success: pkcs1v15sign-vector %d p\n", i); } } PORT_FreeArena(tstKey.arena, PR_TRUE); return failed; } /* * Test the RSA populate command to see that it can really build * keys from its components. */ static int doRSAPopulateTest(unsigned int keySize, unsigned long exponent) { RSAPrivateKey *srcKey; RSAPrivateKey tstKey = { 0 }; SECItem expitem = { 0, 0, 0 }; SECStatus rv; unsigned char pubExp[32]; int expLen = 0; int failed = 0; int i; for (i = 0; i < sizeof(unsigned long); i++) { int shift = (sizeof(unsigned long) - i - 1) * 8; if (expLen || (exponent && ((unsigned long)0xffL << shift))) { pubExp[expLen] = (unsigned char)((exponent >> shift) & 0xff); expLen++; } } expitem.data = pubExp; expitem.len = expLen; srcKey = RSA_NewKey(keySize, &expitem); if (srcKey == NULL) { fprintf(stderr, "RSA Key Gen failed"); return -1; } /* test the basic case - most common, public exponent, modulus, prime */ tstKey.arena = NULL; rsaPrivKeyReset(&tstKey); tstKey.publicExponent = srcKey->publicExponent; tstKey.modulus = srcKey->modulus; tstKey.prime1 = srcKey->prime1; rv = RSA_PopulatePrivateKey(&tstKey); if (rv != SECSuccess) { fprintf(stderr, "RSA Populate failed: pubExp mod p\n"); failed = 1; } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) { fprintf(stderr, "RSA Populate key mismatch: pubExp mod p\n"); failed = 1; } /* test the basic2 case, public exponent, modulus, prime2 */ rsaPrivKeyReset(&tstKey); tstKey.publicExponent = srcKey->publicExponent; tstKey.modulus = srcKey->modulus; tstKey.prime1 = srcKey->prime2; /* test with q in the prime1 position */ rv = RSA_PopulatePrivateKey(&tstKey); if (rv != SECSuccess) { fprintf(stderr, "RSA Populate failed: pubExp mod q\n"); failed = 1; } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) { fprintf(stderr, "RSA Populate key mismatch: pubExp mod q\n"); failed = 1; } /* test the medium case, private exponent, prime1, prime2 */ rsaPrivKeyReset(&tstKey); tstKey.privateExponent = srcKey->privateExponent; tstKey.prime1 = srcKey->prime2; /* purposefully swap them to make */ tstKey.prime2 = srcKey->prime1; /* sure populated swaps them back */ rv = RSA_PopulatePrivateKey(&tstKey); if (rv != SECSuccess) { fprintf(stderr, "RSA Populate failed: privExp p q\n"); failed = 1; } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) { fprintf(stderr, "RSA Populate key mismatch: privExp p q\n"); failed = 1; } /* test the advanced case, public exponent, private exponent, prime2 */ rsaPrivKeyReset(&tstKey); tstKey.privateExponent = srcKey->privateExponent; tstKey.publicExponent = srcKey->publicExponent; tstKey.prime2 = srcKey->prime2; /* use q in the prime2 position */ rv = RSA_PopulatePrivateKey(&tstKey); if (rv != SECSuccess) { fprintf(stderr, "RSA Populate failed: pubExp privExp q\n"); fprintf(stderr, " - not fatal\n"); /* it's possible that we can't uniquely determine the original key * from just the exponents and prime. Populate returns an error rather * than return the wrong key. */ } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) { /* if we returned a key, it *must* be correct */ fprintf(stderr, "RSA Populate key mismatch: pubExp privExp q\n"); rv = RSA_PrivateKeyCheck(&tstKey); failed = 1; } /* test the advanced case2, public exponent, private exponent, modulus */ rsaPrivKeyReset(&tstKey); tstKey.privateExponent = srcKey->privateExponent; tstKey.publicExponent = srcKey->publicExponent; tstKey.modulus = srcKey->modulus; rv = RSA_PopulatePrivateKey(&tstKey); if (rv != SECSuccess) { fprintf(stderr, "RSA Populate failed: pubExp privExp mod\n"); failed = 1; } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) { fprintf(stderr, "RSA Populate key mismatch: pubExp privExp mod\n"); failed = 1; } PORT_FreeArena(srcKey->arena, PR_TRUE); return failed ? -1 : 0; } /* bltest commands */ enum { cmd_Decrypt = 0, cmd_Encrypt, cmd_FIPS, cmd_Hash, cmd_Nonce, cmd_Dump, cmd_RSAPopulate, cmd_RSAPopulateKV, cmd_Sign, cmd_SelfTest, cmd_Verify }; /* bltest options */ enum { opt_B64 = 0, opt_BufSize, opt_Restart, opt_SelfTestDir, opt_Exponent, opt_SigFile, opt_KeySize, opt_Hex, opt_Input, opt_PQGFile, opt_Key, opt_HexWSpc, opt_Mode, opt_CurveName, opt_Output, opt_Repetitions, opt_ZeroBuf, opt_Rounds, opt_Seed, opt_SigSeedFile, opt_CXReps, opt_IV, opt_WordSize, opt_UseSeed, opt_UseSigSeed, opt_SeedFile, opt_AAD, opt_InputOffset, opt_OutputOffset, opt_MonteCarlo, opt_ThreadNum, opt_SecondsToRun, opt_CmdLine }; static secuCommandFlag bltest_commands[] = { { /* cmd_Decrypt */ 'D', PR_FALSE, 0, PR_FALSE }, { /* cmd_Encrypt */ 'E', PR_FALSE, 0, PR_FALSE }, { /* cmd_FIPS */ 'F', PR_FALSE, 0, PR_FALSE }, { /* cmd_Hash */ 'H', PR_FALSE, 0, PR_FALSE }, { /* cmd_Nonce */ 'N', PR_FALSE, 0, PR_FALSE }, { /* cmd_Dump */ 'P', PR_FALSE, 0, PR_FALSE }, { /* cmd_RSAPopulate */ 'R', PR_FALSE, 0, PR_FALSE }, { /* cmd_RSAPopulateKV */ 'K', PR_FALSE, 0, PR_FALSE }, { /* cmd_Sign */ 'S', PR_FALSE, 0, PR_FALSE }, { /* cmd_SelfTest */ 'T', PR_FALSE, 0, PR_FALSE }, { /* cmd_Verify */ 'V', PR_FALSE, 0, PR_FALSE } }; static secuCommandFlag bltest_options[] = { { /* opt_B64 */ 'a', PR_FALSE, 0, PR_FALSE }, { /* opt_BufSize */ 'b', PR_TRUE, 0, PR_FALSE }, { /* opt_Restart */ 'c', PR_FALSE, 0, PR_FALSE }, { /* opt_SelfTestDir */ 'd', PR_TRUE, 0, PR_FALSE }, { /* opt_Exponent */ 'e', PR_TRUE, 0, PR_FALSE }, { /* opt_SigFile */ 'f', PR_TRUE, 0, PR_FALSE }, { /* opt_KeySize */ 'g', PR_TRUE, 0, PR_FALSE }, { /* opt_Hex */ 'h', PR_FALSE, 0, PR_FALSE }, { /* opt_Input */ 'i', PR_TRUE, 0, PR_FALSE }, { /* opt_PQGFile */ 'j', PR_TRUE, 0, PR_FALSE }, { /* opt_Key */ 'k', PR_TRUE, 0, PR_FALSE }, { /* opt_HexWSpc */ 'l', PR_FALSE, 0, PR_FALSE }, { /* opt_Mode */ 'm', PR_TRUE, 0, PR_FALSE }, { /* opt_CurveName */ 'n', PR_TRUE, 0, PR_FALSE }, { /* opt_Output */ 'o', PR_TRUE, 0, PR_FALSE }, { /* opt_Repetitions */ 'p', PR_TRUE, 0, PR_FALSE }, { /* opt_ZeroBuf */ 'q', PR_FALSE, 0, PR_FALSE }, { /* opt_Rounds */ 'r', PR_TRUE, 0, PR_FALSE }, { /* opt_Seed */ 's', PR_TRUE, 0, PR_FALSE }, { /* opt_SigSeedFile */ 't', PR_TRUE, 0, PR_FALSE }, { /* opt_CXReps */ 'u', PR_TRUE, 0, PR_FALSE }, { /* opt_IV */ 'v', PR_TRUE, 0, PR_FALSE }, { /* opt_WordSize */ 'w', PR_TRUE, 0, PR_FALSE }, { /* opt_UseSeed */ 'x', PR_FALSE, 0, PR_FALSE }, { /* opt_UseSigSeed */ 'y', PR_FALSE, 0, PR_FALSE }, { /* opt_SeedFile */ 'z', PR_FALSE, 0, PR_FALSE }, { /* opt_AAD */ 0, PR_TRUE, 0, PR_FALSE, "aad" }, { /* opt_InputOffset */ '1', PR_TRUE, 0, PR_FALSE }, { /* opt_OutputOffset */ '2', PR_TRUE, 0, PR_FALSE }, { /* opt_MonteCarlo */ '3', PR_FALSE, 0, PR_FALSE }, { /* opt_ThreadNum */ '4', PR_TRUE, 0, PR_FALSE }, { /* opt_SecondsToRun */ '5', PR_TRUE, 0, PR_FALSE }, { /* opt_CmdLine */ '-', PR_FALSE, 0, PR_FALSE } }; int main(int argc, char **argv) { SECStatus rv = SECFailure; double totalTime = 0.0; PRIntervalTime time1, time2; PRFileDesc *outfile = NULL; bltestCipherInfo *cipherInfoListHead, *cipherInfo = NULL; bltestIOMode ioMode; int bufsize, exponent, curThrdNum; char *curveName = NULL; int i, commandsEntered; int inoff, outoff; int threads = 1; secuCommand bltest; bltest.numCommands = sizeof(bltest_commands) / sizeof(secuCommandFlag); bltest.numOptions = sizeof(bltest_options) / sizeof(secuCommandFlag); bltest.commands = bltest_commands; bltest.options = bltest_options; progName = strrchr(argv[0], '/'); if (!progName) progName = strrchr(argv[0], '\\'); progName = progName ? progName + 1 : argv[0]; rv = NSS_InitializePRErrorTable(); if (rv != SECSuccess) { SECU_PrintPRandOSError(progName); return -1; } rv = RNG_RNGInit(); if (rv != SECSuccess) { SECU_PrintPRandOSError(progName); return -1; } rv = BL_Init(); if (rv != SECSuccess) { SECU_PrintPRandOSError(progName); return -1; } RNG_SystemInfoForRNG(); rv = SECU_ParseCommandLine(argc, argv, progName, &bltest); if (rv == SECFailure) { fprintf(stderr, "%s: command line parsing error!\n", progName); goto print_usage; } rv = SECFailure; cipherInfo = PORT_ZNew(bltestCipherInfo); cipherInfoListHead = cipherInfo; /* Check the number of commands entered on the command line. */ commandsEntered = 0; for (i = 0; i < bltest.numCommands; i++) if (bltest.commands[i].activated) commandsEntered++; if (commandsEntered > 1 && !(commandsEntered == 2 && bltest.commands[cmd_SelfTest].activated)) { fprintf(stderr, "%s: one command at a time!\n", progName); goto print_usage; } if (commandsEntered == 0) { fprintf(stderr, "%s: you must enter a command!\n", progName); goto print_usage; } if (bltest.commands[cmd_Sign].activated) bltest.commands[cmd_Encrypt].activated = PR_TRUE; if (bltest.commands[cmd_Verify].activated) bltest.commands[cmd_Decrypt].activated = PR_TRUE; if (bltest.commands[cmd_Hash].activated) bltest.commands[cmd_Encrypt].activated = PR_TRUE; inoff = outoff = 0; if (bltest.options[opt_InputOffset].activated) inoff = PORT_Atoi(bltest.options[opt_InputOffset].arg); if (bltest.options[opt_OutputOffset].activated) outoff = PORT_Atoi(bltest.options[opt_OutputOffset].arg); testdir = (bltest.options[opt_SelfTestDir].activated) ? strdup(bltest.options[opt_SelfTestDir].arg) : "."; /* * Handle three simple cases first */ /* test the RSA_PopulatePrivateKey function with known vectors */ if (bltest.commands[cmd_RSAPopulateKV].activated) { PORT_Free(cipherInfo); return doRSAPopulateTestKV(); } /* test the RSA_PopulatePrivateKey function */ if (bltest.commands[cmd_RSAPopulate].activated) { unsigned int keySize = 1024; unsigned long exponent = 65537; int rounds = 1; int ret = -1; if (bltest.options[opt_KeySize].activated) { keySize = PORT_Atoi(bltest.options[opt_KeySize].arg); } if (bltest.options[opt_Rounds].activated) { rounds = PORT_Atoi(bltest.options[opt_Rounds].arg); } if (bltest.options[opt_Exponent].activated) { exponent = PORT_Atoi(bltest.options[opt_Exponent].arg); } for (i = 0; i < rounds; i++) { printf("Running RSA Populate test round %d\n", i); ret = doRSAPopulateTest(keySize, exponent); if (ret != 0) { break; } } if (ret != 0) { fprintf(stderr, "RSA Populate test round %d: FAILED\n", i); } PORT_Free(cipherInfo); return ret; } /* Do BLAPI self-test */ if (bltest.commands[cmd_SelfTest].activated) { PRBool encrypt = PR_TRUE, decrypt = PR_TRUE; /* user may specified a set of ciphers to test. parse them. */ bltestCipherMode modesToTest[NUMMODES]; int numModesToTest = 0; char *tok, *str; str = bltest.options[opt_Mode].arg; while (str) { tok = strchr(str, ','); if (tok) *tok = '\0'; modesToTest[numModesToTest++] = get_mode(str); if (tok) { *tok = ','; str = tok + 1; } else { break; } } if (bltest.commands[cmd_Decrypt].activated && !bltest.commands[cmd_Encrypt].activated) encrypt = PR_FALSE; if (bltest.commands[cmd_Encrypt].activated && !bltest.commands[cmd_Decrypt].activated) decrypt = PR_FALSE; rv = blapi_selftest(modesToTest, numModesToTest, inoff, outoff, encrypt, decrypt); PORT_Free(cipherInfo); return rv == SECSuccess ? 0 : 1; } /* Do FIPS self-test */ if (bltest.commands[cmd_FIPS].activated) { CK_RV ckrv = sftk_FIPSEntryOK(); fprintf(stdout, "CK_RV: %ld.\n", ckrv); PORT_Free(cipherInfo); if (ckrv == CKR_OK) return SECSuccess; return SECFailure; } /* * Check command line arguments for Encrypt/Decrypt/Hash/Sign/Verify */ if ((bltest.commands[cmd_Decrypt].activated || bltest.commands[cmd_Verify].activated) && bltest.options[opt_BufSize].activated) { fprintf(stderr, "%s: Cannot use a nonce as input to decrypt/verify.\n", progName); goto print_usage; } if (bltest.options[opt_Mode].activated) { cipherInfo->mode = get_mode(bltest.options[opt_Mode].arg); if (cipherInfo->mode == bltestINVALID) { goto print_usage; } } else { fprintf(stderr, "%s: You must specify a cipher mode with -m.\n", progName); goto print_usage; } if (bltest.options[opt_Repetitions].activated && bltest.options[opt_SecondsToRun].activated) { fprintf(stderr, "%s: Operation time should be defined in either " "repetitions(-p) or seconds(-5) not both", progName); goto print_usage; } if (bltest.options[opt_Repetitions].activated) { cipherInfo->repetitionsToPerfom = PORT_Atoi(bltest.options[opt_Repetitions].arg); } else { cipherInfo->repetitionsToPerfom = 0; } if (bltest.options[opt_SecondsToRun].activated) { cipherInfo->seconds = PORT_Atoi(bltest.options[opt_SecondsToRun].arg); } else { cipherInfo->seconds = 0; } if (bltest.options[opt_CXReps].activated) { cipherInfo->cxreps = PORT_Atoi(bltest.options[opt_CXReps].arg); } else { cipherInfo->cxreps = 0; } if (bltest.options[opt_ThreadNum].activated) { threads = PORT_Atoi(bltest.options[opt_ThreadNum].arg); if (threads <= 0) { threads = 1; } } /* Dump a file (rsakey, dsakey, etc.) */ if (bltest.commands[cmd_Dump].activated) { rv = dump_file(cipherInfo->mode, bltest.options[opt_Input].arg); PORT_Free(cipherInfo); return rv; } /* default input mode is binary */ ioMode = (bltest.options[opt_B64].activated) ? bltestBase64Encoded : (bltest.options[opt_Hex].activated) ? bltestHexStream : (bltest.options[opt_HexWSpc].activated) ? bltestHexSpaceDelim : bltestBinary; if (bltest.options[opt_Exponent].activated) exponent = PORT_Atoi(bltest.options[opt_Exponent].arg); else exponent = 65537; if (bltest.options[opt_CurveName].activated) curveName = PORT_Strdup(bltest.options[opt_CurveName].arg); else curveName = NULL; if (bltest.commands[cmd_Verify].activated && !bltest.options[opt_SigFile].activated) { fprintf(stderr, "%s: You must specify a signature file with -f.\n", progName); print_usage: if (cipherInfo) { PORT_Free(cipherInfo); } Usage(); } if (bltest.options[opt_MonteCarlo].activated) { cipherInfo->mCarlo = PR_TRUE; } else { cipherInfo->mCarlo = PR_FALSE; } for (curThrdNum = 0; curThrdNum < threads; curThrdNum++) { int keysize = 0; PRFileDesc *file = NULL, *infile; bltestParams *params; char *instr = NULL; PLArenaPool *arena; if (curThrdNum > 0) { bltestCipherInfo *newCInfo = PORT_ZNew(bltestCipherInfo); if (!newCInfo) { fprintf(stderr, "%s: Can not allocate memory.\n", progName); goto exit_point; } newCInfo->mode = cipherInfo->mode; newCInfo->mCarlo = cipherInfo->mCarlo; newCInfo->repetitionsToPerfom = cipherInfo->repetitionsToPerfom; newCInfo->seconds = cipherInfo->seconds; newCInfo->cxreps = cipherInfo->cxreps; cipherInfo->next = newCInfo; cipherInfo = newCInfo; } arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); if (!arena) { fprintf(stderr, "%s: Can not allocate memory.\n", progName); goto exit_point; } cipherInfo->arena = arena; params = &cipherInfo->params; /* Set up an encryption key. */ keysize = 0; file = NULL; if (is_symmkeyCipher(cipherInfo->mode) || is_aeadCipher(cipherInfo->mode)) { char *keystr = NULL; /* if key is on command line */ if (bltest.options[opt_Key].activated) { if (bltest.options[opt_CmdLine].activated) { keystr = bltest.options[opt_Key].arg; } else { file = PR_Open(bltest.options[opt_Key].arg, PR_RDONLY, 00660); } } else { if (bltest.options[opt_KeySize].activated) keysize = PORT_Atoi(bltest.options[opt_KeySize].arg); else keysize = 8; /* use 64-bit default (DES) */ /* save the random key for reference */ file = PR_Open("tmp.key", PR_WRONLY | PR_CREATE_FILE, 00660); } params->key.mode = ioMode; setupIO(cipherInfo->arena, ¶ms->key, file, keystr, keysize); if (file) PR_Close(file); } else if (is_pubkeyCipher(cipherInfo->mode)) { if (bltest.options[opt_Key].activated) { file = PR_Open(bltest.options[opt_Key].arg, PR_RDONLY, 00660); } else { if (bltest.options[opt_KeySize].activated) keysize = PORT_Atoi(bltest.options[opt_KeySize].arg); else keysize = 64; /* use 512-bit default */ file = PR_Open("tmp.key", PR_WRONLY | PR_CREATE_FILE, 00660); } params->key.mode = bltestBase64Encoded; pubkeyInitKey(cipherInfo, file, keysize, exponent, curveName); PR_Close(file); } /* set up an initialization vector. */ if (cipher_requires_IV(cipherInfo->mode)) { char *ivstr = NULL; bltestSymmKeyParams *skp; file = NULL; #ifdef NSS_SOFTOKEN_DOES_RC5 if (cipherInfo->mode == bltestRC5_CBC) skp = (bltestSymmKeyParams *)¶ms->rc5; else #endif skp = ¶ms->sk; if (bltest.options[opt_IV].activated) { if (bltest.options[opt_CmdLine].activated) { ivstr = bltest.options[opt_IV].arg; } else { file = PR_Open(bltest.options[opt_IV].arg, PR_RDONLY, 00660); } } else { /* save the random iv for reference */ file = PR_Open("tmp.iv", PR_WRONLY | PR_CREATE_FILE, 00660); } memset(&skp->iv, 0, sizeof skp->iv); skp->iv.mode = ioMode; setupIO(cipherInfo->arena, &skp->iv, file, ivstr, keysize); if (file) { PR_Close(file); } } /* set up an initialization vector. */ if (is_authCipher(cipherInfo->mode)) { char *aadstr = NULL; bltestAuthSymmKeyParams *askp; file = NULL; askp = ¶ms->ask; if (bltest.options[opt_AAD].activated) { if (bltest.options[opt_CmdLine].activated) { aadstr = bltest.options[opt_AAD].arg; } else { file = PR_Open(bltest.options[opt_AAD].arg, PR_RDONLY, 00660); } } else { file = NULL; } memset(&askp->aad, 0, sizeof askp->aad); askp->aad.mode = ioMode; setupIO(cipherInfo->arena, &askp->aad, file, aadstr, 0); if (file) { PR_Close(file); } } if (bltest.commands[cmd_Verify].activated) { file = PR_Open(bltest.options[opt_SigFile].arg, PR_RDONLY, 00660); if (is_sigCipher(cipherInfo->mode)) { memset(¶ms->asymk.sig, 0, sizeof(bltestIO)); params->asymk.sig.mode = ioMode; setupIO(cipherInfo->arena, ¶ms->asymk.sig, file, NULL, 0); } if (file) { PR_Close(file); } } if (bltest.options[opt_PQGFile].activated) { file = PR_Open(bltest.options[opt_PQGFile].arg, PR_RDONLY, 00660); params->asymk.cipherParams.dsa.pqgdata.mode = bltestBase64Encoded; setupIO(cipherInfo->arena, ¶ms->asymk.cipherParams.dsa.pqgdata, file, NULL, 0); if (file) { PR_Close(file); } } /* Set up the input buffer */ if (bltest.options[opt_Input].activated) { if (bltest.options[opt_CmdLine].activated) { instr = bltest.options[opt_Input].arg; infile = NULL; } else { /* form file name from testdir and input arg. */ char *filename = bltest.options[opt_Input].arg; if (bltest.options[opt_SelfTestDir].activated && testdir && filename && filename[0] != '/') { filename = PR_smprintf("%s/tests/%s/%s", testdir, mode_strings[cipherInfo->mode], filename); if (!filename) { fprintf(stderr, "%s: Can not allocate memory.\n", progName); goto exit_point; } infile = PR_Open(filename, PR_RDONLY, 00660); PR_smprintf_free(filename); } else { infile = PR_Open(filename, PR_RDONLY, 00660); } } } else if (bltest.options[opt_BufSize].activated) { /* save the random plaintext for reference */ char *tmpFName = PR_smprintf("tmp.in.%d", curThrdNum); if (!tmpFName) { fprintf(stderr, "%s: Can not allocate memory.\n", progName); goto exit_point; } infile = PR_Open(tmpFName, PR_WRONLY | PR_CREATE_FILE, 00660); PR_smprintf_free(tmpFName); } else { infile = PR_STDIN; } if (!infile) { fprintf(stderr, "%s: Failed to open input file.\n", progName); goto exit_point; } cipherInfo->input.mode = ioMode; /* Set up the output stream */ if (bltest.options[opt_Output].activated) { /* form file name from testdir and input arg. */ char *filename = bltest.options[opt_Output].arg; if (bltest.options[opt_SelfTestDir].activated && testdir && filename && filename[0] != '/') { filename = PR_smprintf("%s/tests/%s/%s", testdir, mode_strings[cipherInfo->mode], filename); if (!filename) { fprintf(stderr, "%s: Can not allocate memory.\n", progName); goto exit_point; } outfile = PR_Open(filename, PR_WRONLY | PR_CREATE_FILE, 00660); PR_smprintf_free(filename); } else { outfile = PR_Open(filename, PR_WRONLY | PR_CREATE_FILE, 00660); } } else { outfile = PR_STDOUT; } if (!outfile) { fprintf(stderr, "%s: Failed to open output file.\n", progName); rv = SECFailure; goto exit_point; } cipherInfo->output.mode = ioMode; if (bltest.options[opt_SelfTestDir].activated && ioMode == bltestBinary) cipherInfo->output.mode = bltestBase64Encoded; if (is_hashCipher(cipherInfo->mode)) cipherInfo->params.hash.restart = bltest.options[opt_Restart].activated; bufsize = 0; if (bltest.options[opt_BufSize].activated) bufsize = PORT_Atoi(bltest.options[opt_BufSize].arg); /*infile = NULL;*/ setupIO(cipherInfo->arena, &cipherInfo->input, infile, instr, bufsize); if (infile && infile != PR_STDIN) PR_Close(infile); misalignBuffer(cipherInfo->arena, &cipherInfo->input, inoff); cipherInit(cipherInfo, bltest.commands[cmd_Encrypt].activated); misalignBuffer(cipherInfo->arena, &cipherInfo->output, outoff); } if (!bltest.commands[cmd_Nonce].activated) { TIMESTART(); cipherInfo = cipherInfoListHead; while (cipherInfo != NULL) { cipherInfo->cipherThread = PR_CreateThread(PR_USER_THREAD, ThreadExecTest, cipherInfo, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, PR_JOINABLE_THREAD, 0); cipherInfo = cipherInfo->next; } cipherInfo = cipherInfoListHead; while (cipherInfo != NULL) { PR_JoinThread(cipherInfo->cipherThread); finishIO(&cipherInfo->output, outfile); cipherInfo = cipherInfo->next; } TIMEFINISH(totalTime, 1); } cipherInfo = cipherInfoListHead; if (cipherInfo->repetitions > 0 || cipherInfo->cxreps > 0 || threads > 1) dump_performance_info(cipherInfoListHead, totalTime, bltest.commands[cmd_Encrypt].activated, (cipherInfo->repetitions == 0)); rv = SECSuccess; exit_point: if (outfile && outfile != PR_STDOUT) PR_Close(outfile); cipherInfo = cipherInfoListHead; while (cipherInfo != NULL) { bltestCipherInfo *tmpInfo = cipherInfo; if (cipherInfo->arena) PORT_FreeArena(cipherInfo->arena, PR_TRUE); cipherInfo = cipherInfo->next; PORT_Free(tmpInfo); } /*NSS_Shutdown();*/ return SECSuccess; } nss-pem.git/nss/nss/cmd/bltest/bltest.gyp0000664000000000000000000000144313252671167015612 0ustar # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. { 'includes': [ '../../coreconf/config.gypi', '../../cmd/platlibs.gypi' ], 'targets': [ { 'target_name': 'bltest', 'type': 'executable', 'sources': [ 'blapitest.c' ], 'dependencies': [ '<(DEPTH)/exports.gyp:dbm_exports', '<(DEPTH)/exports.gyp:nss_exports', '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3' ] } ], 'target_defaults': { 'include_dirs': [ '../../nss/lib/softoken' ], 'defines': [ 'NSS_USE_STATIC_LIBS' ] }, 'variables': { 'module': 'nss', 'use_static_libs': 1 } }nss-pem.git/nss/nss/cmd/bltest/manifest.mn0000664000000000000000000000067113252671167015740 0ustar # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. CORE_DEPTH = ../.. MODULE = nss REQUIRES = seccmd dbm softoken INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken PROGRAM = bltest USE_STATIC_LIBS = 1 EXPORTS = \ $(NULL) PRIVATE_EXPORTS = \ $(NULL) CSRCS = \ blapitest.c \ $(NULL) nss-pem.git/nss/nss/cmd/bltest/pkcs1_vectors.h0000664000000000000000000013131713252671167016537 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* Vectors from pkcs1v15sign-vectors.txt */ struct pkcs1_test_vector { unsigned char *n; unsigned long n_len; unsigned char *e; unsigned long e_len; unsigned char *d; unsigned long d_len; unsigned char *p; unsigned long p_len; unsigned char *q; unsigned long q_len; }; struct pkcs1_test_vector PKCS1_VECTORS[15] = { { (unsigned char[]){ 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 }, 128, (unsigned char[]){ 0x01, 0x00, 0x01 }, 3, (unsigned char[]){ 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf, 0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 }, 128, (unsigned char[]){ 0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba, 0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd }, 64, (unsigned char[]){ 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73, 0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43 }, 64, }, { (unsigned char[]){ 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 }, 128, (unsigned char[]){ 0x01, 0x00, 0x01 }, 3, (unsigned char[]){ 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf, 0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 }, 128, (unsigned char[]){ 0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba, 0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd }, 64, (unsigned char[]){ 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73, 0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43 }, 64, }, { (unsigned char[]){ 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 }, 128, (unsigned char[]){ 0x01, 0x00, 0x01 }, 3, (unsigned char[]){ 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf, 0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 }, 128, (unsigned char[]){ 0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba, 0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd }, 64, (unsigned char[]){ 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73, 0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43 }, 64, }, { (unsigned char[]){ 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 }, 128, (unsigned char[]){ 0x01, 0x00, 0x01 }, 3, (unsigned char[]){ 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf, 0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 }, 128, (unsigned char[]){ 0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba, 0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd }, 64, (unsigned char[]){ 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73, 0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43 }, 64, }, { (unsigned char[]){ 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 }, 128, (unsigned char[]){ 0x01, 0x00, 0x01 }, 3, (unsigned char[]){ 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf, 0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 }, 128, (unsigned char[]){ 0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba, 0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd }, 64, (unsigned char[]){ 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73, 0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43 }, 64, }, { (unsigned char[]){ 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 }, 128, (unsigned char[]){ 0x01, 0x00, 0x01 }, 3, (unsigned char[]){ 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf, 0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 }, 128, (unsigned char[]){ 0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba, 0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd }, 64, (unsigned char[]){ 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73, 0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43 }, 64, }, { (unsigned char[]){ 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 }, 128, (unsigned char[]){ 0x01, 0x00, 0x01 }, 3, (unsigned char[]){ 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf, 0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 }, 128, (unsigned char[]){ 0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba, 0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd }, 64, (unsigned char[]){ 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73, 0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43 }, 64, }, { (unsigned char[]){ 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 }, 128, (unsigned char[]){ 0x01, 0x00, 0x01 }, 3, (unsigned char[]){ 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf, 0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 }, 128, (unsigned char[]){ 0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba, 0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd }, 64, (unsigned char[]){ 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73, 0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43 }, 64, }, { (unsigned char[]){ 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 }, 128, (unsigned char[]){ 0x01, 0x00, 0x01 }, 3, (unsigned char[]){ 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf, 0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 }, 128, (unsigned char[]){ 0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba, 0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd }, 64, (unsigned char[]){ 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73, 0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43 }, 64, }, { (unsigned char[]){ 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 }, 128, (unsigned char[]){ 0x01, 0x00, 0x01 }, 3, (unsigned char[]){ 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf, 0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 }, 128, (unsigned char[]){ 0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba, 0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd }, 64, (unsigned char[]){ 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73, 0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43 }, 64, }, { (unsigned char[]){ 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 }, 128, (unsigned char[]){ 0x01, 0x00, 0x01 }, 3, (unsigned char[]){ 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf, 0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 }, 128, (unsigned char[]){ 0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba, 0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd }, 64, (unsigned char[]){ 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73, 0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43 }, 64, }, { (unsigned char[]){ 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 }, 128, (unsigned char[]){ 0x01, 0x00, 0x01 }, 3, (unsigned char[]){ 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf, 0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 }, 128, (unsigned char[]){ 0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba, 0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd }, 64, (unsigned char[]){ 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73, 0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43 }, 64, }, { (unsigned char[]){ 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 }, 128, (unsigned char[]){ 0x01, 0x00, 0x01 }, 3, (unsigned char[]){ 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf, 0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 }, 128, (unsigned char[]){ 0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba, 0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd }, 64, (unsigned char[]){ 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73, 0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43 }, 64, }, { (unsigned char[]){ 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 }, 128, (unsigned char[]){ 0x01, 0x00, 0x01 }, 3, (unsigned char[]){ 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf, 0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 }, 128, (unsigned char[]){ 0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba, 0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd }, 64, (unsigned char[]){ 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73, 0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43 }, 64, }, { (unsigned char[]){ 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 }, 128, (unsigned char[]){ 0x01, 0x00, 0x01 }, 3, (unsigned char[]){ 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf, 0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 }, 128, (unsigned char[]){ 0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba, 0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd }, 64, (unsigned char[]){ 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73, 0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43 }, 64, } }; nss-pem.git/nss/nss/cmd/bltest/tests/0000775000000000000000000000000013252671167014734 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/README0000664000000000000000000000522313252671167015616 0ustar This directory contains a set of tests for each cipher supported by BLAPI. Each subdirectory contains known plaintext and ciphertext pairs (and keys and/or iv's if needed). The tests can be run as a full set with: bltest -T or as subsets, for example: bltest -T -m des_ecb,md2,rsa In each subdirectory, the plaintext, key, and iv are ascii, and treated as such. The ciphertext is base64-encoded to avoid the hassle of binary files. To add a test, incremement the value in the numtests file. Create a plaintext, key, and iv file, such that the name of the file is incrememted one from the last set of tests. For example, if you are adding the second test, put your data in files named plaintext1, key1, and iv1 (ignoring key and iv if they are not needed, of course). Make sure your key and iv are the correct number of bytes for your cipher (a trailing \n is okay, but any other trailing bytes will be used!). Once you have your input data, create output data by running bltest on a trusted implementation. For example, for a new DES ECB test, run bltest -E -m des_ecb -i plaintext1 -k key1 -o ciphertext1 -a in the tests/des_ecb directory. Then run bltest -T des_ecb from the cmd/bltest directory in the tree of the implementation you want to test. Note that the -a option above is important, it tells bltest to expect the input to be straight ASCII, and not base64 encoded binary! Special cases: RC5: RC5 can take additional parameters, the number of rounds to perform and the wordsize to use. The number of rounds is between is between 0 and 255, and the wordsize is either is either 16, 32, or 64 bits (at this time only 32-bit is supported). These parameters are specified in a paramsN file, where N is an index as above. The format of the file is "rounds=R\nwordsize=W\n". public key modes (RSA and DSA): Asymmetric key ciphers use keys with special properties, so creating a key file with "Mozilla!" in it will not get you very far! To create a public key, run bltest with the plaintext you want to encrypt, using a trusted implementation. bltest will generate a key and store it in "tmp.key", rename that file to keyN. For example: bltest -E -m rsa -i plaintext0 -o ciphertext0 -e 65537 -g 32 -a mv tmp.key key0 RSA-OAEP/RSA-PSS: RSA-OAEP and RSA-PSS have a number of additional parameters to feed in. - "seedN": The seed or salt to use when encrypting/signing - "hashN" / "maskhashN" - The base digest algorithm and the digest algorithm to use with MGF1, respectively. This should be an ASCII string specifying one of the hash algorithms recognized by bltest (eg: "sha1", "sha256") [note: specifying a keysize (-g) when using RSA is important!] nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/0000775000000000000000000000000013252671167016313 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext00000664000000000000000000000005613252671167020476 0ustar oJLgOzZ1GiWt3DGo2sPKaOnyGuRz5sZwmDyn4dvAqd8= nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext10000664000000000000000000000003213252671167020471 0ustar AzZ2PpZtkllaVnzJzlN/Xg== nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext100000664000000000000000000000026213252671167020556 0ustar eykx9YVfcXFF4A8VKp9HlDWbH/yz5V9ZTjMJi1HCOmx0oGwdlP3tf9KuQsfbesrv WETLM67dxoUlhe0AIKZpnSy1OAnO/RaRSM5CKSr6sGNEOXgwbFgsGLnODaPQhM5N PEgs/Y/PGoUITon7iLQKCE1elyRm0HZmEm+3YfhAePI= nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext110000664000000000000000000000030613252671167020556 0ustar sJUS8+/57Q2FiQmDpz2tu3w2eNUlgb5kqKj8WG9JDyUhKXpHigWYBA69D1UJ+vsJ afnZ5gDq7zOxuT7tmWh7Fn+JpQZarEOc5G87jSLTCGXmTkXvjNMLaYQ1OoRKEcjN YNug6IZrPuMNJLP6imQ7MoNT4GAQ+oJzyP1U7woraTDlUgquXNWQL5uGozWSykNl nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext120000664000000000000000000000034013252671167020555 0ustar a+ihKABFWjIFOIU+DLoxvS2A6gyFFkpMXCYa5IVBfZPv/i68DQoLUdbqGGM9IQz2 PAxN28J2B/LoHtkRMZHvhtVvO5m+bEFaQVApn7hGznFgtAtjuvEXnRknWi6DaYN2 0ouSVIxo4G5tmU4sFQHtKXAU5wLN7+4vZWRHcGAJYU2AHeHKr3P4t/pWzxupS2MZ M7vld2JDgIUPEXQ1oDVbKw== nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext130000664000000000000000000000005613252671167020562 0ustar UdRHefkNQKgASCdsA1y0nKKke8ubnPcnC5FEeTeH1T8= nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext140000664000000000000000000000013413252671167020560 0ustar 1fVYl2C/nHYiKP3iNt4fot0trUSNs/qb4MQZbv1Go1yE3RrHfZ21jJWRjLMXpkMK CNL7ao6LDxybcsejRNw0nw== nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext150000664000000000000000000000020413252671167020557 0ustar dTlZdL0ys2ZWVKbI45a4iuNLEjV1hyp6tofY52tG35EailkM0B0vXDML46Zibp3T ql4Q7RTo/4KYEbb+1Q8/UzykOFocvKePXEdE5Q8vg1kWXCSF0TJOdsPq52oMysYp nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext160000664000000000000000000000026213252671167020564 0ustar gVjiFCDyW1nWrpQ/ocvyHwLpefQZ2rASanIbfu9Vvumtl/XM/30jkFe7wZqMN4FC 92cvHV5+F9e+vLAHDoNVys5mYBcaU7YYFq6CSm72nORwtv/TtbtLQ4h02R0nhU07 byWGDTholY3jMH1isTOb3duKMYwM4PM8F8rw6fYECCA= nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext170000664000000000000000000000030613252671167020564 0ustar km2ySMwbog8MV2MafIrvCU95GTe5BZSeNGAkDov6b6SDEVobMQtuQ2nK68UmKIg3 ex3apYAOpJaivf8PmhAx5xKcmiDjViHn8Li6yg2HAw8q58qFk8hZlnegb9SyYAnq 0I/srCTKqc8srTtHDIInQVp7Hg8uqz+tltcKIJyLsmxidnfiUxuUNcpuPERNGVtf nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext180000664000000000000000000000034013252671167020563 0ustar yCzyxHbeqMtqbmB6QNLwORvoLqnshKU3poIPmvuZe3Y5fQBUJPqmp03E6MeqSokA aQ+JS20dyoBnU5PSJDrax2LxWTAeNX6YtyR2IxDNWnuv4cKgMNukb9k6n9uJzBMs qcF9xyAx7Ggi7lqdmdvKZseEwBsIhcu2LinZeAGSfsQVpdIVFY0yX57miUN60bdo StM8DZJzlFGsh/Of+MMbhA== nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext190000664000000000000000000000005613252671167020570 0ustar L6Dfciqf07ZMsY+ys9tV/yJnQidXKJQT+PZXUHQSpkw= nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext20000664000000000000000000000003213252671167020472 0ustar qaFjG/SZaVTrwJOVeyNFiQ== nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext200000664000000000000000000000013413252671167020555 0ustar BdXHdylCGwi3N+QRGfpEONH1cMx3Kk1sPff/7aA4TvhCiM43/ExMfRElpJmwUTZM OJ/WOb3aZH2qO9rasutVlA== nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext210000664000000000000000000000020413252671167020554 0ustar rD1tuv4uD3QGMv2eggv2BEzVsVUcu5zAPAslw5zLfzO4Oqz8pAoyZfK7/4eRU0SK ysuI/Ps7t7EP5GOmjAEJ8Cg4Lj5VexrfAu1kira7iV3wIF0m67+ppf2M69jkvuPc nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext220000664000000000000000000000026213252671167020561 0ustar kLe5YwojePU/UBq3vv8DkVUAgHG8hDjniZMs/T6xKZGVRl5mM4SUY/20Q3Unji/b ExCCHmSSz4D/Fct3JQn7Qm867uJ71JOIgv0q5rW9nZH6SkOxe7Q5675ZwEIxAWOo Kl/lOIeW7uNaGBoScfAL4puFLY+nWbrQH/RnjwEFlM0= nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext230000664000000000000000000000030613252671167020561 0ustar AlSyNGO8q+xaOV63TI+w6xN6B7xvXp9h7AsFfeMFcU+PopQiHJGhWcMVk5uB4wDu kCGS7F8VJUQo2HcveTJOxDKYyiHACzcCc+5eXtkOQ++h4FpdFxIJ/jT58pI326Km cmZQ/TsTIXR9EgiGPGw8az4th5q18leC8Iuo8qu+Y+C+20oifoGvs2u2ZFUINW00 nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext240000664000000000000000000000034013252671167020560 0ustar /Fhz5Q3o+vTGuEunB7CFTp25qy6ffXB/u6M4xoQ6GPxvrOuvZj0mKW+zKbTSbxhJ THngnneWR/m6+odIljDXn0MBYQwjAMGdvzFIt8rIxPSUQQJ1TzMukrb3xedbxhee uHegeNRxkAkCF0TBTxP9KlWiucRNGAAGhahFpPYyx8VqdzBu+maiTQXQiNzXwT/i T8RHJ1ll255NN/vJMERIzQ== nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext30000664000000000000000000000003213252671167020473 0ustar J1z8BBPYzLcFE8OFmx0Pcg== nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext40000664000000000000000000000003213252671167020474 0ustar ybgTX/G1rcQT39BTshvZbQ== nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext50000664000000000000000000000003213252671167020475 0ustar XJ2ETtRvmIUIXl1qT5TH1w== nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext60000664000000000000000000000003213252671167020476 0ustar qf91vXz2YT03Mcd8O20MBA== nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext70000664000000000000000000000005613252671167020505 0ustar xNxh2XJZZ6MCAQSpc48jhoUnzoOaqxdS/YvblagsTQA= nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext80000664000000000000000000000013413252671167020503 0ustar Gblgl3LGPzOGCL9utSyhC+ZQl/icHgkFxCQB/Ud5GuLFRAstRzEWyni9n/L7YBXP 0xZSTq59y5Wuc46+roSkZw== nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/ciphertext90000664000000000000000000000020413252671167020502 0ustar O4YRv8SXPFzY6YKwc7MxhM0mEQFZFy5EmI61/1ZhoeFvrWclj8v+5VRpJnoS3DdI k7TjUz029WNMMJVYNZbxNaqM0RONyJi8VlHuNakuv4mrautTZmU7xgpw4AdPwR7+ nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv00000664000000000000000000000002113252671167016725 0ustar qwertyuiopasdfgh nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv10000664000000000000000000000002013252671167016725 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv100000664000000000000000000000002013252671167017005 0ustar 4n\ЮXS,nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv110000664000000000000000000000002013252671167017006 0ustar $_&[vnss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv120000664000000000000000000000002013252671167017007 0ustar /H$Jnss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv130000664000000000000000000000002013252671167017010 0ustar f~My`P[nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv140000664000000000000000000000002013252671167017011 0ustar Y R9<8nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv150000664000000000000000000000002013252671167017012 0ustar 6긃lÏc(Fnss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv160000664000000000000000000000002013252671167017013 0ustar țЗëOHmnss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv170000664000000000000000000000002013252671167017014 0ustar (3E <nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv180000664000000000000000000000002013252671167017015 0ustar $@8,{cUnss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv190000664000000000000000000000002013252671167017016 0ustar 47EquWnss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv20000664000000000000000000000002013252671167016726 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv200000664000000000000000000000002013252671167017006 0ustar +̻lI H*Vnss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv210000664000000000000000000000002013252671167017007 0ustar ˗ SE ;nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv220000664000000000000000000000002013252671167017010 0ustar LYcY`&u>Inss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv230000664000000000000000000000002013252671167017011 0ustar Q? y%mnss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv240000664000000000000000000000002013252671167017012 0ustar ՁӶ꡵?~nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv30000664000000000000000000000002013252671167016727 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv40000664000000000000000000000002013252671167016730 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv50000664000000000000000000000002013252671167016731 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv60000664000000000000000000000002013252671167016732 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv70000664000000000000000000000002013252671167016733 0ustar X<e/ 40enss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv80000664000000000000000000000002013252671167016734 0ustar  ]`i|Jnss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/iv90000664000000000000000000000002013252671167016735 0ustar e60ָBznss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/key00000664000000000000000000000002113252671167017077 0ustar fedcba9876543210 nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/key10000664000000000000000000000002013252671167017077 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/key100000664000000000000000000000002013252671167017157 0ustar đ1E)%Uxnss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/key110000664000000000000000000000002013252671167017160 0ustar }qMnjhjqnss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/key120000664000000000000000000000002013252671167017161 0ustar ,A7Q'0W 6xknss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/key130000664000000000000000000000003013252671167017163 0ustar 곱XsQ.k!nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/key140000664000000000000000000000003013252671167017164 0ustar {{Mi~ϖuy|5nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/key150000664000000000000000000000003013252671167017165 0ustar uZ Ӊ<ɸTTnss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/key160000664000000000000000000000003013252671167017166 0ustar Ϟhw<1 Unss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/key170000664000000000000000000000003013252671167017167 0ustar +9nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/key90000664000000000000000000000002013252671167017107 0ustar 緺O|4F^nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/mktst.sh0000664000000000000000000000071713252671167020016 0ustar #!/bin/sh for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 do file="test$i.txt" grep "KEY = " $file | sed -e 's;KEY = ;;' | hex > key$i grep "IV = " $file | sed -e 's;IV = ;;' | hex > iv$i grep "PLAINTEXT = " $file | sed -e 's;PLAINTEXT = ;;' | hex > plaintext$i grep "CIPHERTEXT = " $file | sed -e 's;CIPHERTEXT = ;;' | hex > ciphertext$i.bin btoa < ciphertext$i.bin > ciphertext$i rm ciphertext$i.bin done nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/numtests0000664000000000000000000000000313252671167020111 0ustar 25 nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/plaintext00000664000000000000000000000004113252671167020321 0ustar 0123456789abcdef0123456789abcdef nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/plaintext10000664000000000000000000000002013252671167020317 0ustar D<']snss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/plaintext100000664000000000000000000000020013252671167020377 0ustar jx~ Ve3l@QRd.My^{ҧL.TS ykǚMvъGflMPfTG6³$k{mE_ٿ켦5ΛE˝nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/plaintext110000664000000000000000000000022013252671167020402 0ustar +ͼL`"W 2mM甎TR#D0~7y-@%_B@Ct8>'s; Uw/`?{,b6+q]?nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/plaintext130000664000000000000000000000004013252671167020404 0ustar NLh#!mi9:-Yt@nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/plaintext140000664000000000000000000000010013252671167020402 0ustar 78wT"/L-+ y[A0#FhŎIyҖyOnss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/plaintext150000664000000000000000000000014013252671167020407 0ustar /_:X :kd1:4~8W#;wS.Qp!B1!Z-+p=Dnss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/plaintext190000664000000000000000000000004013252671167020412 0ustar PR 5iurT?f-1 Rnss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/plaintext20000664000000000000000000000002013252671167020320 0ustar d u"}Nrnss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/plaintext200000664000000000000000000000010013252671167020377 0ustar 7%k1 sXIC{4ɿOւ5&z an%JV}֎L8V;cnss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/plaintext210000664000000000000000000000014013252671167020404 0ustar :ަnBAw^7$^OdH2[`4[xe"nc?3avx\ۻȢkQ;;4i[r JR-6z2,}Ēq}d00ޡiNEaAj0LO㬃KOc8.s4U#Amߝ"$N%,nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/plaintext240000664000000000000000000000024013252671167020410 0ustar cӆEp aXUh26/J2*ѪtDV{N}J#+(hiV5Yz~ڼ䯩XUWPV$"$+V1 2&5=q_DBEX n,]YH%sAc,0nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/plaintext30000664000000000000000000000002013252671167020321 0ustar zj)xmu9nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/plaintext40000664000000000000000000000002013252671167020322 0ustar -BWdӚ#nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/plaintext50000664000000000000000000000002013252671167020323 0ustar G0 %& T}nss-pem.git/nss/nss/cmd/bltest/tests/aes_cbc/plaintext60000664000000000000000000000002013252671167020324 0ustar $6 key$i grep "Init. Counter" $file | sed -e 's;Init. Counter=;;' | hex > iv$i grep "Ciphertext" $file | sed -e 's;Ciphertext=;;' | hex | btoa > ciphertext$i grep "Plaintext" $file | sed -e 's;Plaintext=;;' | hex > plaintext$i done nss-pem.git/nss/nss/cmd/bltest/tests/aes_ctr/numtests0000664000000000000000000000000213252671167020151 0ustar 3 nss-pem.git/nss/nss/cmd/bltest/tests/aes_ctr/plaintext00000664000000000000000000000010013252671167020356 0ustar k.@=~s*-WoEQ0F\ R$EO+A{l7nss-pem.git/nss/nss/cmd/bltest/tests/aes_ctr/plaintext10000664000000000000000000000010013252671167020357 0ustar k.@=~s*-WoEQ0F\ R$EO+A{l7nss-pem.git/nss/nss/cmd/bltest/tests/aes_ctr/plaintext20000664000000000000000000000010013252671167020360 0ustar k.@=~s*-WoEQ0F\ R$EO+A{l7nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/0000775000000000000000000000000013252671167016355 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/aes-cts-type-1-vectors.txt0000664000000000000000000000563513252671167023266 0ustar # Raeburn Standards Track [Page 12] # # RFC 3962 AES Encryption for Kerberos 5 February 2005 # # Some test vectors for CBC with ciphertext stealing, using an initial # vector of all-zero. # # Original Test vectors were for AES CTS-3 (Kerberos). These test vectors have been modified for AES CTS-1 (NIST) # Key: 63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69 IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Input: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 Output: 97 c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f Next IV: c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f Key: 63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69 IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Input: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 Output: 97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22 Next IV: fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22 Key: 63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69 IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Input: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 Output: 97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 Next IV: 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 Key: 63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69 IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Input: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c Output: 97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e Next IV: b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e Key: 63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69 IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Input: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20 Output: 97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8 Next IV: 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8 Key: 63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69 IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Input: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20 61 6e 64 20 77 6f 6e 74 6f 6e 20 73 6f 75 70 2e Output: 97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8 48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40 Next IV: 48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40 nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/aes_cts_0.txt0000664000000000000000000000045113252671167020756 0ustar Key: 63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69 IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Input: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 Output: 97 c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f Next IV: c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/aes_cts_1.txt0000664000000000000000000000057513252671167020766 0ustar Key: 63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69 IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Input: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 Output: 97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22 Next IV: fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22 nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/aes_cts_2.txt0000664000000000000000000000060313252671167020757 0ustar Key: 63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69 IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Input: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 Output: 97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 Next IV: 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/aes_cts_3.txt0000664000000000000000000000073513252671167020766 0ustar Key: 63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69 IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Input: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c Output: 97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e Next IV: b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/aes_cts_4.txt0000664000000000000000000000074313252671167020766 0ustar Key: 63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69 IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Input: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20 Output: 97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8 Next IV: 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8 nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/aes_cts_5.txt0000664000000000000000000000110313252671167020756 0ustar Key: 63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69 IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Input: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20 61 6e 64 20 77 6f 6e 74 6f 6e 20 73 6f 75 70 2e Output: 97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8 48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40 Next IV: 48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40 nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/ciphertext00000664000000000000000000000003213252671167020532 0ustar l8Y1NWjyv4y02KWANi2n/38= nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/ciphertext10000664000000000000000000000005613252671167020541 0ustar l2hyaNbszMDAeyXiXs/l/AB4Pg79ssHURdTI7/ftIg== nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/ciphertext20000664000000000000000000000005613252671167020542 0ustar l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9ag= nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/ciphertext30000664000000000000000000000010213252671167020533 0ustar l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9bP//ZQMFqGMG1VJ0vg4Ap4= nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/ciphertext40000664000000000000000000000010213252671167020534 0ustar l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9aidrYu7lsTNwDvBA+GhlLvY nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/ciphertext50000664000000000000000000000013413252671167020542 0ustar l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9aidrYu7lsTNwDvBA+GhlLvY SAfv6DbuiaUmcw28L3vIQA== nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/iv00000664000000000000000000000004213252671167016772 0ustar 55h򿌴إ6-nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/iv10000664000000000000000000000004213252671167016773 0ustar x>E"nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/iv20000664000000000000000000000004213252671167016774 0ustar 91%#bվ̘nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/iv30000664000000000000000000000004213252671167016775 0ustar  UI8nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/iv40000664000000000000000000000004213252671167016776 0ustar ;ᡔnss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/iv50000664000000000000000000000004213252671167016777 0ustar H6&s /{@nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/key00000664000000000000000000000002013252671167017140 0ustar chicken teriyakinss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/key10000664000000000000000000000002013252671167017141 0ustar chicken teriyakinss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/key20000664000000000000000000000002013252671167017142 0ustar chicken teriyakinss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/key30000664000000000000000000000002013252671167017143 0ustar chicken teriyakinss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/key40000664000000000000000000000002013252671167017144 0ustar chicken teriyakinss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/key50000664000000000000000000000002013252671167017145 0ustar chicken teriyakinss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/mktst.sh0000664000000000000000000000047413252671167020060 0ustar #!/bin/sh for i in 0 1 2 3 4 5 do file="aes_cts_$i.txt" grep "Key" $file | sed -e 's;Key:;;' | hex > key$i grep "IV" $file | sed -e 's;IV:;;' | hex > iv$i grep "Input" $file | sed -e 's;Input:;;' | hex > plaintext$i grep "Output" $file | sed -e 's;Output:;;' | hex | btoa > ciphertext$i done nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/numtests0000664000000000000000000000000213252671167020152 0ustar 6 nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/plaintext00000664000000000000000000000002113252671167020361 0ustar I would like the nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/plaintext10000664000000000000000000000003713252671167020371 0ustar I would like the General Gau's nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/plaintext20000664000000000000000000000004013252671167020364 0ustar I would like the General Gau's Cnss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/plaintext30000664000000000000000000000005713252671167020375 0ustar I would like the General Gau's Chicken, please,nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/plaintext40000664000000000000000000000006013252671167020370 0ustar I would like the General Gau's Chicken, please, nss-pem.git/nss/nss/cmd/bltest/tests/aes_cts/plaintext50000664000000000000000000000010013252671167020364 0ustar I would like the General Gau's Chicken, please, and wonton soup.nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/0000775000000000000000000000000013252671167016315 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/ciphertext00000664000000000000000000000003213252671167020472 0ustar PVuaCIiaKQhblgFCbVMTTg== nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/ciphertext10000664000000000000000000000003213252671167020473 0ustar AzZ2PpZtkllaVnzJzlN/Xg== nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/ciphertext20000664000000000000000000000003213252671167020474 0ustar qaFjG/SZaVTrwJOVeyNFiQ== nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/ciphertext30000664000000000000000000000003213252671167020475 0ustar J1z8BBPYzLcFE8OFmx0Pcg== nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/ciphertext40000664000000000000000000000003213252671167020476 0ustar ybgTX/G1rcQT39BTshvZbQ== nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/ciphertext50000664000000000000000000000003213252671167020477 0ustar XJ2ETtRvmIUIXl1qT5TH1w== nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/ciphertext60000664000000000000000000000003213252671167020500 0ustar qf91vXz2YT03Mcd8O20MBA== nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/key00000664000000000000000000000002113252671167017101 0ustar fedcba9876543210 nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/key10000664000000000000000000000002013252671167017101 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/key20000664000000000000000000000002013252671167017102 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/key30000664000000000000000000000003013252671167017104 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/key40000664000000000000000000000003013252671167017105 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/key50000664000000000000000000000004013252671167017107 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/key60000664000000000000000000000004013252671167017110 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/mktst.sh0000664000000000000000000000054213252671167020014 0ustar #!/bin/sh for i in 1 2 3 4 5 6 do file="test$i.txt" grep "KEY = " $file | sed -e 's;KEY = ;;' | hex > key$i grep "PLAINTEXT = " $file | sed -e 's;PLAINTEXT = ;;' | hex > plaintext$i grep "CIPHERTEXT = " $file | sed -e 's;CIPHERTEXT = ;;' | hex > ciphertext$i.bin btoa < ciphertext$i.bin > ciphertext$i rm ciphertext$i.bin done nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/numtests0000664000000000000000000000000213252671167020112 0ustar 7 nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/plaintext00000664000000000000000000000002113252671167020321 0ustar 0123456789abcdef nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/plaintext10000664000000000000000000000002013252671167020321 0ustar D<']snss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/plaintext20000664000000000000000000000002013252671167020322 0ustar d u"}Nrnss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/plaintext30000664000000000000000000000002013252671167020323 0ustar zj)xmu9nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/plaintext40000664000000000000000000000002013252671167020324 0ustar -BWdӚ#nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/plaintext50000664000000000000000000000002013252671167020325 0ustar G0 %& T}nss-pem.git/nss/nss/cmd/bltest/tests/aes_ecb/plaintext60000664000000000000000000000002013252671167020326 0ustar $6 #include #include int tohex(int c) { if ((c >= '0') && (c <= '9')) { return c - '0'; } if ((c >= 'a') && (c <= 'f')) { return c - 'a' + 10; } if ((c >= 'A') && (c <= 'F')) { return c - 'A' + 10; } return 0; } int isspace(int c) { if (c <= ' ') return 1; if (c == '\n') return 1; if (c == '\t') return 1; if (c == ':') return 1; if (c == ';') return 1; if (c == ',') return 1; return 0; } void verify_nibble(int nibble, int current) { if (nibble != 0) { fprintf(stderr, "count mismatch %d (nibbles=0x%x)\n", nibble, current); fflush(stderr); } } int main(int argc, char **argv) { int c; int current = 0; int nibble = 0; int skip = 0; if (argv[1]) { skip = atoi(argv[1]); } #define NIBBLE_COUNT 2 while ((c = getchar()) != EOF) { if (isspace(c)) { verify_nibble(nibble, current); continue; } if (skip) { skip--; continue; } current = current << 4 | tohex(c); nibble++; if (nibble == NIBBLE_COUNT) { putchar(current); nibble = 0; current = 0; } } return 0; } nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv00000664000000000000000000000001413252671167016746 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv10000664000000000000000000000001413252671167016747 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv100000664000000000000000000000001013252671167017023 0ustar ۭnss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv110000664000000000000000000000007413252671167017036 0ustar "]UZRijz8SO}ң(QV9BkRTjW7nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv120000664000000000000000000000001413252671167017031 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv130000664000000000000000000000001413252671167017032 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv140000664000000000000000000000001413252671167017033 0ustar ۭnss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv150000664000000000000000000000001413252671167017034 0ustar ۭnss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv160000664000000000000000000000001013252671167017031 0ustar ۭnss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv170000664000000000000000000000007413252671167017044 0ustar "]UZRijz8SO}ң(QV9BkRTjW7nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv20000664000000000000000000000001413252671167016750 0ustar ۭnss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv30000664000000000000000000000001413252671167016751 0ustar ۭnss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv40000664000000000000000000000001013252671167016746 0ustar ۭnss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv50000664000000000000000000000007413252671167016761 0ustar "]UZRijz8SO}ң(QV9BkRTjW7nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv60000664000000000000000000000001413252671167016754 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv70000664000000000000000000000001413252671167016755 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv80000664000000000000000000000001413252671167016756 0ustar ۭnss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/iv90000664000000000000000000000001413252671167016757 0ustar ۭnss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key00000664000000000000000000000002013252671167017115 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key10000664000000000000000000000002013252671167017116 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key100000664000000000000000000000003013252671167017177 0ustar 钆esmjg0钆esnss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key110000664000000000000000000000003013252671167017200 0ustar 钆esmjg0钆esnss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key120000664000000000000000000000004013252671167017202 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key130000664000000000000000000000004013252671167017203 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key140000664000000000000000000000004013252671167017204 0ustar 钆esmjg0钆esmjg0nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key150000664000000000000000000000004013252671167017205 0ustar 钆esmjg0钆esmjg0nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key160000664000000000000000000000004013252671167017206 0ustar 钆esmjg0钆esmjg0nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key170000664000000000000000000000004013252671167017207 0ustar 钆esmjg0钆esmjg0nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key20000664000000000000000000000002013252671167017117 0ustar 钆esmjg0nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key30000664000000000000000000000002013252671167017120 0ustar 钆esmjg0nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key40000664000000000000000000000002013252671167017121 0ustar 钆esmjg0nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key50000664000000000000000000000002013252671167017122 0ustar 钆esmjg0nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key60000664000000000000000000000003013252671167017124 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key70000664000000000000000000000003013252671167017125 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key80000664000000000000000000000003013252671167017126 0ustar 钆esmjg0钆esnss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/key90000664000000000000000000000003013252671167017127 0ustar 钆esmjg0钆esnss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/mktst.sh0000664000000000000000000000077213252671167020036 0ustar #!/bin/sh for i in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 do file="test$i.txt" grep K= $file | sed -e 's;K=;;' | hex > key$i grep IV= $file | sed -e 's;IV=;;' | hex > iv$i grep "C=" $file | sed -e 's;C=;;' | hex > ciphertext$i.bin grep "P=" $file | sed -e 's;P=;;' | hex > plaintext$i grep "A=" $file | sed -e 's;A=;;' | hex > aad$i grep "T=" $file | sed -e 's;T=;;' | hex >> ciphertext$i.bin btoa < ciphertext$i.bin > ciphertext$i rm ciphertext$i.bin done nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/numtests0000664000000000000000000000000313252671167020130 0ustar 18 nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext00000664000000000000000000000000013252671167020333 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext10000664000000000000000000000002013252671167020336 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext100000664000000000000000000000007413252671167020427 0ustar 12%Y ů&S4.L0=1r< h S/$I%j Wc{9nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext110000664000000000000000000000007413252671167020430 0ustar 12%Y ů&S4.L0=1r< h S/$I%j Wc{9nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext120000664000000000000000000000000013252671167020416 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext130000664000000000000000000000002013252671167020421 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext140000664000000000000000000000010013252671167020421 0ustar 12%Y ů&S4.L0=1r< h S/$I%j Wc{9Unss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext150000664000000000000000000000007413252671167020434 0ustar 12%Y ů&S4.L0=1r< h S/$I%j Wc{9nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext160000664000000000000000000000007413252671167020435 0ustar 12%Y ů&S4.L0=1r< h S/$I%j Wc{9nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext170000664000000000000000000000007413252671167020436 0ustar 12%Y ů&S4.L0=1r< h S/$I%j Wc{9nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext20000664000000000000000000000010013252671167020336 0ustar 12%Y ů&S4.L0=1r< h S/$I%j Wc{9Unss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext30000664000000000000000000000007413252671167020351 0ustar 12%Y ů&S4.L0=1r< h S/$I%j Wc{9nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext40000664000000000000000000000007413252671167020352 0ustar 12%Y ů&S4.L0=1r< h S/$I%j Wc{9nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext50000664000000000000000000000007413252671167020353 0ustar 12%Y ů&S4.L0=1r< h S/$I%j Wc{9nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext60000664000000000000000000000000013252671167020341 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext70000664000000000000000000000002013252671167020344 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext80000664000000000000000000000010013252671167020344 0ustar 12%Y ů&S4.L0=1r< h S/$I%j Wc{9Unss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/plaintext90000664000000000000000000000007413252671167020357 0ustar 12%Y ů&S4.L0=1r< h S/$I%j Wc{9nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test0.txt0000664000000000000000000000051313252671167020131 0ustar test="Test Case 1" K=00000000000000000000000000000000 P= IV=000000000000000000000000 H=66e94bd4ef8a2c3b884cfa59ca342b2e Y0=00000000000000000000000000000001 E(K,Y0)=58e2fccefa7e3061367f1d57a4e7455a len(A)||len(C)=00000000000000000000000000000000 GHASH(H,A,C)=00000000000000000000000000000000 C= T=58e2fccefa7e3061367f1d57a4e7455a nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test1.txt0000664000000000000000000000077213252671167020141 0ustar test="Test Case 2" K=00000000000000000000000000000000 P=00000000000000000000000000000000 IV=000000000000000000000000 H=66e94bd4ef8a2c3b884cfa59ca342b2e Y0=00000000000000000000000000000001 E(K,Y0)=58e2fccefa7e3061367f1d57a4e7455a Y1=00000000000000000000000000000002 E(K,Y1)=0388dace60b6a392f328c2b971b2fe78 X1 5e2ec746917062882c85b0685353deb7 len(A)||len(C)=00000000000000000000000000000080 GHASH(H,A,C)=f38cbb1ad69223dcc3457ae5b6b0f885 C=0388dace60b6a392f328c2b971b2fe78 T=ab6e47d42cec13bdf53a67b21257bddf nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test10.txt0000664000000000000000000000231713252671167020216 0ustar test="Test Case 11" K=feffe9928665731c6d6a8f9467308308feffe9928665731c P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=cafebabefacedbad H=466923ec9ae682214f2c082badb39249 N1=9473c07b02544299cf007c42c5778218 len({})||len(IV)=00000000000000000000000000000040 Y0=a14378078d27258a6292737e1802ada5 E(K,Y0)=7bb6d647c902427ce7cf26563a337371 X1=f3bf7ba3e305aeb05ed0d2e4fe076666 X2=20a51fa2302e9c01b87c48f2c3d91a56 Y1=a14378078d27258a6292737e1802ada6 E(K,Y1)=d621c7bc5690a7b1487dbaab8ac76b22 Y2=a14378078d27258a6292737e1802ada7 E(K,Y2)=43c1ca7de78f4495ad0b18324e61fa25 Y3=a14378078d27258a6292737e1802ada8 E(K,Y3)=e1e0254a0f2f1626e9aa4ff09d7c64ec Y4=a14378078d27258a6292737e1802ada9 E(K,Y4)=5850f4502486a1681a9319ce7d0afa59 X3=8bdedafd6ee8e529689de3a269b8240d X4=6607feb377b49c9ecdbc696344fe22d8 X5=8a19570a06500ba9405fcece4a73fb48 X6=8532826e63ce4a5b89b70fa28f8070fe len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=1e6a133806607858ee80eaf237064089 C=0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7 T=65dcc57fcf623a24094fcca40d3533f8 nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test11.txt0000664000000000000000000000264313252671167020221 0ustar test="Test Case 12" K=feffe9928665731c6d6a8f9467308308feffe9928665731c P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b H=466923ec9ae682214f2c082badb39249 N1=19aef0f04763b0c87903c5a217d5314f N2=62120253f79efc978625d1feb03b5b5b N3=b6ce2a84e366de900fa78a1653df77fb N4=374ecad90487f0bb261ba817447e022c len({})||len(IV)=000000000000000000000000000001e0 Y0=4505cdc367a054c5002820e96aebef27 E(K,Y0)=5ea3194f9dd012a3b9bc5103d6e0284d X1=f3bf7ba3e305aeb05ed0d2e4fe076666 X2=20a51fa2302e9c01b87c48f2c3d91a56 Y1=4505cdc367a054c5002820e96aebef28 E(K,Y1)=0b4fba4de46722d9ed691f9f2029df65 Y2=4505cdc367a054c5002820e96aebef29 E(K,Y2)=9b4e088bf380b03540bb87a5a257e437 Y3=4505cdc367a054c5002820e96aebef2a E(K,Y3)=9ddb9c873a5cd48acd3f397cd28f9896 Y4=4505cdc367a054c5002820e96aebef2b E(K,Y4)=5716ee92eff7c4b053d44c0294ea88cd X3=f70d61693ea7f53f08c866d6eedb1e4b X4=dc40bc9a181b35aed66488071ef282ae X5=85ffa424b87b35cac7be9c450f0d7aee X6=65233cbe5251f7d246bfc967a8678647 len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=82567fb0b4cc371801eadec005968e94 C=d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b T=dcf566ff291c25bbb8568fc3d376a6d9 nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test12.txt0000664000000000000000000000055213252671167020217 0ustar test="Test Case 13" K=0000000000000000000000000000000000000000000000000000000000000000 P= IV=000000000000000000000000 H=dc95c078a2408989ad48a21492842087 Y0=00000000000000000000000000000001 E(K,Y0)=530f8afbc74536b9a963b4f1c4cb738b len(A)||len(C)=00000000000000000000000000000000 GHASH(H,A,C)=00000000000000000000000000000000 C= T=530f8afbc74536b9a963b4f1c4cb738b nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test13.txt0000664000000000000000000000103313252671167020213 0ustar test="Test Case 14" K=0000000000000000000000000000000000000000000000000000000000000000 P=00000000000000000000000000000000 IV=000000000000000000000000 H=dc95c078a2408989ad48a21492842087 Y0=00000000000000000000000000000001 E(K,Y0)=530f8afbc74536b9a963b4f1c4cb738b Y1=00000000000000000000000000000002 E(K,Y1)=cea7403d4d606b6e074ec5d3baf39d18 X1=fd6ab7586e556dba06d69cfe6223b262 len(A)||len(C)=00000000000000000000000000000080 GHASH(H,A,C)=83de425c5edc5d498f382c441041ca92 C=cea7403d4d606b6e074ec5d3baf39d18 T=d0d1c8a799996bf0265b98b5d48ab919 nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test14.txt0000664000000000000000000000205613252671167020222 0ustar test="Test Case 15" K=feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 IV=cafebabefacedbaddecaf888 H=acbef20579b4b8ebce889bac8732dad7 Y0=cafebabefacedbaddecaf88800000001 E(K,Y0)=fd2caa16a5832e76aa132c1453eeda7e Y1=cafebabefacedbaddecaf88800000002 E(K,Y1)=8b1cf3d561d27be251263e66857164e7 Y2=cafebabefacedbaddecaf88800000003 E(K,Y2)=e29d258faad137135bd49280af645bd8 Y3=cafebabefacedbaddecaf88800000004 E(K,Y3)=908c82ddcc65b26e887f85341f243d1d Y4=cafebabefacedbaddecaf88800000005 E(K,Y4)=749cf39639b79c5d06aa8d5b932fc7f8 X1=fcbefb78635d598eddaf982310670f35 X2=29de812309d3116a6eff7ec844484f3e X3=45fad9deeda9ea561b8f199c3613845b X4=ed95f8e164bf3213febc740f0bd9c6af len(A)||len(C)=00000000000000000000000000000200 GHASH(H,A,C)=4db870d37cb75fcb46097c36230d1612 C=522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad T=b094dac5d93471bdec1a502270e3cc6c nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test15.txt0000664000000000000000000000222113252671167020215 0ustar test="Test Case 16" K=feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=cafebabefacedbaddecaf888 H=acbef20579b4b8ebce889bac8732dad7 Y0=cafebabefacedbaddecaf88800000001 E(K,Y0)=fd2caa16a5832e76aa132c1453eeda7e X1=5165d242c2592c0a6375e2622cf925d2 X2=8efa30ce83298b85fe71abefc0cdd01d Y1=cafebabefacedbaddecaf88800000002 E(K,Y1)=8b1cf3d561d27be251263e66857164e7 Y2=cafebabefacedbaddecaf88800000003 E(K,Y2)=e29d258faad137135bd49280af645bd8 Y3=cafebabefacedbaddecaf88800000004 E(K,Y3)=908c82ddcc65b26e887f85341f243d1d Y4=cafebabefacedbaddecaf88800000005 E(K,Y4)=749cf39639b79c5d06aa8d5b932fc7f8 X3=abe07e0bb62354177480b550f9f6cdcc X4=3978e4f141b95f3b4699756b1c3c2082 X5=8abf3c48901debe76837d8a05c7d6e87 X6=9249beaf520c48b912fa120bbf391dc8 len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=8bd0c4d8aacd391e67cca447e8c38f65 C=522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662 T=76fc6ece0f4e1768cddf8853bb2d551b nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test16.txt0000664000000000000000000000233713252671167020226 0ustar test="Test Case 17" K=feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=cafebabefacedbad H=acbef20579b4b8ebce889bac8732dad7 N1=90c22e3d2aca34b971e8bd09708fae5c len({})||len(IV)=00000000000000000000000000000040 Y0=0095df49dd90abe3e4d252475748f5d4 E(K,Y0)=4f903f37fe611d454217fbfa5cd7d791 X1=5165d242c2592c0a6375e2622cf925d2 X2=8efa30ce83298b85fe71abefc0cdd01d Y1=0095df49dd90abe3e4d252475748f5d5 E(K,Y1)=1a471fd432fc7bd70b1ec8fe5e6d6251 Y2=0095df49dd90abe3e4d252475748f5d6 E(K,Y2)=29bd481e1ea39d20eb63c7ea118b1792 Y3=0095df49dd90abe3e4d252475748f5d7 E(K,Y3)=e2898e46ac5cada3ba83cc1272618a5d Y4=0095df49dd90abe3e4d252475748f5d8 E(K,Y4)=d3c6aefbcea602ce4e1fe026065447bf X3=55e1ff68f9249e64b95223858e5cb936 X4=cef1c034383dc96f733aaa4c99bd3e61 X5=68588d004fd468f5854515039b08165d X6=2378943c034697f72a80fce5059bf3f3 len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=75a34288b8c68f811c52b2e9a2f97f63 C=c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f T=3a337dbf46a792c45e454913fe2ea8f2 nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test17.txt0000664000000000000000000000266313252671167020231 0ustar test="Test Case 18" K=feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b H=acbef20579b4b8ebce889bac8732dad7 N1=0bfe66e2032f195516379f5fb710f987 N2=f0631554d11409915feec8f9f5102aba N3=749b90dda19a1557fd9e9fd31fed1d14 N4=7a6a833f260d848793b327cb07d1b190 len({})||len(IV)=000000000000000000000000000001e0 Y0=0cd953e2140a5976079f8e2406bc8eb4 E(K,Y0)=71b54d092bb0c3d9ba94538d4096e691 X1=5165d242c2592c0a6375e2622cf925d2 X2=8efa30ce83298b85fe71abefc0cdd01d Y1=0cd953e2140a5976079f8e2406bc8eb5 E(K,Y1)=83bcdd0af41a551452047196ca6b0cba Y2=0cd953e2140a5976079f8e2406bc8eb6 E(K,Y2)=68151b79baea93c38e149b72e545e186 Y3=0cd953e2140a5976079f8e2406bc8eb7 E(K,Y3)=13fccf22159a4d16026ce5d58c7e99fb Y4=0cd953e2140a5976079f8e2406bc8eb8 E(K,Y4)=132b64628a031e79fecd050675a64f07 X3=e963941cfa8c417bdaa3b3d94ab4e905 X4=2178d7f836e5fa105ce0fdf0fc8f0654 X5=bac14eeba3216f966b3e7e011475b832 X6=cc9ae9175729a649936e890bd971a8bf len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=d5ffcf6fc5ac4d69722187421a7f170b C=5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f T=a44a8266ee1c8eb0c8b5d4cf5ae9f19a nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test2.txt0000664000000000000000000000201513252671167020132 0ustar test="Test Case 3" K=feffe9928665731c6d6a8f9467308308 P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 IV=cafebabefacedbaddecaf888 H=b83b533708bf535d0aa6e52980d53b78 Y0=cafebabefacedbaddecaf88800000001 E(K,Y0)=3247184b3c4f69a44dbcd22887bbb418 Y1=cafebabefacedbaddecaf88800000002 E(K,Y1)=9bb22ce7d9f372c1ee2b28722b25f206 Y2=cafebabefacedbaddecaf88800000003 E(K,Y2)=650d887c3936533a1b8d4e1ea39d2b5c Y3=cafebabefacedbaddecaf88800000004 E(K,Y3)=3de91827c10e9a4f5240647ee5221f20 Y4=cafebabefacedbaddecaf88800000005 E(K,Y4)=aac9e6ccc0074ac0873b9ba85d908bd0 X1=59ed3f2bb1a0aaa07c9f56c6a504647b X2=b714c9048389afd9f9bc5c1d4378e052 X3=47400c6577b1ee8d8f40b2721e86ff10 X4=4796cf49464704b5dd91f159bb1b7f95 len(A)||len(C)=00000000000000000000000000000200 GHASH(H,A,C)=7f1b32b81b820d02614f8895ac1d4eac C=42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985 T=4d5c2af327cd64a62cf35abd2ba6fab4 nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test3.txt0000664000000000000000000000216013252671167020134 0ustar test="Test Case 4" K=feffe9928665731c6d6a8f9467308308 P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=cafebabefacedbaddecaf888 H=b83b533708bf535d0aa6e52980d53b78 Y0=cafebabefacedbaddecaf88800000001 E(K,Y0)=3247184b3c4f69a44dbcd22887bbb418 X1=ed56aaf8a72d67049fdb9228edba1322 X2=cd47221ccef0554ee4bb044c88150352 Y1=cafebabefacedbaddecaf88800000002 E(K,Y1)=9bb22ce7d9f372c1ee2b28722b25f206 Y2=cafebabefacedbaddecaf88800000003 E(K,Y2)=650d887c3936533a1b8d4e1ea39d2b5c Y3=cafebabefacedbaddecaf88800000004 E(K,Y3)=3de91827c10e9a4f5240647ee5221f20 Y4=cafebabefacedbaddecaf88800000005 E(K,Y4)=aac9e6ccc0074ac0873b9ba85d908bd0 X3=54f5e1b2b5a8f9525c23924751a3ca51 X4=324f585c6ffc1359ab371565d6c45f93 X5=ca7dd446af4aa70cc3c0cd5abba6aa1c X6=1590df9b2eb6768289e57d56274c8570 len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=698e57f70e6ecc7fd9463b7260a9ae5f C=42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091 T=5bc94fbc3221a5db94fae95ae7121a47 nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test4.txt0000664000000000000000000000227513252671167020144 0ustar test="Test Case 5" K=feffe9928665731c6d6a8f9467308308 P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=cafebabefacedbad H=b83b533708bf535d0aa6e52980d53b78 N1=6f288b846e5fed9a18376829c86a6a16 len({})||len(C)=00000000000000000000000000000040 Y0=c43a83c4c4badec4354ca984db252f7d E(K,Y0)=e94ab9535c72bea9e089c93d48e62fb0 X1=ed56aaf8a72d67049fdb9228edba1322 X2=cd47221ccef0554ee4bb044c88150352 Y1=c43a83c4c4badec4354ca984db252f7e E(K,Y1)=b8040969d08295afd226fcda0ddf61cf Y2=c43a83c4c4badec4354ca984db252f7f E(K,Y2)=ef3c83225af93122192ad5c4f15dfe51 Y3=c43a83c4c4badec4354ca984db252f80 E(K,Y3)=6fbc659571f72de104c67b609d2fde67 Y4=c43a83c4c4badec4354ca984db252f81 E(K,Y4)=f8e3581441a1e950785c3ea1430c6fa6 X3=9379e2feae14649c86cf2250e3a81916 X4=65dde904c92a6b3db877c4817b50a5f4 X5=48c53cf863b49a1b0bbfc48c3baaa89d X6=08c873f1c8cec3effc209a07468caab1 len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=df586bb4c249b92cb6922877e444d37b C=61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598 T=3612d2e79e3b0785561be14aaca2fccb nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test5.txt0000664000000000000000000000261213252671167020140 0ustar test="Test Case 6" K=feffe9928665731c6d6a8f9467308308 P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b H=b83b533708bf535d0aa6e52980d53b78 N1=004d6599d7fb1634756e1e299d81630f N2=88ffe8a3c8033df4b54d732f7f88408e N3=24e694cfab657beabba8055aad495e23 N4=d8349a5eda24943c8fbb2ef5168b20cb len({})||len(IV)=000000000000000000000000000001e0 Y0=3bab75780a31c059f83d2a44752f9864 7dc63b399f2d98d57ab073b6baa4138e X1=ed56aaf8a72d67049fdb9228edba1322 X2=cd47221ccef0554ee4bb044c88150352 Y1=3bab75780a31c059f83d2a44752f9865 E(K,Y1)=55d37bbd9ad21353a6f93a690eca9e0e Y2=3bab75780a31c059f83d2a44752f9866 E(K,Y2)=3836bbf6d696e672946a1a01404fa6d5 Y3=3bab75780a31c059f83d2a44752f9867 E(K,Y3)=1dd8a5316ecc35c3e313bca59d2ac94a Y4=3bab75780a31c059f83d2a44752f9868 E(K,Y4)=6742982706a9f154f657d5dc94b746db X3=31727669c63c6f078b5d22adbbbca384 X4=480c00db2679065a7ed2f771a53acacd X5=1c1ae3c355e2214466a9923d2ba6ab35 X6=0694c6f16bb0275a48891d06590344b0 len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=1c5afe9760d3932f3c9a878aac3dc3de C=8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5 T=619cc5aefffe0bfa462af43c1699d050 nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test6.txt0000664000000000000000000000053113252671167020137 0ustar test="Test Case 7" K=000000000000000000000000000000000000000000000000 P= IV=000000000000000000000000 H=aae06992acbf52a3e8f4a96ec9300bd7 Y0=00000000000000000000000000000001 E(K,Y0)=cd33b28ac773f74ba00ed1f312572435 len(A)||len(C)=00000000000000000000000000000000 GHASH(H,A,C)=00000000000000000000000000000000 C= T=cd33b28ac773f74ba00ed1f312572435 nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test7.txt0000664000000000000000000000101213252671167020133 0ustar test="Test Case 8" K=000000000000000000000000000000000000000000000000 P=00000000000000000000000000000000 IV=000000000000000000000000 H=aae06992acbf52a3e8f4a96ec9300bd7 Y0=00000000000000000000000000000001 E(K,Y0)=cd33b28ac773f74ba00ed1f312572435 Y1=00000000000000000000000000000002 E(K,Y1)=98e7247c07f0fe411c267e4384b0f600 X1=90e87315fb7d4e1b4092ec0cbfda5d7d len(A)||len(C)=00000000000000000000000000000080 GHASH(H,A,C)=e2c63f0ac44ad0e02efa05ab6743d4ce C=98e7247c07f0fe411c267e4384b0f600 T=2ff58d80033927ab8ef4d4587514f0fb nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test8.txt0000664000000000000000000000203513252671167020142 0ustar test="Test Case 9" K=feffe9928665731c6d6a8f9467308308feffe9928665731c P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 IV=cafebabefacedbaddecaf888 H=466923ec9ae682214f2c082badb39249 Y0=cafebabefacedbaddecaf88800000001 E(K,Y0)=c835aa88aebbc94f5a02e179fdcfc3e4 Y1=cafebabefacedbaddecaf88800000002 E(K,Y1)=e0b1f82ec484eea44e5ff30128df01cd Y2=cafebabefacedbaddecaf88800000003 E(K,Y2)=0339b5b9b3db2e5e4cc9a38986906bee Y3=cafebabefacedbaddecaf88800000004 E(K,Y3)=614b3195542ccc7683ae933c81ec8a62 Y4=cafebabefacedbaddecaf88800000005 E(K,Y4)=a988a97e85eec28e76b95c29b6023003 X1=dddca3f91c17821ffac4a6d0fed176f7 X2=a4e84ac60e2730f4a7e0e1eef708b198 X3=e67592048dd7153973a0dbbb8804bee2 X4=503e86628536625fb746ce3cecea433f len(A)||len(C)=00000000000000000000000000000200 GHASH(H,A,C)=51110d40f6c8fff0eb1ae33445a889f0 C=3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256 T=9924a7c8587336bfb118024db8674a14 nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test9.txt0000664000000000000000000000220113252671167020136 0ustar test="Test Case 10" K=feffe9928665731c6d6a8f9467308308feffe9928665731c P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=cafebabefacedbaddecaf888 H=466923ec9ae682214f2c082badb39249 Y0=cafebabefacedbaddecaf88800000001 E(K,Y0)=c835aa88aebbc94f5a02e179fdcfc3e4 X1=f3bf7ba3e305aeb05ed0d2e4fe076666 X2=20a51fa2302e9c01b87c48f2c3d91a56 Y1=cafebabefacedbaddecaf88800000002 E(K,Y1)=e0b1f82ec484eea44e5ff30128df01cd Y2=cafebabefacedbaddecaf88800000003 E(K,Y2)=0339b5b9b3db2e5e4cc9a38986906bee Y3=cafebabefacedbaddecaf88800000004 E(K,Y3)=614b3195542ccc7683ae933c81ec8a62 Y4=cafebabefacedbaddecaf88800000005 E(K,Y4)=a988a97e85eec28e76b95c29b6023003 X3=714f9700ddf520f20695f6180c6e669d X4=e858680b7b240d2ecf7e06bbad4524e2 X5=3f4865abd6bb3fb9f5c4a816f0a9b778 X6=4256f67fe87b4f49422ba11af857c973 len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=ed2ce3062e4a8ec06db8b4c490e8a268 C=3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710 T=2519498e80f1478f37ba55bd6d27618c nss-pem.git/nss/nss/cmd/bltest/tests/aes_gcm/test_source.txt0000664000000000000000000004343513252671167021443 0ustar # AppendixB AES Test Vectors # From "The Galois/Counter Mode of Operation (GCM)", David A McGree & John Viega, # http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf # # This appendix contains test cases for AES GCM, with AES key sizes of 128, 192, and 256 bits. These # cases use the same notation as in Equations 1 and 2, with the exception that Ni is used in place of # Xi when GHASH is used to compute Y0 , in order to distinguish that case from the later invocation # of GHASH. All values are in hexadecimal, and a zero-length variable is indicated by the absence # of any hex digits. Each line consists of 128 bits of data, and variables whose lengths exceed that # value are continued on successive lines. The leftmost hex digit corresponds to the leftmost four # bits of the variable. For example, the lowest 128 bits of the field polynomial are represented as # e100000000000000000000000000000000. # test="Test Case 1" K=00000000000000000000000000000000 P= IV=000000000000000000000000 H=66e94bd4ef8a2c3b884cfa59ca342b2e Y0=00000000000000000000000000000001 E(K,Y0)=58e2fccefa7e3061367f1d57a4e7455a len(A)||len(C)=00000000000000000000000000000000 GHASH(H,A,C)=00000000000000000000000000000000 C= T=58e2fccefa7e3061367f1d57a4e7455a test="Test Case 2" K=00000000000000000000000000000000 P=00000000000000000000000000000000 IV=000000000000000000000000 H=66e94bd4ef8a2c3b884cfa59ca342b2e Y0=00000000000000000000000000000001 E(K,Y0)=58e2fccefa7e3061367f1d57a4e7455a Y1=00000000000000000000000000000002 E(K,Y1)=0388dace60b6a392f328c2b971b2fe78 X1 5e2ec746917062882c85b0685353deb7 len(A)||len(C)=00000000000000000000000000000080 GHASH(H,A,C)=f38cbb1ad69223dcc3457ae5b6b0f885 C=0388dace60b6a392f328c2b971b2fe78 T=ab6e47d42cec13bdf53a67b21257bddf test="Test Case 3" K=feffe9928665731c6d6a8f9467308308 P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 IV=cafebabefacedbaddecaf888 H=b83b533708bf535d0aa6e52980d53b78 Y0=cafebabefacedbaddecaf88800000001 E(K,Y0)=3247184b3c4f69a44dbcd22887bbb418 Y1=cafebabefacedbaddecaf88800000002 E(K,Y1)=9bb22ce7d9f372c1ee2b28722b25f206 Y2=cafebabefacedbaddecaf88800000003 E(K,Y2)=650d887c3936533a1b8d4e1ea39d2b5c Y3=cafebabefacedbaddecaf88800000004 E(K,Y3)=3de91827c10e9a4f5240647ee5221f20 Y4=cafebabefacedbaddecaf88800000005 E(K,Y4)=aac9e6ccc0074ac0873b9ba85d908bd0 X1=59ed3f2bb1a0aaa07c9f56c6a504647b X2=b714c9048389afd9f9bc5c1d4378e052 X3=47400c6577b1ee8d8f40b2721e86ff10 X4=4796cf49464704b5dd91f159bb1b7f95 len(A)||len(C)=00000000000000000000000000000200 GHASH(H,A,C)=7f1b32b81b820d02614f8895ac1d4eac C=42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985 T=4d5c2af327cd64a62cf35abd2ba6fab4 test="Test Case 4" K=feffe9928665731c6d6a8f9467308308 P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=cafebabefacedbaddecaf888 H=b83b533708bf535d0aa6e52980d53b78 Y0=cafebabefacedbaddecaf88800000001 E(K,Y0)=3247184b3c4f69a44dbcd22887bbb418 X1=ed56aaf8a72d67049fdb9228edba1322 X2=cd47221ccef0554ee4bb044c88150352 Y1=cafebabefacedbaddecaf88800000002 E(K,Y1)=9bb22ce7d9f372c1ee2b28722b25f206 Y2=cafebabefacedbaddecaf88800000003 E(K,Y2)=650d887c3936533a1b8d4e1ea39d2b5c Y3=cafebabefacedbaddecaf88800000004 E(K,Y3)=3de91827c10e9a4f5240647ee5221f20 Y4=cafebabefacedbaddecaf88800000005 E(K,Y4)=aac9e6ccc0074ac0873b9ba85d908bd0 X3=54f5e1b2b5a8f9525c23924751a3ca51 X4=324f585c6ffc1359ab371565d6c45f93 X5=ca7dd446af4aa70cc3c0cd5abba6aa1c X6=1590df9b2eb6768289e57d56274c8570 len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=698e57f70e6ecc7fd9463b7260a9ae5f C=42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091 T=5bc94fbc3221a5db94fae95ae7121a47 test="Test Case 5" K=feffe9928665731c6d6a8f9467308308 P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=cafebabefacedbad H=b83b533708bf535d0aa6e52980d53b78 N1=6f288b846e5fed9a18376829c86a6a16 len({})||len(C)=00000000000000000000000000000040 Y0=c43a83c4c4badec4354ca984db252f7d E(K,Y0)=e94ab9535c72bea9e089c93d48e62fb0 X1=ed56aaf8a72d67049fdb9228edba1322 X2=cd47221ccef0554ee4bb044c88150352 Y1=c43a83c4c4badec4354ca984db252f7e E(K,Y1)=b8040969d08295afd226fcda0ddf61cf Y2=c43a83c4c4badec4354ca984db252f7f E(K,Y2)=ef3c83225af93122192ad5c4f15dfe51 Y3=c43a83c4c4badec4354ca984db252f80 E(K,Y3)=6fbc659571f72de104c67b609d2fde67 Y4=c43a83c4c4badec4354ca984db252f81 E(K,Y4)=f8e3581441a1e950785c3ea1430c6fa6 X3=9379e2feae14649c86cf2250e3a81916 X4=65dde904c92a6b3db877c4817b50a5f4 X5=48c53cf863b49a1b0bbfc48c3baaa89d X6=08c873f1c8cec3effc209a07468caab1 len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=df586bb4c249b92cb6922877e444d37b C=61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598 T=3612d2e79e3b0785561be14aaca2fccb test="Test Case 6" K=feffe9928665731c6d6a8f9467308308 P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b H=b83b533708bf535d0aa6e52980d53b78 N1=004d6599d7fb1634756e1e299d81630f N2=88ffe8a3c8033df4b54d732f7f88408e N3=24e694cfab657beabba8055aad495e23 N4=d8349a5eda24943c8fbb2ef5168b20cb len({})||len(IV)=000000000000000000000000000001e0 Y0=3bab75780a31c059f83d2a44752f9864 7dc63b399f2d98d57ab073b6baa4138e X1=ed56aaf8a72d67049fdb9228edba1322 X2=cd47221ccef0554ee4bb044c88150352 Y1=3bab75780a31c059f83d2a44752f9865 E(K,Y1)=55d37bbd9ad21353a6f93a690eca9e0e Y2=3bab75780a31c059f83d2a44752f9866 E(K,Y2)=3836bbf6d696e672946a1a01404fa6d5 Y3=3bab75780a31c059f83d2a44752f9867 E(K,Y3)=1dd8a5316ecc35c3e313bca59d2ac94a Y4=3bab75780a31c059f83d2a44752f9868 E(K,Y4)=6742982706a9f154f657d5dc94b746db X3=31727669c63c6f078b5d22adbbbca384 X4=480c00db2679065a7ed2f771a53acacd X5=1c1ae3c355e2214466a9923d2ba6ab35 X6=0694c6f16bb0275a48891d06590344b0 len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=1c5afe9760d3932f3c9a878aac3dc3de C=8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5 T=619cc5aefffe0bfa462af43c1699d050 test="Test Case 7" K=000000000000000000000000000000000000000000000000 P= IV=000000000000000000000000 H=aae06992acbf52a3e8f4a96ec9300bd7 Y0=00000000000000000000000000000001 E(K,Y0)=cd33b28ac773f74ba00ed1f312572435 len(A)||len(C)=00000000000000000000000000000000 GHASH(H,A,C)=00000000000000000000000000000000 C= T=cd33b28ac773f74ba00ed1f312572435 test="Test Case 8" K=000000000000000000000000000000000000000000000000 P=00000000000000000000000000000000 IV=000000000000000000000000 H=aae06992acbf52a3e8f4a96ec9300bd7 Y0=00000000000000000000000000000001 E(K,Y0)=cd33b28ac773f74ba00ed1f312572435 Y1=00000000000000000000000000000002 E(K,Y1)=98e7247c07f0fe411c267e4384b0f600 X1=90e87315fb7d4e1b4092ec0cbfda5d7d len(A)||len(C)=00000000000000000000000000000080 GHASH(H,A,C)=e2c63f0ac44ad0e02efa05ab6743d4ce C=98e7247c07f0fe411c267e4384b0f600 T=2ff58d80033927ab8ef4d4587514f0fb test="Test Case 9" K=feffe9928665731c6d6a8f9467308308feffe9928665731c P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 IV=cafebabefacedbaddecaf888 H=466923ec9ae682214f2c082badb39249 Y0=cafebabefacedbaddecaf88800000001 E(K,Y0)=c835aa88aebbc94f5a02e179fdcfc3e4 Y1=cafebabefacedbaddecaf88800000002 E(K,Y1)=e0b1f82ec484eea44e5ff30128df01cd Y2=cafebabefacedbaddecaf88800000003 E(K,Y2)=0339b5b9b3db2e5e4cc9a38986906bee Y3=cafebabefacedbaddecaf88800000004 E(K,Y3)=614b3195542ccc7683ae933c81ec8a62 Y4=cafebabefacedbaddecaf88800000005 E(K,Y4)=a988a97e85eec28e76b95c29b6023003 X1=dddca3f91c17821ffac4a6d0fed176f7 X2=a4e84ac60e2730f4a7e0e1eef708b198 X3=e67592048dd7153973a0dbbb8804bee2 X4=503e86628536625fb746ce3cecea433f len(A)||len(C)=00000000000000000000000000000200 GHASH(H,A,C)=51110d40f6c8fff0eb1ae33445a889f0 C=3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256 T=9924a7c8587336bfb118024db8674a14 test="Test Case 10" K=feffe9928665731c6d6a8f9467308308feffe9928665731c P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=cafebabefacedbaddecaf888 H=466923ec9ae682214f2c082badb39249 Y0=cafebabefacedbaddecaf88800000001 E(K,Y0)=c835aa88aebbc94f5a02e179fdcfc3e4 X1=f3bf7ba3e305aeb05ed0d2e4fe076666 X2=20a51fa2302e9c01b87c48f2c3d91a56 Y1=cafebabefacedbaddecaf88800000002 E(K,Y1)=e0b1f82ec484eea44e5ff30128df01cd Y2=cafebabefacedbaddecaf88800000003 E(K,Y2)=0339b5b9b3db2e5e4cc9a38986906bee Y3=cafebabefacedbaddecaf88800000004 E(K,Y3)=614b3195542ccc7683ae933c81ec8a62 Y4=cafebabefacedbaddecaf88800000005 E(K,Y4)=a988a97e85eec28e76b95c29b6023003 X3=714f9700ddf520f20695f6180c6e669d X4=e858680b7b240d2ecf7e06bbad4524e2 X5=3f4865abd6bb3fb9f5c4a816f0a9b778 X6=4256f67fe87b4f49422ba11af857c973 len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=ed2ce3062e4a8ec06db8b4c490e8a268 C=3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710 T=2519498e80f1478f37ba55bd6d27618c test="Test Case 11" K=feffe9928665731c6d6a8f9467308308feffe9928665731c P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=cafebabefacedbad H=466923ec9ae682214f2c082badb39249 N1=9473c07b02544299cf007c42c5778218 len({})||len(IV)=00000000000000000000000000000040 Y0=a14378078d27258a6292737e1802ada5 E(K,Y0)=7bb6d647c902427ce7cf26563a337371 X1=f3bf7ba3e305aeb05ed0d2e4fe076666 X2=20a51fa2302e9c01b87c48f2c3d91a56 Y1=a14378078d27258a6292737e1802ada6 E(K,Y1)=d621c7bc5690a7b1487dbaab8ac76b22 Y2=a14378078d27258a6292737e1802ada7 E(K,Y2)=43c1ca7de78f4495ad0b18324e61fa25 Y3=a14378078d27258a6292737e1802ada8 E(K,Y3)=e1e0254a0f2f1626e9aa4ff09d7c64ec Y4=a14378078d27258a6292737e1802ada9 E(K,Y4)=5850f4502486a1681a9319ce7d0afa59 X3=8bdedafd6ee8e529689de3a269b8240d X4=6607feb377b49c9ecdbc696344fe22d8 X5=8a19570a06500ba9405fcece4a73fb48 X6=8532826e63ce4a5b89b70fa28f8070fe len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=1e6a133806607858ee80eaf237064089 C=0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7 T=65dcc57fcf623a24094fcca40d3533f8 test="Test Case 12" K=feffe9928665731c6d6a8f9467308308feffe9928665731c P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b H=466923ec9ae682214f2c082badb39249 N1=19aef0f04763b0c87903c5a217d5314f N2=62120253f79efc978625d1feb03b5b5b N3=b6ce2a84e366de900fa78a1653df77fb N4=374ecad90487f0bb261ba817447e022c len({})||len(IV)=000000000000000000000000000001e0 Y0=4505cdc367a054c5002820e96aebef27 E(K,Y0)=5ea3194f9dd012a3b9bc5103d6e0284d X1=f3bf7ba3e305aeb05ed0d2e4fe076666 X2=20a51fa2302e9c01b87c48f2c3d91a56 Y1=4505cdc367a054c5002820e96aebef28 E(K,Y1)=0b4fba4de46722d9ed691f9f2029df65 Y2=4505cdc367a054c5002820e96aebef29 E(K,Y2)=9b4e088bf380b03540bb87a5a257e437 Y3=4505cdc367a054c5002820e96aebef2a E(K,Y3)=9ddb9c873a5cd48acd3f397cd28f9896 Y4=4505cdc367a054c5002820e96aebef2b E(K,Y4)=5716ee92eff7c4b053d44c0294ea88cd X3=f70d61693ea7f53f08c866d6eedb1e4b X4=dc40bc9a181b35aed66488071ef282ae X5=85ffa424b87b35cac7be9c450f0d7aee X6=65233cbe5251f7d246bfc967a8678647 len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=82567fb0b4cc371801eadec005968e94 C=d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b T=dcf566ff291c25bbb8568fc3d376a6d9 test="Test Case 13" K=0000000000000000000000000000000000000000000000000000000000000000 P= IV=000000000000000000000000 H=dc95c078a2408989ad48a21492842087 Y0=00000000000000000000000000000001 E(K,Y0)=530f8afbc74536b9a963b4f1c4cb738b len(A)||len(C)=00000000000000000000000000000000 GHASH(H,A,C)=00000000000000000000000000000000 C= T=530f8afbc74536b9a963b4f1c4cb738b test="Test Case 14" K=0000000000000000000000000000000000000000000000000000000000000000 P=00000000000000000000000000000000 IV=000000000000000000000000 H=dc95c078a2408989ad48a21492842087 Y0=00000000000000000000000000000001 E(K,Y0)=530f8afbc74536b9a963b4f1c4cb738b Y1=00000000000000000000000000000002 E(K,Y1)=cea7403d4d606b6e074ec5d3baf39d18 X1=fd6ab7586e556dba06d69cfe6223b262 len(A)||len(C)=00000000000000000000000000000080 GHASH(H,A,C)=83de425c5edc5d498f382c441041ca92 C=cea7403d4d606b6e074ec5d3baf39d18 T=d0d1c8a799996bf0265b98b5d48ab919 test="Test Case 15" K=feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 IV=cafebabefacedbaddecaf888 H=acbef20579b4b8ebce889bac8732dad7 Y0=cafebabefacedbaddecaf88800000001 E(K,Y0)=fd2caa16a5832e76aa132c1453eeda7e Y1=cafebabefacedbaddecaf88800000002 E(K,Y1)=8b1cf3d561d27be251263e66857164e7 Y2=cafebabefacedbaddecaf88800000003 E(K,Y2)=e29d258faad137135bd49280af645bd8 Y3=cafebabefacedbaddecaf88800000004 E(K,Y3)=908c82ddcc65b26e887f85341f243d1d Y4=cafebabefacedbaddecaf88800000005 E(K,Y4)=749cf39639b79c5d06aa8d5b932fc7f8 X1=fcbefb78635d598eddaf982310670f35 X2=29de812309d3116a6eff7ec844484f3e X3=45fad9deeda9ea561b8f199c3613845b X4=ed95f8e164bf3213febc740f0bd9c6af len(A)||len(C)=00000000000000000000000000000200 GHASH(H,A,C)=4db870d37cb75fcb46097c36230d1612 C=522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad T=b094dac5d93471bdec1a502270e3cc6c test="Test Case 16" K=feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=cafebabefacedbaddecaf888 H=acbef20579b4b8ebce889bac8732dad7 Y0=cafebabefacedbaddecaf88800000001 E(K,Y0)=fd2caa16a5832e76aa132c1453eeda7e X1=5165d242c2592c0a6375e2622cf925d2 X2=8efa30ce83298b85fe71abefc0cdd01d Y1=cafebabefacedbaddecaf88800000002 E(K,Y1)=8b1cf3d561d27be251263e66857164e7 Y2=cafebabefacedbaddecaf88800000003 E(K,Y2)=e29d258faad137135bd49280af645bd8 Y3=cafebabefacedbaddecaf88800000004 E(K,Y3)=908c82ddcc65b26e887f85341f243d1d Y4=cafebabefacedbaddecaf88800000005 E(K,Y4)=749cf39639b79c5d06aa8d5b932fc7f8 X3=abe07e0bb62354177480b550f9f6cdcc X4=3978e4f141b95f3b4699756b1c3c2082 X5=8abf3c48901debe76837d8a05c7d6e87 X6=9249beaf520c48b912fa120bbf391dc8 len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=8bd0c4d8aacd391e67cca447e8c38f65 C=522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662 T=76fc6ece0f4e1768cddf8853bb2d551b test="Test Case 17" K=feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=cafebabefacedbad H=acbef20579b4b8ebce889bac8732dad7 N1=90c22e3d2aca34b971e8bd09708fae5c len({})||len(IV)=00000000000000000000000000000040 Y0=0095df49dd90abe3e4d252475748f5d4 E(K,Y0)=4f903f37fe611d454217fbfa5cd7d791 X1=5165d242c2592c0a6375e2622cf925d2 X2=8efa30ce83298b85fe71abefc0cdd01d Y1=0095df49dd90abe3e4d252475748f5d5 E(K,Y1)=1a471fd432fc7bd70b1ec8fe5e6d6251 Y2=0095df49dd90abe3e4d252475748f5d6 E(K,Y2)=29bd481e1ea39d20eb63c7ea118b1792 Y3=0095df49dd90abe3e4d252475748f5d7 E(K,Y3)=e2898e46ac5cada3ba83cc1272618a5d Y4=0095df49dd90abe3e4d252475748f5d8 E(K,Y4)=d3c6aefbcea602ce4e1fe026065447bf X3=55e1ff68f9249e64b95223858e5cb936 X4=cef1c034383dc96f733aaa4c99bd3e61 X5=68588d004fd468f5854515039b08165d X6=2378943c034697f72a80fce5059bf3f3 len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=75a34288b8c68f811c52b2e9a2f97f63 C=c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f T=3a337dbf46a792c45e454913fe2ea8f2 test="Test Case 18" K=feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 A=feedfacedeadbeeffeedfacedeadbeefabaddad2 IV=9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b H=acbef20579b4b8ebce889bac8732dad7 N1=0bfe66e2032f195516379f5fb710f987 N2=f0631554d11409915feec8f9f5102aba N3=749b90dda19a1557fd9e9fd31fed1d14 N4=7a6a833f260d848793b327cb07d1b190 len({})||len(IV)=000000000000000000000000000001e0 Y0=0cd953e2140a5976079f8e2406bc8eb4 E(K,Y0)=71b54d092bb0c3d9ba94538d4096e691 X1=5165d242c2592c0a6375e2622cf925d2 X2=8efa30ce83298b85fe71abefc0cdd01d Y1=0cd953e2140a5976079f8e2406bc8eb5 E(K,Y1)=83bcdd0af41a551452047196ca6b0cba Y2=0cd953e2140a5976079f8e2406bc8eb6 E(K,Y2)=68151b79baea93c38e149b72e545e186 Y3=0cd953e2140a5976079f8e2406bc8eb7 E(K,Y3)=13fccf22159a4d16026ce5d58c7e99fb Y4=0cd953e2140a5976079f8e2406bc8eb8 E(K,Y4)=132b64628a031e79fecd050675a64f07 X3=e963941cfa8c417bdaa3b3d94ab4e905 X4=2178d7f836e5fa105ce0fdf0fc8f0654 X5=bac14eeba3216f966b3e7e011475b832 X6=cc9ae9175729a649936e890bd971a8bf len(A)||len(C)=00000000000000a000000000000001e0 GHASH(H,A,C)=d5ffcf6fc5ac4d69722187421a7f170b C=5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f T=a44a8266ee1c8eb0c8b5d4cf5ae9f19a nss-pem.git/nss/nss/cmd/bltest/tests/camellia_cbc/0000775000000000000000000000000013252671167017312 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/camellia_cbc/ciphertext00000664000000000000000000000003213252671167021467 0ustar taydfPlRJe3wf8Td0xJ9Tw== nss-pem.git/nss/nss/cmd/bltest/tests/camellia_cbc/ciphertext10000664000000000000000000000003213252671167021470 0ustar yoYCZwKnUMcS4ADHxnwObA== nss-pem.git/nss/nss/cmd/bltest/tests/camellia_cbc/ciphertext20000664000000000000000000000003213252671167021471 0ustar T+Wn4cs1Sbqrh/XtNd4vzQ== nss-pem.git/nss/nss/cmd/bltest/tests/camellia_cbc/iv00000664000000000000000000000002113252671167017724 0ustar qwertyuiopasdfgh nss-pem.git/nss/nss/cmd/bltest/tests/camellia_cbc/key00000664000000000000000000000002113252671167020076 0ustar fedcba9876543210 nss-pem.git/nss/nss/cmd/bltest/tests/camellia_cbc/key10000664000000000000000000000003113252671167020100 0ustar fedcba9876543210fedcba98 nss-pem.git/nss/nss/cmd/bltest/tests/camellia_cbc/key20000664000000000000000000000004113252671167020102 0ustar fedcba9876543210fedcba9876543210 nss-pem.git/nss/nss/cmd/bltest/tests/camellia_cbc/numtests0000664000000000000000000000000213252671167021107 0ustar 3 nss-pem.git/nss/nss/cmd/bltest/tests/camellia_cbc/plaintext00000664000000000000000000000002113252671167021316 0ustar 0123456789abcdef nss-pem.git/nss/nss/cmd/bltest/tests/camellia_ecb/0000775000000000000000000000000013252671167017314 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/camellia_ecb/ciphertext00000664000000000000000000000003213252671167021471 0ustar 6v0CGxSwow3AhsyhunfdbQ== nss-pem.git/nss/nss/cmd/bltest/tests/camellia_ecb/ciphertext10000664000000000000000000000003213252671167021472 0ustar Nf1GwJiBtZT+VPJp+gBhPA== nss-pem.git/nss/nss/cmd/bltest/tests/camellia_ecb/ciphertext20000664000000000000000000000003213252671167021473 0ustar ilB/0K3SI86Oecwh7cruGA== nss-pem.git/nss/nss/cmd/bltest/tests/camellia_ecb/key00000664000000000000000000000002113252671167020100 0ustar fedcba9876543210 nss-pem.git/nss/nss/cmd/bltest/tests/camellia_ecb/key10000664000000000000000000000003113252671167020102 0ustar fedcba9876543210fedcba98 nss-pem.git/nss/nss/cmd/bltest/tests/camellia_ecb/key20000664000000000000000000000004113252671167020104 0ustar fedcba9876543210fedcba9876543210 nss-pem.git/nss/nss/cmd/bltest/tests/camellia_ecb/numtests0000664000000000000000000000000213252671167021111 0ustar 3 nss-pem.git/nss/nss/cmd/bltest/tests/camellia_ecb/plaintext00000664000000000000000000000002113252671167021320 0ustar 0123456789abcdef nss-pem.git/nss/nss/cmd/bltest/tests/chacha20_poly1305/0000775000000000000000000000000013252671167017661 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/chacha20_poly1305/aad00000664000000000000000000000001413252671167020404 0ustar PQRSnss-pem.git/nss/nss/cmd/bltest/tests/chacha20_poly1305/aad10000664000000000000000000000001413252671167020405 0ustar 3Nnss-pem.git/nss/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext00000664000000000000000000000026113252671167022042 0ustar 0xqNNGSOYNt7hq+8U+9+wqSt7VEpbgj+qeK1pzbuYtY9vqRejKlnEoL6+2naknKLGnHeCp4GCykF1qW2fs07NpLdvX8td4uMmAOu4ygJG1j6syTk+tZ1lFWFgItIMde8P/Te8I5Lep3ldtJlhs7GS2EWGuELWU8J4mp+kC7L0GAGkQ== nss-pem.git/nss/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext10000664000000000000000000000057113252671167022047 0ustar ZKCGFXWGGvRg8GLHm+ZDvV6AXP00XPOJ8QhnCsdsjLJMbPwYdV1D7qCe6U44LSawvbe3PDIbAQDU8Dt/NViUzzMvgw5xC5fOmMioSr0LlIEUrRduAI0zvWD5grH/N8hVl5egbvTw72HBhjJOKzUGODYGkHtqfAKw+fYVe1PIZ+S5Fmx2e4BNRqWbUhbN56TpkEDFpAQzIl7igqGwoGxSPq9FNNf4P6EVWwBHcYy8VGoNBysEs1ZO6htCInP1SCcaC7IxYFP6dpkZVevWMVlDTs67TkZtrloQc6ZydicJehBJ5hfZHTYQlPpo8P93mHEwMFvqui7aBN+Ze3FNbG8sKaatXLQCKwJwm+6tnWeJDLsiOSM2/qGFHzg= nss-pem.git/nss/nss/cmd/bltest/tests/chacha20_poly1305/iv00000664000000000000000000000001413252671167020275 0ustar @ABCDEFGnss-pem.git/nss/nss/cmd/bltest/tests/chacha20_poly1305/iv10000664000000000000000000000001413252671167020276 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/chacha20_poly1305/key00000664000000000000000000000004013252671167020446 0ustar nss-pem.git/nss/nss/cmd/bltest/tests/chacha20_poly1305/key10000664000000000000000000000004013252671167020447 0ustar @Uӊ3G9@+ \ punss-pem.git/nss/nss/cmd/bltest/tests/chacha20_poly1305/numtests0000664000000000000000000000000213252671167021456 0ustar 2 nss-pem.git/nss/nss/cmd/bltest/tests/chacha20_poly1305/plaintext00000664000000000000000000000016213252671167021673 0ustar Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it.nss-pem.git/nss/nss/cmd/bltest/tests/chacha20_poly1305/plaintext10000664000000000000000000000041113252671167021671 0ustar Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as /“work in progress./”nss-pem.git/nss/nss/cmd/bltest/tests/des3_cbc/0000775000000000000000000000000013252671167016401 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/des3_cbc/ciphertext00000664000000000000000000000001513252671167020557 0ustar KV3MDNGKWOc= nss-pem.git/nss/nss/cmd/bltest/tests/des3_cbc/iv00000664000000000000000000000001113252671167017012 0ustar 12345678 nss-pem.git/nss/nss/cmd/bltest/tests/des3_cbc/key00000664000000000000000000000003113252671167017166 0ustar abcdefghijklmnopqrstuvwx nss-pem.git/nss/nss/cmd/bltest/tests/des3_cbc/numtests0000664000000000000000000000000213252671167020176 0ustar 1 nss-pem.git/nss/nss/cmd/bltest/tests/des3_cbc/plaintext00000664000000000000000000000001113252671167020404 0ustar Mozilla! nss-pem.git/nss/nss/cmd/bltest/tests/des3_ecb/0000775000000000000000000000000013252671167016403 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/des3_ecb/ciphertext00000664000000000000000000000001513252671167020561 0ustar RgckVNh4QcM= nss-pem.git/nss/nss/cmd/bltest/tests/des3_ecb/key00000664000000000000000000000003113252671167017170 0ustar abcdefghijklmnopqrstuvwx nss-pem.git/nss/nss/cmd/bltest/tests/des3_ecb/numtests0000664000000000000000000000000213252671167020200 0ustar 1 nss-pem.git/nss/nss/cmd/bltest/tests/des3_ecb/plaintext00000664000000000000000000000001113252671167020406 0ustar Mozilla! nss-pem.git/nss/nss/cmd/bltest/tests/des_cbc/0000775000000000000000000000000013252671167016316 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/des_cbc/ciphertext00000664000000000000000000000001513252671167020474 0ustar Perdg9FMYQ4= nss-pem.git/nss/nss/cmd/bltest/tests/des_cbc/iv00000664000000000000000000000001113252671167016727 0ustar 12345678 nss-pem.git/nss/nss/cmd/bltest/tests/des_cbc/key00000664000000000000000000000001113252671167017101 0ustar zyxwvuts nss-pem.git/nss/nss/cmd/bltest/tests/des_cbc/numtests0000664000000000000000000000000213252671167020113 0ustar 1 nss-pem.git/nss/nss/cmd/bltest/tests/des_cbc/plaintext00000664000000000000000000000001113252671167020321 0ustar Mozilla! nss-pem.git/nss/nss/cmd/bltest/tests/des_ecb/0000775000000000000000000000000013252671167016320 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/des_ecb/ciphertext00000664000000000000000000000001513252671167020476 0ustar 3bNoWzzNiFc= nss-pem.git/nss/nss/cmd/bltest/tests/des_ecb/key00000664000000000000000000000001113252671167017103 0ustar zyxwvuts nss-pem.git/nss/nss/cmd/bltest/tests/des_ecb/numtests0000664000000000000000000000000213252671167020115 0ustar 1 nss-pem.git/nss/nss/cmd/bltest/tests/des_ecb/plaintext00000664000000000000000000000001113252671167020323 0ustar Mozilla! nss-pem.git/nss/nss/cmd/bltest/tests/dsa/0000775000000000000000000000000013252671167015503 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext00000664000000000000000000000007113252671167017663 0ustar fB0bnKWvjT6X5NIkZ5l/Y/DXZ6QNI6j0iPhR/ZERkfj67xRnTWY1cg== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext10000664000000000000000000000007213252671167017665 0ustar UO0OgQ4/HHy2rGIzIFhEi9iyhMDGre0XIWtGt+S28ql8GtfMPag/3g== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext100000664000000000000000000000012013252671167017737 0ustar namWZQDenTtrf0QcpVAjP8RQlEvFB+Ac1KywMC1y8fZoHoZ/fYvq6+ukvFsjKHYE pkz+4cFkWVo= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext110000664000000000000000000000013413252671167017745 0ustar Nj4BxWTzgKJ9fSOyB68/lh1I/AmVSH9gBSd11ySrPRBJFtkbKScpTkKdU3wG3SRj 0YRQGMyihz6Qpsg3tEX93g== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext120000664000000000000000000000013413252671167017746 0ustar BZvunnCLfyDD95GmQO3ulk4KpnKJPEhHmXFYF7Oo9tRL1ByEpyTMhuTwGU7A+/N5 5lTQ1/ah8IvUaBOUIqXDUw== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext130000664000000000000000000000013413252671167017747 0ustar YzBV4FXyN8OJmdgcOXhIw4zOgKVbZJ2eeQXCmOKlFEcrv2gxdmDsHksVSRUCewvA DuGc/Av3XQGTBQTyzhCosA== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext140000664000000000000000000000013413252671167017750 0ustar T9jyXAWQMAJzgdQWfDF0tr4AiMFfClc9fr0Flg9aHrJfVoac7nv2T+xdXW6hW7H6 EWkAOofszBYhuQobiSIm8g== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext150000664000000000000000000000013413252671167017751 0ustar akfqV86uzBFtcZD/bG3Zgxq3W0v2yykQg+Qmi0hu0kUBc1X2mKMqvppNSn3afIWV DN3DSKuKZ1HnL93AGqXR8A== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext160000664000000000000000000000013413252671167017752 0ustar IcoUjN9EvkrpOy81O45RLQOtltr6gGI/3kkiqV8DJzJz5It3o6pEMHSDwt2JXLUd shEhd8GFxZyx3P8y/aAqTw== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext170000664000000000000000000000013413252671167017753 0ustar LlnV8w9zeB04JVtw3t7rOK54308ALB90fAjercZTAVVhXFWy3wyijGCms4XFj6A2 34xLL08ZNXML+PTwvtE2EA== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext180000664000000000000000000000013413252671167017754 0ustar U7rmxvM24usxHB6S2V/ESakpRE74HsQnlmCyANWUM95J86dOlT53p5Qa867+707U mb4gmXag7bP6Xny5YbDBEg== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext190000664000000000000000000000013413252671167017755 0ustar dpVpihR1XbQgboULT18ZxUCwfQfgiqxZHiAIFkbm7tw9rgEVTs/3sZAHqVPxhfBm PvfyU38LFeBPs0PJYfNt4g== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext20000664000000000000000000000007213252671167017666 0ustar r+5xnn+Ei1Q0nMw7T7JgZYM6TY5zTv6ZIlbzEyXnSbwyokoflXs6Gw== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext200000664000000000000000000000013413252671167017745 0ustar pApskFZUxV/FjpnH0aP+6ixb5kgj1Ahs6BHzNM/cRI1keAUJd+xYWYBFTgovJqAw N7khyliKeKTa/36E1JqKbA== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext30000664000000000000000000000007213252671167017667 0ustar dmg6CF1nQurflaYa91+IEnbP0mo7naf5km6qrQvr1IRcZ/zbZNEkUw== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext40000664000000000000000000000007213252671167017670 0ustar d8TZn2KzrX3R/mSY20Wl2nPOe94jhxoAKuUD/auqaoTcyPOHaXN/AQ== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext50000664000000000000000000000007213252671167017671 0ustar pT8fjyC409RyDxSourUiawedmVMR9T9qTla1H2DiDUlXronhYq6mFg== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext60000664000000000000000000000012013252671167017664 0ustar Rd8vQj6UvxVd1OHZ5j8xXqYG3ThSfUz2Moc4yFmz6O+lvAzL9KPLtlFcS5v3hM+s 3MEB3J+B0x8= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext70000664000000000000000000000012013252671167017665 0ustar ZRAuj2TssR8GAXsaDA3vPCmJfCd8SpSLH02muSGtCrsnvTwhFmy5au9wwNvV8wec qw3VQ9QSW9E= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext80000664000000000000000000000012013252671167017666 0ustar nF+kaHndr1wU8H37UyBxX2em/sF5461TNC+20cPhfns8TQrI1J9N0PBMFqCU9C2g r8xskPXxu8g= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/ciphertext90000664000000000000000000000012013252671167017667 0ustar WrQ+3mahVogUbR9M1xZHAsDERXvU/d66wEgpU2xY6Ksn0oUSxGBjyWv1vOuPutIy 2PWznEdV0LE= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/dsa_fips.txt0000664000000000000000000012561213252671167020043 0ustar # CAVS 11.2 # "SigGen" information for "dsa2_values" # Mod sizes selected: L=1024, N=160, SHA-1 L=1024, N=160, SHA-224 L=1024, N=160, SHA-256 L=1024, N=160, SHA-384 L=1024, N=160, SHA-512 L=2048, N=224, SHA-1 L=2048, N=224, SHA-224 L=2048, N=224, SHA-256 L=2048, N=224, SHA-384 L=2048, N=224, SHA-512 L=2048, N=256, SHA-1 L=2048, N=256, SHA-224 L=2048, N=256, SHA-256 L=2048, N=256, SHA-384 L=2048, N=256, SHA-512 L=3072, N=256, SHA-1 L=3072, N=256, SHA-224 L=3072, N=256, SHA-256 L=3072, N=256, SHA-384 L=3072, N=256, SHA-512 # Generated on Tue Aug 16 11:21:08 2011 # # These sample from NIST were used to generate dsa tests 1-20 # [mod = L=1024, N=160, SHA-1] P = a8f9cd201e5e35d892f85f80e4db2599a5676a3b1d4f190330ed3256b26d0e80a0e49a8fffaaad2a24f472d2573241d4d6d6c7480c80b4c67bb4479c15ada7ea8424d2502fa01472e760241713dab025ae1b02e1703a1435f62ddf4ee4c1b664066eb22f2e3bf28bb70a2a76e4fd5ebe2d1229681b5b06439ac9c7e9d8bde283 Q = f85f0f83ac4df7ea0cdf8f469bfeeaea14156495 G = 2b3152ff6c62f14622b8f48e59f8af46883b38e79b8c74deeae9df131f8b856e3ad6c8455dab87cc0da8ac973417ce4f7878557d6cdf40b35b4a0ca3eb310c6a95d68ce284ad4e25ea28591611ee08b8444bd64b25f3f7c572410ddfb39cc728b9c936f85f419129869929cdb909a6a3a99bbe089216368171bd0ba81de4fe33 Msg = 3b46736d559bd4e0c2c1b2553a33ad3c6cf23cac998d3d0c0e8fa4b19bca06f2f386db2dcff9dca4f40ad8f561ffc308b46c5f31a7735b5fa7e0f9e6cb512e63d7eea05538d66a75cd0d4234b5ccf6c1715ccaaf9cdc0a2228135f716ee9bdee7fc13ec27a03a6d11c5c5b3685f51900b1337153bc6c4e8f52920c33fa37f4e7 X = c53eae6d45323164c7d07af5715703744a63fc3a Y = 313fd9ebca91574e1c2eebe1517c57e0c21b0209872140c5328761bbb2450b33f1b18b409ce9ab7c4cd8fda3391e8e34868357c199e16a6b2eba06d6749def791d79e95d3a4d09b24c392ad89dbf100995ae19c01062056bb14bce005e8731efde175f95b975089bdcdaea562b32786d96f5a31aedf75364008ad4fffebb970b K = 98cbcc4969d845e2461b5f66383dd503712bbcfa R = 50ed0e810e3f1c7cb6ac62332058448bd8b284c0 S = c6aded17216b46b7e4b6f2a97c1ad7cc3da83fde [mod = L=1024, N=160, SHA-224] P = 8b9b32f5ba38faad5e0d506eb555540d0d7963195558ca308b7466228d92a17b3b14b8e0ab77a9f3b2959a09848aa69f8df92cd9e9edef0adf792ce77bfceccadd9352700ca5faecf181fa0c326db1d6e5d352458011e51bd3248f4e3bd7c820d7e0a81932aca1eba390175e53eada197223674e3900263e90f72d94e7447bff Q = bc550e965647fb3a20f245ec8475624abbb26edd G = 11333a931fba503487777376859fdc12f7c687b0948ae889d287f1b7a712ad220ae4f1ce379d0dbb5c9abf419621f005fc123c327e5055d1850634c36d397e689e111d598c1c3636b940c84f42f436846e8e7fcad9012ceda398720f32fffd1a45ab6136ce417069207ac140675b8f86dd063915ae6f62b0cec729fbd509ac17 Msg = fb2128052509488cad0745ed3e6312850dd96ddaf791f1e624e22a6b9beaa65319c325c78ef59cacba0ccfa722259f24f92c17b77a8f6d8e97c93d880d2d8dbbbedcf6acefa06b0e476ca2013d0394bd90d56c10626ef43cea79d1ef0bc7ac452bf9b9acaef70325e055ac006d34024b32204abea4be5faae0a6d46d365ed0d9 X = 6e2e31bbfc670944d7a7120e39a981520614d8a8 Y = 7e339f3757450390160e02291559f30bed0b2d758c5ccc2d8d456232bb435ae49de7e7957e3aad9bfdcf6fd5d9b6ee3b521bc2229a8421dc2aa59b9952345a8fc1de49b348003a9b18da642d7f6f56e3bc665131ae9762088a93786f7b4b72a4bcc308c67e2532a3a5bf09652055cc26bf3b18833598cffd7011f2285f794557 K = 8cb35d255505a4c41421e562d10827266aa68663 R = afee719e7f848b54349ccc3b4fb26065833a4d8e S = 734efe992256f31325e749bc32a24a1f957b3a1b [mod = L=1024, N=160, SHA-256] P = cba13e533637c37c0e80d9fcd052c1e41a88ac325c4ebe13b7170088d54eef4881f3d35eae47c210385a8485d2423a64da3ffda63a26f92cf5a304f39260384a9b7759d8ac1adc81d3f8bfc5e6cb10efb4e0f75867f4e848d1a338586dd0648feeb163647ffe7176174370540ee8a8f588da8cc143d939f70b114a7f981b8483 Q = 95031b8aa71f29d525b773ef8b7c6701ad8a5d99 G = 45bcaa443d4cd1602d27aaf84126edc73bd773de6ece15e97e7fef46f13072b7adcaf7b0053cf4706944df8c4568f26c997ee7753000fbe477a37766a4e970ff40008eb900b9de4b5f9ae06e06db6106e78711f3a67feca74dd5bddcdf675ae4014ee9489a42917fbee3bb9f2a24df67512c1c35c97bfbf2308eaacd28368c5c Msg = 812172f09cbae62517804885754125fc6066e9a902f9db2041eeddd7e8da67e4a2e65d0029c45ecacea6002f9540eb1004c883a8f900fd84a98b5c449ac49c56f3a91d8bed3f08f427935fbe437ce46f75cd666a0707265c61a096698dc2f36b28c65ec7b6e475c8b67ddfb444b2ee6a984e9d6d15233e25e44bd8d7924d129d X = 2eac4f4196fedb3e651b3b00040184cfd6da2ab4 Y = 4cd6178637d0f0de1488515c3b12e203a3c0ca652f2fe30d088dc7278a87affa634a727a721932d671994a958a0f89223c286c3a9b10a96560542e2626b72e0cd28e5133fb57dc238b7fab2de2a49863ecf998751861ae668bf7cad136e6933f57dfdba544e3147ce0e7370fa6e8ff1de690c51b4aeedf0485183889205591e8 K = 85976c5610a74959531040a5512b347eac587e48 R = 76683a085d6742eadf95a61af75f881276cfd26a S = 3b9da7f9926eaaad0bebd4845c67fcdb64d12453 [mod = L=1024, N=160, SHA-384] P = f24a4afc72c7e373a3c30962332fe5405c45930963909418c30792aaf135ddea561e94f24726716b75a18828982e4ce44c1fddcb746487b6b77a9a5a17f868ab50cd621b5bc9da470880b287d7398190a42a5ee22ed8d1ff147e2019810c8298ed68e1ca69d41d555f249e649fb1725ddb075c17b37beff467fdd1609243373f Q = da065a078ddb56ee5d2ad06cafab20820d2c4755 G = 47b5591b79043e4e03ca78a0e277c9a21e2a6b543bf4f044104cd9ac93eff8e101bb6031efc8c596d5d2f92e3a3d0f1f74702dd54f77d3cd46c04dee7a5de9f00ad317691fddcefe4a220a2651acae7fcedda92bfcca855db6705e8d864f8192bf6bf860c00f08ad6493ecc1872e0028d5c86d44505db57422515c3825a6f78a Msg = b0dbbf4a421ba5c5b0e52f09629801c113258c252f29898c3354706e39ec5824be523d0e2f8cfe022cd61165301274d5d621a59755f50404d8b802371ce616defa962e3636ae934ec34e4bcf77a16c7eff8cf4cc08a0f4849d6ad4307e9f8df83f24ad16ab46d1a61d2d7d4e21681eb2ae281a1a5f9bca8573a3f5281d308a5a X = 649820168eb594f59cd9b28b9aefe8cc106a6c4f Y = 43a27b740f422cb2dc3eaa232315883a2f6a22927f997d024f5a638b507b17d3b1cbd3ec691cc674470960a0146efdecb95bb5fe249749e3c806cd5cc3e7f7bab845dadbe1f50b3366fb827a942ce6246dda7bd2c13e1b4a926c0c82c884639552d9d46036f9a4bc2a9e51c2d76e3074d1f53a63224c4279e0fa460474d4ffde K = 33c7ba88ff69707971b25ac344ae4a566e195f99 R = 77c4d99f62b3ad7dd1fe6498db45a5da73ce7bde S = 23871a002ae503fdabaa6a84dcc8f38769737f01 [mod = L=1024, N=160, SHA-512] P = 88d968e9602ecbda6d86f7c970a3ffbeb1da962f28c0afb9270ef05bc330ca98c3adf83c072feb05fb2e293b5065bbb0cbcc930c24d8d07869deaecd92a2604c0f5dd35c5b431fda6a222c52c3562bf7571c710209be8b3b858818788725fe8112b7d6bc82e0ff1cbbf5d6fe94690af2b510e41ad8207dc2c02fb9fa5cefaab5 Q = a665689b9e5b9ce82fd1676006cf4cf67ecc56b7 G = 267e282857417752113fba3fca7155b5ce89e7c8a33c1a29122e2b720965fc04245267ff87fc67a5730fe5b308013aa3266990fbb398185a87e055b443a868ce0ce13ae6aee330b9d25d3bbb362665c5881daf0c5aa75e9d4a82e8f04c91a9ad294822e33978ab0c13fadc45831f9d37da4efa0fc2c5eb01371fa85b7ddb1f82 Msg = 3a84a5314e90fd33bb7cd6ca68720c69058da1da1b359046ae8922cac8afc5e025771635fb4735491521a728441b5cb087d60776ee0ecc2174a41985a82cf46d8f8d8b274a0cc439b00971077c745f8cf701cf56bf9914cc57209b555dc87ca8c13da063270c60fc2c988e692b75a7f2a669903b93d2e14e8efb6fb9f8694a78 X = 07ce8862e64b7f6c7482046dbfc93907123e5214 Y = 60f5341e48ca7a3bc5decee61211dd2727cd8e2fc7635f3aabea262366e458f5c51c311afda916cb0dcdc5d5a5729f573a532b594743199bcfa7454903e74b33ddfe65896306cec20ebd8427682fa501ee06bc4c5d1425cbe31828ba008b19c9da68136cf71840b205919e783a628a5a57cf91cf569b2854ffef7a096eda96c9 K = 2f170907ac69726b14f22056dcb37b4df85f7424 R = a53f1f8f20b8d3d4720f14a8bab5226b079d9953 S = 11f53f6a4e56b51f60e20d4957ae89e162aea616 [mod = L=2048, N=224, SHA-1] P = f2d39ed3062b13c916273600a0f2a029e86d7a4b9217b4f1815bf2b24d9710a57ab33f997294b014585b8d0198dfdccbcd75314da5ff85aa344b45adaeaa979b51a312a7bfa94472fb633f1a6f156bb4458867dfd38403f06b851f00fe2d3484077bded71ab7513d04a140220575fb693395480e4c8402b7a46cec2d37a778c305accd1f13e9f62e865315f4b22cc467c8986ec8e4961ddf810566b0c4ee369ac6aa15e43f4744005826f5bde8071a19e30b6909aac4b3d174237270dad02799d09b8a2cc5f22e66894b5422228b2c234f11f5a771c5b89cf465a2acecbbeeaa1725fe8f9b59422be8991052cb556ddf2c8ce8fa9206dbf39feadc194e00f8e5 Q = 8000000000000000c118f49835e4ef733c4d15800fcf059e884d31b1 G = e3a93c09da6f560e4d483a382a4c546f2335c36a4c35ac1463c08a3e6dd415df56fdc537f25fd5372be63e4f5300780b782f1acd01c8b4eb33414615fd0ea82573acba7ef83f5a943854151afc2d7dfe121fb8cd03335b065b549c5dcc606be9052483bc284e12ac3c8dba09b426e08402030e70bc1cc2bf8957c4ba0630f3f32ad689389ac47443176063f247d9e2296b3ea5b5bc2335828ea1a080ed35918dee212fd031279d1b894f01afec523833669eac031a420e540ba1320a59c424a3e5849a460a56bcb001647885b1433c4f992971746bfe2977ce7259c550b551a6c35761e4a41af764e8d92132fcc0a59d1684eab90d863f29f41cf7578faa908c Msg = edc6fd9b6c6e8a59f283016f7f29ee16deeaa609b5737927162aef34fed985d0bcb550275637ba67831a2d4efccb35296dfe730f4a0b4f4728d1d7d1bb8f4a36238a5c94311fa1134a93a6b4de39c085e9f60ae4e237c0416d58042bb36baa38cba8c896295b745d5376fd8ce42eb6ee5a1b38f87716b265b76e58cfb24a9170 X = 6132e551cdac88409183bd37ee1452cd247d4834b08814b275be3ff5 Y = 289ff18c32a56bb0b8839370647683a38a5a7e291410b93207212adc8088d30f93e9e4abc523f3d46936e7d5c90d88742b36afd37563408f15c8c1a4f7ac24bf05f01008ffee70c8825d57c3a9308bad8a095af2b53b2dda3cbed846d95e301eb9b84766415d11f6c33209a0d28571096ab04a79aa0dc465997529686b68e887cd8a205c2dc8195aef0422eba9979f549ac85548e419413643b7244361153ada1480d238cd00dc16527938955548dd5d027ded1029eeeb8ed6c61b4cd59341d8b15466e9da890a989996f4d7691e6072de136af28b5874bf08bd1f8a60cfb1c00888132909f515e04bce81b02951aa41baac68ffdb8c5dc77a1d32d8f2c10dd7 K = 7197392d32d0af6a7183cc3398556f8f687d86a8ff742be6ad38562f R = 45df2f423e94bf155dd4e1d9e63f315ea606dd38527d4cf6328738c8 S = 59b3e8efa5bc0ccbf4a3cbb6515c4b9bf784cfacdcc101dc9f81d31f [mod = L=2048, N=224, SHA-224] P = aa815c9db1c4d3d2773c7d0d4d1da75ecfc4a39e97d5fa191ffec8b1490a290ce335e5ce87ea620a8a17de0bb64714e2ec840bf00e6ebdb4ffb4e324ca07c3c8717309af1410362a772c9add838b2b0cae1e90ab448adabdacd2e5df59c4187a32a23719d6c57e9400885383bf8f066f23b941920d54c35b4f7cc5044f3b40f17046956307b748e840732844d00a9ce6ec5714293b6265147f15c67f4be38b082b55fdeadb6124689fb76f9d25cc28b8eaa98b562d5c1011e0dcf9b39923240d332d89dc9603b7bddd0c70b83caa2905631b1c83cabbae6c0c0c2efe8f58131ed8351bf93e875f6a73a93cbad470141a2687fbacf2d71c8ddee971ad660729ad Q = ea347e90be7c2875d1fe1db622b4763837c5e27a6037310348c1aa11 G = 2042094ccbc8b8723fc928c12fda671b83295e99c743576f44504be1186323319b5002d24f173df909ea241d6ea5289904ee4636204b2fbe94b068fe093f7962579549551d3af219ad8ed19939eff86bcec834de2f2f78596e89e7cb52c524e177098a56c232eb1f563aa84bc6b026deee6ff51cb441e080f2dafaea1ced86427d1c346be55c66803d4b76d133cd445b4c3482fa415023463c9bf30f2f784223e26057d3aa0d7fbb660630c52e49d4a0325c7389e072aa349f13c966e159752fbb71e9336890f93243fa6e72d299365ee5b3fe266ebf1110568fee4425c847b50210bd484b97431a42856adca3e7d1a9c9c675c7e266918320dd5a78a48c48a9 Msg = e920fc1610718f2b0213d301c0092a51f3c6b0107bbbd8243a9689c044e2d142f202d9d195a5faef4be5acadc9ff6f7d2261e58b517139bcb9489b110423c2e59eb181294ffdae8aad0e624fab974c97f9f5e7dc19d678a9cb3429cf05ec509072856f5adfec6e29bafe8e5ba95593e612843e343111d88a1eaff7dc0a2e277f X = 7b489021578e79e7bd3ee7ab456f659f3dc07c88f5c9a39e4f8cee81 Y = 1ae10c786ad0902c5c685dae5c7121418a377b888b5f2f2bc76623570fd62bcb190b471ad5359c5f062f8819289e956d8aa6f90d1f8cf1ee72d3a1bdfd56c478dc29a19c4569b5a60e3a8f34f60656eac5b25dde5514a5c67b675423204f6ccaf0990617cc7355b9d3ed868978a252020a769ed59a6edaa6efe3377eef45f3f6f3e64179cc7db8b143fb835c5d71bfcfa1e2a9049bccf7fe9ab57546220fe3f4b7521c861739d138507e81a46a6993605441dcb90d6ee4afbc42cabe90a254444968109d7edd9694a023239f1d56175dd1fac115915e24fab563f4fc3f269bed2f300832d112596485a711417aa73bb4ac72a651a1fa5baed3636c720d397008 K = 37fadd419fcbd2b073a06ae96b9eceb63e29aee9ac5fa2bdb31ab85d R = 65102e8f64ecb11f06017b1a0c0def3c29897c277c4a948b1f4da6b9 S = 21ad0abb27bd3c21166cb96aef70c0dbd5f3079cab0dd543d4125bd1 [mod = L=2048, N=224, SHA-256] P = a4c7eaab42c4c73b757770916489f17cd50725cd0a4bc4e1cf67f763b8c1de2d6dab9856baafb008f365b18a42e14dc51f350b88eca0209c5aa4fd71a7a96c765f5901c21e720570d7837bec7c76d2e49344731ca39405d0a879b9e0dcd1a8125fd130ec1e783e654b94e3002e6b629e904ab3877867720cbd54b4270a9e15cd028c7cc796f06c272a660951928fdbeb2dca061b41e932257305742ff16e2f429191d5e5f1a6ddf6e78c5d7722cff80a9c0bd5c8d7aeba8c04438992b075e307c1534c49ad380f477f5f7987dc172c161dca38dcaf3fb3846c72c9119a5299adc748951b3dce0d00d4a9013800b2008203b72465bc6a84ae059a30c4522dea57 Q = ce89fe332b8e4eb3d1e8ddcea5d163a5bc13b63f16993755427aef43 G = 8c465edf5a180730291e080dfc5385397a5006450dba2efe0129264fbd897bb5579ca0eab19aa278220424724b4f2a6f6ee6328432abf661380646097233505339c5519d357d7112b6eec938b85d5aa75cc2e38092f0a530acb54e50fe82c4d562fb0f3036b80b30334023ebbe6637a0010b00c7db86371168563671e1e0f028aedbd45d2d572621a609982a073e51aae27707afbeef29e2ecee84d7a6d5da382be3a35f42b6c66849202ab19d025b869d08776476d1ab981475ad2ad2f3e6fd07e30696d90a626816df60d6ca7afd7b482f942f83b45cc82933731f87faee320900f2aa3e70b1867e1430e40be67c07f9290299ef067b8b24a7515b3f992c07 Msg = cec8d2843dee7cb5f9119b75562585e05c5ce2f4e6457e9bcc3c1c781ccd2c0442b6282aea610f7161dcede176e774861f7d2691be6c894ac3ebf80c0fab21e52a3e63ae0b35025762ccd6c9e1fecc7f9fe00aa55c0c3ae33ae88f66187f9598eba9f863171f3f56484625bf39d883427349b8671d9bb7d396180694e5b546ae X = 551595eccbb003b0bf8ddda184a59da51e459a0d28205e5592ca4cb1 Y = 748a40237211a2d9852596e7a891f43d4eb0ee48826c9cfb336bbb68dbe5a5e16b2e1271d4d13de03644bb85ef6be523a4d4d88415bcd596ba8e0a3c4f6439e981ed013d7d9c70336febf7d420cfed02c267457bb3f3e7c82145d2af54830b942ec74a5d503e4226cd25dd75decd3f50f0a858155d7be799410836ddc559ce99e1ae513808fdaeac34843dd7258f16f67f19205f6f139251a4186da8496d5e90d3fecf8ed10be6c25ff5eb33d960c9a8f4c581c8c724ca43b761e9fdb5af66bffb9d2ebb11a6b504a1fbe4f834ecb6ac254cab513e943b9a953a7084b3305c661bfad434f6a835503c9ade7f4a57f5c965ec301ecde938ee31b4deb038af97b3 K = 6f326546aa174b3d319ef7331ec8dfd363dd78ae583a920165ff7e54 R = 9c5fa46879ddaf5c14f07dfb5320715f67a6fec179e3ad53342fb6d1 S = c3e17e7b3c4d0ac8d49f4dd0f04c16a094f42da0afcc6c90f5f1bbc8 [mod = L=2048, N=224, SHA-384] P = a6bb5333ce343c31c9b2c878ab91eef2fdea35c6db0e716762bfc0d436d87506e865a4d2c8cfbbd626ce8bfe64563ca5686cd8cf081490f02445b289087982495fb69976b10242d6d50fc23b4dbdb0bef78305d9a4d05d9eae65d87a893eaf397e04e39baa85a26c8ffbdef1233287b5f5b6ef6a90f27a69481a932ee47b18d5d27eb107ffb05025e646e8876b5cb567fec1dd35835d42082198531fafbe5ae280c575a1fb0e62e9b3ca37e197ad96d9dde1f33f2cec7d27deae261c83ee8e2002af7eb6e82f6a14796af037577a1032bbc709129caabd8addf870ae2d0595c8fdb37155748f0dea34b44d4f82ed58c2f5b1b8481662ac53473c693410082fbd Q = 8c3ee5bd9a2aaf068bd5845bd55ecf27417055307577bbc3770ec68b G = 43b5a6b6d0bb962ec9766a377c32cc4124f1311188c2ecf95c0cd4a4fa097225b7618cb1276c474578d3bf564c145199c092a1b14baa929c2f3f0f36e0c2dae91eba08be30992a889f2952e0442c37af484a4ecdc3243ccfcb9e3413cf5cdd6630b09fe17efbfde14d8725493019b7b73d1f782b48ef30bec36e00e02ba336d2254fc202a69612cd9446f91d76b739ffa6d8b86052f8dc5f1145801c56241af5ba9037241bd89e6338b58e01310671c268eb5e33acb57d1f99f16440a675827d4017754d601a17ada2fbedf904554a90b01530da8c93cd14ce293cb2bd3e7937e934b79e310fe4d80c13f92f63381355bd80a1abee1a73fdfb6da24ef28002a3 Msg = df5d564db83592c1128be5d29b7036880d55e834a291a745ed8dcd438c4da6b1b9f39412b2c5110730db83c1ccdfe9059dd96ec7ea2bbcb34e3eba72ef0a1d4721c7c0221e29279f014d63facc5bc8f18c539b92ff2af89e568225d6b4cf599cb3dff5e3c6ddfac0a27f10f636ec220abb72630bae9a39c18fd3663e4651ccac X = 4efa5136eb6aa74e92bbfc913b0bfebb613db7a47221fb7b64f42e6f Y = 647979b7960ce7b971ff0e5f6435f42a41b18c9de09a301114a013a7cd01183f176f88838379dcb4efb67daea79def3f042cbcf9cc503b4c2151a2364f7c9437b19643e67e24a36bac4a4cfa293deedf8ec6b154a32aa72985f7d8de235334b546c29def458c55d0c5c0ac5d74e2024ec7d4abc2fda516a2a0b1a4d886ad92c204707828a4fc7794f60ee8a4be1101c9e5518f7e19eebd475f2de6f6ba89c28bd129f13993befe5818440319a79549833196342a31dbaf7d79497dec65ee7dbef70e58f99d0595f6a711409ade3151d45563d53c1cd0a8ab1a18beff6502cbb0c069b114ea7be77898d0f4e549991ba0b368971b1072ece4afc380e9ae329a50 K = 7e0f1ce21d185ae65c0a00395567ea9cf217462b58b9c89c4e5ff9cf R = 5ab43ede66a15688146d1f4cd7164702c0c4457bd4fddebac0482953 S = 6c58e8ab27d28512c46063c96bf5bceb8fbad232d8f5b39c4755d0b1 [mod = L=2048, N=224, SHA-512] P = bfebd000b2d6cd4ab38efba35df334df721d6c2f2b3d956679cbad009f3dfbd002952cc899cc2356ec8769bd3d1ba5a73023729888da92ca48a5ee94c97f4f04a2e3acb4f33a2f0fb3783c31f2c70fa7c70f38214a27dadec8b12e67996a9e85ee3bb148803130147392dc5253c04d7063535e6cd646bfb186984e08b58b74a7be5b333bf32b0abfd5665360e9a923a0c528ff1c62c7253458f5678528719d436e50148741f45dc7dd2c6cac71c55231f12a83fefd2ed0a33ede1b8a51f566fcf7890682cdc1931dc207c92bf2ef4e28ab31661eeb77f1601eea941c9591f038d3f00d912857db05e64b2ad569320061c6f863ff3354d842e7e7ea715afef8d1 Q = aa986df8a064278e9363316a9830bcfa490656faa6d5daa817d87949 G = 8195ad9a478fd985216ee58368366d2edd13c12b3d62239169fa042d91156408b483122f44ed6236b8308a6cdb52f9af3de88ec89e039afad7da3aa66c1976049a8e0a7d18d567baf99fcefe315cada01548386b10b25e52f52ed78eb4d28082e5e1ffee9480c4fe2cc4aafd1efc9d4fd2cc6d155968931271ef15b3240e7fb043a80c8f628befe09d645077c1029d21e0ac8bf0ba9c27714d1b580ede594aa01b3b76f6e745fc1ec07db37e2fd7e98c6c8c6915228e422c309de9f5db168f50249d1be1ed3298090808e2ebb896bb79b8c4cbf94d4c2064e37e612ba4449d7ac210edde211416d64b051dd8046ab041732665411a7f154d31b3e11a51da7fc0 Msg = e9f59c6a5cbe8f5b0cf75008d06a076a6739bdddb39b82143cd03939aa4738a287c2a6f31829bbe15f02cc2ee7d7122dbd132825970daddd8a4d851da86e7edc8940cb1188319218b8e0248a103eae34bc68d85f5a32830d7e5dc7718f74db5e4224c0debe1e841e1eea1a88fee0f85d9fb087cbcee55f86037a646e38346d2b X = 6a5b4ffc44238d1852fb9b74e4c1661be85984043cfeee023f57cac6 Y = af6721bf75dec6a1b76ad35ca3750def31117c5b441c15a306835a1db74c003b86ae9099ebfb745b0aa9cb000cf43fb021513b8f197bc865b22bf949b491809ad752ffc1ca8e54bea16dc7f539e4c55fb70a7743dd28f262f60ef0f2fcaac29e8021a7938c18ffe03075d0b7e0a2b4dcabe46ed1953d33e37f113af519ab0bf0b6186c12b5f6488437f5193096e2fd6a6a1835604794c66b42ae5265c1cf1cb53ae84997975e0318a93ce41e3902e4ef54de3c56555bd19491acd53f3e57464e1f460389dbc5fa80648fa5a5a0f2956e9ec3b8dc441b535c641c362eed770da828649bfd146472b0f46a4c064e459f88bff90dede7ec56177a9a71d167948712 K = 9ced89ea5050982222830efef26e7394f5ab7d837d4549962d285fae R = 9da9966500de9d3b6b7f441ca550233fc450944bc507e01cd4acb030 S = 2d72f1f6681e867f7d8beaebeba4bc5b23287604a64cfee1c164595a [mod = L=2048, N=256, SHA-1] P = c1a59d215573949e0b20a974c2edf2e3137ff2463062f75f1d13df12aba1076bb2d013402b60af6c187fb0fa362167c976c2617c726f9077f09e18c11b60f65008825bd6c02a1f57d3eb0ad41cd547de43d87f2525f971d42b306506e7ca03be63b35f4ada172d0a06924440a14250d7822ac2d5aeafed4619e79d4158a7d5eb2d9f023db181a8f094b2c6cb87cb8535416ac19813f07144660c557745f44a01c6b1029092c129b0d27183e82c5a21a80177ee7476eb95c466fb472bd3d2dc286ce25847e93cbfa9ad39cc57035d0c7b64b926a9c7f5a7b2bc5abcbfbdc0b0e3fede3c1e02c44afc8aefc7957da07a0e5fd12339db8667616f62286df80d58ab Q = 8000000000000000000000001bd62c65e8b87c89797f8f0cbfa55e4a6810e2c7 G = aea5878740f1424d3c6ea9c6b4799615d2749298a17e26207f76cef340ddd390e1b1ad6b6c0010ad015a103342ddd452cac024b36e42d9b8ed52fafae7a1d3ce9e4b21f910d1356eb163a3e5a8184c781bf14492afa2e4b0a56d8884fd01a628b9662739c42e5c5795ade2f5f27e6de1d963917ce8806fc40d021cd87aa3aa3a9e4f0c2c4c45d2959b2578b2fb1a2229c37e181059b9d5e7b7862fa82e2377a49ed0f9dca820a5814079dd6610714efaf8b0cc683d8e72e4c884e6f9d4946b3e8d4cbb92adbbe7d4c47cc30be7f8c37ca81883a1aac6860059ff4640a29ccae73de20b12e63b00a88b2ee9ba94b75eb40a656e15d9ec83731c85d0effcb9ef9f Msg = de3605dbefde353cbe05e0d6098647b6d041460dfd4c000312be1afe7551fd3b93fed76a9763c34e004564b8f7dcacbd99e85030632c94e9b0a032046523b7aacdf934a2dbbdcfceefe66b4e3d1cb29e994ff3a4648a8edd9d58ed71f12399d90624789c4e0eebb0fbd5080f7d730f875a1f290749334cb405e9fd2ae1b4ed65 X = 5a42e77248358f06ae980a2c64f6a22bea2bf7b4fc0015745053c432b7132a67 Y = 880e17c4ae8141750609d8251c0bbd7acf6d0b460ed3688e9a5f990e6c4b5b00875da750e0228a04102a35f57e74b8d2f9b6950f0d1db8d302c5c90a5b8786a82c68ff5b17a57a758496c5f8053e4484a253d9942204d9a1109f4bd2a3ec311a60cf69c685b586d986f565d33dbf5aab7091e31aa4102c4f4b53fbf872d700156465b6c075e7f778471a23502dc0fee41b271c837a1c26691699f3550d060a331099f64837cddec69caebf51bf4ec9f36f2a220fe773cb4d3c02d0446ddd46133532ef1c3c69d432e303502bd05a75279a7809a742ac4a7872b07f1908654049419350e37a95f2ef33361d8d8736d4083dc14c0bb972e14d4c7b97f3ddfccaef K = 2cb9c1d617e127a4770d0a946fb947c5100ed0ca59454ea80479f6885ec10534 R = 363e01c564f380a27d7d23b207af3f961d48fc0995487f60052775d724ab3d10 S = 4916d91b2927294e429d537c06dd2463d1845018cca2873e90a6c837b445fdde [mod = L=2048, N=256, SHA-224] P = d02276ebf3c22ffd666983183a47ae94c9bccbcbf95ddcb491d1f7ce643549199992d37c79e7b032d26ed031b6ba4489f3125826fafb2726a98333ebd9abdde592d8693d9859536d9cc3841a1d24e044d35aced6136256fc6d6b615cf4f4163aa381eb2b4c480825a8eccc56d8ddcf5fe637e38ad9b2974bd2cf68bf271e0d067d2465a8b6b660524f0082598945ada58ea649b9804eb4753408c2c59768c46abb82e3295f3d9ca469f84cc187f572dc4b5a3b39346ec839dfad6f07d6d1f0e215209bb0ecc05c767cf2e7943ac9cfb02eee1e9ef5946e8ce88316b5e15fdcf95a132ef2e4bb0817136528cfa5dd96532f9c3abe5c421620edb6bcbd52234ca9 Q = 8000000012997e8285e4089708f528070c6d7af8a0bd01409e7a079cdb6fc5bb G = 778453049ef262147fed7b59b0ee6764607c51e7b5b5fc6fea7a7a7b1dd6bb283f4a9ae98efd3964b1556758cb15b2a53af8619e74d85898bec77d3b3f382494ae5961a13ffc745da386182291519800f99dd710e00aeb15adee088e2798ee2e46f598526cf0f4667055d1ba009750041dc5cdd2725ff1d97dd340c8518af7671b87d39d67aeced84b66f84e0701efc82a5c9ef954ee576d24c385b14d63037f0d866fd424b4975bdd5485ed740cb932e843f906683f7c7b2c74775d901c361b847b519c0da699638da40bd736b783d2710b2c2cc26ef91271bf4e2c1929f876e902e2057164223bc78d6a2b9f6c0c7a7cb85922f7d6c4287ae23861f8128848 Msg = 39f2d8d503aae8cd17854456ecfad49a18900d4375412bc689181ed9c2ccafea98dca689a72dc75e5367d3d3abfc2169700d5891cff70f69d9aca093b061b9f5057f94636bc2783115254344fb12e33b167272e198838a8728e7744ea9a2e8248e34d5906e298302472637b879de91c1a6f9f331a5cf98a5af29132990d27416 X = 6ba81e6cd4367798aaab8b7af1135183a37c42a766dbd68cd2dce78f2670ef0f Y = 7bb31e98c7a0437f978a73d5dcfbdfbb09cc2499dfaf1eb5256bccd6358cabb5f67d04a42823463b7e957f2b9213f1fa8e5a98d614484701abb8c7d67641fe6ed06fa4527b493ddab2e74640fde3de70da693f1db2b8e26417040af0eea6cab451a795a52e187d2ee241b93f65c86c6d66f45834cce165ac5eb670d4f0095c23ce9757e3bdc636f991ee0073d90a09202edb35cc3ea1cf9adca1617fa0bffd9c126229a604a1d3bf4931ddf0b9942dfc8a2f8c09fcc97032564a79ae1ebe1e2ce49ff57839e7c43fa60b1603d15a450898aa4e4a1ee8065794126d64f013367096a83686b9f158c33b10f5f3b36cf1f6358b3f34f84b101dc26d3db68bcc95c8 K = 45030b79a395b1632700cbaffead97998d02bed8e0656876fc0174e4bdb96f79 R = 059bee9e708b7f20c3f791a640edee964e0aa672893c484799715817b3a8f6d4 S = 4bd41c84a724cc86e4f0194ec0fbf379e654d0d7f6a1f08bd468139422a5c353 [mod = L=2048, N=256, SHA-256] P = a8adb6c0b4cf9588012e5deff1a871d383e0e2a85b5e8e03d814fe13a059705e663230a377bf7323a8fa117100200bfd5adf857393b0bbd67906c081e585410e38480ead51684dac3a38f7b64c9eb109f19739a4517cd7d5d6291e8af20a3fbf17336c7bf80ee718ee087e322ee41047dabefbcc34d10b66b644ddb3160a28c0639563d71993a26543eadb7718f317bf5d9577a6156561b082a10029cd44012b18de6844509fe058ba87980792285f2750969fe89c2cd6498db3545638d5379d125dccf64e06c1af33a6190841d223da1513333a7c9d78462abaab31b9f96d5f34445ceb6309f2f6d2c8dde06441e87980d303ef9a1ff007e8be2f0be06cc15f Q = e71f8567447f42e75f5ef85ca20fe557ab0343d37ed09edc3f6e68604d6b9dfb G = 5ba24de9607b8998e66ce6c4f812a314c6935842f7ab54cd82b19fa104abfb5d84579a623b2574b37d22ccae9b3e415e48f5c0f9bcbdff8071d63b9bb956e547af3a8df99e5d3061979652ff96b765cb3ee493643544c75dbe5bb39834531952a0fb4b0378b3fcbb4c8b5800a5330392a2a04e700bb6ed7e0b85795ea38b1b962741b3f33b9dde2f4ec1354f09e2eb78e95f037a5804b6171659f88715ce1a9b0cc90c27f35ef2f10ff0c7c7a2bb0154d9b8ebe76a3d764aa879af372f4240de8347937e5a90cec9f41ff2f26b8da9a94a225d1a913717d73f10397d2183f1ba3b7b45a68f1ff1893caf69a827802f7b6a48d51da6fbefb64fd9a6c5b75c4561 Msg = 4e3a28bcf90d1d2e75f075d9fbe55b36c5529b17bc3a9ccaba6935c9e20548255b3dfae0f91db030c12f2c344b3a29c4151c5b209f5e319fdf1c23b190f64f1fe5b330cb7c8fa952f9d90f13aff1cb11d63181da9efc6f7e15bfed4862d1a62c7dcf3ba8bf1ff304b102b1ec3f1497dddf09712cf323f5610a9d10c3d9132659 X = 446969025446247f84fdea74d02d7dd13672b2deb7c085be11111441955a377b Y = 5a55dceddd1134ee5f11ed85deb4d634a3643f5f36dc3a70689256469a0b651ad22880f14ab85719434f9c0e407e60ea420e2a0cd29422c4899c416359dbb1e592456f2b3cce233259c117542fd05f31ea25b015d9121c890b90e0bad033be1368d229985aac7226d1c8c2eab325ef3b2cd59d3b9f7de7dbc94af1a9339eb430ca36c26c46ecfa6c5481711496f624e188ad7540ef5df26f8efacb820bd17a1f618acb50c9bc197d4cb7ccac45d824a3bf795c234b556b06aeb929173453252084003f69fe98045fe74002ba658f93475622f76791d9b2623d1b5fff2cc16844746efd2d30a6a8134bfc4c8cc80a46107901fb973c28fc553130f3286c1489da K = 117a529e3fdfc79843a5a4c07539036b865214e014b4928c2a31f47bf62a4fdb R = 633055e055f237c38999d81c397848c38cce80a55b649d9e7905c298e2a51447 S = 2bbf68317660ec1e4b154915027b0bc00ee19cfc0bf75d01930504f2ce10a8b0 [mod = L=2048, N=256, SHA-384] P = a6167c16fff74e29342b8586aed3cd896f7b1635a2286ff16fdff41a06317ca6b05ca2ba7c060ad6db1561621ccb0c40b86a03619bfff32e204cbd90b79dcb5f86ebb493e3bd1988d8097fa23fa4d78fb3cddcb00c466423d8fa719873c37645fe4eecc57171bbedfe56fa9474c96385b8ba378c79972d7aaae69a2ba64cde8e5654f0f7b74550cd3447e7a472a33b4037db468dde31c348aa25e82b7fc41b837f7fc226a6103966ecd8f9d14c2d3149556d43829f137451b8d20f8520b0ce8e3d705f74d0a57ea872c2bdee9714e0b63906cddfdc28b6777d19325000f8ed5278ec5d912d102109319cba3b6469d4672909b4f0dbeec0bbb634b551ba0cf213 Q = 8427529044d214c07574f7b359c2e01c23fd97701b328ac8c1385b81c5373895 G = 6fc232415c31200cf523af3483f8e26ace808d2f1c6a8b863ab042cc7f6b7144b2d39472c3cb4c7681d0732843503d8f858cbe476e6740324aaa295950105978c335069b919ff9a6ff4b410581b80712fe5d3e04ddb4dfd26d5e7fbca2b0c52d8d404343d57b2f9b2a26daa7ece30ceab9e1789f9751aaa9387049965af32650c6ca5b374a5ae70b3f98e053f51857d6bbb17a670e6eaaf89844d641e1e13d5a1b24d053dc6b8fd101c624786951927e426310aba9498a0042b3dc7bbc59d705f80d9b807de415f7e94c5cf9d789992d3bb8336d1d808cb86b56dde09d934bb527033922de14bf307376ab7d22fbcd616f9eda479ab214a17850bdd0802a871c Msg = 8c78cffdcf25d8230b835b30512684c9b252115870b603d1b4ba2eb5d35b33f26d96b684126ec34fff67dfe5c8c856acfe3a9ff45ae11d415f30449bcdc3bf9a9fb5a7e48afeaba6d0b0fc9bce0197eb2bf7a840249d4e550c5a25dc1c71370e67933edad2362fae6fad1efba5c08dc1931ca2841b44b78c0c63a1665ffac860 X = 459eb1588e9f7dd4f286677a7415cb25a1b46e7a7cfadc8a45100383e20da69d Y = 5ca7151bca0e457bbc46f59f71d81ab16688dc0eb7e4d17b166c3326c5b12c5bdebb3613224d1a754023c50b83cb5ecc139096cef28933b3b12ca31038e4089383597c59cc27b902be5da62cae7da5f4af90e9410ed1604082e2e38e25eb0b78dfac0aeb2ad3b19dc23539d2bcd755db1cc6c9805a7dd109e1c98667a5b9d52b21c2772121b8d0d2b246e5fd3da80728e85bbf0d7067d1c6baa64394a29e7fcbf80842bd4ab02b35d83f59805a104e0bd69d0079a065f59e3e6f21573a00da990b72ea537fa98caaa0a58800a7e7a0623e263d4fca65ebb8eded46efdfe7db92c9ebd38062d8f12534f015b186186ee2361d62c24e4f22b3e95da0f9062ce04d K = 2368037a1c7647c683d7e301ac79b7feebc736effe3ab1644b68308b4b28620d R = 4fd8f25c059030027381d4167c3174b6be0088c15f0a573d7ebd05960f5a1eb2 S = 5f56869cee7bf64fec5d5d6ea15bb1fa1169003a87eccc1621b90a1b892226f2 [mod = L=2048, N=256, SHA-512] P = f63da3be9a9616196c6556f3ce6fd8b98bdda9137473da46fed970e2b8d147387a81922065d528a7d6433ebc5e35b15c67ea35a5a5bff5b9cef1cd1e6fe31dda52838da3aa89b9b4e8d9d3c0732ccc4f238ce1b416c4ca93f2c6800e5f4ed41c4f7615cec5531b98680b20dc63f73e70d803aacfaece33d45fa0e39d77c8508209528b9046b5917010791234397e412d22bc0b8d67cbd1cd28a32c2460a0bd86aaba0eea80e16e3245643171e34221760c203a56b8207a1009e6c1a2f6cda85f85c4f9e410b9499233c0ee072e465af4fb4fb9282c5c10e8234fd630ea92f0aae6b97a520db34475707b79a4c175265c0356ccbca827e3837df3d6d0576d9079 Q = 9b7463f8269f0b909abed10991684f36a64ac864e0d6d717c0ef21577a4c3907 G = 972a75f606e8aa3a91ff08fd131a20f5963251304e3d1431b712fa0803d527fd710fb7eb27e52904971cd43ca977199a24dbeeb4b7bc2ba075d3b72eb6b2c5ad8f0e8b8f48c50b554c7e0711f4c7416330806672498f430292724bf98a8ea48c7f53d7b31d8b7528b1a6f087d2c27c335202835b1e314225b37aef8bfcec7d80920c4a460a3d68344ded75ed9ee867fa2a6945063894f563b68633b8b39f83a1aaaf5a96c7f422687e7c84cf8fb8cc5f4504dff087bcb26a95bbf8583f03b3a0e43a356b2bd7e25cdddf7a015300faecc6793c5ee99b6327cb8456e32d9115339d5a6b712b7f9d0301acb05133e3115e454d3a6dd24a1693c94aab5406504bf7 Msg = 8ab01510cfa33cfa5bcff003bba39996fa727693abf6ac010bb959b0b59a15306c0c3a1921af2a76717aa55b39fa3723f4c3229ca9acf6b741614bb551cde8a7220ab97d4b453bec1e05a0eaa42e382bbc7b9b84f8237dc8964ee5b66e9b2a4ca61cf675140efef54fb327a665def8d57ab097e8c53c643fcb58209c4215b608 X = 5f6e545daef6cd1b8d9848dd98758807236ac0b7ff053b32c703eaa3b1147557 Y = 41197ce2233d7e48c803cd64c78f657923b9e36b871401f8661c21d8ba38c6b9b3239db767b11d1d401e5faecbf7a45860cc5f1a54d60286b7d6e1c99fd5b8c84ed851c5357d41ad60163f224d78c996143fff89dd3a8fe123dae1f621427fd8cce76ed138d68fa248f374ae233249625b93f3dd5937d15e541b7effa4df4fea7d52faced615bfe0348418ff93e69a20a52e55c76cc30f307f84e71e4aabc0825eca3a95b4bd58ebfb0029d23a169e9d80ba7d1c5fd35395e6602e089aa9918f08bae35ae1cac7af33694129e98f0dadadd90eaeb6eed25024390b1a60af794734c397b0f509865b134b2867c115d6f489b6dd7e3c82994b45dce2a23c6bc902 K = 5fe61afddbdf04449b24295a52a1a037d3f31441a3cec138b7f0102db86ef132 R = 6a47ea57ceaecc116d7190ff6c6dd9831ab75b4bf6cb291083e4268b486ed245 S = 017355f698a32abe9a4d4a7dda7c85950cddc348ab8a6751e72fddc01aa5d1f0 [mod = L=3072, N=256, SHA-1] P = fd5a6c56dd290f7dd84a29de17126eb4e4487b3eff0a44abe5c59792d2e1200b9c3db44d528b9f7d2248032e4ba0f7bfc4fafc706be511db2276c0b7ecffd38da2e1c2f237a75390c1e4d3239cba8e20e55840ecb05df5f01a1b6977ad1906f2cb544ccfb93b901ad0966b1832ad2dab526244a3156c905c01ac51cb73b9dcd9860d56175a425d846485d9b1f44a8a0c2578e6cf61947bc1a1392fdd320b16a9d70455fe436f2d47ded8e8e605f7486eb578ea7fc4ffd13c07f9996af159fd411e9451403278dd1141a8c926b35c96384bbd6bee09c46f44c36b1ffc7197f5e925dbe0544a68e6ab8c18e426a466b392f9c27dd79fefa9ca163cc5a375539a8559f277f657a535d1964c6a5e91683ef5698ebaa01ef818dbf72cb04c3ff092d188866f25cd405108f566b087f73d2d5beb51fac6de84ae5161a66af9602c7e4bfc146f4820bdfc092faeac69133e4a08a5b202a12498a22e57bad54674ed4b510109d52b5f74e70e1f6f82161718cd4cf00cc9f1958acc8bddcdfbd1fbe46cd1 Q = 800000000000000000000000334a26dd8f49c6811ce81bb1342b06e980f64b75 G = 99ab030a21a5c9818174872167641c81c1e03c9b274cfbc27bc472542927766de5fa0539b3b73f3f16ac866a9aec8b445ded97fbff08834ed98c77e7fc89e5dc657bef766ff7fbf8e76873e17bee412762d56fe1141760ab4d25bafd4b6ef25b49a3506632d1f8e10770930760ec1325932c5a4baf9e90154264ddf442ec5c41fed95d11525151dbcfb3758149bad81c62b9cff7816b8f953b8b7c022590d1584e921dc955f5328ac72983ed5cf0d04056fe0d531e62f8f6c9ab3c0fcd44e14860b7311d2561c77c1d32f6c69dc8f77968c9d881ad9db5e0c114fda8628bca0335eb7fb9e15e625aabab58fc01194c81bf6fb2ce54077b82250e57c6a7b25deb6ee39d4b686a5c307a7612b2d85ee92512413dea297e44f317be7ceb70a3328af0b401001a418562b8ffe4e9771b4b4a8e0b40c791349d5d4e459fe620a1a2fc72e2f6ca28567d4c2632bbde1b49864c06bb12619f132c1da8f571ef613eac739f66ab3914cb3fa1ab86e05e5082ebaa24ebeea4cf51beefc27df512fe3fee7d Msg = ca84af5c9adbc0044db00d7acfb1b493aab0388ffbad47b38cd3e9e3111cfe2cda2a45f751c46862f05bdcec4b698adfd2e1606e484c3be4ac0c379d4fbc7c2cda43e922811d7f6c33040e8e65d5f317684b90e26387cf931fe7c2f515058d753b08137ff2c6b79c910de8283149e6872cb66f7e02e66f2371785129569362f1 X = 433cfd0532ccfd8cdd1b25920d2bb7396987b766240379035b0e86527ce9c52d Y = e7c2ee18c3aa362c0182c6a56c2584628083c73e045beda8d653690c9c2f6544edf9702c57c455273905336a5f5171107a313cd7d0b0f50f8d3342c60219f22a9023394059d05f464c4496d55dab6eb0898527ff4cf5678e7b5bfb5e18d92c4a9d73288cce14530fc4702f6d0397ec39a880c4a72d358730c56633386ede028023c1791f3164d1574e7823c79b8a3ca1343ea166ba6f02b7ff7e9ef2198db107f7cc159f3b6a1c00a78c355c566deb0ac6fde3f633cb9177a1fbc6c1766ca021d5fec470101abb440d2f06982181a8c92b7cdd765336b9a1e1ab70283d6db0a963fb648c37c4e29a74c37577291049ab47cdbc104c04db966681ea8ebb9f00cf4c4a5462117379575fbda4b801979451fa94b19b4e93656705c0f734f3e0914bb96c1e2b8a0fb68faf14296efdf3300ad95bcde8b67cc4b26e6488eef925cfaeac6f0d6567e8b41355f89d1c2b8fe687bfa2df5e287e1305b89b8c388c26196090ac0351abc561aadc797da8ccea4146c3e96095ebce353e0da4c55019052caa K = 40f503abd70fd49a76c67a83e08b062b3fd465ad92be433c080e5f295bb9f559 R = 21ca148cdf44be4ae93b2f353b8e512d03ad96dafa80623fde4922a95f032732 S = 73e48b77a3aa44307483c2dd895cb51db2112177c185c59cb1dcff32fda02a4f [mod = L=3072, N=256, SHA-224] P = f63b3cdd646d8e7ddb57216aa6eec2134d707488a1f29cfa9970645f1227ea5db2e318eea5da1687c7ed90509669345ed6134cff32203ab72aecbfa693d216aeb55d8d28a981f4abff07d1319a799be5dd746f84842817929c305b408598af12045daa2f1ccc8be4d81b513c630f017fec1658aca108a1af6120ec05e3018c4253c9dd35bce062b73d0f2a93d41c481a5c43bb97909682d39a9a60dc3c35e36375dec6ced0d2db3ba0d111bedea701a0e4753624977a9e75b70a74e2b81e38a52ab22da131b35416d3cec9663079746a763476e57598142e39861545daaf8d38a176f26c71f5afebd9c5620da80cf3452b55c37c661b4a1ec0351710b9de4a3cbe0b98b4d9ec89128d97aa7efb19db8ba43cc0be25c200f90e1506cb78ec0c336d7a95613d4204e8ed68d0f0a6c78420105a8d2d438fbd2551a64a1a0b03ffb878742f8c9979cfa87394150281998d51701d5fcfa9696a4989fd25f400955e626b1abe926c0afa69aa6981900effcdd030592f82b2042a47a9a5a8cb0283dc4d Q = 80000000ba4634b5fa4da054bd0ca48ae490e57711f381193842429159ba7ca1 G = 8ad4553c4e49aa24728ab5024417b132d2ca53a55d959458f2f759adb0435beeefa3a2cfcd0038e2420643fc4a4deeb5d9feaa1edf21193b40e14b42982a94f35c58b81147d7189d263c9b12fe63ab9fa5f6f03a2860c186432e3ab04f2ab0f2fb6147bd9bf7ed5d20713b9da21383e2c3a168e7d09d3d8a5a058fd23095b5acfeb864a3306be2425fa1ad32ad6d9382e603b03c68af4af0246397102c4155cba811abf99da7839e77b2eac9970588ca1d0a2361723a164ac9229c2e80dcfa8db4f9e29803effb3168c7fed7a3a6de40dda19a0536af9b5b7afaefb9c70d6ae8df12da658f6236043aea873db29ceb6f07d108f5225687bd0c30e3084e2090b45ae2f92a97b8ecb7a9705c4956b8b31c4a3d61107c84e47adda6c80d5d22dab3d859220f9d5aab13677ae3df168f0c176d176b54506c639853f04ddef2722f39c18e5ce426e14562ad8ff26247af88870efb72c0cce836de8fee67a662378245b502bf1f83099988a093ce7cdc81364c78b1f4a51b800df6137c71d65e6b089a Msg = 957973fc3f3fe3f559065be5d4a0c281cf17959018b9a670d2b3706d41d5812e37301005f8b70ebd2fba3c40a3f377a751b6cb9693e3cb00d92888247d07921d3c1e9257ce08733b8926e0df7bdb6e855f1f851075d4e628d110d42b643b54876e5faa3611477ee68371562555269ed62a9271bad50cc4d46038de2dd41920c2 X = 524a7ea5977f8102b3552930477f5f042401165d4637dcd8b9d13df4f3aae5d0 Y = 42243539e49db9ea19d98d97f6f2a94b23529812df889eaabcfeda01ce4c759487fb89bc82da75fe1c9134361f86de47d16d8eee80e56ac502178e8ed8129477af8bfbd8262c5edd937e1a86c0f0e7b2afe7bcbddfcb5814ced0b756a76ca178423bb4d578c5da183712d968582640aa0ec7e9fb56bfd960d7a57549747d8fb7ade47cfe816c1e57da6633dacc537de060813964bb5b2757a312f9da3d84e60aff98170051d3d90e380b8bcc1986c58ff9dc91e8827d4f9f5fc4b2b2e743cf9389ff02dec01f5d434b430d162e891c3355f91855339f8df58300e4c993ae4df8c4318b5c4bd05283ca4b46b7d2fb0f6476bf15907f50dd4141aa7acac9daa62eccd3a67357122060b6cece0446a93eb230ad93bc9a4d1b1efeeca1e3fc83c119785035b439509ffb7968b1a448b7bd8315753fdf04a256eca1562a11b096c90a36b353659cbde4420e17e90b94c43c7519c60641ceec056f897b97d6bb1861268e0dc79b7c3b6b7639c255bf06865737459126cb465bc1da4a043a1963da7d63 K = 29e4d7790e181b4767903fe0eb37757f33f13337c33588c1fdbfba0e655ab621 R = 2e59d5f30f73781d38255b70dedeeb38ae78df4f002c1f747c08deadc6530155 S = 615c55b2df0ca28c60a6b385c58fa036df8c4b2f4f1935730bf8f4f0bed13610 [mod = L=3072, N=256, SHA-256] P = c7b86d7044218e367453d210e76433e4e27a983db1c560bb9755a8fb7d819912c56cfe002ab1ff3f72165b943c0b28ed46039a07de507d7a29f738603decd1270380a41f971f2592661a64ba2f351d9a69e51a888a05156b7fe1563c4b77ee93a44949138438a2ab8bdcfc49b4e78d1cde766e54984760057d76cd740c94a4dd25a46aa77b18e9d707d6738497d4eac364f4792d9766a16a0e234807e96b8c64d404bbdb876e39b5799ef53fe6cb9bab62ef19fdcc2bdd905beda13b9ef7ac35f1f557cb0dc458c019e2bc19a9f5dfc1e4eca9e6d466564124304a31f038605a3e342da01be1c2b545610edd2c1397a3c8396588c6329efeb4e165af5b368a39a88e4888e39f40bb3de4eb1416672f999fead37aef1ca9643ff32cdbc0fcebe628d7e46d281a989d43dd21432151af68be3f6d56acfbdb6c97d87fcb5e6291bf8b4ee1275ae0eb4383cc753903c8d29f4adb6a547e405decdff288c5f6c7aa30dcb12f84d392493a70933317c0f5e6552601fae18f17e6e5bb6bf396d32d8ab9 Q = 876fa09e1dc62b236ce1c3155ba48b0ccfda29f3ac5a97f7ffa1bd87b68d2a4b G = 110afebb12c7f862b6de03d47fdbc3326e0d4d31b12a8ca95b2dee2123bcc667d4f72c1e7209767d2721f95fbd9a4d03236d54174fbfaff2c4ff7deae4738b20d9f37bf0a1134c288b420af0b5792e47a92513c0413f346a4edbab2c45bdca13f5341c2b55b8ba54932b9217b5a859e553f14bb8c120fbb9d99909dff5ea68e14b379964fd3f3861e5ba5cc970c4a180eef54428703961021e7bd68cb637927b8cbee6805fa27285bfee4d1ef70e02c1a18a7cd78bef1dd9cdad45dde9cd690755050fc4662937ee1d6f4db12807ccc95bc435f11b71e7086048b1dab5913c6055012de82e43a4e50cf93feff5dcab814abc224c5e0025bd868c3fc592041bba04747c10af513fc36e4d91c63ee5253422cf4063398d77c52fcb011427cbfcfa67b1b2c2d1aa4a3da72645cb1c767036054e2f31f88665a54461c885fb3219d5ad8748a01158f6c7c0df5a8c908ba8c3e536822428886c7b500bbc15b49df746b9de5a78fe3b4f6991d0110c3cbff458039dc36261cf46af4bc2515368f4abb7 Msg = cb06e02234263c22b80e832d6dc5a1bee5ea8af3bc2da752441c04027f176158bfe68372bd67f84d489c0d49b07d4025962976be60437be1a2d01d3be0992afa5abe0980e26a9da4ae72f827b423665195cc4eed6fe85c335b32d9c03c945a86e7fa99373f0a30c6eca938b3afb6dff67adb8bece6f8cfec4b6a12ea281e2323 X = 3470832055dade94e14cd8777171d18e5d06f66aeff4c61471e4eba74ee56164 Y = 456a105c713566234838bc070b8a751a0b57767cb75e99114a1a46641e11da1fa9f22914d808ad7148612c1ea55d25301781e9ae0c9ae36a69d87ba039ec7cd864c3ad094873e6e56709fd10d966853d611b1cff15d37fdee424506c184d62c7033358be78c2250943b6f6d043d63b317de56e5ad8d1fd97dd355abe96452f8e435485fb3b907b51900aa3f24418df50b4fcdafbf6137548c39373b8bc4ba3dabb4746ebd17b87fcd6a2f197c107b18ec5b465e6e4cb430d9c0ce78da5988441054a370792b730da9aba41a3169af26176f74e6f7c0c9c9b55b62bbe7ce38d4695d48157e660c2acb63f482f55418150e5fee43ace84c540c3ba7662ae80835c1a2d51890ea96ba206427c41ef8c38aa07d2a365e7e58380d8f4782e22ac2101af732ee22758337b253637838e16f50f56d313d07981880d685557f7d79a6db823c61f1bb3dbc5d50421a4843a6f29690e78aa0f0cff304231818b81fc4a243fc00f09a54c466d6a8c73d32a55e1abd5ec8b4e1afa32a79b01df85a81f3f5cfe K = 3d7c068a3978b2d8fe9034bcad65ad7c300c4440e4085de280e577eea72c1207 R = 53bae6c6f336e2eb311c1e92d95fc449a929444ef81ec4279660b200d59433de S = 49f3a74e953e77a7941af3aefeef4ed499be209976a0edb3fa5e7cb961b0c112 [mod = L=3072, N=256, SHA-384] P = a410d23ed9ad9964d3e401cb9317a25213f75712acbc5c12191abf3f1c0e723e2333b49eb1f95b0f9748d952f04a5ae358859d384403ce364aa3f58dd9769909b45048548c55872a6afbb3b15c54882f96c20df1b2df164f0bac849ca17ad2df63abd75c881922e79a5009f00b7d631622e90e7fa4e980618575e1d6bd1a72d5b6a50f4f6a68b793937c4af95fc11541759a1736577d9448b87792dff07232415512e933755e12250d466e9cc8df150727d747e51fea7964158326b1365d580cb190f4518291598221fdf36c6305c8b8a8ed05663dd7b006e945f592abbecae460f77c71b6ec649d3fd5394202ed7bbbd040f7b8fd57cb06a99be254fa25d71a3760734046c2a0db383e02397913ae67ce65870d9f6c6f67a9d00497be1d763b21937cf9cbf9a24ef97bbcaa07916f8894e5b7fb03258821ac46140965b23c5409ca49026efb2bf95bce025c4183a5f659bf6aaeef56d7933bb29697d7d541348c871fa01f869678b2e34506f6dc0a4c132b689a0ed27dc3c8d53702aa584877 Q = abc67417725cf28fc7640d5de43825f416ebfa80e191c42ee886303338f56045 G = 867d5fb72f5936d1a14ed3b60499662f3124686ef108c5b3da6663a0e86197ec2cc4c9460193a74ff16028ac9441b0c7d27c2272d483ac7cd794d598416c4ff9099a61679d417d478ce5dd974bf349a14575afe74a88b12dd5f6d1cbd3f91ddd597ed68e79eba402613130c224b94ac28714a1f1c552475a5d29cfcdd8e08a6b1d65661e28ef313514d1408f5abd3e06ebe3a7d814d1ede316bf495273ca1d574f42b482eea30db53466f454b51a175a0b89b3c05dda006e719a2e6371669080d768cc038cdfb8098e9aad9b8d83d4b759f43ac9d22b353ed88a33723550150de0361b7a376f37b45d437f71cb711f2847de671ad1059516a1d45755224a15d37b4aeada3f58c69a136daef0636fe38e3752064afe598433e80089fda24b144a462734bef8f77638845b00e59ce7fa4f1daf487a2cada11eaba72bb23e1df6b66a183edd226c440272dd9b06bec0e57f1a0822d2e00212064b6dba64562085f5a75929afa5fe509e0b78e630aaf12f91e4980c9b0d6f7e059a2ea3e23479d930 Msg = ed9a64d3109ef8a9292956b946873ca4bd887ce624b81be81b82c69c67aaddf5655f70fe4768114db2834c71787f858e5165da1a7fa961d855ad7e5bc4b7be31b97dbe770798ef7966152b14b86ae35625a28aee5663b9ef3067cbdfbabd87197e5c842d3092eb88dca57c6c8ad4c00a19ddf2e1967b59bd06ccaef933bc28e7 X = 6d4c934391b7f6fb6e19e3141f8c0018ef5726118a11064358c7d35b37737377 Y = 1f0a5c75e7985d6e70e4fbfda51a10b925f6accb600d7c6510db90ec367b93bb069bd286e8f979b22ef0702f717a8755c18309c87dae3fe82cc3dc8f4b7aa3d5f3876f4d4b3eb68bfe910c43076d6cd0d39fc88dde78f09480db55234e6c8ca59fe2700efec04feee6b4e8ee2413721858be7190dbe905f456edcab55b2dc2916dc1e8731988d9ef8b619abcf8955aa960ef02b3f02a8dc649369222af50f1338ed28d667f3f10cae2a3c28a3c1d08df639c81ada13c8fd198c6dae3d62a3fe9f04c985c65f610c06cb8faea68edb80de6cf07a8e89c00218185a952b23572e34df07ce5b4261e5de427eb503ee1baf5992db6d438b47434c40c22657bc163e7953fa33eff39dc2734607039aadd6ac27e4367131041f845ffa1a13f556bfba2307a5c78f2ccf11298c762e08871968e48dc3d1569d09965cd09da43cf0309a16af1e20fee7da3dc21b364c4615cd5123fa5f9b23cfc4ffd9cfdcea670623840b062d4648d2eba786ad3f7ae337a4284324ace236f9f7174fbf442b99043002f K = 40b5cc685c3d1f59072228af9551683b5b8c8ff65240114ad2dacfccf3928057 R = 7695698a14755db4206e850b4f5f19c540b07d07e08aac591e20081646e6eedc S = 3dae01154ecff7b19007a953f185f0663ef7f2537f0b15e04fb343c961f36de2 [mod = L=3072, N=256, SHA-512] P = c1d0a6d0b5ed615dee76ac5a60dd35ecb000a202063018b1ba0a06fe7a00f765db1c59a680cecfe3ad41475badb5ad50b6147e2596b88d34656052aca79486ea6f6ec90b23e363f3ab8cdc8b93b62a070e02688ea877843a4685c2ba6db111e9addbd7ca4bce65bb10c9ceb69bf806e2ebd7e54edeb7f996a65c907b50efdf8e575bae462a219c302fef2ae81d73cee75274625b5fc29c6d60c057ed9e7b0d46ad2f57fe01f823230f31422722319ce0abf1f141f326c00fbc2be4cdb8944b6fd050bd300bdb1c5f4da72537e553e01d51239c4d461860f1fb4fd8fa79f5d5263ff62fed7008e2e0a2d36bf7b9062d0d75db226c3464b67ba24101b085f2c670c0f87ae530d98ee60c5472f4aa15fb25041e19106354da06bc2b1d322d40ed97b21fd1cdad3025c69da6ce9c7ddf3dcf1ea4d56577bfdec23071c1f05ee4077b5391e9a404eaffe12d1ea62d06acd6bf19e91a158d2066b4cd20e4c4e52ffb1d5204cd022bc7108f2c799fb468866ef1cb09bce09dfd49e4740ff8140497be61 Q = bf65441c987b7737385eadec158dd01614da6f15386248e59f3cddbefc8e9dd1 G = c02ac85375fab80ba2a784b94e4d145b3be0f92090eba17bd12358cf3e03f4379584f8742252f76b1ede3fc37281420e74a963e4c088796ff2bab8db6e9a4530fc67d51f88b905ab43995aab46364cb40c1256f0466f3dbce36203ef228b35e90247e95e5115e831b126b628ee984f349911d30ffb9d613b50a84dfa1f042ba536b82d5101e711c629f9f2096dc834deec63b70f2a2315a6d27323b995aa20d3d0737075186f5049af6f512a0c38a9da06817f4b619b94520edfac85c4a6e2e186225c95a04ec3c3422b8deb284e98d24b31465802008a097c25969e826c2baa59d2cba33d6c1d9f3962330c1fcda7cfb18508fea7d0555e3a169daed353f3ee6f4bb30244319161dff6438a37ca793b24bbb1b1bc2194fc6e6ef60278157899cb03c5dd6fc91a836eb20a25c09945643d95f7bd50d206684d6ffc14d16d82d5f781225bff908392a5793b803f9b70b4dfcb394f9ed81c18e391a09eb3f93a032d81ba670cabfd6f64aa5e3374cb7c2029f45200e4f0bfd820c8bd58dc5eeb34 Msg = 494180eed0951371bbaf0a850ef13679df49c1f13fe3770b6c13285bf3ad93dc4ab018aab9139d74200808e9c55bf88300324cc697efeaa641d37f3acf72d8c97bff0182a35b940150c98a03ef41a3e1487440c923a988e53ca3ce883a2fb532bb7441c122f1dc2f9d0b0bc07f26ba29a35cdf0da846a9d8eab405cbf8c8e77f X = 150b5c51ea6402276bc912322f0404f6d57ff7d32afcaa83b6dfde11abb48181 Y = 6da54f2b0ddb4dcce2da1edfa16ba84953d8429ce60cd111a5c65edcf7ba5b8d9387ab6881c24880b2afbdb437e9ed7ffb8e96beca7ea80d1d90f24d546112629df5c9e9661742cc872fdb3d409bc77b75b17c7e6cfff86261071c4b5c9f9898be1e9e27349b933c34fb345685f8fc6c12470d124cecf51b5d5adbf5e7a2490f8d67aac53a82ed6a2110686cf631c348bcbc4cf156f3a6980163e2feca72a45f6b3d68c10e5a2283b470b7292674490383f75fa26ccf93c0e1c8d0628ca35f2f3d9b6876505d118988957237a2fc8051cb47b410e8b7a619e73b1350a9f6a260c5f16841e7c4db53d8eaa0b4708d62f95b2a72e2f04ca14647bca6b5e3ee707fcdf758b925eb8d4e6ace4fc7443c9bc5819ff9e555be098aa055066828e21b818fedc3aac517a0ee8f9060bd86e0d4cce212ab6a3a243c5ec0274563353ca7103af085e8f41be524fbb75cda88903907df94bfd69373e288949bd0626d85c1398b3073a139d5c747d24afdae7a3e745437335d0ee993eef36a3041c912f7eb58 K = b599111b9f78402cefe7bde8bf553b6ca00d5abaf9a158aa42f2607bf78510bc R = a40a6c905654c55fc58e99c7d1a3feea2c5be64823d4086ce811f334cfdc448d S = 6478050977ec585980454e0a2f26a03037b921ca588a78a4daff7e84d49a8a6c nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key00000664000000000000000000000053413252671167016300 0ustar AAAAQI3ypJRJInaqPSV1m7BoacvqwNg6+40M98u4Mk8NeILl0HYvxbchDq/C6a2s Mqt6rElpPfv4NyTC7Ac27jHIApEAAAAUx3MhjHN+yO6ZO08t7TD0jtrOkV8AAABA Ym0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5Uhklyc xC6fb0ZLCIzFcq9T5teIAgAAAEAZExhx11sWEqgZ8p140bDXNG96p3u2KoWb/WxW ddqdIS06Nu8Wcu9mC4x8JVzA7HSFj7oz9EwGaZYwp2sDDuMzAAAAFCBwsyI9ujcv 3hwP/HsuO0mLJgYU nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key10000664000000000000000000000114413252671167016277 0ustar AAAAgKj5zSAeXjXYkvhfgOTbJZmlZ2o7HU8ZAzDtMlaybQ6AoOSaj/+qrSok9HLS VzJB1NbWx0gMgLTGe7RHnBWtp+qEJNJQL6AUcudgJBcT2rAlrhsC4XA6FDX2Ld9O 5MG2ZAZusi8uO/KLtwoqduT9Xr4tEiloG1sGQ5rJx+nYveKDAAAAFPhfD4OsTffq DN+PRpv+6uoUFWSVAAAAgCsxUv9sYvFGIrj0jln4r0aIOzjnm4x03urp3xMfi4Vu OtbIRV2rh8wNqKyXNBfOT3h4VX1s30CzW0oMo+sxDGqV1ozihK1OJeooWRYR7gi4 REvWSyXz98VyQQ3fs5zHKLnJNvhfQZEphpkpzbkJpqOpm74IkhY2gXG9C6gd5P4z AAAAgDE/2evKkVdOHC7r4VF8V+DCGwIJhyFAxTKHYbuyRQsz8bGLQJzpq3xM2P2j OR6ONIaDV8GZ4WprLroG1nSd73kdeeldOk0Jskw5KtidvxAJla4ZwBBiBWuxS84A Xocx794XX5W5dQib3NrqVisyeG2W9aMa7fdTZACK1P/+u5cLAAAAFMU+rm1FMjFk x9B69XFXA3RKY/w6 nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key100000664000000000000000000000221413252671167016356 0ustar AAABAL/r0ACy1s1Ks477o13zNN9yHWwvKz2VZnnLrQCfPfvQApUsyJnMI1bsh2m9 PRulpzAjcpiI2pLKSKXulMl/TwSi46y08zovD7N4PDHyxw+nxw84IUon2t7IsS5n mWqehe47sUiAMTAUc5LcUlPATXBjU15s1ka/sYaYTgi1i3SnvlszO/MrCr/VZlNg 6akjoMUo/xxixyU0WPVnhShxnUNuUBSHQfRdx90sbKxxxVIx8SqD/v0u0KM+3huK UfVm/PeJBoLNwZMdwgfJK/LvTiirMWYe63fxYB7qlByVkfA40/ANkShX2wXmSyrV aTIAYcb4Y/8zVNhC5+fqcVr++NEAAAAcqpht+KBkJ46TYzFqmDC8+kkGVvqm1dqo F9h5SQAAAQCBla2aR4/ZhSFu5YNoNm0u3RPBKz1iI5Fp+gQtkRVkCLSDEi9E7WI2 uDCKbNtS+a896I7IngOa+tfaOqZsGXYEmo4KfRjVZ7r5n87+MVytoBVIOGsQsl5S 9S7XjrTSgILl4f/ulIDE/izEqv0e/J1P0sxtFVlokxJx7xWzJA5/sEOoDI9ii+/g nWRQd8ECnSHgrIvwupwncU0bWA7eWUqgGzt29udF/B7AfbN+L9fpjGyMaRUijkIs MJ3p9dsWj1AknRvh7TKYCQgI4uu4lrt5uMTL+U1MIGTjfmErpESdesIQ7d4hFBbW SwUd2ARqsEFzJmVBGn8VTTGz4RpR2n/AAAABAK9nIb913saht2rTXKN1De8xEXxb RBwVowaDWh23TAA7hq6Qmev7dFsKqcsADPQ/sCFRO48Ze8hlsiv5SbSRgJrXUv/B yo5UvqFtx/U55MVftwp3Q90o8mL2DvDy/KrCnoAhp5OMGP/gMHXQt+CitNyr5G7R lT0z438ROvUZqwvwthhsErX2SIQ39RkwluL9amoYNWBHlMZrQq5SZcHPHLU66EmX l14DGKk85B45AuTvVN48VlVb0ZSRrNU/PldGTh9GA4nbxfqAZI+lpaDylW6ew7jc RBtTXGQcNi7tdw2oKGSb/RRkcrD0akwGTkWfiL/5De3n7FYXeppx0WeUhxIAAAAc altP/EQjjRhS+5t05MFmG+hZhAQ8/u4CP1fKxg== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key110000664000000000000000000000222413252671167016360 0ustar AAABAMGlnSFVc5SeCyCpdMLt8uMTf/JGMGL3Xx0T3xKroQdrstATQCtgr2wYf7D6 NiFnyXbCYXxyb5B38J4YwRtg9lAIglvWwCofV9PrCtQc1UfeQ9h/JSX5cdQrMGUG 58oDvmOzX0raFy0KBpJEQKFCUNeCKsLVrq/tRhnnnUFYp9XrLZ8CPbGBqPCUssbL h8uFNUFqwZgT8HFEZgxVd0X0SgHGsQKQksEpsNJxg+gsWiGoAXfudHbrlcRm+0cr 09LcKGziWEfpPL+prTnMVwNdDHtkuSapx/WnsrxavL+9wLDj/t48HgLESvyK78eV faB6Dl/RIznbhmdhb2IobfgNWKsAAAAggAAAAAAAAAAAAAAAG9YsZei4fIl5f48M v6VeSmgQ4scAAAEArqWHh0DxQk08bqnGtHmWFdJ0kpihfiYgf3bO80Dd05Dhsa1r bAAQrQFaEDNC3dRSysAks25C2bjtUvr656HTzp5LIfkQ0TVusWOj5agYTHgb8USS r6LksKVtiIT9AaYouWYnOcQuXFeVreL18n5t4dljkXzogG/EDQIc2HqjqjqeTwws TEXSlZsleLL7GiIpw34YEFm51ee3hi+oLiN3pJ7Q+dyoIKWBQHndZhBxTvr4sMxo PY5y5MiE5vnUlGs+jUy7kq2759TEfMML5/jDfKgYg6GqxoYAWf9GQKKcyuc94gsS 5jsAqIsu6bqUt160CmVuFdnsg3MchdDv/LnvnwAAAQCIDhfEroFBdQYJ2CUcC716 z20LRg7TaI6aX5kObEtbAIddp1DgIooEECo19X50uNL5tpUPDR240wLFyQpbh4ao LGj/WxelenWElsX4BT5EhKJT2ZQiBNmhEJ9L0qPsMRpgz2nGhbWG2Yb1ZdM9v1qr cJHjGqQQLE9LU/v4ctcAFWRltsB15/d4RxojUC3A/uQbJxyDehwmaRaZ81UNBgoz EJn2SDfN3sacrr9Rv07J828qIg/nc8tNPALQRG3dRhM1Mu8cPGnUMuMDUCvQWnUn mngJp0KsSnhysH8ZCGVASUGTUON6lfLvMzYdjYc21Ag9wUwLuXLhTUx7l/Pd/Mrv AAAAIFpC53JINY8GrpgKLGT2oivqK/e0/AAVdFBTxDK3Eypn nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key120000664000000000000000000000222413252671167016361 0ustar AAABANAiduvzwi/9ZmmDGDpHrpTJvMvL+V3ctJHR985kNUkZmZLTfHnnsDLSbtAx trpEifMSWCb6+ycmqYMz69mr3eWS2Gk9mFlTbZzDhBodJOBE01rO1hNiVvxta2Fc 9PQWOqOB6ytMSAglqOzMVtjdz1/mN+OK2bKXS9LPaL8nHg0GfSRlqLa2YFJPAIJZ iUWtpY6mSbmATrR1NAjCxZdoxGq7guMpXz2cpGn4TMGH9XLcS1o7OTRuyDnfrW8H 1tHw4hUgm7DswFx2fPLnlDrJz7Au7h6e9ZRujOiDFrXhX9z5WhMu8uS7CBcTZSjP pd2WUy+cOr5cQhYg7ba8vVIjTKkAAAAggAAAABKZfoKF5AiXCPUoBwxtevigvQFA nnoHnNtvxbsAAAEAd4RTBJ7yYhR/7XtZsO5nZGB8Uee1tfxv6np6ex3Wuyg/Sprp jv05ZLFVZ1jLFbKlOvhhnnTYWJi+x307PzgklK5ZYaE//HRdo4YYIpFRmAD5ndcQ 4ArrFa3uCI4nmO4uRvWYUmzw9GZwVdG6AJdQBB3FzdJyX/HZfdNAyFGK92cbh9Od Z67O2Etm+E4HAe/IKlye+VTuV20kw4WxTWMDfw2Gb9QktJdb3VSF7XQMuTLoQ/kG aD98eyx0d12QHDYbhHtRnA2mmWONpAvXNreD0nELLCzCbvkScb9OLBkp+HbpAuIF cWQiO8eNaiufbAx6fLhZIvfWxCh64jhh+BKISAAAAQB7sx6Yx6BDf5eKc9Xc+9+7 Ccwkmd+vHrUla8zWNYyrtfZ9BKQoI0Y7fpV/K5IT8fqOWpjWFEhHAau4x9Z2Qf5u 0G+kUntJPdqy50ZA/ePecNppPx2yuOJkFwQK8O6myrRRp5WlLhh9LuJBuT9lyGxt ZvRYNMzhZaxetnDU8AlcI86XV+O9xjb5ke4Ac9kKCSAu2zXMPqHPmtyhYX+gv/2c EmIppgSh079JMd3wuZQt/IovjAn8yXAyVkp5rh6+Hizkn/V4OefEP6YLFgPRWkUI mKpOSh7oBleUEm1k8BM2cJaoNoa58VjDOxD187Ns8fY1iz80+EsQHcJtPbaLzJXI AAAAIGuoHmzUNneYqquLevETUYOjfEKnZtvWjNLc548mcO8P nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key130000664000000000000000000000222413252671167016362 0ustar AAABAKittsC0z5WIAS5d7/GocdOD4OKoW16OA9gU/hOgWXBeZjIwo3e/cyOo+hFx ACAL/VrfhXOTsLvWeQbAgeWFQQ44SA6tUWhNrDo497ZMnrEJ8Zc5pFF819XWKR6K 8go/vxczbHv4DucY7gh+Mi7kEEfavvvMNNELZrZE3bMWCijAY5Vj1xmTomVD6tt3 GPMXv12Vd6YVZWGwgqEAKc1EASsY3mhEUJ/gWLqHmAeSKF8nUJaf6Jws1kmNs1RW ONU3nRJdzPZOBsGvM6YZCEHSI9oVEzM6fJ14Riq6qzG5+W1fNERc62MJ8vbSyN3g ZEHoeYDTA++aH/AH6L4vC+BswV8AAAAg5x+FZ0R/QudfXvhcog/lV6sDQ9N+0J7c P25oYE1rnfsAAAEAW6JN6WB7iZjmbObE+BKjFMaTWEL3q1TNgrGfoQSr+12EV5pi OyV0s30izK6bPkFeSPXA+by9/4Bx1jubuVblR686jfmeXTBhl5ZS/5a3Zcs+5JNk NUTHXb5bs5g0UxlSoPtLA3iz/LtMi1gApTMDkqKgTnALtu1+C4V5XqOLG5YnQbPz O53eL07BNU8J4ut46V8DelgEthcWWfiHFc4amwzJDCfzXvLxD/DHx6K7AVTZuOvn aj12Sqh5rzcvQkDeg0eTflqQzsn0H/Lya42pqUoiXRqRNxfXPxA5fSGD8bo7e0Wm jx/xiTyvaagngC97akjVHab777ZP2abFt1xFYQAAAQBaVdzt3RE07l8R7YXetNY0 o2Q/XzbcOnBoklZGmgtlGtIogPFKuFcZQ0+cDkB+YOpCDioM0pQixImcQWNZ27Hl kkVvKzzOIzJZwRdUL9BfMeolsBXZEhyJC5DgutAzvhNo0imYWqxyJtHIwuqzJe87 LNWdO59959vJSvGpM560MMo2wmxG7PpsVIFxFJb2JOGIrXVA713yb476y4IL0Xof YYrLUMm8GX1Mt8ysRdgko795XCNLVWsGrrkpFzRTJSCEAD9p/pgEX+dAArplj5NH ViL3Z5HZsmI9G1//LMFoRHRu/S0wpqgTS/xMjMgKRhB5AfuXPCj8VTEw8yhsFIna AAAAIERpaQJURiR/hP3qdNAtfdE2crLet8CFvhERFEGVWjd7 nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key140000664000000000000000000000222413252671167016363 0ustar AAABAKYWfBb/904pNCuFhq7TzYlvexY1oihv8W/f9BoGMXymsFyiunwGCtbbFWFi HMsMQLhqA2Gb//MuIEy9kLedy1+G67ST470ZiNgJf6I/pNePs83csAxGZCPY+nGY c8N2Rf5O7MVxcbvt/lb6lHTJY4W4ujeMeZcteqrmmiumTN6OVlTw97dFUM00R+ek cqM7QDfbRo3eMcNIqiXoK3/EG4N/f8ImphA5ZuzY+dFMLTFJVW1Dgp8TdFG40g+F ILDOjj1wX3TQpX6ocsK97pcU4LY5Bs3f3Ci2d30ZMlAA+O1SeOxdkS0QIQkxnLo7 ZGnUZykJtPDb7sC7tjS1UboM8hMAAAAghCdSkETSFMB1dPezWcLgHCP9l3AbMorI wThbgcU3OJUAAAEAb8IyQVwxIAz1I680g/jias6AjS8caouGOrBCzH9rcUSy05Ry w8tMdoHQcyhDUD2PhYy+R25nQDJKqilZUBBZeMM1BpuRn/mm/0tBBYG4BxL+XT4E 3bTf0m1ef7yisMUtjUBDQ9V7L5sqJtqn7OMM6rnheJ+XUaqpOHBJllrzJlDGyls3 SlrnCz+Y4FP1GFfWu7F6Zw5uqviYRNZB4eE9Whsk0FPca4/RAcYkeGlRkn5CYxCr qUmKAEKz3Hu8WdcF+A2bgH3kFffpTFz514mZLTu4M20dgIy4a1bd4J2TS7UnAzki 3hS/MHN2q30i+81hb57aR5qyFKF4UL3QgCqHHAAAAQBcpxUbyg5Fe7xG9Z9x2Bqx ZojcDrfk0XsWbDMmxbEsW967NhMiTRp1QCPFC4PLXswTkJbO8okzs7EsoxA45AiT g1l8WcwnuQK+XaYsrn2l9K+Q6UEO0WBAguLjjiXrC3jfrArrKtOxncI1OdK811Xb HMbJgFp90QnhyYZnpbnVKyHCdyEhuNDSskbl/T2oByjoW78NcGfRxrqmQ5Sinn/L +AhCvUqwKzXYP1mAWhBOC9adAHmgZfWePm8hVzoA2pkLcupTf6mMqqCliACn56Bi PiY9T8pl67jt7Ubv3+fbksnr04Bi2PElNPAVsYYYbuI2HWLCTk8is+ldoPkGLOBN AAAAIEWesViOn33U8oZnenQVyyWhtG56fPrcikUQA4PiDaad nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key150000664000000000000000000000222413252671167016364 0ustar AAABAPY9o76alhYZbGVW885v2LmL3akTdHPaRv7ZcOK40Uc4eoGSIGXVKKfWQz68 XjWxXGfqNaWlv/W5zvHNHm/jHdpSg42jqom5tOjZ08BzLMxPI4zhtBbEypPyxoAO X07UHE92Fc7FUxuYaAsg3GP3PnDYA6rPrs4z1F+g4513yFCCCVKLkEa1kXAQeRI0 OX5BLSK8C41ny9HNKKMsJGCgvYaqug7qgOFuMkVkMXHjQiF2DCA6VrggehAJ5sGi 9s2oX4XE+eQQuUmSM8DuBy5GWvT7T7koLFwQ6CNP1jDqkvCq5rl6Ug2zRHVwe3mk wXUmXANWzLyoJ+ODffPW0FdtkHkAAAAgm3Rj+CafC5CavtEJkWhPNqZKyGTg1tcX wO8hV3pMOQcAAAEAlyp19gboqjqR/wj9Exog9ZYyUTBOPRQxtxL6CAPVJ/1xD7fr J+UpBJcc1DypdxmaJNvutLe8K6B107cutrLFrY8Oi49IxQtVTH4HEfTHQWMwgGZy SY9DApJyS/mKjqSMf1PXsx2LdSixpvCH0sJ8M1ICg1seMUIls3rvi/zsfYCSDEpG Cj1oNE3tde2e6Gf6KmlFBjiU9WO2hjO4s5+DoaqvWpbH9CJofnyEz4+4zF9FBN/w h7yyapW7+Fg/A7Og5Do1ayvX4lzd33oBUwD67MZ5PF7pm2Mny4RW4y2RFTOdWmtx K3+dAwGssFEz4xFeRU06bdJKFpPJSqtUBlBL9wAAAQBBGXziIz1+SMgDzWTHj2V5 I7nja4cUAfhmHCHYujjGubMjnbdnsR0dQB5frsv3pFhgzF8aVNYChrfW4cmf1bjI TthRxTV9Qa1gFj8iTXjJlhQ//4ndOo/hI9rh9iFCf9jM527RONaPokjzdK4jMkli W5Pz3Vk30V5UG37/pN9P6n1S+s7WFb/gNIQY/5PmmiClLlXHbMMPMH+E5x5Kq8CC Xso6lbS9WOv7ACnSOhaenYC6fRxf01OV5mAuCJqpkY8IuuNa4crHrzNpQSnpjw2t rdkOrrbu0lAkOQsaYK95RzTDl7D1CYZbE0soZ8EV1vSJtt1+PIKZS0Xc4qI8a8kC AAAAIF9uVF2u9s0bjZhI3Zh1iAcjasC3/wU7MscD6qOxFHVX nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key160000664000000000000000000000324413252671167016370 0ustar AAABgP1abFbdKQ992Eop3hcSbrTkSHs+/wpEq+XFl5LS4SALnD20TVKLn30iSAMu S6D3v8T6/HBr5RHbInbAt+z/042i4cLyN6dTkMHk0yOcuo4g5VhA7LBd9fAaG2l3 rRkG8stUTM+5O5Aa0JZrGDKtLatSYkSjFWyQXAGsUctzudzZhg1WF1pCXYRkhdmx 9EqKDCV45s9hlHvBoTkv3TILFqnXBFX+Q28tR97Y6OYF90hutXjqf8T/0TwH+Zlq 8Vn9QR6UUUAyeN0RQajJJrNcljhLvWvuCcRvRMNrH/xxl/XpJdvgVEpo5quMGOQm pGazkvnCfdef76nKFjzFo3VTmoVZ8nf2V6U10ZZMal6RaD71aY66oB74GNv3LLBM P/CS0YiGbyXNQFEI9Wawh/c9LVvrUfrG3oSuUWGmavlgLH5L/BRvSCC9/Akvrqxp Ez5KCKWyAqEkmKIuV7rVRnTtS1EBCdUrX3TnDh9vghYXGM1M8AzJ8ZWKzIvdzfvR ++Rs0QAAACCAAAAAAAAAAAAAAAAzSibdj0nGgRzoG7E0KwbpgPZLdQAAAYCZqwMK IaXJgYF0hyFnZByBweA8mydM+8J7xHJUKSd2beX6BTmztz8/FqyGaprsi0Rd7Zf7 /wiDTtmMd+f8ieXcZXvvdm/3+/jnaHPhe+5BJ2LVb+EUF2CrTSW6/Utu8ltJo1Bm MtH44Qdwkwdg7BMlkyxaS6+ekBVCZN30QuxcQf7ZXRFSUVHbz7N1gUm62Bxiuc/3 gWuPlTuLfAIlkNFYTpIdyVX1MorHKYPtXPDQQFb+DVMeYvj2yas8D81E4UhgtzEd JWHHfB0y9sadyPd5aMnYga2dteDBFP2oYovKAzXrf7nhXmJaq6tY/AEZTIG/b7LO VAd7giUOV8ansl3rbuOdS2hqXDB6dhKy2F7pJRJBPeopfkTzF75863CjMorwtAEA GkGFYrj/5Ol3G0tKjgtAx5E0nV1ORZ/mIKGi/HLi9sooVn1MJjK73htJhkwGuxJh nxMsHaj1ce9hPqxzn2arORTLP6GrhuBeUILrqiTr7qTPUb7vwn31Ev4/7n0AAAGA 58LuGMOqNiwBgsalbCWEYoCDxz4EW+2o1lNpDJwvZUTt+XAsV8RVJzkFM2pfUXEQ ejE819Cw9Q+NM0LGAhnyKpAjOUBZ0F9GTESW1V2rbrCJhSf/TPVnjntb+14Y2SxK nXMojM4UUw/EcC9tA5fsOaiAxKctNYcwxWYzOG7eAoAjwXkfMWTRV054I8ebijyh ND6hZrpvArf/fp7yGY2xB/fMFZ87ahwAp4w1XFZt6wrG/eP2M8uRd6H7xsF2bKAh 1f7EcBAau0QNLwaYIYGoySt83XZTNrmh4atwKD1tsKlj+2SMN8TimnTDdXcpEEmr R828EEwE25ZmgeqOu58Az0xKVGIRc3lXX72kuAGXlFH6lLGbTpNlZwXA9zTz4JFL uWweK4oPto+vFClu/fMwCtlbzei2fMSybmSI7vklz66sbw1lZ+i0E1X4nRwrj+aH v6LfXih+EwW4m4w4jCYZYJCsA1GrxWGq3Hl9qMzqQUbD6WCV6841Pg2kxVAZBSyq AAAAIEM8/QUyzP2M3Rslkg0rtzlph7dmJAN5A1sOhlJ86cUt nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key170000664000000000000000000000324413252671167016371 0ustar AAABgPY7PN1kbY5921chaqbuwhNNcHSIofKc+plwZF8SJ+pdsuMY7qXaFofH7ZBQ lmk0XtYTTP8yIDq3Kuy/ppPSFq61XY0oqYH0q/8H0TGaeZvl3XRvhIQoF5KcMFtA hZivEgRdqi8czIvk2BtRPGMPAX/sFlisoQihr2Eg7AXjAYxCU8ndNbzgYrc9DyqT 1BxIGlxDu5eQloLTmppg3Dw142N13sbO0NLbO6DREb7epwGg5HU2JJd6nnW3CnTi uB44pSqyLaExs1QW087JZjB5dGp2NHbldZgULjmGFUXar404oXbybHH1r+vZxWIN qAzzRStVw3xmG0oewDUXELneSjy+C5i02eyJEo2Xqn77GduLpDzAviXCAPkOFQbL eOwMM216lWE9QgTo7WjQ8KbHhCAQWo0tQ4+9JVGmShoLA/+4eHQvjJl5z6hzlBUC gZmNUXAdX8+paWpJif0l9ACVXmJrGr6SbAr6aappgZAO/83QMFkvgrIEKkeppajL AoPcTQAAACCAAAAAukY0tfpNoFS9DKSK5JDldxHzgRk4QkKRWbp8oQAAAYCK1FU8 TkmqJHKKtQJEF7Ey0spTpV2VlFjy91mtsENb7u+jos/NADjiQgZD/EpN7rXZ/qoe 3yEZO0DhS0KYKpTzXFi4EUfXGJ0mPJsS/mOrn6X28DooYMGGQy46sE8qsPL7YUe9 m/ftXSBxO52iE4Piw6Fo59CdPYpaBY/SMJW1rP64ZKMwa+JCX6GtMq1tk4LmA7A8 aK9K8CRjlxAsQVXLqBGr+Z2ng553surJlwWIyh0KI2FyOhZKySKcLoDc+o20+eKY A+/7MWjH/tejpt5A3aGaBTavm1t6+u+5xw1q6N8S2mWPYjYEOuqHPbKc628H0Qj1 IlaHvQww4whOIJC0WuL5Kpe47LepcFxJVrizHEo9YRB8hOR63abIDV0i2rPYWSIP nVqrE2d6498WjwwXbRdrVFBsY5hT8E3e8nIvOcGOXOQm4UVirY/yYkeviIcO+3LA zOg23o/uZ6ZiN4JFtQK/H4MJmYigk8583IE2THix9KUbgA32E3xx1l5rCJoAAAGA QiQ1OeSdueoZ2Y2X9vKpSyNSmBLfiJ6qvP7aAc5MdZSH+4m8gtp1/hyRNDYfht5H 0W2O7oDlasUCF46O2BKUd6+L+9gmLF7dk34ahsDw57Kv57y938tYFM7Qt1anbKF4 Qju01XjF2hg3EtloWCZAqg7H6ftWv9lg16V1SXR9j7et5Hz+gWweV9pmM9rMU33g YIE5ZLtbJ1ejEvnaPYTmCv+YFwBR09kOOAuLzBmGxY/53JHogn1Pn1/EsrLnQ8+T if8C3sAfXUNLQw0WLokcM1X5GFUzn431gwDkyZOuTfjEMYtcS9BSg8pLRrfS+w9k dr8VkH9Q3UFBqnrKydqmLszTpnNXEiBgts7OBEapPrIwrZO8mk0bHv7soeP8g8EZ eFA1tDlQn/t5aLGkSLe9gxV1P98EolbsoVYqEbCWyQo2s1NlnL3kQg4X6QuUxDx1 GcYGQc7sBW+Je5fWuxhhJo4Nx5t8O2t2OcJVvwaGVzdFkSbLRlvB2koEOhlj2n1j AAAAIFJKfqWXf4ECs1UpMEd/XwQkARZdRjfc2LnRPfTzquXQ nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key180000664000000000000000000000324413252671167016372 0ustar AAABgMe4bXBEIY42dFPSEOdkM+Tiepg9scVgu5dVqPt9gZkSxWz+ACqx/z9yFluU PAso7UYDmgfeUH16Kfc4YD3s0ScDgKQflx8lkmYaZLovNR2aaeUaiIoFFWt/4VY8 S3fuk6RJSROEOKKri9z8SbTnjRzedm5UmEdgBX12zXQMlKTdJaRqp3sY6dcH1nOE l9Tqw2T0eS2XZqFqDiNIB+lrjGTUBLvbh245tXme9T/my5urYu8Z/cwr3ZBb7aE7 nvesNfH1V8sNxFjAGeK8Gan138Hk7Knm1GZWQSQwSjHwOGBaPjQtoBvhwrVFYQ7d LBOXo8g5ZYjGMp7+tOFlr1s2ijmojkiI459Auz3k6xQWZy+Zn+rTeu8cqWQ/8yzb wPzr5ijX5G0oGpidQ90hQyFRr2i+P21WrPvbbJfYf8teYpG/i07hJ1rg60ODzHU5 A8jSn0rbalR+QF3s3/KIxfbHqjDcsS+E05JJOnCTMxfA9eZVJgH64Y8X5uW7a/OW 0y2KuQAAACCHb6CeHcYrI2zhwxVbpIsMz9op86xal/f/ob2Hto0qSwAAAYARCv67 Esf4YrbeA9R/28Mybg1NMbEqjKlbLe4hI7zGZ9T3LB5yCXZ9JyH5X72aTQMjbVQX T7+v8sT/ferkc4sg2fN78KETTCiLQgrwtXkuR6klE8BBPzRqTturLEW9yhP1NBwr Vbi6VJMrkhe1qFnlU/FLuMEg+7nZmQnf9epo4Us3mWT9Pzhh5bpcyXDEoYDu9UQo cDlhAh571oy2N5J7jL7mgF+icoW/7k0e9w4CwaGKfNeL7x3Zza1F3enNaQdVBQ/E Zik37h1vTbEoB8zJW8Q18Rtx5whgSLHatZE8YFUBLeguQ6TlDPk/7/Xcq4FKvCJM XgAlvYaMP8WSBBu6BHR8EK9RP8NuTZHGPuUlNCLPQGM5jXfFL8sBFCfL/PpnsbLC 0apKPacmRcscdnA2BU4vMfiGZaVEYciF+zIZ1a2HSKARWPbHwN9ajJCLqMPlNoIk KIhse1ALvBW0nfdGud5aeP47T2mR0BEMPL/0WAOdw2Jhz0avS8JRU2j0q7cAAAGA RWoQXHE1ZiNIOLwHC4p1GgtXdny3XpkRShpGZB4R2h+p8ikU2AitcUhhLB6lXSUw F4Hprgya42pp2HugOex82GTDrQlIc+blZwn9ENlmhT1hGxz/FdN/3uQkUGwYTWLH AzNYvnjCJQlDtvbQQ9Y7MX3lblrY0f2X3TVavpZFL45DVIX7O5B7UZAKo/JEGN9Q tPza+/YTdUjDk3O4vEuj2rtHRuvRe4f81qLxl8EHsY7FtGXm5MtDDZwM542lmIRB BUo3B5K3MNqaukGjFpryYXb3Tm98DJybVbYrvnzjjUaV1IFX5mDCrLY/SC9VQYFQ 5f7kOs6ExUDDunZiroCDXBotUYkOqWuiBkJ8Qe+MOKoH0qNl5+WDgNj0eC4irCEB r3Mu4idYM3slNjeDjhb1D1bTE9B5gYgNaFVX99eabbgjxh8bs9vF1QQhpIQ6bylp DniqDwz/MEIxgYuB/EokP8APCaVMRm1qjHPTKlXhq9Xsi04a+jKnmwHfhagfP1z+ AAAAIDRwgyBV2t6U4UzYd3Fx0Y5dBvZq7/TGFHHk66dO5WFk nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key190000664000000000000000000000324413252671167016373 0ustar AAABgKQQ0j7ZrZlk0+QBy5MXolIT91cSrLxcEhkavz8cDnI+IzO0nrH5Ww+XSNlS 8Epa41iFnThEA842SqP1jdl2mQm0UEhUjFWHKmr7s7FcVIgvlsIN8bLfFk8LrISc oXrS32Or11yIGSLnmlAJ8At9YxYi6Q5/pOmAYYV14da9GnLVtqUPT2pot5OTfEr5 X8EVQXWaFzZXfZRIuHeS3/ByMkFVEukzdV4SJQ1GbpzI3xUHJ9dH5R/qeWQVgyax Nl1YDLGQ9FGCkVmCIf3zbGMFyLio7QVmPdewBulF9ZKrvsrkYPd8cbbsZJ0/1TlC Au17u9BA97j9V8sGqZviVPol1xo3YHNARsKg2zg+Ajl5E65nzmWHDZ9sb2ep0ASX vh12OyGTfPnL+aJO+Xu8qgeRb4iU5bf7AyWIIaxGFAllsjxUCcpJAm77K/lbzgJc QYOl9lm/aq7vVteTO7KWl9fVQTSMhx+gH4aWeLLjRQb23ApMEytomg7SfcPI1TcC qlhIdwAAACCrxnQXclzyj8dkDV3kOCX0Fuv6gOGRxC7ohjAzOPVgRQAAAYCGfV+3 L1k20aFO07YEmWYvMSRobvEIxbPaZmOg6GGX7CzEyUYBk6dP8WAorJRBsMfSfCJy 1IOsfNeU1ZhBbE/5CZphZ51BfUeM5d2XS/NJoUV1r+dKiLEt1fbRy9P5Hd1ZftaO eeukAmExMMIkuUrChxSh8cVSR1pdKc/N2OCKax1lZh4o7zE1FNFAj1q9Pgbr46fY FNHt4xa/SVJzyh1XT0K0gu6jDbU0ZvRUtRoXWguJs8Bd2gBucZouY3FmkIDXaMwD jN+4CY6arZuNg9S3WfQ6ydIrNT7YijNyNVAVDeA2G3o3bze0XUN/cctxHyhH3mca 0QWVFqHUV1UiShXTe0rq2j9YxpoTba7wY2/jjjdSBkr+WYQz6ACJ/aJLFEpGJzS+ +Pd2OIRbAOWc5/pPHa9IeiytoR6rpyuyPh32tmoYPt0ibEQCct2bBr7A5X8aCCLS 4AISBkttumRWIIX1p1kpr6X+UJ4LeOYwqvEvkeSYDJsNb34Fmi6j4jR52TAAAAGA HwpcdeeYXW5w5Pv9pRoQuSX2rMtgDXxlENuQ7DZ7k7sGm9KG6Pl5si7wcC9xeodV wYMJyH2uP+gsw9yPS3qj1fOHb01LPraL/pEMQwdtbNDTn8iN3njwlIDbVSNObIyl n+JwDv7AT+7mtOjuJBNyGFi+cZDb6QX0Vu3KtVstwpFtwehzGYjZ74thmrz4lVqp YO8Cs/AqjcZJNpIir1DxM47SjWZ/PxDK4qPCijwdCN9jnIGtoTyP0ZjG2uPWKj/p 8EyYXGX2EMBsuPrqaO24DebPB6jonAAhgYWpUrI1cuNN8HzltCYeXeQn61A+4br1 mS221Di0dDTEDCJle8Fj55U/oz7/OdwnNGBwOardasJ+Q2cTEEH4Rf+hoT9Va/ui MHpcePLM8RKYx2LgiHGWjkjcPRVp0JllzQnaQ88DCaFq8eIP7n2j3CGzZMRhXNUS P6X5sjz8T/2c/c6mcGI4QLBi1GSNLrp4atP3rjN6QoQySs4jb59xdPv0QrmQQwAv AAAAIG1Mk0ORt/b7bhnjFB+MABjvVyYRihEGQ1jH01s3c3N3 nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key20000664000000000000000000000114413252671167016300 0ustar AAAAgIubMvW6OPqtXg1QbrVVVA0NeWMZVVjKMIt0ZiKNkqF7OxS44Kt3qfOylZoJ hIqmn435LNnp7e8K33ks53v87Mrdk1JwDKX67PGB+gwybbHW5dNSRYAR5RvTJI9O O9fIINfgqBkyrKHro5AXXlPq2hlyI2dOOQAmPpD3LZTnRHv/AAAAFLxVDpZWR/s6 IPJF7IR1Ykq7sm7dAAAAgBEzOpMfulA0h3dzdoWf3BL3xoewlIroidKH8benEq0i CuTxzjedDbtcmr9BliHwBfwSPDJ+UFXRhQY0w205fmieER1ZjBw2NrlAyE9C9DaE bo5/ytkBLO2jmHIPMv/9GkWrYTbOQXBpIHrBQGdbj4bdBjkVrm9isM7HKfvVCawX AAAAgH4znzdXRQOQFg4CKRVZ8wvtCy11jFzMLY1FYjK7Q1rknefnlX46rZv9z2/V 2bbuO1IbwiKahCHcKqWbmVI0Wo/B3kmzSAA6mxjaZC1/b1bjvGZRMa6XYgiKk3hv e0typLzDCMZ+JTKjpb8JZSBVzCa/OxiDNZjP/XAR8ihfeUVXAAAAFG4uMbv8ZwlE 16cSDjmpgVIGFNio nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key200000664000000000000000000000324413252671167016363 0ustar AAABgMHQptC17WFd7nasWmDdNeywAKICBjAYsboKBv56APdl2xxZpoDOz+OtQUdb rbWtULYUfiWWuI00ZWBSrKeUhupvbskLI+Nj86uM3IuTtioHDgJojqh3hDpGhcK6 bbER6a3b18pLzmW7EMnOtpv4BuLr1+VO3rf5lqZckHtQ79+OV1uuRiohnDAv7yro HXPO51J0YltfwpxtYMBX7Z57DUatL1f+AfgjIw8xQiciMZzgq/HxQfMmwA+8K+TN uJRLb9BQvTAL2xxfTaclN+VT4B1RI5xNRhhg8ftP2Pp59dUmP/Yv7XAI4uCi02v3 uQYtDXXbImw0ZLZ7okEBsIXyxnDA+HrlMNmO5gxUcvSqFfslBB4ZEGNU2ga8Kx0y LUDtl7If0c2tMCXGnabOnH3fPc8epNVld7/ewjBxwfBe5Ad7U5HppATq/+EtHqYt BqzWvxnpGhWNIGa0zSDkxOUv+x1SBM0CK8cQjyx5n7Rohm7xywm84J39SeR0D/gU BJe+YQAAACC/ZUQcmHt3NzherewVjdAWFNpvFThiSOWfPN2+/I6d0QAAAYDAKshT dfq4C6KnhLlOTRRbO+D5IJDroXvRI1jPPgP0N5WE+HQiUvdrHt4/w3KBQg50qWPk wIh5b/K6uNtumkUw/GfVH4i5BatDmVqrRjZMtAwSVvBGbz2842ID7yKLNekCR+le URXoMbEmtijumE80mRHTD/udYTtQqE36HwQrpTa4LVEB5xHGKfnyCW3INN7sY7cP KiMVptJzI7mVqiDT0HNwdRhvUEmvb1EqDDip2gaBf0thm5RSDt+shcSm4uGGIlyV oE7Dw0IrjesoTpjSSzFGWAIAigl8JZaegmwrqlnSy6M9bB2fOWIzDB/Np8+xhQj+ p9BVXjoWna7TU/Pub0uzAkQxkWHf9kOKN8p5OyS7sbG8IZT8bm72AngVeJnLA8Xd b8kag26yCiXAmUVkPZX3vVDSBmhNb/wU0W2C1feBIlv/kIOSpXk7gD+bcLTfyzlP ntgcGOORoJ6z+ToDLYG6Zwyr/W9kql4zdMt8ICn0UgDk8L/YIMi9WNxe6zQAAAGA baVPKw3bTczi2h7foWuoSVPYQpzmDNERpcZe3Pe6W42Th6togcJIgLKvvbQ36e1/ +46Wvsp+qA0dkPJNVGESYp31yelmF0LMhy/bPUCbx3t1sXx+bP/4YmEHHEtcn5iY vh6eJzSbkzw0+zRWhfj8bBJHDRJM7PUbXVrb9eeiSQ+NZ6rFOoLtaiEQaGz2McNI vLxM8VbzppgBY+L+ynKkX2s9aMEOWiKDtHC3KSZ0SQOD91+ibM+TwOHI0GKMo18v PZtodlBdEYmIlXI3ovyAUctHtBDot6YZ5zsTUKn2omDF8WhB58TbU9jqoLRwjWL5 Wypy4vBMoUZHvKa14+5wf833WLkl641Oas5Px0Q8m8WBn/nlVb4JiqBVBmgo4huB j+3DqsUXoO6PkGC9huDUzOISq2o6JDxewCdFYzU8pxA68IXo9BvlJPu3XNqIkDkH 35S/1pNz4oiUm9BibYXBOYswc6E51cdH0kr9rno+dFQ3M10O6ZPu82owQckS9+tY AAAAIBULXFHqZAIna8kSMi8EBPbVf/fTKvyqg7bf3hGrtIGB nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key30000664000000000000000000000114413252671167016301 0ustar AAAAgMuhPlM2N8N8DoDZ/NBSweQaiKwyXE6+E7cXAIjVTu9IgfPTXq5HwhA4WoSF 0kI6ZNo//aY6Jvks9aME85JgOEqbd1nYrBrcgdP4v8XmyxDvtOD3WGf06EjRozhY bdBkj+6xY2R//nF2F0NwVA7oqPWI2ozBQ9k59wsRSn+YG4SDAAAAFJUDG4qnHynV Jbdz74t8ZwGtil2ZAAAAgEW8qkQ9TNFgLSeq+EEm7cc713Pebs4V6X5/70bxMHK3 rcr3sAU89HBpRN+MRWjybJl+53UwAPvkd6N3ZqTpcP9AAI65ALneS1+a4G4G22EG 54cR86Z/7KdN1b3c32da5AFO6UiaQpF/vuO7nyok32dRLBw1yXv78jCOqs0oNoxc AAAAgEzWF4Y30PDeFIhRXDsS4gOjwMplLy/jDQiNxyeKh6/6Y0pyenIZMtZxmUqV ig+JIjwobDqbEKllYFQuJia3LgzSjlEz+1fcI4t/qy3ipJhj7PmYdRhhrmaL98rR NuaTP1ff26VE4xR84Oc3D6bo/x3mkMUbSu7fBIUYOIkgVZHoAAAAFC6sT0GW/ts+ ZRs7AAQBhM/W2iq0 nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key40000664000000000000000000000114413252671167016302 0ustar AAAAgPJKSvxyx+Nzo8MJYjMv5UBcRZMJY5CUGMMHkqrxNd3qVh6U8kcmcWt1oYgo mC5M5Ewf3ct0ZIe2t3qaWhf4aKtQzWIbW8naRwiAsofXOYGQpCpe4i7Y0f8UfiAZ gQyCmO1o4cpp1B1VXySeZJ+xcl3bB1wXs3vv9Gf90WCSQzc/AAAAFNoGWgeN21bu XSrQbK+rIIINLEdVAAAAgEe1WRt5BD5OA8p4oOJ3yaIeKmtUO/TwRBBM2ayT7/jh AbtgMe/IxZbV0vkuOj0PH3RwLdVPd9PNRsBN7npd6fAK0xdpH93O/koiCiZRrK5/ zt2pK/zKhV22cF6Nhk+Bkr9r+GDADwitZJPswYcuACjVyG1EUF21dCJRXDglpveK AAAAgEOie3QPQiyy3D6qIyMViDovaiKSf5l9Ak9aY4tQexfTscvT7GkcxnRHCWCg FG797Llbtf4kl0njyAbNXMPn97q4Rdrb4fULM2b7gnqULOYkbdp70sE+G0qSbAyC yIRjlVLZ1GA2+aS8Kp5RwtduMHTR9TpjIkxCeeD6RgR01P/eAAAAFGSYIBaOtZT1 nNmyi5rv6MwQamxP nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key50000664000000000000000000000114413252671167016303 0ustar AAAAgIjZaOlgLsvabYb3yXCj/76x2pYvKMCvuScO8FvDMMqYw634PAcv6wX7Lik7 UGW7sMvMkwwk2NB4ad6uzZKiYEwPXdNcW0Mf2moiLFLDViv3VxxxAgm+izuFiBh4 hyX+gRK31ryC4P8cu/XW/pRpCvK1EOQa2CB9wsAvufpc76q1AAAAFKZlaJueW5zo L9FnYAbPTPZ+zFa3AAAAgCZ+KChXQXdSET+6P8pxVbXOiefIozwaKRIuK3IJZfwE JFJn/4f8Z6VzD+WzCAE6oyZpkPuzmBhah+BVtEOoaM4M4TrmruMwudJdO7s2JmXF iB2vDFqnXp1KgujwTJGprSlIIuM5eKsME/rcRYMfnTfaTvoPwsXrATcfqFt92x+C AAAAgGD1NB5Iyno7xd7O5hIR3ScnzY4vx2NfOqvqJiNm5Fj1xRwxGv2pFssNzcXV pXKfVzpTK1lHQxmbz6dFSQPnSzPd/mWJYwbOwg69hCdoL6UB7ga8TF0UJcvjGCi6 AIsZydpoE2z3GECyBZGeeDpiilpXz5HPVpsoVP/veglu2pbJAAAAFAfOiGLmS39s dIIEbb/JOQcSPlIU nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key60000664000000000000000000000221413252671167016303 0ustar AAABAPLTntMGKxPJFic2AKDyoCnobXpLkhe08YFb8rJNlxClerM/mXKUsBRYW40B mN/cy811MU2l/4WqNEtFra6ql5tRoxKnv6lEcvtjPxpvFWu0RYhn39OEA/BrhR8A /i00hAd73tcat1E9BKFAIgV1+2kzlUgOTIQCt6Rs7C03p3jDBazNHxPp9i6GUxX0 sizEZ8iYbsjklh3fgQVmsMTuNprGqhXkP0dEAFgm9b3oBxoZ4wtpCarEs9F0I3Jw 2tAnmdCbiizF8i5miUtUIiKLLCNPEfWnccW4nPRloqzsu+6qFyX+j5tZQivomRBS y1Vt3yyM6PqSBtvzn+rcGU4A+OUAAAAcgAAAAAAAAADBGPSYNeTvczxNFYAPzwWe iE0xsQAAAQDjqTwJ2m9WDk1IOjgqTFRvIzXDakw1rBRjwIo+bdQV31b9xTfyX9U3 K+Y+T1MAeAt4LxrNAci06zNBRhX9Dqglc6y6fvg/WpQ4VBUa/C19/hIfuM0DM1sG W1ScXcxga+kFJIO8KE4SrDyNugm0JuCEAgMOcLwcwr+JV8S6BjDz8yrWiTiaxHRD F2Bj8kfZ4ilrPqW1vCM1go6hoIDtNZGN7iEv0DEnnRuJTwGv7FI4M2aerAMaQg5U C6EyClnEJKPlhJpGCla8sAFkeIWxQzxPmSlxdGv+KXfOclnFULVRpsNXYeSkGvdk 6NkhMvzApZ0WhOq5DYY/KfQc91ePqpCMAAABACif8YwypWuwuIOTcGR2g6OKWn4p FBC5MgchKtyAiNMPk+nkq8Uj89RpNufVyQ2IdCs2r9N1Y0CPFcjBpPesJL8F8BAI /+5wyIJdV8OpMIutigla8rU7Ldo8vthG2V4wHrm4R2ZBXRH2wzIJoNKFcQlqsEp5 qg3EZZl1KWhraOiHzYogXC3IGVrvBCLrqZefVJrIVUjkGUE2Q7ckQ2EVOtoUgNI4 zQDcFlJ5OJVVSN1dAn3tECnu647WxhtM1ZNB2LFUZunaiQqYmZb012keYHLeE2ry i1h0vwi9H4pgz7HACIgTKQn1FeBLzoGwKVGqQbqsaP/bjF3Heh0y2PLBDdcAAAAc YTLlUc2siECRg7037hRSzSR9SDSwiBSydb4/9Q== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key70000664000000000000000000000221413252671167016304 0ustar AAABAKqBXJ2xxNPSdzx9DU0dp17PxKOel9X6GR/+yLFJCikM4zXlzofqYgqKF94L tkcU4uyEC/AObr20/7TjJMoHw8hxcwmvFBA2Kncsmt2DiysMrh6Qq0SK2r2s0uXf WcQYejKiNxnWxX6UAIhTg7+PBm8juUGSDVTDW098xQRPO0DxcEaVYwe3SOhAcyhE 0Aqc5uxXFCk7YmUUfxXGf0vjiwgrVf3q22EkaJ+3b50lzCi46qmLVi1cEBHg3Pmz mSMkDTMtidyWA7e93QxwuDyqKQVjGxyDyruubAwMLv6PWBMe2DUb+T6HX2pzqTy6 1HAUGiaH+6zy1xyN3ulxrWYHKa0AAAAc6jR+kL58KHXR/h22IrR2ODfF4npgNzED SMGqEQAAAQAgQglMy8i4cj/JKMEv2mcbgylemcdDV29EUEvhGGMjMZtQAtJPFz35 CeokHW6lKJkE7kY2IEsvvpSwaP4JP3liV5VJVR068hmtjtGZOe/4a87INN4vL3hZ bonny1LFJOF3CYpWwjLrH1Y6qEvGsCbe7m/1HLRB4IDy2vrqHO2GQn0cNGvlXGaA PUt20TPNRFtMNIL6QVAjRjyb8w8veEIj4mBX06oNf7tmBjDFLknUoDJcc4ngcqo0 nxPJZuFZdS+7cekzaJD5MkP6bnLSmTZe5bP+Jm6/ERBWj+5EJchHtQIQvUhLl0Ma QoVq3KPn0anJxnXH4maRgyDdWnikjEipAAABABrhDHhq0JAsXGhdrlxxIUGKN3uI i18vK8dmI1cP1ivLGQtHGtU1nF8GL4gZKJ6VbYqm+Q0fjPHuctOhvf1WxHjcKaGc RWm1pg46jzT2BlbqxbJd3lUUpcZ7Z1QjIE9syvCZBhfMc1W50+2GiXiiUgIKdp7V mm7apu/jN37vRfP28+ZBecx9uLFD+4NcXXG/z6HiqQSbzPf+mrV1RiIP4/S3UhyG FznROFB+gaRqaZNgVEHcuQ1u5K+8Qsq+kKJUREloEJ1+3ZaUoCMjnx1WF13R+sEV kV4k+rVj9Pw/JpvtLzAIMtESWWSFpxFBeqc7tKxyplGh+luu02Nscg05cAgAAAAc e0iQIVeOeee9PuerRW9lnz3AfIj1yaOeT4zugQ== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key80000664000000000000000000000221413252671167016305 0ustar AAABAKTH6qtCxMc7dXdwkWSJ8XzVByXNCkvE4c9n92O4wd4tbauYVrqvsAjzZbGK QuFNxR81C4jsoCCcWqT9caepbHZfWQHCHnIFcNeDe+x8dtLkk0RzHKOUBdCoebng 3NGoEl/RMOweeD5lS5TjAC5rYp6QSrOHeGdyDL1UtCcKnhXNAox8x5bwbCcqZglR ko/b6y3KBhtB6TIlcwV0L/FuL0KRkdXl8abd9ueMXXciz/gKnAvVyNeuuowEQ4mS sHXjB8FTTEmtOA9Hf195h9wXLBYdyjjcrz+zhGxyyRGaUpmtx0iVGz3ODQDUqQE4 ALIAggO3JGW8aoSuBZowxFIt6lcAAAAczon+MyuOTrPR6N3OpdFjpbwTtj8WmTdV QnrvQwAAAQCMRl7fWhgHMCkeCA38U4U5elAGRQ26Lv4BKSZPvYl7tVecoOqxmqJ4 IgQkcktPKm9u5jKEMqv2YTgGRglyM1BTOcVRnTV9cRK27sk4uF1ap1zC44CS8KUw rLVOUP6CxNVi+w8wNrgLMDNAI+u+ZjegAQsAx9uGNxFoVjZx4eDwKK7b1F0tVyYh pgmYKgc+Uaridwevvu8p4uzuhNem1do4K+OjX0K2xmhJICqxnQJbhp0Id2R20auY FHWtKtLz5v0H4waW2QpiaBbfYNbKev17SC+UL4O0XMgpM3Mfh/ruMgkA8qo+cLGG fhQw5AvmfAf5KQKZ7wZ7iySnUVs/mSwHAAABAHSKQCNyEaLZhSWW56iR9D1OsO5I gmyc+zNru2jb5aXhay4ScdTRPeA2RLuF72vlI6TU2IQVvNWWuo4KPE9kOemB7QE9 fZxwM2/r99Qgz+0CwmdFe7Pz58ghRdKvVIMLlC7HSl1QPkImzSXddd7NP1DwqFgV XXvnmUEINt3FWc6Z4a5ROAj9rqw0hD3XJY8W9n8ZIF9vE5JRpBhtqEltXpDT/s+O 0Qvmwl/16zPZYMmo9MWByMckykO3Yen9ta9mv/udLrsRprUEofvk+DTstqwlTKtR PpQ7mpU6cISzMFxmG/rUNPaoNVA8mt5/Slf1yWXsMB7N6TjuMbTesDivl7MAAAAc VRWV7MuwA7C/jd2hhKWdpR5Fmg0oIF5VkspMsQ== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/key90000664000000000000000000000221413252671167016306 0ustar AAABAKa7UzPONDwxybLIeKuR7vL96jXG2w5xZ2K/wNQ22HUG6GWk0sjPu9Ymzov+ ZFY8pWhs2M8IFJDwJEWyiQh5gklftpl2sQJC1tUPwjtNvbC+94MF2aTQXZ6uZdh6 iT6vOX4E45uqhaJsj/ve8SMyh7X1tu9qkPJ6aUgaky7kexjV0n6xB/+wUCXmRuiH a1y1Z/7B3TWDXUIIIZhTH6++WuKAxXWh+w5i6bPKN+GXrZbZ3eHzPyzsfSferiYc g+6OIAKvfrboL2oUeWrwN1d6EDK7xwkSnKq9it34cK4tBZXI/bNxVXSPDeo0tE1P gu1YwvWxuEgWYqxTRzxpNBAIL70AAAAcjD7lvZoqrwaL1YRb1V7PJ0FwVTB1d7vD dw7GiwAAAQBDtaa20LuWLsl2ajd8MsxBJPExEYjC7PlcDNSk+glyJbdhjLEnbEdF eNO/VkwUUZnAkqGxS6qSnC8/DzbgwtrpHroIvjCZKoifKVLgRCw3r0hKTs3DJDzP y540E89c3WYwsJ/hfvv94U2HJUkwGbe3PR94K0jvML7DbgDgK6M20iVPwgKmlhLN lEb5HXa3Of+m2LhgUvjcXxFFgBxWJBr1upA3JBvYnmM4tY4BMQZxwmjrXjOstX0f mfFkQKZ1gn1AF3VNYBoXraL77fkEVUqQsBUw2oyTzRTOKTyyvT55N+k0t54xD+TY DBP5L2M4E1W9gKGr7hpz/fttok7ygAKjAAABAGR5ebeWDOe5cf8OX2Q19CpBsYyd 4JowERSgE6fNARg/F2+Ig4N53LTvtn2up53vPwQsvPnMUDtMIVGiNk98lDexlkPm fiSja6xKTPopPe7fjsaxVKMqpymF99jeI1M0tUbCne9FjFXQxcCsXXTiAk7H1KvC /aUWoqCxpNiGrZLCBHB4KKT8d5T2DuikvhEByeVRj34Z7r1HXy3m9rqJwovRKfE5 k77+WBhEAxmnlUmDMZY0KjHbr315SX3sZe59vvcOWPmdBZX2pxFAmt4xUdRVY9U8 HNCoqxoYvv9lAsuwwGmxFOp753iY0PTlSZkboLNolxsQcuzkr8OA6a4ymlAAAAAc TvpRNutqp06Su/yROwv+u2E9t6RyIft7ZPQubw== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed00000664000000000000000000000003613252671167017136 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed10000664000000000000000000000003613252671167017137 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed100000664000000000000000000000005213252671167017215 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed110000664000000000000000000000005613252671167017222 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed120000664000000000000000000000005613252671167017223 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed130000664000000000000000000000005613252671167017224 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed140000664000000000000000000000005613252671167017225 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed150000664000000000000000000000005613252671167017226 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed160000664000000000000000000000005613252671167017227 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed170000664000000000000000000000005613252671167017230 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed180000664000000000000000000000005613252671167017231 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed190000664000000000000000000000005613252671167017232 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed20000664000000000000000000000003613252671167017140 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed200000664000000000000000000000005613252671167017222 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed30000664000000000000000000000003613252671167017141 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed40000664000000000000000000000003613252671167017142 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed50000664000000000000000000000003613252671167017143 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed60000664000000000000000000000005213252671167017142 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed70000664000000000000000000000005213252671167017143 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed80000664000000000000000000000005213252671167017144 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/keyseed90000664000000000000000000000005213252671167017145 0ustar AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/numtests0000664000000000000000000000000313252671167017301 0ustar 21 nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext00000664000000000000000000000003613252671167017515 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext10000664000000000000000000000003613252671167017516 0ustar WEKejzcfnh1ppb+WpVTWJ8/VSFw= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext100000664000000000000000000000013413252671167017575 0ustar rBhknAaqqqlnKm/advb86OGGUVWFcbz9ihmsNZcQniSGMCNRB1ROUVCb5azZuiZ+ 4ImIYj1aymGnxDoIS+YZng== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext110000664000000000000000000000003613252671167017577 0ustar PlUtQFJV4fg6RHC9IFSw1nSy/dY= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext120000664000000000000000000000005213252671167017576 0ustar tGiqjB9KQERHn6GvDD8iHrgM5nYcmcaGbRp9nQ== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext130000664000000000000000000000005613252671167017603 0ustar CrhLNBzxdeOM06JwSiDHlsHH0AlCJKHkdpQvJw4OTio= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext140000664000000000000000000000010213252671167017574 0ustar 4II54Zw0xvxpgkZbrlGIWAPGug2Ih8VgwXb+NG3cRkcdkNR5SHsy/jDgrlTYQGn/ nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext150000664000000000000000000000013413252671167017602 0ustar OfmOLA3KSs6DsKB+owDqX4JKdU9bT3xwUOJzPGkrsyKo3mur8w2dklEbOObDF5zg XxEGB/8DFIp8sCqeP2qewg== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext160000664000000000000000000000003613252671167017604 0ustar mbNzEDnv9o8UR+5qjp+UCBlCe70= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext170000664000000000000000000000005213252671167017603 0ustar INmoiblVarLpT/1EghXog/90qXfqHhqcQlUsmg== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext180000664000000000000000000000005613252671167017610 0ustar b5h4y7cMDS2TQtEP6tSlMuxCp3q1hlT3LLt7noMBKrA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext190000664000000000000000000000010213252671167017601 0ustar kYTu+RQoZJZSUNshOvoBQxBj2N7aAyjFYJzs0WWVBdRaLlujVOVu2dlxGwJktm9M nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext20000664000000000000000000000005213252671167017515 0ustar IDdekD+X/lylh+t2yXvLHboeHUZAZUozsUU48g== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext200000664000000000000000000000013413252671167017576 0ustar Q6bpLpUVhU3Sjdd4YG4BnAfUf4u6TrwCAzmSB0q66YryvQBzf3fQ3H4fp4GVuYRV ftjzEtAhCf9OYBtR4GSnvA== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext30000664000000000000000000000005613252671167017522 0ustar Mqqlk48AsWXhRAWNXCGQuvRpPAwqfbTlmnfsFKcKblA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext40000664000000000000000000000010213252671167017513 0ustar w8+3pOAcqljMh1bLGnWAWlZvlgnJhOJDBC2C0M3mTFrCeylP+FfUSfGfRD2uDS2f nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext50000664000000000000000000000013413252671167017521 0ustar PiPosk1QVF3Ck1taH0AunEzHuPxBHnFMTKPWBsxTI9YdZ5XAEzt5QPHQKm7ja20+ bmsWwSw++jcz8N2DY6WW2g== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext60000664000000000000000000000003613252671167017523 0ustar uCkA/iALiJlpG34VqA2JNi5cqJY= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext70000664000000000000000000000005213252671167017522 0ustar KfVXa9k+jC0vrKPpgWQNMrHmPXpYTROh7YXBMw== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext80000664000000000000000000000005613252671167017527 0ustar GC7dULJ04jKDdn7fzRjVyUZm7aDbl31cEJU6STyznuA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/plaintext90000664000000000000000000000010213252671167017520 0ustar hV6v7+GSeeSI2lL+Nu9CJCNoU2pR8eyGkOsfOxb2lBZ42gDIglCTvg88E4ocTsam nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg00000664000000000000000000000034013252671167016272 0ustar AAAAQI3ypJRJInaqPSV1m7BoacvqwNg6+40M98u4Mk8NeILl0HYvxbchDq/C6a2s Mqt6rElpPfv4NyTC7Ac27jHIApEAAAAUx3MhjHN+yO6ZO08t7TD0jtrOkV8AAABA Ym0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5Uhklyc xC6fb0ZLCIzFcq9T5teIAg== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg10000664000000000000000000000061413252671167016277 0ustar AAAAgKj5zSAeXjXYkvhfgOTbJZmlZ2o7HU8ZAzDtMlaybQ6AoOSaj/+qrSok9HLS VzJB1NbWx0gMgLTGe7RHnBWtp+qEJNJQL6AUcudgJBcT2rAlrhsC4XA6FDX2Ld9O 5MG2ZAZusi8uO/KLtwoqduT9Xr4tEiloG1sGQ5rJx+nYveKDAAAAFPhfD4OsTffq DN+PRpv+6uoUFWSVAAAAgCsxUv9sYvFGIrj0jln4r0aIOzjnm4x03urp3xMfi4Vu OtbIRV2rh8wNqKyXNBfOT3h4VX1s30CzW0oMo+sxDGqV1ozihK1OJeooWRYR7gi4 REvWSyXz98VyQQ3fs5zHKLnJNvhfQZEphpkpzbkJpqOpm74IkhY2gXG9C6gd5P4z nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg100000664000000000000000000000137013252671167016357 0ustar AAABAL/r0ACy1s1Ks477o13zNN9yHWwvKz2VZnnLrQCfPfvQApUsyJnMI1bsh2m9 PRulpzAjcpiI2pLKSKXulMl/TwSi46y08zovD7N4PDHyxw+nxw84IUon2t7IsS5n mWqehe47sUiAMTAUc5LcUlPATXBjU15s1ka/sYaYTgi1i3SnvlszO/MrCr/VZlNg 6akjoMUo/xxixyU0WPVnhShxnUNuUBSHQfRdx90sbKxxxVIx8SqD/v0u0KM+3huK UfVm/PeJBoLNwZMdwgfJK/LvTiirMWYe63fxYB7qlByVkfA40/ANkShX2wXmSyrV aTIAYcb4Y/8zVNhC5+fqcVr++NEAAAAcqpht+KBkJ46TYzFqmDC8+kkGVvqm1dqo F9h5SQAAAQCBla2aR4/ZhSFu5YNoNm0u3RPBKz1iI5Fp+gQtkRVkCLSDEi9E7WI2 uDCKbNtS+a896I7IngOa+tfaOqZsGXYEmo4KfRjVZ7r5n87+MVytoBVIOGsQsl5S 9S7XjrTSgILl4f/ulIDE/izEqv0e/J1P0sxtFVlokxJx7xWzJA5/sEOoDI9ii+/g nWRQd8ECnSHgrIvwupwncU0bWA7eWUqgGzt29udF/B7AfbN+L9fpjGyMaRUijkIs MJ3p9dsWj1AknRvh7TKYCQgI4uu4lrt5uMTL+U1MIGTjfmErpESdesIQ7d4hFBbW SwUd2ARqsEFzJmVBGn8VTTGz4RpR2n/A nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg110000664000000000000000000000140013252671167016352 0ustar AAABAMGlnSFVc5SeCyCpdMLt8uMTf/JGMGL3Xx0T3xKroQdrstATQCtgr2wYf7D6 NiFnyXbCYXxyb5B38J4YwRtg9lAIglvWwCofV9PrCtQc1UfeQ9h/JSX5cdQrMGUG 58oDvmOzX0raFy0KBpJEQKFCUNeCKsLVrq/tRhnnnUFYp9XrLZ8CPbGBqPCUssbL h8uFNUFqwZgT8HFEZgxVd0X0SgHGsQKQksEpsNJxg+gsWiGoAXfudHbrlcRm+0cr 09LcKGziWEfpPL+prTnMVwNdDHtkuSapx/WnsrxavL+9wLDj/t48HgLESvyK78eV faB6Dl/RIznbhmdhb2IobfgNWKsAAAAggAAAAAAAAAAAAAAAG9YsZei4fIl5f48M v6VeSmgQ4scAAAEArqWHh0DxQk08bqnGtHmWFdJ0kpihfiYgf3bO80Dd05Dhsa1r bAAQrQFaEDNC3dRSysAks25C2bjtUvr656HTzp5LIfkQ0TVusWOj5agYTHgb8USS r6LksKVtiIT9AaYouWYnOcQuXFeVreL18n5t4dljkXzogG/EDQIc2HqjqjqeTwws TEXSlZsleLL7GiIpw34YEFm51ee3hi+oLiN3pJ7Q+dyoIKWBQHndZhBxTvr4sMxo PY5y5MiE5vnUlGs+jUy7kq2759TEfMML5/jDfKgYg6GqxoYAWf9GQKKcyuc94gsS 5jsAqIsu6bqUt160CmVuFdnsg3MchdDv/Lnvnw== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg120000664000000000000000000000140013252671167016353 0ustar AAABANAiduvzwi/9ZmmDGDpHrpTJvMvL+V3ctJHR985kNUkZmZLTfHnnsDLSbtAx trpEifMSWCb6+ycmqYMz69mr3eWS2Gk9mFlTbZzDhBodJOBE01rO1hNiVvxta2Fc 9PQWOqOB6ytMSAglqOzMVtjdz1/mN+OK2bKXS9LPaL8nHg0GfSRlqLa2YFJPAIJZ iUWtpY6mSbmATrR1NAjCxZdoxGq7guMpXz2cpGn4TMGH9XLcS1o7OTRuyDnfrW8H 1tHw4hUgm7DswFx2fPLnlDrJz7Au7h6e9ZRujOiDFrXhX9z5WhMu8uS7CBcTZSjP pd2WUy+cOr5cQhYg7ba8vVIjTKkAAAAggAAAABKZfoKF5AiXCPUoBwxtevigvQFA nnoHnNtvxbsAAAEAd4RTBJ7yYhR/7XtZsO5nZGB8Uee1tfxv6np6ex3Wuyg/Sprp jv05ZLFVZ1jLFbKlOvhhnnTYWJi+x307PzgklK5ZYaE//HRdo4YYIpFRmAD5ndcQ 4ArrFa3uCI4nmO4uRvWYUmzw9GZwVdG6AJdQBB3FzdJyX/HZfdNAyFGK92cbh9Od Z67O2Etm+E4HAe/IKlye+VTuV20kw4WxTWMDfw2Gb9QktJdb3VSF7XQMuTLoQ/kG aD98eyx0d12QHDYbhHtRnA2mmWONpAvXNreD0nELLCzCbvkScb9OLBkp+HbpAuIF cWQiO8eNaiufbAx6fLhZIvfWxCh64jhh+BKISA== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg130000664000000000000000000000140013252671167016354 0ustar AAABAKittsC0z5WIAS5d7/GocdOD4OKoW16OA9gU/hOgWXBeZjIwo3e/cyOo+hFx ACAL/VrfhXOTsLvWeQbAgeWFQQ44SA6tUWhNrDo497ZMnrEJ8Zc5pFF819XWKR6K 8go/vxczbHv4DucY7gh+Mi7kEEfavvvMNNELZrZE3bMWCijAY5Vj1xmTomVD6tt3 GPMXv12Vd6YVZWGwgqEAKc1EASsY3mhEUJ/gWLqHmAeSKF8nUJaf6Jws1kmNs1RW ONU3nRJdzPZOBsGvM6YZCEHSI9oVEzM6fJ14Riq6qzG5+W1fNERc62MJ8vbSyN3g ZEHoeYDTA++aH/AH6L4vC+BswV8AAAAg5x+FZ0R/QudfXvhcog/lV6sDQ9N+0J7c P25oYE1rnfsAAAEAW6JN6WB7iZjmbObE+BKjFMaTWEL3q1TNgrGfoQSr+12EV5pi OyV0s30izK6bPkFeSPXA+by9/4Bx1jubuVblR686jfmeXTBhl5ZS/5a3Zcs+5JNk NUTHXb5bs5g0UxlSoPtLA3iz/LtMi1gApTMDkqKgTnALtu1+C4V5XqOLG5YnQbPz O53eL07BNU8J4ut46V8DelgEthcWWfiHFc4amwzJDCfzXvLxD/DHx6K7AVTZuOvn aj12Sqh5rzcvQkDeg0eTflqQzsn0H/Lya42pqUoiXRqRNxfXPxA5fSGD8bo7e0Wm jx/xiTyvaagngC97akjVHab777ZP2abFt1xFYQ== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg140000664000000000000000000000140013252671167016355 0ustar AAABAKYWfBb/904pNCuFhq7TzYlvexY1oihv8W/f9BoGMXymsFyiunwGCtbbFWFi HMsMQLhqA2Gb//MuIEy9kLedy1+G67ST470ZiNgJf6I/pNePs83csAxGZCPY+nGY c8N2Rf5O7MVxcbvt/lb6lHTJY4W4ujeMeZcteqrmmiumTN6OVlTw97dFUM00R+ek cqM7QDfbRo3eMcNIqiXoK3/EG4N/f8ImphA5ZuzY+dFMLTFJVW1Dgp8TdFG40g+F ILDOjj1wX3TQpX6ocsK97pcU4LY5Bs3f3Ci2d30ZMlAA+O1SeOxdkS0QIQkxnLo7 ZGnUZykJtPDb7sC7tjS1UboM8hMAAAAghCdSkETSFMB1dPezWcLgHCP9l3AbMorI wThbgcU3OJUAAAEAb8IyQVwxIAz1I680g/jias6AjS8caouGOrBCzH9rcUSy05Ry w8tMdoHQcyhDUD2PhYy+R25nQDJKqilZUBBZeMM1BpuRn/mm/0tBBYG4BxL+XT4E 3bTf0m1ef7yisMUtjUBDQ9V7L5sqJtqn7OMM6rnheJ+XUaqpOHBJllrzJlDGyls3 SlrnCz+Y4FP1GFfWu7F6Zw5uqviYRNZB4eE9Whsk0FPca4/RAcYkeGlRkn5CYxCr qUmKAEKz3Hu8WdcF+A2bgH3kFffpTFz514mZLTu4M20dgIy4a1bd4J2TS7UnAzki 3hS/MHN2q30i+81hb57aR5qyFKF4UL3QgCqHHA== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg150000664000000000000000000000140013252671167016356 0ustar AAABAPY9o76alhYZbGVW885v2LmL3akTdHPaRv7ZcOK40Uc4eoGSIGXVKKfWQz68 XjWxXGfqNaWlv/W5zvHNHm/jHdpSg42jqom5tOjZ08BzLMxPI4zhtBbEypPyxoAO X07UHE92Fc7FUxuYaAsg3GP3PnDYA6rPrs4z1F+g4513yFCCCVKLkEa1kXAQeRI0 OX5BLSK8C41ny9HNKKMsJGCgvYaqug7qgOFuMkVkMXHjQiF2DCA6VrggehAJ5sGi 9s2oX4XE+eQQuUmSM8DuBy5GWvT7T7koLFwQ6CNP1jDqkvCq5rl6Ug2zRHVwe3mk wXUmXANWzLyoJ+ODffPW0FdtkHkAAAAgm3Rj+CafC5CavtEJkWhPNqZKyGTg1tcX wO8hV3pMOQcAAAEAlyp19gboqjqR/wj9Exog9ZYyUTBOPRQxtxL6CAPVJ/1xD7fr J+UpBJcc1DypdxmaJNvutLe8K6B107cutrLFrY8Oi49IxQtVTH4HEfTHQWMwgGZy SY9DApJyS/mKjqSMf1PXsx2LdSixpvCH0sJ8M1ICg1seMUIls3rvi/zsfYCSDEpG Cj1oNE3tde2e6Gf6KmlFBjiU9WO2hjO4s5+DoaqvWpbH9CJofnyEz4+4zF9FBN/w h7yyapW7+Fg/A7Og5Do1ayvX4lzd33oBUwD67MZ5PF7pm2Mny4RW4y2RFTOdWmtx K3+dAwGssFEz4xFeRU06bdJKFpPJSqtUBlBL9w== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg160000664000000000000000000000213613252671167016366 0ustar AAABgP1abFbdKQ992Eop3hcSbrTkSHs+/wpEq+XFl5LS4SALnD20TVKLn30iSAMu S6D3v8T6/HBr5RHbInbAt+z/042i4cLyN6dTkMHk0yOcuo4g5VhA7LBd9fAaG2l3 rRkG8stUTM+5O5Aa0JZrGDKtLatSYkSjFWyQXAGsUctzudzZhg1WF1pCXYRkhdmx 9EqKDCV45s9hlHvBoTkv3TILFqnXBFX+Q28tR97Y6OYF90hutXjqf8T/0TwH+Zlq 8Vn9QR6UUUAyeN0RQajJJrNcljhLvWvuCcRvRMNrH/xxl/XpJdvgVEpo5quMGOQm pGazkvnCfdef76nKFjzFo3VTmoVZ8nf2V6U10ZZMal6RaD71aY66oB74GNv3LLBM P/CS0YiGbyXNQFEI9Wawh/c9LVvrUfrG3oSuUWGmavlgLH5L/BRvSCC9/Akvrqxp Ez5KCKWyAqEkmKIuV7rVRnTtS1EBCdUrX3TnDh9vghYXGM1M8AzJ8ZWKzIvdzfvR ++Rs0QAAACCAAAAAAAAAAAAAAAAzSibdj0nGgRzoG7E0KwbpgPZLdQAAAYCZqwMK IaXJgYF0hyFnZByBweA8mydM+8J7xHJUKSd2beX6BTmztz8/FqyGaprsi0Rd7Zf7 /wiDTtmMd+f8ieXcZXvvdm/3+/jnaHPhe+5BJ2LVb+EUF2CrTSW6/Utu8ltJo1Bm MtH44Qdwkwdg7BMlkyxaS6+ekBVCZN30QuxcQf7ZXRFSUVHbz7N1gUm62Bxiuc/3 gWuPlTuLfAIlkNFYTpIdyVX1MorHKYPtXPDQQFb+DVMeYvj2yas8D81E4UhgtzEd JWHHfB0y9sadyPd5aMnYga2dteDBFP2oYovKAzXrf7nhXmJaq6tY/AEZTIG/b7LO VAd7giUOV8ansl3rbuOdS2hqXDB6dhKy2F7pJRJBPeopfkTzF75863CjMorwtAEA GkGFYrj/5Ol3G0tKjgtAx5E0nV1ORZ/mIKGi/HLi9sooVn1MJjK73htJhkwGuxJh nxMsHaj1ce9hPqxzn2arORTLP6GrhuBeUILrqiTr7qTPUb7vwn31Ev4/7n0= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg170000664000000000000000000000213613252671167016367 0ustar AAABgPY7PN1kbY5921chaqbuwhNNcHSIofKc+plwZF8SJ+pdsuMY7qXaFofH7ZBQ lmk0XtYTTP8yIDq3Kuy/ppPSFq61XY0oqYH0q/8H0TGaeZvl3XRvhIQoF5KcMFtA hZivEgRdqi8czIvk2BtRPGMPAX/sFlisoQihr2Eg7AXjAYxCU8ndNbzgYrc9DyqT 1BxIGlxDu5eQloLTmppg3Dw142N13sbO0NLbO6DREb7epwGg5HU2JJd6nnW3CnTi uB44pSqyLaExs1QW087JZjB5dGp2NHbldZgULjmGFUXar404oXbybHH1r+vZxWIN qAzzRStVw3xmG0oewDUXELneSjy+C5i02eyJEo2Xqn77GduLpDzAviXCAPkOFQbL eOwMM216lWE9QgTo7WjQ8KbHhCAQWo0tQ4+9JVGmShoLA/+4eHQvjJl5z6hzlBUC gZmNUXAdX8+paWpJif0l9ACVXmJrGr6SbAr6aappgZAO/83QMFkvgrIEKkeppajL AoPcTQAAACCAAAAAukY0tfpNoFS9DKSK5JDldxHzgRk4QkKRWbp8oQAAAYCK1FU8 TkmqJHKKtQJEF7Ey0spTpV2VlFjy91mtsENb7u+jos/NADjiQgZD/EpN7rXZ/qoe 3yEZO0DhS0KYKpTzXFi4EUfXGJ0mPJsS/mOrn6X28DooYMGGQy46sE8qsPL7YUe9 m/ftXSBxO52iE4Piw6Fo59CdPYpaBY/SMJW1rP64ZKMwa+JCX6GtMq1tk4LmA7A8 aK9K8CRjlxAsQVXLqBGr+Z2ng553surJlwWIyh0KI2FyOhZKySKcLoDc+o20+eKY A+/7MWjH/tejpt5A3aGaBTavm1t6+u+5xw1q6N8S2mWPYjYEOuqHPbKc628H0Qj1 IlaHvQww4whOIJC0WuL5Kpe47LepcFxJVrizHEo9YRB8hOR63abIDV0i2rPYWSIP nVqrE2d6498WjwwXbRdrVFBsY5hT8E3e8nIvOcGOXOQm4UVirY/yYkeviIcO+3LA zOg23o/uZ6ZiN4JFtQK/H4MJmYigk8583IE2THix9KUbgA32E3xx1l5rCJo= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg180000664000000000000000000000213613252671167016370 0ustar AAABgMe4bXBEIY42dFPSEOdkM+Tiepg9scVgu5dVqPt9gZkSxWz+ACqx/z9yFluU PAso7UYDmgfeUH16Kfc4YD3s0ScDgKQflx8lkmYaZLovNR2aaeUaiIoFFWt/4VY8 S3fuk6RJSROEOKKri9z8SbTnjRzedm5UmEdgBX12zXQMlKTdJaRqp3sY6dcH1nOE l9Tqw2T0eS2XZqFqDiNIB+lrjGTUBLvbh245tXme9T/my5urYu8Z/cwr3ZBb7aE7 nvesNfH1V8sNxFjAGeK8Gan138Hk7Knm1GZWQSQwSjHwOGBaPjQtoBvhwrVFYQ7d LBOXo8g5ZYjGMp7+tOFlr1s2ijmojkiI459Auz3k6xQWZy+Zn+rTeu8cqWQ/8yzb wPzr5ijX5G0oGpidQ90hQyFRr2i+P21WrPvbbJfYf8teYpG/i07hJ1rg60ODzHU5 A8jSn0rbalR+QF3s3/KIxfbHqjDcsS+E05JJOnCTMxfA9eZVJgH64Y8X5uW7a/OW 0y2KuQAAACCHb6CeHcYrI2zhwxVbpIsMz9op86xal/f/ob2Hto0qSwAAAYARCv67 Esf4YrbeA9R/28Mybg1NMbEqjKlbLe4hI7zGZ9T3LB5yCXZ9JyH5X72aTQMjbVQX T7+v8sT/ferkc4sg2fN78KETTCiLQgrwtXkuR6klE8BBPzRqTturLEW9yhP1NBwr Vbi6VJMrkhe1qFnlU/FLuMEg+7nZmQnf9epo4Us3mWT9Pzhh5bpcyXDEoYDu9UQo cDlhAh571oy2N5J7jL7mgF+icoW/7k0e9w4CwaGKfNeL7x3Zza1F3enNaQdVBQ/E Zik37h1vTbEoB8zJW8Q18Rtx5whgSLHatZE8YFUBLeguQ6TlDPk/7/Xcq4FKvCJM XgAlvYaMP8WSBBu6BHR8EK9RP8NuTZHGPuUlNCLPQGM5jXfFL8sBFCfL/PpnsbLC 0apKPacmRcscdnA2BU4vMfiGZaVEYciF+zIZ1a2HSKARWPbHwN9ajJCLqMPlNoIk KIhse1ALvBW0nfdGud5aeP47T2mR0BEMPL/0WAOdw2Jhz0avS8JRU2j0q7c= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg190000664000000000000000000000213613252671167016371 0ustar AAABgKQQ0j7ZrZlk0+QBy5MXolIT91cSrLxcEhkavz8cDnI+IzO0nrH5Ww+XSNlS 8Epa41iFnThEA842SqP1jdl2mQm0UEhUjFWHKmr7s7FcVIgvlsIN8bLfFk8LrISc oXrS32Or11yIGSLnmlAJ8At9YxYi6Q5/pOmAYYV14da9GnLVtqUPT2pot5OTfEr5 X8EVQXWaFzZXfZRIuHeS3/ByMkFVEukzdV4SJQ1GbpzI3xUHJ9dH5R/qeWQVgyax Nl1YDLGQ9FGCkVmCIf3zbGMFyLio7QVmPdewBulF9ZKrvsrkYPd8cbbsZJ0/1TlC Au17u9BA97j9V8sGqZviVPol1xo3YHNARsKg2zg+Ajl5E65nzmWHDZ9sb2ep0ASX vh12OyGTfPnL+aJO+Xu8qgeRb4iU5bf7AyWIIaxGFAllsjxUCcpJAm77K/lbzgJc QYOl9lm/aq7vVteTO7KWl9fVQTSMhx+gH4aWeLLjRQb23ApMEytomg7SfcPI1TcC qlhIdwAAACCrxnQXclzyj8dkDV3kOCX0Fuv6gOGRxC7ohjAzOPVgRQAAAYCGfV+3 L1k20aFO07YEmWYvMSRobvEIxbPaZmOg6GGX7CzEyUYBk6dP8WAorJRBsMfSfCJy 1IOsfNeU1ZhBbE/5CZphZ51BfUeM5d2XS/NJoUV1r+dKiLEt1fbRy9P5Hd1ZftaO eeukAmExMMIkuUrChxSh8cVSR1pdKc/N2OCKax1lZh4o7zE1FNFAj1q9Pgbr46fY FNHt4xa/SVJzyh1XT0K0gu6jDbU0ZvRUtRoXWguJs8Bd2gBucZouY3FmkIDXaMwD jN+4CY6arZuNg9S3WfQ6ydIrNT7YijNyNVAVDeA2G3o3bze0XUN/cctxHyhH3mca 0QWVFqHUV1UiShXTe0rq2j9YxpoTba7wY2/jjjdSBkr+WYQz6ACJ/aJLFEpGJzS+ +Pd2OIRbAOWc5/pPHa9IeiytoR6rpyuyPh32tmoYPt0ibEQCct2bBr7A5X8aCCLS 4AISBkttumRWIIX1p1kpr6X+UJ4LeOYwqvEvkeSYDJsNb34Fmi6j4jR52TA= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg20000664000000000000000000000061413252671167016300 0ustar AAAAgIubMvW6OPqtXg1QbrVVVA0NeWMZVVjKMIt0ZiKNkqF7OxS44Kt3qfOylZoJ hIqmn435LNnp7e8K33ks53v87Mrdk1JwDKX67PGB+gwybbHW5dNSRYAR5RvTJI9O O9fIINfgqBkyrKHro5AXXlPq2hlyI2dOOQAmPpD3LZTnRHv/AAAAFLxVDpZWR/s6 IPJF7IR1Ykq7sm7dAAAAgBEzOpMfulA0h3dzdoWf3BL3xoewlIroidKH8benEq0i CuTxzjedDbtcmr9BliHwBfwSPDJ+UFXRhQY0w205fmieER1ZjBw2NrlAyE9C9DaE bo5/ytkBLO2jmHIPMv/9GkWrYTbOQXBpIHrBQGdbj4bdBjkVrm9isM7HKfvVCawX nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg200000664000000000000000000000213613252671167016361 0ustar AAABgMHQptC17WFd7nasWmDdNeywAKICBjAYsboKBv56APdl2xxZpoDOz+OtQUdb rbWtULYUfiWWuI00ZWBSrKeUhupvbskLI+Nj86uM3IuTtioHDgJojqh3hDpGhcK6 bbER6a3b18pLzmW7EMnOtpv4BuLr1+VO3rf5lqZckHtQ79+OV1uuRiohnDAv7yro HXPO51J0YltfwpxtYMBX7Z57DUatL1f+AfgjIw8xQiciMZzgq/HxQfMmwA+8K+TN uJRLb9BQvTAL2xxfTaclN+VT4B1RI5xNRhhg8ftP2Pp59dUmP/Yv7XAI4uCi02v3 uQYtDXXbImw0ZLZ7okEBsIXyxnDA+HrlMNmO5gxUcvSqFfslBB4ZEGNU2ga8Kx0y LUDtl7If0c2tMCXGnabOnH3fPc8epNVld7/ewjBxwfBe5Ad7U5HppATq/+EtHqYt BqzWvxnpGhWNIGa0zSDkxOUv+x1SBM0CK8cQjyx5n7Rohm7xywm84J39SeR0D/gU BJe+YQAAACC/ZUQcmHt3NzherewVjdAWFNpvFThiSOWfPN2+/I6d0QAAAYDAKshT dfq4C6KnhLlOTRRbO+D5IJDroXvRI1jPPgP0N5WE+HQiUvdrHt4/w3KBQg50qWPk wIh5b/K6uNtumkUw/GfVH4i5BatDmVqrRjZMtAwSVvBGbz2842ID7yKLNekCR+le URXoMbEmtijumE80mRHTD/udYTtQqE36HwQrpTa4LVEB5xHGKfnyCW3INN7sY7cP KiMVptJzI7mVqiDT0HNwdRhvUEmvb1EqDDip2gaBf0thm5RSDt+shcSm4uGGIlyV oE7Dw0IrjesoTpjSSzFGWAIAigl8JZaegmwrqlnSy6M9bB2fOWIzDB/Np8+xhQj+ p9BVXjoWna7TU/Pub0uzAkQxkWHf9kOKN8p5OyS7sbG8IZT8bm72AngVeJnLA8Xd b8kag26yCiXAmUVkPZX3vVDSBmhNb/wU0W2C1feBIlv/kIOSpXk7gD+bcLTfyzlP ntgcGOORoJ6z+ToDLYG6Zwyr/W9kql4zdMt8ICn0UgDk8L/YIMi9WNxe6zQ= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg30000664000000000000000000000061413252671167016301 0ustar AAAAgMuhPlM2N8N8DoDZ/NBSweQaiKwyXE6+E7cXAIjVTu9IgfPTXq5HwhA4WoSF 0kI6ZNo//aY6Jvks9aME85JgOEqbd1nYrBrcgdP4v8XmyxDvtOD3WGf06EjRozhY bdBkj+6xY2R//nF2F0NwVA7oqPWI2ozBQ9k59wsRSn+YG4SDAAAAFJUDG4qnHynV Jbdz74t8ZwGtil2ZAAAAgEW8qkQ9TNFgLSeq+EEm7cc713Pebs4V6X5/70bxMHK3 rcr3sAU89HBpRN+MRWjybJl+53UwAPvkd6N3ZqTpcP9AAI65ALneS1+a4G4G22EG 54cR86Z/7KdN1b3c32da5AFO6UiaQpF/vuO7nyok32dRLBw1yXv78jCOqs0oNoxc nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg40000664000000000000000000000061413252671167016302 0ustar AAAAgPJKSvxyx+Nzo8MJYjMv5UBcRZMJY5CUGMMHkqrxNd3qVh6U8kcmcWt1oYgo mC5M5Ewf3ct0ZIe2t3qaWhf4aKtQzWIbW8naRwiAsofXOYGQpCpe4i7Y0f8UfiAZ gQyCmO1o4cpp1B1VXySeZJ+xcl3bB1wXs3vv9Gf90WCSQzc/AAAAFNoGWgeN21bu XSrQbK+rIIINLEdVAAAAgEe1WRt5BD5OA8p4oOJ3yaIeKmtUO/TwRBBM2ayT7/jh AbtgMe/IxZbV0vkuOj0PH3RwLdVPd9PNRsBN7npd6fAK0xdpH93O/koiCiZRrK5/ zt2pK/zKhV22cF6Nhk+Bkr9r+GDADwitZJPswYcuACjVyG1EUF21dCJRXDglpveK nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg50000664000000000000000000000061413252671167016303 0ustar AAAAgIjZaOlgLsvabYb3yXCj/76x2pYvKMCvuScO8FvDMMqYw634PAcv6wX7Lik7 UGW7sMvMkwwk2NB4ad6uzZKiYEwPXdNcW0Mf2moiLFLDViv3VxxxAgm+izuFiBh4 hyX+gRK31ryC4P8cu/XW/pRpCvK1EOQa2CB9wsAvufpc76q1AAAAFKZlaJueW5zo L9FnYAbPTPZ+zFa3AAAAgCZ+KChXQXdSET+6P8pxVbXOiefIozwaKRIuK3IJZfwE JFJn/4f8Z6VzD+WzCAE6oyZpkPuzmBhah+BVtEOoaM4M4TrmruMwudJdO7s2JmXF iB2vDFqnXp1KgujwTJGprSlIIuM5eKsME/rcRYMfnTfaTvoPwsXrATcfqFt92x+C nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg60000664000000000000000000000137013252671167016304 0ustar AAABAPLTntMGKxPJFic2AKDyoCnobXpLkhe08YFb8rJNlxClerM/mXKUsBRYW40B mN/cy811MU2l/4WqNEtFra6ql5tRoxKnv6lEcvtjPxpvFWu0RYhn39OEA/BrhR8A /i00hAd73tcat1E9BKFAIgV1+2kzlUgOTIQCt6Rs7C03p3jDBazNHxPp9i6GUxX0 sizEZ8iYbsjklh3fgQVmsMTuNprGqhXkP0dEAFgm9b3oBxoZ4wtpCarEs9F0I3Jw 2tAnmdCbiizF8i5miUtUIiKLLCNPEfWnccW4nPRloqzsu+6qFyX+j5tZQivomRBS y1Vt3yyM6PqSBtvzn+rcGU4A+OUAAAAcgAAAAAAAAADBGPSYNeTvczxNFYAPzwWe iE0xsQAAAQDjqTwJ2m9WDk1IOjgqTFRvIzXDakw1rBRjwIo+bdQV31b9xTfyX9U3 K+Y+T1MAeAt4LxrNAci06zNBRhX9Dqglc6y6fvg/WpQ4VBUa/C19/hIfuM0DM1sG W1ScXcxga+kFJIO8KE4SrDyNugm0JuCEAgMOcLwcwr+JV8S6BjDz8yrWiTiaxHRD F2Bj8kfZ4ilrPqW1vCM1go6hoIDtNZGN7iEv0DEnnRuJTwGv7FI4M2aerAMaQg5U C6EyClnEJKPlhJpGCla8sAFkeIWxQzxPmSlxdGv+KXfOclnFULVRpsNXYeSkGvdk 6NkhMvzApZ0WhOq5DYY/KfQc91ePqpCM nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg70000664000000000000000000000137013252671167016305 0ustar AAABAKqBXJ2xxNPSdzx9DU0dp17PxKOel9X6GR/+yLFJCikM4zXlzofqYgqKF94L tkcU4uyEC/AObr20/7TjJMoHw8hxcwmvFBA2Kncsmt2DiysMrh6Qq0SK2r2s0uXf WcQYejKiNxnWxX6UAIhTg7+PBm8juUGSDVTDW098xQRPO0DxcEaVYwe3SOhAcyhE 0Aqc5uxXFCk7YmUUfxXGf0vjiwgrVf3q22EkaJ+3b50lzCi46qmLVi1cEBHg3Pmz mSMkDTMtidyWA7e93QxwuDyqKQVjGxyDyruubAwMLv6PWBMe2DUb+T6HX2pzqTy6 1HAUGiaH+6zy1xyN3ulxrWYHKa0AAAAc6jR+kL58KHXR/h22IrR2ODfF4npgNzED SMGqEQAAAQAgQglMy8i4cj/JKMEv2mcbgylemcdDV29EUEvhGGMjMZtQAtJPFz35 CeokHW6lKJkE7kY2IEsvvpSwaP4JP3liV5VJVR068hmtjtGZOe/4a87INN4vL3hZ bonny1LFJOF3CYpWwjLrH1Y6qEvGsCbe7m/1HLRB4IDy2vrqHO2GQn0cNGvlXGaA PUt20TPNRFtMNIL6QVAjRjyb8w8veEIj4mBX06oNf7tmBjDFLknUoDJcc4ngcqo0 nxPJZuFZdS+7cekzaJD5MkP6bnLSmTZe5bP+Jm6/ERBWj+5EJchHtQIQvUhLl0Ma QoVq3KPn0anJxnXH4maRgyDdWnikjEip nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg80000664000000000000000000000137013252671167016306 0ustar AAABAKTH6qtCxMc7dXdwkWSJ8XzVByXNCkvE4c9n92O4wd4tbauYVrqvsAjzZbGK QuFNxR81C4jsoCCcWqT9caepbHZfWQHCHnIFcNeDe+x8dtLkk0RzHKOUBdCoebng 3NGoEl/RMOweeD5lS5TjAC5rYp6QSrOHeGdyDL1UtCcKnhXNAox8x5bwbCcqZglR ko/b6y3KBhtB6TIlcwV0L/FuL0KRkdXl8abd9ueMXXciz/gKnAvVyNeuuowEQ4mS sHXjB8FTTEmtOA9Hf195h9wXLBYdyjjcrz+zhGxyyRGaUpmtx0iVGz3ODQDUqQE4 ALIAggO3JGW8aoSuBZowxFIt6lcAAAAczon+MyuOTrPR6N3OpdFjpbwTtj8WmTdV QnrvQwAAAQCMRl7fWhgHMCkeCA38U4U5elAGRQ26Lv4BKSZPvYl7tVecoOqxmqJ4 IgQkcktPKm9u5jKEMqv2YTgGRglyM1BTOcVRnTV9cRK27sk4uF1ap1zC44CS8KUw rLVOUP6CxNVi+w8wNrgLMDNAI+u+ZjegAQsAx9uGNxFoVjZx4eDwKK7b1F0tVyYh pgmYKgc+Uaridwevvu8p4uzuhNem1do4K+OjX0K2xmhJICqxnQJbhp0Id2R20auY FHWtKtLz5v0H4waW2QpiaBbfYNbKev17SC+UL4O0XMgpM3Mfh/ruMgkA8qo+cLGG fhQw5AvmfAf5KQKZ7wZ7iySnUVs/mSwH nss-pem.git/nss/nss/cmd/bltest/tests/dsa/pqg90000664000000000000000000000137013252671167016307 0ustar AAABAKa7UzPONDwxybLIeKuR7vL96jXG2w5xZ2K/wNQ22HUG6GWk0sjPu9Ymzov+ ZFY8pWhs2M8IFJDwJEWyiQh5gklftpl2sQJC1tUPwjtNvbC+94MF2aTQXZ6uZdh6 iT6vOX4E45uqhaJsj/ve8SMyh7X1tu9qkPJ6aUgaky7kexjV0n6xB/+wUCXmRuiH a1y1Z/7B3TWDXUIIIZhTH6++WuKAxXWh+w5i6bPKN+GXrZbZ3eHzPyzsfSferiYc g+6OIAKvfrboL2oUeWrwN1d6EDK7xwkSnKq9it34cK4tBZXI/bNxVXSPDeo0tE1P gu1YwvWxuEgWYqxTRzxpNBAIL70AAAAcjD7lvZoqrwaL1YRb1V7PJ0FwVTB1d7vD dw7GiwAAAQBDtaa20LuWLsl2ajd8MsxBJPExEYjC7PlcDNSk+glyJbdhjLEnbEdF eNO/VkwUUZnAkqGxS6qSnC8/DzbgwtrpHroIvjCZKoifKVLgRCw3r0hKTs3DJDzP y540E89c3WYwsJ/hfvv94U2HJUkwGbe3PR94K0jvML7DbgDgK6M20iVPwgKmlhLN lEb5HXa3Of+m2LhgUvjcXxFFgBxWJBr1upA3JBvYnmM4tY4BMQZxwmjrXjOstX0f mfFkQKZ1gn1AF3VNYBoXraL77fkEVUqQsBUw2oyTzRTOKTyyvT55N+k0t54xD+TY DBP5L2M4E1W9gKGr7hpz/fttok7ygAKj nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed00000664000000000000000000000003613252671167017130 0ustar aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed10000664000000000000000000000003613252671167017131 0ustar mMvMSWnYReJGG19mOD3VA3ErvPo= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed100000664000000000000000000000005213252671167017207 0ustar nO2J6lBQmCIigw7+8m5zlPWrfYN9RUmWLShfrg== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed110000664000000000000000000000005613252671167017214 0ustar LLnB1hfhJ6R3DQqUb7lHxRAO0MpZRU6oBHn2iF7BBTQ= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed120000664000000000000000000000005613252671167017215 0ustar RQMLeaOVsWMnAMuv/q2XmY0CvtjgZWh2/AF05L25b3k= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed130000664000000000000000000000005613252671167017216 0ustar EXpSnj/fx5hDpaTAdTkDa4ZSFOAUtJKMKjH0e/YqT9s= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed140000664000000000000000000000005613252671167017217 0ustar I2gDehx2R8aD1+MBrHm3/uvHNu/+OrFkS2gwi0soYg0= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed150000664000000000000000000000005613252671167017220 0ustar X+Ya/dvfBESbJClaUqGgN9PzFEGjzsE4t/AQLbhu8TI= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed160000664000000000000000000000005613252671167017221 0ustar QPUDq9cP1Jp2xnqD4IsGKz/UZa2SvkM8CA5fKVu59Vk= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed170000664000000000000000000000005613252671167017222 0ustar KeTXeQ4YG0dnkD/g6zd1fzPxMzfDNYjB/b+6DmVatiE= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed180000664000000000000000000000005613252671167017223 0ustar PXwGijl4stj+kDS8rWWtfDAMREDkCF3igOV37qcsEgc= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed190000664000000000000000000000005613252671167017224 0ustar QLXMaFw9H1kHIiivlVFoO1uMj/ZSQBFK0trPzPOSgFc= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed20000664000000000000000000000003613252671167017132 0ustar jLNdJVUFpMQUIeVi0QgnJmqmhmM= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed200000664000000000000000000000005613252671167017214 0ustar tZkRG594QCzv573ov1U7bKANWrr5oViqQvJge/eFELw= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed30000664000000000000000000000003613252671167017133 0ustar hZdsVhCnSVlTEEClUSs0fqxYfkg= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed40000664000000000000000000000003613252671167017134 0ustar M8e6iP9pcHlxslrDRK5KVm4ZX5k= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed50000664000000000000000000000003613252671167017135 0ustar LxcJB6xpcmsU8iBW3LN7TfhfdCQ= nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed60000664000000000000000000000005213252671167017134 0ustar cZc5LTLQr2pxg8wzmFVvj2h9hqj/dCvmrThWLw== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed70000664000000000000000000000005213252671167017135 0ustar N/rdQZ/L0rBzoGrpa57Otj4prumsX6K9sxq4XQ== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed80000664000000000000000000000005213252671167017136 0ustar bzJlRqoXSz0xnvczHsjf02PdeK5YOpIBZf9+VA== nss-pem.git/nss/nss/cmd/bltest/tests/dsa/sigseed90000664000000000000000000000005213252671167017137 0ustar fg8c4h0YWuZcCgA5VWfqnPIXRitYucicTl/5zw== nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/0000775000000000000000000000000013252671167016013 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/README0000664000000000000000000000011713252671167016672 0ustar 0 nistp256 1 nistp384 # the following tests are not yet implemented 2 nistp521 nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext00000664000000000000000000000007213252671167020174 0ustar GoWqve3YezF7HOABQjioFL/3oq32oM9pHsGTQTJE7aFE62nItVqAdg== nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext10000664000000000000000000000007213252671167020175 0ustar PM6xHbiwP6Xcb44mg7BHtaJvd8PkxgvHAB1sh2cF0so3naFf0Tj6vQ== nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext100000664000000000000000000000012413252671167020253 0ustar AF3bbyED08NTrUgKmag9HiuUbaW0skXA/Bp9RPjRAD6M0rp3nvLDKozI940jxPP1 nWpHF7VcyCVzJeV6 nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext110000664000000000000000000000012413252671167020254 0ustar AOLrxy4FWd29ToUjOwLs6GyQ+dYZN6NkZ8oVO6dsAEXt55ePlCWZbOtmk6v9PrNG JOsY/MHnGhDeAGRl nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext120000664000000000000000000000013413252671167020256 0ustar aQHMte9cFByD9Ff3rZOPOtPI75luPoxemmgjXIgh/9jEeoTdDk8xuAYQUkayCfs+ DpDaGnOLkfAyZ8GcuaCujg== nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext130000664000000000000000000000014413252671167020260 0ustar AaeVCRJQPbpTqa1+zLd/8xAbkz3KKTr0dlS4tuGC8hc9j5esAeEv+7IklbA3v5Jz jC+nJy4p81iNO5E9H8nfGGckfQSiFzHG nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext140000664000000000000000000000014413252671167020261 0ustar AgU0N7zJPg/1UxmCWD5Z+DqDqkRKjy4heFgayCyopb/u4XErAZArgsjashAxzMKC PSDJasPT90T5Va8sNtjXtSpHWxc2roV9 nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext150000664000000000000000000000020413252671167020257 0ustar NXo8is+7lAoOwWGt7+GBbT/UX8LGs8TXEHBI+tX9311pJ4J3pfBYobgN0ZK6ZBtp dS6PkrPaQp0S9nrfTOS5uAH95eD1eymRfCbOnjTUKzLuIn53V17vRjdcDtLzrhzX nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext160000664000000000000000000000022213252671167020260 0ustar ADhxjBz/ACTy4GJlL0tYZpyNpC4DsXND9lJuU7x9N7g6gkpJyBPw3vBYU1olw6PH dnegpgAm4Gh6MCsZB4KBcLwl1wjt4B3p2eqEqDYn5fiie5f4XuRomvI92jR5Sb+I nBLCHIppt/Q= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext170000664000000000000000000000022213252671167020261 0ustar AGhHQ6kfdZRgu1svQTXEIewvFVglnUy6ANPumyUbM14AEfRkCUNa1uzvhV1sbWYj qT3egQCA9MTjThDNJeDOvvL6hVVOryUv4+C3RtkpQGCtdml+CSsjVTej8h9JbMds Dme40b2G6fE= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext180000664000000000000000000000030613252671167020265 0ustar AGBuqk48tufy0bKEWpu+xEHsmi+6KCfdwOSRwLDnpVetGe9AWknHDzeTSwe0QxcE RsEkUZGDpxfzUlCLSSSU+ErrYY/uyLV2AJTb3prB6A2YNwdmFGeRbDoxeOu7FuQA 3gxBQhR+TGMuskeM+BdHFmFrwvTTdHCGzjTBa5S8mbgEJTfeik/it28T/9i+duZ8 nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext190000664000000000000000000000030613252671167020266 0ustar AaiotJfCiWU1d2LFe+t0CcWHDSF7EOlApWYJ+RNRSq8TbkXJIzi6abbb7BovtRwf i/COYwjS7OnkFQ6x5Pdrb7OZ0dTAdDRXAKtXWSKR20Y4fhnx/HUxisFwKrsCEQ3O uVtwDG8rh5V8zjBnCEcs5Iy9CsklucibR0PIyglVmW+ZuY42YNebuOC2VUKqHNF7 nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext20000664000000000000000000000007213252671167020176 0ustar Vli8Hau3xL8oder6ZdM9Y3fMd92jbguiMq6F+9CUjlUQXy5EwAVGeg== nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext200000664000000000000000000000026613252671167020263 0ustar ALAM5hGnex7TvBbSEzDlfv+n5g7aWyRyZsBbl2Y6wW1plSovbq2GcV6w1ZV1Vlot 70zbqkKyNApvTi3xoD4Ens6pAeLMYDILwaQhnyJZWQv3etbWqUKJZNgfH1IDj03k n9hbjYLX3y4bc4CnrhOiv5Ab34s7M8wUYcjC+DbHwhLl/S6N nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext30000664000000000000000000000007213252671167020177 0ustar AFohw5TN/dpmqbhp/T4z1Rl1boAUA6r9eEPJbYN0zf+eHZzyvezxqjxU nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext40000664000000000000000000000007213252671167020200 0ustar AtJdCPXn5yQW34jekhsnsNmaMOeeA3KIVl1d2+7pb6QycUAzYccgwSrp nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext50000664000000000000000000000007213252671167020201 0ustar AzEg0sOGHwxd0o3cv+o9dsRPOzXMAdpgtI6O0uUmVN2+a5qI5FYQlItz nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext60000664000000000000000000000010213252671167020174 0ustar 5+HDXH/ieN8Bzxd3dfxKZoqbbhsm7jyeqWdemt6Xy0kx+7zwSYsh9Ng5KRdy6wtA nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext70000664000000000000000000000010213252671167020175 0ustar WcS9umnUASP0X6lHvkWJwPY37ZVvAMLBERHLjL3Vzg6QVjwcS8kDVortTFei3aTx nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext80000664000000000000000000000012013252671167020176 0ustar ItpmPaGAaoe2feXPbh5+EASLGnEzyYbEnwJ+JFNSOQcoY4a/cMV2rn8FYyBsEDiZ LPDBU0i2uOg= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/ciphertext90000664000000000000000000000012013252671167020177 0ustar QjzCVGRUjulOLqeBqC5xpY0GWomOrmQUCtImY0czn98a/jHrdgsSRKiMHukBUxM1 TIRGjkV2L+A= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/key00000664000000000000000000000024613252671167016610 0ustar AAAACgYIKoZIzj0DAQcAAABBBNGB7n4kH15tKA/SMpetaQVqg6WxIuuUuMQT2tDX NN5jKZfaxD47NsTjTr3x3D5t1qRBYuL6VtdgIuxBIHGG9dcAAAAgaGjyZBL+LN3a 7NkGiHJBfqh7XKNH0AnPF3vFWpostIQ= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/key10000664000000000000000000000034413252671167016610 0ustar AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGG r2VDwOfqb9tMninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lM q0RSVECCgdBOKIhB0H6VxAAAADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsA yALMCiXJqRVXwbq42WMuaELMW+g= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/key20000664000000000000000000000045613252671167016615 0ustar AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/numtests0000664000000000000000000000000313252671167017611 0ustar 21 nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext00000664000000000000000000000003613252671167020025 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext10000664000000000000000000000003613252671167020026 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext100000664000000000000000000000003613252671167020106 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext110000664000000000000000000000003613252671167020107 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext120000664000000000000000000000003613252671167020110 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext130000664000000000000000000000003613252671167020111 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext140000664000000000000000000000003613252671167020112 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext150000664000000000000000000000003613252671167020113 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext160000664000000000000000000000003613252671167020114 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext170000664000000000000000000000003613252671167020115 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext180000664000000000000000000000003613252671167020116 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext190000664000000000000000000000003613252671167020117 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext20000664000000000000000000000003613252671167020027 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext200000664000000000000000000000003613252671167020107 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext30000664000000000000000000000003613252671167020030 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext40000664000000000000000000000003613252671167020031 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext50000664000000000000000000000003613252671167020032 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext60000664000000000000000000000003613252671167020033 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext70000664000000000000000000000003613252671167020034 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext80000664000000000000000000000003613252671167020035 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/plaintext90000664000000000000000000000003613252671167020036 0ustar qZk+NkcGgWq6PiVxeFDCbJzQ2J0= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed00000664000000000000000000000003613252671167017440 0ustar aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed10000664000000000000000000000003613252671167017441 0ustar aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed100000664000000000000000000000005213252671167017517 0ustar fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed110000664000000000000000000000005213252671167017520 0ustar fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed120000664000000000000000000000005613252671167017525 0ustar /jI1NmJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDk= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed130000664000000000000000000000006213252671167017523 0ustar ATI4MWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBi nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed140000664000000000000000000000006213252671167017524 0ustar ATI4MWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBi nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed150000664000000000000000000000010213252671167017520 0ustar /jM4NGJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDEx nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed160000664000000000000000000000010613252671167017525 0ustar fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed170000664000000000000000000000010613252671167017526 0ustar fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed180000664000000000000000000000014413252671167017531 0ustar PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz MTQxNTE2MTcxODE5MWExYjE= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed190000664000000000000000000000014413252671167017532 0ustar PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz MTQxNTE2MTcxODE5MWExYjE= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed20000664000000000000000000000003613252671167017442 0ustar aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed200000664000000000000000000000013413252671167017521 0ustar /jUyMGJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz MTQxNTE2MTcxODE= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed30000664000000000000000000000003613252671167017443 0ustar aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed40000664000000000000000000000003613252671167017444 0ustar aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed50000664000000000000000000000003613252671167017445 0ustar aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed60000664000000000000000000000004213252671167017443 0ustar /jE5MmJpdHNPZlRleHQwMDAwMDAwMDAw nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed70000664000000000000000000000004213252671167017444 0ustar /jE5MmJpdHNPZlRleHQwMDAwMDAwMDAw nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed80000664000000000000000000000005213252671167017446 0ustar /jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA== nss-pem.git/nss/nss/cmd/bltest/tests/ecdsa/sigseed90000664000000000000000000000005213252671167017447 0ustar /jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA== nss-pem.git/nss/nss/cmd/bltest/tests/md2/0000775000000000000000000000000013252671167015416 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/md2/ciphertext00000664000000000000000000000003113252671167017572 0ustar CS/UNcrWhB5Knt7Gf8Tz3Q== nss-pem.git/nss/nss/cmd/bltest/tests/md2/numtests0000664000000000000000000000000213252671167017213 0ustar 1 nss-pem.git/nss/nss/cmd/bltest/tests/md2/plaintext00000664000000000000000000000002113252671167017422 0ustar 16-bytes to MD2. nss-pem.git/nss/nss/cmd/bltest/tests/md5/0000775000000000000000000000000013252671167015421 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/md5/ciphertext00000664000000000000000000000003113252671167017575 0ustar XN8lnQuWAiMqmSGfvd8Hdw== nss-pem.git/nss/nss/cmd/bltest/tests/md5/numtests0000664000000000000000000000000213252671167017216 0ustar 1 nss-pem.git/nss/nss/cmd/bltest/tests/md5/plaintext00000664000000000000000000000010013252671167017423 0ustar 63-byte input to MD5 can be a bit tricky, but no problems here. nss-pem.git/nss/nss/cmd/bltest/tests/rc2_cbc/0000775000000000000000000000000013252671167016231 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/rc2_cbc/ciphertext00000664000000000000000000000001513252671167020407 0ustar 3ki6eVsWpY8= nss-pem.git/nss/nss/cmd/bltest/tests/rc2_cbc/iv00000664000000000000000000000001113252671167016642 0ustar 12345678 nss-pem.git/nss/nss/cmd/bltest/tests/rc2_cbc/key00000664000000000000000000000001113252671167017014 0ustar zyxwvuts nss-pem.git/nss/nss/cmd/bltest/tests/rc2_cbc/numtests0000664000000000000000000000000213252671167020026 0ustar 1 nss-pem.git/nss/nss/cmd/bltest/tests/rc2_cbc/plaintext00000664000000000000000000000001113252671167020234 0ustar Mozilla! nss-pem.git/nss/nss/cmd/bltest/tests/rc2_ecb/0000775000000000000000000000000013252671167016233 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/rc2_ecb/ciphertext00000664000000000000000000000001513252671167020411 0ustar WT+tc4fANhQ= nss-pem.git/nss/nss/cmd/bltest/tests/rc2_ecb/key00000664000000000000000000000001113252671167017016 0ustar zyxwvuts nss-pem.git/nss/nss/cmd/bltest/tests/rc2_ecb/numtests0000664000000000000000000000000213252671167020030 0ustar 1 nss-pem.git/nss/nss/cmd/bltest/tests/rc2_ecb/plaintext00000664000000000000000000000001113252671167020236 0ustar Mozilla! nss-pem.git/nss/nss/cmd/bltest/tests/rc4/0000775000000000000000000000000013252671167015424 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/rc4/ciphertext00000664000000000000000000000001513252671167017602 0ustar 34sTZJtr20k= nss-pem.git/nss/nss/cmd/bltest/tests/rc4/ciphertext10000664000000000000000000000005513252671167017607 0ustar 34sTZJtr20nGP6VxS3BIBxxIYm6QGIa1rehFHn51z9M= nss-pem.git/nss/nss/cmd/bltest/tests/rc4/key00000664000000000000000000000001113252671167016207 0ustar zyxwvuts nss-pem.git/nss/nss/cmd/bltest/tests/rc4/key10000664000000000000000000000001113252671167016210 0ustar zyxwvuts nss-pem.git/nss/nss/cmd/bltest/tests/rc4/numtests0000664000000000000000000000000213252671167017221 0ustar 2 nss-pem.git/nss/nss/cmd/bltest/tests/rc4/plaintext00000664000000000000000000000001113252671167017427 0ustar Mozilla! nss-pem.git/nss/nss/cmd/bltest/tests/rc4/plaintext10000664000000000000000000000004113252671167017433 0ustar Mozilla!Mozilla!Mozilla!Mozilla! nss-pem.git/nss/nss/cmd/bltest/tests/rc5_cbc/0000775000000000000000000000000013252671167016234 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/rc5_cbc/ciphertext00000664000000000000000000000001513252671167020412 0ustar qsv4Fn2J6d0= nss-pem.git/nss/nss/cmd/bltest/tests/rc5_cbc/iv00000664000000000000000000000001113252671167016645 0ustar 12345678 nss-pem.git/nss/nss/cmd/bltest/tests/rc5_cbc/key00000664000000000000000000000001113252671167017017 0ustar zyxwvuts nss-pem.git/nss/nss/cmd/bltest/tests/rc5_cbc/numtests0000664000000000000000000000000213252671167020031 0ustar 1 nss-pem.git/nss/nss/cmd/bltest/tests/rc5_cbc/params00000664000000000000000000000002513252671167017517 0ustar rounds=10 wordsize=4 nss-pem.git/nss/nss/cmd/bltest/tests/rc5_cbc/plaintext00000664000000000000000000000001113252671167020237 0ustar Mozilla! nss-pem.git/nss/nss/cmd/bltest/tests/rc5_ecb/0000775000000000000000000000000013252671167016236 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/rc5_ecb/ciphertext00000664000000000000000000000001513252671167020414 0ustar 4ZKK/1v5Ohc= nss-pem.git/nss/nss/cmd/bltest/tests/rc5_ecb/key00000664000000000000000000000001113252671167017021 0ustar zyxwvuts nss-pem.git/nss/nss/cmd/bltest/tests/rc5_ecb/numtests0000664000000000000000000000000213252671167020033 0ustar 1 nss-pem.git/nss/nss/cmd/bltest/tests/rc5_ecb/params00000664000000000000000000000002513252671167017521 0ustar rounds=10 wordsize=4 nss-pem.git/nss/nss/cmd/bltest/tests/rc5_ecb/plaintext00000664000000000000000000000001113252671167020241 0ustar Mozilla! nss-pem.git/nss/nss/cmd/bltest/tests/rsa/0000775000000000000000000000000013252671167015521 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/rsa/ciphertext00000664000000000000000000000005513252671167017703 0ustar qPVrXv0y3SC5rY44bIi6GE4Aec8uDpHH7/cCg0FU5as= nss-pem.git/nss/nss/cmd/bltest/tests/rsa/key00000664000000000000000000000037413252671167016320 0ustar AAAAAAAAACC5lyu2K2ro8YGnvOCKaL1sFX1HEIblIVbuMXsa8oeFSwAAAAERAAAA IBXVjKwFG6LvPG4WOIjBBzmxGNpkQwDs3W5qZcXVzqahAAAAEOEOH/WnhZCJyM39 oNfhf18AAAAQ0xvmxqXXs3L62xxogUl9lQAAABAaeiHgqkvy4wiQtG1Gkv/tAAAA EMaw2TNu6SFdKFXAYluQdjEAAAAQi0u+IlgKCt/hatGAsTrfzQ== nss-pem.git/nss/nss/cmd/bltest/tests/rsa/numtests0000664000000000000000000000000213252671167017316 0ustar 1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa/plaintext00000664000000000000000000000004113252671167017527 0ustar 512bitsforRSAPublicKeyEncryption nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/0000775000000000000000000000000013252671167016525 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext00000664000000000000000000000025713252671167020713 0ustar NU/me0oSbV01/jbHd3kaP3uhPe9ITi05CK/3IvrUaPshaW3pXQvpEcLTF0+K/MIBA197bY5pQC3l RRYYwhpTX6nXv8W43Z/CQ/jPkn2zEyLW6IHqqRqZYXDmV6BaJmQm2YyIAD+Ed8EicJSg2foejEAk MJzh7My1IQA11HrHLoo= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext10000664000000000000000000000025713252671167020714 0ustar ZA2xrMWOBWj+VAfl+bcB3/jDyR5xbFNvx/zsbLW3HBFlmI1KJ54Vd9cw/Hopky4/AMgVFSNtjY4x AXp6Cd9DUtkEzet5qlg63MMeppikwFKD2rqQib5UkfZ8Gk7kjcdLu+ZkOu+EZnm0yzlaNS1e0RWR LfaW/+BwKTKUbXFJK0Q= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext100000664000000000000000000000040413252671167020766 0ustar Iyr7ySf6CML2onuH1KXLCcB9wm+uc9c6kFWIOfT9ZtKBuH7HNLziN7oWZpjtgpEGp95pQs1s3OeP 7Y0uTYFCjmZJDQNiZM75KvlB0+NQVf45geFNKcu5pPZ0cwY7rseaEXn1oXycGDLyg4/X1eWbuWWd VtzooBnt7xuzrMxpfMbMenePYKBkx/b11SnGIQJi4APeWD6B4xZ7iZcfuMDhXUT//vibU9jWTdeX 0Vm1bSsI6lMH6hLCQb1Y1O4nih8u nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext110000664000000000000000000000040413252671167020767 0ustar Q4zH3AimjaJJ5CUF+Fc7pg4sJ3PVspD0z53/cY6EIIHDg+ZwJKDylZTqmHudJeS3OPKFlw0ZWrs6 jIBU49eda5yagye6WW8SWeJxJmdHZpB9jVgv86hHYVSSmtsebRI1ssy07I9mO6nMZwqSvr2FPI2/ acZDbQFvYa3YNulHMkUENCB/n9TEPewqEqlY76Ae/iZpiZteYEwlXFX7cWbeVYnjaVl7sJFowG3V 2xd+BqF0DrLVyC+uym2S/O6ZMbqf nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext120000664000000000000000000000053513252671167020775 0ustar U+pdwIzSYPs7hYVnKH+pFVLDCy/r+6IT8K6HcC0GjRm6sH/ldFI9+0ITnWjDxa/u4L/ky3lpy/OC uATW5hOWFE4tDmB0H4mTwwFLWLmxlXqLq80jr4VPTDVvsWYqpyv8x+WGVZ3EKA0WDBJnhacj6+6+ /3HxFZRECq74fRB5Ood0ojnUoEyH/hRnudr4UgjsbHJVeUqWzCkUL5qL1Bjjwf1nNEsM0IKd87K+ xgJTGWKTxrNNP3XTLyE91Fxic9UFrfTM7RBXy3WPwmru+kQSVe1OZMGZ7gdefxZkYYL9tGRzm2ir Xa/w5j6VUgFoJPBUv008jJCpe7a2VTKE60KfzA== nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext130000664000000000000000000000053513252671167020776 0ustar orGkMKnWV+L6HCu17UP/slwFowj+kJPAEDF5X1h0QAEQgorlj7m1gc6d3dPlSa4EoJhUWb3mxiZZ TnsF3EJ4sqFGXBNoQIgjyF6W3GbDowmDxjlmT8RWmjf+IeWhlbV3bu0t+NjTYa9obnUCKbvWY/Fh hopQYV4MM3vsDKNf7AuxnDbrLgu8wFgvodk6rNsGEGP1nyzh7kNgXl2J7KGD0qzf6fgQEQIq07Q6 PdQX2slLThHqgbGSlm6WaxgggucZZGB7T4AC82KZhEoR8q4PrqwurnD49PmAiKzc0KxVbp/MxRFS GQj60m8ExkIBRQMFd4dYsFOL+LW7FEqCjmKXlQ== nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext140000664000000000000000000000053513252671167020777 0ustar mIbD5nZKi5qE6EFI69jDsaqAUDgaePZocUwW2c/Spu3FaXnFNdne47RLhcGL6JKJkjcXEUciFtld 2pjS7oNHybFN/9/4SqSNJawG99fmU5islnsc6Qkl9n3OBJt/gS2wdCmXp01E/oHb4Oej/q8uXECv iI1VDdu+O8IGV6KVQ/j8KRO5vRphsqsiVuxAm719wNF3F+olxD9C7Sffhzi/SvxnZv96/whZVV7i g5IPTIpjxKc0DLr93DOezbSwUVAC+WyTK1t5Fnr2mcCtP8z98PROhacCYr8uGP40uFBYmXXoZ/+W nUjqvyEicVRs3AWmnstSblKHDINvMHvXmHgO3g== nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext150000664000000000000000000000053513252671167021000 0ustar Yxjp+1wNBeUwfhaDQ26QMpOsRkI1iqoiPXFjATq6h+Lf2o5gxoYOKaHpJoYWPqC5F18ynKOxMaHt 06d3Wai5e61qT49DlvKM9vOcpYES5IFg1uID2qWFbzrKX/7Vd69JlAjj39Iz4+YE2+NKnEyQgt5l UnysYzHSncgOBQig+nEi5/Mp9sylz6NNTR2kF4BUV+AIvsVJ5Hj/nhKnY8R30Vu7ePW2m9V4MPws TtaG15vHKpXYX4gTTGsK/laozPvIVYKLszm9F5Cc8dcN4zNa4HA5CT5gbWVTZd5lULhyzW3h1EDu AxthlF9imtijU7DUCTnpajxFDSqNXu6fZ4CTyA== nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext160000664000000000000000000000053513252671167021001 0ustar dSkIcsz9SkUFZg1lH1babaoJyhMB2JBjL2qZLz1WXO5GSv3tQO07W+k1ZxTqWqdlX0oTZsLxfHKP byxaXR+OKEKbxOb48s/42o3A4KmAjkX9CeovpAyyts5v//XA4VnRG2jZCoX3uE4QOwnmgmZkgMZX UFwJKSWUaKMUeG106rExVzzyNL9X232eZsxnSBkuAC3A3uqTBYXwgx/c2bwz1R957S/8Frz01ZgS /OvKo/kGmw5EVobWRMJcz2O0Vu5fpv/pbxnN91H+2erzWVd1Tb9L/qUhaqGETcUHyy0IDnIuuhUD CMK1/xGTYg8XZuz0SBuvuUO9KSh38hNspJSroA== nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext170000664000000000000000000000053513252671167021002 0ustar LSB6c0Mqj7TAMFGz9zsophdkCY36NMR6IJlfgRWqaBZnm1V+gtvuWEkIxuaXgtfes029Za8GPVf8 p2pf0GlJL9YGjZmE0gk1BWWmLlx38jA4wSyxDGY0cJtUfEb2tKcJvYXKEi10Rl75d2LCl2Pgbbx6 nnOMeL/KAQLcXnnWW5c/KCQMqrLhYaeLV9JiRX7YGV1T48eunaAhiDxtt8JK/dIyLqyXKtPDVMX8 7x4UbDoCkPtnrfAHBm4AQo0s7BjOWPkyhpje/vSy617HaRj94cGYy7OLevxnYmqa7+xDIr/ZDSVj SByaIh94yCcsgtG2KrkU4cafavbvMMpSYNtKRg== nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext20000664000000000000000000000025713252671167020715 0ustar Qjc27QNfYCavJ2w1wLN0GzZeX3bKCRtOjCni8L7+5gNZWqgyLWAtLmJeleuBsvHJck6CLsp224YY zwnFNDUDpDYINbWQO8Y344efsF4O8yaF1a7FBnzXzJb+SyZwturDBmsfz1aGtoWJqvt9YpsC2Phi XKODNiTUgA+wgbHPlOs= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext30000664000000000000000000000025713252671167020716 0ustar RerUylUeZiyYAPGsqCg7BSXmq64wvktKunYvpA/T044iq+/Gl5T267vAXduxEhYkfS9BL9D7qHxu Os2IiBNkb9DkjnhSBPnD9z1tgjlWJyLd3Ydx/sSLg6Me5vWSxM/UvIgXTzsToRKq47n3uA4Pxvcl W6iA3H2AIeIq1qhfB1U= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext40000664000000000000000000000025713252671167020717 0ustar NvbjTZSo002qy6M6ITnQCthak0WoYFHnMHFiAFa5IOIZAFhVohOg8jiXzc1zG0UlfHd/6QggK+/d C1g4axJE6gz1OaBdXRAynaROEwMP12Dc1kTP7yCU0ZENP0M+HHxt0YvB8t9/ZD1mL7ndN+rZBZGQ 9PpmyjnoacTrRJy9xDk= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext50000664000000000000000000000025713252671167020720 0ustar Qs7iYXsezqTbP0gpOG+9Ydr78DjhgNg3yWNm3yTAl7SrD6xr31kNghyfEGQuaBrQW414s3jA9Gzi +tY/dOCtPfBrB11+tfVjb41AO5BZynYbXGK7UqpFAC6nC6rOCN7SQ7nYy9YqaK3iZYMrVlZOQ6b6 Qu0ZmgmXaXQt8VOeglU= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext60000664000000000000000000000040413252671167020713 0ustar JnvNEYrKsfyLqByF1zADy4YQ+lXB2X2o1Ip8fwaJak23UaooQlW502rWXzdlPYKfGzf5e4ABlCVF svwsVac3bKehvksXYMjgWjPlqiUmuNmOMXCI54NMdVsqWbEmMaGCwF1dQ6sXeSZPhFb1Fc5X399R LVST2re3M43Et9eNucCRrDuvU3pp/H9UnZefDv+alP2kFpvU0dGaacmeM8O1VJDVAbObHtrhGP9n k6FTJhWE06Xzn25oLj0XyM0SYfpy nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext70000664000000000000000000000040413252671167020714 0ustar k6yfBnHsKay7RE7/waV0E1HWD9sOOT+/dUrPDeSXYaFIQd93cum8gnc5ZqFYTE1yuuoAEY+D81zK blN8vU2BH1WDspeD2KbZTNMb5w1vUmwQ/wnG+nzgaXlaP80FEf1fy1ZLzIDqnHjzi4ABJTnYpN32 /oHpzdt/UNu7vMfl2GCXzPTsSRifuL8xi+bVoHFdUWtJrxkSWM0y3IM85utGc8A6Gbus6IzFSJX2 NswMHsiQltEc4jWiZcoXZCMqaJro nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext80000664000000000000000000000040413252671167020715 0ustar gevdlQVLDIIu+a12k/Woet+0tMTOcN8t+E7UnATaWLpfwgoZ4abot6OQCyJ5bcToae5rQnktFajs 61bAnGmRToE86o9pMeS47W9CGvKY1ZXJf0eJx8qmEsfvNgmEwhuT7cVAEGi1r0x4qHcbmE1TuOqK 3y9qfUoLp2x14d2fZY8g3tSkYHHUbXeRtWgD2P6n8LD45Brj8JODpvlYX+d1Pqr/0r+UVjEIvuzC B7u1NfX8xwXw3en3CMYvSanJA3HT nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/ciphertext90000664000000000000000000000040413252671167020716 0ustar vMNflM3mbLETZiXWJblEMqNbIvPS+hGmE/8PylvVf4e5AszcHNCuvLBxXuhp0dH+OV9nkwA/XspG UFnIhmDURv9fCBhVICJVfjjAimfq2ZEmIlTxBoKXXsVjl3aFN/SXevbV9qrOt/sl3sWTcjAjH9iX ivSRGaKfKeQkq4JytHVieS1clPd0uIKdCw2fGoye3fN1dNX6JI7vqcUnH8XsJXnIG91htBD6Yf42 5CQiHBE63bJ1ZkyAHTTKjGNR5KhY nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash00000664000000000000000000000000513252671167017446 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash10000664000000000000000000000000513252671167017447 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash100000664000000000000000000000000513252671167017527 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash110000664000000000000000000000000513252671167017530 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash120000664000000000000000000000000513252671167017531 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash130000664000000000000000000000000513252671167017532 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash140000664000000000000000000000000513252671167017533 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash150000664000000000000000000000000513252671167017534 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash160000664000000000000000000000000513252671167017535 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash170000664000000000000000000000000513252671167017536 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash20000664000000000000000000000000513252671167017450 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash30000664000000000000000000000000513252671167017451 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash40000664000000000000000000000000513252671167017452 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash50000664000000000000000000000000513252671167017453 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash60000664000000000000000000000000513252671167017454 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash70000664000000000000000000000000513252671167017455 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash80000664000000000000000000000000513252671167017456 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/hash90000664000000000000000000000000513252671167017457 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key00000664000000000000000000000147013252671167017322 0ustar AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key10000664000000000000000000000147013252671167017323 0ustar AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key100000664000000000000000000000227013252671167017402 0ustar AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key110000664000000000000000000000227013252671167017403 0ustar AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key120000664000000000000000000000307013252671167017403 0ustar AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key130000664000000000000000000000307013252671167017404 0ustar AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key140000664000000000000000000000307013252671167017405 0ustar AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key150000664000000000000000000000307013252671167017406 0ustar AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key160000664000000000000000000000307013252671167017407 0ustar AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key170000664000000000000000000000307013252671167017410 0ustar AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key20000664000000000000000000000147013252671167017324 0ustar AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key30000664000000000000000000000147013252671167017325 0ustar AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key40000664000000000000000000000147013252671167017326 0ustar AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key50000664000000000000000000000147013252671167017327 0ustar AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key60000664000000000000000000000227013252671167017327 0ustar AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key70000664000000000000000000000227013252671167017330 0ustar AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key80000664000000000000000000000227013252671167017331 0ustar AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/key90000664000000000000000000000227013252671167017332 0ustar AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash00000664000000000000000000000000513252671167020322 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash10000664000000000000000000000000513252671167020323 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash100000664000000000000000000000000513252671167020403 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash110000664000000000000000000000000513252671167020404 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash120000664000000000000000000000000513252671167020405 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash130000664000000000000000000000000513252671167020406 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash140000664000000000000000000000000513252671167020407 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash150000664000000000000000000000000513252671167020410 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash160000664000000000000000000000000513252671167020411 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash170000664000000000000000000000000513252671167020412 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash20000664000000000000000000000000513252671167020324 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash30000664000000000000000000000000513252671167020325 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash40000664000000000000000000000000513252671167020326 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash50000664000000000000000000000000513252671167020327 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash60000664000000000000000000000000513252671167020330 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash70000664000000000000000000000000513252671167020331 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash80000664000000000000000000000000513252671167020332 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/maskhash90000664000000000000000000000000513252671167020333 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/numtests0000664000000000000000000000000313252671167020323 0ustar 18 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext00000664000000000000000000000003413252671167020535 0ustar f(N=;LڞS# yJ4nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext10000664000000000000000000000003413252671167020536 0ustar u @GGe#)ɺEonss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext100000664000000000000000000000006513252671167020622 0ustar S)1~tێL̢_<tnz:c79絕nUO{37nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext110000664000000000000000000000001313252671167020614 0ustar  dnss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext120000664000000000000000000000003413252671167020620 0ustar k*lunhpSkNnss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext130000664000000000000000000000002013252671167020614 0ustar ;XEu7>Wnss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext140000664000000000000000000000003213252671167020620 0ustar Q ,o4SN%c>EKA$nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext150000664000000000000000000000004413252671167020624 0ustar  ߚ,_gkދSJ&I@Enss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext160000664000000000000000000000002713252671167020626 0ustar l}KF_óߔ~r2nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext170000664000000000000000000000005513252671167020630 0ustar : F S}"ocN |9i"׸,nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext20000664000000000000000000000006713252671167020545 0ustar J.dEB3mSKtm$EYB>-OFinQnss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext30000664000000000000000000000003213252671167020536 0ustar RPَ*O!S~1o4jznss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext40000664000000000000000000000002413252671167020540 0ustar tF+Ilnss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext50000664000000000000000000000000713252671167020542 0ustar &RPBqnss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext60000664000000000000000000000007513252671167020550 0ustar 5UY,;RЕYTF lYbTͼ!.ɶ/9nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext70000664000000000000000000000004713252671167020550 0ustar `P:-ᗉ@Lttm>Ԃ́ FYnss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext80000664000000000000000000000002113252671167020541 0ustar 2d)ߛ KO$nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/plaintext90000664000000000000000000000007613252671167020554 0ustar E_ r:.VbHM )֬;>f(L֞J ғZygrnss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed00000664000000000000000000000003513252671167017446 0ustar GLd26iEGnWl3ajPpa61I4d2gpe8= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed10000664000000000000000000000003513252671167017447 0ustar DMdCzkqbfzL5UbyyUe/ZJf5P418= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed100000664000000000000000000000003513252671167017527 0ustar /LxCFALp7KvGCCr6QLpfJlIshA4= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed110000664000000000000000000000003513252671167017530 0ustar I6reDh4Iu5uaeNIwKlL5whsuG6I= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed120000664000000000000000000000003513252671167017531 0ustar R+GrcRn+5WyV7l6q2G9A0KpjvTM= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed130000664000000000000000000000003513252671167017532 0ustar bRf1tMH/rDUdGVv3sJ0J8JpAec8= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed140000664000000000000000000000003513252671167017533 0ustar OFOHUU3szHx0DdjN+druSaHL/VQ= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed150000664000000000000000000000003513252671167017534 0ustar XKymoPdkFhqWhPhdkrbg7zfKi2U= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed160000664000000000000000000000003513252671167017535 0ustar lbyp44WYlLPdhp+n7NW7xkAb8+Q= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed170000664000000000000000000000003513252671167017536 0ustar n0fd9C6X7qhWqb28cU6zrCL26zI= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed20000664000000000000000000000003513252671167017450 0ustar JRTfRpV1WmeyiOr0kFw27sZv0v0= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed30000664000000000000000000000003513252671167017451 0ustar xENaPhoYpotoIENikKN877hds/s= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed40000664000000000000000000000003513252671167017452 0ustar sxjELfO+D4P+qCP1p7R+1eQlo7U= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed50000664000000000000000000000003513252671167017453 0ustar 5OwJgsIzbzpnf2o1YXTrDOiHq8I= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed60000664000000000000000000000003513252671167017454 0ustar jsll8TSj7Jkx6SocoNyBadXqcFw= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed70000664000000000000000000000003513252671167017455 0ustar 7LG4sl+lDNqwjlYEKGf0r1gm0Ww= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed80000664000000000000000000000003513252671167017456 0ustar 6JuwMsbOYiy9tTvJRmAU6nf3d8A= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_oaep/seed90000664000000000000000000000003513252671167017457 0ustar YG87mcC5zNdx6qKeoOTIhPMYnMw= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/0000775000000000000000000000000013252671167016406 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext00000664000000000000000000000025713252671167020574 0ustar kHQwj7WY6XAbIpQ4jlL5cfqsK2ClFFrxhd9Sh7XtKIflfOf9RNyGNOQHyODkNgvCJvPsIn+dnlRj jo0x9QUSFd9uu5wvlXmqd1mKOPkUtbnBvYPE4vnzgqDQqjVC/+5lmEpgG8aeso3rJ9yhLILC1MP2 bNUA8f8rmU2KTjDLszw= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext10000664000000000000000000000025713252671167020575 0ustar Pvf0boMb+SsyJ0FCpYX/zvvcp7Mq6Q0Q+w8McpmE8E7ymp3weAd1zkNzm5eDg5DbClUF5j3pJwKN nSmyGcosRReDJVilXWlKbSW52rZgA8TMzZB4Ahk75RcNJhR9N7k1kCQb5RwlBV9H72J1LPviFBj6 /pjCLE1NR3JP21Zp6EM= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext100000664000000000000000000000040413252671167020647 0ustar ghAt+MuR5xeZGaBNJtM11k+8L4csRIM5QyQd6EVIECdM3z219C1CPbFSr3E19wFCDjm0lKZ8v9Gf kRnaIzoj2lxkObW6DSvDc+7jUHABN41KQHOFa3/iq6C17pOyf0r+x9TRIJIcg/YGdlsCwZ5Naho7 lfpMQilRvk9SExB37xcXlynN3721aVDbrO7+eMsWZAoJnqVtJDie7xD4/ssxuj6jsifAqGaYu4nj 6TY5Bb8id3sqOqUhtltM73bYO95M nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext110000664000000000000000000000040413252671167020650 0ustar p/2w0lkWXKLIjQC78QKKhn0zdpnQYRk7F6lkjhTMu6rerKrN7IFedXEpTruKEXryBfoHi0ewcSwZ njrQUTXFBMJLgXBRFXQIAkh5kv/VEdSvxrhUSR6z8N1SMTlUL/FcMQHuhVQ1F8ajx5QXxn4t2ap0 HpopsG3LWTwjNrNnCuOvusfD524hVHPoZuM4yiRN4AtiYk1rlCaCLOrp+MxGCJX0ElAHP9RcWh57 QlwgSkI6aZFZ9pA+cQs3p7sryASf nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext120000664000000000000000000000053513252671167020656 0ustar gsKxYAk7iqPA91IrGfhzVAZsd4R6vyqfzlQtDoTpIMWvtJ/9/azhZWDulKE2lgEUjrrXoOFRzxYz F5Glcn0F8h505+uBFEAgaTXXRHZaFeefAVy2bFMsh6agWWHIv610GppmVwIolDk+ciNzl5bAKndF XQ9VWw7AHd8lm2IH/Q/VdhTO8aVXO6r/TsAAaZUWWbhfJDAKJRYMqFItxuZyflfQGdfmNim4/l6J 4lzBW+s6ZHV3VZKZKAubKPebBAkAC+JbvZZAi6O0PMSGGE3RyOYlU/oa9AQPYGY95/XknAQ4jiV/ HOicldq0ijFdm2axt2KCM4dv8jhSMNBw0H4WZg== nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext130000664000000000000000000000053513252671167020657 0ustar FK412d0GupL387iXl4rtfNS/X/C1haQL1GzhtCzScDBTu5BE1k6BPY+W2y3XAH0QEY9vj4SWCXrX Xh/2kjQbKJKtVaYzocVefwoK1ZoOIDpbgniuxU3YYi4oMdhxdPjK/0PubEZEU0XYSlllm/uS7NTI GGaGlfNHBvZoKKiZWWN/K/PjJRwkvbpNS3ZJ2gAiIYsRnITnmmUn7FuKX4YcFZlS4j7AXh5xc0b6 7+ixaGglvSsmL7JTEGbA3gms3i5CMWkHKLXYXhFaL2uSt5wlq8m9k5n/i8+CWlLqH1bqdt0m9Duq +hi/qSpQTL01aZ4m0dzFoohzhfPGMjLwbzJEww== nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext140000664000000000000000000000053513252671167020660 0ustar bj5Ne2sV0vtGATuJAKpbuzk5zywJVxeYcEICbuYsdMVM/9XX1X77v5UKD1xXT6CdP8HJ9ROwW0/1 Ddjfft+iAQKFTDXlkhgBGacM5bCFGCqgLZ6iqpDR3wPy2q6IW6L10Fr9rJdHbwa5O1vJShqAqpEW xNYV8zOwmIkrJf+s4mb121paO8wQqCTtVarTW3J4NPuMB9oo/PQWpdmyIk8fi0QrNvkeRW/eotfP 4zZyaN4DB6THTpJBWe0zOT1eBlVTHHcye4mCG97fiAFhx4zUGWtUGfesw/E+Xr8WG258ZyRxbKM7 hcLiVkAZKsKFllHVC95+uXblHOyCi5i2VjuGuw== nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext150000664000000000000000000000053513252671167020661 0ustar NAR/+WxNwNyQstT/WaGjYaR1SyVdLuCvfYv4fJvJ593u3jOTTGPKHA49JiyxRe+TKh8sCpl6pqNP jq7nR32CzPCQlaa4rK041O7J+36retAtodEdjlTBgl5Vv1jCojI0uQK+Ek+ekDio9o+kXaty9m4J Rb8di6zJBExvBwmMn87FijqrEAyAUXgVXwMKEkxFDlrL2kfQ5PELgKI/gD53TQI7ABXCC5+bvnyR KWM41ey0ccr7AyAHtnpgvl9pUEqfAauzy0Z7Jg4rzoYL6Nlb+SwMjhSW7R5ShZOkq7bfRi3eiglo 3/5GgxFoV6Iy9ev2yFviOHRa0POPdnpf2/SG+w== nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext160000664000000000000000000000053513252671167020662 0ustar fgk16hj01sHRfOgusrODbFWzhFic4Z3+dDNjrJlI0fNGt7/d/pLv14rbIfrvyJreQrEPN0AD/hIu Z0KaHLjL0fjZAUVkxE0SARb0mQ8abjh3TBlL0bghMoawd7BJnS57P0NKsSKJxVZoTe7XgTGTS7Pd ZTcjb3xvPcsJ1Ha+B3IeN+HO7Zsve0Boh71TFXMF4ci0+E1zO8Hhhv4GzFm27bj0vX/+/fT3upz7 nVcGibWhpBCadGppCJPbN5klWgy5IV0tHNSQWQ6VLoyHhqoAESZSUkcMBB37w+7Hw8v3HCSGnRFc DLSpVvVtUwuAq1iaz+/GkHUd3zbo04P4PO3SzA== nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext170000664000000000000000000000053513252671167020663 0ustar bTtbh/Z+plevIfdUQZd9IYD5GyxfaS3oKVVpamhnMNm5d42XB1jMsmBxwiCf+9YSW+LpbqgbZ8ub kwgjn9oX97K2Ts2glra5NWQKWhy0KpFVscnvemM6AsWfDW7lm4UsQ7NQKec8lA/wQQ6PEU7tRrvQ +uFl5CviUopAHDso/YGO8yMtyp9NKg9RZuxZxCOW1sEdvBIVpW+hcWnblXU0PvNPneMqSc3DF0ki 8inCPhjkXfk1MRnsQxnO3OehfGQIjB9vUr4pY0EAs5GdOPPR7ZTmiR5mpzuPuEn1h031lFnimMe7 zi7ueCoZWqZv4tBzKyXllfV9PgYbH8PkBjv5jw== nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext20000664000000000000000000000025713252671167020576 0ustar ZmAm+6cb0+fPExV8wsUajkqmhK+XePkYSfNDNdFBwAFUxBl2IfliSmdbWrwi7n1bqv+q4cm6yizD c7PzPnjmFDw5WpGqf6ymZOtzOv0U2IJyWdmadVD6ylAe8rBOM8I6pR9LnoKC79tyjMCrCUBakWB8 Y2mWG8gnDS1POfzmErE= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext30000664000000000000000000000025713252671167020577 0ustar Rgl5OyPp0JNi3CG7R9oLTzp2ImSaR9RkAZua6v5TNZwXjJHNWLpry3i+A0anvGN/S4c9S6s47mYf GZY0xUehrYRC4D2gFbE25UP3qwfAwT5CJbjejM4l1PbrhAD4H34YM7fubjNNNwlkynn9uHK011Ij te6wgQFZH7Uy0VWm3oc= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext40000664000000000000000000000025713252671167020600 0ustar HSqtIhyk0x3fE1CSOQGTmOPRSzLcNNxa9K6uo8CVr3NHnPCkXlYpY1pToBg3dhWxbLmxOz4J1nHr ceOHuFRcWWDaWmR3bnaOgrLJNYO/EEw/2yNRK3tOifYz3QBjpTDbRSSwHD84TAkxDjFaedzT1oQC Kn8xyGWmZOMWl4t1n60= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext50000664000000000000000000000025713252671167020601 0ustar KjT2El4fawv5cehPvUHGMr6PLCrOfei2km4x/5Ppr5h/vAblHpvhT1GY+R8/lTvWfaYKnfWXZMPc D+COHL7wt1+GjRCtP7p0n+9Z+22sRqDW5QQ2kzFYb1jkYo85qieJglQ7wO61N9xhlYAZs5T7Jz8h WFigoBrE1lC5VcZ/TFg= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext60000664000000000000000000000040413252671167020574 0ustar WGEHImw84BOnyPBNGmopWbtLjiBbpDontQ8SQRG8Ne9YmwOfWTIYfLaW19mjLAw4MApc3aSDS2LS 6yQK8z950T378JW/WZ4NloaUjBlkdHtn6JyaulzYUBYjb1ZsxYAssT6tUbx8pr7zuU3L27HVcEaX cd8OALGooGd3Ry0jFiee2uhkdGaNTh7/+V8d5hxgINoyrpK78WUg/vPPTYj2ESHyS72f6RtZyvEj WyqT/4H8QDrd9OveqEk0qc2vjhqe nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext70000664000000000000000000000040413252671167020575 0ustar gLbWQyVSCfCkVnY4l6ye0lnUWbScKIfliC7LRDTP1m3X4WmTdTgeUc1/VU8sJxcEs5nUK0viVAoO ymGVH1Umf3woeMEihC2tsosBvV+MAl9+IoQYpnPAPWvAxzbQopVGvWf3htnWkszqd41x2YwgY7en EJIYek01rxCBEdg+g+rkbEaqNCd+BgRFiZA3iPHV587iX7SF6SlJEYgU1vLD7jYUiQFvMn+1vFF+ tQRwv/oa+l9M6aoM5bjuGb9VAblY nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext80000664000000000000000000000040413252671167020576 0ustar SEQI84mM1fU0g/gIGe+/JwjDTSeosqb66LMi+SQCN/mBgXrKGEbxCE2qbXwHlfblvxr1nDjhhYQ3 zh9+xBm5jIc2rfbdmgCxgG0r060Kc3deBfUt/vOlmrSwgUPw3wXNGtnQS+zsptqkohKYA+IAy8d3 h8r0wdBmOmxZh7YFlSAZeCyvLsFCbWj7lO0dS+gWp+0IG3fmqzMLP/wHOCD+zeNyf8vile5hoFCj Q2WGN8P9ZZz7Y3Nt4y2fkNPC9j7K nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/ciphertext90000664000000000000000000000040413252671167020577 0ustar hOvrSBvlmEW0ZGi6+0ccARLgKyNdhLXZEcvRkm7lB0rgQkSVyyDoIwi467ZfQZoD+0DnK3iYHYiq 0UMFNoUXLJeynIt78K5ztbImPEA9oO0vgP90UK94KOuLhvACi9KosXak0ijMzqGDlPI4sJ/3WMwA vAQwEVI1V0LygrVOZjqRnnCdjaJK3lUAp7mqUCJuDKUpI+bC2GDsUP9ID6V0d+grBWX0N595x3LV wtqAr5+/Ml7Ob8ILAJYWFL7omhg+ nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash00000664000000000000000000000000513252671167017327 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash10000664000000000000000000000000513252671167017330 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash100000664000000000000000000000000513252671167017410 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash110000664000000000000000000000000513252671167017411 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash120000664000000000000000000000000513252671167017412 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash130000664000000000000000000000000513252671167017413 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash140000664000000000000000000000000513252671167017414 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash150000664000000000000000000000000513252671167017415 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash160000664000000000000000000000000513252671167017416 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash170000664000000000000000000000000513252671167017417 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash20000664000000000000000000000000513252671167017331 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash30000664000000000000000000000000513252671167017332 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash40000664000000000000000000000000513252671167017333 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash50000664000000000000000000000000513252671167017334 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash60000664000000000000000000000000513252671167017335 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash70000664000000000000000000000000513252671167017336 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash80000664000000000000000000000000513252671167017337 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/hash90000664000000000000000000000000513252671167017340 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key00000664000000000000000000000147013252671167017203 0ustar AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key10000664000000000000000000000147013252671167017204 0ustar AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key100000664000000000000000000000227013252671167017263 0ustar AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key110000664000000000000000000000227013252671167017264 0ustar AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key120000664000000000000000000000307013252671167017264 0ustar AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key130000664000000000000000000000307013252671167017265 0ustar AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key140000664000000000000000000000307013252671167017266 0ustar AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key150000664000000000000000000000307013252671167017267 0ustar AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key160000664000000000000000000000307013252671167017270 0ustar AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key170000664000000000000000000000307013252671167017271 0ustar AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key20000664000000000000000000000147013252671167017205 0ustar AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key30000664000000000000000000000147013252671167017206 0ustar AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key40000664000000000000000000000147013252671167017207 0ustar AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key50000664000000000000000000000147013252671167017210 0ustar AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key60000664000000000000000000000227013252671167017210 0ustar AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key70000664000000000000000000000227013252671167017211 0ustar AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key80000664000000000000000000000227013252671167017212 0ustar AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/key90000664000000000000000000000227013252671167017213 0ustar AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash00000664000000000000000000000000513252671167020203 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash10000664000000000000000000000000513252671167020204 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash100000664000000000000000000000000513252671167020264 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash110000664000000000000000000000000513252671167020265 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash120000664000000000000000000000000513252671167020266 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash130000664000000000000000000000000513252671167020267 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash140000664000000000000000000000000513252671167020270 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash150000664000000000000000000000000513252671167020271 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash160000664000000000000000000000000513252671167020272 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash170000664000000000000000000000000513252671167020273 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash20000664000000000000000000000000513252671167020205 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash30000664000000000000000000000000513252671167020206 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash40000664000000000000000000000000513252671167020207 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash50000664000000000000000000000000513252671167020210 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash60000664000000000000000000000000513252671167020211 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash70000664000000000000000000000000513252671167020212 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash80000664000000000000000000000000513252671167020213 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/maskhash90000664000000000000000000000000513252671167020214 0ustar sha1 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/numtests0000664000000000000000000000000313252671167020204 0ustar 18 nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext00000664000000000000000000000003513252671167020417 0ustar zYtlOMuOjeVmtovQZ1advx7icY4= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext10000664000000000000000000000003513252671167020420 0ustar 41vvwXodFguc41+9jrFufuSR0/0= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext100000664000000000000000000000003513252671167020500 0ustar altL5M02zJff3pmV77+PCXpKmRo= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext110000664000000000000000000000003513252671167020501 0ustar ud/R33akYcUeZXbGyO0Kkj0cUOc= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext120000664000000000000000000000003513252671167020502 0ustar lZa7Ywz2qNTqRgBCK566ixNnXdQ= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext130000664000000000000000000000003513252671167020503 0ustar tQMxk5knf9bByPEDPL8EGZ6iFxY= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext140000664000000000000000000000003513252671167020504 0ustar UKrt6FNrLDByCLJ1pnri3xlsdig= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext150000664000000000000000000000003513252671167020505 0ustar qgtyuLNx3dEMiuR0QlzMz4hCopQ= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext160000664000000000000000000000003513252671167020506 0ustar +tOQLJdQYiorxnJiLEgnDMV9Pqg= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext170000664000000000000000000000003513252671167020507 0ustar EiGW3rXRIr2Mb8eB/2kk18aVqt4= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext20000664000000000000000000000003513252671167020421 0ustar BlLsZ7zuMPnSaZEiuRwZq9uon5E= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext30000664000000000000000000000003513252671167020422 0ustar OcIcTM7anBrfg5x0ThISpkN1dew= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext40000664000000000000000000000003513252671167020423 0ustar NtrpE7d70XyubnsJRT0kVEzrszw= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext50000664000000000000000000000003513252671167020424 0ustar Re7xkfT3nDH+XS7eflCYmU6SnS0= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext60000664000000000000000000000003513252671167020425 0ustar JxWkm4sAEs167oTBFkRubf4/rsA= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext70000664000000000000000000000003513252671167020426 0ustar LayVbVOWR0isNk0GWVgnxrTxQ80= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext80000664000000000000000000000003513252671167020427 0ustar KNmMRszK+9O8BOcvlnpUvT6hIpg= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/plaintext90000664000000000000000000000003513252671167020430 0ustar CGbS/1p58l72aM1vMbQt7kIeTA4= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed00000664000000000000000000000003513252671167017327 0ustar 3ulZx+BkETYUIP+AGF7Vfz5ndq8= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed10000664000000000000000000000003513252671167017330 0ustar 7yhp+kDDRssYPas9e//Jj9Vt9C0= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed100000664000000000000000000000003513252671167017410 0ustar 1okleobv+mghLF4MYZ7KKV+5G2c= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed110000664000000000000000000000003513252671167017411 0ustar wl8Tv2fQgWcaBIGh8YINYTu6InY= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed120000664000000000000000000000003513252671167017412 0ustar BOIV7m/5NLnacNdzDIc0q/zs3ok= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed130000664000000000000000000000003513252671167017413 0ustar iyvdS0D69UXHeN35vBpJy1f5txs= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed140000664000000000000000000000003513252671167017414 0ustar Tpb8GzmPkrRGcQEMDcPv1uIMLXM= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed150000664000000000000000000000003513252671167017415 0ustar x81pjYS2USjYg146ix6w4By1Qew= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed160000664000000000000000000000003513252671167017416 0ustar 76i/+WISsvSj83GhDVdBUmVfXfs= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed170000664000000000000000000000003513252671167017417 0ustar rYsVI3A2RiJLZgtVCIWRfKLR3yg= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed20000664000000000000000000000003513252671167017331 0ustar cQucR0fYANTeh/Eq/c5t8YEHzHc= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed30000664000000000000000000000003513252671167017332 0ustar BW8AmF3hTY71zqnoL4wnvvcgM14= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed40000664000000000000000000000003513252671167017333 0ustar gOcP+GoI3j7GCXKzm0+/3Opnro4= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed50000664000000000000000000000003513252671167017334 0ustar qKtp3YAfAHTCofxgZJg2xhbZloE= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed60000664000000000000000000000003513252671167017335 0ustar wKQlMT3411ZL0kNNMRUj1SV+7YA= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed70000664000000000000000000000003513252671167017336 0ustar swfEO0hQqNrC8V8y43g574xcDpE= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed80000664000000000000000000000003513252671167017337 0ustar misAfoCXi7sZLDVOt9qa7fx02/U= nss-pem.git/nss/nss/cmd/bltest/tests/rsa_pss/seed90000664000000000000000000000003513252671167017340 0ustar cPOCvd9NXS3YizvHtzCL5jK4QEU= nss-pem.git/nss/nss/cmd/bltest/tests/seed_cbc/0000775000000000000000000000000013252671167016463 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/seed_cbc/ciphertext00000664000000000000000000000003113252671167020637 0ustar JVdzim3if1YIcpGABasoCQ== nss-pem.git/nss/nss/cmd/bltest/tests/seed_cbc/iv00000664000000000000000000000002113252671167017075 0ustar 1234567890123456 nss-pem.git/nss/nss/cmd/bltest/tests/seed_cbc/key00000664000000000000000000000002113252671167017247 0ustar fedcba9876543210 nss-pem.git/nss/nss/cmd/bltest/tests/seed_cbc/numtests0000664000000000000000000000000213252671167020260 0ustar 1 nss-pem.git/nss/nss/cmd/bltest/tests/seed_cbc/plaintext00000664000000000000000000000002113252671167020467 0ustar 0123456789abcdef nss-pem.git/nss/nss/cmd/bltest/tests/seed_ecb/0000775000000000000000000000000013252671167016465 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/seed_ecb/ciphertext00000664000000000000000000000003113252671167020641 0ustar GX8KY3uUhAQnL6XbQhXjEw== nss-pem.git/nss/nss/cmd/bltest/tests/seed_ecb/iv00000664000000000000000000000002113252671167017077 0ustar 1234567890123456 nss-pem.git/nss/nss/cmd/bltest/tests/seed_ecb/key00000664000000000000000000000002113252671167017251 0ustar fedcba9876543210 nss-pem.git/nss/nss/cmd/bltest/tests/seed_ecb/numtests0000664000000000000000000000000213252671167020262 0ustar 1 nss-pem.git/nss/nss/cmd/bltest/tests/seed_ecb/plaintext00000664000000000000000000000002113252671167020471 0ustar 0123456789abcdef nss-pem.git/nss/nss/cmd/bltest/tests/sha1/0000775000000000000000000000000013252671167015570 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/sha1/ciphertext00000664000000000000000000000003513252671167017750 0ustar cDSMAygXMPIJZC5bntZ4ZhecQ9g= nss-pem.git/nss/nss/cmd/bltest/tests/sha1/numtests0000664000000000000000000000000213252671167017365 0ustar 1 nss-pem.git/nss/nss/cmd/bltest/tests/sha1/plaintext00000664000000000000000000000004113252671167017576 0ustar A cage went in search of a bird. nss-pem.git/nss/nss/cmd/bltest/tests/sha224/0000775000000000000000000000000013252671167015737 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/sha224/ciphertext00000664000000000000000000000005213252671167020116 0ustar Iwl9IjQF2CKGQqR3vaJVsyqtvOS9oLP342ydpw== nss-pem.git/nss/nss/cmd/bltest/tests/sha224/ciphertext10000664000000000000000000000005213252671167020117 0ustar dTiLFlEndsxdul2h/YkBULDGRVy09YsZUlIlJQ== nss-pem.git/nss/nss/cmd/bltest/tests/sha224/numtests0000664000000000000000000000000213252671167017534 0ustar 2 nss-pem.git/nss/nss/cmd/bltest/tests/sha224/plaintext00000664000000000000000000000000413252671167017744 0ustar abc nss-pem.git/nss/nss/cmd/bltest/tests/sha224/plaintext10000664000000000000000000000007113252671167017751 0ustar abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq nss-pem.git/nss/nss/cmd/bltest/tests/sha256/0000775000000000000000000000000013252671167015744 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/sha256/ciphertext00000664000000000000000000000005513252671167020126 0ustar ungWv48Bz+pBQUDeXa4iI7ADYaOWF3qctBD/YfIAFa0= nss-pem.git/nss/nss/cmd/bltest/tests/sha256/ciphertext10000664000000000000000000000005513252671167020127 0ustar JI1qYdIGOLjlwCaTDD5gOaM85Flk/yFn9uzt1BnbBsE= nss-pem.git/nss/nss/cmd/bltest/tests/sha256/numtests0000664000000000000000000000000213252671167017541 0ustar 2 nss-pem.git/nss/nss/cmd/bltest/tests/sha256/plaintext00000664000000000000000000000000413252671167017751 0ustar abc nss-pem.git/nss/nss/cmd/bltest/tests/sha256/plaintext10000664000000000000000000000007113252671167017756 0ustar abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq nss-pem.git/nss/nss/cmd/bltest/tests/sha384/0000775000000000000000000000000013252671167015746 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/sha384/ciphertext00000664000000000000000000000010113252671167020120 0ustar ywB1P0WjXou1oD1pmsZQBycsMqsO3tFjGotgWkP/W+2AhgcroefMI1i67KE0yCWn nss-pem.git/nss/nss/cmd/bltest/tests/sha384/ciphertext10000664000000000000000000000010113252671167020121 0ustar CTMMM/cRR+g9GS/Hgs0bR1MRGxc7OwXSL6CAhuOw9xL8x8caVX4tuWbD6fqRdGA5 nss-pem.git/nss/nss/cmd/bltest/tests/sha384/numtests0000664000000000000000000000000213252671167017543 0ustar 2 nss-pem.git/nss/nss/cmd/bltest/tests/sha384/plaintext00000664000000000000000000000000413252671167017753 0ustar abc nss-pem.git/nss/nss/cmd/bltest/tests/sha384/plaintext10000664000000000000000000000016113252671167017760 0ustar abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu nss-pem.git/nss/nss/cmd/bltest/tests/sha512/0000775000000000000000000000000013252671167015737 5ustar nss-pem.git/nss/nss/cmd/bltest/tests/sha512/ciphertext00000664000000000000000000000013213252671167020115 0ustar 3a81oZNherrMQXNJriBBMRLm+k6JqX6iCp7u5ktV05ohkpkqJ0/BqDa6PCOj/uu9 RU1EI2Q86A4qmslPpUyknw== nss-pem.git/nss/nss/cmd/bltest/tests/sha512/ciphertext10000664000000000000000000000013213252671167020116 0ustar jpWbddrjE9qM9PcoFPwUP493ecbrn3+hcpmurbaIkBhQHSieSQD35DMbmd7EtUM6 x9Mp7rbdJlReluVbh0vpCQ== nss-pem.git/nss/nss/cmd/bltest/tests/sha512/numtests0000664000000000000000000000000213252671167017534 0ustar 2 nss-pem.git/nss/nss/cmd/bltest/tests/sha512/plaintext00000664000000000000000000000000413252671167017744 0ustar abc nss-pem.git/nss/nss/cmd/bltest/tests/sha512/plaintext10000664000000000000000000000016113252671167017751 0ustar abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu nss-pem.git/nss/nss/cmd/btoa/0000775000000000000000000000000013252703344013213 5ustar nss-pem.git/nss/nss/cmd/btoa/Makefile0000664000000000000000000000353713252671167014672 0ustar #! gmake # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. ####################################################################### # (1) Include initial platform-independent assignments (MANDATORY). # ####################################################################### include manifest.mn ####################################################################### # (2) Include "global" configuration information. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/config.mk ####################################################################### # (3) Include "component" configuration information. (OPTIONAL) # ####################################################################### ####################################################################### # (4) Include "local" platform-dependent assignments (OPTIONAL). # ####################################################################### include ../platlibs.mk ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/rules.mk ####################################################################### # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # ####################################################################### include ../platrules.mk nss-pem.git/nss/nss/cmd/btoa/btoa.c0000664000000000000000000001263713252671167014324 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "plgetopt.h" #include "secutil.h" #include "nssb64.h" #include #if defined(XP_WIN) || (defined(__sun) && !defined(SVR4)) #if !defined(WIN32) extern int fread(char *, size_t, size_t, FILE *); extern int fwrite(char *, size_t, size_t, FILE *); extern int fprintf(FILE *, char *, ...); #endif #endif #if defined(WIN32) #include "fcntl.h" #include "io.h" #endif static PRInt32 output_ascii(void *arg, const char *obuf, PRInt32 size) { FILE *outFile = arg; int nb; nb = fwrite(obuf, 1, size, outFile); if (nb != size) { PORT_SetError(SEC_ERROR_IO); return -1; } return nb; } static SECStatus encode_file(FILE *outFile, FILE *inFile) { NSSBase64Encoder *cx; int nb; SECStatus status = SECFailure; unsigned char ibuf[4096]; cx = NSSBase64Encoder_Create(output_ascii, outFile); if (!cx) { return -1; } for (;;) { if (feof(inFile)) break; nb = fread(ibuf, 1, sizeof(ibuf), inFile); if (nb != sizeof(ibuf)) { if (nb == 0) { if (ferror(inFile)) { PORT_SetError(SEC_ERROR_IO); goto loser; } /* eof */ break; } } status = NSSBase64Encoder_Update(cx, ibuf, nb); if (status != SECSuccess) goto loser; } status = NSSBase64Encoder_Destroy(cx, PR_FALSE); if (status != SECSuccess) return status; /* * Add a trailing CRLF. Note this must be done *after* the call * to Destroy above (because only then are we sure all data has * been written out). */ fwrite("\r\n", 1, 2, outFile); return SECSuccess; loser: (void)NSSBase64Encoder_Destroy(cx, PR_TRUE); return status; } static void Usage(char *progName) { fprintf(stderr, "Usage: %s [-i input] [-o output]\n", progName); fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", "-i input"); fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", "-o output"); fprintf(stderr, "%-20s Wrap output in BEGIN/END lines and the given suffix\n", "-w suffix"); fprintf(stderr, "%-20s (use \"c\" as a shortcut for suffix CERTIFICATE)\n", ""); exit(-1); } int main(int argc, char **argv) { char *progName; SECStatus rv; FILE *inFile, *outFile; PLOptState *optstate; PLOptStatus status; char *suffix = NULL; inFile = 0; outFile = 0; progName = strrchr(argv[0], '/'); if (!progName) progName = strrchr(argv[0], '\\'); progName = progName ? progName + 1 : argv[0]; /* Parse command line arguments */ optstate = PL_CreateOptState(argc, argv, "i:o:w:"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { default: Usage(progName); break; case 'i': inFile = fopen(optstate->value, "rb"); if (!inFile) { fprintf(stderr, "%s: unable to open \"%s\" for reading\n", progName, optstate->value); return -1; } break; case 'o': outFile = fopen(optstate->value, "wb"); if (!outFile) { fprintf(stderr, "%s: unable to open \"%s\" for writing\n", progName, optstate->value); return -1; } break; case 'w': if (!strcmp(optstate->value, "c")) suffix = strdup("CERTIFICATE"); else suffix = strdup(optstate->value); break; } } if (status == PL_OPT_BAD) Usage(progName); if (!inFile) { #if defined(WIN32) /* If we're going to read binary data from stdin, we must put stdin ** into O_BINARY mode or else incoming \r\n's will become \n's. */ int smrv = _setmode(_fileno(stdin), _O_BINARY); if (smrv == -1) { fprintf(stderr, "%s: Cannot change stdin to binary mode. Use -i option instead.\n", progName); return smrv; } #endif inFile = stdin; } if (!outFile) { #if defined(WIN32) /* We're going to write binary data to stdout. We must put stdout ** into O_BINARY mode or else outgoing \r\n's will become \r\r\n's. */ int smrv = _setmode(_fileno(stdout), _O_BINARY); if (smrv == -1) { fprintf(stderr, "%s: Cannot change stdout to binary mode. Use -o option instead.\n", progName); return smrv; } #endif outFile = stdout; } if (suffix) { fprintf(outFile, "-----BEGIN %s-----\n", suffix); } rv = encode_file(outFile, inFile); if (rv != SECSuccess) { fprintf(stderr, "%s: lossage: error=%d errno=%d\n", progName, PORT_GetError(), errno); return -1; } if (suffix) { fprintf(outFile, "-----END %s-----\n", suffix); } return 0; } nss-pem.git/nss/nss/cmd/btoa/btoa.gyp0000664000000000000000000000120713252671167014670 0ustar # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. { 'includes': [ '../../coreconf/config.gypi', '../../cmd/platlibs.gypi' ], 'targets': [ { 'target_name': 'btoa', 'type': 'executable', 'sources': [ 'btoa.c' ], 'dependencies': [ '<(DEPTH)/exports.gyp:dbm_exports', '<(DEPTH)/exports.gyp:nss_exports' ] } ], 'target_defaults': { 'defines': [ 'NSPR20' ] }, 'variables': { 'module': 'nss' } }nss-pem.git/nss/nss/cmd/btoa/manifest.mn0000664000000000000000000000103413252671167015362 0ustar # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. CORE_DEPTH = ../.. # MODULE public and private header directories are implicitly REQUIRED. MODULE = nss # This next line is used by .mk files # and gets translated into $LINCS in manifest.mnw # MODULE is implicitly REQUIRED, doesn't need to be listed below. REQUIRES = seccmd dbm DEFINES = -DNSPR20 CSRCS = btoa.c PROGRAM = btoa nss-pem.git/nss/nss/cmd/certcgi/0000775000000000000000000000000013252703344013706 5ustar nss-pem.git/nss/nss/cmd/certcgi/HOWTO.txt0000664000000000000000000001316513252671167015364 0ustar How to setup your very own Cert-O-Matic Root CA server This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. How to setup your very own Cert-O-Matic Root CA server The program certcgi is part of a small test CA that is used inside Netscape by the NSS development team. That CA is affectionately known as "Cert-O-Matic" or "Cert-O-Matic II". It presently runs on a server named interzone.mcom.com inside Netscape's firewall. If you wish to setup your own Cert-O-Matic, here are directions. Disclaimer: This program does not follow good practices for root CAs. It should be used only for playing/testing and never for production use. Remember, you've been warned! Cert-O-Matic consists of some html files, shell scripts, one executable program that uses NSS and NSPR, the usual set of NSS .db files, and a file in which to remember the serial number of the last cert issued. The html files and the source to the executable program are in this directory. Sample shell scripts are shown below. The shell scripts and executable program run as CGI "scripts". The entire thing runs on an ordinary http web server. It would also run on an https web server. The shell scripts and html files must be customized for the server on which they run. The package assumes you have a "document root" directory $DOCROOT, and a "cgi-bin" directory $CGIBIN. In this example, the document root is assumed to be located in /var/www/htdocs, and the cgi-bin directory in /var/www/cgi-bin. The server is assumed to run all cgi scripts as the user "nobody". The names of the cgi scripts run directly by the server all end in .cgi because some servers like it that way. Instructions: - Create directory $DOCROOT/certomatic - Copy the following files from nss/cmd/certcgi to $DOCROOT/certomatic ca.html index.html main.html nscp_ext_form.html stnd_ext_form.html - Edit the html files, substituting the name of your own server for the server named in those files. - In some web page (e.g. your server's home page), provide an html link to $DOCROOT/certomatic/index.html. This is where users start to get their own certs from certomatic. - give these files and directories appropriate permissions. - Create directories $CGIBIN/certomatic and $CGIBIN/certomatic/bin make sure that $CGIBIN/certomatic is writable by "nobody" - Create a new set of NSS db files there with the following command: certutil -N -d $CGIBIN/certomatic - when certutil prompts you for the password, enter the word foo because that is compiled into the certcgi program. - Create the new Root CA cert with this command certutil -S -x -d $CGIBIN/certomatic -n "Cert-O-Matic II" \ -s "CN=Cert-O-Matic II, O=Cert-O-Matic II" -t TCu,cu,cu -k rsa \ -g 1024 -m 10001 -v 60 (adjust the -g, -m and -v parameters to taste. -s and -x must be as shown.) - dump out the new root CA cert in base64 encoding: certutil -d $CGIBIN/certomatic -L -n "Cert-O-Matic II" -a > \ $CGIBIN/certomatic/root.cacert - In $CGIBIN/certomatic/bin add two shell scripts - one to download the root CA cert on demand, and one to run the certcgi program. download.cgi, the script to install the root CA cert into a browser on demand, is this: #!/bin/sh echo "Content-type: application/x-x509-ca-cert" echo cat $CGIBIN/certomatic/root.cacert You'll have to put the real path into that cat command because CGIBIN won't be defined when this script is run by the server. certcgi.cgi, the script to run the certcgi program is similar to this: #!/bin/sh cd $CGIBIN/certomatic/bin LD_LIBRARY_PATH=$PLATFORM/lib export LD_LIBRARY_PATH $PLATFORM/bin/certcgi $* 2>&1 Where $PLATFORM/lib is where the NSPR nad NSS DSOs are located, and $PLATFORM/bin is where certcgi is located. PLATFORM is not defined when the server runs this script, so you'll have to substitute the right value in your script. certcgi requires that the working directory be one level below the NSS DBs, that is, the DBs are accessed in the directory "..". You'll want to provide an html link somewhere to the script that downloads the root.cacert file. You'll probably want to put that next to the link that loads the index.html page. On interzone, this is done with the following html: Cert-O-Matic II Root CA server

Download and trust Root CA certificate The index.html file in this directory invokes the certcgi.cgi script with the form post method, so if you change the name of the certcgi.cgi script, you'll also have to change the index.html file in $DOCROOT/certomatic The 4 files used by the certcgi program (the 3 NSS DBs, and the serial number file) are not required to live in $CGIBIN/certomatic, but they are required to live in $CWD/.. when certcgi starts. Known bugs: 1. Because multiple of these CAs exist simultaneously, it would be best if they didn't all have to be called "Cert-O-Matic II", but that string is presently hard coded into certcgi.c. 2. the html files in this directory contain numerous extraneous

tags which appear to use the post method and have action URLS that are never actually used. burp.cgi and echoform.cgi are never actually used. This should be cleaned up. 3. The html files use tags which are supported only in Netscape Navigator and Netscape Communication 4.x browsers. The html files do not work as intended with Netscape 6.x, Mozilla or Microsoft IE browsers. The html files should be fixed to work with all those named browsers. nss-pem.git/nss/nss/cmd/certcgi/Makefile0000664000000000000000000000354013252671167015357 0ustar #! gmake # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. ####################################################################### # (1) Include initial platform-independent assignments (MANDATORY). # ####################################################################### include manifest.mn ####################################################################### # (2) Include "global" configuration information. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/config.mk ####################################################################### # (3) Include "component" configuration information. (OPTIONAL) # ####################################################################### ####################################################################### # (4) Include "local" platform-dependent assignments (OPTIONAL). # ####################################################################### include ../platlibs.mk ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/rules.mk ####################################################################### # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # ####################################################################### include ../platrules.mk nss-pem.git/nss/nss/cmd/certcgi/ca.html0000664000000000000000000000206413252671167015170 0ustar Use the Cert-O-matic certificate to issue the cert

Use a CA long automatically generated chain ending with the Cert-O-Matic Cert (18 maximum)

Use a CA long user input chain ending in the Cert-O-Matic Cert.

nss-pem.git/nss/nss/cmd/certcgi/ca_form.html0000664000000000000000000004437713252671167016230 0ustar
Common Name:

Mail:

RFC 1274 e-mail
Organization:

Organizational Unit:

RFC 1274 UID:

Locality:

State or Province:

Country:

Serial Number:

Auto Generate

Use this value:

X.509 version:

Version 1

Version 3

 Key Type:

RSA

DSA
DN:

Netscape Certificate Type:

Activate extension:

Critical: 		SSL Client

SSL Server

S/MIME

Object Signing

Reserved for future use (bit 4)

SSL CA

S/MIME CA

Object Signing CA

Netscape Base URL:

Activate extension:

Critical:
Netscape Revocation URL:

Activate extension:

Critical:
Netscape CA Revocation URL:

Activate extension:

Critical:
Netscape Certificate Renewal URL:

Activate extension:

Critical:
Netscape CA Policy URL:

Activate extension:

Critical:
Netscape SSL Server Name:

Activate extension:

Critical:
Netscape Comment:

Activate extension:

Critical:

Key Usage:

Activate extension:

Critical: 		Digital Signature

Non Repudiation

Key Encipherment

Data Encipherment

Key Agreement

Key Certificate Signing

CRL Signing

Extended Key Usage:

Activate extension:

Critical: 		Server Auth

Client Auth

Code Signing

Email Protection

Timestamp

OCSP Responder

Step-up

Microsoft Trust List Signing

Basic Constraints:

Activate extension:

Critical: 		CA:

True

False

Include Path length:

Authority Key Identifier:

Activate extension: 		Key Identider

Issuer Name and Serial number

Subject Key Identifier:

Activate extension: 		Key Identifier:

This is an:

ascii text value

hex value

Private Key Usage Period:

Activate extension:

Critical: 		Use:

Not Before

Not After

Both

Not to be used to sign before:

Set to time of certificate issue

Use This value

(YYYY/MM/DD HH:MM:SS): / / : :

Not to be used to sign after:

(YYYY/MM/DD HH:MM:SS): / / : :

Subject Alternative Name:

Activate extension:

Critical:
General Names:
Name Type:
Other Name, OID: RFC 822 Name
DNS Name X400 Address
Directory Name EDI Party Name
Uniform Resource Locator IP Address
Registered ID Netscape Certificate Nickname
Name: Binary Encoded:

Issuer Alternative Name:

Activate extension:

Critical: 		Use the Subject Alternative Name from the Issuers Certificate

Use this Name:
General Names:
Name Type:
Other Name, OID: RFC 822 Name
DNS Name X400 Address
Directory Name EDI Party Name
Uniform Resource Locator IP Address
Registered ID
Name: Binary Encoded:

Name Constraints:

Activate extension:

Name Constraints:
Name Type:
Other Name, OID: RFC 822 Name
DNS Name X400 Address
Directory Name EDI Party Name
Uniform Resource Locator IP Address
Registered ID
Name: Binary Encoded:

Constraint type:

permited

excluded

Minimum:

Maximum:

nss-pem.git/nss/nss/cmd/certcgi/certcgi.c0000664000000000000000000021623013252671167015505 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* Cert-O-Matic CGI */ #include "nspr.h" #include "prtypes.h" #include "prtime.h" #include "prlong.h" #include "pk11func.h" #include "cert.h" #include "cryptohi.h" #include "secoid.h" #include "secder.h" #include "genname.h" #include "xconst.h" #include "secutil.h" #include "pk11pqg.h" #include "certxutl.h" #include "nss.h" /* #define TEST 1 */ /* #define FILEOUT 1 */ /* #define OFFLINE 1 */ #define START_FIELDS 100 #define PREFIX_LEN 6 #define SERIAL_FILE "../serial" #define DB_DIRECTORY ".." static char *progName; typedef struct PairStr Pair; struct PairStr { char *name; char *data; }; char prefix[PREFIX_LEN]; const SEC_ASN1Template CERTIA5TypeTemplate[] = { { SEC_ASN1_IA5_STRING } }; SECKEYPrivateKey *privkeys[9] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; #ifdef notdef const SEC_ASN1Template CERT_GeneralNameTemplate[] = { { SEC_ASN1_SEQUENCE_OF, 0, SEC_AnyTemplate } }; #endif static void error_out(char *error_string) { printf("Content-type: text/plain\n\n"); printf("%s", error_string); fflush(stderr); fflush(stdout); exit(1); } static void error_allocate(void) { error_out("ERROR: Unable to allocate memory"); } static char * make_copy_string(char *read_pos, int length, char sentinal_value) /* copys string from to a new string it creates and returns a pointer to the new string */ { int remaining = length; char *write_pos; char *new; new = write_pos = (char *)PORT_Alloc(length); if (new == NULL) { error_allocate(); } while (*read_pos != sentinal_value) { if (remaining == 1) { remaining += length; length = length * 2; new = PORT_Realloc(new, length); if (new == NULL) { error_allocate(); } write_pos = new + length - remaining; } *write_pos = *read_pos; ++write_pos; ++read_pos; remaining = remaining - 1; } *write_pos = '\0'; return new; } static SECStatus clean_input(Pair *data) /* converts the non-alphanumeric characters in a form post from hex codes back to characters */ { int length; int hi_digit; int low_digit; char character; char *begin_pos; char *read_pos; char *write_pos; PRBool name = PR_TRUE; begin_pos = data->name; while (begin_pos != NULL) { length = strlen(begin_pos); read_pos = write_pos = begin_pos; while ((read_pos - begin_pos) < length) { if (*read_pos == '+') { *read_pos = ' '; } if (*read_pos == '%') { hi_digit = *(read_pos + 1); low_digit = *(read_pos + 2); read_pos += 3; if (isdigit(hi_digit)) { hi_digit = hi_digit - '0'; } else { hi_digit = toupper(hi_digit); if (isxdigit(hi_digit)) { hi_digit = (hi_digit - 'A') + 10; } else { error_out("ERROR: Form data incorrectly formated"); } } if (isdigit(low_digit)) { low_digit = low_digit - '0'; } else { low_digit = toupper(low_digit); if ((low_digit >= 'A') && (low_digit <= 'F')) { low_digit = (low_digit - 'A') + 10; } else { error_out("ERROR: Form data incorrectly formated"); } } character = (hi_digit << 4) | low_digit; if (character != 10) { *write_pos = character; ++write_pos; } } else { *write_pos = *read_pos; ++write_pos; ++read_pos; } } *write_pos = '\0'; if (name == PR_TRUE) { begin_pos = data->data; name = PR_FALSE; } else { data++; begin_pos = data->name; name = PR_TRUE; } } return SECSuccess; } static char * make_name(char *new_data) /* gets the next field name in the input string and returns a pointer to a string containing a copy of it */ { int length = 20; char *name; name = make_copy_string(new_data, length, '='); return name; } static char * make_data(char *new_data) /* gets the data for the next field in the input string and returns a pointer to a string containing it */ { int length = 100; char *data; char *read_pos; read_pos = new_data; while (*(read_pos - 1) != '=') { ++read_pos; } data = make_copy_string(read_pos, length, '&'); return data; } static Pair make_pair(char *new_data) /* makes a pair name/data pair from the input string */ { Pair temp; temp.name = make_name(new_data); temp.data = make_data(new_data); return temp; } static Pair * make_datastruct(char *data, int len) /* parses the input from the form post into a data structure of field name/data pairs */ { Pair *datastruct; Pair *current; char *curr_pos; int fields = START_FIELDS; int remaining = START_FIELDS; curr_pos = data; datastruct = current = (Pair *)PORT_Alloc(fields * sizeof(Pair)); if (datastruct == NULL) { error_allocate(); } while (curr_pos - data < len) { if (remaining == 1) { remaining += fields; fields = fields * 2; datastruct = (Pair *)PORT_Realloc(datastruct, fields * sizeof(Pair)); if (datastruct == NULL) { error_allocate(); } current = datastruct + (fields - remaining); } *current = make_pair(curr_pos); while (*curr_pos != '&') { ++curr_pos; } ++curr_pos; ++current; remaining = remaining - 1; } current->name = NULL; return datastruct; } static char * return_name(Pair *data_struct, int n) /* returns a pointer to the name of the nth (starting from 0) item in the data structure */ { char *name; if ((data_struct + n)->name != NULL) { name = (data_struct + n)->name; return name; } else { return NULL; } } static char * return_data(Pair *data_struct, int n) /* returns a pointer to the data of the nth (starting from 0) itme in the data structure */ { char *data; data = (data_struct + n)->data; return data; } static char * add_prefix(char *field_name) { extern char prefix[PREFIX_LEN]; int i = 0; char *rv; char *write; rv = write = PORT_Alloc(PORT_Strlen(prefix) + PORT_Strlen(field_name) + 1); for (i = 0; i < PORT_Strlen(prefix); i++) { *write = prefix[i]; write++; } *write = '\0'; rv = PORT_Strcat(rv, field_name); return rv; } static char * find_field(Pair *data, char *field_name, PRBool add_pre) /* returns a pointer to the data of the first pair thats name matches the string it is passed */ { int i = 0; char *retrieved; int found = 0; if (add_pre) { field_name = add_prefix(field_name); } while (return_name(data, i) != NULL) { if (PORT_Strcmp(return_name(data, i), field_name) == 0) { retrieved = return_data(data, i); found = 1; break; } i++; } if (!found) { retrieved = NULL; } return retrieved; } static PRBool find_field_bool(Pair *data, char *fieldname, PRBool add_pre) { char *rv; rv = find_field(data, fieldname, add_pre); if ((rv != NULL) && (PORT_Strcmp(rv, "true")) == 0) { return PR_TRUE; } else { return PR_FALSE; } } static CERTCertificateRequest * makeCertReq(Pair *form_data, int which_priv_key) /* makes and encodes a certrequest */ { PK11SlotInfo *slot; CERTCertificateRequest *certReq = NULL; CERTSubjectPublicKeyInfo *spki; SECKEYPrivateKey *privkey = NULL; SECKEYPublicKey *pubkey = NULL; CERTName *name; char *key; extern SECKEYPrivateKey *privkeys[9]; int keySizeInBits; char *challenge = "foo"; SECStatus rv = SECSuccess; PQGParams *pqgParams = NULL; PQGVerify *pqgVfy = NULL; name = CERT_AsciiToName(find_field(form_data, "subject", PR_TRUE)); if (name == NULL) { error_out("ERROR: Unable to create Subject Name"); } key = find_field(form_data, "key", PR_TRUE); if (key == NULL) { switch (*find_field(form_data, "keysize", PR_TRUE)) { case '0': keySizeInBits = 2048; break; case '1': keySizeInBits = 1024; break; case '2': keySizeInBits = 512; break; default: error_out("ERROR: Unsupported Key length selected"); } if (find_field_bool(form_data, "keyType-dsa", PR_TRUE)) { rv = PK11_PQG_ParamGen(keySizeInBits, &pqgParams, &pqgVfy); if (rv != SECSuccess) { error_out("ERROR: Unable to generate PQG parameters"); } slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, &pubkey, PR_FALSE, PR_TRUE, NULL); } else { privkey = SECKEY_CreateRSAPrivateKey(keySizeInBits, &pubkey, NULL); } privkeys[which_priv_key] = privkey; spki = SECKEY_CreateSubjectPublicKeyInfo(pubkey); } else { spki = SECKEY_ConvertAndDecodePublicKeyAndChallenge(key, challenge, NULL); if (spki == NULL) { error_out("ERROR: Unable to decode Public Key and Challenge String"); } } certReq = CERT_CreateCertificateRequest(name, spki, NULL); if (certReq == NULL) { error_out("ERROR: Unable to create Certificate Request"); } if (pubkey != NULL) { SECKEY_DestroyPublicKey(pubkey); } if (spki != NULL) { SECKEY_DestroySubjectPublicKeyInfo(spki); } if (pqgParams != NULL) { PK11_PQG_DestroyParams(pqgParams); } if (pqgVfy != NULL) { PK11_PQG_DestroyVerify(pqgVfy); } return certReq; } static CERTCertificate * MakeV1Cert(CERTCertDBHandle *handle, CERTCertificateRequest *req, char *issuerNameStr, PRBool selfsign, int serialNumber, int warpmonths, Pair *data) { CERTCertificate *issuerCert = NULL; CERTValidity *validity; CERTCertificate *cert = NULL; PRExplodedTime printableTime; PRTime now, after; if (!selfsign) { issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); if (!issuerCert) { error_out("ERROR: Could not find issuer's certificate"); return NULL; } } if (find_field_bool(data, "manValidity", PR_TRUE)) { (void)DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE)); } else { now = PR_Now(); } PR_ExplodeTime(now, PR_GMTParameters, &printableTime); if (warpmonths) { printableTime.tm_month += warpmonths; now = PR_ImplodeTime(&printableTime); PR_ExplodeTime(now, PR_GMTParameters, &printableTime); } if (find_field_bool(data, "manValidity", PR_TRUE)) { (void)DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE)); PR_ExplodeTime(after, PR_GMTParameters, &printableTime); } else { printableTime.tm_month += 3; after = PR_ImplodeTime(&printableTime); } /* note that the time is now in micro-second unit */ validity = CERT_CreateValidity(now, after); if (selfsign) { cert = CERT_CreateCertificate(serialNumber, &(req->subject), validity, req); } else { cert = CERT_CreateCertificate(serialNumber, &(issuerCert->subject), validity, req); } CERT_DestroyValidity(validity); if (issuerCert) { CERT_DestroyCertificate(issuerCert); } return (cert); } static int get_serial_number(Pair *data) { int serial = 0; int error; char *filename = SERIAL_FILE; char *SN; FILE *serialFile; if (find_field_bool(data, "serial-auto", PR_TRUE)) { serialFile = fopen(filename, "r"); if (serialFile != NULL) { size_t nread = fread(&serial, sizeof(int), 1, serialFile); if (ferror(serialFile) != 0 || nread != 1) { error_out("Error: Unable to read serial number file"); } if (serial == -1) { serial = 21; } fclose(serialFile); ++serial; serialFile = fopen(filename, "w"); if (serialFile == NULL) { error_out("ERROR: Unable to open serial number file for writing"); } fwrite(&serial, sizeof(int), 1, serialFile); if (ferror(serialFile) != 0) { error_out("Error: Unable to write to serial number file"); } } else { fclose(serialFile); serialFile = fopen(filename, "w"); if (serialFile == NULL) { error_out("ERROR: Unable to open serial number file"); } serial = 21; fwrite(&serial, sizeof(int), 1, serialFile); if (ferror(serialFile) != 0) { error_out("Error: Unable to write to serial number file"); } error = ferror(serialFile); if (error != 0) { error_out("ERROR: Unable to write to serial file"); } } fclose(serialFile); } else { SN = find_field(data, "serial_value", PR_TRUE); while (*SN != '\0') { serial = serial * 16; if ((*SN >= 'A') && (*SN <= 'F')) { serial += *SN - 'A' + 10; } else { if ((*SN >= 'a') && (*SN <= 'f')) { serial += *SN - 'a' + 10; } else { serial += *SN - '0'; } } ++SN; } } return serial; } typedef SECStatus (*EXTEN_VALUE_ENCODER)(PLArenaPool *extHandle, void *value, SECItem *encodedValue); static SECStatus EncodeAndAddExtensionValue( PLArenaPool *arena, void *extHandle, void *value, PRBool criticality, int extenType, EXTEN_VALUE_ENCODER EncodeValueFn) { SECItem encodedValue; SECStatus rv; encodedValue.data = NULL; encodedValue.len = 0; rv = (*EncodeValueFn)(arena, value, &encodedValue); if (rv != SECSuccess) { error_out("ERROR: Unable to encode extension value"); } rv = CERT_AddExtension(extHandle, extenType, &encodedValue, criticality, PR_TRUE); return (rv); } static SECStatus AddKeyUsage(void *extHandle, Pair *data) { SECItem bitStringValue; unsigned char keyUsage = 0x0; if (find_field_bool(data, "keyUsage-digitalSignature", PR_TRUE)) { keyUsage |= (0x80 >> 0); } if (find_field_bool(data, "keyUsage-nonRepudiation", PR_TRUE)) { keyUsage |= (0x80 >> 1); } if (find_field_bool(data, "keyUsage-keyEncipherment", PR_TRUE)) { keyUsage |= (0x80 >> 2); } if (find_field_bool(data, "keyUsage-dataEncipherment", PR_TRUE)) { keyUsage |= (0x80 >> 3); } if (find_field_bool(data, "keyUsage-keyAgreement", PR_TRUE)) { keyUsage |= (0x80 >> 4); } if (find_field_bool(data, "keyUsage-keyCertSign", PR_TRUE)) { keyUsage |= (0x80 >> 5); } if (find_field_bool(data, "keyUsage-cRLSign", PR_TRUE)) { keyUsage |= (0x80 >> 6); } bitStringValue.data = &keyUsage; bitStringValue.len = 1; return (CERT_EncodeAndAddBitStrExtension(extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue, (find_field_bool(data, "keyUsage-crit", PR_TRUE)))); } static CERTOidSequence * CreateOidSequence(void) { CERTOidSequence *rv = (CERTOidSequence *)NULL; PLArenaPool *arena = (PLArenaPool *)NULL; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if ((PLArenaPool *)NULL == arena) { goto loser; } rv = (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence)); if ((CERTOidSequence *)NULL == rv) { goto loser; } rv->oids = (SECItem **)PORT_ArenaZAlloc(arena, sizeof(SECItem *)); if ((SECItem **)NULL == rv->oids) { goto loser; } rv->arena = arena; return rv; loser: if ((PLArenaPool *)NULL != arena) { PORT_FreeArena(arena, PR_FALSE); } return (CERTOidSequence *)NULL; } static SECStatus AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag) { SECItem **oids; PRUint32 count = 0; SECOidData *od; od = SECOID_FindOIDByTag(oidTag); if ((SECOidData *)NULL == od) { return SECFailure; } for (oids = os->oids; (SECItem *)NULL != *oids; oids++) { count++; } /* ArenaZRealloc */ { PRUint32 i; oids = (SECItem **)PORT_ArenaZAlloc(os->arena, sizeof(SECItem *) * (count + 2)); if ((SECItem **)NULL == oids) { return SECFailure; } for (i = 0; i < count; i++) { oids[i] = os->oids[i]; } /* ArenaZFree(os->oids); */ } os->oids = oids; os->oids[count] = &od->oid; return SECSuccess; } static SECItem * EncodeOidSequence(CERTOidSequence *os) { SECItem *rv; extern const SEC_ASN1Template CERT_OidSeqTemplate[]; rv = (SECItem *)PORT_ArenaZAlloc(os->arena, sizeof(SECItem)); if ((SECItem *)NULL == rv) { goto loser; } if (!SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate)) { goto loser; } return rv; loser: return (SECItem *)NULL; } static SECStatus AddExtKeyUsage(void *extHandle, Pair *data) { SECStatus rv; CERTOidSequence *os; SECItem *value; PRBool crit; os = CreateOidSequence(); if ((CERTOidSequence *)NULL == os) { return SECFailure; } if (find_field_bool(data, "extKeyUsage-serverAuth", PR_TRUE)) { rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH); if (SECSuccess != rv) goto loser; } if (find_field_bool(data, "extKeyUsage-msTrustListSign", PR_TRUE)) { rv = AddOidToSequence(os, SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING); if (SECSuccess != rv) goto loser; } if (find_field_bool(data, "extKeyUsage-clientAuth", PR_TRUE)) { rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH); if (SECSuccess != rv) goto loser; } if (find_field_bool(data, "extKeyUsage-codeSign", PR_TRUE)) { rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN); if (SECSuccess != rv) goto loser; } if (find_field_bool(data, "extKeyUsage-emailProtect", PR_TRUE)) { rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT); if (SECSuccess != rv) goto loser; } if (find_field_bool(data, "extKeyUsage-timeStamp", PR_TRUE)) { rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP); if (SECSuccess != rv) goto loser; } if (find_field_bool(data, "extKeyUsage-ocspResponder", PR_TRUE)) { rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER); if (SECSuccess != rv) goto loser; } if (find_field_bool(data, "extKeyUsage-NS-govtApproved", PR_TRUE)) { rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED); if (SECSuccess != rv) goto loser; } value = EncodeOidSequence(os); crit = find_field_bool(data, "extKeyUsage-crit", PR_TRUE); rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, value, crit, PR_TRUE); /*FALLTHROUGH*/ loser: CERT_DestroyOidSequence(os); return rv; } static SECStatus AddSubKeyID(void *extHandle, Pair *data, CERTCertificate *subjectCert) { SECItem encodedValue; SECStatus rv; char *read; char *write; char *first; char character; int high_digit = 0, low_digit = 0; int len; PRBool odd = PR_FALSE; encodedValue.data = NULL; encodedValue.len = 0; first = read = write = find_field(data, "subjectKeyIdentifier-text", PR_TRUE); len = PORT_Strlen(first); odd = ((len % 2) != 0) ? PR_TRUE : PR_FALSE; if (find_field_bool(data, "subjectKeyIdentifier-radio-hex", PR_TRUE)) { if (odd) { error_out("ERROR: Improperly formated subject key identifier, hex values must be expressed as an octet string"); } while (*read != '\0') { if (!isxdigit(*read)) { error_out("ERROR: Improperly formated subject key identifier"); } *read = toupper(*read); if ((*read >= 'A') && (*read <= 'F')) { high_digit = *read - 'A' + 10; } else { high_digit = *read - '0'; } ++read; if (!isxdigit(*read)) { error_out("ERROR: Improperly formated subject key identifier"); } *read = toupper(*read); if ((*read >= 'A') && (*read <= 'F')) { low_digit = *(read) - 'A' + 10; } else { low_digit = *(read) - '0'; } character = (high_digit << 4) | low_digit; *write = character; ++write; ++read; } *write = '\0'; len = write - first; } subjectCert->subjectKeyID.data = (unsigned char *)find_field(data, "subjectKeyIdentifier-text", PR_TRUE); subjectCert->subjectKeyID.len = len; rv = CERT_EncodeSubjectKeyID(NULL, &subjectCert->subjectKeyID, &encodedValue); if (rv) { return (rv); } return (CERT_AddExtension(extHandle, SEC_OID_X509_SUBJECT_KEY_ID, &encodedValue, PR_FALSE, PR_TRUE)); } static SECStatus AddAuthKeyID(void *extHandle, Pair *data, char *issuerNameStr, CERTCertDBHandle *handle) { CERTAuthKeyID *authKeyID = NULL; PLArenaPool *arena = NULL; SECStatus rv = SECSuccess; CERTCertificate *issuerCert = NULL; CERTGeneralName *genNames; CERTName *directoryName = NULL; issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) { error_allocate(); } authKeyID = PORT_ArenaZAlloc(arena, sizeof(CERTAuthKeyID)); if (authKeyID == NULL) { error_allocate(); } if (find_field_bool(data, "authorityKeyIdentifier-radio-keyIdentifier", PR_TRUE)) { authKeyID->keyID.data = PORT_ArenaAlloc(arena, PORT_Strlen((char *)issuerCert->subjectKeyID.data)); if (authKeyID->keyID.data == NULL) { error_allocate(); } PORT_Memcpy(authKeyID->keyID.data, issuerCert->subjectKeyID.data, authKeyID->keyID.len = PORT_Strlen((char *)issuerCert->subjectKeyID.data)); } else { PORT_Assert(arena); genNames = (CERTGeneralName *)PORT_ArenaZAlloc(arena, (sizeof(CERTGeneralName))); if (genNames == NULL) { error_allocate(); } genNames->l.next = genNames->l.prev = &(genNames->l); genNames->type = certDirectoryName; directoryName = CERT_AsciiToName(issuerCert->subjectName); if (!directoryName) { error_out("ERROR: Unable to create Directory Name"); } rv = CERT_CopyName(arena, &genNames->name.directoryName, directoryName); CERT_DestroyName(directoryName); if (rv != SECSuccess) { error_out("ERROR: Unable to copy Directory Name"); } authKeyID->authCertIssuer = genNames; if (authKeyID->authCertIssuer == NULL && SECFailure == PORT_GetError()) { error_out("ERROR: Unable to get Issuer General Name for Authority Key ID Extension"); } authKeyID->authCertSerialNumber = issuerCert->serialNumber; } rv = EncodeAndAddExtensionValue(arena, extHandle, authKeyID, PR_FALSE, SEC_OID_X509_AUTH_KEY_ID, (EXTEN_VALUE_ENCODER) CERT_EncodeAuthKeyID); if (arena) { PORT_FreeArena(arena, PR_FALSE); } return (rv); } static SECStatus AddPrivKeyUsagePeriod(void *extHandle, Pair *data, CERTCertificate *cert) { char *notBeforeStr; char *notAfterStr; PLArenaPool *arena = NULL; SECStatus rv = SECSuccess; CERTPrivKeyUsagePeriod *pkup; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) { error_allocate(); } pkup = PORT_ArenaZNew(arena, CERTPrivKeyUsagePeriod); if (pkup == NULL) { error_allocate(); } notBeforeStr = (char *)PORT_Alloc(16); if (notBeforeStr == NULL) { error_allocate(); } notAfterStr = (char *)PORT_Alloc(16); if (notAfterStr == NULL) { error_allocate(); } *notBeforeStr = '\0'; *notAfterStr = '\0'; pkup->arena = arena; pkup->notBefore.len = 0; pkup->notBefore.data = NULL; pkup->notAfter.len = 0; pkup->notAfter.data = NULL; if (find_field_bool(data, "privKeyUsagePeriod-radio-notBefore", PR_TRUE) || find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) { pkup->notBefore.len = 15; pkup->notBefore.data = (unsigned char *)notBeforeStr; if (find_field_bool(data, "privKeyUsagePeriod-notBefore-radio-manual", PR_TRUE)) { PORT_Strcat(notBeforeStr, find_field(data, "privKeyUsagePeriod-notBefore-year", PR_TRUE)); PORT_Strcat(notBeforeStr, find_field(data, "privKeyUsagePeriod-notBefore-month", PR_TRUE)); PORT_Strcat(notBeforeStr, find_field(data, "privKeyUsagePeriod-notBefore-day", PR_TRUE)); PORT_Strcat(notBeforeStr, find_field(data, "privKeyUsagePeriod-notBefore-hour", PR_TRUE)); PORT_Strcat(notBeforeStr, find_field(data, "privKeyUsagePeriod-notBefore-minute", PR_TRUE)); PORT_Strcat(notBeforeStr, find_field(data, "privKeyUsagePeriod-notBefore-second", PR_TRUE)); if ((*(notBeforeStr + 14) != '\0') || (!isdigit(*(notBeforeStr + 13))) || (*(notBeforeStr + 12) >= '5' && *(notBeforeStr + 12) <= '0') || (!isdigit(*(notBeforeStr + 11))) || (*(notBeforeStr + 10) >= '5' && *(notBeforeStr + 10) <= '0') || (!isdigit(*(notBeforeStr + 9))) || (*(notBeforeStr + 8) >= '2' && *(notBeforeStr + 8) <= '0') || (!isdigit(*(notBeforeStr + 7))) || (*(notBeforeStr + 6) >= '3' && *(notBeforeStr + 6) <= '0') || (!isdigit(*(notBeforeStr + 5))) || (*(notBeforeStr + 4) >= '1' && *(notBeforeStr + 4) <= '0') || (!isdigit(*(notBeforeStr + 3))) || (!isdigit(*(notBeforeStr + 2))) || (!isdigit(*(notBeforeStr + 1))) || (!isdigit(*(notBeforeStr + 0))) || (*(notBeforeStr + 8) == '2' && *(notBeforeStr + 9) >= '4') || (*(notBeforeStr + 6) == '3' && *(notBeforeStr + 7) >= '1') || (*(notBeforeStr + 4) == '1' && *(notBeforeStr + 5) >= '2')) { error_out("ERROR: Improperly formated private key usage period"); } *(notBeforeStr + 14) = 'Z'; *(notBeforeStr + 15) = '\0'; } else { if ((*(cert->validity.notBefore.data) > '5') || ((*(cert->validity.notBefore.data) == '5') && (*(cert->validity.notBefore.data + 1) != '0'))) { PORT_Strcat(notBeforeStr, "19"); } else { PORT_Strcat(notBeforeStr, "20"); } PORT_Strcat(notBeforeStr, (char *)cert->validity.notBefore.data); } } if (find_field_bool(data, "privKeyUsagePeriod-radio-notAfter", PR_TRUE) || find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) { pkup->notAfter.len = 15; pkup->notAfter.data = (unsigned char *)notAfterStr; PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-year", PR_TRUE)); PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-month", PR_TRUE)); PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-day", PR_TRUE)); PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-hour", PR_TRUE)); PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-minute", PR_TRUE)); PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-second", PR_TRUE)); if ((*(notAfterStr + 14) != '\0') || (!isdigit(*(notAfterStr + 13))) || (*(notAfterStr + 12) >= '5' && *(notAfterStr + 12) <= '0') || (!isdigit(*(notAfterStr + 11))) || (*(notAfterStr + 10) >= '5' && *(notAfterStr + 10) <= '0') || (!isdigit(*(notAfterStr + 9))) || (*(notAfterStr + 8) >= '2' && *(notAfterStr + 8) <= '0') || (!isdigit(*(notAfterStr + 7))) || (*(notAfterStr + 6) >= '3' && *(notAfterStr + 6) <= '0') || (!isdigit(*(notAfterStr + 5))) || (*(notAfterStr + 4) >= '1' && *(notAfterStr + 4) <= '0') || (!isdigit(*(notAfterStr + 3))) || (!isdigit(*(notAfterStr + 2))) || (!isdigit(*(notAfterStr + 1))) || (!isdigit(*(notAfterStr + 0))) || (*(notAfterStr + 8) == '2' && *(notAfterStr + 9) >= '4') || (*(notAfterStr + 6) == '3' && *(notAfterStr + 7) >= '1') || (*(notAfterStr + 4) == '1' && *(notAfterStr + 5) >= '2')) { error_out("ERROR: Improperly formated private key usage period"); } *(notAfterStr + 14) = 'Z'; *(notAfterStr + 15) = '\0'; } PORT_Assert(arena); rv = EncodeAndAddExtensionValue(arena, extHandle, pkup, find_field_bool(data, "privKeyUsagePeriod-crit", PR_TRUE), SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD, (EXTEN_VALUE_ENCODER) CERT_EncodePrivateKeyUsagePeriod); PORT_FreeArena(arena, PR_FALSE); PORT_Free(notBeforeStr); PORT_Free(notAfterStr); return (rv); } static SECStatus AddBasicConstraint(void *extHandle, Pair *data) { CERTBasicConstraints basicConstraint; SECItem encodedValue; SECStatus rv; encodedValue.data = NULL; encodedValue.len = 0; basicConstraint.pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT; basicConstraint.isCA = (find_field_bool(data, "basicConstraints-cA-radio-CA", PR_TRUE)); if (find_field_bool(data, "basicConstraints-pathLengthConstraint", PR_TRUE)) { basicConstraint.pathLenConstraint = atoi(find_field(data, "basicConstraints-pathLengthConstraint-text", PR_TRUE)); } rv = CERT_EncodeBasicConstraintValue(NULL, &basicConstraint, &encodedValue); if (rv) return (rv); rv = CERT_AddExtension(extHandle, SEC_OID_X509_BASIC_CONSTRAINTS, &encodedValue, (find_field_bool(data, "basicConstraints-crit", PR_TRUE)), PR_TRUE); PORT_Free(encodedValue.data); return (rv); } static SECStatus AddNscpCertType(void *extHandle, Pair *data) { SECItem bitStringValue; unsigned char CertType = 0x0; if (find_field_bool(data, "netscape-cert-type-ssl-client", PR_TRUE)) { CertType |= (0x80 >> 0); } if (find_field_bool(data, "netscape-cert-type-ssl-server", PR_TRUE)) { CertType |= (0x80 >> 1); } if (find_field_bool(data, "netscape-cert-type-smime", PR_TRUE)) { CertType |= (0x80 >> 2); } if (find_field_bool(data, "netscape-cert-type-object-signing", PR_TRUE)) { CertType |= (0x80 >> 3); } if (find_field_bool(data, "netscape-cert-type-reserved", PR_TRUE)) { CertType |= (0x80 >> 4); } if (find_field_bool(data, "netscape-cert-type-ssl-ca", PR_TRUE)) { CertType |= (0x80 >> 5); } if (find_field_bool(data, "netscape-cert-type-smime-ca", PR_TRUE)) { CertType |= (0x80 >> 6); } if (find_field_bool(data, "netscape-cert-type-object-signing-ca", PR_TRUE)) { CertType |= (0x80 >> 7); } bitStringValue.data = &CertType; bitStringValue.len = 1; return (CERT_EncodeAndAddBitStrExtension(extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue, (find_field_bool(data, "netscape-cert-type-crit", PR_TRUE)))); } static SECStatus add_IA5StringExtension(void *extHandle, char *string, PRBool crit, int idtag) { SECItem encodedValue; SECStatus rv; encodedValue.data = NULL; encodedValue.len = 0; rv = CERT_EncodeIA5TypeExtension(NULL, string, &encodedValue); if (rv) { return (rv); } return (CERT_AddExtension(extHandle, idtag, &encodedValue, crit, PR_TRUE)); } static SECItem * string_to_oid(char *string) { int i; int length = 20; int remaining; int first_value; int second_value; int value; int oidLength; unsigned char *oidString; unsigned char *write; unsigned char *read; unsigned char *temp; SECItem *oid; remaining = length; i = 0; while (*string == ' ') { string++; } while (isdigit(*(string + i))) { i++; } if (*(string + i) == '.') { *(string + i) = '\0'; } else { error_out("ERROR: Improperly formated OID"); } first_value = atoi(string); if (first_value < 0 || first_value > 2) { error_out("ERROR: Improperly formated OID"); } string += i + 1; i = 0; while (isdigit(*(string + i))) { i++; } if (*(string + i) == '.') { *(string + i) = '\0'; } else { error_out("ERROR: Improperly formated OID"); } second_value = atoi(string); if (second_value < 0 || second_value > 39) { error_out("ERROR: Improperly formated OID"); } oidString = PORT_ZAlloc(2); *oidString = (first_value * 40) + second_value; *(oidString + 1) = '\0'; oidLength = 1; string += i + 1; i = 0; temp = write = PORT_ZAlloc(length); while (*string != '\0') { value = 0; while (isdigit(*(string + i))) { i++; } if (*(string + i) == '\0') { value = atoi(string); string += i; } else { if (*(string + i) == '.') { *(string + i) = '\0'; value = atoi(string); string += i + 1; } else { *(string + i) = '\0'; i++; value = atoi(string); while (*(string + i) == ' ') i++; if (*(string + i) != '\0') { error_out("ERROR: Improperly formated OID"); } } } i = 0; while (value != 0) { if (remaining < 1) { remaining += length; length = length * 2; temp = PORT_Realloc(temp, length); write = temp + length - remaining; } *write = (value & 0x7f) | (0x80); write++; remaining--; value = value >> 7; } *temp = *temp & (0x7f); oidLength += write - temp; oidString = PORT_Realloc(oidString, (oidLength + 1)); read = write - 1; write = oidLength + oidString - 1; for (i = 0; i < (length - remaining); i++) { *write = *read; write--; read++; } write = temp; remaining = length; } *(oidString + oidLength) = '\0'; oid = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); oid->data = oidString; oid->len = oidLength; PORT_Free(temp); return oid; } static SECItem * string_to_ipaddress(char *string) { int i = 0; int value; int j = 0; SECItem *ipaddress; while (*string == ' ') { string++; } ipaddress = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); ipaddress->data = PORT_ZAlloc(9); while (*string != '\0' && j < 8) { while (isdigit(*(string + i))) { i++; } if (*(string + i) == '.') { *(string + i) = '\0'; value = atoi(string); string = string + i + 1; i = 0; } else { if (*(string + i) == '\0') { value = atoi(string); string = string + i; i = 0; } else { *(string + i) = '\0'; while (*(string + i) == ' ') { i++; } if (*(string + i) == '\0') { value = atoi(string); string = string + i; i = 0; } else { error_out("ERROR: Improperly formated IP Address"); } } } if (value >= 0 && value < 256) { *(ipaddress->data + j) = value; } else { error_out("ERROR: Improperly formated IP Address"); } j++; } *(ipaddress->data + j) = '\0'; if (j != 4 && j != 8) { error_out("ERROR: Improperly formated IP Address"); } ipaddress->len = j; return ipaddress; } static int chr_to_hex(char c) { if (isdigit(c)) { return c - '0'; } if (isxdigit(c)) { return toupper(c) - 'A' + 10; } return -1; } static SECItem * string_to_binary(char *string) { SECItem *rv; rv = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); if (rv == NULL) { error_allocate(); } rv->data = (unsigned char *)PORT_ZAlloc((PORT_Strlen(string)) / 3 + 2); rv->len = 0; while (*string && !isxdigit(*string)) { string++; } while (*string) { int high, low; high = chr_to_hex(*string++); low = chr_to_hex(*string++); if (high < 0 || low < 0) { error_out("ERROR: Improperly formated binary encoding"); } rv->data[(rv->len)++] = high << 4 | low; if (*string != ':') { break; } ++string; } while (*string == ' ') { ++string; } if (*string) { error_out("ERROR: Junk after binary encoding"); } return rv; } static SECStatus MakeGeneralName(char *name, CERTGeneralName *genName, PLArenaPool *arena) { SECItem *oid; SECOidData *oidData; SECItem *ipaddress; SECItem *temp = NULL; int i; int nameType; PRBool binary = PR_FALSE; SECStatus rv = SECSuccess; PRBool nickname = PR_FALSE; PORT_Assert(genName); PORT_Assert(arena); nameType = *(name + PORT_Strlen(name) - 1) - '0'; if (nameType == 0 && *(name + PORT_Strlen(name) - 2) == '1') { nickname = PR_TRUE; nameType = certOtherName; } if (nameType < 1 || nameType > 9) { error_out("ERROR: Unknown General Name Type"); } *(name + PORT_Strlen(name) - 4) = '\0'; genName->type = nameType; switch (genName->type) { case certURI: case certRFC822Name: case certDNSName: { genName->name.other.data = (unsigned char *)name; genName->name.other.len = PORT_Strlen(name); break; } case certIPAddress: { ipaddress = string_to_ipaddress(name); genName->name.other.data = ipaddress->data; genName->name.other.len = ipaddress->len; break; } case certRegisterID: { oid = string_to_oid(name); genName->name.other.data = oid->data; genName->name.other.len = oid->len; break; } case certEDIPartyName: case certX400Address: { genName->name.other.data = PORT_ArenaAlloc(arena, PORT_Strlen(name) + 2); if (genName->name.other.data == NULL) { error_allocate(); } PORT_Memcpy(genName->name.other.data + 2, name, PORT_Strlen(name)); /* This may not be accurate for all cases. For now, use this tag type */ genName->name.other.data[0] = (char)(((genName->type - 1) & 0x1f) | 0x80); genName->name.other.data[1] = (char)PORT_Strlen(name); genName->name.other.len = PORT_Strlen(name) + 2; break; } case certOtherName: { i = 0; if (!nickname) { while (!isdigit(*(name + PORT_Strlen(name) - i))) { i++; } if (*(name + PORT_Strlen(name) - i) == '1') { binary = PR_TRUE; } else { binary = PR_FALSE; } while (*(name + PORT_Strlen(name) - i) != '-') { i++; } *(name + PORT_Strlen(name) - i - 1) = '\0'; i = 0; while (*(name + i) != '-') { i++; } *(name + i - 1) = '\0'; oid = string_to_oid(name + i + 2); } else { oidData = SECOID_FindOIDByTag(SEC_OID_NETSCAPE_NICKNAME); oid = &oidData->oid; while (*(name + PORT_Strlen(name) - i) != '-') { i++; } *(name + PORT_Strlen(name) - i) = '\0'; } genName->name.OthName.oid.data = oid->data; genName->name.OthName.oid.len = oid->len; if (binary) { temp = string_to_binary(name); genName->name.OthName.name.data = temp->data; genName->name.OthName.name.len = temp->len; } else { temp = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); if (temp == NULL) { error_allocate(); } temp->data = (unsigned char *)name; temp->len = PORT_Strlen(name); SEC_ASN1EncodeItem(arena, &(genName->name.OthName.name), temp, CERTIA5TypeTemplate); } PORT_Free(temp); break; } case certDirectoryName: { CERTName *directoryName = NULL; directoryName = CERT_AsciiToName(name); if (!directoryName) { error_out("ERROR: Improperly formated alternative name"); break; } rv = CERT_CopyName(arena, &genName->name.directoryName, directoryName); CERT_DestroyName(directoryName); break; } } genName->l.next = &(genName->l); genName->l.prev = &(genName->l); return rv; } static CERTGeneralName * MakeAltName(Pair *data, char *which, PLArenaPool *arena) { CERTGeneralName *SubAltName; CERTGeneralName *current; CERTGeneralName *newname; char *name = NULL; SECStatus rv = SECSuccess; int len; len = PORT_Strlen(which); name = find_field(data, which, PR_TRUE); SubAltName = current = (CERTGeneralName *)PORT_ZAlloc(sizeof(CERTGeneralName)); if (current == NULL) { error_allocate(); } while (name != NULL) { rv = MakeGeneralName(name, current, arena); if (rv != SECSuccess) { break; } if (*(which + len - 1) < '9') { *(which + len - 1) = *(which + len - 1) + 1; } else { if (isdigit(*(which + len - 2))) { *(which + len - 2) = *(which + len - 2) + 1; *(which + len - 1) = '0'; } else { *(which + len - 1) = '1'; *(which + len) = '0'; *(which + len + 1) = '\0'; len++; } } len = PORT_Strlen(which); name = find_field(data, which, PR_TRUE); if (name != NULL) { newname = (CERTGeneralName *)PORT_ZAlloc(sizeof(CERTGeneralName)); if (newname == NULL) { error_allocate(); } current->l.next = &(newname->l); newname->l.prev = &(current->l); current = newname; newname = NULL; } else { current->l.next = &(SubAltName->l); SubAltName->l.prev = &(current->l); } } if (rv == SECFailure) { return NULL; } return SubAltName; } static CERTNameConstraints * MakeNameConstraints(Pair *data, PLArenaPool *arena) { CERTNameConstraints *NameConstraints; CERTNameConstraint *current = NULL; CERTNameConstraint *last_permited = NULL; CERTNameConstraint *last_excluded = NULL; char *constraint = NULL; char *which; SECStatus rv = SECSuccess; int len; int i; long max; long min; PRBool permited; NameConstraints = (CERTNameConstraints *)PORT_ZAlloc(sizeof(CERTNameConstraints)); which = make_copy_string("NameConstraintSelect0", 25, '\0'); len = PORT_Strlen(which); constraint = find_field(data, which, PR_TRUE); NameConstraints->permited = NameConstraints->excluded = NULL; while (constraint != NULL) { current = (CERTNameConstraint *)PORT_ZAlloc(sizeof(CERTNameConstraint)); if (current == NULL) { error_allocate(); } i = 0; while (*(constraint + PORT_Strlen(constraint) - i) != '-') { i++; } *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; max = (long)atoi(constraint + PORT_Strlen(constraint) + 3); if (max > 0) { (void)SEC_ASN1EncodeInteger(arena, ¤t->max, max); } i = 0; while (*(constraint + PORT_Strlen(constraint) - i) != '-') { i++; } *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; min = (long)atoi(constraint + PORT_Strlen(constraint) + 3); (void)SEC_ASN1EncodeInteger(arena, ¤t->min, min); while (*(constraint + PORT_Strlen(constraint) - i) != '-') { i++; } *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; if (*(constraint + PORT_Strlen(constraint) + 3) == 'p') { permited = PR_TRUE; } else { permited = PR_FALSE; } rv = MakeGeneralName(constraint, &(current->name), arena); if (rv != SECSuccess) { break; } if (*(which + len - 1) < '9') { *(which + len - 1) = *(which + len - 1) + 1; } else { if (isdigit(*(which + len - 2))) { *(which + len - 2) = *(which + len - 2) + 1; *(which + len - 1) = '0'; } else { *(which + len - 1) = '1'; *(which + len) = '0'; *(which + len + 1) = '\0'; len++; } } len = PORT_Strlen(which); if (permited) { if (NameConstraints->permited == NULL) { NameConstraints->permited = last_permited = current; } last_permited->l.next = &(current->l); current->l.prev = &(last_permited->l); last_permited = current; } else { if (NameConstraints->excluded == NULL) { NameConstraints->excluded = last_excluded = current; } last_excluded->l.next = &(current->l); current->l.prev = &(last_excluded->l); last_excluded = current; } constraint = find_field(data, which, PR_TRUE); if (constraint != NULL) { current = (CERTNameConstraint *)PORT_ZAlloc(sizeof(CERTNameConstraint)); if (current == NULL) { error_allocate(); } } } if (NameConstraints->permited != NULL) { last_permited->l.next = &(NameConstraints->permited->l); NameConstraints->permited->l.prev = &(last_permited->l); } if (NameConstraints->excluded != NULL) { last_excluded->l.next = &(NameConstraints->excluded->l); NameConstraints->excluded->l.prev = &(last_excluded->l); } if (which != NULL) { PORT_Free(which); } if (rv == SECFailure) { return NULL; } return NameConstraints; } static SECStatus AddAltName(void *extHandle, Pair *data, char *issuerNameStr, CERTCertDBHandle *handle, int type) { PRBool autoIssuer = PR_FALSE; PLArenaPool *arena = NULL; CERTGeneralName *genName = NULL; char *which = NULL; char *name = NULL; SECStatus rv = SECSuccess; SECItem *issuersAltName = NULL; CERTCertificate *issuerCert = NULL; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { error_allocate(); } if (type == 0) { which = make_copy_string("SubAltNameSelect0", 20, '\0'); genName = MakeAltName(data, which, arena); } else { if (autoIssuer) { autoIssuer = find_field_bool(data, "IssuerAltNameSourceRadio-auto", PR_TRUE); issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); rv = cert_FindExtension((*issuerCert).extensions, SEC_OID_X509_SUBJECT_ALT_NAME, issuersAltName); if (issuersAltName == NULL) { name = PORT_Alloc(PORT_Strlen((*issuerCert).subjectName) + 4); PORT_Strcpy(name, (*issuerCert).subjectName); PORT_Strcat(name, " - 5"); } } else { which = make_copy_string("IssuerAltNameSelect0", 20, '\0'); genName = MakeAltName(data, which, arena); } } if (type == 0) { EncodeAndAddExtensionValue(arena, extHandle, genName, find_field_bool(data, "SubAltName-crit", PR_TRUE), SEC_OID_X509_SUBJECT_ALT_NAME, (EXTEN_VALUE_ENCODER) CERT_EncodeAltNameExtension); } else { if (autoIssuer && (name == NULL)) { rv = CERT_AddExtension(extHandle, SEC_OID_X509_ISSUER_ALT_NAME, issuersAltName, find_field_bool(data, "IssuerAltName-crit", PR_TRUE), PR_TRUE); } else { EncodeAndAddExtensionValue(arena, extHandle, genName, find_field_bool(data, "IssuerAltName-crit", PR_TRUE), SEC_OID_X509_ISSUER_ALT_NAME, (EXTEN_VALUE_ENCODER) CERT_EncodeAltNameExtension); } } if (which != NULL) { PORT_Free(which); } if (issuerCert != NULL) { CERT_DestroyCertificate(issuerCert); } return rv; } static SECStatus AddNameConstraints(void *extHandle, Pair *data) { PLArenaPool *arena = NULL; CERTNameConstraints *constraints = NULL; SECStatus rv = SECSuccess; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { error_allocate(); } constraints = MakeNameConstraints(data, arena); if (constraints != NULL) { EncodeAndAddExtensionValue(arena, extHandle, constraints, PR_TRUE, SEC_OID_X509_NAME_CONSTRAINTS, (EXTEN_VALUE_ENCODER) CERT_EncodeNameConstraintsExtension); } if (arena != NULL) { PORT_ArenaRelease(arena, NULL); } return rv; } static SECStatus add_extensions(CERTCertificate *subjectCert, Pair *data, char *issuerNameStr, CERTCertDBHandle *handle) { void *extHandle; SECStatus rv = SECSuccess; extHandle = CERT_StartCertExtensions(subjectCert); if (extHandle == NULL) { error_out("ERROR: Unable to get certificates extension handle"); } if (find_field_bool(data, "keyUsage", PR_TRUE)) { rv = AddKeyUsage(extHandle, data); if (rv != SECSuccess) { error_out("ERROR: Unable to add Key Usage extension"); } } if (find_field_bool(data, "extKeyUsage", PR_TRUE)) { rv = AddExtKeyUsage(extHandle, data); if (SECSuccess != rv) { error_out("ERROR: Unable to add Extended Key Usage extension"); } } if (find_field_bool(data, "basicConstraints", PR_TRUE)) { rv = AddBasicConstraint(extHandle, data); if (rv != SECSuccess) { error_out("ERROR: Unable to add Basic Constraint extension"); } } if (find_field_bool(data, "subjectKeyIdentifier", PR_TRUE)) { rv = AddSubKeyID(extHandle, data, subjectCert); if (rv != SECSuccess) { error_out("ERROR: Unable to add Subject Key Identifier Extension"); } } if (find_field_bool(data, "authorityKeyIdentifier", PR_TRUE)) { rv = AddAuthKeyID(extHandle, data, issuerNameStr, handle); if (rv != SECSuccess) { error_out("ERROR: Unable to add Authority Key Identifier extension"); } } if (find_field_bool(data, "privKeyUsagePeriod", PR_TRUE)) { rv = AddPrivKeyUsagePeriod(extHandle, data, subjectCert); if (rv != SECSuccess) { error_out("ERROR: Unable to add Private Key Usage Period extension"); } } if (find_field_bool(data, "SubAltName", PR_TRUE)) { rv = AddAltName(extHandle, data, NULL, NULL, 0); if (rv != SECSuccess) { error_out("ERROR: Unable to add Subject Alternative Name extension"); } } if (find_field_bool(data, "IssuerAltName", PR_TRUE)) { rv = AddAltName(extHandle, data, issuerNameStr, handle, 1); if (rv != SECSuccess) { error_out("ERROR: Unable to add Issuer Alternative Name Extension"); } } if (find_field_bool(data, "NameConstraints", PR_TRUE)) { rv = AddNameConstraints(extHandle, data); if (rv != SECSuccess) { error_out("ERROR: Unable to add Name Constraints Extension"); } } if (find_field_bool(data, "netscape-cert-type", PR_TRUE)) { rv = AddNscpCertType(extHandle, data); if (rv != SECSuccess) { error_out("ERROR: Unable to add Netscape Certificate Type Extension"); } } if (find_field_bool(data, "netscape-base-url", PR_TRUE)) { rv = add_IA5StringExtension(extHandle, find_field(data, "netscape-base-url-text", PR_TRUE), find_field_bool(data, "netscape-base-url-crit", PR_TRUE), SEC_OID_NS_CERT_EXT_BASE_URL); if (rv != SECSuccess) { error_out("ERROR: Unable to add Netscape Base URL Extension"); } } if (find_field_bool(data, "netscape-revocation-url", PR_TRUE)) { rv = add_IA5StringExtension(extHandle, find_field(data, "netscape-revocation-url-text", PR_TRUE), find_field_bool(data, "netscape-revocation-url-crit", PR_TRUE), SEC_OID_NS_CERT_EXT_REVOCATION_URL); if (rv != SECSuccess) { error_out("ERROR: Unable to add Netscape Revocation URL Extension"); } } if (find_field_bool(data, "netscape-ca-revocation-url", PR_TRUE)) { rv = add_IA5StringExtension(extHandle, find_field(data, "netscape-ca-revocation-url-text", PR_TRUE), find_field_bool(data, "netscape-ca-revocation-url-crit", PR_TRUE), SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL); if (rv != SECSuccess) { error_out("ERROR: Unable to add Netscape CA Revocation URL Extension"); } } if (find_field_bool(data, "netscape-cert-renewal-url", PR_TRUE)) { rv = add_IA5StringExtension(extHandle, find_field(data, "netscape-cert-renewal-url-text", PR_TRUE), find_field_bool(data, "netscape-cert-renewal-url-crit", PR_TRUE), SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL); if (rv != SECSuccess) { error_out("ERROR: Unable to add Netscape Certificate Renewal URL Extension"); } } if (find_field_bool(data, "netscape-ca-policy-url", PR_TRUE)) { rv = add_IA5StringExtension(extHandle, find_field(data, "netscape-ca-policy-url-text", PR_TRUE), find_field_bool(data, "netscape-ca-policy-url-crit", PR_TRUE), SEC_OID_NS_CERT_EXT_CA_POLICY_URL); if (rv != SECSuccess) { error_out("ERROR: Unable to add Netscape CA Policy URL Extension"); } } if (find_field_bool(data, "netscape-ssl-server-name", PR_TRUE)) { rv = add_IA5StringExtension(extHandle, find_field(data, "netscape-ssl-server-name-text", PR_TRUE), find_field_bool(data, "netscape-ssl-server-name-crit", PR_TRUE), SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME); if (rv != SECSuccess) { error_out("ERROR: Unable to add Netscape SSL Server Name Extension"); } } if (find_field_bool(data, "netscape-comment", PR_TRUE)) { rv = add_IA5StringExtension(extHandle, find_field(data, "netscape-comment-text", PR_TRUE), find_field_bool(data, "netscape-comment-crit", PR_TRUE), SEC_OID_NS_CERT_EXT_COMMENT); if (rv != SECSuccess) { error_out("ERROR: Unable to add Netscape Comment Extension"); } } CERT_FinishExtensions(extHandle); return (rv); } char * return_dbpasswd(PK11SlotInfo *slot, PRBool retry, void *data) { char *rv; /* don't clobber our poor smart card */ if (retry == PR_TRUE) { return NULL; } rv = PORT_Alloc(4); PORT_Strcpy(rv, "foo"); return rv; } SECKEYPrivateKey * FindPrivateKeyFromNameStr(char *name, CERTCertDBHandle *certHandle) { SECKEYPrivateKey *key; CERTCertificate *cert; CERTCertificate *p11Cert; /* We don't presently have a PK11 function to find a cert by ** subject name. ** We do have a function to find a cert in the internal slot's ** cert db by subject name, but it doesn't setup the slot info. ** So, this HACK works, but should be replaced as soon as we ** have a function to search for certs accross slots by subject name. */ cert = CERT_FindCertByNameString(certHandle, name); if (cert == NULL || cert->nickname == NULL) { error_out("ERROR: Unable to retrieve issuers certificate"); } p11Cert = PK11_FindCertFromNickname(cert->nickname, NULL); if (p11Cert == NULL) { error_out("ERROR: Unable to retrieve issuers certificate"); } key = PK11_FindKeyByAnyCert(p11Cert, NULL); return key; } static SECItem * SignCert(CERTCertificate *cert, char *issuerNameStr, Pair *data, CERTCertDBHandle *handle, int which_key) { SECItem der; SECKEYPrivateKey *caPrivateKey = NULL; SECStatus rv; PLArenaPool *arena; SECOidTag algID; if (which_key == 0) { caPrivateKey = FindPrivateKeyFromNameStr(issuerNameStr, handle); } else { caPrivateKey = privkeys[which_key - 1]; } if (caPrivateKey == NULL) { error_out("ERROR: unable to retrieve issuers key"); } arena = cert->arena; algID = SEC_GetSignatureAlgorithmOidTag(caPrivateKey->keyType, SEC_OID_UNKNOWN); if (algID == SEC_OID_UNKNOWN) { error_out("ERROR: Unknown key type for issuer."); goto done; } rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0); if (rv != SECSuccess) { error_out("ERROR: Could not set signature algorithm id."); } if (find_field_bool(data, "ver-1", PR_TRUE)) { *(cert->version.data) = 0; cert->version.len = 1; } else { *(cert->version.data) = 2; cert->version.len = 1; } der.data = NULL; der.len = 0; (void)SEC_ASN1EncodeItem(arena, &der, cert, CERT_CertificateTemplate); if (der.data == NULL) { error_out("ERROR: Could not encode certificate.\n"); } rv = SEC_DerSignData(arena, &(cert->derCert), der.data, der.len, caPrivateKey, algID); if (rv != SECSuccess) { error_out("ERROR: Could not sign encoded certificate data.\n"); } done: SECKEY_DestroyPrivateKey(caPrivateKey); return &(cert->derCert); } int main(int argc, char **argv) { int length = 500; int remaining = 500; int n; int i; int serial; int chainLen; int which_key; char *pos; #ifdef OFFLINE char *form_output = "key=MIIBPTCBpzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7" "SLqjWBL9Wl11Vlg%0AaMqZCvcQOL%2FnvSqYPPRP0XZy9SoAeyWzQnBOiCm2t8H5mK7r2" "jnKdAQOmfhjaJil%0A3hNVu3SekHOXF6Ze7bkWa6%2FSGVcY%2FojkydxFSgY43nd1iyd" "zPQDp8WWLL%2BpVpt%2B%2B%0ATRhFtVXbF0fQI03j9h3BoTgP2lkCAwEAARYDZm9vMA0" "GCSqGSIb3DQEBBAUAA4GB%0AAJ8UfRKJ0GtG%2B%2BufCC6tAfTzKrq3CTBHnom55EyXc" "sAsv6WbDqI%2F0rLAPkn2Xo1r%0AnNhtMxIuj441blMt%2Fa3AGLOy5zmC7Qawt8IytvQ" "ikQ1XTpTBCXevytrmLjCmlURr%0ANJryTM48WaMQHiMiJpbXCqVJC1d%2FpEWBtqvALzZ" "aOOIy&subject=CN%3D%22test%22%26serial-auto%3Dtrue%26serial_value%3D%" "26ver-1%3Dtrue%26ver-3%3Dfalse%26caChoiceradio-SignWithDefaultkey%3Dt" "rue%26caChoiceradio-SignWithRandomChain%3Dfalse%26autoCAs%3D%26caChoi" "ceradio-SignWithSpecifiedChain%3Dfalse%26manCAs%3D%26%24"; #else char *form_output; #endif char *issuerNameStr; char *certName; char *DBdir = DB_DIRECTORY; char *prefixs[10] = { "CA#1-", "CA#2-", "CA#3-", "CA#4-", "CA#5-", "CA#6-", "CA#7-", "CA#8-", "CA#9-", "" }; Pair *form_data; CERTCertificate *cert; CERTCertDBHandle *handle; CERTCertificateRequest *certReq = NULL; int warpmonths = 0; SECItem *certDER; #ifdef FILEOUT FILE *outfile; #endif SECStatus status = SECSuccess; extern char prefix[PREFIX_LEN]; SEC_PKCS7ContentInfo *certChain; SECItem *encodedCertChain; PRBool UChain = PR_FALSE; progName = strrchr(argv[0], '/'); progName = progName ? progName + 1 : argv[0]; #ifdef TEST sleep(20); #endif SECU_ConfigDirectory(DBdir); PK11_SetPasswordFunc(return_dbpasswd); status = NSS_InitReadWrite(DBdir); if (status != SECSuccess) { SECU_PrintPRandOSError(progName); return -1; } handle = CERT_GetDefaultCertDB(); prefix[0] = '\0'; #if !defined(OFFLINE) form_output = (char *)PORT_Alloc(length); if (form_output == NULL) { error_allocate(); } pos = form_output; while (feof(stdin) == 0) { if (remaining <= 1) { remaining += length; length = length * 2; form_output = PORT_Realloc(form_output, (length)); if (form_output == NULL) { error_allocate(); } pos = form_output + length - remaining; } n = fread(pos, 1, (size_t)(remaining - 1), stdin); pos += n; remaining -= n; } *pos = '&'; pos++; length = pos - form_output; #else length = PORT_Strlen(form_output); #endif #ifdef FILEOUT printf("Content-type: text/plain\n\n"); fwrite(form_output, 1, (size_t)length, stdout); printf("\n"); #endif #ifdef FILEOUT fwrite(form_output, 1, (size_t)length, stdout); printf("\n"); fflush(stdout); #endif form_data = make_datastruct(form_output, length); status = clean_input(form_data); #if !defined(OFFLINE) PORT_Free(form_output); #endif #ifdef FILEOUT i = 0; while (return_name(form_data, i) != NULL) { printf("%s", return_name(form_data, i)); printf("=\n"); printf("%s", return_data(form_data, i)); printf("\n"); i++; } printf("I got that done, woo hoo\n"); fflush(stdout); #endif issuerNameStr = PORT_Alloc(200); if (find_field_bool(form_data, "caChoiceradio-SignWithSpecifiedChain", PR_FALSE)) { UChain = PR_TRUE; chainLen = atoi(find_field(form_data, "manCAs", PR_FALSE)); PORT_Strcpy(prefix, prefixs[0]); issuerNameStr = PORT_Strcpy(issuerNameStr, "CN=Cert-O-Matic II, O=Cert-O-Matic II"); if (chainLen == 0) { UChain = PR_FALSE; } } else { if (find_field_bool(form_data, "caChoiceradio-SignWithRandomChain", PR_FALSE)) { PORT_Strcpy(prefix, prefixs[9]); chainLen = atoi(find_field(form_data, "autoCAs", PR_FALSE)); if (chainLen < 1 || chainLen > 18) { issuerNameStr = PORT_Strcpy(issuerNameStr, "CN=CA18, O=Cert-O-Matic II"); } issuerNameStr = PORT_Strcpy(issuerNameStr, "CN=CA"); issuerNameStr = PORT_Strcat(issuerNameStr, find_field(form_data, "autoCAs", PR_FALSE)); issuerNameStr = PORT_Strcat(issuerNameStr, ", O=Cert-O-Matic II"); } else { issuerNameStr = PORT_Strcpy(issuerNameStr, "CN=Cert-O-Matic II, O=Cert-O-Matic II"); } chainLen = 0; } i = -1; which_key = 0; do { extern SECStatus cert_GetKeyID(CERTCertificate * cert); i++; if (i != 0 && UChain) { PORT_Strcpy(prefix, prefixs[i]); } /* find_field(form_data,"subject", PR_TRUE); */ certReq = makeCertReq(form_data, which_key); #ifdef OFFLINE serial = 900; #else serial = get_serial_number(form_data); #endif cert = MakeV1Cert(handle, certReq, issuerNameStr, PR_FALSE, serial, warpmonths, form_data); if (certReq != NULL) { CERT_DestroyCertificateRequest(certReq); } if (find_field_bool(form_data, "ver-3", PR_TRUE)) { status = add_extensions(cert, form_data, issuerNameStr, handle); if (status != SECSuccess) { error_out("ERROR: Unable to add extensions"); } } status = cert_GetKeyID(cert); if (status == SECFailure) { error_out("ERROR: Unable to get Key ID."); } certDER = SignCert(cert, issuerNameStr, form_data, handle, which_key); CERT_NewTempCertificate(handle, certDER, NULL, PR_FALSE, PR_TRUE); issuerNameStr = find_field(form_data, "subject", PR_TRUE); /* SECITEM_FreeItem(certDER, PR_TRUE); */ CERT_DestroyCertificate(cert); if (i == (chainLen - 1)) { i = 8; } ++which_key; } while (i < 9 && UChain); #ifdef FILEOUT outfile = fopen("../certout", "wb"); #endif certName = find_field(form_data, "subject", PR_FALSE); cert = CERT_FindCertByNameString(handle, certName); certChain = SEC_PKCS7CreateCertsOnly(cert, PR_TRUE, handle); if (certChain == NULL) { error_out("ERROR: No certificates in cert chain"); } encodedCertChain = SEC_PKCS7EncodeItem(NULL, NULL, certChain, NULL, NULL, NULL); if (encodedCertChain) { #if !defined(FILEOUT) printf("Content-type: application/x-x509-user-cert\r\n"); printf("Content-length: %d\r\n\r\n", encodedCertChain->len); fwrite(encodedCertChain->data, 1, encodedCertChain->len, stdout); #else fwrite(encodedCertChain->data, 1, encodedCertChain->len, outfile); #endif } else { error_out("Error: Unable to DER encode certificate"); } #ifdef FILEOUT printf("\nI got here!\n"); fflush(outfile); fclose(outfile); #endif fflush(stdout); if (NSS_Shutdown() != SECSuccess) { exit(1); } return 0; } nss-pem.git/nss/nss/cmd/certcgi/certcgi.gyp0000664000000000000000000000136613252671167016064 0ustar # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. { 'includes': [ '../../coreconf/config.gypi', '../../cmd/platlibs.gypi' ], 'targets': [ { 'target_name': 'certcgi', 'type': 'executable', 'sources': [ 'certcgi.c' ], 'dependencies': [ '<(DEPTH)/exports.gyp:dbm_exports', '<(DEPTH)/exports.gyp:nss_exports', '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3' ] } ], 'target_defaults': { 'defines': [ 'NSPR20', 'NSS_USE_STATIC_LIBS' ] }, 'variables': { 'module': 'nss', 'use_static_libs': 1 } }nss-pem.git/nss/nss/cmd/certcgi/index.html0000664000000000000000000005677213252671167015733 0ustar Cert-O-Matic nss-pem.git/nss/nss/cmd/certcgi/main.html0000664000000000000000000000675213252671167015541 0ustar Main Layer for CertOMatic
Common Name:

Organization:

MAIL= E= Organizational Unit:

UID=

Locality:

State or Province:

Country:

Serial Number:
Auto Generate
Use this hex value: 

X.509 version:
Version 1
Version 3
Key Type:
RSA
DSA

Intermediate CA Key Sizes:
Validity:
Generate Automatically
Use these values:
Not Before: 
Not After:   
         YYMMDDhhmm[ss]{Z|+hhmm|-hhmm}
DN:

nss-pem.git/nss/nss/cmd/certcgi/manifest.mn0000664000000000000000000000076513252671167016067 0ustar # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. CORE_DEPTH = ../.. # MODULE public and private header directories are implicitly REQUIREd. MODULE = nss # This next line is used by .mk files # and gets translated into $LINCS in manifest.mnw REQUIRES = seccmd dbm DEFINES = -DNSPR20 CSRCS = certcgi.c PROGRAM = certcgi USE_STATIC_LIBS = 1 nss-pem.git/nss/nss/cmd/certcgi/nscp_ext_form.html0000664000000000000000000000661613252671167017462 0ustar
Netscape Certificate Type:

Activate extension:

Critical: 		SSL Client

SSL Server

S/MIME

Object Signing

Reserved for future use (bit 4)

SSL CA

S/MIME CA

Object Signing CA

Netscape Base URL:

Activate extension:

Critical:
Netscape Revocation URL:

Activate extension:

Critical:
Netscape CA Revocation URL:

Activate extension:

Critical:
Netscape Certificate Renewal URL:

Activate extension:

Critical:
Netscape CA Policy URL:

Activate extension:

Critical:
Netscape SSL Server Name:

Activate extension:

Critical:
Netscape Comment:

Activate extension:

Critical:
nss-pem.git/nss/nss/cmd/certcgi/stnd_ext_form.html0000664000000000000000000003112213252671167017455 0ustar
Key Usage:

Activate extension:

Critical: 		Digital Signature

Non Repudiation

Key Encipherment

Data Encipherment

Key Agreement

Key Certificate Signing

CRL Signing

Extended Key Usage:

Activate extension:

Critical: 		Server Auth

Client Auth

Code Signing

Email Protection

Timestamp

OCSP Responder

Step-up

Microsoft Trust List Signing

Basic Constraints:

Activate extension:

Critical: 		CA:

True

False

Include Path length:

Authority Key Identifier:

Activate extension: 		Key Identider

Issuer Name and Serial number

Subject Key Identifier:

Activate extension: 		Key Identifier:

This is an:

ascii text value

hex value

Private Key Usage Period:

Activate extension:

Critical: 		Use:

Not Before

Not After

Both

Not to be used to sign before:

Set to time of certificate issue

Use This value

(YYYY/MM/DD HH:MM:SS): / / : :

Not to be used to sign after:

(YYYY/MM/DD HH:MM:SS): / / : :

Subject Alternative Name:

Activate extension:

Critical:
General Names:
Name Type:
Other Name, OID: RFC 822 Name
DNS Name X400 Address
Directory Name EDI Party Name
Uniform Resource Locator IP Address
Registered ID Netscape Certificate Nickname
Name: Binary Encoded:

Issuer Alternative Name:

Activate extension:

Critical: 		Use the Subject Alternative Name from the Issuers Certificate

Use this Name:
General Names:
Name Type:
Other Name, OID: RFC 822 Name
DNS Name X400 Address
Directory Name EDI Party Name
Uniform Resource Locator IP Address
Registered ID
Name: Binary Encoded:

Name Constraints:

Activate extension:

Name Constraints:
Name Type:
Other Name, OID: RFC 822 Name
DNS Name X400 Address
Directory Name EDI Party Name
Uniform Resource Locator IP Address
Registered ID
Name: Binary Encoded:

Constraint type:

permited

excluded

Minimum:

Maximum:

nss-pem.git/nss/nss/cmd/certutil/0000775000000000000000000000000013252703344014121 5ustar nss-pem.git/nss/nss/cmd/certutil/Makefile0000664000000000000000000000354113252671167015573 0ustar #! gmake # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. ####################################################################### # (1) Include initial platform-independent assignments (MANDATORY). # ####################################################################### include manifest.mn ####################################################################### # (2) Include "global" configuration information. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/config.mk ####################################################################### # (3) Include "component" configuration information. (OPTIONAL) # ####################################################################### ####################################################################### # (4) Include "local" platform-dependent assignments (OPTIONAL). # ####################################################################### include ../platlibs.mk ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/rules.mk ####################################################################### # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # ####################################################################### include ../platrules.mk nss-pem.git/nss/nss/cmd/certutil/certext.c0000664000000000000000000021344513252671167015763 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* ** certext.c ** ** part of certutil for managing certificates extensions ** */ #include #include #include #if defined(WIN32) #include "fcntl.h" #include "io.h" #endif #include "secutil.h" #if defined(XP_UNIX) #include #endif #include "cert.h" #include "xconst.h" #include "prprf.h" #include "certutil.h" #include "genname.h" #include "prnetdb.h" #define GEN_BREAK(e) \ rv = e; \ break; static char * Gets_s(char *buff, size_t size) { char *str; if (buff == NULL || size < 1) { PORT_Assert(0); return NULL; } if ((str = fgets(buff, size, stdin)) != NULL) { int len = PORT_Strlen(str); /* * fgets() automatically converts native text file * line endings to '\n'. As defensive programming * (just in case fgets has a bug or we put stdin in * binary mode by mistake), we handle three native * text file line endings here: * '\n' Unix (including Linux and Mac OS X) * '\r''\n' DOS/Windows & OS/2 * '\r' Mac OS Classic * len can not be less then 1, since in case with * empty string it has at least '\n' in the buffer */ if (buff[len - 1] == '\n' || buff[len - 1] == '\r') { buff[len - 1] = '\0'; if (len > 1 && buff[len - 2] == '\r') buff[len - 2] = '\0'; } } else { buff[0] = '\0'; } return str; } static SECStatus PrintChoicesAndGetAnswer(char *str, char *rBuff, int rSize) { fputs(str, stdout); fputs(" > ", stdout); fflush(stdout); if (Gets_s(rBuff, rSize) == NULL) { PORT_SetError(SEC_ERROR_INPUT_LEN); return SECFailure; } return SECSuccess; } static CERTGeneralName * GetGeneralName(PLArenaPool *arena, CERTGeneralName *useExistingName, PRBool onlyOne) { CERTGeneralName *namesList = NULL; CERTGeneralName *current; CERTGeneralName *tail = NULL; SECStatus rv = SECSuccess; int intValue; char buffer[512]; void *mark; PORT_Assert(arena); mark = PORT_ArenaMark(arena); do { if (PrintChoicesAndGetAnswer( "\nSelect one of the following general name type: \n" "\t2 - rfc822Name\n" "\t3 - dnsName\n" "\t5 - directoryName\n" "\t7 - uniformResourceidentifier\n" "\t8 - ipAddress\n" "\t9 - registerID\n" "\tAny other number to finish\n" "\t\tChoice:", buffer, sizeof(buffer)) == SECFailure) { GEN_BREAK(SECFailure); } intValue = PORT_Atoi(buffer); /* * Should use ZAlloc instead of Alloc to avoid problem with garbage * initialized pointers in CERT_CopyName */ switch (intValue) { case certRFC822Name: case certDNSName: case certDirectoryName: case certURI: case certIPAddress: case certRegisterID: break; default: intValue = 0; /* force a break for anything else */ } if (intValue == 0) break; if (namesList == NULL) { if (useExistingName) { namesList = current = tail = useExistingName; } else { namesList = current = tail = PORT_ArenaZNew(arena, CERTGeneralName); } } else { current = PORT_ArenaZNew(arena, CERTGeneralName); } if (current == NULL) { GEN_BREAK(SECFailure); } current->type = intValue; puts("\nEnter data:"); fflush(stdout); if (Gets_s(buffer, sizeof(buffer)) == NULL) { PORT_SetError(SEC_ERROR_INPUT_LEN); GEN_BREAK(SECFailure); } switch (current->type) { case certURI: case certDNSName: case certRFC822Name: current->name.other.data = PORT_ArenaAlloc(arena, strlen(buffer)); if (current->name.other.data == NULL) { GEN_BREAK(SECFailure); } PORT_Memcpy(current->name.other.data, buffer, current->name.other.len = strlen(buffer)); break; case certEDIPartyName: case certIPAddress: case certOtherName: case certRegisterID: case certX400Address: { current->name.other.data = PORT_ArenaAlloc(arena, strlen(buffer) + 2); if (current->name.other.data == NULL) { GEN_BREAK(SECFailure); } PORT_Memcpy(current->name.other.data + 2, buffer, strlen(buffer)); /* This may not be accurate for all cases. For now, * use this tag type */ current->name.other.data[0] = (char)(((current->type - 1) & 0x1f) | 0x80); current->name.other.data[1] = (char)strlen(buffer); current->name.other.len = strlen(buffer) + 2; break; } case certDirectoryName: { CERTName *directoryName = NULL; directoryName = CERT_AsciiToName(buffer); if (!directoryName) { fprintf(stderr, "certutil: improperly formatted name: " "\"%s\"\n", buffer); break; } rv = CERT_CopyName(arena, ¤t->name.directoryName, directoryName); CERT_DestroyName(directoryName); break; } } if (rv != SECSuccess) break; current->l.next = &(namesList->l); current->l.prev = &(tail->l); tail->l.next = &(current->l); tail = current; } while (!onlyOne); if (rv != SECSuccess) { PORT_ArenaRelease(arena, mark); namesList = NULL; } return (namesList); } static CERTGeneralName * CreateGeneralName(PLArenaPool *arena) { return GetGeneralName(arena, NULL, PR_FALSE); } static SECStatus GetString(PLArenaPool *arena, char *prompt, SECItem *value) { char buffer[251]; char *buffPrt; buffer[0] = '\0'; value->data = NULL; value->len = 0; puts(prompt); buffPrt = Gets_s(buffer, sizeof(buffer)); /* returned NULL here treated the same way as empty string */ if (buffPrt && strlen(buffer) > 0) { value->data = PORT_ArenaAlloc(arena, strlen(buffer)); if (value->data == NULL) { PORT_SetError(SEC_ERROR_NO_MEMORY); return (SECFailure); } PORT_Memcpy(value->data, buffer, value->len = strlen(buffer)); } return (SECSuccess); } static PRBool GetYesNo(char *prompt) { char buf[3]; char *buffPrt; buf[0] = 'n'; puts(prompt); buffPrt = Gets_s(buf, sizeof(buf)); return (buffPrt && (buf[0] == 'y' || buf[0] == 'Y')) ? PR_TRUE : PR_FALSE; } /* Parses comma separated values out of the string pointed by nextPos. * Parsed value is compared to an array of possible values(valueArray). * If match is found, a value index is returned, otherwise returns SECFailue. * nextPos is set to the token after found comma separator or to NULL. * NULL in nextPos should be used as indication of the last parsed token. * A special value "critical" can be parsed out from the supplied sting.*/ static SECStatus parseNextCmdInput(const char *const *valueArray, int *value, char **nextPos, PRBool *critical) { char *thisPos; int keyLen = 0; int arrIndex = 0; if (!valueArray || !value || !nextPos || !critical) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } thisPos = *nextPos; while (1) { if ((*nextPos = strchr(thisPos, ',')) == NULL) { keyLen = strlen(thisPos); } else { keyLen = *nextPos - thisPos; *nextPos += 1; } /* if critical keyword is found, go for another loop, * but check, if it is the last keyword of * the string.*/ if (!strncmp("critical", thisPos, keyLen)) { *critical = PR_TRUE; if (*nextPos == NULL) { return SECSuccess; } thisPos = *nextPos; continue; } break; } for (arrIndex = 0; valueArray[arrIndex]; arrIndex++) { if (!strncmp(valueArray[arrIndex], thisPos, keyLen)) { *value = arrIndex; return SECSuccess; } } PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } static const char *const keyUsageKeyWordArray[] = { "digitalSignature", "nonRepudiation", "keyEncipherment", "dataEncipherment", "keyAgreement", "certSigning", "crlSigning", NULL }; static SECStatus AddKeyUsage(void *extHandle, const char *userSuppliedValue) { SECItem bitStringValue; unsigned char keyUsage = 0x0; char buffer[5]; int value; char *nextPos = (char *)userSuppliedValue; PRBool isCriticalExt = PR_FALSE; if (!userSuppliedValue) { while (1) { if (PrintChoicesAndGetAnswer( "\t\t0 - Digital Signature\n" "\t\t1 - Non-repudiation\n" "\t\t2 - Key encipherment\n" "\t\t3 - Data encipherment\n" "\t\t4 - Key agreement\n" "\t\t5 - Cert signing key\n" "\t\t6 - CRL signing key\n" "\t\tOther to finish\n", buffer, sizeof(buffer)) == SECFailure) { return SECFailure; } value = PORT_Atoi(buffer); if (value < 0 || value > 6) break; if (value == 0) { /* Checking that zero value of variable 'value' * corresponds to '0' input made by user */ char *chPtr = strchr(buffer, '0'); if (chPtr == NULL) { continue; } } keyUsage |= (0x80 >> value); } isCriticalExt = GetYesNo("Is this a critical extension [y/N]?"); } else { while (1) { if (parseNextCmdInput(keyUsageKeyWordArray, &value, &nextPos, &isCriticalExt) == SECFailure) { return SECFailure; } keyUsage |= (0x80 >> value); if (!nextPos) break; } } bitStringValue.data = &keyUsage; bitStringValue.len = 1; return (CERT_EncodeAndAddBitStrExtension(extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue, isCriticalExt)); } static CERTOidSequence * CreateOidSequence(void) { CERTOidSequence *rv = (CERTOidSequence *)NULL; PLArenaPool *arena = (PLArenaPool *)NULL; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if ((PLArenaPool *)NULL == arena) { goto loser; } rv = (CERTOidSequence *)PORT_ArenaZNew(arena, CERTOidSequence); if ((CERTOidSequence *)NULL == rv) { goto loser; } rv->oids = (SECItem **)PORT_ArenaZNew(arena, SECItem *); if ((SECItem **)NULL == rv->oids) { goto loser; } rv->arena = arena; return rv; loser: if ((PLArenaPool *)NULL != arena) { PORT_FreeArena(arena, PR_FALSE); } return (CERTOidSequence *)NULL; } static void DestroyOidSequence(CERTOidSequence *os) { if (os->arena) { PORT_FreeArena(os->arena, PR_FALSE); } } static SECStatus AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag) { SECItem **oids; PRUint32 count = 0; SECOidData *od; od = SECOID_FindOIDByTag(oidTag); if ((SECOidData *)NULL == od) { return SECFailure; } for (oids = os->oids; (SECItem *)NULL != *oids; oids++) { if (*oids == &od->oid) { /* We already have this oid */ return SECSuccess; } count++; } /* ArenaZRealloc */ { PRUint32 i; oids = (SECItem **)PORT_ArenaZNewArray(os->arena, SECItem *, count + 2); if ((SECItem **)NULL == oids) { return SECFailure; } for (i = 0; i < count; i++) { oids[i] = os->oids[i]; } /* ArenaZFree(os->oids); */ } os->oids = oids; os->oids[count] = &od->oid; return SECSuccess; } SEC_ASN1_MKSUB(SEC_ObjectIDTemplate) const SEC_ASN1Template CERT_OidSeqTemplate[] = { { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, offsetof(CERTOidSequence, oids), SEC_ASN1_SUB(SEC_ObjectIDTemplate) } }; static SECItem * EncodeOidSequence(CERTOidSequence *os) { SECItem *rv; rv = (SECItem *)PORT_ArenaZNew(os->arena, SECItem); if ((SECItem *)NULL == rv) { goto loser; } if (!SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate)) { goto loser; } return rv; loser: return (SECItem *)NULL; } static const char *const extKeyUsageKeyWordArray[] = { "serverAuth", "clientAuth", "codeSigning", "emailProtection", "timeStamp", "ocspResponder", "stepUp", "msTrustListSigning", NULL }; static SECStatus AddExtKeyUsage(void *extHandle, const char *userSuppliedValue) { char buffer[5]; int value; CERTOidSequence *os; SECStatus rv; SECItem *item; PRBool isCriticalExt = PR_FALSE; char *nextPos = (char *)userSuppliedValue; os = CreateOidSequence(); if ((CERTOidSequence *)NULL == os) { return SECFailure; } while (1) { if (!userSuppliedValue) { if (PrintChoicesAndGetAnswer( "\t\t0 - Server Auth\n" "\t\t1 - Client Auth\n" "\t\t2 - Code Signing\n" "\t\t3 - Email Protection\n" "\t\t4 - Timestamp\n" "\t\t5 - OCSP Responder\n" "\t\t6 - Step-up\n" "\t\t7 - Microsoft Trust List Signing\n" "\t\tOther to finish\n", buffer, sizeof(buffer)) == SECFailure) { GEN_BREAK(SECFailure); } value = PORT_Atoi(buffer); if (value == 0) { /* Checking that zero value of variable 'value' * corresponds to '0' input made by user */ char *chPtr = strchr(buffer, '0'); if (chPtr == NULL) { continue; } } } else { if (parseNextCmdInput(extKeyUsageKeyWordArray, &value, &nextPos, &isCriticalExt) == SECFailure) { return SECFailure; } } switch (value) { case 0: rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH); break; case 1: rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH); break; case 2: rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN); break; case 3: rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT); break; case 4: rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP); break; case 5: rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER); break; case 6: rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED); break; case 7: rv = AddOidToSequence(os, SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING); break; default: goto endloop; } if (userSuppliedValue && !nextPos) break; if (SECSuccess != rv) goto loser; } endloop: item = EncodeOidSequence(os); if (!userSuppliedValue) { isCriticalExt = GetYesNo("Is this a critical extension [y/N]?"); } rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, item, isCriticalExt, PR_TRUE); /*FALLTHROUGH*/ loser: DestroyOidSequence(os); return rv; } static const char *const nsCertTypeKeyWordArray[] = { "sslClient", "sslServer", "smime", "objectSigning", "Not!Used", "sslCA", "smimeCA", "objectSigningCA", NULL }; static SECStatus AddNscpCertType(void *extHandle, const char *userSuppliedValue) { SECItem bitStringValue; unsigned char keyUsage = 0x0; char buffer[5]; int value; char *nextPos = (char *)userSuppliedValue; PRBool isCriticalExt = PR_FALSE; if (!userSuppliedValue) { while (1) { if (PrintChoicesAndGetAnswer( "\t\t0 - SSL Client\n" "\t\t1 - SSL Server\n" "\t\t2 - S/MIME\n" "\t\t3 - Object Signing\n" "\t\t4 - Reserved for future use\n" "\t\t5 - SSL CA\n" "\t\t6 - S/MIME CA\n" "\t\t7 - Object Signing CA\n" "\t\tOther to finish\n", buffer, sizeof(buffer)) == SECFailure) { return SECFailure; } value = PORT_Atoi(buffer); if (value < 0 || value > 7) break; if (value == 0) { /* Checking that zero value of variable 'value' * corresponds to '0' input made by user */ char *chPtr = strchr(buffer, '0'); if (chPtr == NULL) { continue; } } keyUsage |= (0x80 >> value); } isCriticalExt = GetYesNo("Is this a critical extension [y/N]?"); } else { while (1) { if (parseNextCmdInput(nsCertTypeKeyWordArray, &value, &nextPos, &isCriticalExt) == SECFailure) { return SECFailure; } keyUsage |= (0x80 >> value); if (!nextPos) break; } } bitStringValue.data = &keyUsage; bitStringValue.len = 1; return (CERT_EncodeAndAddBitStrExtension(extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue, isCriticalExt)); } SECStatus GetOidFromString(PLArenaPool *arena, SECItem *to, const char *from, size_t fromLen) { SECStatus rv; SECOidTag tag; SECOidData *coid; /* try dotted form first */ rv = SEC_StringToOID(arena, to, from, fromLen); if (rv == SECSuccess) { return rv; } /* Check to see if it matches a name in our oid table. * SECOID_FindOIDByTag returns NULL if tag is out of bounds. */ tag = SEC_OID_UNKNOWN; coid = SECOID_FindOIDByTag(tag); for (; coid; coid = SECOID_FindOIDByTag(++tag)) { if (PORT_Strncasecmp(from, coid->desc, fromLen) == 0) { break; } } if (coid == NULL) { /* none found */ return SECFailure; } return SECITEM_CopyItem(arena, to, &coid->oid); } static SECStatus AddSubjectAltNames(PLArenaPool *arena, CERTGeneralName **existingListp, const char *constNames, CERTGeneralNameType type) { CERTGeneralName *nameList = NULL; CERTGeneralName *current = NULL; PRCList *prev = NULL; char *cp, *nextName = NULL; SECStatus rv = SECSuccess; PRBool readTypeFromName = (PRBool)(type == 0); char *names = NULL; if (constNames) names = PORT_Strdup(constNames); if (names == NULL) { return SECFailure; } /* * walk down the comma separated list of names. NOTE: there is * no sanity checks to see if the email address look like * email addresses. * * Each name may optionally be prefixed with a type: string. * If it isn't, the type from the previous name will be used. * If there wasn't a previous name yet, the type given * as a parameter to this function will be used. * If the type value is zero (undefined), we'll fail. */ for (cp = names; cp; cp = nextName) { int len; char *oidString; char *nextComma; CERTName *name; PRStatus status; unsigned char *data; PRNetAddr addr; nextName = NULL; if (*cp == ',') { cp++; } nextComma = PORT_Strchr(cp, ','); if (nextComma) { *nextComma = 0; nextName = nextComma + 1; } if ((*cp) == 0) { continue; } if (readTypeFromName) { char *save = cp; /* Because we already replaced nextComma with end-of-string, * a found colon belongs to the current name */ cp = PORT_Strchr(cp, ':'); if (cp) { *cp = 0; cp++; type = CERT_GetGeneralNameTypeFromString(save); if (*cp == 0) { continue; } } else { if (type == 0) { /* no type known yet */ rv = SECFailure; break; } cp = save; } } current = PORT_ArenaZNew(arena, CERTGeneralName); if (!current) { rv = SECFailure; break; } current->type = type; switch (type) { /* string types */ case certRFC822Name: case certDNSName: case certURI: current->name.other.data = (unsigned char *)PORT_ArenaStrdup(arena, cp); current->name.other.len = PORT_Strlen(cp); break; /* unformated data types */ case certX400Address: case certEDIPartyName: /* turn a string into a data and len */ rv = SECFailure; /* punt on these for now */ fprintf(stderr, "EDI Party Name and X.400 Address not supported\n"); break; case certDirectoryName: /* certDirectoryName */ name = CERT_AsciiToName(cp); if (name == NULL) { rv = SECFailure; fprintf(stderr, "Invalid Directory Name (\"%s\")\n", cp); break; } rv = CERT_CopyName(arena, ¤t->name.directoryName, name); CERT_DestroyName(name); break; /* types that require more processing */ case certIPAddress: /* convert the string to an ip address */ status = PR_StringToNetAddr(cp, &addr); if (status != PR_SUCCESS) { rv = SECFailure; fprintf(stderr, "Invalid IP Address (\"%s\")\n", cp); break; } if (PR_NetAddrFamily(&addr) == PR_AF_INET) { len = sizeof(addr.inet.ip); data = (unsigned char *)&addr.inet.ip; } else if (PR_NetAddrFamily(&addr) == PR_AF_INET6) { len = sizeof(addr.ipv6.ip); data = (unsigned char *)&addr.ipv6.ip; } else { fprintf(stderr, "Invalid IP Family\n"); rv = SECFailure; break; } current->name.other.data = PORT_ArenaAlloc(arena, len); if (current->name.other.data == NULL) { rv = SECFailure; break; } current->name.other.len = len; PORT_Memcpy(current->name.other.data, data, len); break; case certRegisterID: rv = GetOidFromString(arena, ¤t->name.other, cp, strlen(cp)); break; case certOtherName: oidString = cp; cp = PORT_Strchr(cp, ';'); if (cp == NULL) { rv = SECFailure; fprintf(stderr, "missing name in other name\n"); break; } *cp++ = 0; current->name.OthName.name.data = (unsigned char *)PORT_ArenaStrdup(arena, cp); if (current->name.OthName.name.data == NULL) { rv = SECFailure; break; } current->name.OthName.name.len = PORT_Strlen(cp); rv = GetOidFromString(arena, ¤t->name.OthName.oid, oidString, strlen(oidString)); break; default: rv = SECFailure; fprintf(stderr, "Missing or invalid Subject Alternate Name type\n"); break; } if (rv == SECFailure) { break; } if (prev) { current->l.prev = prev; prev->next = &(current->l); } else { nameList = current; } prev = &(current->l); } PORT_Free(names); /* at this point nameList points to the head of a doubly linked, * but not yet circular, list and current points to its tail. */ if (rv == SECSuccess && nameList) { if (*existingListp != NULL) { PRCList *existingprev; /* add nameList to the end of the existing list */ existingprev = (*existingListp)->l.prev; (*existingListp)->l.prev = &(current->l); nameList->l.prev = existingprev; existingprev->next = &(nameList->l); current->l.next = &((*existingListp)->l); } else { /* make nameList circular and set it as the new existingList */ nameList->l.prev = prev; current->l.next = &(nameList->l); *existingListp = nameList; } } return rv; } static SECStatus AddEmailSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp, const char *emailAddrs) { return AddSubjectAltNames(arena, existingListp, emailAddrs, certRFC822Name); } static SECStatus AddDNSSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp, const char *dnsNames) { return AddSubjectAltNames(arena, existingListp, dnsNames, certDNSName); } static SECStatus AddGeneralSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp, const char *altNames) { return AddSubjectAltNames(arena, existingListp, altNames, 0); } static SECStatus AddBasicConstraint(PLArenaPool *arena, void *extHandle) { CERTBasicConstraints basicConstraint; SECStatus rv; char buffer[10]; PRBool yesNoAns; do { basicConstraint.pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT; basicConstraint.isCA = GetYesNo("Is this a CA certificate [y/N]?"); buffer[0] = '\0'; if (PrintChoicesAndGetAnswer("Enter the path length constraint, " "enter to skip [<0 for unlimited path]:", buffer, sizeof(buffer)) == SECFailure) { GEN_BREAK(SECFailure); } if (PORT_Strlen(buffer) > 0) basicConstraint.pathLenConstraint = PORT_Atoi(buffer); yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &basicConstraint, yesNoAns, SEC_OID_X509_BASIC_CONSTRAINTS, (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeBasicConstraintValue); } while (0); return (rv); } static SECStatus AddNameConstraints(void *extHandle) { PLArenaPool *arena = NULL; CERTNameConstraints *constraints = NULL; CERTNameConstraint *current = NULL; CERTNameConstraint *last_permited = NULL; CERTNameConstraint *last_excluded = NULL; SECStatus rv = SECSuccess; char buffer[512]; int intValue = 0; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena) { constraints = PORT_ArenaZNew(arena, CERTNameConstraints); } if (!arena || !constraints) { SECU_PrintError(progName, "out of memory"); PORT_FreeArena(arena, PR_FALSE); return SECFailure; } constraints->permited = constraints->excluded = NULL; do { current = PORT_ArenaZNew(arena, CERTNameConstraint); if (!current) { GEN_BREAK(SECFailure); } if (!GetGeneralName(arena, ¤t->name, PR_TRUE)) { GEN_BREAK(SECFailure); } if (PrintChoicesAndGetAnswer("Type of Name Constraint?\n" "\t1 - permitted\n\t2 - excluded\n\tAny" "other number to finish\n\tChoice", buffer, sizeof(buffer)) != SECSuccess) { GEN_BREAK(SECFailure); } intValue = PORT_Atoi(buffer); switch (intValue) { case 1: if (constraints->permited == NULL) { constraints->permited = last_permited = current; } last_permited->l.next = &(current->l); current->l.prev = &(last_permited->l); last_permited = current; break; case 2: if (constraints->excluded == NULL) { constraints->excluded = last_excluded = current; } last_excluded->l.next = &(current->l); current->l.prev = &(last_excluded->l); last_excluded = current; break; } PR_snprintf(buffer, sizeof(buffer), "Add another entry to the" " Name Constraint Extension [y/N]"); if (GetYesNo(buffer) == 0) { break; } } while (1); if (rv == SECSuccess) { int oidIdent = SEC_OID_X509_NAME_CONSTRAINTS; PRBool yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); if (constraints->permited != NULL) { last_permited->l.next = &(constraints->permited->l); constraints->permited->l.prev = &(last_permited->l); } if (constraints->excluded != NULL) { last_excluded->l.next = &(constraints->excluded->l); constraints->excluded->l.prev = &(last_excluded->l); } rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, constraints, yesNoAns, oidIdent, (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeNameConstraintsExtension); } if (arena) PORT_FreeArena(arena, PR_FALSE); return (rv); } static SECStatus AddAuthKeyID(void *extHandle) { CERTAuthKeyID *authKeyID = NULL; PLArenaPool *arena = NULL; SECStatus rv = SECSuccess; PRBool yesNoAns; do { arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) { SECU_PrintError(progName, "out of memory"); GEN_BREAK(SECFailure); } if (GetYesNo("Enter value for the authKeyID extension [y/N]?") == 0) break; authKeyID = PORT_ArenaZNew(arena, CERTAuthKeyID); if (authKeyID == NULL) { GEN_BREAK(SECFailure); } rv = GetString(arena, "Enter value for the key identifier fields," "enter to omit:", &authKeyID->keyID); if (rv != SECSuccess) break; SECU_SECItemHexStringToBinary(&authKeyID->keyID); authKeyID->authCertIssuer = CreateGeneralName(arena); if (authKeyID->authCertIssuer == NULL && SECFailure == PORT_GetError()) break; rv = GetString(arena, "Enter value for the authCertSerial field, " "enter to omit:", &authKeyID->authCertSerialNumber); yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, authKeyID, yesNoAns, SEC_OID_X509_AUTH_KEY_ID, (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeAuthKeyID); if (rv) break; } while (0); if (arena) PORT_FreeArena(arena, PR_FALSE); return (rv); } static SECStatus AddSubjKeyID(void *extHandle) { SECItem keyID; PLArenaPool *arena = NULL; SECStatus rv = SECSuccess; PRBool yesNoAns; do { arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) { SECU_PrintError(progName, "out of memory"); GEN_BREAK(SECFailure); } printf("Adding Subject Key ID extension.\n"); rv = GetString(arena, "Enter value for the key identifier fields," "enter to omit:", &keyID); if (rv != SECSuccess) break; SECU_SECItemHexStringToBinary(&keyID); yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &keyID, yesNoAns, SEC_OID_X509_SUBJECT_KEY_ID, (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeSubjectKeyID); if (rv) break; } while (0); if (arena) PORT_FreeArena(arena, PR_FALSE); return (rv); } static SECStatus AddCrlDistPoint(void *extHandle) { PLArenaPool *arena = NULL; CERTCrlDistributionPoints *crlDistPoints = NULL; CRLDistributionPoint *current; SECStatus rv = SECSuccess; int count = 0, intValue; char buffer[512]; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) return (SECFailure); do { current = NULL; current = PORT_ArenaZNew(arena, CRLDistributionPoint); if (current == NULL) { GEN_BREAK(SECFailure); } /* Get the distributionPointName fields - this field is optional */ if (PrintChoicesAndGetAnswer( "Enter the type of the distribution point name:\n" "\t1 - Full Name\n\t2 - Relative Name\n\tAny other " "number to finish\n\t\tChoice: ", buffer, sizeof(buffer)) == SECFailure) { GEN_BREAK(SECFailure); } intValue = PORT_Atoi(buffer); switch (intValue) { case generalName: current->distPointType = intValue; current->distPoint.fullName = CreateGeneralName(arena); rv = PORT_GetError(); break; case relativeDistinguishedName: { CERTName *name; current->distPointType = intValue; puts("Enter the relative name: "); fflush(stdout); if (Gets_s(buffer, sizeof(buffer)) == NULL) { GEN_BREAK(SECFailure); } /* For simplicity, use CERT_AsciiToName to converse from a string to NAME, but we only interest in the first RDN */ name = CERT_AsciiToName(buffer); if (!name) { GEN_BREAK(SECFailure); } rv = CERT_CopyRDN(arena, ¤t->distPoint.relativeName, name->rdns[0]); CERT_DestroyName(name); break; } } if (rv != SECSuccess) break; /* Get the reason flags */ if (PrintChoicesAndGetAnswer( "\nSelect one of the following for the reason flags\n" "\t0 - unused\n\t1 - keyCompromise\n" "\t2 - caCompromise\n\t3 - affiliationChanged\n" "\t4 - superseded\n\t5 - cessationOfOperation\n" "\t6 - certificateHold\n" "\tAny other number to finish\t\tChoice: ", buffer, sizeof(buffer)) == SECFailure) { GEN_BREAK(SECFailure); } intValue = PORT_Atoi(buffer); if (intValue == 0) { /* Checking that zero value of variable 'value' * corresponds to '0' input made by user */ char *chPtr = strchr(buffer, '0'); if (chPtr == NULL) { intValue = -1; } } if (intValue >= 0 && intValue < 8) { current->reasons.data = PORT_ArenaAlloc(arena, sizeof(char)); if (current->reasons.data == NULL) { GEN_BREAK(SECFailure); } *current->reasons.data = (char)(0x80 >> intValue); current->reasons.len = 1; } puts("Enter value for the CRL Issuer name:\n"); current->crlIssuer = CreateGeneralName(arena); if (current->crlIssuer == NULL && (rv = PORT_GetError()) == SECFailure) break; if (crlDistPoints == NULL) { crlDistPoints = PORT_ArenaZNew(arena, CERTCrlDistributionPoints); if (crlDistPoints == NULL) { GEN_BREAK(SECFailure); } } if (crlDistPoints->distPoints) { crlDistPoints->distPoints = PORT_ArenaGrow(arena, crlDistPoints->distPoints, sizeof(*crlDistPoints->distPoints) * count, sizeof(*crlDistPoints->distPoints) * (count + 1)); } else { crlDistPoints->distPoints = PORT_ArenaZAlloc(arena, sizeof(*crlDistPoints->distPoints) * (count + 1)); } if (crlDistPoints->distPoints == NULL) { GEN_BREAK(SECFailure); } crlDistPoints->distPoints[count] = current; ++count; if (GetYesNo("Enter another value for the CRLDistributionPoint " "extension [y/N]?") == 0) { /* Add null to the end to mark end of data */ crlDistPoints->distPoints = PORT_ArenaGrow(arena, crlDistPoints->distPoints, sizeof(*crlDistPoints->distPoints) * count, sizeof(*crlDistPoints->distPoints) * (count + 1)); crlDistPoints->distPoints[count] = NULL; break; } } while (1); if (rv == SECSuccess) { PRBool yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, crlDistPoints, yesNoAns, SEC_OID_X509_CRL_DIST_POINTS, (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCRLDistributionPoints); } if (arena) PORT_FreeArena(arena, PR_FALSE); return (rv); } static SECStatus AddPolicyConstraints(void *extHandle) { CERTCertificatePolicyConstraints *policyConstr; PLArenaPool *arena = NULL; SECStatus rv = SECSuccess; SECItem *item, *dummy; char buffer[512]; int value; PRBool yesNoAns; PRBool skipExt = PR_TRUE; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) { SECU_PrintError(progName, "out of memory"); return SECFailure; } policyConstr = PORT_ArenaZNew(arena, CERTCertificatePolicyConstraints); if (policyConstr == NULL) { SECU_PrintError(progName, "out of memory"); goto loser; } if (PrintChoicesAndGetAnswer("for requireExplicitPolicy enter the number " "of certs in path\nbefore explicit policy is required\n" "(press Enter to omit)", buffer, sizeof(buffer)) == SECFailure) { goto loser; } if (PORT_Strlen(buffer)) { value = PORT_Atoi(buffer); if (value < 0) { goto loser; } item = &policyConstr->explicitPolicySkipCerts; dummy = SEC_ASN1EncodeInteger(arena, item, value); if (!dummy) { goto loser; } skipExt = PR_FALSE; } if (PrintChoicesAndGetAnswer("for inihibitPolicyMapping enter " "the number of certs in path\n" "after which policy mapping is not allowed\n" "(press Enter to omit)", buffer, sizeof(buffer)) == SECFailure) { goto loser; } if (PORT_Strlen(buffer)) { value = PORT_Atoi(buffer); if (value < 0) { goto loser; } item = &policyConstr->inhibitMappingSkipCerts; dummy = SEC_ASN1EncodeInteger(arena, item, value); if (!dummy) { goto loser; } skipExt = PR_FALSE; } if (!skipExt) { yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, policyConstr, yesNoAns, SEC_OID_X509_POLICY_CONSTRAINTS, (EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyConstraintsExtension); } else { fprintf(stdout, "Policy Constraint extensions must contain " "at least one policy field\n"); rv = SECFailure; } loser: if (arena) { PORT_FreeArena(arena, PR_FALSE); } return (rv); } static SECStatus AddInhibitAnyPolicy(void *extHandle) { CERTCertificateInhibitAny certInhibitAny; PLArenaPool *arena = NULL; SECStatus rv = SECSuccess; SECItem *item, *dummy; char buffer[10]; int value; PRBool yesNoAns; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) { SECU_PrintError(progName, "out of memory"); return SECFailure; } if (PrintChoicesAndGetAnswer("Enter the number of certs in the path " "permitted to use anyPolicy.\n" "(press Enter for 0)", buffer, sizeof(buffer)) == SECFailure) { goto loser; } item = &certInhibitAny.inhibitAnySkipCerts; value = PORT_Atoi(buffer); if (value < 0) { goto loser; } dummy = SEC_ASN1EncodeInteger(arena, item, value); if (!dummy) { goto loser; } yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &certInhibitAny, yesNoAns, SEC_OID_X509_INHIBIT_ANY_POLICY, (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInhibitAnyExtension); loser: if (arena) { PORT_FreeArena(arena, PR_FALSE); } return (rv); } static SECStatus AddPolicyMappings(void *extHandle) { CERTPolicyMap **policyMapArr = NULL; CERTPolicyMap *current; PLArenaPool *arena = NULL; SECStatus rv = SECSuccess; int count = 0; char buffer[512]; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) { SECU_PrintError(progName, "out of memory"); return SECFailure; } do { if (PrintChoicesAndGetAnswer("Enter an Object Identifier (dotted " "decimal format) for Issuer Domain Policy", buffer, sizeof(buffer)) == SECFailure) { GEN_BREAK(SECFailure); } current = PORT_ArenaZNew(arena, CERTPolicyMap); if (current == NULL) { GEN_BREAK(SECFailure); } rv = SEC_StringToOID(arena, ¤t->issuerDomainPolicy, buffer, 0); if (rv == SECFailure) { GEN_BREAK(SECFailure); } if (PrintChoicesAndGetAnswer("Enter an Object Identifier for " "Subject Domain Policy", buffer, sizeof(buffer)) == SECFailure) { GEN_BREAK(SECFailure); } rv = SEC_StringToOID(arena, ¤t->subjectDomainPolicy, buffer, 0); if (rv == SECFailure) { GEN_BREAK(SECFailure); } if (policyMapArr == NULL) { policyMapArr = PORT_ArenaZNew(arena, CERTPolicyMap *); if (policyMapArr == NULL) { GEN_BREAK(SECFailure); } } policyMapArr = PORT_ArenaGrow(arena, policyMapArr, sizeof(current) * count, sizeof(current) * (count + 1)); if (policyMapArr == NULL) { GEN_BREAK(SECFailure); } policyMapArr[count] = current; ++count; if (!GetYesNo("Enter another Policy Mapping [y/N]")) { /* Add null to the end to mark end of data */ policyMapArr = PORT_ArenaGrow(arena, policyMapArr, sizeof(current) * count, sizeof(current) * (count + 1)); if (policyMapArr == NULL) { GEN_BREAK(SECFailure); } policyMapArr[count] = NULL; break; } } while (1); if (rv == SECSuccess) { CERTCertificatePolicyMappings mappings; PRBool yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); mappings.arena = arena; mappings.policyMaps = policyMapArr; rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &mappings, yesNoAns, SEC_OID_X509_POLICY_MAPPINGS, (EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyMappingExtension); } if (arena) PORT_FreeArena(arena, PR_FALSE); return (rv); } enum PoliciQualifierEnum { cpsPointer = 1, userNotice = 2 }; static CERTPolicyQualifier ** RequestPolicyQualifiers(PLArenaPool *arena, SECItem *policyID) { CERTPolicyQualifier **policyQualifArr = NULL; CERTPolicyQualifier *current; SECStatus rv = SECSuccess; int count = 0; char buffer[512]; void *mark; SECOidData *oid = NULL; int intValue = 0; int inCount = 0; PORT_Assert(arena); mark = PORT_ArenaMark(arena); do { current = PORT_ArenaZNew(arena, CERTPolicyQualifier); if (current == NULL) { GEN_BREAK(SECFailure); } /* Get the accessMethod fields */ SECU_PrintObjectID(stdout, policyID, "Choose the type of qualifier for policy", 0); if (PrintChoicesAndGetAnswer( "\t1 - CPS Pointer qualifier\n" "\t2 - User notice qualifier\n" "\tAny other number to finish\n" "\t\tChoice: ", buffer, sizeof(buffer)) == SECFailure) { GEN_BREAK(SECFailure); } intValue = PORT_Atoi(buffer); switch (intValue) { case cpsPointer: { SECItem input; oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CPS_POINTER_QUALIFIER); if (PrintChoicesAndGetAnswer("Enter CPS pointer URI: ", buffer, sizeof(buffer)) == SECFailure) { GEN_BREAK(SECFailure); } input.len = PORT_Strlen(buffer); input.data = (void *)PORT_ArenaStrdup(arena, buffer); if (input.data == NULL || SEC_ASN1EncodeItem(arena, ¤t->qualifierValue, &input, SEC_ASN1_GET(SEC_IA5StringTemplate)) == NULL) { GEN_BREAK(SECFailure); } break; } case userNotice: { SECItem **noticeNumArr; CERTUserNotice *notice = PORT_ArenaZNew(arena, CERTUserNotice); if (!notice) { GEN_BREAK(SECFailure); } oid = SECOID_FindOIDByTag(SEC_OID_PKIX_USER_NOTICE_QUALIFIER); if (GetYesNo("\t add a User Notice reference? [y/N]")) { if (PrintChoicesAndGetAnswer("Enter user organization string: ", buffer, sizeof(buffer)) == SECFailure) { GEN_BREAK(SECFailure); } notice->noticeReference.organization.type = siAsciiString; notice->noticeReference.organization.len = PORT_Strlen(buffer); notice->noticeReference.organization.data = (void *)PORT_ArenaStrdup(arena, buffer); noticeNumArr = PORT_ArenaZNewArray(arena, SECItem *, 2); if (!noticeNumArr) { GEN_BREAK(SECFailure); } do { SECItem *noticeNum; noticeNum = PORT_ArenaZNew(arena, SECItem); if (PrintChoicesAndGetAnswer( "Enter User Notice reference number " "(or -1 to quit): ", buffer, sizeof(buffer)) == SECFailure) { GEN_BREAK(SECFailure); } intValue = PORT_Atoi(buffer); if (noticeNum == NULL) { if (intValue < 0) { fprintf(stdout, "a noticeReference must have at " "least one reference number\n"); GEN_BREAK(SECFailure); } } else { if (intValue >= 0) { noticeNumArr = PORT_ArenaGrow(arena, noticeNumArr, sizeof(current) * inCount, sizeof(current) * (inCount + 1)); if (noticeNumArr == NULL) { GEN_BREAK(SECFailure); } } else { break; } } if (!SEC_ASN1EncodeInteger(arena, noticeNum, intValue)) { GEN_BREAK(SECFailure); } noticeNumArr[inCount++] = noticeNum; noticeNumArr[inCount] = NULL; } while (1); if (rv == SECFailure) { GEN_BREAK(SECFailure); } notice->noticeReference.noticeNumbers = noticeNumArr; rv = CERT_EncodeNoticeReference(arena, ¬ice->noticeReference, ¬ice->derNoticeReference); if (rv == SECFailure) { GEN_BREAK(SECFailure); } } if (GetYesNo("\t EnterUser Notice explicit text? [y/N]")) { /* Getting only 200 bytes - RFC limitation */ if (PrintChoicesAndGetAnswer( "\t", buffer, 200) == SECFailure) { GEN_BREAK(SECFailure); } notice->displayText.type = siAsciiString; notice->displayText.len = PORT_Strlen(buffer); notice->displayText.data = (void *)PORT_ArenaStrdup(arena, buffer); if (notice->displayText.data == NULL) { GEN_BREAK(SECFailure); } } rv = CERT_EncodeUserNotice(arena, notice, ¤t->qualifierValue); if (rv == SECFailure) { GEN_BREAK(SECFailure); } break; } } if (rv == SECFailure || oid == NULL || SECITEM_CopyItem(arena, ¤t->qualifierID, &oid->oid) == SECFailure) { GEN_BREAK(SECFailure); } if (!policyQualifArr) { policyQualifArr = PORT_ArenaZNew(arena, CERTPolicyQualifier *); } else { policyQualifArr = PORT_ArenaGrow(arena, policyQualifArr, sizeof(current) * count, sizeof(current) * (count + 1)); } if (policyQualifArr == NULL) { GEN_BREAK(SECFailure); } policyQualifArr[count] = current; ++count; if (!GetYesNo("Enter another policy qualifier [y/N]")) { /* Add null to the end to mark end of data */ policyQualifArr = PORT_ArenaGrow(arena, policyQualifArr, sizeof(current) * count, sizeof(current) * (count + 1)); if (policyQualifArr == NULL) { GEN_BREAK(SECFailure); } policyQualifArr[count] = NULL; break; } } while (1); if (rv != SECSuccess) { PORT_ArenaRelease(arena, mark); policyQualifArr = NULL; } return (policyQualifArr); } static SECStatus AddCertPolicies(void *extHandle) { CERTPolicyInfo **certPoliciesArr = NULL; CERTPolicyInfo *current; PLArenaPool *arena = NULL; SECStatus rv = SECSuccess; int count = 0; char buffer[512]; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) { SECU_PrintError(progName, "out of memory"); return SECFailure; } do { current = PORT_ArenaZNew(arena, CERTPolicyInfo); if (current == NULL) { GEN_BREAK(SECFailure); } if (PrintChoicesAndGetAnswer("Enter a CertPolicy Object Identifier " "(dotted decimal format)\n" "or \"any\" for AnyPolicy:", buffer, sizeof(buffer)) == SECFailure) { GEN_BREAK(SECFailure); } if (strncmp(buffer, "any", 3) == 0) { /* use string version of X509_CERTIFICATE_POLICIES.anyPolicy */ strcpy(buffer, "OID.2.5.29.32.0"); } rv = SEC_StringToOID(arena, ¤t->policyID, buffer, 0); if (rv == SECFailure) { GEN_BREAK(SECFailure); } current->policyQualifiers = RequestPolicyQualifiers(arena, ¤t->policyID); if (!certPoliciesArr) { certPoliciesArr = PORT_ArenaZNew(arena, CERTPolicyInfo *); } else { certPoliciesArr = PORT_ArenaGrow(arena, certPoliciesArr, sizeof(current) * count, sizeof(current) * (count + 1)); } if (certPoliciesArr == NULL) { GEN_BREAK(SECFailure); } certPoliciesArr[count] = current; ++count; if (!GetYesNo("Enter another PolicyInformation field [y/N]?")) { /* Add null to the end to mark end of data */ certPoliciesArr = PORT_ArenaGrow(arena, certPoliciesArr, sizeof(current) * count, sizeof(current) * (count + 1)); if (certPoliciesArr == NULL) { GEN_BREAK(SECFailure); } certPoliciesArr[count] = NULL; break; } } while (1); if (rv == SECSuccess) { CERTCertificatePolicies policies; PRBool yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); policies.arena = arena; policies.policyInfos = certPoliciesArr; rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &policies, yesNoAns, SEC_OID_X509_CERTIFICATE_POLICIES, (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCertPoliciesExtension); } if (arena) PORT_FreeArena(arena, PR_FALSE); return (rv); } enum AuthInfoAccessTypesEnum { caIssuers = 1, ocsp = 2 }; enum SubjInfoAccessTypesEnum { caRepository = 1, timeStamping = 2 }; /* Encode and add an AIA or SIA extension */ static SECStatus AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert) { CERTAuthInfoAccess **infoAccArr = NULL; CERTAuthInfoAccess *current; PLArenaPool *arena = NULL; SECStatus rv = SECSuccess; int count = 0; char buffer[512]; SECOidData *oid = NULL; int intValue = 0; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) { SECU_PrintError(progName, "out of memory"); return SECFailure; } do { current = NULL; current = PORT_ArenaZNew(arena, CERTAuthInfoAccess); if (current == NULL) { GEN_BREAK(SECFailure); } /* Get the accessMethod fields */ if (addSIAExt) { if (isCACert) { puts("Adding \"CA Repository\" access method type for " "Subject Information Access extension:\n"); intValue = caRepository; } else { puts("Adding \"Time Stamping Services\" access method type for " "Subject Information Access extension:\n"); intValue = timeStamping; } } else { if (PrintChoicesAndGetAnswer("Enter access method type " "for Authority Information Access extension:\n" "\t1 - CA Issuers\n\t2 - OCSP\n\tAny" "other number to finish\n\tChoice", buffer, sizeof(buffer)) != SECSuccess) { GEN_BREAK(SECFailure); } intValue = PORT_Atoi(buffer); } if (addSIAExt) { switch (intValue) { case caRepository: oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CA_REPOSITORY); break; case timeStamping: oid = SECOID_FindOIDByTag(SEC_OID_PKIX_TIMESTAMPING); break; } } else { switch (intValue) { case caIssuers: oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CA_ISSUERS); break; case ocsp: oid = SECOID_FindOIDByTag(SEC_OID_PKIX_OCSP); break; } } if (oid == NULL || SECITEM_CopyItem(arena, ¤t->method, &oid->oid) == SECFailure) { GEN_BREAK(SECFailure); } current->location = CreateGeneralName(arena); if (!current->location) { GEN_BREAK(SECFailure); } if (infoAccArr == NULL) { infoAccArr = PORT_ArenaZNew(arena, CERTAuthInfoAccess *); } else { infoAccArr = PORT_ArenaGrow(arena, infoAccArr, sizeof(current) * count, sizeof(current) * (count + 1)); } if (infoAccArr == NULL) { GEN_BREAK(SECFailure); } infoAccArr[count] = current; ++count; PR_snprintf(buffer, sizeof(buffer), "Add another location to the %s" " Information Access extension [y/N]", (addSIAExt) ? "Subject" : "Authority"); if (GetYesNo(buffer) == 0) { /* Add null to the end to mark end of data */ infoAccArr = PORT_ArenaGrow(arena, infoAccArr, sizeof(current) * count, sizeof(current) * (count + 1)); if (infoAccArr == NULL) { GEN_BREAK(SECFailure); } infoAccArr[count] = NULL; break; } } while (1); if (rv == SECSuccess) { int oidIdent = SEC_OID_X509_AUTH_INFO_ACCESS; PRBool yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); if (addSIAExt) { oidIdent = SEC_OID_X509_SUBJECT_INFO_ACCESS; } rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, infoAccArr, yesNoAns, oidIdent, (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInfoAccessExtension); } if (arena) PORT_FreeArena(arena, PR_FALSE); return (rv); } /* Example of valid input: * 1.2.3.4:critical:/tmp/abc,5.6.7.8:not-critical:/tmp/xyz */ static SECStatus parseNextGenericExt(const char *nextExtension, const char **oid, int *oidLen, const char **crit, int *critLen, const char **filename, int *filenameLen, const char **next) { const char *nextColon; const char *nextComma; const char *iter = nextExtension; if (!iter || !*iter) return SECFailure; /* Require colons at earlier positions than nextComma (or end of string ) */ nextComma = strchr(iter, ','); *oid = iter; nextColon = strchr(iter, ':'); if (!nextColon || (nextComma && nextColon > nextComma)) return SECFailure; *oidLen = (nextColon - *oid); if (!*oidLen) return SECFailure; iter = nextColon; ++iter; *crit = iter; nextColon = strchr(iter, ':'); if (!nextColon || (nextComma && nextColon > nextComma)) return SECFailure; *critLen = (nextColon - *crit); if (!*critLen) return SECFailure; iter = nextColon; ++iter; *filename = iter; if (nextComma) { *filenameLen = (nextComma - *filename); iter = nextComma; ++iter; *next = iter; } else { *filenameLen = strlen(*filename); *next = NULL; } if (!*filenameLen) return SECFailure; return SECSuccess; } SECStatus AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, certutilExtnList extList, const char *extGeneric) { PLArenaPool *arena; SECStatus rv = SECSuccess; char *errstring = NULL; const char *nextExtension = NULL; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { return SECFailure; } do { /* Add key usage extension */ if (extList[ext_keyUsage].activated) { rv = AddKeyUsage(extHandle, extList[ext_keyUsage].arg); if (rv) { errstring = "KeyUsage"; break; } } /* Add extended key usage extension */ if (extList[ext_extKeyUsage].activated) { rv = AddExtKeyUsage(extHandle, extList[ext_extKeyUsage].arg); if (rv) { errstring = "ExtendedKeyUsage"; break; } } /* Add basic constraint extension */ if (extList[ext_basicConstraint].activated) { rv = AddBasicConstraint(arena, extHandle); if (rv) { errstring = "BasicConstraint"; break; } } /* Add name constraints extension */ if (extList[ext_nameConstraints].activated) { rv = AddNameConstraints(extHandle); if (rv) { errstring = "NameConstraints"; break; } } if (extList[ext_authorityKeyID].activated) { rv = AddAuthKeyID(extHandle); if (rv) { errstring = "AuthorityKeyID"; break; } } if (extList[ext_subjectKeyID].activated) { rv = AddSubjKeyID(extHandle); if (rv) { errstring = "SubjectKeyID"; break; } } if (extList[ext_CRLDistPts].activated) { rv = AddCrlDistPoint(extHandle); if (rv) { errstring = "CRLDistPoints"; break; } } if (extList[ext_NSCertType].activated) { rv = AddNscpCertType(extHandle, extList[ext_NSCertType].arg); if (rv) { errstring = "NSCertType"; break; } } if (extList[ext_authInfoAcc].activated || extList[ext_subjInfoAcc].activated) { rv = AddInfoAccess(extHandle, extList[ext_subjInfoAcc].activated, extList[ext_basicConstraint].activated); if (rv) { errstring = "InformationAccess"; break; } } if (extList[ext_certPolicies].activated) { rv = AddCertPolicies(extHandle); if (rv) { errstring = "Policies"; break; } } if (extList[ext_policyMappings].activated) { rv = AddPolicyMappings(extHandle); if (rv) { errstring = "PolicyMappings"; break; } } if (extList[ext_policyConstr].activated) { rv = AddPolicyConstraints(extHandle); if (rv) { errstring = "PolicyConstraints"; break; } } if (extList[ext_inhibitAnyPolicy].activated) { rv = AddInhibitAnyPolicy(extHandle); if (rv) { errstring = "InhibitAnyPolicy"; break; } } if (emailAddrs || dnsNames || extList[ext_subjectAltName].activated) { CERTGeneralName *namelist = NULL; SECItem item = { 0, NULL, 0 }; rv = SECSuccess; if (emailAddrs) { rv |= AddEmailSubjectAlt(arena, &namelist, emailAddrs); } if (dnsNames) { rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames); } if (extList[ext_subjectAltName].activated) { rv |= AddGeneralSubjectAlt(arena, &namelist, extList[ext_subjectAltName].arg); } if (rv == SECSuccess) { rv = CERT_EncodeAltNameExtension(arena, namelist, &item); if (rv == SECSuccess) { rv = CERT_AddExtension(extHandle, SEC_OID_X509_SUBJECT_ALT_NAME, &item, PR_FALSE, PR_TRUE); } } if (rv) { errstring = "SubjectAltName"; break; } } } while (0); PORT_FreeArena(arena, PR_FALSE); if (rv != SECSuccess) { SECU_PrintError(progName, "Problem creating %s extension", errstring); } nextExtension = extGeneric; while (nextExtension && *nextExtension) { SECItem oid_item, value; PRBool isCritical; const char *oid, *crit, *filename, *next; int oidLen, critLen, filenameLen; PRFileDesc *inFile = NULL; char *zeroTerminatedFilename = NULL; rv = parseNextGenericExt(nextExtension, &oid, &oidLen, &crit, &critLen, &filename, &filenameLen, &next); if (rv != SECSuccess) { SECU_PrintError(progName, "error parsing generic extension parameter %s", nextExtension); break; } oid_item.data = NULL; oid_item.len = 0; rv = GetOidFromString(NULL, &oid_item, oid, oidLen); if (rv != SECSuccess) { SECU_PrintError(progName, "malformed extension OID %s", nextExtension); break; } if (!strncmp("critical", crit, critLen)) { isCritical = PR_TRUE; } else if (!strncmp("not-critical", crit, critLen)) { isCritical = PR_FALSE; } else { rv = SECFailure; SECU_PrintError(progName, "expected 'critical' or 'not-critical'"); break; } zeroTerminatedFilename = PL_strndup(filename, filenameLen); if (!zeroTerminatedFilename) { rv = SECFailure; SECU_PrintError(progName, "out of memory"); break; } rv = SECFailure; inFile = PR_Open(zeroTerminatedFilename, PR_RDONLY, 0); if (inFile) { rv = SECU_ReadDERFromFile(&value, inFile, PR_FALSE, PR_FALSE); PR_Close(inFile); inFile = NULL; } if (rv != SECSuccess) { SECU_PrintError(progName, "unable to read file %s", zeroTerminatedFilename); } PL_strfree(zeroTerminatedFilename); if (rv != SECSuccess) { break; } rv = CERT_AddExtensionByOID(extHandle, &oid_item, &value, isCritical, PR_TRUE /*copyData*/); SECITEM_FreeItem(&value, PR_FALSE); SECITEM_FreeItem(&oid_item, PR_FALSE); if (rv != SECSuccess) { SECU_PrintError(progName, "failed to add extension %s", nextExtension); break; } nextExtension = next; } return rv; } nss-pem.git/nss/nss/cmd/certutil/certutil.c0000664000000000000000000042246313252671167016142 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* ** certutil.c ** ** utility for managing certificates and the cert database ** */ #include #include #include #if defined(WIN32) #include "fcntl.h" #include "io.h" #endif #include "secutil.h" #if defined(XP_UNIX) #include #endif #include "nspr.h" #include "prtypes.h" #include "prtime.h" #include "prlong.h" #include "pk11func.h" #include "secasn1.h" #include "cert.h" #include "cryptohi.h" #include "secoid.h" #include "certdb.h" #include "nss.h" #include "certutil.h" #define MIN_KEY_BITS 512 /* MAX_KEY_BITS should agree with MAX_RSA_MODULUS in freebl */ #define MAX_KEY_BITS 8192 #define DEFAULT_KEY_BITS 2048 #define GEN_BREAK(e) \ rv = e; \ break; char *progName; static CERTCertificateRequest * GetCertRequest(const SECItem *reqDER, void *pwarg) { CERTCertificateRequest *certReq = NULL; CERTSignedData signedData; PLArenaPool *arena = NULL; SECStatus rv; do { arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { GEN_BREAK(SECFailure); } certReq = (CERTCertificateRequest *)PORT_ArenaZAlloc(arena, sizeof(CERTCertificateRequest)); if (!certReq) { GEN_BREAK(SECFailure); } certReq->arena = arena; /* Since cert request is a signed data, must decode to get the inner data */ PORT_Memset(&signedData, 0, sizeof(signedData)); rv = SEC_ASN1DecodeItem(arena, &signedData, SEC_ASN1_GET(CERT_SignedDataTemplate), reqDER); if (rv) { break; } rv = SEC_ASN1DecodeItem(arena, certReq, SEC_ASN1_GET(CERT_CertificateRequestTemplate), &signedData.data); if (rv) { break; } rv = CERT_VerifySignedDataWithPublicKeyInfo(&signedData, &certReq->subjectPublicKeyInfo, pwarg); } while (0); if (rv) { SECU_PrintError(progName, "bad certificate request\n"); if (arena) { PORT_FreeArena(arena, PR_FALSE); } certReq = NULL; } return certReq; } static SECStatus AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts, const SECItem *certDER, PRBool emailcert, void *pwdata) { CERTCertTrust *trust = NULL; CERTCertificate *cert = NULL; SECStatus rv; do { /* Read in an ASCII cert and return a CERTCertificate */ cert = CERT_DecodeCertFromPackage((char *)certDER->data, certDER->len); if (!cert) { SECU_PrintError(progName, "could not decode certificate"); GEN_BREAK(SECFailure); } /* Create a cert trust */ trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust)); if (!trust) { SECU_PrintError(progName, "unable to allocate cert trust"); GEN_BREAK(SECFailure); } rv = CERT_DecodeTrustString(trust, trusts); if (rv) { SECU_PrintError(progName, "unable to decode trust string"); GEN_BREAK(SECFailure); } rv = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE, name, PR_FALSE); if (rv != SECSuccess) { /* sigh, PK11_Import Cert and CERT_ChangeCertTrust should have * been coded to take a password arg. */ if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) { rv = PK11_Authenticate(slot, PR_TRUE, pwdata); if (rv != SECSuccess) { SECU_PrintError(progName, "could not authenticate to token %s.", PK11_GetTokenName(slot)); GEN_BREAK(SECFailure); } rv = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE, name, PR_FALSE); } if (rv != SECSuccess) { SECU_PrintError(progName, "could not add certificate to token or database"); GEN_BREAK(SECFailure); } } rv = CERT_ChangeCertTrust(handle, cert, trust); if (rv != SECSuccess) { if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) { rv = PK11_Authenticate(slot, PR_TRUE, pwdata); if (rv != SECSuccess) { SECU_PrintError(progName, "could not authenticate to token %s.", PK11_GetTokenName(slot)); GEN_BREAK(SECFailure); } rv = CERT_ChangeCertTrust(handle, cert, trust); } if (rv != SECSuccess) { SECU_PrintError(progName, "could not change trust on certificate"); GEN_BREAK(SECFailure); } } if (emailcert) { CERT_SaveSMimeProfile(cert, NULL, pwdata); } } while (0); CERT_DestroyCertificate(cert); PORT_Free(trust); return rv; } static SECStatus CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, SECOidTag hashAlgTag, CERTName *subject, const char *phone, int ascii, const char *emailAddrs, const char *dnsNames, certutilExtnList extnList, const char *extGeneric, PRBool pssCertificate, /*out*/ SECItem *result) { CERTSubjectPublicKeyInfo *spki; CERTCertificateRequest *cr; SECItem *encoding; SECOidTag signAlgTag; SECStatus rv; PLArenaPool *arena; void *extHandle; SECItem signedReq = { siBuffer, NULL, 0 }; SECAlgorithmID signAlg; SECItem *params = NULL; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) { SECU_PrintError(progName, "out of memory"); return SECFailure; } /* Create info about public key */ spki = SECKEY_CreateSubjectPublicKeyInfo(pubk); if (!spki) { PORT_FreeArena(arena, PR_FALSE); SECU_PrintError(progName, "unable to create subject public key"); return SECFailure; } /* Change cert type to RSA-PSS, if desired. */ if (pssCertificate) { params = SEC_CreateSignatureAlgorithmParameters(arena, NULL, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, hashAlgTag, NULL, privk); if (!params) { PORT_FreeArena(arena, PR_FALSE); SECKEY_DestroySubjectPublicKeyInfo(spki); SECU_PrintError(progName, "unable to create RSA-PSS parameters"); return SECFailure; } spki->algorithm.parameters.data = NULL; rv = SECOID_SetAlgorithmID(arena, &spki->algorithm, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, hashAlgTag == SEC_OID_UNKNOWN ? NULL : params); if (rv != SECSuccess) { PORT_FreeArena(arena, PR_FALSE); SECKEY_DestroySubjectPublicKeyInfo(spki); SECU_PrintError(progName, "unable to set algorithm ID"); return SECFailure; } } /* Generate certificate request */ cr = CERT_CreateCertificateRequest(subject, spki, NULL); SECKEY_DestroySubjectPublicKeyInfo(spki); if (!cr) { PORT_FreeArena(arena, PR_FALSE); SECU_PrintError(progName, "unable to make certificate request"); return SECFailure; } extHandle = CERT_StartCertificateRequestAttributes(cr); if (extHandle == NULL) { PORT_FreeArena(arena, PR_FALSE); CERT_DestroyCertificateRequest(cr); return SECFailure; } if (AddExtensions(extHandle, emailAddrs, dnsNames, extnList, extGeneric) != SECSuccess) { PORT_FreeArena(arena, PR_FALSE); CERT_FinishExtensions(extHandle); CERT_DestroyCertificateRequest(cr); return SECFailure; } CERT_FinishExtensions(extHandle); CERT_FinishCertificateRequestAttributes(cr); /* Der encode the request */ encoding = SEC_ASN1EncodeItem(arena, NULL, cr, SEC_ASN1_GET(CERT_CertificateRequestTemplate)); CERT_DestroyCertificateRequest(cr); if (encoding == NULL) { PORT_FreeArena(arena, PR_FALSE); SECU_PrintError(progName, "der encoding of request failed"); return SECFailure; } PORT_Memset(&signAlg, 0, sizeof(signAlg)); if (pssCertificate) { rv = SECOID_SetAlgorithmID(arena, &signAlg, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, params); if (rv != SECSuccess) { PORT_FreeArena(arena, PR_FALSE); SECU_PrintError(progName, "unable to set algorithm ID"); return SECFailure; } } else { signAlgTag = SEC_GetSignatureAlgorithmOidTag(keyType, hashAlgTag); if (signAlgTag == SEC_OID_UNKNOWN) { PORT_FreeArena(arena, PR_FALSE); SECU_PrintError(progName, "unknown Key or Hash type"); return SECFailure; } rv = SECOID_SetAlgorithmID(arena, &signAlg, signAlgTag, 0); if (rv != SECSuccess) { PORT_FreeArena(arena, PR_FALSE); SECU_PrintError(progName, "unable to set algorithm ID"); return SECFailure; } } /* Sign the request */ rv = SEC_DerSignDataWithAlgorithmID(arena, &signedReq, encoding->data, encoding->len, privk, &signAlg); if (rv) { PORT_FreeArena(arena, PR_FALSE); SECU_PrintError(progName, "signing of data failed"); return SECFailure; } /* Encode request in specified format */ if (ascii) { char *obuf; char *header, *name, *email, *org, *state, *country; obuf = BTOA_ConvertItemToAscii(&signedReq); if (!obuf) { goto oom; } name = CERT_GetCommonName(subject); if (!name) { name = PORT_Strdup("(not specified)"); } if (!phone) phone = "(not specified)"; email = CERT_GetCertEmailAddress(subject); if (!email) email = PORT_Strdup("(not specified)"); org = CERT_GetOrgName(subject); if (!org) org = PORT_Strdup("(not specified)"); state = CERT_GetStateName(subject); if (!state) state = PORT_Strdup("(not specified)"); country = CERT_GetCountryName(subject); if (!country) country = PORT_Strdup("(not specified)"); header = PR_smprintf( "\nCertificate request generated by Netscape certutil\n" "Phone: %s\n\n" "Common Name: %s\n" "Email: %s\n" "Organization: %s\n" "State: %s\n" "Country: %s\n\n" "%s\n", phone, name, email, org, state, country, NS_CERTREQ_HEADER); PORT_Free(name); PORT_Free(email); PORT_Free(org); PORT_Free(state); PORT_Free(country); if (header) { char *trailer = PR_smprintf("\n%s\n", NS_CERTREQ_TRAILER); if (trailer) { PRUint32 headerLen = PL_strlen(header); PRUint32 obufLen = PL_strlen(obuf); PRUint32 trailerLen = PL_strlen(trailer); SECITEM_AllocItem(NULL, result, headerLen + obufLen + trailerLen); if (result->data) { PORT_Memcpy(result->data, header, headerLen); PORT_Memcpy(result->data + headerLen, obuf, obufLen); PORT_Memcpy(result->data + headerLen + obufLen, trailer, trailerLen); } PR_smprintf_free(trailer); } PR_smprintf_free(header); } PORT_Free(obuf); } else { (void)SECITEM_CopyItem(NULL, result, &signedReq); } if (!result->data) { oom: SECU_PrintError(progName, "out of memory"); PORT_SetError(SEC_ERROR_NO_MEMORY); rv = SECFailure; } PORT_FreeArena(arena, PR_FALSE); return rv; } static SECStatus ChangeTrustAttributes(CERTCertDBHandle *handle, PK11SlotInfo *slot, char *name, char *trusts, void *pwdata) { SECStatus rv; CERTCertificate *cert; CERTCertTrust *trust; cert = CERT_FindCertByNicknameOrEmailAddrCX(handle, name, pwdata); if (!cert) { SECU_PrintError(progName, "could not find certificate named \"%s\"", name); return SECFailure; } trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust)); if (!trust) { SECU_PrintError(progName, "unable to allocate cert trust"); return SECFailure; } /* This function only decodes these characters: pPwcTCu, */ rv = CERT_DecodeTrustString(trust, trusts); if (rv) { SECU_PrintError(progName, "unable to decode trust string"); return SECFailure; } /* CERT_ChangeCertTrust API does not have a way to pass in * a context, so NSS can't prompt for the password if it needs to. * check to see if the failure was token not logged in and * log in if need be. */ rv = CERT_ChangeCertTrust(handle, cert, trust); if (rv != SECSuccess) { if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) { rv = PK11_Authenticate(slot, PR_TRUE, pwdata); if (rv != SECSuccess) { SECU_PrintError(progName, "could not authenticate to token %s.", PK11_GetTokenName(slot)); return SECFailure; } rv = CERT_ChangeCertTrust(handle, cert, trust); } if (rv != SECSuccess) { SECU_PrintError(progName, "unable to modify trust attributes"); return SECFailure; } } CERT_DestroyCertificate(cert); PORT_Free(trust); return SECSuccess; } static SECStatus DumpChain(CERTCertDBHandle *handle, char *name, PRBool ascii) { CERTCertificate *the_cert; CERTCertificateList *chain; int i, j; the_cert = SECU_FindCertByNicknameOrFilename(handle, name, ascii, NULL); if (!the_cert) { SECU_PrintError(progName, "Could not find: %s\n", name); return SECFailure; } chain = CERT_CertChainFromCert(the_cert, 0, PR_TRUE); CERT_DestroyCertificate(the_cert); if (!chain) { SECU_PrintError(progName, "Could not obtain chain for: %s\n", name); return SECFailure; } for (i = chain->len - 1; i >= 0; i--) { CERTCertificate *c; c = CERT_FindCertByDERCert(handle, &chain->certs[i]); for (j = i; j < chain->len - 1; j++) { printf(" "); } if (c) { printf("\"%s\" [%s]\n\n", c->nickname, c->subjectName); CERT_DestroyCertificate(c); } else { printf("(null)\n\n"); } } CERT_DestroyCertificateList(chain); return SECSuccess; } static SECStatus outputCertOrExtension(CERTCertificate *the_cert, PRBool raw, PRBool ascii, SECItem *extensionOID, PRFileDesc *outfile) { SECItem data; PRInt32 numBytes; SECStatus rv = SECFailure; if (extensionOID) { int i; PRBool found = PR_FALSE; for (i = 0; the_cert->extensions[i] != NULL; i++) { CERTCertExtension *extension = the_cert->extensions[i]; if (SECITEM_CompareItem(&extension->id, extensionOID) == SECEqual) { found = PR_TRUE; numBytes = PR_Write(outfile, extension->value.data, extension->value.len); rv = SECSuccess; if (numBytes != (PRInt32)extension->value.len) { SECU_PrintSystemError(progName, "error writing extension"); rv = SECFailure; } break; } } if (!found) { SECU_PrintSystemError(progName, "extension not found"); rv = SECFailure; } } else { data.data = the_cert->derCert.data; data.len = the_cert->derCert.len; if (ascii) { PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER); rv = SECSuccess; } else if (raw) { numBytes = PR_Write(outfile, data.data, data.len); rv = SECSuccess; if (numBytes != (PRInt32)data.len) { SECU_PrintSystemError(progName, "error writing raw cert"); rv = SECFailure; } } else { rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL); if (rv != SECSuccess) { SECU_PrintError(progName, "problem printing certificate"); } } } return rv; } static SECStatus listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot, PRBool raw, PRBool ascii, SECItem *extensionOID, PRFileDesc *outfile, void *pwarg) { SECStatus rv = SECFailure; CERTCertList *certs; CERTCertListNode *node; /* List certs on a non-internal slot. */ if (!PK11_IsFriendly(slot) && PK11_NeedLogin(slot)) { SECStatus newrv = PK11_Authenticate(slot, PR_TRUE, pwarg); if (newrv != SECSuccess) { SECU_PrintError(progName, "could not authenticate to token %s.", PK11_GetTokenName(slot)); return SECFailure; } } if (name) { CERTCertificate *the_cert = SECU_FindCertByNicknameOrFilename(handle, name, ascii, NULL); if (!the_cert) { SECU_PrintError(progName, "Could not find cert: %s\n", name); return SECFailure; } /* Here, we have one cert with the desired nickname or email * address. Now, we will attempt to get a list of ALL certs * with the same subject name as the cert we have. That list * should contain, at a minimum, the one cert we have already found. * If the list of certs is empty (NULL), the libraries have failed. */ certs = CERT_CreateSubjectCertList(NULL, handle, &the_cert->derSubject, PR_Now(), PR_FALSE); CERT_DestroyCertificate(the_cert); if (!certs) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); SECU_PrintError(progName, "problem printing certificates"); return SECFailure; } for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node, certs); node = CERT_LIST_NEXT(node)) { rv = outputCertOrExtension(node->cert, raw, ascii, extensionOID, outfile); if (rv != SECSuccess) { break; } } } else if (email) { certs = PK11_FindCertsFromEmailAddress(email, NULL); if (!certs) { SECU_PrintError(progName, "Could not find certificates for email address: %s\n", email); return SECFailure; } for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node, certs); node = CERT_LIST_NEXT(node)) { rv = outputCertOrExtension(node->cert, raw, ascii, extensionOID, outfile); if (rv != SECSuccess) { break; } } } else { certs = PK11_ListCertsInSlot(slot); if (certs) { for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node, certs); node = CERT_LIST_NEXT(node)) { SECU_PrintCertNickname(node, stdout); } rv = SECSuccess; } } if (certs) { CERT_DestroyCertList(certs); } if (rv) { SECU_PrintError(progName, "problem printing certificate nicknames"); return SECFailure; } return SECSuccess; /* not rv ?? */ } static SECStatus ListCerts(CERTCertDBHandle *handle, char *nickname, char *email, PK11SlotInfo *slot, PRBool raw, PRBool ascii, SECItem *extensionOID, PRFileDesc *outfile, secuPWData *pwdata) { SECStatus rv; if (slot && PK11_NeedUserInit(slot)) { printf("\nDatabase needs user init\n"); } if (!ascii && !raw && !nickname && !email) { PR_fprintf(outfile, "\n%-60s %-5s\n%-60s %-5s\n\n", "Certificate Nickname", "Trust Attributes", "", "SSL,S/MIME,JAR/XPI"); } if (slot == NULL) { CERTCertList *list; CERTCertListNode *node; list = PK11_ListCerts(PK11CertListAll, pwdata); for (node = CERT_LIST_HEAD(list); !CERT_LIST_END(node, list); node = CERT_LIST_NEXT(node)) { SECU_PrintCertNickname(node, stdout); } CERT_DestroyCertList(list); return SECSuccess; } rv = listCerts(handle, nickname, email, slot, raw, ascii, extensionOID, outfile, pwdata); return rv; } static SECStatus DeleteCert(CERTCertDBHandle *handle, char *name, void *pwdata) { SECStatus rv; CERTCertificate *cert; cert = CERT_FindCertByNicknameOrEmailAddrCX(handle, name, pwdata); if (!cert) { SECU_PrintError(progName, "could not find certificate named \"%s\"", name); return SECFailure; } rv = SEC_DeletePermCertificate(cert); CERT_DestroyCertificate(cert); if (rv) { SECU_PrintError(progName, "unable to delete certificate"); } return rv; } static SECStatus RenameCert(CERTCertDBHandle *handle, char *name, char *newName, void *pwdata) { SECStatus rv; CERTCertificate *cert; cert = CERT_FindCertByNicknameOrEmailAddrCX(handle, name, pwdata); if (!cert) { SECU_PrintError(progName, "could not find certificate named \"%s\"", name); return SECFailure; } rv = __PK11_SetCertificateNickname(cert, newName); CERT_DestroyCertificate(cert); if (rv) { SECU_PrintError(progName, "unable to rename certificate"); } return rv; } static SECStatus ValidateCert(CERTCertDBHandle *handle, char *name, char *date, char *certUsage, PRBool checkSig, PRBool logit, PRBool ascii, secuPWData *pwdata) { SECStatus rv; CERTCertificate *cert = NULL; PRTime timeBoundary; SECCertificateUsage usage; CERTVerifyLog reallog; CERTVerifyLog *log = NULL; if (!certUsage) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return (SECFailure); } switch (*certUsage) { case 'O': usage = certificateUsageStatusResponder; break; case 'L': usage = certificateUsageSSLCA; break; case 'A': usage = certificateUsageAnyCA; break; case 'Y': usage = certificateUsageVerifyCA; break; case 'C': usage = certificateUsageSSLClient; break; case 'V': usage = certificateUsageSSLServer; break; case 'S': usage = certificateUsageEmailSigner; break; case 'R': usage = certificateUsageEmailRecipient; break; case 'J': usage = certificateUsageObjectSigner; break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); return (SECFailure); } do { cert = SECU_FindCertByNicknameOrFilename(handle, name, ascii, NULL); if (!cert) { SECU_PrintError(progName, "could not find certificate named \"%s\"", name); GEN_BREAK(SECFailure) } if (date != NULL) { rv = DER_AsciiToTime(&timeBoundary, date); if (rv) { SECU_PrintError(progName, "invalid input date"); GEN_BREAK(SECFailure) } } else { timeBoundary = PR_Now(); } if (logit) { log = &reallog; log->count = 0; log->head = NULL; log->tail = NULL; log->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (log->arena == NULL) { SECU_PrintError(progName, "out of memory"); GEN_BREAK(SECFailure) } } rv = CERT_VerifyCertificate(handle, cert, checkSig, usage, timeBoundary, pwdata, log, &usage); if (log) { if (log->head == NULL) { fprintf(stdout, "%s: certificate is valid\n", progName); GEN_BREAK(SECSuccess) } else { char *name; CERTVerifyLogNode *node; node = log->head; while (node) { if (node->cert->nickname != NULL) { name = node->cert->nickname; } else { name = node->cert->subjectName; } fprintf(stderr, "%s : %s\n", name, SECU_Strerror(node->error)); CERT_DestroyCertificate(node->cert); node = node->next; } } } else { if (rv != SECSuccess) { PRErrorCode perr = PORT_GetError(); fprintf(stdout, "%s: certificate is invalid: %s\n", progName, SECU_Strerror(perr)); GEN_BREAK(SECFailure) } fprintf(stdout, "%s: certificate is valid\n", progName); GEN_BREAK(SECSuccess) } } while (0); if (cert) { CERT_DestroyCertificate(cert); } return (rv); } static PRBool ItemIsPrintableASCII(const SECItem *item) { unsigned char *src = item->data; unsigned int len = item->len; while (len-- > 0) { unsigned char uc = *src++; if (uc < 0x20 || uc > 0x7e) return PR_FALSE; } return PR_TRUE; } /* Caller ensures that dst is at least item->len*2+1 bytes long */ static void SECItemToHex(const SECItem *item, char *dst) { if (dst && item && item->data) { unsigned char *src = item->data; unsigned int len = item->len; for (; len > 0; --len, dst += 2) { sprintf(dst, "%02x", *src++); } *dst = '\0'; } } static const char *const keyTypeName[] = { "null", "rsa", "dsa", "fortezza", "dh", "kea", "ec" }; #define MAX_CKA_ID_BIN_LEN 20 #define MAX_CKA_ID_STR_LEN 40 /* print key number, key ID (in hex or ASCII), key label (nickname) */ static SECStatus PrintKey(PRFileDesc *out, const char *nickName, int count, SECKEYPrivateKey *key, void *pwarg) { SECItem *ckaID; char ckaIDbuf[MAX_CKA_ID_STR_LEN + 4]; pwarg = NULL; ckaID = PK11_GetLowLevelKeyIDForPrivateKey(key); if (!ckaID) { strcpy(ckaIDbuf, "(no CKA_ID)"); } else if (ItemIsPrintableASCII(ckaID)) { int len = PR_MIN(MAX_CKA_ID_STR_LEN, ckaID->len); ckaIDbuf[0] = '"'; memcpy(ckaIDbuf + 1, ckaID->data, len); ckaIDbuf[1 + len] = '"'; ckaIDbuf[2 + len] = '\0'; } else { /* print ckaid in hex */ SECItem idItem = *ckaID; if (idItem.len > MAX_CKA_ID_BIN_LEN) idItem.len = MAX_CKA_ID_BIN_LEN; SECItemToHex(&idItem, ckaIDbuf); } PR_fprintf(out, "<%2d> %-8.8s %-42.42s %s\n", count, keyTypeName[key->keyType], ckaIDbuf, nickName); SECITEM_ZfreeItem(ckaID, PR_TRUE); return SECSuccess; } /* returns SECSuccess if ANY keys are found, SECFailure otherwise. */ static SECStatus ListKeysInSlot(PK11SlotInfo *slot, const char *nickName, KeyType keyType, void *pwarg) { SECKEYPrivateKeyList *list; SECKEYPrivateKeyListNode *node; int count = 0; if (PK11_NeedLogin(slot)) { SECStatus rv = PK11_Authenticate(slot, PR_TRUE, pwarg); if (rv != SECSuccess) { SECU_PrintError(progName, "could not authenticate to token %s.", PK11_GetTokenName(slot)); return SECFailure; } } if (nickName && nickName[0]) list = PK11_ListPrivKeysInSlot(slot, (char *)nickName, pwarg); else list = PK11_ListPrivateKeysInSlot(slot); if (list == NULL) { SECU_PrintError(progName, "problem listing keys"); return SECFailure; } for (node = PRIVKEY_LIST_HEAD(list); !PRIVKEY_LIST_END(node, list); node = PRIVKEY_LIST_NEXT(node)) { char *keyName; static const char orphan[] = { "(orphan)" }; if (keyType != nullKey && keyType != node->key->keyType) continue; keyName = PK11_GetPrivateKeyNickname(node->key); if (!keyName || !keyName[0]) { /* Try extra hard to find nicknames for keys that lack them. */ CERTCertificate *cert; PORT_Free((void *)keyName); keyName = NULL; cert = PK11_GetCertFromPrivateKey(node->key); if (cert) { if (cert->nickname && cert->nickname[0]) { keyName = PORT_Strdup(cert->nickname); } else if (cert->emailAddr && cert->emailAddr[0]) { keyName = PORT_Strdup(cert->emailAddr); } CERT_DestroyCertificate(cert); } } if (nickName) { if (!keyName || PL_strcmp(keyName, nickName)) { /* PKCS#11 module returned unwanted keys */ PORT_Free((void *)keyName); continue; } } if (!keyName) keyName = (char *)orphan; PrintKey(PR_STDOUT, keyName, count, node->key, pwarg); if (keyName != (char *)orphan) PORT_Free((void *)keyName); count++; } SECKEY_DestroyPrivateKeyList(list); if (count == 0) { PR_fprintf(PR_STDOUT, "%s: no keys found\n", progName); return SECFailure; } return SECSuccess; } /* returns SECSuccess if ANY keys are found, SECFailure otherwise. */ static SECStatus ListKeys(PK11SlotInfo *slot, const char *nickName, int index, KeyType keyType, PRBool dopriv, secuPWData *pwdata) { SECStatus rv = SECFailure; static const char fmt[] = "%s: Checking token \"%.33s\" in slot \"%.65s\"\n"; if (slot == NULL) { PK11SlotList *list; PK11SlotListElement *le; list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, pwdata); if (list) { for (le = list->head; le; le = le->next) { PR_fprintf(PR_STDOUT, fmt, progName, PK11_GetTokenName(le->slot), PK11_GetSlotName(le->slot)); rv &= ListKeysInSlot(le->slot, nickName, keyType, pwdata); } PK11_FreeSlotList(list); } } else { PR_fprintf(PR_STDOUT, fmt, progName, PK11_GetTokenName(slot), PK11_GetSlotName(slot)); rv = ListKeysInSlot(slot, nickName, keyType, pwdata); } return rv; } static SECStatus DeleteKey(char *nickname, secuPWData *pwdata) { SECStatus rv; CERTCertificate *cert; PK11SlotInfo *slot; slot = PK11_GetInternalKeySlot(); if (PK11_NeedLogin(slot)) { SECStatus rv = PK11_Authenticate(slot, PR_TRUE, pwdata); if (rv != SECSuccess) { SECU_PrintError(progName, "could not authenticate to token %s.", PK11_GetTokenName(slot)); return SECFailure; } } cert = PK11_FindCertFromNickname(nickname, pwdata); if (!cert) { PK11_FreeSlot(slot); return SECFailure; } rv = PK11_DeleteTokenCertAndKey(cert, pwdata); if (rv != SECSuccess) { SECU_PrintError("problem deleting private key \"%s\"\n", nickname); } CERT_DestroyCertificate(cert); PK11_FreeSlot(slot); return rv; } /* * L i s t M o d u l e s * * Print a list of the PKCS11 modules that are * available. This is useful for smartcard people to * make sure they have the drivers loaded. * */ static SECStatus ListModules(void) { PK11SlotList *list; PK11SlotListElement *le; /* get them all! */ list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL); if (list == NULL) return SECFailure; /* look at each slot*/ for (le = list->head; le; le = le->next) { char *token_uri = PK11_GetTokenURI(le->slot); printf("\n"); printf(" slot: %s\n", PK11_GetSlotName(le->slot)); printf(" token: %s\n", PK11_GetTokenName(le->slot)); printf(" uri: %s\n", token_uri); PORT_Free(token_uri); } PK11_FreeSlotList(list); return SECSuccess; } static void PrintBuildFlags() { #ifdef NSS_FIPS_DISABLED PR_fprintf(PR_STDOUT, "NSS_FIPS_DISABLED\n"); #endif #ifdef NSS_NO_INIT_SUPPORT PR_fprintf(PR_STDOUT, "NSS_NO_INIT_SUPPORT\n"); #endif exit(0); } static void PrintSyntax(char *progName) { #define FPS fprintf(stderr, FPS "Type %s -H for more detailed descriptions\n", progName); FPS "Usage: %s -N [-d certdir] [-P dbprefix] [-f pwfile] [--empty-password]\n", progName); FPS "Usage: %s -T [-d certdir] [-P dbprefix] [-h token-name]\n" "\t\t [-f pwfile] [-0 SSO-password]\n", progName); FPS "\t%s -A -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", progName); FPS "\t%s -B -i batch-file\n", progName); FPS "\t%s -C [-c issuer-name | -x] -i cert-request-file -o cert-file\n" "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n" "\t\t [-f pwfile] [-d certdir] [-P dbprefix] [-Z hashAlg]\n" "\t\t [-1 | --keyUsage [keyUsageKeyword,..]] [-2] [-3] [-4]\n" "\t\t [-5 | --nsCertType [nsCertTypeKeyword,...]]\n" "\t\t [-6 | --extKeyUsage [extKeyUsageKeyword,...]] [-7 emailAddrs]\n" "\t\t [-8 dns-names] [-a]\n", progName); FPS "\t%s -D -n cert-name [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s --rename -n cert-name --new-n new-cert-name\n" "\t\t [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", progName); FPS "\t%s -F -n nickname [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -G -n key-name [-h token-name] [-k rsa] [-g key-size] [-y exp]\n" "\t\t [-f pwfile] [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -G [-h token-name] -k dsa [-q pqgfile -g key-size] [-f pwfile]\n" "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -G [-h token-name] -k ec -q curve [-f pwfile]\n" "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|ec|rsa|all]\n", progName); FPS "\t\t [-f pwfile] [-X] [-d certdir] [-P dbprefix]\n"); FPS "\t%s --upgrade-merge --source-dir upgradeDir --upgrade-id uniqueID\n", progName); FPS "\t\t [--upgrade-token-name tokenName] [-d targetDBDir]\n"); FPS "\t\t [-P targetDBPrefix] [--source-prefix upgradeDBPrefix]\n"); FPS "\t\t [-f targetPWfile] [-@ upgradePWFile]\n"); FPS "\t%s --merge --source-dir sourceDBDir [-d targetDBdir]\n", progName); FPS "\t\t [-P targetDBPrefix] [--source-prefix sourceDBPrefix]\n"); FPS "\t\t [-f targetPWfile] [-@ sourcePWFile]\n"); FPS "\t%s -L [-n cert-name] [-h token-name] [--email email-address]\n", progName); FPS "\t\t [-X] [-r] [-a] [--dump-ext-val OID] [-d certdir] [-P dbprefix]\n"); FPS "\t%s --build-flags\n", progName); FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -O -n cert-name [-X] [-d certdir] [-a] [-P dbprefix]\n", progName); FPS "\t%s -R -s subj -o cert-request-file [-d certdir] [-P dbprefix] [-p phone] [-a]\n" "\t\t [-7 emailAddrs] [-k key-type-or-id] [-h token-name] [-f pwfile]\n" "\t\t [-g key-size] [-Z hashAlg]\n", progName); FPS "\t%s -V -n cert-name -u usage [-b time] [-e] [-a]\n" "\t\t[-X] [-d certdir] [-P dbprefix]\n", progName); FPS "Usage: %s -W [-d certdir] [-f pwfile] [-@newpwfile]\n", progName); FPS "\t%s -S -n cert-name -s subj [-c issuer-name | -x] -t trustargs\n" "\t\t [-k key-type-or-id] [-q key-params] [-h token-name] [-g key-size]\n" "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n" "\t\t [-f pwfile] [-d certdir] [-P dbprefix] [-Z hashAlg]\n" "\t\t [-p phone] [-1] [-2] [-3] [-4] [-5] [-6] [-7 emailAddrs]\n" "\t\t [-8 DNS-names]\n" "\t\t [--extAIA] [--extSIA] [--extCP] [--extPM] [--extPC] [--extIA]\n" "\t\t [--extSKID] [--extNC] [--extSAN type:name[,type:name]...]\n" "\t\t [--extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...]\n", progName); FPS "\t%s -U [-X] [-d certdir] [-P dbprefix]\n", progName); exit(1); } enum usage_level { usage_all = 0, usage_selected = 1 }; static void luCommonDetailsAE(); static void luA(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "A")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Add a certificate to the database (create if needed)\n", "-A"); if (ul == usage_selected && !is_my_command) return; if (ul == usage_all) { FPS "%-20s\n", " All options under -E apply"); } else { luCommonDetailsAE(); } } static void luB(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "B")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Run a series of certutil commands from a batch file\n", "-B"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s Specify the batch file\n", " -i batch-file"); } static void luE(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "E")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Add an Email certificate to the database (create if needed)\n", "-E"); if (ul == usage_selected && !is_my_command) return; luCommonDetailsAE(); } static void luCommonDetailsAE() { FPS "%-20s Specify the nickname of the certificate to add\n", " -n cert-name"); FPS "%-20s Set the certificate trust attributes:\n", " -t trustargs"); FPS "%-25s trustargs is of the form x,y,z where x is for SSL, y is for S/MIME,\n", ""); FPS "%-25s and z is for code signing. Use ,, for no explicit trust.\n", ""); FPS "%-25s p \t prohibited (explicitly distrusted)\n", ""); FPS "%-25s P \t trusted peer\n", ""); FPS "%-25s c \t valid CA\n", ""); FPS "%-25s T \t trusted CA to issue client certs (implies c)\n", ""); FPS "%-25s C \t trusted CA to issue server certs (implies c)\n", ""); FPS "%-25s u \t user cert\n", ""); FPS "%-25s w \t send warning\n", ""); FPS "%-25s g \t make step-up cert\n", ""); FPS "%-20s Specify the password file\n", " -f pwfile"); FPS "%-20s Cert database directory (default is ~/.netscape)\n", " -d certdir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); FPS "%-20s The input certificate is encoded in ASCII (RFC1113)\n", " -a"); FPS "%-20s Specify the certificate file (default is stdin)\n", " -i input"); FPS "\n"); } static void luC(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "C")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Create a new binary certificate from a BINARY cert request\n", "-C"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s The nickname of the issuer cert\n", " -c issuer-name"); FPS "%-20s The BINARY certificate request file\n", " -i cert-request "); FPS "%-20s Output binary cert to this file (default is stdout)\n", " -o output-cert"); FPS "%-20s Self sign\n", " -x"); FPS "%-20s Sign the certificate with RSA-PSS (the issuer key must be rsa)\n", " --pss-sign"); FPS "%-20s Cert serial number\n", " -m serial-number"); FPS "%-20s Time Warp\n", " -w warp-months"); FPS "%-20s Months valid (default is 3)\n", " -v months-valid"); FPS "%-20s Specify the password file\n", " -f pwfile"); FPS "%-20s Cert database directory (default is ~/.netscape)\n", " -d certdir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); FPS "%-20s \n" "%-20s Specify the hash algorithm to use. Possible keywords:\n" "%-20s \"MD2\", \"MD4\", \"MD5\", \"SHA1\", \"SHA224\",\n" "%-20s \"SHA256\", \"SHA384\", \"SHA512\"\n", " -Z hashAlg", "", "", ""); FPS "%-20s \n" "%-20s Create key usage extension. Possible keywords:\n" "%-20s \"digitalSignature\", \"nonRepudiation\", \"keyEncipherment\",\n" "%-20s \"dataEncipherment\", \"keyAgreement\", \"certSigning\",\n" "%-20s \"crlSigning\", \"critical\"\n", " -1 | --keyUsage keyword,keyword,...", "", "", "", ""); FPS "%-20s Create basic constraint extension\n", " -2 "); FPS "%-20s Create authority key ID extension\n", " -3 "); FPS "%-20s Create crl distribution point extension\n", " -4 "); FPS "%-20s \n" "%-20s Create netscape cert type extension. Possible keywords:\n" "%-20s \"sslClient\", \"sslServer\", \"smime\", \"objectSigning\",\n" "%-20s \"sslCA\", \"smimeCA\", \"objectSigningCA\", \"critical\".\n", " -5 | --nsCertType keyword,keyword,... ", "", "", ""); FPS "%-20s \n" "%-20s Create extended key usage extension. Possible keywords:\n" "%-20s \"serverAuth\", \"clientAuth\",\"codeSigning\",\n" "%-20s \"emailProtection\", \"timeStamp\",\"ocspResponder\",\n" "%-20s \"stepUp\", \"msTrustListSign\", \"critical\"\n", " -6 | --extKeyUsage keyword,keyword,...", "", "", "", ""); FPS "%-20s Create an email subject alt name extension\n", " -7 emailAddrs"); FPS "%-20s Create an dns subject alt name extension\n", " -8 dnsNames"); FPS "%-20s The input certificate request is encoded in ASCII (RFC1113)\n", " -a"); FPS "\n"); } static void luG(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "G")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Generate a new key pair\n", "-G"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s Name of token in which to generate key (default is internal)\n", " -h token-name"); FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", " -k key-type"); FPS "%-20s Key size in bits, (min %d, max %d, default %d) (not for ec)\n", " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); FPS "%-20s Set the public exponent value (3, 17, 65537) (rsa only)\n", " -y exp"); FPS "%-20s Specify the password file\n", " -f password-file"); FPS "%-20s Specify the noise file to be used\n", " -z noisefile"); FPS "%-20s read PQG value from pqgfile (dsa only)\n", " -q pqgfile"); FPS "%-20s Elliptic curve name (ec only)\n", " -q curve-name"); FPS "%-20s One of nistp256, nistp384, nistp521, curve25519.\n", ""); FPS "%-20s If a custom token is present, the following curves are also supported:\n", ""); FPS "%-20s sect163k1, nistk163, sect163r1, sect163r2,\n", ""); FPS "%-20s nistb163, sect193r1, sect193r2, sect233k1, nistk233,\n", ""); FPS "%-20s sect233r1, nistb233, sect239k1, sect283k1, nistk283,\n", ""); FPS "%-20s sect283r1, nistb283, sect409k1, nistk409, sect409r1,\n", ""); FPS "%-20s nistb409, sect571k1, nistk571, sect571r1, nistb571,\n", ""); FPS "%-20s secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,\n", ""); FPS "%-20s nistp192, secp224k1, secp224r1, nistp224, secp256k1,\n", ""); FPS "%-20s secp256r1, secp384r1, secp521r1,\n", ""); FPS "%-20s prime192v1, prime192v2, prime192v3, \n", ""); FPS "%-20s prime239v1, prime239v2, prime239v3, c2pnb163v1, \n", ""); FPS "%-20s c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1, \n", ""); FPS "%-20s c2tnb191v2, c2tnb191v3, \n", ""); FPS "%-20s c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, \n", ""); FPS "%-20s c2pnb272w1, c2pnb304w1, \n", ""); FPS "%-20s c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, \n", ""); FPS "%-20s secp112r2, secp128r1, secp128r2, sect113r1, sect113r2\n", ""); FPS "%-20s sect131r1, sect131r2\n", ""); FPS "%-20s Key database directory (default is ~/.netscape)\n", " -d keydir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); FPS "%-20s\n" "%-20s PKCS #11 key Attributes.\n", " --keyAttrFlags attrflags", ""); FPS "%-20s Comma separated list of key attribute attribute flags,\n", ""); FPS "%-20s selected from the following list of choices:\n", ""); FPS "%-20s {token | session} {public | private} {sensitive | insensitive}\n", ""); FPS "%-20s {modifiable | unmodifiable} {extractable | unextractable}\n", ""); FPS "%-20s\n", " --keyOpFlagsOn opflags"); FPS "%-20s\n" "%-20s PKCS #11 key Operation Flags.\n", " --keyOpFlagsOff opflags", ""); FPS "%-20s Comma separated list of one or more of the following:\n", ""); FPS "%-20s encrypt, decrypt, sign, sign_recover, verify,\n", ""); FPS "%-20s verify_recover, wrap, unwrap, derive\n", ""); FPS "\n"); } static void luD(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "D")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Delete a certificate from the database\n", "-D"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s The nickname of the cert to delete\n", " -n cert-name"); FPS "%-20s Cert database directory (default is ~/.netscape)\n", " -d certdir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); FPS "\n"); } static void luF(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "F")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Delete a key from the database\n", "-F"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s The nickname of the key to delete\n", " -n cert-name"); FPS "%-20s Cert database directory (default is ~/.netscape)\n", " -d certdir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); FPS "\n"); } static void luU(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "U")); if (ul == usage_all || !command || is_my_command) FPS "%-15s List all modules\n", /*, or print out a single named module\n",*/ "-U"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s Module database directory (default is '~/.netscape')\n", " -d moddir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); FPS "%-20s force the database to open R/W\n", " -X"); FPS "\n"); } static void luK(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "K")); if (ul == usage_all || !command || is_my_command) FPS "%-15s List all private keys\n", "-K"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s Name of token to search (\"all\" for all tokens)\n", " -h token-name "); FPS "%-20s Key type (\"all\" (default), \"dsa\"," " \"ec\"," " \"rsa\")\n", " -k key-type"); FPS "%-20s The nickname of the key or associated certificate\n", " -n name"); FPS "%-20s Specify the password file\n", " -f password-file"); FPS "%-20s Key database directory (default is ~/.netscape)\n", " -d keydir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); FPS "%-20s force the database to open R/W\n", " -X"); FPS "\n"); } static void luL(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "L")); if (ul == usage_all || !command || is_my_command) FPS "%-15s List all certs, or print out a single named cert (or a subset)\n", "-L"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s Name of token to search (\"all\" for all tokens)\n", " -h token-name "); FPS "%-20s Pretty print named cert (list all if unspecified)\n", " -n cert-name"); FPS "%-20s \n" "%-20s Pretty print cert with email address (list all if unspecified)\n", " --email email-address", ""); FPS "%-20s Cert database directory (default is ~/.netscape)\n", " -d certdir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); FPS "%-20s force the database to open R/W\n", " -X"); FPS "%-20s For single cert, print binary DER encoding\n", " -r"); FPS "%-20s For single cert, print ASCII encoding (RFC1113)\n", " -a"); FPS "%-20s \n" "%-20s For single cert, print binary DER encoding of extension OID\n", " --dump-ext-val OID", ""); FPS "\n"); } static void luM(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "M")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Modify trust attributes of certificate\n", "-M"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s The nickname of the cert to modify\n", " -n cert-name"); FPS "%-20s Set the certificate trust attributes (see -A above)\n", " -t trustargs"); FPS "%-20s Cert database directory (default is ~/.netscape)\n", " -d certdir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); FPS "\n"); } static void luN(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "N")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Create a new certificate database\n", "-N"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s Cert database directory (default is ~/.netscape)\n", " -d certdir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); FPS "%-20s Specify the password file\n", " -f password-file"); FPS "%-20s use empty password when creating a new database\n", " --empty-password"); FPS "\n"); } static void luT(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "T")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Reset the Key database or token\n", "-T"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s Cert database directory (default is ~/.netscape)\n", " -d certdir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); FPS "%-20s Token to reset (default is internal)\n", " -h token-name"); FPS "%-20s Set token's Site Security Officer password\n", " -0 SSO-password"); FPS "\n"); } static void luO(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "O")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Print the chain of a certificate\n", "-O"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s The nickname of the cert to modify\n", " -n cert-name"); FPS "%-20s Cert database directory (default is ~/.netscape)\n", " -d certdir"); FPS "%-20s Input the certificate in ASCII (RFC1113); default is binary\n", " -a"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); FPS "%-20s force the database to open R/W\n", " -X"); FPS "\n"); } static void luR(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "R")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Generate a certificate request (stdout)\n", "-R"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s Specify the subject name (using RFC1485)\n", " -s subject"); FPS "%-20s Output the cert request to this file\n", " -o output-req"); FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", " -k key-type-or-id"); FPS "%-20s or nickname of the cert key to use \n", ""); FPS "%-20s Name of token in which to generate key (default is internal)\n", " -h token-name"); FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n", " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); FPS "%-20s Create a certificate request restricted to RSA-PSS (rsa only)\n", " --pss"); FPS "%-20s Name of file containing PQG parameters (dsa only)\n", " -q pqgfile"); FPS "%-20s Elliptic curve name (ec only)\n", " -q curve-name"); FPS "%-20s See the \"-G\" option for a full list of supported names.\n", ""); FPS "%-20s Specify the password file\n", " -f pwfile"); FPS "%-20s Key database directory (default is ~/.netscape)\n", " -d keydir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n", " -p phone"); FPS "%-20s \n" "%-20s Specify the hash algorithm to use. Possible keywords:\n" "%-20s \"MD2\", \"MD4\", \"MD5\", \"SHA1\", \"SHA224\",\n" "%-20s \"SHA256\", \"SHA384\", \"SHA512\"\n", " -Z hashAlg", "", "", ""); FPS "%-20s Output the cert request in ASCII (RFC1113); default is binary\n", " -a"); FPS "%-20s \n", " See -S for available extension options"); FPS "%-20s \n", " See -G for available key flag options"); FPS "\n"); } static void luV(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "V")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Validate a certificate\n", "-V"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s The nickname of the cert to Validate\n", " -n cert-name"); FPS "%-20s validity time (\"YYMMDDHHMMSS[+HHMM|-HHMM|Z]\")\n", " -b time"); FPS "%-20s Check certificate signature \n", " -e "); FPS "%-20s Specify certificate usage:\n", " -u certusage"); FPS "%-25s C \t SSL Client\n", ""); FPS "%-25s V \t SSL Server\n", ""); FPS "%-25s L \t SSL CA\n", ""); FPS "%-25s A \t Any CA\n", ""); FPS "%-25s Y \t Verify CA\n", ""); FPS "%-25s S \t Email signer\n", ""); FPS "%-25s R \t Email Recipient\n", ""); FPS "%-25s O \t OCSP status responder\n", ""); FPS "%-25s J \t Object signer\n", ""); FPS "%-20s Cert database directory (default is ~/.netscape)\n", " -d certdir"); FPS "%-20s Input the certificate in ASCII (RFC1113); default is binary\n", " -a"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); FPS "%-20s force the database to open R/W\n", " -X"); FPS "\n"); } static void luW(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "W")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Change the key database password\n", "-W"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s cert and key database directory\n", " -d certdir"); FPS "%-20s Specify a file with the current password\n", " -f pwfile"); FPS "%-20s Specify a file with the new password in two lines\n", " -@ newpwfile"); FPS "\n"); } static void luRename(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "rename")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Change the database nickname of a certificate\n", "--rename"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s The old nickname of the cert to rename\n", " -n cert-name"); FPS "%-20s The new nickname of the cert to rename\n", " --new-n new-name"); FPS "%-20s Cert database directory (default is ~/.netscape)\n", " -d certdir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); FPS "\n"); } static void luUpgradeMerge(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "upgrade-merge")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Upgrade an old database and merge it into a new one\n", "--upgrade-merge"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s Cert database directory to merge into (default is ~/.netscape)\n", " -d certdir"); FPS "%-20s Cert & Key database prefix of the target database\n", " -P dbprefix"); FPS "%-20s Specify the password file for the target database\n", " -f pwfile"); FPS "%-20s \n%-20s Cert database directory to upgrade from\n", " --source-dir certdir", ""); FPS "%-20s \n%-20s Cert & Key database prefix of the upgrade database\n", " --source-prefix dbprefix", ""); FPS "%-20s \n%-20s Unique identifier for the upgrade database\n", " --upgrade-id uniqueID", ""); FPS "%-20s \n%-20s Name of the token while it is in upgrade state\n", " --upgrade-token-name name", ""); FPS "%-20s Specify the password file for the upgrade database\n", " -@ pwfile"); FPS "\n"); } static void luMerge(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "merge")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Merge source database into the target database\n", "--merge"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s Cert database directory of target (default is ~/.netscape)\n", " -d certdir"); FPS "%-20s Cert & Key database prefix of the target database\n", " -P dbprefix"); FPS "%-20s Specify the password file for the target database\n", " -f pwfile"); FPS "%-20s \n%-20s Cert database directory of the source database\n", " --source-dir certdir", ""); FPS "%-20s \n%-20s Cert & Key database prefix of the source database\n", " --source-prefix dbprefix", ""); FPS "%-20s Specify the password file for the source database\n", " -@ pwfile"); FPS "\n"); } static void luS(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "S")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Make a certificate and add to database\n", "-S"); if (ul == usage_selected && !is_my_command) return; FPS "%-20s Specify the nickname of the cert\n", " -n key-name"); FPS "%-20s Specify the subject name (using RFC1485)\n", " -s subject"); FPS "%-20s The nickname of the issuer cert\n", " -c issuer-name"); FPS "%-20s Set the certificate trust attributes (see -A above)\n", " -t trustargs"); FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", " -k key-type-or-id"); FPS "%-20s Name of token in which to generate key (default is internal)\n", " -h token-name"); FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n", " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); FPS "%-20s Create a certificate restricted to RSA-PSS (rsa only)\n", " --pss"); FPS "%-20s Name of file containing PQG parameters (dsa only)\n", " -q pqgfile"); FPS "%-20s Elliptic curve name (ec only)\n", " -q curve-name"); FPS "%-20s See the \"-G\" option for a full list of supported names.\n", ""); FPS "%-20s Self sign\n", " -x"); FPS "%-20s Sign the certificate with RSA-PSS (the issuer key must be rsa)\n", " --pss-sign"); FPS "%-20s Cert serial number\n", " -m serial-number"); FPS "%-20s Time Warp\n", " -w warp-months"); FPS "%-20s Months valid (default is 3)\n", " -v months-valid"); FPS "%-20s Specify the password file\n", " -f pwfile"); FPS "%-20s Cert database directory (default is ~/.netscape)\n", " -d certdir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n", " -p phone"); FPS "%-20s \n" "%-20s Specify the hash algorithm to use. Possible keywords:\n" "%-20s \"MD2\", \"MD4\", \"MD5\", \"SHA1\", \"SHA224\",\n" "%-20s \"SHA256\", \"SHA384\", \"SHA512\"\n", " -Z hashAlg", "", "", ""); FPS "%-20s Create key usage extension\n", " -1 "); FPS "%-20s Create basic constraint extension\n", " -2 "); FPS "%-20s Create authority key ID extension\n", " -3 "); FPS "%-20s Create crl distribution point extension\n", " -4 "); FPS "%-20s Create netscape cert type extension\n", " -5 "); FPS "%-20s Create extended key usage extension\n", " -6 "); FPS "%-20s Create an email subject alt name extension\n", " -7 emailAddrs "); FPS "%-20s Create a DNS subject alt name extension\n", " -8 DNS-names"); FPS "%-20s Create an Authority Information Access extension\n", " --extAIA "); FPS "%-20s Create a Subject Information Access extension\n", " --extSIA "); FPS "%-20s Create a Certificate Policies extension\n", " --extCP "); FPS "%-20s Create a Policy Mappings extension\n", " --extPM "); FPS "%-20s Create a Policy Constraints extension\n", " --extPC "); FPS "%-20s Create an Inhibit Any Policy extension\n", " --extIA "); FPS "%-20s Create a subject key ID extension\n", " --extSKID "); FPS "%-20s \n", " See -G for available key flag options"); FPS "%-20s Create a name constraints extension\n", " --extNC "); FPS "%-20s \n" "%-20s Create a Subject Alt Name extension with one or multiple names\n", " --extSAN type:name[,type:name]...", ""); FPS "%-20s - type: directory, dn, dns, edi, ediparty, email, ip, ipaddr,\n", ""); FPS "%-20s other, registerid, rfc822, uri, x400, x400addr\n", ""); FPS "%-20s \n" "%-20s Add one or multiple extensions that certutil cannot encode yet,\n" "%-20s by loading their encodings from external files.\n", " --extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...", "", ""); FPS "%-20s - OID (example): 1.2.3.4\n", ""); FPS "%-20s - critical-flag: critical or not-critical\n", ""); FPS "%-20s - filename: full path to a file containing an encoded extension\n", ""); FPS "\n"); } static void luBuildFlags(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "build-flags")); if (ul == usage_all || !command || is_my_command) FPS "%-15s Print enabled build flags relevant for NSS test execution\n", "--build-flags"); if (ul == usage_selected && !is_my_command) return; FPS "\n"); } static void LongUsage(char *progName, enum usage_level ul, const char *command) { luA(ul, command); luB(ul, command); luE(ul, command); luC(ul, command); luG(ul, command); luD(ul, command); luRename(ul, command); luF(ul, command); luU(ul, command); luK(ul, command); luL(ul, command); luBuildFlags(ul, command); luM(ul, command); luN(ul, command); luT(ul, command); luO(ul, command); luR(ul, command); luV(ul, command); luW(ul, command); luUpgradeMerge(ul, command); luMerge(ul, command); luS(ul, command); #undef FPS } static void Usage(char *progName) { PR_fprintf(PR_STDERR, "%s - Utility to manipulate NSS certificate databases\n\n" "Usage: %s -d \n\n" "Valid commands:\n", progName, progName); LongUsage(progName, usage_selected, NULL); PR_fprintf(PR_STDERR, "\n" "%s -H : Print available options for the given command\n" "%s -H : Print complete help output of all commands and options\n" "%s --syntax : Print a short summary of all commands and options\n", progName, progName, progName); exit(1); } static CERTCertificate * MakeV1Cert(CERTCertDBHandle *handle, CERTCertificateRequest *req, char *issuerNickName, PRBool selfsign, unsigned int serialNumber, int warpmonths, int validityMonths) { CERTCertificate *issuerCert = NULL; CERTValidity *validity; CERTCertificate *cert = NULL; PRExplodedTime printableTime; PRTime now, after; if (!selfsign) { issuerCert = CERT_FindCertByNicknameOrEmailAddr(handle, issuerNickName); if (!issuerCert) { SECU_PrintError(progName, "could not find certificate named \"%s\"", issuerNickName); return NULL; } } now = PR_Now(); PR_ExplodeTime(now, PR_GMTParameters, &printableTime); if (warpmonths) { printableTime.tm_month += warpmonths; now = PR_ImplodeTime(&printableTime); PR_ExplodeTime(now, PR_GMTParameters, &printableTime); } printableTime.tm_month += validityMonths; after = PR_ImplodeTime(&printableTime); /* note that the time is now in micro-second unit */ validity = CERT_CreateValidity(now, after); if (validity) { cert = CERT_CreateCertificate(serialNumber, (selfsign ? &req->subject : &issuerCert->subject), validity, req); CERT_DestroyValidity(validity); } if (issuerCert) { CERT_DestroyCertificate(issuerCert); } return (cert); } static SECStatus SetSignatureAlgorithm(PLArenaPool *arena, SECAlgorithmID *signAlg, SECAlgorithmID *spkiAlg, SECOidTag hashAlgTag, SECKEYPrivateKey *privKey, PRBool pssSign) { SECStatus rv; if (pssSign || SECOID_GetAlgorithmTag(spkiAlg) == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) { SECItem *srcParams; SECItem *params; if (SECOID_GetAlgorithmTag(spkiAlg) == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) { srcParams = &spkiAlg->parameters; } else { /* If the issuer's public key is RSA, the parameter field * of the SPKI should be NULL, which can't be used as a * basis of RSA-PSS parameters. */ srcParams = NULL; } params = SEC_CreateSignatureAlgorithmParameters(arena, NULL, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, hashAlgTag, srcParams, privKey); if (!params) { SECU_PrintError(progName, "Could not create RSA-PSS parameters"); return SECFailure; } rv = SECOID_SetAlgorithmID(arena, signAlg, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, params); if (rv != SECSuccess) { SECU_PrintError(progName, "Could not set signature algorithm id."); return rv; } } else { KeyType keyType = SECKEY_GetPrivateKeyType(privKey); SECOidTag algID; algID = SEC_GetSignatureAlgorithmOidTag(keyType, hashAlgTag); if (algID == SEC_OID_UNKNOWN) { SECU_PrintError(progName, "Unknown key or hash type for issuer."); return SECFailure; } rv = SECOID_SetAlgorithmID(arena, signAlg, algID, 0); if (rv != SECSuccess) { SECU_PrintError(progName, "Could not set signature algorithm id."); return rv; } } return SECSuccess; } static SECStatus SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign, SECOidTag hashAlgTag, SECKEYPrivateKey *privKey, char *issuerNickName, int certVersion, PRBool pssSign, void *pwarg) { SECItem der; SECKEYPrivateKey *caPrivateKey = NULL; SECStatus rv; PLArenaPool *arena; CERTCertificate *issuer; void *dummy; arena = cert->arena; if (selfsign) { issuer = cert; } else { issuer = PK11_FindCertFromNickname(issuerNickName, pwarg); if ((CERTCertificate *)NULL == issuer) { SECU_PrintError(progName, "unable to find issuer with nickname %s", issuerNickName); rv = SECFailure; goto done; } privKey = caPrivateKey = PK11_FindKeyByAnyCert(issuer, pwarg); if (caPrivateKey == NULL) { SECU_PrintError(progName, "unable to retrieve key %s", issuerNickName); rv = SECFailure; CERT_DestroyCertificate(issuer); goto done; } } if (pssSign && (SECKEY_GetPrivateKeyType(privKey) != rsaKey && SECKEY_GetPrivateKeyType(privKey) != rsaPssKey)) { SECU_PrintError(progName, "unable to create RSA-PSS signature with key %s", issuerNickName); rv = SECFailure; if (!selfsign) { CERT_DestroyCertificate(issuer); } goto done; } rv = SetSignatureAlgorithm(arena, &cert->signature, &issuer->subjectPublicKeyInfo.algorithm, hashAlgTag, privKey, pssSign); if (!selfsign) { CERT_DestroyCertificate(issuer); } if (rv != SECSuccess) { goto done; } switch (certVersion) { case (SEC_CERTIFICATE_VERSION_1): /* The initial version for x509 certificates is version one * and this default value must be an implicit DER encoding. */ cert->version.data = NULL; cert->version.len = 0; break; case (SEC_CERTIFICATE_VERSION_2): case (SEC_CERTIFICATE_VERSION_3): case 3: /* unspecified format (would be version 4 certificate). */ *(cert->version.data) = certVersion; cert->version.len = 1; break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; goto done; } der.len = 0; der.data = NULL; dummy = SEC_ASN1EncodeItem(arena, &der, cert, SEC_ASN1_GET(CERT_CertificateTemplate)); if (!dummy) { fprintf(stderr, "Could not encode certificate.\n"); rv = SECFailure; goto done; } rv = SEC_DerSignDataWithAlgorithmID(arena, &cert->derCert, der.data, der.len, privKey, &cert->signature); if (rv != SECSuccess) { fprintf(stderr, "Could not sign encoded certificate data.\n"); /* result allocated out of the arena, it will be freed * when the arena is freed */ goto done; } done: if (caPrivateKey) { SECKEY_DestroyPrivateKey(caPrivateKey); } return rv; } static SECStatus CreateCert( CERTCertDBHandle *handle, PK11SlotInfo *slot, char *issuerNickName, const SECItem *certReqDER, SECKEYPrivateKey **selfsignprivkey, void *pwarg, SECOidTag hashAlgTag, unsigned int serialNumber, int warpmonths, int validityMonths, const char *emailAddrs, const char *dnsNames, PRBool ascii, PRBool selfsign, certutilExtnList extnList, const char *extGeneric, int certVersion, PRBool pssSign, SECItem *certDER) { void *extHandle = NULL; CERTCertificate *subjectCert = NULL; CERTCertificateRequest *certReq = NULL; SECStatus rv = SECSuccess; CERTCertExtension **CRexts; do { /* Create a certrequest object from the input cert request der */ certReq = GetCertRequest(certReqDER, pwarg); if (certReq == NULL) { GEN_BREAK(SECFailure) } subjectCert = MakeV1Cert(handle, certReq, issuerNickName, selfsign, serialNumber, warpmonths, validityMonths); if (subjectCert == NULL) { GEN_BREAK(SECFailure) } extHandle = CERT_StartCertExtensions(subjectCert); if (extHandle == NULL) { GEN_BREAK(SECFailure) } rv = AddExtensions(extHandle, emailAddrs, dnsNames, extnList, extGeneric); if (rv != SECSuccess) { GEN_BREAK(SECFailure) } if (certReq->attributes != NULL && certReq->attributes[0] != NULL && certReq->attributes[0]->attrType.data != NULL && certReq->attributes[0]->attrType.len > 0 && SECOID_FindOIDTag(&certReq->attributes[0]->attrType) == SEC_OID_PKCS9_EXTENSION_REQUEST) { rv = CERT_GetCertificateRequestExtensions(certReq, &CRexts); if (rv != SECSuccess) break; rv = CERT_MergeExtensions(extHandle, CRexts); if (rv != SECSuccess) break; } CERT_FinishExtensions(extHandle); extHandle = NULL; /* self-signing a cert request, find the private key */ if (selfsign && *selfsignprivkey == NULL) { *selfsignprivkey = PK11_FindKeyByDERCert(slot, subjectCert, pwarg); if (!*selfsignprivkey) { fprintf(stderr, "Failed to locate private key.\n"); rv = SECFailure; break; } } rv = SignCert(handle, subjectCert, selfsign, hashAlgTag, *selfsignprivkey, issuerNickName, certVersion, pssSign, pwarg); if (rv != SECSuccess) break; rv = SECFailure; if (ascii) { char *asciiDER = BTOA_DataToAscii(subjectCert->derCert.data, subjectCert->derCert.len); if (asciiDER) { char *wrapped = PR_smprintf("%s\n%s\n%s\n", NS_CERT_HEADER, asciiDER, NS_CERT_TRAILER); if (wrapped) { PRUint32 wrappedLen = PL_strlen(wrapped); if (SECITEM_AllocItem(NULL, certDER, wrappedLen)) { PORT_Memcpy(certDER->data, wrapped, wrappedLen); rv = SECSuccess; } PR_smprintf_free(wrapped); } PORT_Free(asciiDER); } } else { rv = SECITEM_CopyItem(NULL, certDER, &subjectCert->derCert); } } while (0); if (extHandle) { CERT_FinishExtensions(extHandle); } CERT_DestroyCertificateRequest(certReq); CERT_DestroyCertificate(subjectCert); if (rv != SECSuccess) { PRErrorCode perr = PR_GetError(); fprintf(stderr, "%s: unable to create cert (%s)\n", progName, SECU_Strerror(perr)); } return (rv); } /* * map a class to a user presentable string */ static const char *objClassArray[] = { "Data", "Certificate", "Public Key", "Private Key", "Secret Key", "Hardware Feature", "Domain Parameters", "Mechanism" }; static const char *objNSSClassArray[] = { "CKO_NSS", "Crl", "SMIME Record", "Trust", "Builtin Root List" }; const char * getObjectClass(CK_ULONG classType) { static char buf[sizeof(CK_ULONG) * 2 + 3]; if (classType <= CKO_MECHANISM) { return objClassArray[classType]; } if (classType >= CKO_NSS && classType <= CKO_NSS_BUILTIN_ROOT_LIST) { return objNSSClassArray[classType - CKO_NSS]; } sprintf(buf, "0x%lx", classType); return buf; } typedef struct { char *name; int nameSize; CK_ULONG value; } flagArray; #define NAME_SIZE(x) #x, sizeof(#x) - 1 flagArray opFlagsArray[] = { { NAME_SIZE(encrypt), CKF_ENCRYPT }, { NAME_SIZE(decrypt), CKF_DECRYPT }, { NAME_SIZE(sign), CKF_SIGN }, { NAME_SIZE(sign_recover), CKF_SIGN_RECOVER }, { NAME_SIZE(verify), CKF_VERIFY }, { NAME_SIZE(verify_recover), CKF_VERIFY_RECOVER }, { NAME_SIZE(wrap), CKF_WRAP }, { NAME_SIZE(unwrap), CKF_UNWRAP }, { NAME_SIZE(derive), CKF_DERIVE }, }; int opFlagsCount = sizeof(opFlagsArray) / sizeof(flagArray); flagArray attrFlagsArray[] = { { NAME_SIZE(token), PK11_ATTR_TOKEN }, { NAME_SIZE(session), PK11_ATTR_SESSION }, { NAME_SIZE(private), PK11_ATTR_PRIVATE }, { NAME_SIZE(public), PK11_ATTR_PUBLIC }, { NAME_SIZE(modifiable), PK11_ATTR_MODIFIABLE }, { NAME_SIZE(unmodifiable), PK11_ATTR_UNMODIFIABLE }, { NAME_SIZE(sensitive), PK11_ATTR_SENSITIVE }, { NAME_SIZE(insensitive), PK11_ATTR_INSENSITIVE }, { NAME_SIZE(extractable), PK11_ATTR_EXTRACTABLE }, { NAME_SIZE(unextractable), PK11_ATTR_UNEXTRACTABLE } }; int attrFlagsCount = sizeof(attrFlagsArray) / sizeof(flagArray); #define MAX_STRING 30 CK_ULONG GetFlags(char *flagsString, flagArray *flagArray, int count) { CK_ULONG flagsValue = strtol(flagsString, NULL, 0); int i; if ((flagsValue != 0) || (*flagsString == 0)) { return flagsValue; } while (*flagsString) { for (i = 0; i < count; i++) { if (strncmp(flagsString, flagArray[i].name, flagArray[i].nameSize) == 0) { flagsValue |= flagArray[i].value; flagsString += flagArray[i].nameSize; if (*flagsString != 0) { flagsString++; } break; } } if (i == count) { char name[MAX_STRING]; char *tok; strncpy(name, flagsString, MAX_STRING); name[MAX_STRING - 1] = 0; tok = strchr(name, ','); if (tok) { *tok = 0; } fprintf(stderr, "Unknown flag (%s)\n", name); tok = strchr(flagsString, ','); if (tok == NULL) { break; } flagsString = tok + 1; } } return flagsValue; } CK_FLAGS GetOpFlags(char *flags) { return GetFlags(flags, opFlagsArray, opFlagsCount); } PK11AttrFlags GetAttrFlags(char *flags) { return GetFlags(flags, attrFlagsArray, attrFlagsCount); } char * mkNickname(unsigned char *data, int len) { char *nick = PORT_Alloc(len + 1); if (!nick) { return nick; } PORT_Memcpy(nick, data, len); nick[len] = 0; return nick; } /* * dump a PK11_MergeTokens error log to the console */ void DumpMergeLog(const char *progname, PK11MergeLog *log) { PK11MergeLogNode *node; for (node = log->head; node; node = node->next) { SECItem attrItem; char *nickname = NULL; const char *objectClass = NULL; SECStatus rv; attrItem.data = NULL; rv = PK11_ReadRawAttribute(PK11_TypeGeneric, node->object, CKA_LABEL, &attrItem); if (rv == SECSuccess) { nickname = mkNickname(attrItem.data, attrItem.len); PORT_Free(attrItem.data); } attrItem.data = NULL; rv = PK11_ReadRawAttribute(PK11_TypeGeneric, node->object, CKA_CLASS, &attrItem); if (rv == SECSuccess) { if (attrItem.len == sizeof(CK_ULONG)) { objectClass = getObjectClass(*(CK_ULONG *)attrItem.data); } PORT_Free(attrItem.data); } fprintf(stderr, "%s: Could not merge object %s (type %s): %s\n", progName, nickname ? nickname : "unnamed", objectClass ? objectClass : "unknown", SECU_Strerror(node->error)); if (nickname) { PORT_Free(nickname); } } } /* Certutil commands */ enum { cmd_AddCert = 0, cmd_CreateNewCert, cmd_DeleteCert, cmd_AddEmailCert, cmd_DeleteKey, cmd_GenKeyPair, cmd_PrintHelp, cmd_PrintSyntax, cmd_ListKeys, cmd_ListCerts, cmd_ModifyCertTrust, cmd_NewDBs, cmd_DumpChain, cmd_CertReq, cmd_CreateAndAddCert, cmd_TokenReset, cmd_ListModules, cmd_CheckCertValidity, cmd_ChangePassword, cmd_Version, cmd_Batch, cmd_Merge, cmd_UpgradeMerge, /* test only */ cmd_Rename, cmd_BuildFlags, max_cmd }; /* Certutil options */ enum certutilOpts { opt_SSOPass = 0, opt_AddKeyUsageExt, opt_AddBasicConstraintExt, opt_AddAuthorityKeyIDExt, opt_AddCRLDistPtsExt, opt_AddNSCertTypeExt, opt_AddExtKeyUsageExt, opt_ExtendedEmailAddrs, opt_ExtendedDNSNames, opt_ASCIIForIO, opt_ValidityTime, opt_IssuerName, opt_CertDir, opt_VerifySig, opt_PasswordFile, opt_KeySize, opt_TokenName, opt_InputFile, opt_Emailaddress, opt_KeyIndex, opt_KeyType, opt_DetailedInfo, opt_SerialNumber, opt_Nickname, opt_OutputFile, opt_PhoneNumber, opt_DBPrefix, opt_PQGFile, opt_BinaryDER, opt_Subject, opt_Trust, opt_Usage, opt_Validity, opt_OffsetMonths, opt_SelfSign, opt_RW, opt_Exponent, opt_NoiseFile, opt_Hash, opt_NewPasswordFile, opt_AddAuthInfoAccExt, opt_AddSubjInfoAccExt, opt_AddCertPoliciesExt, opt_AddPolicyMapExt, opt_AddPolicyConstrExt, opt_AddInhibAnyExt, opt_AddNameConstraintsExt, opt_AddSubjectKeyIDExt, opt_AddCmdKeyUsageExt, opt_AddCmdNSCertTypeExt, opt_AddCmdExtKeyUsageExt, opt_SourceDir, opt_SourcePrefix, opt_UpgradeID, opt_UpgradeTokenName, opt_KeyOpFlagsOn, opt_KeyOpFlagsOff, opt_KeyAttrFlags, opt_EmptyPassword, opt_CertVersion, opt_AddSubjectAltNameExt, opt_DumpExtensionValue, opt_GenericExtensions, opt_NewNickname, opt_Pss, opt_PssSign, opt_Help }; static const secuCommandFlag commands_init[] = { { /* cmd_AddCert */ 'A', PR_FALSE, 0, PR_FALSE }, { /* cmd_CreateNewCert */ 'C', PR_FALSE, 0, PR_FALSE }, { /* cmd_DeleteCert */ 'D', PR_FALSE, 0, PR_FALSE }, { /* cmd_AddEmailCert */ 'E', PR_FALSE, 0, PR_FALSE }, { /* cmd_DeleteKey */ 'F', PR_FALSE, 0, PR_FALSE }, { /* cmd_GenKeyPair */ 'G', PR_FALSE, 0, PR_FALSE }, { /* cmd_PrintHelp */ 'H', PR_FALSE, 0, PR_FALSE, "help" }, { /* cmd_PrintSyntax */ 0, PR_FALSE, 0, PR_FALSE, "syntax" }, { /* cmd_ListKeys */ 'K', PR_FALSE, 0, PR_FALSE }, { /* cmd_ListCerts */ 'L', PR_FALSE, 0, PR_FALSE }, { /* cmd_ModifyCertTrust */ 'M', PR_FALSE, 0, PR_FALSE }, { /* cmd_NewDBs */ 'N', PR_FALSE, 0, PR_FALSE }, { /* cmd_DumpChain */ 'O', PR_FALSE, 0, PR_FALSE }, { /* cmd_CertReq */ 'R', PR_FALSE, 0, PR_FALSE }, { /* cmd_CreateAndAddCert */ 'S', PR_FALSE, 0, PR_FALSE }, { /* cmd_TokenReset */ 'T', PR_FALSE, 0, PR_FALSE }, { /* cmd_ListModules */ 'U', PR_FALSE, 0, PR_FALSE }, { /* cmd_CheckCertValidity */ 'V', PR_FALSE, 0, PR_FALSE }, { /* cmd_ChangePassword */ 'W', PR_FALSE, 0, PR_FALSE }, { /* cmd_Version */ 'Y', PR_FALSE, 0, PR_FALSE }, { /* cmd_Batch */ 'B', PR_FALSE, 0, PR_FALSE }, { /* cmd_Merge */ 0, PR_FALSE, 0, PR_FALSE, "merge" }, { /* cmd_UpgradeMerge */ 0, PR_FALSE, 0, PR_FALSE, "upgrade-merge" }, { /* cmd_Rename */ 0, PR_FALSE, 0, PR_FALSE, "rename" }, { /* cmd_BuildFlags */ 0, PR_FALSE, 0, PR_FALSE, "build-flags" } }; #define NUM_COMMANDS ((sizeof commands_init) / (sizeof commands_init[0])) static const secuCommandFlag options_init[] = { { /* opt_SSOPass */ '0', PR_TRUE, 0, PR_FALSE }, { /* opt_AddKeyUsageExt */ '1', PR_FALSE, 0, PR_FALSE }, { /* opt_AddBasicConstraintExt*/ '2', PR_FALSE, 0, PR_FALSE }, { /* opt_AddAuthorityKeyIDExt*/ '3', PR_FALSE, 0, PR_FALSE }, { /* opt_AddCRLDistPtsExt */ '4', PR_FALSE, 0, PR_FALSE }, { /* opt_AddNSCertTypeExt */ '5', PR_FALSE, 0, PR_FALSE }, { /* opt_AddExtKeyUsageExt */ '6', PR_FALSE, 0, PR_FALSE }, { /* opt_ExtendedEmailAddrs */ '7', PR_TRUE, 0, PR_FALSE }, { /* opt_ExtendedDNSNames */ '8', PR_TRUE, 0, PR_FALSE }, { /* opt_ASCIIForIO */ 'a', PR_FALSE, 0, PR_FALSE }, { /* opt_ValidityTime */ 'b', PR_TRUE, 0, PR_FALSE }, { /* opt_IssuerName */ 'c', PR_TRUE, 0, PR_FALSE }, { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE }, { /* opt_VerifySig */ 'e', PR_FALSE, 0, PR_FALSE }, { /* opt_PasswordFile */ 'f', PR_TRUE, 0, PR_FALSE }, { /* opt_KeySize */ 'g', PR_TRUE, 0, PR_FALSE }, { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE }, { /* opt_InputFile */ 'i', PR_TRUE, 0, PR_FALSE }, { /* opt_Emailaddress */ 0, PR_TRUE, 0, PR_FALSE, "email" }, { /* opt_KeyIndex */ 'j', PR_TRUE, 0, PR_FALSE }, { /* opt_KeyType */ 'k', PR_TRUE, 0, PR_FALSE }, { /* opt_DetailedInfo */ 'l', PR_FALSE, 0, PR_FALSE }, { /* opt_SerialNumber */ 'm', PR_TRUE, 0, PR_FALSE }, { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE }, { /* opt_OutputFile */ 'o', PR_TRUE, 0, PR_FALSE }, { /* opt_PhoneNumber */ 'p', PR_TRUE, 0, PR_FALSE }, { /* opt_DBPrefix */ 'P', PR_TRUE, 0, PR_FALSE }, { /* opt_PQGFile */ 'q', PR_TRUE, 0, PR_FALSE }, { /* opt_BinaryDER */ 'r', PR_FALSE, 0, PR_FALSE }, { /* opt_Subject */ 's', PR_TRUE, 0, PR_FALSE }, { /* opt_Trust */ 't', PR_TRUE, 0, PR_FALSE }, { /* opt_Usage */ 'u', PR_TRUE, 0, PR_FALSE }, { /* opt_Validity */ 'v', PR_TRUE, 0, PR_FALSE }, { /* opt_OffsetMonths */ 'w', PR_TRUE, 0, PR_FALSE }, { /* opt_SelfSign */ 'x', PR_FALSE, 0, PR_FALSE }, { /* opt_RW */ 'X', PR_FALSE, 0, PR_FALSE }, { /* opt_Exponent */ 'y', PR_TRUE, 0, PR_FALSE }, { /* opt_NoiseFile */ 'z', PR_TRUE, 0, PR_FALSE }, { /* opt_Hash */ 'Z', PR_TRUE, 0, PR_FALSE }, { /* opt_NewPasswordFile */ '@', PR_TRUE, 0, PR_FALSE }, { /* opt_AddAuthInfoAccExt */ 0, PR_FALSE, 0, PR_FALSE, "extAIA" }, { /* opt_AddSubjInfoAccExt */ 0, PR_FALSE, 0, PR_FALSE, "extSIA" }, { /* opt_AddCertPoliciesExt */ 0, PR_FALSE, 0, PR_FALSE, "extCP" }, { /* opt_AddPolicyMapExt */ 0, PR_FALSE, 0, PR_FALSE, "extPM" }, { /* opt_AddPolicyConstrExt */ 0, PR_FALSE, 0, PR_FALSE, "extPC" }, { /* opt_AddInhibAnyExt */ 0, PR_FALSE, 0, PR_FALSE, "extIA" }, { /* opt_AddNameConstraintsExt*/ 0, PR_FALSE, 0, PR_FALSE, "extNC" }, { /* opt_AddSubjectKeyIDExt */ 0, PR_FALSE, 0, PR_FALSE, "extSKID" }, { /* opt_AddCmdKeyUsageExt */ 0, PR_TRUE, 0, PR_FALSE, "keyUsage" }, { /* opt_AddCmdNSCertTypeExt */ 0, PR_TRUE, 0, PR_FALSE, "nsCertType" }, { /* opt_AddCmdExtKeyUsageExt*/ 0, PR_TRUE, 0, PR_FALSE, "extKeyUsage" }, { /* opt_SourceDir */ 0, PR_TRUE, 0, PR_FALSE, "source-dir" }, { /* opt_SourcePrefix */ 0, PR_TRUE, 0, PR_FALSE, "source-prefix" }, { /* opt_UpgradeID */ 0, PR_TRUE, 0, PR_FALSE, "upgrade-id" }, { /* opt_UpgradeTokenName */ 0, PR_TRUE, 0, PR_FALSE, "upgrade-token-name" }, { /* opt_KeyOpFlagsOn */ 0, PR_TRUE, 0, PR_FALSE, "keyOpFlagsOn" }, { /* opt_KeyOpFlagsOff */ 0, PR_TRUE, 0, PR_FALSE, "keyOpFlagsOff" }, { /* opt_KeyAttrFlags */ 0, PR_TRUE, 0, PR_FALSE, "keyAttrFlags" }, { /* opt_EmptyPassword */ 0, PR_FALSE, 0, PR_FALSE, "empty-password" }, { /* opt_CertVersion */ 0, PR_TRUE, 0, PR_FALSE, "certVersion" }, { /* opt_AddSubjectAltExt */ 0, PR_TRUE, 0, PR_FALSE, "extSAN" }, { /* opt_DumpExtensionValue */ 0, PR_TRUE, 0, PR_FALSE, "dump-ext-val" }, { /* opt_GenericExtensions */ 0, PR_TRUE, 0, PR_FALSE, "extGeneric" }, { /* opt_NewNickname */ 0, PR_TRUE, 0, PR_FALSE, "new-n" }, { /* opt_Pss */ 0, PR_FALSE, 0, PR_FALSE, "pss" }, { /* opt_PssSign */ 0, PR_FALSE, 0, PR_FALSE, "pss-sign" }, }; #define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0])) static secuCommandFlag certutil_commands[NUM_COMMANDS]; static secuCommandFlag certutil_options[NUM_OPTIONS]; static const secuCommand certutil = { NUM_COMMANDS, NUM_OPTIONS, certutil_commands, certutil_options }; static certutilExtnList certutil_extns; static int certutil_main(int argc, char **argv, PRBool initialize) { CERTCertDBHandle *certHandle; PK11SlotInfo *slot = NULL; CERTName *subject = 0; PRFileDesc *inFile = PR_STDIN; PRFileDesc *outFile = PR_STDOUT; SECItem certReqDER = { siBuffer, NULL, 0 }; SECItem certDER = { siBuffer, NULL, 0 }; const char *slotname = "internal"; const char *certPrefix = ""; char *sourceDir = ""; const char *srcCertPrefix = ""; char *upgradeID = ""; char *upgradeTokenName = ""; KeyType keytype = rsaKey; char *name = NULL; char *newName = NULL; char *email = NULL; char *keysource = NULL; SECOidTag hashAlgTag = SEC_OID_UNKNOWN; int keysize = DEFAULT_KEY_BITS; int publicExponent = 0x010001; int certVersion = SEC_CERTIFICATE_VERSION_3; unsigned int serialNumber = 0; int warpmonths = 0; int validityMonths = 3; int commandsEntered = 0; char commandToRun = '\0'; secuPWData pwdata = { PW_NONE, 0 }; secuPWData pwdata2 = { PW_NONE, 0 }; PRBool readOnly = PR_FALSE; PRBool initialized = PR_FALSE; CK_FLAGS keyOpFlagsOn = 0; CK_FLAGS keyOpFlagsOff = 0; PK11AttrFlags keyAttrFlags = PK11_ATTR_TOKEN | PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE; SECKEYPrivateKey *privkey = NULL; SECKEYPublicKey *pubkey = NULL; int i; SECStatus rv; progName = PORT_Strrchr(argv[0], '/'); progName = progName ? progName + 1 : argv[0]; memcpy(certutil_commands, commands_init, sizeof commands_init); memcpy(certutil_options, options_init, sizeof options_init); rv = SECU_ParseCommandLine(argc, argv, progName, &certutil); if (rv != SECSuccess) Usage(progName); if (certutil.commands[cmd_PrintSyntax].activated) { PrintSyntax(progName); } if (certutil.commands[cmd_PrintHelp].activated) { int i; char buf[2]; const char *command = NULL; for (i = 0; i < max_cmd; i++) { if (i == cmd_PrintHelp) continue; if (certutil.commands[i].activated) { if (certutil.commands[i].flag) { buf[0] = certutil.commands[i].flag; buf[1] = 0; command = buf; } else { command = certutil.commands[i].longform; } break; } } LongUsage(progName, (command ? usage_selected : usage_all), command); exit(1); } if (certutil.commands[cmd_BuildFlags].activated) { PrintBuildFlags(); } if (certutil.options[opt_PasswordFile].arg) { pwdata.source = PW_FROMFILE; pwdata.data = certutil.options[opt_PasswordFile].arg; } if (certutil.options[opt_NewPasswordFile].arg) { pwdata2.source = PW_FROMFILE; pwdata2.data = certutil.options[opt_NewPasswordFile].arg; } if (certutil.options[opt_CertDir].activated) SECU_ConfigDirectory(certutil.options[opt_CertDir].arg); if (certutil.options[opt_SourceDir].activated) sourceDir = certutil.options[opt_SourceDir].arg; if (certutil.options[opt_UpgradeID].activated) upgradeID = certutil.options[opt_UpgradeID].arg; if (certutil.options[opt_UpgradeTokenName].activated) upgradeTokenName = certutil.options[opt_UpgradeTokenName].arg; if (certutil.options[opt_KeySize].activated) { keysize = PORT_Atoi(certutil.options[opt_KeySize].arg); if ((keysize < MIN_KEY_BITS) || (keysize > MAX_KEY_BITS)) { PR_fprintf(PR_STDERR, "%s -g: Keysize must be between %d and %d.\n", progName, MIN_KEY_BITS, MAX_KEY_BITS); return 255; } if (keytype == ecKey) { PR_fprintf(PR_STDERR, "%s -g: Not for ec keys.\n", progName); return 255; } } /* -h specify token name */ if (certutil.options[opt_TokenName].activated) { if (PL_strcmp(certutil.options[opt_TokenName].arg, "all") == 0) slotname = NULL; else slotname = certutil.options[opt_TokenName].arg; } /* -Z hash type */ if (certutil.options[opt_Hash].activated) { char *arg = certutil.options[opt_Hash].arg; hashAlgTag = SECU_StringToSignatureAlgTag(arg); if (hashAlgTag == SEC_OID_UNKNOWN) { PR_fprintf(PR_STDERR, "%s -Z: %s is not a recognized type.\n", progName, arg); return 255; } } /* -k key type */ if (certutil.options[opt_KeyType].activated) { char *arg = certutil.options[opt_KeyType].arg; if (PL_strcmp(arg, "rsa") == 0) { keytype = rsaKey; } else if (PL_strcmp(arg, "dsa") == 0) { keytype = dsaKey; } else if (PL_strcmp(arg, "ec") == 0) { keytype = ecKey; } else if (PL_strcmp(arg, "all") == 0) { keytype = nullKey; } else { /* use an existing private/public key pair */ keysource = arg; } } else if (certutil.commands[cmd_ListKeys].activated) { keytype = nullKey; } if (certutil.options[opt_KeyOpFlagsOn].activated) { keyOpFlagsOn = GetOpFlags(certutil.options[opt_KeyOpFlagsOn].arg); } if (certutil.options[opt_KeyOpFlagsOff].activated) { keyOpFlagsOff = GetOpFlags(certutil.options[opt_KeyOpFlagsOff].arg); keyOpFlagsOn &= ~keyOpFlagsOff; /* make off override on */ } if (certutil.options[opt_KeyAttrFlags].activated) { keyAttrFlags = GetAttrFlags(certutil.options[opt_KeyAttrFlags].arg); } /* -m serial number */ if (certutil.options[opt_SerialNumber].activated) { int sn = PORT_Atoi(certutil.options[opt_SerialNumber].arg); if (sn < 0) { PR_fprintf(PR_STDERR, "%s -m: %s is not a valid serial number.\n", progName, certutil.options[opt_SerialNumber].arg); return 255; } serialNumber = sn; } /* -P certdb name prefix */ if (certutil.options[opt_DBPrefix].activated) { if (certutil.options[opt_DBPrefix].arg) { certPrefix = certutil.options[opt_DBPrefix].arg; } else { Usage(progName); } } /* --source-prefix certdb name prefix */ if (certutil.options[opt_SourcePrefix].activated) { if (certutil.options[opt_SourcePrefix].arg) { srcCertPrefix = certutil.options[opt_SourcePrefix].arg; } else { Usage(progName); } } /* -q PQG file or curve name */ if (certutil.options[opt_PQGFile].activated) { if ((keytype != dsaKey) && (keytype != ecKey)) { PR_fprintf(PR_STDERR, "%s -q: specifies a PQG file for DSA keys" " (-k dsa) or a named curve for EC keys (-k ec)\n)", progName); return 255; } } /* -s subject name */ if (certutil.options[opt_Subject].activated) { subject = CERT_AsciiToName(certutil.options[opt_Subject].arg); if (!subject) { PR_fprintf(PR_STDERR, "%s -s: improperly formatted name: \"%s\"\n", progName, certutil.options[opt_Subject].arg); return 255; } } /* -v validity period */ if (certutil.options[opt_Validity].activated) { validityMonths = PORT_Atoi(certutil.options[opt_Validity].arg); if (validityMonths < 0) { PR_fprintf(PR_STDERR, "%s -v: incorrect validity period: \"%s\"\n", progName, certutil.options[opt_Validity].arg); return 255; } } /* -w warp months */ if (certutil.options[opt_OffsetMonths].activated) warpmonths = PORT_Atoi(certutil.options[opt_OffsetMonths].arg); /* -y public exponent (for RSA) */ if (certutil.options[opt_Exponent].activated) { publicExponent = PORT_Atoi(certutil.options[opt_Exponent].arg); if ((publicExponent != 3) && (publicExponent != 17) && (publicExponent != 65537)) { PR_fprintf(PR_STDERR, "%s -y: incorrect public exponent %d.", progName, publicExponent); PR_fprintf(PR_STDERR, "Must be 3, 17, or 65537.\n"); return 255; } } /* --certVersion */ if (certutil.options[opt_CertVersion].activated) { certVersion = PORT_Atoi(certutil.options[opt_CertVersion].arg); if (certVersion < 1 || certVersion > 4) { PR_fprintf(PR_STDERR, "%s -certVersion: incorrect certificate version %d.", progName, certVersion); PR_fprintf(PR_STDERR, "Must be 1, 2, 3 or 4.\n"); return 255; } certVersion = certVersion - 1; } /* Check number of commands entered. */ commandsEntered = 0; for (i = 0; i < certutil.numCommands; i++) { if (certutil.commands[i].activated) { commandToRun = certutil.commands[i].flag; commandsEntered++; } if (commandsEntered > 1) break; } if (commandsEntered > 1) { PR_fprintf(PR_STDERR, "%s: only one command at a time!\n", progName); PR_fprintf(PR_STDERR, "You entered: "); for (i = 0; i < certutil.numCommands; i++) { if (certutil.commands[i].activated) PR_fprintf(PR_STDERR, " -%c", certutil.commands[i].flag); } PR_fprintf(PR_STDERR, "\n"); return 255; } if (commandsEntered == 0) { Usage(progName); } if (certutil.commands[cmd_ListCerts].activated || certutil.commands[cmd_PrintHelp].activated || certutil.commands[cmd_ListKeys].activated || certutil.commands[cmd_ListModules].activated || certutil.commands[cmd_CheckCertValidity].activated || certutil.commands[cmd_Version].activated) { readOnly = !certutil.options[opt_RW].activated; } /* -A, -D, -F, -M, -S, -V, and all require -n */ if ((certutil.commands[cmd_AddCert].activated || certutil.commands[cmd_DeleteCert].activated || certutil.commands[cmd_DeleteKey].activated || certutil.commands[cmd_DumpChain].activated || certutil.commands[cmd_ModifyCertTrust].activated || certutil.commands[cmd_CreateAndAddCert].activated || certutil.commands[cmd_CheckCertValidity].activated) && !certutil.options[opt_Nickname].activated) { PR_fprintf(PR_STDERR, "%s -%c: nickname is required for this command (-n).\n", progName, commandToRun); return 255; } /* -A, -E, -M, -S require trust */ if ((certutil.commands[cmd_AddCert].activated || certutil.commands[cmd_AddEmailCert].activated || certutil.commands[cmd_ModifyCertTrust].activated || certutil.commands[cmd_CreateAndAddCert].activated) && !certutil.options[opt_Trust].activated) { PR_fprintf(PR_STDERR, "%s -%c: trust is required for this command (-t).\n", progName, commandToRun); return 255; } /* if -L is given raw, ascii or dump mode, it must be for only one cert. */ if (certutil.commands[cmd_ListCerts].activated && (certutil.options[opt_ASCIIForIO].activated || certutil.options[opt_DumpExtensionValue].activated || certutil.options[opt_BinaryDER].activated) && !certutil.options[opt_Nickname].activated) { PR_fprintf(PR_STDERR, "%s: nickname is required to dump cert in raw or ascii mode.\n", progName); return 255; } /* -L can only be in (raw || ascii). */ if (certutil.commands[cmd_ListCerts].activated && certutil.options[opt_ASCIIForIO].activated && certutil.options[opt_BinaryDER].activated) { PR_fprintf(PR_STDERR, "%s: cannot specify both -r and -a when dumping cert.\n", progName); return 255; } /* If making a cert request, need a subject. */ if ((certutil.commands[cmd_CertReq].activated || certutil.commands[cmd_CreateAndAddCert].activated) && !(certutil.options[opt_Subject].activated || keysource)) { PR_fprintf(PR_STDERR, "%s -%c: subject is required to create a cert request.\n", progName, commandToRun); return 255; } /* If making a cert, need a serial number. */ if ((certutil.commands[cmd_CreateNewCert].activated || certutil.commands[cmd_CreateAndAddCert].activated) && !certutil.options[opt_SerialNumber].activated) { /* Make a default serial number from the current time. */ PRTime now = PR_Now(); LL_USHR(now, now, 19); LL_L2UI(serialNumber, now); } /* Validation needs the usage to validate for. */ if (certutil.commands[cmd_CheckCertValidity].activated && !certutil.options[opt_Usage].activated) { PR_fprintf(PR_STDERR, "%s -V: specify a usage to validate the cert for (-u).\n", progName); return 255; } /* Rename needs an old and a new nickname */ if (certutil.commands[cmd_Rename].activated && !(certutil.options[opt_Nickname].activated && certutil.options[opt_NewNickname].activated)) { PR_fprintf(PR_STDERR, "%s --rename: specify an old nickname (-n) and\n" " a new nickname (--new-n).\n", progName); return 255; } /* Upgrade/Merge needs a source database and a upgrade id. */ if (certutil.commands[cmd_UpgradeMerge].activated && !(certutil.options[opt_SourceDir].activated && certutil.options[opt_UpgradeID].activated)) { PR_fprintf(PR_STDERR, "%s --upgrade-merge: specify an upgrade database directory " "(--source-dir) and\n" " an upgrade ID (--upgrade-id).\n", progName); return 255; } /* Merge needs a source database */ if (certutil.commands[cmd_Merge].activated && !certutil.options[opt_SourceDir].activated) { PR_fprintf(PR_STDERR, "%s --merge: specify an source database directory " "(--source-dir)\n", progName); return 255; } /* To make a cert, need either a issuer or to self-sign it. */ if (certutil.commands[cmd_CreateAndAddCert].activated && !(certutil.options[opt_IssuerName].activated || certutil.options[opt_SelfSign].activated)) { PR_fprintf(PR_STDERR, "%s -S: must specify issuer (-c) or self-sign (-x).\n", progName); return 255; } /* Using slotname == NULL for listing keys and certs on all slots, * but only that. */ if (!(certutil.commands[cmd_ListKeys].activated || certutil.commands[cmd_DumpChain].activated || certutil.commands[cmd_ListCerts].activated) && slotname == NULL) { PR_fprintf(PR_STDERR, "%s -%c: cannot use \"-h all\" for this command.\n", progName, commandToRun); return 255; } /* Using keytype == nullKey for list all key types, but only that. */ if (!certutil.commands[cmd_ListKeys].activated && keytype == nullKey) { PR_fprintf(PR_STDERR, "%s -%c: cannot use \"-k all\" for this command.\n", progName, commandToRun); return 255; } /* Open the input file. */ if (certutil.options[opt_InputFile].activated) { inFile = PR_Open(certutil.options[opt_InputFile].arg, PR_RDONLY, 0); if (!inFile) { PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading (%ld, %ld).\n", progName, certutil.options[opt_InputFile].arg, PR_GetError(), PR_GetOSError()); return 255; } } /* Open the output file. */ if (certutil.options[opt_OutputFile].activated) { outFile = PR_Open(certutil.options[opt_OutputFile].arg, PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE, 00660); if (!outFile) { PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for writing (%ld, %ld).\n", progName, certutil.options[opt_OutputFile].arg, PR_GetError(), PR_GetOSError()); return 255; } } name = SECU_GetOptionArg(&certutil, opt_Nickname); newName = SECU_GetOptionArg(&certutil, opt_NewNickname); email = SECU_GetOptionArg(&certutil, opt_Emailaddress); PK11_SetPasswordFunc(SECU_GetModulePassword); if (PR_TRUE == initialize) { /* Initialize NSPR and NSS. */ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); if (!certutil.commands[cmd_UpgradeMerge].activated) { rv = NSS_Initialize(SECU_ConfigDirectory(NULL), certPrefix, certPrefix, "secmod.db", readOnly ? NSS_INIT_READONLY : 0); } else { rv = NSS_InitWithMerge(SECU_ConfigDirectory(NULL), certPrefix, certPrefix, "secmod.db", sourceDir, srcCertPrefix, srcCertPrefix, upgradeID, upgradeTokenName, readOnly ? NSS_INIT_READONLY : 0); } if (rv != SECSuccess) { SECU_PrintPRandOSError(progName); rv = SECFailure; goto shutdown; } initialized = PR_TRUE; SECU_RegisterDynamicOids(); } certHandle = CERT_GetDefaultCertDB(); if (certutil.commands[cmd_Version].activated) { printf("Certificate database content version: command not implemented.\n"); } if (PL_strcmp(slotname, "internal") == 0) slot = PK11_GetInternalKeySlot(); else if (slotname != NULL) slot = PK11_FindSlotByName(slotname); if (!slot && (certutil.commands[cmd_NewDBs].activated || certutil.commands[cmd_ModifyCertTrust].activated || certutil.commands[cmd_ChangePassword].activated || certutil.commands[cmd_TokenReset].activated || certutil.commands[cmd_CreateAndAddCert].activated || certutil.commands[cmd_AddCert].activated || certutil.commands[cmd_Merge].activated || certutil.commands[cmd_UpgradeMerge].activated || certutil.commands[cmd_AddEmailCert].activated)) { SECU_PrintError(progName, "could not find the slot %s", slotname); rv = SECFailure; goto shutdown; } /* If creating new database, initialize the password. */ if (certutil.commands[cmd_NewDBs].activated) { if (certutil.options[opt_EmptyPassword].activated && (PK11_NeedUserInit(slot))) { rv = PK11_InitPin(slot, (char *)NULL, ""); } else { rv = SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg, certutil.options[opt_NewPasswordFile].arg); } if (rv != SECSuccess) { SECU_PrintError(progName, "Could not set password for the slot"); goto shutdown; } } /* if we are going to modify the cert database, * make sure it's initialized */ if (certutil.commands[cmd_ModifyCertTrust].activated || certutil.commands[cmd_CreateAndAddCert].activated || certutil.commands[cmd_AddCert].activated || certutil.commands[cmd_AddEmailCert].activated) { if (PK11_NeedLogin(slot) && PK11_NeedUserInit(slot)) { char *password = NULL; /* fetch the password from the command line or the file * if no password is supplied, initialize the password to NULL */ if (pwdata.source == PW_FROMFILE) { password = SECU_FilePasswd(slot, PR_FALSE, pwdata.data); } else if (pwdata.source == PW_PLAINTEXT) { password = PL_strdup(pwdata.data); } rv = PK11_InitPin(slot, (char *)NULL, password ? password : ""); if (password) { PORT_Memset(password, 0, PL_strlen(password)); PORT_Free(password); } if (rv != SECSuccess) { SECU_PrintError(progName, "Could not set password for the slot"); goto shutdown; } } } /* walk through the upgrade merge if necessary. * This option is more to test what some applications will want to do * to do an automatic upgrade. The --merge command is more useful for * the general case where 2 database need to be merged together. */ if (certutil.commands[cmd_UpgradeMerge].activated) { if (*upgradeTokenName == 0) { upgradeTokenName = upgradeID; } if (!PK11_IsInternal(slot)) { fprintf(stderr, "Only internal DB's can be upgraded\n"); rv = SECSuccess; goto shutdown; } if (!PK11_IsRemovable(slot)) { printf("database already upgraded.\n"); rv = SECSuccess; goto shutdown; } if (!PK11_NeedLogin(slot)) { printf("upgrade complete!\n"); rv = SECSuccess; goto shutdown; } /* authenticate to the old DB if necessary */ if (PORT_Strcmp(PK11_GetTokenName(slot), upgradeTokenName) == 0) { /* if we need a password, supply it. This will be the password * for the old database */ rv = PK11_Authenticate(slot, PR_FALSE, &pwdata2); if (rv != SECSuccess) { SECU_PrintError(progName, "Could not get password for %s", upgradeTokenName); goto shutdown; } /* * if we succeeded above, but still aren't logged in, that means * we just supplied the password for the old database. We may * need the password for the new database. NSS will automatically * change the token names at this point */ if (PK11_IsLoggedIn(slot, &pwdata)) { printf("upgrade complete!\n"); rv = SECSuccess; goto shutdown; } } /* call PK11_IsPresent to update our cached token information */ if (!PK11_IsPresent(slot)) { /* this shouldn't happen. We call isPresent to force a token * info update */ fprintf(stderr, "upgrade/merge internal error\n"); rv = SECFailure; goto shutdown; } /* the token is now set to the state of the source database, * if we need a password for it, PK11_Authenticate will * automatically prompt us */ rv = PK11_Authenticate(slot, PR_FALSE, &pwdata); if (rv == SECSuccess) { printf("upgrade complete!\n"); } else { SECU_PrintError(progName, "Could not get password for %s", PK11_GetTokenName(slot)); } goto shutdown; } /* * merge 2 databases. */ if (certutil.commands[cmd_Merge].activated) { PK11SlotInfo *sourceSlot = NULL; PK11MergeLog *log; char *modspec = PR_smprintf( "configDir='%s' certPrefix='%s' tokenDescription='%s'", sourceDir, srcCertPrefix, *upgradeTokenName ? upgradeTokenName : "Source Database"); if (!modspec) { rv = SECFailure; goto shutdown; } sourceSlot = SECMOD_OpenUserDB(modspec); PR_smprintf_free(modspec); if (!sourceSlot) { SECU_PrintError(progName, "couldn't open source database"); rv = SECFailure; goto shutdown; } rv = PK11_Authenticate(slot, PR_FALSE, &pwdata); if (rv != SECSuccess) { SECU_PrintError(progName, "Couldn't get password for %s", PK11_GetTokenName(slot)); goto merge_fail; } rv = PK11_Authenticate(sourceSlot, PR_FALSE, &pwdata2); if (rv != SECSuccess) { SECU_PrintError(progName, "Couldn't get password for %s", PK11_GetTokenName(sourceSlot)); goto merge_fail; } log = PK11_CreateMergeLog(); if (!log) { rv = SECFailure; SECU_PrintError(progName, "couldn't create error log"); goto merge_fail; } rv = PK11_MergeTokens(slot, sourceSlot, log, &pwdata, &pwdata2); if (rv != SECSuccess) { DumpMergeLog(progName, log); } PK11_DestroyMergeLog(log); merge_fail: SECMOD_CloseUserDB(sourceSlot); PK11_FreeSlot(sourceSlot); goto shutdown; } /* The following 8 options are mutually exclusive with all others. */ /* List certs (-L) */ if (certutil.commands[cmd_ListCerts].activated) { if (certutil.options[opt_DumpExtensionValue].activated) { const char *oid_str; SECItem oid_item; SECStatus srv; oid_item.data = NULL; oid_item.len = 0; oid_str = certutil.options[opt_DumpExtensionValue].arg; srv = GetOidFromString(NULL, &oid_item, oid_str, strlen(oid_str)); if (srv != SECSuccess) { SECU_PrintError(progName, "malformed extension OID %s", oid_str); goto shutdown; } rv = ListCerts(certHandle, name, email, slot, PR_TRUE /*binary*/, PR_FALSE /*ascii*/, &oid_item, outFile, &pwdata); SECITEM_FreeItem(&oid_item, PR_FALSE); } else { rv = ListCerts(certHandle, name, email, slot, certutil.options[opt_BinaryDER].activated, certutil.options[opt_ASCIIForIO].activated, NULL, outFile, &pwdata); } goto shutdown; } if (certutil.commands[cmd_DumpChain].activated) { rv = DumpChain(certHandle, name, certutil.options[opt_ASCIIForIO].activated); goto shutdown; } /* XXX needs work */ /* List keys (-K) */ if (certutil.commands[cmd_ListKeys].activated) { rv = ListKeys(slot, name, 0 /*keyindex*/, keytype, PR_FALSE /*dopriv*/, &pwdata); goto shutdown; } /* List modules (-U) */ if (certutil.commands[cmd_ListModules].activated) { rv = ListModules(); goto shutdown; } /* Delete cert (-D) */ if (certutil.commands[cmd_DeleteCert].activated) { rv = DeleteCert(certHandle, name, &pwdata); goto shutdown; } /* Rename cert (--rename) */ if (certutil.commands[cmd_Rename].activated) { rv = RenameCert(certHandle, name, newName, &pwdata); goto shutdown; } /* Delete key (-F) */ if (certutil.commands[cmd_DeleteKey].activated) { rv = DeleteKey(name, &pwdata); goto shutdown; } /* Modify trust attribute for cert (-M) */ if (certutil.commands[cmd_ModifyCertTrust].activated) { rv = ChangeTrustAttributes(certHandle, slot, name, certutil.options[opt_Trust].arg, &pwdata); goto shutdown; } /* Change key db password (-W) (future - change pw to slot?) */ if (certutil.commands[cmd_ChangePassword].activated) { rv = SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg, certutil.options[opt_NewPasswordFile].arg); if (rv != SECSuccess) { SECU_PrintError(progName, "Could not set password for the slot"); goto shutdown; } } /* Reset the a token */ if (certutil.commands[cmd_TokenReset].activated) { char *sso_pass = ""; if (certutil.options[opt_SSOPass].activated) { sso_pass = certutil.options[opt_SSOPass].arg; } rv = PK11_ResetToken(slot, sso_pass); goto shutdown; } /* Check cert validity against current time (-V) */ if (certutil.commands[cmd_CheckCertValidity].activated) { /* XXX temporary hack for fips - must log in to get priv key */ if (certutil.options[opt_VerifySig].activated) { if (slot && PK11_NeedLogin(slot)) { SECStatus newrv = PK11_Authenticate(slot, PR_TRUE, &pwdata); if (newrv != SECSuccess) { SECU_PrintError(progName, "could not authenticate to token %s.", PK11_GetTokenName(slot)); goto shutdown; } } } rv = ValidateCert(certHandle, name, certutil.options[opt_ValidityTime].arg, certutil.options[opt_Usage].arg, certutil.options[opt_VerifySig].activated, certutil.options[opt_DetailedInfo].activated, certutil.options[opt_ASCIIForIO].activated, &pwdata); if (rv != SECSuccess && PR_GetError() == SEC_ERROR_INVALID_ARGS) SECU_PrintError(progName, "validation failed"); goto shutdown; } /* * Key generation */ /* These commands may require keygen. */ if (certutil.commands[cmd_CertReq].activated || certutil.commands[cmd_CreateAndAddCert].activated || certutil.commands[cmd_GenKeyPair].activated) { if (keysource) { CERTCertificate *keycert; keycert = CERT_FindCertByNicknameOrEmailAddr(certHandle, keysource); if (!keycert) { keycert = PK11_FindCertFromNickname(keysource, NULL); if (!keycert) { SECU_PrintError(progName, "%s is neither a key-type nor a nickname", keysource); return SECFailure; } } privkey = PK11_FindKeyByDERCert(slot, keycert, &pwdata); if (privkey) pubkey = CERT_ExtractPublicKey(keycert); if (!pubkey) { SECU_PrintError(progName, "Could not get keys from cert %s", keysource); rv = SECFailure; CERT_DestroyCertificate(keycert); goto shutdown; } keytype = privkey->keyType; /* On CertReq for renewal if no subject has been * specified obtain it from the certificate. */ if (certutil.commands[cmd_CertReq].activated && !subject) { subject = CERT_AsciiToName(keycert->subjectName); if (!subject) { SECU_PrintError(progName, "Could not get subject from certificate %s", keysource); CERT_DestroyCertificate(keycert); rv = SECFailure; goto shutdown; } } CERT_DestroyCertificate(keycert); } else { privkey = CERTUTIL_GeneratePrivateKey(keytype, slot, keysize, publicExponent, certutil.options[opt_NoiseFile].arg, &pubkey, certutil.options[opt_PQGFile].arg, keyAttrFlags, keyOpFlagsOn, keyOpFlagsOff, &pwdata); if (privkey == NULL) { SECU_PrintError(progName, "unable to generate key(s)\n"); rv = SECFailure; goto shutdown; } } privkey->wincx = &pwdata; PORT_Assert(pubkey != NULL); /* If all that was needed was keygen, exit. */ if (certutil.commands[cmd_GenKeyPair].activated) { rv = SECSuccess; goto shutdown; } } if (certutil.options[opt_Pss].activated) { if (!certutil.commands[cmd_CertReq].activated && !certutil.commands[cmd_CreateAndAddCert].activated) { PR_fprintf(PR_STDERR, "%s -%c: --pss only works with -R or -S.\n", progName, commandToRun); return 255; } if (keytype != rsaKey) { PR_fprintf(PR_STDERR, "%s -%c: --pss only works with RSA keys.\n", progName, commandToRun); return 255; } } /* --pss-sign is to sign a certificate with RSA-PSS, even if the * issuer's key is an RSA key. If the key is an RSA-PSS key, the * generated signature is always RSA-PSS. */ if (certutil.options[opt_PssSign].activated) { if (!certutil.commands[cmd_CreateNewCert].activated && !certutil.commands[cmd_CreateAndAddCert].activated) { PR_fprintf(PR_STDERR, "%s -%c: --pss-sign only works with -C or -S.\n", progName, commandToRun); return 255; } if (keytype != rsaKey) { PR_fprintf(PR_STDERR, "%s -%c: --pss-sign only works with RSA keys.\n", progName, commandToRun); return 255; } } /* If we need a list of extensions convert the flags into list format */ if (certutil.commands[cmd_CertReq].activated || certutil.commands[cmd_CreateAndAddCert].activated || certutil.commands[cmd_CreateNewCert].activated) { certutil_extns[ext_keyUsage].activated = certutil.options[opt_AddCmdKeyUsageExt].activated; if (!certutil_extns[ext_keyUsage].activated) { certutil_extns[ext_keyUsage].activated = certutil.options[opt_AddKeyUsageExt].activated; } else { certutil_extns[ext_keyUsage].arg = certutil.options[opt_AddCmdKeyUsageExt].arg; } certutil_extns[ext_basicConstraint].activated = certutil.options[opt_AddBasicConstraintExt].activated; certutil_extns[ext_nameConstraints].activated = certutil.options[opt_AddNameConstraintsExt].activated; certutil_extns[ext_authorityKeyID].activated = certutil.options[opt_AddAuthorityKeyIDExt].activated; certutil_extns[ext_subjectKeyID].activated = certutil.options[opt_AddSubjectKeyIDExt].activated; certutil_extns[ext_CRLDistPts].activated = certutil.options[opt_AddCRLDistPtsExt].activated; certutil_extns[ext_NSCertType].activated = certutil.options[opt_AddCmdNSCertTypeExt].activated; if (!certutil_extns[ext_NSCertType].activated) { certutil_extns[ext_NSCertType].activated = certutil.options[opt_AddNSCertTypeExt].activated; } else { certutil_extns[ext_NSCertType].arg = certutil.options[opt_AddCmdNSCertTypeExt].arg; } certutil_extns[ext_extKeyUsage].activated = certutil.options[opt_AddCmdExtKeyUsageExt].activated; if (!certutil_extns[ext_extKeyUsage].activated) { certutil_extns[ext_extKeyUsage].activated = certutil.options[opt_AddExtKeyUsageExt].activated; } else { certutil_extns[ext_extKeyUsage].arg = certutil.options[opt_AddCmdExtKeyUsageExt].arg; } certutil_extns[ext_subjectAltName].activated = certutil.options[opt_AddSubjectAltNameExt].activated; if (certutil_extns[ext_subjectAltName].activated) { certutil_extns[ext_subjectAltName].arg = certutil.options[opt_AddSubjectAltNameExt].arg; } certutil_extns[ext_authInfoAcc].activated = certutil.options[opt_AddAuthInfoAccExt].activated; certutil_extns[ext_subjInfoAcc].activated = certutil.options[opt_AddSubjInfoAccExt].activated; certutil_extns[ext_certPolicies].activated = certutil.options[opt_AddCertPoliciesExt].activated; certutil_extns[ext_policyMappings].activated = certutil.options[opt_AddPolicyMapExt].activated; certutil_extns[ext_policyConstr].activated = certutil.options[opt_AddPolicyConstrExt].activated; certutil_extns[ext_inhibitAnyPolicy].activated = certutil.options[opt_AddInhibAnyExt].activated; } /* -A -C or -E Read inFile */ if (certutil.commands[cmd_CreateNewCert].activated || certutil.commands[cmd_AddCert].activated || certutil.commands[cmd_AddEmailCert].activated) { PRBool isCreate = certutil.commands[cmd_CreateNewCert].activated; rv = SECU_ReadDERFromFile(isCreate ? &certReqDER : &certDER, inFile, certutil.options[opt_ASCIIForIO].activated, PR_TRUE); if (rv) goto shutdown; } /* * Certificate request */ /* Make a cert request (-R). */ if (certutil.commands[cmd_CertReq].activated) { rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject, certutil.options[opt_PhoneNumber].arg, certutil.options[opt_ASCIIForIO].activated, certutil.options[opt_ExtendedEmailAddrs].arg, certutil.options[opt_ExtendedDNSNames].arg, certutil_extns, (certutil.options[opt_GenericExtensions].activated ? certutil.options[opt_GenericExtensions].arg : NULL), certutil.options[opt_Pss].activated, &certReqDER); if (rv) goto shutdown; privkey->wincx = &pwdata; } /* * Certificate creation */ /* If making and adding a cert, create a cert request file first without * any extensions, then load it with the command line extensions * and output the cert to another file. */ if (certutil.commands[cmd_CreateAndAddCert].activated) { static certutilExtnList nullextnlist = { { PR_FALSE, NULL } }; rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject, certutil.options[opt_PhoneNumber].arg, PR_FALSE, /* do not BASE64-encode regardless of -a option */ NULL, NULL, nullextnlist, (certutil.options[opt_GenericExtensions].activated ? certutil.options[opt_GenericExtensions].arg : NULL), certutil.options[opt_Pss].activated, &certReqDER); if (rv) goto shutdown; privkey->wincx = &pwdata; } /* Create a certificate (-C or -S). */ if (certutil.commands[cmd_CreateAndAddCert].activated || certutil.commands[cmd_CreateNewCert].activated) { rv = CreateCert(certHandle, slot, certutil.options[opt_IssuerName].arg, &certReqDER, &privkey, &pwdata, hashAlgTag, serialNumber, warpmonths, validityMonths, certutil.options[opt_ExtendedEmailAddrs].arg, certutil.options[opt_ExtendedDNSNames].arg, certutil.options[opt_ASCIIForIO].activated && certutil.commands[cmd_CreateNewCert].activated, certutil.options[opt_SelfSign].activated, certutil_extns, (certutil.options[opt_GenericExtensions].activated ? certutil.options[opt_GenericExtensions].arg : NULL), certVersion, certutil.options[opt_PssSign].activated, &certDER); if (rv) goto shutdown; } /* * Adding a cert to the database (or slot) */ /* -A -E or -S Add the cert to the DB */ if (certutil.commands[cmd_CreateAndAddCert].activated || certutil.commands[cmd_AddCert].activated || certutil.commands[cmd_AddEmailCert].activated) { if (strstr(certutil.options[opt_Trust].arg, "u")) { fprintf(stderr, "Notice: Trust flag u is set automatically if the " "private key is present.\n"); } rv = AddCert(slot, certHandle, name, certutil.options[opt_Trust].arg, &certDER, certutil.commands[cmd_AddEmailCert].activated, &pwdata); if (rv) goto shutdown; } if (certutil.commands[cmd_CertReq].activated || certutil.commands[cmd_CreateNewCert].activated) { SECItem *item = certutil.commands[cmd_CertReq].activated ? &certReqDER : &certDER; PRInt32 written = PR_Write(outFile, item->data, item->len); if (written < 0 || (PRUint32)written != item->len) { rv = SECFailure; } } shutdown: if (slot) { PK11_FreeSlot(slot); } if (privkey) { SECKEY_DestroyPrivateKey(privkey); } if (pubkey) { SECKEY_DestroyPublicKey(pubkey); } if (subject) { CERT_DestroyName(subject); } if (name) { PL_strfree(name); } if (newName) { PL_strfree(newName); } if (inFile && inFile != PR_STDIN) { PR_Close(inFile); } if (outFile && outFile != PR_STDOUT) { PR_Close(outFile); } SECITEM_FreeItem(&certReqDER, PR_FALSE); SECITEM_FreeItem(&certDER, PR_FALSE); if (pwdata.data && pwdata.source == PW_PLAINTEXT) { /* Allocated by a PL_strdup call in SECU_GetModulePassword. */ PL_strfree(pwdata.data); } if (email) { PL_strfree(email); } /* Open the batch command file. * * - If -B option is specified, the contents in the * command file will be interpreted as subsequent certutil * commands to be executed in the current certutil process * context after the current certutil command has been executed. * - Each line in the command file consists of the command * line arguments for certutil. * - The -d option will be ignored if specified in the * command file. * - Quoting with double quote characters ("...") is supported * to allow white space in a command line argument. The * double quote character cannot be escaped and quoting cannot * be nested in this version. * - each line in the batch file is limited to 512 characters */ if ((SECSuccess == rv) && certutil.commands[cmd_Batch].activated) { FILE *batchFile = NULL; char *nextcommand = NULL; PRInt32 cmd_len = 0, buf_size = 0; static const int increment = 512; if (!certutil.options[opt_InputFile].activated || !certutil.options[opt_InputFile].arg) { PR_fprintf(PR_STDERR, "%s: no batch input file specified.\n", progName); return 255; } batchFile = fopen(certutil.options[opt_InputFile].arg, "r"); if (!batchFile) { PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading (%ld, %ld).\n", progName, certutil.options[opt_InputFile].arg, PR_GetError(), PR_GetOSError()); return 255; } /* read and execute command-lines in a loop */ while (SECSuccess == rv) { PRBool invalid = PR_FALSE; int newargc = 2; char *space = NULL; char *nextarg = NULL; char **newargv = NULL; char *crlf; if (cmd_len + increment > buf_size) { char *new_buf; buf_size += increment; new_buf = PORT_Realloc(nextcommand, buf_size); if (!new_buf) { PR_fprintf(PR_STDERR, "%s: PORT_Realloc(%ld) failed\n", progName, buf_size); break; } nextcommand = new_buf; nextcommand[cmd_len] = '\0'; } if (!fgets(nextcommand + cmd_len, buf_size - cmd_len, batchFile)) { break; } crlf = PORT_Strrchr(nextcommand, '\n'); if (crlf) { *crlf = '\0'; } cmd_len = strlen(nextcommand); if (cmd_len && nextcommand[cmd_len - 1] == '\\') { nextcommand[--cmd_len] = '\0'; continue; } /* we now need to split the command into argc / argv format */ newargv = PORT_Alloc(sizeof(char *) * (newargc + 1)); newargv[0] = progName; newargv[1] = nextcommand; nextarg = nextcommand; while ((space = PORT_Strpbrk(nextarg, " \f\n\r\t\v"))) { while (isspace(*space)) { *space = '\0'; space++; } if (*space == '\0') { break; } else if (*space != '\"') { nextarg = space; } else { char *closingquote = strchr(space + 1, '\"'); if (closingquote) { *closingquote = '\0'; space++; nextarg = closingquote + 1; } else { invalid = PR_TRUE; nextarg = space; } } newargc++; newargv = PORT_Realloc(newargv, sizeof(char *) * (newargc + 1)); newargv[newargc - 1] = space; } newargv[newargc] = NULL; /* invoke next command */ if (PR_TRUE == invalid) { PR_fprintf(PR_STDERR, "Missing closing quote in batch command :\n%s\nNot executed.\n", nextcommand); rv = SECFailure; } else { if (0 != certutil_main(newargc, newargv, PR_FALSE)) rv = SECFailure; } PORT_Free(newargv); cmd_len = 0; nextcommand[0] = '\0'; } PORT_Free(nextcommand); fclose(batchFile); } if ((initialized == PR_TRUE) && NSS_Shutdown() != SECSuccess) { exit(1); } if (rv == SECSuccess) { return 0; } else { return 255; } } int main(int argc, char **argv) { int rv = certutil_main(argc, argv, PR_TRUE); PL_ArenaFinish(); PR_Cleanup(); return rv; } nss-pem.git/nss/nss/cmd/certutil/certutil.gyp0000664000000000000000000000127213252671167016506 0ustar # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. { 'includes': [ '../../coreconf/config.gypi', '../../cmd/platlibs.gypi' ], 'targets': [ { 'target_name': 'certutil', 'type': 'executable', 'sources': [ 'certext.c', 'certutil.c', 'keystuff.c' ], 'dependencies': [ '<(DEPTH)/exports.gyp:dbm_exports', '<(DEPTH)/exports.gyp:nss_exports' ] } ], 'target_defaults': { 'defines': [ 'NSPR20' ] }, 'variables': { 'module': 'nss' } }nss-pem.git/nss/nss/cmd/certutil/certutil.h0000664000000000000000000000315713252671167016142 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #ifndef _CERTUTIL_H #define _CERTUTIL_H extern SECKEYPrivateKey * CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int rsasize, int publicExponent, char *noise, SECKEYPublicKey **pubkeyp, char *pqgFile, PK11AttrFlags attrFlags, CK_FLAGS opFlagsOn, CK_FLAGS opFlagsOff, secuPWData *pwdata); extern char *progName; enum certutilExtns { ext_keyUsage = 0, ext_basicConstraint, ext_authorityKeyID, ext_CRLDistPts, ext_NSCertType, ext_extKeyUsage, ext_authInfoAcc, ext_subjInfoAcc, ext_certPolicies, ext_policyMappings, ext_policyConstr, ext_inhibitAnyPolicy, ext_subjectKeyID, ext_nameConstraints, ext_subjectAltName, ext_End }; typedef struct ExtensionEntryStr { PRBool activated; const char *arg; } ExtensionEntry; typedef ExtensionEntry certutilExtnList[ext_End]; extern SECStatus AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, certutilExtnList extList, const char *extGeneric); extern SECStatus GetOidFromString(PLArenaPool *arena, SECItem *to, const char *from, size_t fromLen); #endif /* _CERTUTIL_H */ nss-pem.git/nss/nss/cmd/certutil/keystuff.c0000664000000000000000000004712613252671167016146 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include #include #include "secutil.h" #if defined(XP_UNIX) #include #include #include #endif #if defined(XP_WIN) || defined(XP_PC) #include #include #endif #include "nspr.h" #include "prtypes.h" #include "prtime.h" #include "prlong.h" #include "pk11func.h" #define NUM_KEYSTROKES 120 #define RAND_BUF_SIZE 60 #define ERROR_BREAK \ rv = SECFailure; \ break; const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) }, { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, prime) }, { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, subPrime) }, { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, base) }, { 0 } }; /* returns 0 for success, -1 for failure (EOF encountered) */ static int UpdateRNG(void) { char randbuf[RAND_BUF_SIZE]; int fd; int c; int rv = 0; size_t count; #ifdef XP_UNIX cc_t orig_cc_min; cc_t orig_cc_time; tcflag_t orig_lflag; struct termios tio; #endif char meter[] = { "\r| |" }; #define FPS fprintf(stderr, FPS "\n"); FPS "A random seed must be generated that will be used in the\n"); FPS "creation of your key. One of the easiest ways to create a\n"); FPS "random seed is to use the timing of keystrokes on a keyboard.\n"); FPS "\n"); FPS "To begin, type keys on the keyboard until this progress meter\n"); FPS "is full. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!\n"); FPS "\n"); FPS "\n"); FPS "Continue typing until the progress meter is full:\n\n"); FPS "%s", meter); FPS "\r|"); /* turn off echo on stdin & return on 1 char instead of NL */ fd = fileno(stdin); #if defined(XP_UNIX) tcgetattr(fd, &tio); orig_lflag = tio.c_lflag; orig_cc_min = tio.c_cc[VMIN]; orig_cc_time = tio.c_cc[VTIME]; tio.c_lflag &= ~ECHO; tio.c_lflag &= ~ICANON; tio.c_cc[VMIN] = 1; tio.c_cc[VTIME] = 0; tcsetattr(fd, TCSAFLUSH, &tio); #endif /* Get random noise from keyboard strokes */ count = 0; while (count < sizeof randbuf) { #if defined(XP_UNIX) c = getc(stdin); #else c = getch(); #endif if (c == EOF) { rv = -1; break; } randbuf[count] = c; if (count == 0 || c != randbuf[count - 1]) { count++; FPS "*"); } } PK11_RandomUpdate(randbuf, sizeof randbuf); memset(randbuf, 0, sizeof randbuf); FPS "\n\n"); FPS "Finished. Press enter to continue: "); while ((c = getc(stdin)) != '\n' && c != EOF) ; if (c == EOF) rv = -1; FPS "\n"); #undef FPS #if defined(XP_UNIX) /* set back termio the way it was */ tio.c_lflag = orig_lflag; tio.c_cc[VMIN] = orig_cc_min; tio.c_cc[VTIME] = orig_cc_time; tcsetattr(fd, TCSAFLUSH, &tio); #endif return rv; } static const unsigned char P[] = { 0, 0xc6, 0x2a, 0x47, 0x73, 0xea, 0x78, 0xfa, 0x65, 0x47, 0x69, 0x39, 0x10, 0x08, 0x55, 0x6a, 0xdd, 0xbf, 0x77, 0xe1, 0x9a, 0x69, 0x73, 0xba, 0x66, 0x37, 0x08, 0x93, 0x9e, 0xdb, 0x5d, 0x01, 0x08, 0xb8, 0x3a, 0x73, 0xe9, 0x85, 0x5f, 0xa7, 0x2b, 0x63, 0x7f, 0xd0, 0xc6, 0x4c, 0xdc, 0xfc, 0x8b, 0xa6, 0x03, 0xc9, 0x9c, 0x80, 0x5e, 0xec, 0xc6, 0x21, 0x23, 0xf7, 0x8e, 0xa4, 0x7b, 0x77, 0x83, 0x02, 0x44, 0xf8, 0x05, 0xd7, 0x36, 0x52, 0x13, 0x57, 0x78, 0x97, 0xf3, 0x7b, 0xcf, 0x1f, 0xc9, 0x2a, 0xa4, 0x71, 0x9d, 0xa8, 0xd8, 0x5d, 0xc5, 0x3b, 0x64, 0x3a, 0x72, 0x60, 0x62, 0xb0, 0xb8, 0xf3, 0xb1, 0xe7, 0xb9, 0x76, 0xdf, 0x74, 0xbe, 0x87, 0x6a, 0xd2, 0xf1, 0xa9, 0x44, 0x8b, 0x63, 0x76, 0x4f, 0x5d, 0x21, 0x63, 0xb5, 0x4f, 0x3c, 0x7b, 0x61, 0xb2, 0xf3, 0xea, 0xc5, 0xd8, 0xef, 0x30, 0x50, 0x59, 0x33, 0x61, 0xc0, 0xf3, 0x6e, 0x21, 0xcf, 0x15, 0x35, 0x4a, 0x87, 0x2b, 0xc3, 0xf6, 0x5a, 0x1f, 0x24, 0x22, 0xc5, 0xeb, 0x47, 0x34, 0x4a, 0x1b, 0xb5, 0x2e, 0x71, 0x52, 0x8f, 0x2d, 0x7d, 0xa9, 0x96, 0x8a, 0x7c, 0x61, 0xdb, 0xc0, 0xdc, 0xf1, 0xca, 0x28, 0x69, 0x1c, 0x97, 0xad, 0xea, 0x0d, 0x9e, 0x02, 0xe6, 0xe5, 0x7d, 0xad, 0xe0, 0x42, 0x91, 0x4d, 0xfa, 0xe2, 0x81, 0x16, 0x2b, 0xc2, 0x96, 0x3b, 0x32, 0x8c, 0x20, 0x69, 0x8b, 0x5b, 0x17, 0x3c, 0xf9, 0x13, 0x6c, 0x98, 0x27, 0x1c, 0xca, 0xcf, 0x33, 0xaa, 0x93, 0x21, 0xaf, 0x17, 0x6e, 0x5e, 0x00, 0x37, 0xd9, 0x34, 0x8a, 0x47, 0xd2, 0x1c, 0x67, 0x32, 0x60, 0xb6, 0xc7, 0xb0, 0xfd, 0x32, 0x90, 0x93, 0x32, 0xaa, 0x11, 0xba, 0x23, 0x19, 0x39, 0x6a, 0x42, 0x7c, 0x1f, 0xb7, 0x28, 0xdb, 0x64, 0xad, 0xd9 }; static const unsigned char Q[] = { 0, 0xe6, 0xa3, 0xc9, 0xc6, 0x51, 0x92, 0x8b, 0xb3, 0x98, 0x8f, 0x97, 0xb8, 0x31, 0x0d, 0x4a, 0x03, 0x1e, 0xba, 0x4e, 0xe6, 0xc8, 0x90, 0x98, 0x1d, 0x3a, 0x95, 0xf4, 0xf1 }; static const unsigned char G[] = { 0x70, 0x32, 0x58, 0x5d, 0xb3, 0xbf, 0xc3, 0x62, 0x63, 0x0b, 0xf8, 0xa5, 0xe1, 0xed, 0xeb, 0x79, 0xac, 0x18, 0x41, 0x64, 0xb3, 0xda, 0x4c, 0xa7, 0x92, 0x63, 0xb1, 0x33, 0x7c, 0xcb, 0x43, 0xdc, 0x1f, 0x38, 0x63, 0x5e, 0x0e, 0x6d, 0x45, 0xd1, 0xc9, 0x67, 0xf3, 0xcf, 0x3d, 0x2d, 0x16, 0x4e, 0x92, 0x16, 0x06, 0x59, 0x29, 0x89, 0x6f, 0x54, 0xff, 0xc5, 0x71, 0xc8, 0x3a, 0x95, 0x84, 0xb6, 0x7e, 0x7b, 0x1e, 0x8b, 0x47, 0x9d, 0x7a, 0x3a, 0x36, 0x9b, 0x70, 0x2f, 0xd1, 0xbd, 0xef, 0xe8, 0x3a, 0x41, 0xd4, 0xf3, 0x1f, 0x81, 0xc7, 0x1f, 0x96, 0x7c, 0x30, 0xab, 0xf4, 0x7a, 0xac, 0x93, 0xed, 0x6f, 0x67, 0xb0, 0xc9, 0x5b, 0xf3, 0x83, 0x9d, 0xa0, 0xd7, 0xb9, 0x01, 0xed, 0x28, 0xae, 0x1c, 0x6e, 0x2e, 0x48, 0xac, 0x9f, 0x7d, 0xf3, 0x00, 0x48, 0xee, 0x0e, 0xfb, 0x7e, 0x5e, 0xcb, 0xf5, 0x39, 0xd8, 0x92, 0x90, 0x61, 0x2d, 0x1e, 0x3c, 0xd3, 0x55, 0x0d, 0x34, 0xd1, 0x81, 0xc4, 0x89, 0xea, 0x94, 0x2b, 0x56, 0x33, 0x73, 0x58, 0x48, 0xbf, 0x23, 0x72, 0x19, 0x5f, 0x19, 0xac, 0xff, 0x09, 0xc8, 0xcd, 0xab, 0x71, 0xef, 0x9e, 0x20, 0xfd, 0xe3, 0xb8, 0x27, 0x9e, 0x65, 0xb1, 0x85, 0xcd, 0x88, 0xfe, 0xd4, 0xd7, 0x64, 0x4d, 0xe1, 0xe8, 0xa6, 0xe5, 0x96, 0xc8, 0x5d, 0x9c, 0xc6, 0x70, 0x6b, 0xba, 0x77, 0x4e, 0x90, 0x4a, 0xb0, 0x96, 0xc5, 0xa0, 0x9e, 0x2c, 0x01, 0x03, 0xbe, 0xbd, 0x71, 0xba, 0x0a, 0x6f, 0x9f, 0xe5, 0xdb, 0x04, 0x08, 0xf2, 0x9e, 0x0f, 0x1b, 0xac, 0xcd, 0xbb, 0x65, 0x12, 0xcf, 0x77, 0xc9, 0x7d, 0xbe, 0x94, 0x4b, 0x9c, 0x5b, 0xde, 0x0d, 0xfa, 0x57, 0xdd, 0x77, 0x32, 0xf0, 0x5b, 0x34, 0xfd, 0x19, 0x95, 0x33, 0x60, 0x87, 0xe2, 0xa2, 0xf4 }; /* P, Q, G have been generated using the NSS makepqg utility: * makepqg -l 2048 -g 224 -r * (see also: bug 1170322) * * h: 1 (0x1) * SEED: * d2:0b:c5:63:1b:af:dc:36:b7:7c:b9:3e:36:01:a0:8f: * 0e:be:d0:38:e4:78:d5:3c:7c:9e:a9:9a:d2:0b:c5:63: * 1b:af:dc:36:b7:7c:b9:3e:36:01:a0:8f:0e:be:d0:38: * e4:78:d5:3c:7c:9e:c7:70:d2:0b:c5:63:1b:af:dc:36: * b7:7c:b9:3e:36:01:a0:8f:0e:be:d0:38:e4:78:d5:3c: * 7c:9e:aa:3e * g: 672 * counter: 0 */ static const SECKEYPQGParams default_pqg_params = { NULL, { 0, (unsigned char *)P, sizeof(P) }, { 0, (unsigned char *)Q, sizeof(Q) }, { 0, (unsigned char *)G, sizeof(G) } }; static SECKEYPQGParams * decode_pqg_params(const char *str) { char *buf; unsigned int len; PLArenaPool *arena; SECKEYPQGParams *params; SECStatus status; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) return NULL; params = PORT_ArenaZAlloc(arena, sizeof(SECKEYPQGParams)); if (params == NULL) goto loser; params->arena = arena; buf = (char *)ATOB_AsciiToData(str, &len); if ((buf == NULL) || (len == 0)) goto loser; status = SEC_ASN1Decode(arena, params, SECKEY_PQGParamsTemplate, buf, len); if (status != SECSuccess) goto loser; return params; loser: if (arena != NULL) PORT_FreeArena(arena, PR_FALSE); return NULL; } void CERTUTIL_DestroyParamsPQG(SECKEYPQGParams *params) { if (params->arena) { PORT_FreeArena(params->arena, PR_FALSE); } } static int pqg_prime_bits(const SECKEYPQGParams *params) { int primeBits = 0; if (params != NULL) { int i; for (i = 0; params->prime.data[i] == 0; i++) { /* empty */; } primeBits = (params->prime.len - i) * 8; } return primeBits; } static char * getPQGString(const char *filename) { unsigned char *buf = NULL; PRFileDesc *src; PRInt32 numBytes; PRStatus prStatus; PRFileInfo info; src = PR_Open(filename, PR_RDONLY, 0); if (!src) { fprintf(stderr, "Failed to open PQG file %s\n", filename); return NULL; } prStatus = PR_GetOpenFileInfo(src, &info); if (prStatus == PR_SUCCESS) { buf = (unsigned char *)PORT_Alloc(info.size + 1); } if (!buf) { PR_Close(src); fprintf(stderr, "Failed to read PQG file %s\n", filename); return NULL; } numBytes = PR_Read(src, buf, info.size); PR_Close(src); if (numBytes != info.size) { PORT_Free(buf); fprintf(stderr, "Failed to read PQG file %s\n", filename); PORT_SetError(SEC_ERROR_IO); return NULL; } if (buf[numBytes - 1] == '\n') numBytes--; if (buf[numBytes - 1] == '\r') numBytes--; buf[numBytes] = 0; return (char *)buf; } static SECKEYPQGParams * getpqgfromfile(int keyBits, const char *pqgFile) { char *end, *str, *pqgString; SECKEYPQGParams *params = NULL; str = pqgString = getPQGString(pqgFile); if (!str) return NULL; do { end = PORT_Strchr(str, ','); if (end) *end = '\0'; params = decode_pqg_params(str); if (params) { int primeBits = pqg_prime_bits(params); if (keyBits == primeBits) break; CERTUTIL_DestroyParamsPQG(params); params = NULL; } if (end) str = end + 1; } while (end); PORT_Free(pqgString); return params; } static SECStatus CERTUTIL_FileForRNG(const char *noise) { char buf[2048]; PRFileDesc *fd; PRInt32 count; fd = PR_Open(noise, PR_RDONLY, 0); if (!fd) { fprintf(stderr, "failed to open noise file."); return SECFailure; } do { count = PR_Read(fd, buf, sizeof(buf)); if (count > 0) { PK11_RandomUpdate(buf, count); } } while (count > 0); PR_Close(fd); return SECSuccess; } typedef struct curveNameTagPairStr { char *curveName; SECOidTag curveOidTag; } CurveNameTagPair; static CurveNameTagPair nameTagPair[] = { { "sect163k1", SEC_OID_SECG_EC_SECT163K1 }, { "nistk163", SEC_OID_SECG_EC_SECT163K1 }, { "sect163r1", SEC_OID_SECG_EC_SECT163R1 }, { "sect163r2", SEC_OID_SECG_EC_SECT163R2 }, { "nistb163", SEC_OID_SECG_EC_SECT163R2 }, { "sect193r1", SEC_OID_SECG_EC_SECT193R1 }, { "sect193r2", SEC_OID_SECG_EC_SECT193R2 }, { "sect233k1", SEC_OID_SECG_EC_SECT233K1 }, { "nistk233", SEC_OID_SECG_EC_SECT233K1 }, { "sect233r1", SEC_OID_SECG_EC_SECT233R1 }, { "nistb233", SEC_OID_SECG_EC_SECT233R1 }, { "sect239k1", SEC_OID_SECG_EC_SECT239K1 }, { "sect283k1", SEC_OID_SECG_EC_SECT283K1 }, { "nistk283", SEC_OID_SECG_EC_SECT283K1 }, { "sect283r1", SEC_OID_SECG_EC_SECT283R1 }, { "nistb283", SEC_OID_SECG_EC_SECT283R1 }, { "sect409k1", SEC_OID_SECG_EC_SECT409K1 }, { "nistk409", SEC_OID_SECG_EC_SECT409K1 }, { "sect409r1", SEC_OID_SECG_EC_SECT409R1 }, { "nistb409", SEC_OID_SECG_EC_SECT409R1 }, { "sect571k1", SEC_OID_SECG_EC_SECT571K1 }, { "nistk571", SEC_OID_SECG_EC_SECT571K1 }, { "sect571r1", SEC_OID_SECG_EC_SECT571R1 }, { "nistb571", SEC_OID_SECG_EC_SECT571R1 }, { "secp160k1", SEC_OID_SECG_EC_SECP160K1 }, { "secp160r1", SEC_OID_SECG_EC_SECP160R1 }, { "secp160r2", SEC_OID_SECG_EC_SECP160R2 }, { "secp192k1", SEC_OID_SECG_EC_SECP192K1 }, { "secp192r1", SEC_OID_SECG_EC_SECP192R1 }, { "nistp192", SEC_OID_SECG_EC_SECP192R1 }, { "secp224k1", SEC_OID_SECG_EC_SECP224K1 }, { "secp224r1", SEC_OID_SECG_EC_SECP224R1 }, { "nistp224", SEC_OID_SECG_EC_SECP224R1 }, { "secp256k1", SEC_OID_SECG_EC_SECP256K1 }, { "secp256r1", SEC_OID_SECG_EC_SECP256R1 }, { "nistp256", SEC_OID_SECG_EC_SECP256R1 }, { "secp384r1", SEC_OID_SECG_EC_SECP384R1 }, { "nistp384", SEC_OID_SECG_EC_SECP384R1 }, { "secp521r1", SEC_OID_SECG_EC_SECP521R1 }, { "nistp521", SEC_OID_SECG_EC_SECP521R1 }, { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 }, { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 }, { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 }, { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 }, { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 }, { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 }, { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 }, { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 }, { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 }, { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 }, { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 }, { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 }, { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 }, { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 }, { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 }, { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 }, { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 }, { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 }, { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 }, { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 }, { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 }, { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 }, { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 }, { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 }, { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 }, { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 }, { "secp112r1", SEC_OID_SECG_EC_SECP112R1 }, { "secp112r2", SEC_OID_SECG_EC_SECP112R2 }, { "secp128r1", SEC_OID_SECG_EC_SECP128R1 }, { "secp128r2", SEC_OID_SECG_EC_SECP128R2 }, { "sect113r1", SEC_OID_SECG_EC_SECT113R1 }, { "sect113r2", SEC_OID_SECG_EC_SECT113R2 }, { "sect131r1", SEC_OID_SECG_EC_SECT131R1 }, { "sect131r2", SEC_OID_SECG_EC_SECT131R2 }, { "curve25519", SEC_OID_CURVE25519 }, }; static SECKEYECParams * getECParams(const char *curve) { SECKEYECParams *ecparams; SECOidData *oidData = NULL; SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */ int i, numCurves; if (curve != NULL) { numCurves = sizeof(nameTagPair) / sizeof(CurveNameTagPair); for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); i++) { if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) curveOidTag = nameTagPair[i].curveOidTag; } } /* Return NULL if curve name is not recognized */ if ((curveOidTag == SEC_OID_UNKNOWN) || (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) { fprintf(stderr, "Unrecognized elliptic curve %s\n", curve); return NULL; } ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len)); /* * ecparams->data needs to contain the ASN encoding of an object ID (OID) * representing the named curve. The actual OID is in * oidData->oid.data so we simply prepend 0x06 and OID length */ ecparams->data[0] = SEC_ASN1_OBJECT_ID; ecparams->data[1] = oidData->oid.len; memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len); return ecparams; } SECKEYPrivateKey * CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, int publicExponent, const char *noise, SECKEYPublicKey **pubkeyp, const char *pqgFile, PK11AttrFlags attrFlags, CK_FLAGS opFlagsOn, CK_FLAGS opFlagsOff, secuPWData *pwdata) { CK_MECHANISM_TYPE mechanism; PK11RSAGenParams rsaparams; SECKEYPQGParams *dsaparams = NULL; void *params; SECKEYPrivateKey *privKey = NULL; if (slot == NULL) return NULL; if (PK11_Authenticate(slot, PR_TRUE, pwdata) != SECSuccess) return NULL; /* * Do some random-number initialization. */ if (noise) { SECStatus rv = CERTUTIL_FileForRNG(noise); if (rv != SECSuccess) { PORT_SetError(PR_END_OF_FILE_ERROR); /* XXX */ return NULL; } } else { int rv = UpdateRNG(); if (rv) { PORT_SetError(PR_END_OF_FILE_ERROR); return NULL; } } switch (keytype) { case rsaKey: rsaparams.keySizeInBits = size; rsaparams.pe = publicExponent; mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; params = &rsaparams; break; case dsaKey: mechanism = CKM_DSA_KEY_PAIR_GEN; if (pqgFile) { dsaparams = getpqgfromfile(size, pqgFile); if (dsaparams == NULL) return NULL; params = dsaparams; } else { /* cast away const, and don't set dsaparams */ params = (void *)&default_pqg_params; } break; case ecKey: mechanism = CKM_EC_KEY_PAIR_GEN; /* For EC keys, PQGFile determines EC parameters */ if ((params = (void *)getECParams(pqgFile)) == NULL) return NULL; break; default: return NULL; } fprintf(stderr, "\n\n"); fprintf(stderr, "Generating key. This may take a few moments...\n\n"); privKey = PK11_GenerateKeyPairWithOpFlags(slot, mechanism, params, pubkeyp, attrFlags, opFlagsOn, opFlagsOn | opFlagsOff, pwdata /*wincx*/); /* free up the params */ switch (keytype) { case dsaKey: if (dsaparams) CERTUTIL_DestroyParamsPQG(dsaparams); break; case ecKey: SECITEM_FreeItem((SECItem *)params, PR_TRUE); break; default: /* nothing to free */ break; } return privKey; } nss-pem.git/nss/nss/cmd/certutil/manifest.mn0000664000000000000000000000110113252671167016263 0ustar # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. CORE_DEPTH = ../.. DEFINES += -DNSPR20 # MODULE public and private header directories are implicitly REQUIRED. MODULE = nss CSRCS = \ certext.c \ certutil.c \ keystuff.c \ $(NULL) # The MODULE is always implicitly required. # Listing it here in REQUIRES makes it appear twice in the cc command line. REQUIRES = dbm seccmd PROGRAM = certutil #USE_STATIC_LIBS = 1 nss-pem.git/nss/nss/cmd/chktest/0000775000000000000000000000000013252703344013733 5ustar nss-pem.git/nss/nss/cmd/chktest/Makefile0000664000000000000000000000353613252671167015411 0ustar #! gmake # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. ####################################################################### # (1) Include initial platform-independent assignments (MANDATORY). # ####################################################################### include manifest.mn ####################################################################### # (2) Include "global" configuration information. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/config.mk ####################################################################### # (3) Include "component" configuration information. (OPTIONAL) # ####################################################################### ####################################################################### # (4) Include "local" platform-dependent assignments (OPTIONAL). # ####################################################################### include ../platlibs.mk ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/rules.mk ####################################################################### # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # ####################################################################### include ../platrules.mk nss-pem.git/nss/nss/cmd/chktest/chktest.c0000664000000000000000000000210413252671167015550 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include #include #include "blapi.h" #include "secutil.h" static int Usage() { fprintf(stderr, "Usage: chktest \n"); fprintf(stderr, " Will test for valid chk file.\n"); fprintf(stderr, " Will print SUCCESS or FAILURE.\n"); exit(1); } int main(int argc, char **argv) { SECStatus rv = SECFailure; PRBool good_result = PR_FALSE; if (argc != 2) return Usage(); rv = RNG_RNGInit(); if (rv != SECSuccess) { SECU_PrintPRandOSError(""); return -1; } rv = BL_Init(); if (rv != SECSuccess) { SECU_PrintPRandOSError(""); return -1; } RNG_SystemInfoForRNG(); good_result = BLAPI_SHVerifyFile(argv[1]); printf("%s\n", (good_result ? "SUCCESS" : "FAILURE")); return (good_result) ? SECSuccess : SECFailure; } nss-pem.git/nss/nss/cmd/chktest/chktest.gyp0000664000000000000000000000134613252671167016134 0ustar # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. { 'includes': [ '../../coreconf/config.gypi', '../../cmd/platlibs.gypi' ], 'targets': [ { 'target_name': 'chktest', 'type': 'executable', 'sources': [ 'chktest.c' ], 'dependencies': [ '<(DEPTH)/exports.gyp:dbm_exports', '<(DEPTH)/exports.gyp:nss_exports', '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3' ] } ], 'target_defaults': { 'defines': [ 'NSS_USE_STATIC_LIBS' ] }, 'variables': { 'module': 'nss', 'use_static_libs': 1 } }nss-pem.git/nss/nss/cmd/chktest/manifest.mn0000664000000000000000000000072013252671167016103 0ustar # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. CORE_DEPTH = ../.. MODULE = nss #REQUIRES = seccmd dbm softoken REQUIRES = seccmd dbm #INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken PROGRAM = chktest USE_STATIC_LIBS = 1 EXPORTS = \ $(NULL) PRIVATE_EXPORTS = \ $(NULL) CSRCS = \ chktest.c \ $(NULL) nss-pem.git/nss/nss/cmd/crlutil/0000775000000000000000000000000013252703344013744 5ustar nss-pem.git/nss/nss/cmd/crlutil/Makefile0000664000000000000000000000406413252671167015417 0ustar #! gmake # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. ####################################################################### # (1) Include initial platform-independent assignments (MANDATORY). # ####################################################################### include manifest.mn ####################################################################### # (2) Include "global" configuration information. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/config.mk ####################################################################### # (3) Include "component" configuration information. (OPTIONAL) # ####################################################################### ####################################################################### # (4) Include "local" platform-dependent assignments (OPTIONAL). # ####################################################################### include ../platlibs.mk ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # ####################################################################### include $(CORE_DEPTH)/coreconf/rules.mk ####################################################################### # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # ####################################################################### # # crlgen_lex can be generated on linux by flex or solaris by lex # crlgen_lex: ${LEX} -t crlgen_lex_orig.l > crlgen_lex_fix.c sed -f crlgen_lex_fix.sed < crlgen_lex_fix.c > crlgen_lex.c rm -f crlgen_lex_fix.c include ../platrules.mk nss-pem.git/nss/nss/cmd/crlutil/crlgen.c0000664000000000000000000013541513252671167015402 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* ** crlgen.c ** ** utility for managing certificates revocation lists generation ** */ #include #include #include "nspr.h" #include "plgetopt.h" #include "nss.h" #include "secutil.h" #include "cert.h" #include "certi.h" #include "certdb.h" #include "pk11func.h" #include "crlgen.h" /* Destroys extHandle and data. data was create on heap. * extHandle creaded by CERT_StartCRLEntryExtensions. entry * was allocated on arena.*/ static void destroyEntryData(CRLGENEntryData *data) { if (!data) return; PORT_Assert(data->entry); if (data->extHandle) CERT_FinishExtensions(data->extHandle); PORT_Free(data); } /* Prints error messages along with line number */ void crlgen_PrintError(int line, char *msg, ...) { va_list args; va_start(args, msg); fprintf(stderr, "crlgen: (line: %d) ", line); vfprintf(stderr, msg, args); va_end(args); } /* Finds CRLGENEntryData in hashtable according PRUint64 value * - certId : cert serial number*/ static CRLGENEntryData * crlgen_FindEntry(CRLGENGeneratorData *crlGenData, SECItem *certId) { if (!crlGenData->entryDataHashTable || !certId) return NULL; return (CRLGENEntryData *) PL_HashTableLookup(crlGenData->entryDataHashTable, certId); } /* Removes CRLGENEntryData from hashtable according to certId * - certId : cert serial number*/ static SECStatus crlgen_RmEntry(CRLGENGeneratorData *crlGenData, SECItem *certId) { CRLGENEntryData *data = NULL; SECStatus rv = SECSuccess; if (!crlGenData->entryDataHashTable) { return SECSuccess; } data = crlgen_FindEntry(crlGenData, certId); if (!data) { return SECSuccess; } if (!PL_HashTableRemove(crlGenData->entryDataHashTable, certId)) { rv = SECFailure; } destroyEntryData(data); return rv; } /* Stores CRLGENEntryData in hashtable according to certId * - certId : cert serial number*/ static CRLGENEntryData * crlgen_PlaceAnEntry(CRLGENGeneratorData *crlGenData, CERTCrlEntry *entry, SECItem *certId) { CRLGENEntryData *newData = NULL; PORT_Assert(crlGenData && crlGenData->entryDataHashTable && entry); if (!crlGenData || !crlGenData->entryDataHashTable || !entry) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } newData = PORT_ZNew(CRLGENEntryData); if (!newData) { return NULL; } newData->entry = entry; newData->certId = certId; if (!PL_HashTableAdd(crlGenData->entryDataHashTable, newData->certId, newData)) { crlgen_PrintError(crlGenData->parsedLineNum, "Can not add entryData structure\n"); return NULL; } return newData; } /* Use this structure to keep pointer when commiting entries extensions */ struct commitData { int pos; CERTCrlEntry **entries; }; /* HT PL_HashTableEnumerateEntries callback. Sorts hashtable entries of the * table he. Returns value through arg parameter*/ static PRIntn PR_CALLBACK crlgen_CommitEntryData(PLHashEntry *he, PRIntn i, void *arg) { CRLGENEntryData *data = NULL; PORT_Assert(he); if (!he) { return HT_ENUMERATE_NEXT; } data = (CRLGENEntryData *)he->value; PORT_Assert(data); PORT_Assert(arg); if (data) { struct commitData *dt = (struct commitData *)arg; dt->entries[dt->pos++] = data->entry; destroyEntryData(data); } return HT_ENUMERATE_NEXT; } /* Copy char * datainto allocated in arena SECItem */ static SECStatus crlgen_SetString(PLArenaPool *arena, const char *dataIn, SECItem *value) { SECItem item; PORT_Assert(arena && dataIn); if (!arena || !dataIn) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } item.data = (void *)dataIn; item.len = PORT_Strlen(dataIn); return SECITEM_CopyItem(arena, value, &item); } /* Creates CERTGeneralName from parsed data for the Authority Key Extension */ static CERTGeneralName * crlgen_GetGeneralName(PLArenaPool *arena, CRLGENGeneratorData *crlGenData, const char *data) { CERTGeneralName *namesList = NULL; CERTGeneralName *current; CERTGeneralName *tail = NULL; SECStatus rv = SECSuccess; const char *nextChunk = NULL; const char *currData = NULL; int intValue; char buffer[512]; void *mark; if (!data) return NULL; PORT_Assert(arena); if (!arena) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } mark = PORT_ArenaMark(arena); nextChunk = data; currData = data; do { int nameLen = 0; char name[128]; const char *sepPrt = NULL; nextChunk = PORT_Strchr(currData, '|'); if (!nextChunk) nextChunk = data + strlen(data); sepPrt = PORT_Strchr(currData, ':'); if (sepPrt == NULL || sepPrt >= nextChunk) { *buffer = '\0'; sepPrt = nextChunk; } else { PORT_Memcpy(buffer, sepPrt + 1, (nextChunk - sepPrt - 1)); buffer[nextChunk - sepPrt - 1] = '\0'; } nameLen = PR_MIN(sepPrt - currData, sizeof(name) - 1); PORT_Memcpy(name, currData, nameLen); name[nameLen] = '\0'; currData = nextChunk + 1; if (!PORT_Strcmp(name, "otherName")) intValue = certOtherName; else if (!PORT_Strcmp(name, "rfc822Name")) intValue = certRFC822Name; else if (!PORT_Strcmp(name, "dnsName")) intValue = certDNSName; else if (!PORT_Strcmp(name, "x400Address")) intValue = certX400Address; else if (!PORT_Strcmp(name, "directoryName")) intValue = certDirectoryName; else if (!PORT_Strcmp(name, "ediPartyName")) intValue = certEDIPartyName; else if (!PORT_Strcmp(name, "URI")) intValue = certURI; else if (!PORT_Strcmp(name, "ipAddress")) intValue = certIPAddress; else if (!PORT_Strcmp(name, "registerID")) intValue = certRegisterID; else intValue = -1; if (intValue >= certOtherName && intValue <= certRegisterID) { if (namesList == NULL) { namesList = current = tail = PORT_ArenaZNew(arena, CERTGeneralName); } else { current = PORT_ArenaZNew(arena, CERTGeneralName); } if (current == NULL) { rv = SECFailure; break; } } else { PORT_SetError(SEC_ERROR_INVALID_ARGS); break; } current->type = intValue; switch (current->type) { case certURI: case certDNSName: case certRFC822Name: current->name.other.data = PORT_ArenaAlloc(arena, strlen(buffer)); if (current->name.other.data == NULL) { rv = SECFailure; break; } PORT_Memcpy(current->name.other.data, buffer, current->name.other.len = strlen(buffer)); break; case certEDIPartyName: case certIPAddress: case certOtherName: case certRegisterID: case certX400Address: { current->name.other.data = PORT_ArenaAlloc(arena, strlen(buffer) + 2); if (current->name.other.data == NULL) { rv = SECFailure; break; } PORT_Memcpy(current->name.other.data + 2, buffer, strlen(buffer)); /* This may not be accurate for all cases.For now, use this tag type */ current->name.other.data[0] = (char)(((current->type - 1) & 0x1f) | 0x80); current->name.other.data[1] = (char)strlen(buffer); current->name.other.len = strlen(buffer) + 2; break; } case certDirectoryName: { CERTName *directoryName = NULL; directoryName = CERT_AsciiToName(buffer); if (!directoryName) { rv = SECFailure; break; } rv = CERT_CopyName(arena, ¤t->name.directoryName, directoryName); CERT_DestroyName(directoryName); break; } } if (rv != SECSuccess) break; current->l.next = &(namesList->l); current->l.prev = &(tail->l); tail->l.next = &(current->l); tail = current; } while (nextChunk != data + strlen(data)); if (rv != SECSuccess) { PORT_ArenaRelease(arena, mark); namesList = NULL; } return (namesList); } /* Creates CERTGeneralName from parsed data for the Authority Key Extension */ static CERTGeneralName * crlgen_DistinguishedName(PLArenaPool *arena, CRLGENGeneratorData *crlGenData, const char *data) { CERTName *directoryName = NULL; CERTGeneralName *current; SECStatus rv = SECFailure; void *mark; if (!data) return NULL; PORT_Assert(arena); if (!arena) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } mark = PORT_ArenaMark(arena); current = PORT_ArenaZNew(arena, CERTGeneralName); if (current == NULL) { goto loser; } current->type = certDirectoryName; current->l.next = ¤t->l; current->l.prev = ¤t->l; directoryName = CERT_AsciiToName((char *)data); if (!directoryName) { goto loser; } rv = CERT_CopyName(arena, ¤t->name.directoryName, directoryName); CERT_DestroyName(directoryName); loser: if (rv != SECSuccess) { PORT_SetError(rv); PORT_ArenaRelease(arena, mark); current = NULL; } return (current); } /* Adding Authority Key ID extension to extension handle. */ static SECStatus crlgen_AddAuthKeyID(CRLGENGeneratorData *crlGenData, const char **dataArr) { void *extHandle = NULL; CERTAuthKeyID *authKeyID = NULL; PLArenaPool *arena = NULL; SECStatus rv = SECSuccess; PORT_Assert(dataArr && crlGenData); if (!crlGenData || !dataArr) { return SECFailure; } extHandle = crlGenData->crlExtHandle; if (!dataArr[0] || !dataArr[1] || !dataArr[2]) { PORT_SetError(SEC_ERROR_INVALID_ARGS); crlgen_PrintError(crlGenData->parsedLineNum, "insufficient number of parameters.\n"); return SECFailure; } arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) { return SECFailure; } authKeyID = PORT_ArenaZNew(arena, CERTAuthKeyID); if (authKeyID == NULL) { rv = SECFailure; goto loser; } if (dataArr[3] == NULL) { rv = crlgen_SetString(arena, dataArr[2], &authKeyID->keyID); if (rv != SECSuccess) goto loser; } else { rv = crlgen_SetString(arena, dataArr[3], &authKeyID->authCertSerialNumber); if (rv != SECSuccess) goto loser; authKeyID->authCertIssuer = crlgen_DistinguishedName(arena, crlGenData, dataArr[2]); if (authKeyID->authCertIssuer == NULL && SECFailure == PORT_GetError()) { crlgen_PrintError(crlGenData->parsedLineNum, "syntax error.\n"); rv = SECFailure; goto loser; } } rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, authKeyID, (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE, SEC_OID_X509_AUTH_KEY_ID, (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeAuthKeyID); loser: if (arena) PORT_FreeArena(arena, PR_FALSE); return rv; } /* Creates and add Subject Alternative Names extension */ static SECStatus crlgen_AddIssuerAltNames(CRLGENGeneratorData *crlGenData, const char **dataArr) { CERTGeneralName *nameList = NULL; PLArenaPool *arena = NULL; void *extHandle = NULL; SECStatus rv = SECSuccess; PORT_Assert(dataArr && crlGenData); if (!crlGenData || !dataArr) { return SECFailure; } if (!dataArr || !dataArr[0] || !dataArr[1] || !dataArr[2]) { PORT_SetError(SEC_ERROR_INVALID_ARGS); crlgen_PrintError(crlGenData->parsedLineNum, "insufficient number of arguments.\n"); return SECFailure; } PORT_Assert(dataArr && crlGenData); if (!crlGenData || !dataArr) { return SECFailure; } extHandle = crlGenData->crlExtHandle; if (!dataArr[0] || !dataArr[1] || !dataArr[2]) { PORT_SetError(SEC_ERROR_INVALID_ARGS); crlgen_PrintError(crlGenData->parsedLineNum, "insufficient number of parameters.\n"); return SECFailure; } arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) { return SECFailure; } nameList = crlgen_GetGeneralName(arena, crlGenData, dataArr[2]); if (nameList == NULL) { crlgen_PrintError(crlGenData->parsedLineNum, "syntax error.\n"); rv = SECFailure; goto loser; } rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, nameList, (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE, SEC_OID_X509_ISSUER_ALT_NAME, (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeAltNameExtension); loser: if (arena) PORT_FreeArena(arena, PR_FALSE); return rv; } /* Creates and adds CRLNumber extension to extension handle. * Since, this is CRL extension, extension handle is the one * related to CRL extensions */ static SECStatus crlgen_AddCrlNumber(CRLGENGeneratorData *crlGenData, const char **dataArr) { PLArenaPool *arena = NULL; SECItem encodedItem; void *dummy; SECStatus rv = SECFailure; int code = 0; PORT_Assert(dataArr && crlGenData); if (!crlGenData || !dataArr) { goto loser; } if (!dataArr[0] || !dataArr[1] || !dataArr[2]) { PORT_SetError(SEC_ERROR_INVALID_ARGS); crlgen_PrintError(crlGenData->parsedLineNum, "insufficient number of arguments.\n"); goto loser; } arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { goto loser; } code = atoi(dataArr[2]); if (code == 0 && *dataArr[2] != '0') { PORT_SetError(SEC_ERROR_INVALID_ARGS); goto loser; } dummy = SEC_ASN1EncodeInteger(arena, &encodedItem, code); if (!dummy) { rv = SECFailure; goto loser; } rv = CERT_AddExtension(crlGenData->crlExtHandle, SEC_OID_X509_CRL_NUMBER, &encodedItem, (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE, PR_TRUE); loser: if (arena) PORT_FreeArena(arena, PR_FALSE); return rv; } /* Creates Cert Revocation Reason code extension. Encodes it and * returns as SECItem structure */ static SECItem * crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr, int *extCode) { SECItem *encodedItem; void *dummy; void *mark = NULL; int code = 0; PORT_Assert(arena && dataArr); if (!arena || !dataArr) { goto loser; } mark = PORT_ArenaMark(arena); encodedItem = PORT_ArenaZNew(arena, SECItem); if (encodedItem == NULL) { goto loser; } if (dataArr[2] == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); goto loser; } code = atoi(dataArr[2]); /* aACompromise(10) is the last possible of the values * for the Reason Core Extension */ if ((code == 0 && *dataArr[2] != '0') || code > 10) { PORT_SetError(SEC_ERROR_INVALID_ARGS); goto loser; } dummy = SEC_ASN1EncodeInteger(arena, encodedItem, code); if (!dummy) { goto loser; } *extCode = SEC_OID_X509_REASON_CODE; return encodedItem; loser: if (mark) { PORT_ArenaRelease(arena, mark); } return NULL; } /* Creates Cert Invalidity Date extension. Encodes it and * returns as SECItem structure */ static SECItem * crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr, int *extCode) { SECItem *encodedItem; int length = 0; void *mark = NULL; PORT_Assert(arena && dataArr); if (!arena || !dataArr) { goto loser; } mark = PORT_ArenaMark(arena); encodedItem = PORT_ArenaZNew(arena, SECItem); if (encodedItem == NULL) { goto loser; } length = PORT_Strlen(dataArr[2]); encodedItem->type = siGeneralizedTime; encodedItem->data = PORT_ArenaAlloc(arena, length); if (!encodedItem->data) { goto loser; } PORT_Memcpy(encodedItem->data, dataArr[2], (encodedItem->len = length) * sizeof(char)); *extCode = SEC_OID_X509_INVALID_DATE; return encodedItem; loser: if (mark) { PORT_ArenaRelease(arena, mark); } return NULL; } /* Creates(by calling extCreator function) and adds extension to a set * of already added certs. Uses values of rangeFrom and rangeTo from * CRLGENCrlGenCtl structure for identifying the inclusive set of certs */ static SECStatus crlgen_AddEntryExtension(CRLGENGeneratorData *crlGenData, const char **dataArr, char *extName, SECItem *(*extCreator)(PLArenaPool *arena, const char **dataArr, int *extCode)) { PRUint64 i = 0; SECStatus rv = SECFailure; int extCode = 0; PRUint64 lastRange; SECItem *ext = NULL; PLArenaPool *arena = NULL; PORT_Assert(crlGenData && dataArr); if (!crlGenData || !dataArr) { goto loser; } if (!dataArr[0] || !dataArr[1]) { PORT_SetError(SEC_ERROR_INVALID_ARGS); crlgen_PrintError(crlGenData->parsedLineNum, "insufficient number of arguments.\n"); } lastRange = crlGenData->rangeTo - crlGenData->rangeFrom + 1; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { goto loser; } ext = extCreator(arena, dataArr, &extCode); if (ext == NULL) { crlgen_PrintError(crlGenData->parsedLineNum, "got error while creating extension: %s\n", extName); goto loser; } for (i = 0; i < lastRange; i++) { CRLGENEntryData *extData = NULL; void *extHandle = NULL; SECItem *certIdItem = SEC_ASN1EncodeInteger(arena, NULL, crlGenData->rangeFrom + i); if (!certIdItem) { rv = SECFailure; goto loser; } extData = crlgen_FindEntry(crlGenData, certIdItem); if (!extData) { crlgen_PrintError(crlGenData->parsedLineNum, "can not add extension: crl entry " "(serial number: %d) is not in the list yet.\n", crlGenData->rangeFrom + i); continue; } extHandle = extData->extHandle; if (extHandle == NULL) { extHandle = extData->extHandle = CERT_StartCRLEntryExtensions(&crlGenData->signCrl->crl, (CERTCrlEntry *)extData->entry); } rv = CERT_AddExtension(extHandle, extCode, ext, (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE, PR_TRUE); if (rv == SECFailure) { goto loser; } } loser: if (arena) PORT_FreeArena(arena, PR_FALSE); return rv; } /* Commits all added entries and their's extensions into CRL. */ SECStatus CRLGEN_CommitExtensionsAndEntries(CRLGENGeneratorData *crlGenData) { int size = 0; CERTCrl *crl; PLArenaPool *arena; SECStatus rv = SECSuccess; void *mark; PORT_Assert(crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena); if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } arena = crlGenData->signCrl->arena; crl = &crlGenData->signCrl->crl; mark = PORT_ArenaMark(arena); if (crlGenData->crlExtHandle) CERT_FinishExtensions(crlGenData->crlExtHandle); size = crlGenData->entryDataHashTable->nentries; crl->entries = NULL; if (size) { crl->entries = PORT_ArenaZNewArray(arena, CERTCrlEntry *, size + 1); if (!crl->entries) { rv = SECFailure; } else { struct commitData dt; dt.entries = crl->entries; dt.pos = 0; PL_HashTableEnumerateEntries(crlGenData->entryDataHashTable, &crlgen_CommitEntryData, &dt); /* Last should be NULL */ crl->entries[size] = NULL; } } if (rv != SECSuccess) PORT_ArenaRelease(arena, mark); return rv; } /* Initializes extHandle with data from extensions array */ static SECStatus crlgen_InitExtensionHandle(void *extHandle, CERTCertExtension **extensions) { CERTCertExtension *extension = NULL; if (!extensions) return SECSuccess; PORT_Assert(extHandle != NULL); if (!extHandle) { return SECFailure; } extension = *extensions; while (extension) { SECOidTag oidTag = SECOID_FindOIDTag(&extension->id); /* shell we skip unknown extensions? */ CERT_AddExtension(extHandle, oidTag, &extension->value, (extension->critical.len != 0) ? PR_TRUE : PR_FALSE, PR_FALSE); extension = *(++extensions); } return SECSuccess; } /* Used for initialization of extension handles for crl and certs * extensions from existing CRL data then modifying existing CRL.*/ SECStatus CRLGEN_ExtHandleInit(CRLGENGeneratorData *crlGenData) { CERTCrl *crl = NULL; PRUint64 maxSN = 0; PORT_Assert(crlGenData && crlGenData->signCrl && crlGenData->entryDataHashTable); if (!crlGenData || !crlGenData->signCrl || !crlGenData->entryDataHashTable) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } crl = &crlGenData->signCrl->crl; crlGenData->crlExtHandle = CERT_StartCRLExtensions(crl); crlgen_InitExtensionHandle(crlGenData->crlExtHandle, crl->extensions); crl->extensions = NULL; if (crl->entries) { CERTCrlEntry **entry = crl->entries; while (*entry) { PRUint64 sn = DER_GetInteger(&(*entry)->serialNumber); CRLGENEntryData *extData = crlgen_PlaceAnEntry(crlGenData, *entry, &(*entry)->serialNumber); if ((*entry)->extensions) { extData->extHandle = CERT_StartCRLEntryExtensions(&crlGenData->signCrl->crl, (CERTCrlEntry *)extData->entry); if (crlgen_InitExtensionHandle(extData->extHandle, (*entry)->extensions) == SECFailure) return SECFailure; } (*entry)->extensions = NULL; entry++; maxSN = PR_MAX(maxSN, sn); } } crlGenData->rangeFrom = crlGenData->rangeTo = maxSN + 1; return SECSuccess; } /***************************************************************************** * Parser trigger functions start here */ /* Sets new internal range value for add/rm certs.*/ static SECStatus crlgen_SetNewRangeField(CRLGENGeneratorData *crlGenData, char *value) { long rangeFrom = 0, rangeTo = 0; char *dashPos = NULL; PORT_Assert(crlGenData); if (!crlGenData) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } if (value == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); crlgen_PrintError(crlGenData->parsedLineNum, "insufficient number of arguments.\n"); return SECFailure; } if ((dashPos = strchr(value, '-')) != NULL) { char *rangeToS, *rangeFromS = value; *dashPos = '\0'; rangeFrom = atoi(rangeFromS); *dashPos = '-'; rangeToS = (char *)(dashPos + 1); rangeTo = atol(rangeToS); } else { rangeFrom = atol(value); rangeTo = rangeFrom; } if (rangeFrom < 1 || rangeTo < rangeFrom) { PORT_SetError(SEC_ERROR_INVALID_ARGS); crlgen_PrintError(crlGenData->parsedLineNum, "bad cert id range: %s.\n", value); return SECFailure; } crlGenData->rangeFrom = rangeFrom; crlGenData->rangeTo = rangeTo; return SECSuccess; } /* Changes issuer subject field in CRL. By default this data is taken from * issuer cert subject field.Not yet implemented */ static SECStatus crlgen_SetIssuerField(CRLGENGeneratorData *crlGenData, char *value) { crlgen_PrintError(crlGenData->parsedLineNum, "Can not change CRL issuer field.\n"); return SECFailure; } /* Encode and sets CRL thisUpdate and nextUpdate time fields*/ static SECStatus crlgen_SetTimeField(CRLGENGeneratorData *crlGenData, char *value, PRBool setThisUpdate) { CERTSignedCrl *signCrl; PLArenaPool *arena; CERTCrl *crl; int length = 0; SECItem *timeDest = NULL; PORT_Assert(crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena); if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } signCrl = crlGenData->signCrl; arena = signCrl->arena; crl = &signCrl->crl; if (value == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); crlgen_PrintError(crlGenData->parsedLineNum, "insufficient number of arguments.\n"); return SECFailure; } length = PORT_Strlen(value); if (setThisUpdate == PR_TRUE) { timeDest = &crl->lastUpdate; } else { timeDest = &crl->nextUpdate; } timeDest->type = siGeneralizedTime; timeDest->data = PORT_ArenaAlloc(arena, length); if (!timeDest->data) { return SECFailure; } PORT_Memcpy(timeDest->data, value, length); timeDest->len = length; return SECSuccess; } /* Adds new extension into CRL or added cert handles */ static SECStatus crlgen_AddExtension(CRLGENGeneratorData *crlGenData, const char **extData) { PORT_Assert(crlGenData && crlGenData->crlExtHandle); if (!crlGenData || !crlGenData->crlExtHandle) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } if (extData == NULL || *extData == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); crlgen_PrintError(crlGenData->parsedLineNum, "insufficient number of arguments.\n"); return SECFailure; } if (!PORT_Strcmp(*extData, "authKeyId")) return crlgen_AddAuthKeyID(crlGenData, extData); else if (!PORT_Strcmp(*extData, "issuerAltNames")) return crlgen_AddIssuerAltNames(crlGenData, extData); else if (!PORT_Strcmp(*extData, "crlNumber")) return crlgen_AddCrlNumber(crlGenData, extData); else if (!PORT_Strcmp(*extData, "reasonCode")) return crlgen_AddEntryExtension(crlGenData, extData, "reasonCode", crlgen_CreateReasonCode); else if (!PORT_Strcmp(*extData, "invalidityDate")) return crlgen_AddEntryExtension(crlGenData, extData, "invalidityDate", crlgen_CreateInvalidityDate); else { PORT_SetError(SEC_ERROR_INVALID_ARGS); crlgen_PrintError(crlGenData->parsedLineNum, "insufficient number of arguments.\n"); return SECFailure; } } /* Created CRLGENEntryData for cert with serial number certId and * adds it to entryDataHashTable. certId can be a single cert serial * number or an inclusive rage of certs */ static SECStatus crlgen_AddCert(CRLGENGeneratorData *crlGenData, char *certId, char *revocationDate) { CERTSignedCrl *signCrl; SECItem *certIdItem; PLArenaPool *arena; PRUint64 rangeFrom = 0, rangeTo = 0, i = 0; int timeValLength = -1; SECStatus rv = SECFailure; void *mark; PORT_Assert(crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena); if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } signCrl = crlGenData->signCrl; arena = signCrl->arena; if (!certId || !revocationDate) { PORT_SetError(SEC_ERROR_INVALID_ARGS); crlgen_PrintError(crlGenData->parsedLineNum, "insufficient number of arguments.\n"); return SECFailure; } timeValLength = strlen(revocationDate); if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure && certId) { return SECFailure; } rangeFrom = crlGenData->rangeFrom; rangeTo = crlGenData->rangeTo; for (i = 0; i < rangeTo - rangeFrom + 1; i++) { CERTCrlEntry *entry; mark = PORT_ArenaMark(arena); entry = PORT_ArenaZNew(arena, CERTCrlEntry); if (entry == NULL) { goto loser; } certIdItem = SEC_ASN1EncodeInteger(arena, &entry->serialNumber, rangeFrom + i); if (!certIdItem) { goto loser; } if (crlgen_FindEntry(crlGenData, certIdItem)) { crlgen_PrintError(crlGenData->parsedLineNum, "entry already exists. Use \"range\" " "and \"rmcert\" before adding a new one with the " "same serial number %ld\n", rangeFrom + i); goto loser; } entry->serialNumber.type = siBuffer; entry->revocationDate.type = siGeneralizedTime; entry->revocationDate.data = PORT_ArenaAlloc(arena, timeValLength); if (entry->revocationDate.data == NULL) { goto loser; } PORT_Memcpy(entry->revocationDate.data, revocationDate, timeValLength * sizeof(char)); entry->revocationDate.len = timeValLength; entry->extensions = NULL; if (!crlgen_PlaceAnEntry(crlGenData, entry, certIdItem)) { goto loser; } mark = NULL; } rv = SECSuccess; loser: if (mark) { PORT_ArenaRelease(arena, mark); } return rv; } /* Removes certs from entryDataHashTable which have certId serial number. * certId can have value of a range of certs */ static SECStatus crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId) { PRUint64 i = 0; PORT_Assert(crlGenData && certId); if (!crlGenData || !certId) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure && certId) { return SECFailure; } for (i = 0; i < crlGenData->rangeTo - crlGenData->rangeFrom + 1; i++) { SECItem *certIdItem = SEC_ASN1EncodeInteger(NULL, NULL, crlGenData->rangeFrom + i); if (certIdItem) { CRLGENEntryData *extData = crlgen_FindEntry(crlGenData, certIdItem); if (!extData) { printf("Cert with id %s is not in the list\n", certId); } else { crlgen_RmEntry(crlGenData, certIdItem); } SECITEM_FreeItem(certIdItem, PR_TRUE); } } return SECSuccess; } /************************************************************************* * Lex Parser Helper functions are used to store parsed information * in context related structures. Context(or state) is identified base on * a type of a instruction parser currently is going through. New context * is identified by first token in a line. It can be addcert context, * addext context, etc. */ /* Updates CRL field depending on current context */ static SECStatus crlgen_updateCrlFn_field(CRLGENGeneratorData *crlGenData, void *str) { CRLGENCrlField *fieldStr = (CRLGENCrlField *)str; PORT_Assert(crlGenData); if (!crlGenData) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } switch (crlGenData->contextId) { case CRLGEN_ISSUER_CONTEXT: crlgen_SetIssuerField(crlGenData, fieldStr->value); break; case CRLGEN_UPDATE_CONTEXT: return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_TRUE); break; case CRLGEN_NEXT_UPDATE_CONTEXT: return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_FALSE); break; case CRLGEN_CHANGE_RANGE_CONTEXT: return crlgen_SetNewRangeField(crlGenData, fieldStr->value); break; default: crlgen_PrintError(crlGenData->parsedLineNum, "syntax error (unknow token type: %d)\n", crlGenData->contextId); PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } return SECSuccess; } /* Sets parsed data for CRL field update into temporary structure */ static SECStatus crlgen_setNextDataFn_field(CRLGENGeneratorData *crlGenData, void *str, void *data, unsigned short dtype) { CRLGENCrlField *fieldStr = (CRLGENCrlField *)str; PORT_Assert(crlGenData); if (!crlGenData) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } switch (crlGenData->contextId) { case CRLGEN_CHANGE_RANGE_CONTEXT: if (dtype != CRLGEN_TYPE_DIGIT && dtype != CRLGEN_TYPE_DIGIT_RANGE) { crlgen_PrintError(crlGenData->parsedLineNum, "range value should have " "numeric or numeric range values.\n"); return SECFailure; } break; case CRLGEN_NEXT_UPDATE_CONTEXT: case CRLGEN_UPDATE_CONTEXT: if (dtype != CRLGEN_TYPE_ZDATE) { crlgen_PrintError(crlGenData->parsedLineNum, "bad formated date. Should be " "YYYYMMDDHHMMSSZ.\n"); return SECFailure; } break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); crlgen_PrintError(crlGenData->parsedLineNum, "syntax error (unknow token type: %d).\n", crlGenData->contextId, data); return SECFailure; } fieldStr->value = PORT_Strdup(data); if (!fieldStr->value) { return SECFailure; } return SECSuccess; } /* Triggers cert entries update depending on current context */ static SECStatus crlgen_updateCrlFn_cert(CRLGENGeneratorData *crlGenData, void *str) { CRLGENCertEntry *certStr = (CRLGENCertEntry *)str; PORT_Assert(crlGenData); if (!crlGenData) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } switch (crlGenData->contextId) { case CRLGEN_ADD_CERT_CONTEXT: return crlgen_AddCert(crlGenData, certStr->certId, certStr->revocationTime); case CRLGEN_RM_CERT_CONTEXT: return crlgen_RmCert(crlGenData, certStr->certId); default: PORT_SetError(SEC_ERROR_INVALID_ARGS); crlgen_PrintError(crlGenData->parsedLineNum, "syntax error (unknow token type: %d).\n", crlGenData->contextId); return SECFailure; } } /* Sets parsed data for CRL entries update into temporary structure */ static SECStatus crlgen_setNextDataFn_cert(CRLGENGeneratorData *crlGenData, void *str, void *data, unsigned short dtype) { CRLGENCertEntry *certStr = (CRLGENCertEntry *)str; PORT_Assert(crlGenData); if (!crlGenData) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } switch (dtype) { case CRLGEN_TYPE_DIGIT: case CRLGEN_TYPE_DIGIT_RANGE: certStr->certId = PORT_Strdup(data); if (!certStr->certId) { return SECFailure; } break; case CRLGEN_TYPE_DATE: case CRLGEN_TYPE_ZDATE: certStr->revocationTime = PORT_Strdup(data); if (!certStr->revocationTime) { return SECFailure; } break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); crlgen_PrintError(crlGenData->parsedLineNum, "syntax error (unknow token type: %d).\n", crlGenData->contextId); return SECFailure; } return SECSuccess; } /* Triggers cert entries/crl extension update */ static SECStatus crlgen_updateCrlFn_extension(CRLGENGeneratorData *crlGenData, void *str) { CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry *)str; return crlgen_AddExtension(crlGenData, (const char **)extStr->extData); } /* Defines maximum number of fields extension may have */ #define MAX_EXT_DATA_LENGTH 10 /* Sets parsed extension data for CRL entries/CRL extensions update * into temporary structure */ static SECStatus crlgen_setNextDataFn_extension(CRLGENGeneratorData *crlGenData, void *str, void *data, unsigned short dtype) { CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry *)str; PORT_Assert(crlGenData); if (!crlGenData) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } if (extStr->extData == NULL) { extStr->extData = PORT_ZNewArray(char *, MAX_EXT_DATA_LENGTH); if (!extStr->extData) { return SECFailure; } } if (extStr->nextUpdatedData >= MAX_EXT_DATA_LENGTH) { PORT_SetError(SEC_ERROR_INVALID_ARGS); crlgen_PrintError(crlGenData->parsedLineNum, "number of fields in extension " "exceeded maximum allowed data length: %d.\n", MAX_EXT_DATA_LENGTH); return SECFailure; } extStr->extData[extStr->nextUpdatedData] = PORT_Strdup(data); if (!extStr->extData[extStr->nextUpdatedData]) { return SECFailure; } extStr->nextUpdatedData += 1; return SECSuccess; } /**************************************************************************************** * Top level functions are triggered directly by parser. */ /* * crl generation script parser recreates a temporary data staructure * for each line it is going through. This function cleans temp structure. */ void crlgen_destroyTempData(CRLGENGeneratorData *crlGenData) { if (crlGenData->contextId != CRLGEN_UNKNOWN_CONTEXT) { switch (crlGenData->contextId) { case CRLGEN_ISSUER_CONTEXT: case CRLGEN_UPDATE_CONTEXT: case CRLGEN_NEXT_UPDATE_CONTEXT: case CRLGEN_CHANGE_RANGE_CONTEXT: if (crlGenData->crlField->value) PORT_Free(crlGenData->crlField->value); PORT_Free(crlGenData->crlField); break; case CRLGEN_ADD_CERT_CONTEXT: case CRLGEN_RM_CERT_CONTEXT: if (crlGenData->certEntry->certId) PORT_Free(crlGenData->certEntry->certId); if (crlGenData->certEntry->revocationTime) PORT_Free(crlGenData->certEntry->revocationTime); PORT_Free(crlGenData->certEntry); break; case CRLGEN_ADD_EXTENSION_CONTEXT: if (crlGenData->extensionEntry->extData) { int i = 0; for (; i < crlGenData->extensionEntry->nextUpdatedData; i++) PORT_Free(*(crlGenData->extensionEntry->extData + i)); PORT_Free(crlGenData->extensionEntry->extData); } PORT_Free(crlGenData->extensionEntry); break; } crlGenData->contextId = CRLGEN_UNKNOWN_CONTEXT; } } SECStatus crlgen_updateCrl(CRLGENGeneratorData *crlGenData) { SECStatus rv = SECSuccess; PORT_Assert(crlGenData); if (!crlGenData) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } switch (crlGenData->contextId) { case CRLGEN_ISSUER_CONTEXT: case CRLGEN_UPDATE_CONTEXT: case CRLGEN_NEXT_UPDATE_CONTEXT: case CRLGEN_CHANGE_RANGE_CONTEXT: rv = crlGenData->crlField->updateCrlFn(crlGenData, crlGenData->crlField); break; case CRLGEN_RM_CERT_CONTEXT: case CRLGEN_ADD_CERT_CONTEXT: rv = crlGenData->certEntry->updateCrlFn(crlGenData, crlGenData->certEntry); break; case CRLGEN_ADD_EXTENSION_CONTEXT: rv = crlGenData->extensionEntry->updateCrlFn(crlGenData, crlGenData->extensionEntry); break; case CRLGEN_UNKNOWN_CONTEXT: break; default: crlgen_PrintError(crlGenData->parsedLineNum, "unknown lang context type code: %d.\n", crlGenData->contextId); PORT_Assert(0); return SECFailure; } /* Clrean structures after crl update */ crlgen_destroyTempData(crlGenData); crlGenData->parsedLineNum += 1; return rv; } SECStatus crlgen_setNextData(CRLGENGeneratorData *crlGenData, void *data, unsigned short dtype) { SECStatus rv = SECSuccess; PORT_Assert(crlGenData); if (!crlGenData) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } switch (crlGenData->contextId) { case CRLGEN_ISSUER_CONTEXT: case CRLGEN_UPDATE_CONTEXT: case CRLGEN_NEXT_UPDATE_CONTEXT: case CRLGEN_CHANGE_RANGE_CONTEXT: rv = crlGenData->crlField->setNextDataFn(crlGenData, crlGenData->crlField, data, dtype); break; case CRLGEN_ADD_CERT_CONTEXT: case CRLGEN_RM_CERT_CONTEXT: rv = crlGenData->certEntry->setNextDataFn(crlGenData, crlGenData->certEntry, data, dtype); break; case CRLGEN_ADD_EXTENSION_CONTEXT: rv = crlGenData->extensionEntry->setNextDataFn(crlGenData, crlGenData->extensionEntry, data, dtype); break; case CRLGEN_UNKNOWN_CONTEXT: break; default: crlgen_PrintError(crlGenData->parsedLineNum, "unknown context type: %d.\n", crlGenData->contextId); PORT_Assert(0); return SECFailure; } return rv; } SECStatus crlgen_createNewLangStruct(CRLGENGeneratorData *crlGenData, unsigned structType) { PORT_Assert(crlGenData && crlGenData->contextId == CRLGEN_UNKNOWN_CONTEXT); if (!crlGenData || crlGenData->contextId != CRLGEN_UNKNOWN_CONTEXT) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } switch (structType) { case CRLGEN_ISSUER_CONTEXT: case CRLGEN_UPDATE_CONTEXT: case CRLGEN_NEXT_UPDATE_CONTEXT: case CRLGEN_CHANGE_RANGE_CONTEXT: crlGenData->crlField = PORT_New(CRLGENCrlField); if (!crlGenData->crlField) { return SECFailure; } crlGenData->contextId = structType; crlGenData->crlField->value = NULL; crlGenData->crlField->updateCrlFn = &crlgen_updateCrlFn_field; crlGenData->crlField->setNextDataFn = &crlgen_setNextDataFn_field; break; case CRLGEN_RM_CERT_CONTEXT: case CRLGEN_ADD_CERT_CONTEXT: crlGenData->certEntry = PORT_New(CRLGENCertEntry); if (!crlGenData->certEntry) { return SECFailure; } crlGenData->contextId = structType; crlGenData->certEntry->certId = 0; crlGenData->certEntry->revocationTime = NULL; crlGenData->certEntry->updateCrlFn = &crlgen_updateCrlFn_cert; crlGenData->certEntry->setNextDataFn = &crlgen_setNextDataFn_cert; break; case CRLGEN_ADD_EXTENSION_CONTEXT: crlGenData->extensionEntry = PORT_New(CRLGENExtensionEntry); if (!crlGenData->extensionEntry) { return SECFailure; } crlGenData->contextId = structType; crlGenData->extensionEntry->extData = NULL; crlGenData->extensionEntry->nextUpdatedData = 0; crlGenData->extensionEntry->updateCrlFn = &crlgen_updateCrlFn_extension; crlGenData->extensionEntry->setNextDataFn = &crlgen_setNextDataFn_extension; break; case CRLGEN_UNKNOWN_CONTEXT: break; default: crlgen_PrintError(crlGenData->parsedLineNum, "unknown context type: %d.\n", structType); PORT_Assert(0); return SECFailure; } return SECSuccess; } /* Parser initialization function */ CRLGENGeneratorData * CRLGEN_InitCrlGeneration(CERTSignedCrl *signCrl, PRFileDesc *src) { CRLGENGeneratorData *crlGenData = NULL; PORT_Assert(signCrl && src); if (!signCrl || !src) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } crlGenData = PORT_ZNew(CRLGENGeneratorData); if (!crlGenData) { return NULL; } crlGenData->entryDataHashTable = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare, PL_CompareValues, NULL, NULL); if (!crlGenData->entryDataHashTable) { PORT_Free(crlGenData); return NULL; } crlGenData->src = src; crlGenData->parsedLineNum = 1; crlGenData->contextId = CRLGEN_UNKNOWN_CONTEXT; crlGenData->signCrl = signCrl; crlGenData->rangeFrom = 0; crlGenData->rangeTo = 0; crlGenData->crlExtHandle = NULL; PORT_SetError(0); return crlGenData; } void CRLGEN_FinalizeCrlGeneration(CRLGENGeneratorData *crlGenData) { if (!crlGenData) return; if (crlGenData->src) PR_Close(crlGenData->src); PL_HashTableDestroy(crlGenData->entryDataHashTable); PORT_Free(crlGenData); } nss-pem.git/nss/nss/cmd/crlutil/crlgen.h0000664000000000000000000001606113252671167015402 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #ifndef _CRLGEN_H_ #define _CRLGEN_H_ #include "prio.h" #include "prprf.h" #include "plhash.h" #include "seccomon.h" #include "certt.h" #include "secoidt.h" #define CRLGEN_UNKNOWN_CONTEXT 0 #define CRLGEN_ISSUER_CONTEXT 1 #define CRLGEN_UPDATE_CONTEXT 2 #define CRLGEN_NEXT_UPDATE_CONTEXT 3 #define CRLGEN_ADD_EXTENSION_CONTEXT 4 #define CRLGEN_ADD_CERT_CONTEXT 6 #define CRLGEN_CHANGE_RANGE_CONTEXT 7 #define CRLGEN_RM_CERT_CONTEXT 8 #define CRLGEN_TYPE_DATE 0 #define CRLGEN_TYPE_ZDATE 1 #define CRLGEN_TYPE_DIGIT 2 #define CRLGEN_TYPE_DIGIT_RANGE 3 #define CRLGEN_TYPE_OID 4 #define CRLGEN_TYPE_STRING 5 #define CRLGEN_TYPE_ID 6 typedef struct CRLGENGeneratorDataStr CRLGENGeneratorData; typedef struct CRLGENEntryDataStr CRLGENEntryData; typedef struct CRLGENExtensionEntryStr CRLGENExtensionEntry; typedef struct CRLGENCertEntrySrt CRLGENCertEntry; typedef struct CRLGENCrlFieldStr CRLGENCrlField; typedef struct CRLGENEntriesSortedDataStr CRLGENEntriesSortedData; /* Exported functions */ /* Used for initialization of extension handles for crl and certs * extensions from existing CRL data then modifying existing CRL.*/ extern SECStatus CRLGEN_ExtHandleInit(CRLGENGeneratorData *crlGenData); /* Commits all added entries and their's extensions into CRL. */ extern SECStatus CRLGEN_CommitExtensionsAndEntries(CRLGENGeneratorData *crlGenData); /* Lunches the crl generation script parse */ extern SECStatus CRLGEN_StartCrlGen(CRLGENGeneratorData *crlGenData); /* Closes crl generation script file and frees crlGenData */ extern void CRLGEN_FinalizeCrlGeneration(CRLGENGeneratorData *crlGenData); /* Parser initialization function. Creates CRLGENGeneratorData structure * for the current thread */ extern CRLGENGeneratorData *CRLGEN_InitCrlGeneration(CERTSignedCrl *newCrl, PRFileDesc *src); /* This lock is defined in crlgen_lex.c(derived from crlgen_lex.l). * It controls access to invocation of yylex, allows to parse one * script at a time */ extern void CRLGEN_InitCrlGenParserLock(); extern void CRLGEN_DestroyCrlGenParserLock(); /* The following function types are used to define functions for each of * CRLGENExtensionEntryStr, CRLGENCertEntrySrt, CRLGENCrlFieldStr to * provide functionality needed for these structures*/ typedef SECStatus updateCrlFn_t(CRLGENGeneratorData *crlGenData, void *str); typedef SECStatus setNextDataFn_t(CRLGENGeneratorData *crlGenData, void *str, void *data, unsigned short dtype); typedef SECStatus createNewLangStructFn_t(CRLGENGeneratorData *crlGenData, void *str, unsigned i); /* Sets reports failure to parser if anything goes wrong */ extern void crlgen_setFailure(CRLGENGeneratorData *str, char *); /* Collects data in to one of the current data structure that corresponds * to the correct context type. This function gets called after each token * is found for a particular line */ extern SECStatus crlgen_setNextData(CRLGENGeneratorData *str, void *data, unsigned short dtype); /* initiates crl update with collected data. This function is called at the * end of each line */ extern SECStatus crlgen_updateCrl(CRLGENGeneratorData *str); /* Creates new context structure depending on token that was parsed * at the beginning of a line */ extern SECStatus crlgen_createNewLangStruct(CRLGENGeneratorData *str, unsigned structType); /* CRLGENExtensionEntry is used to store addext request data for either * CRL extensions or CRL entry extensions. The differentiation between * is based on order and type of extension been added. * - extData : all data in request staring from name of the extension are * in saved here. * - nextUpdatedData: counter of elements added to extData */ struct CRLGENExtensionEntryStr { char **extData; int nextUpdatedData; updateCrlFn_t *updateCrlFn; setNextDataFn_t *setNextDataFn; }; /* CRLGENCeryestEntry is used to store addcert request data * - certId : certificate id or range of certificate with dash as a delimiter * All certs from range will be inclusively added to crl * - revocationTime: revocation time of cert(s) */ struct CRLGENCertEntrySrt { char *certId; char *revocationTime; updateCrlFn_t *updateCrlFn; setNextDataFn_t *setNextDataFn; }; /* CRLGENCrlField is used to store crl fields record like update time, next * update time, etc. * - value: value of the parsed field data*/ struct CRLGENCrlFieldStr { char *value; updateCrlFn_t *updateCrlFn; setNextDataFn_t *setNextDataFn; }; /* Can not create entries extension until completely done with parsing. * Therefore need to keep joined data * - certId : serial number of certificate * - extHandle: head pointer to a list of extensions that belong to * entry * - entry : CERTCrlEntry structure pointer*/ struct CRLGENEntryDataStr { SECItem *certId; void *extHandle; CERTCrlEntry *entry; }; /* Crl generator/parser main structure. Keeps info regarding current state of * parser(context, status), parser helper functions pointers, parsed data and * generated data. * - contextId : current parsing context. Context in this parser environment * defines what type of crl operations parser is going through * in the current line of crl generation script. * setting or new cert or an extension addition, etc. * - createNewLangStructFn: pointer to top level function which creates * data structures according contextId * - setNextDataFn : pointer to top level function which sets new parsed data * in temporary structure * - updateCrlFn : pointer to top level function which triggers actual * crl update functions with gathered data * - union : data union create according to contextId * - rangeFrom, rangeTo : holds last range in which certs was added * - newCrl : pointer to CERTSignedCrl newly created crl * - crlExtHandle : pointer to crl extension handle * - entryDataHashTable: hash of CRLGENEntryData. * key: cert serial number * data: CRLGENEntryData pointer * - parserStatus : current status of parser. Triggers parser to abort when * set to SECFailure * - src : PRFileDesc structure pointer of crl generator config file * - parsedLineNum : currently parsing line. Keeping it to report errors */ struct CRLGENGeneratorDataStr { unsigned short contextId; CRLGENCrlField *crlField; CRLGENCertEntry *certEntry; CRLGENExtensionEntry *extensionEntry; PRUint64 rangeFrom; PRUint64 rangeTo; CERTSignedCrl *signCrl; void *crlExtHandle; PLHashTable *entryDataHashTable; PRFileDesc *src; int parsedLineNum; }; #endif /* _CRLGEN_H_ */ nss-pem.git/nss/nss/cmd/crlutil/crlgen_lex.c0000664000000000000000000015045413252671167016252 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* A lexical scanner generated by flex */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 #include #ifdef _WIN32 #include #else #include #endif /* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ #ifdef c_plusplus #ifndef __cplusplus #define __cplusplus #endif #endif #ifdef __cplusplus #include /* Use prototypes in function declarations. */ #define YY_USE_PROTOS /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST #else /* ! __cplusplus */ #if __STDC__ #define YY_USE_PROTOS #define YY_USE_CONST #endif /* __STDC__ */ #endif /* ! __cplusplus */ #ifdef __TURBOC__ #pragma warn - rch #pragma warn - use #include #include #define YY_USE_CONST #define YY_USE_PROTOS #endif #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif #ifdef YY_USE_PROTOS #define YY_PROTO(proto) proto #else #define YY_PROTO(proto) () #endif /* Returned upon end-of-file. */ #define YY_NULL 0 /* Promotes a possibly negative, possibly signed char to an unsigned * integer for use as an array index. If the signed char is negative, * we want to instead treat it as an 8-bit unsigned char, hence the * double cast. */ #define YY_SC_TO_UI(c) ((unsigned int)(unsigned char)c) /* Enter a start condition. This macro really ought to take a parameter, * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ #define BEGIN yy_start = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ #define YY_START ((yy_start - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ #define YY_NEW_FILE yyrestart(yyin) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ #define YY_BUF_SIZE 16384 typedef struct yy_buffer_state *YY_BUFFER_STATE; extern int yyleng; extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 /* The funky do-while in the following #define is used to turn the definition * int a single C statement (which needs a semi-colon terminator). This * avoids problems with code like: * * if ( condition_holds ) * yyless( 5 ); * else * do_something_else(); * * Prior to using the do-while the compiler would get upset at the * "else" because it interpreted the "if" statement as being all * done when it reached the ';' after the yyless() call. */ /* Return all but the first 'n' matched characters back to the input stream. */ #define yyless(n) \ do { \ /* Undo effects of setting up yytext. */ \ *yy_cp = yy_hold_char; \ YY_RESTORE_YY_MORE_OFFSET \ yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } while (0) #define unput(c) yyunput(c, yytext_ptr) /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). */ typedef unsigned int yy_size_t; struct yy_buffer_state { FILE *yy_input_file; char *yy_ch_buf; /* input buffer */ char *yy_buf_pos; /* current position in input buffer */ /* Size of input buffer in bytes, not including room for EOB * characters. */ yy_size_t yy_buf_size; /* Number of characters read into yy_ch_buf, not including EOB * characters. */ int yy_n_chars; /* Whether we "own" the buffer - i.e., we know we created it, * and can realloc() it to grow it, and should free() it to * delete it. */ int yy_is_our_buffer; /* Whether this is an "interactive" input source; if so, and * if we're using stdio for input, then we want to use getc() * instead of fread(), to make sure we stop fetching input after * each newline. */ int yy_is_interactive; /* Whether we're considered to be at the beginning of a line. * If so, '^' rules will be active on the next match, otherwise * not. */ int yy_at_bol; /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process * then we mark the buffer as YY_EOF_PENDING, to indicate that we * shouldn't try reading from the input source any more. We might * still have a bunch of tokens to match, though, because of * possible backing-up. * * When we actually see the EOF, we change the status to "new" * (via yyrestart()), so that the user can continue scanning by * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 }; static YY_BUFFER_STATE yy_current_buffer = 0; /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". */ #define YY_CURRENT_BUFFER yy_current_buffer /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; static int yy_n_chars; /* number of characters read into yy_ch_buf */ int yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *)0; static int yy_init = 1; /* whether we need to initialize */ static int yy_start = 0; /* start state number */ /* Flag which is used to allow yywrap()'s to do buffer switches * instead of setting up a fresh yyin. A bit of a hack ... */ static int yy_did_buffer_switch_on_eof; void yyrestart YY_PROTO((FILE * input_file)); void yy_switch_to_buffer YY_PROTO((YY_BUFFER_STATE new_buffer)); void yy_load_buffer_state YY_PROTO((void)); YY_BUFFER_STATE yy_create_buffer YY_PROTO((FILE * file, int size)); void yy_delete_buffer YY_PROTO((YY_BUFFER_STATE b)); void yy_init_buffer YY_PROTO((YY_BUFFER_STATE b, FILE *file)); void yy_flush_buffer YY_PROTO((YY_BUFFER_STATE b)); #define YY_FLUSH_BUFFER yy_flush_buffer(yy_current_buffer) YY_BUFFER_STATE yy_scan_buffer YY_PROTO((char *base, yy_size_t size)); YY_BUFFER_STATE yy_scan_string YY_PROTO((yyconst char *yy_str)); YY_BUFFER_STATE yy_scan_bytes YY_PROTO((yyconst char *bytes, int len)); static void *yy_flex_alloc YY_PROTO((yy_size_t)); static void *yy_flex_realloc YY_PROTO((void *, yy_size_t)); static void yy_flex_free YY_PROTO((void *)); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ if (!yy_current_buffer) \ yy_current_buffer = yy_create_buffer(yyin, YY_BUF_SIZE); \ yy_current_buffer->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ if (!yy_current_buffer) \ yy_current_buffer = yy_create_buffer(yyin, YY_BUF_SIZE); \ yy_current_buffer->yy_at_bol = at_bol; \ } #define YY_AT_BOL() (yy_current_buffer->yy_at_bol) typedef unsigned char YY_CHAR; FILE *yyin = (FILE *)0, *yyout = (FILE *)0; typedef int yy_state_type; extern char *yytext; #define yytext_ptr yytext static yy_state_type yy_get_previous_state YY_PROTO((void)); static yy_state_type yy_try_NUL_trans YY_PROTO((yy_state_type current_state)); static int yy_get_next_buffer YY_PROTO((void)); static void yy_fatal_error YY_PROTO((yyconst char msg[])); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ yytext_ptr = yy_bp; \ yytext_ptr -= yy_more_len; \ yyleng = (int)(yy_cp - yytext_ptr); \ yy_hold_char = *yy_cp; \ *yy_cp = '\0'; \ yy_c_buf_p = yy_cp; #define YY_NUM_RULES 17 #define YY_END_OF_BUFFER 18 /* clang-format off */ static yyconst short int yy_accept[67] = { 0, 0, 0, 18, 16, 14, 15, 16, 11, 12, 2, 10, 9, 9, 9, 9, 9, 13, 14, 15, 11, 12, 0, 12, 2, 9, 9, 9, 9, 9, 13, 3, 4, 2, 9, 9, 9, 9, 2, 9, 9, 9, 9, 2, 2, 9, 9, 8, 9, 2, 5, 9, 6, 2, 9, 2, 9, 2, 9, 2, 7, 2, 2, 2, 2, 1, 0 } ; static yyconst int yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 5, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 7, 8, 1, 9, 9, 10, 11, 12, 12, 12, 13, 13, 13, 14, 1, 1, 15, 1, 1, 1, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 17, 1, 1, 1, 1, 1, 1, 18, 16, 16, 19, 20, 16, 21, 16, 22, 16, 16, 16, 16, 23, 16, 24, 16, 25, 26, 27, 28, 16, 16, 29, 16, 16, 1, 14, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 } ; static yyconst int yy_meta[30] = { 0, 1, 1, 2, 1, 3, 1, 1, 4, 5, 5, 5, 5, 5, 4, 1, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4 } ; static yyconst short int yy_base[72] = { 0, 0, 149, 154, 205, 138, 205, 103, 0, 0, 23, 205, 29, 30, 31, 32, 33, 0, 99, 205, 0, 0, 0, 50, 55, 34, 61, 41, 63, 64, 0, 0, 0, 79, 65, 68, 86, 66, 99, 105, 88, 106, 90, 118, 76, 107, 110, 89, 125, 43, 91, 127, 128, 138, 144, 113, 129, 154, 160, 160, 130, 172, 166, 177, 144, 0, 205, 190, 192, 194, 199, 76 } ; static yyconst short int yy_def[72] = { 0, 66, 1, 66, 66, 66, 66, 66, 67, 68, 68, 66, 69, 69, 69, 69, 69, 70, 66, 66, 67, 68, 71, 68, 10, 69, 69, 69, 69, 69, 70, 71, 23, 10, 69, 69, 69, 69, 10, 69, 69, 69, 69, 10, 38, 69, 69, 69, 69, 38, 69, 69, 69, 38, 69, 38, 69, 38, 69, 38, 69, 38, 38, 38, 38, 68, 0, 66, 66, 66, 66, 66 } ; static yyconst short int yy_nxt[235] = { 0, 4, 5, 6, 7, 8, 4, 4, 9, 10, 10, 10, 10, 10, 9, 11, 12, 12, 12, 12, 12, 12, 13, 14, 12, 15, 12, 12, 16, 12, 22, 23, 24, 24, 24, 24, 24, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 28, 27, 53, 53, 53, 21, 26, 29, 32, 32, 32, 32, 32, 32, 33, 33, 33, 33, 33, 21, 35, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 31, 21, 37, 42, 44, 36, 34, 38, 38, 38, 38, 38, 39, 21, 40, 21, 21, 21, 21, 21, 18, 21, 21, 21, 21, 19, 41, 43, 44, 44, 44, 44, 21, 21, 21, 46, 48, 21, 21, 21, 21, 57, 57, 21, 45, 47, 49, 49, 49, 49, 49, 50, 21, 51, 21, 21, 21, 21, 21, 18, 21, 21, 21, 21, 52, 54, 55, 55, 55, 55, 55, 21, 44, 66, 17, 58, 66, 21, 66, 66, 65, 56, 59, 59, 59, 59, 59, 21, 61, 61, 61, 61, 66, 21, 63, 63, 63, 63, 66, 60, 62, 62, 62, 62, 62, 64, 64, 64, 64, 64, 20, 20, 66, 20, 20, 21, 21, 25, 25, 30, 66, 30, 30, 30, 3, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66 } ; static yyconst short int yy_chk[235] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 10, 10, 10, 10, 10, 10, 10, 12, 13, 14, 15, 16, 25, 12, 13, 14, 15, 16, 25, 27, 15, 14, 49, 49, 49, 27, 13, 16, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 26, 27, 28, 29, 34, 37, 26, 35, 28, 29, 34, 37, 71, 35, 29, 37, 44, 28, 26, 33, 33, 33, 33, 33, 34, 36, 35, 40, 47, 42, 50, 36, 18, 40, 47, 42, 50, 7, 36, 38, 38, 38, 38, 38, 39, 41, 45, 40, 42, 46, 39, 41, 45, 55, 55, 46, 39, 41, 43, 43, 43, 43, 43, 45, 48, 46, 51, 52, 56, 60, 48, 5, 51, 52, 56, 60, 48, 51, 53, 53, 53, 53, 53, 54, 64, 3, 2, 56, 0, 54, 0, 0, 64, 54, 57, 57, 57, 57, 57, 58, 59, 59, 59, 59, 0, 58, 62, 62, 62, 62, 0, 58, 61, 61, 61, 61, 61, 63, 63, 63, 63, 63, 67, 67, 0, 67, 67, 68, 68, 69, 69, 70, 0, 70, 70, 70, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, 66 } ; /* clang-format on */ static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ #define REJECT reject_used_but_not_detected static int yy_more_flag = 0; static int yy_more_len = 0; #define yymore() (yy_more_flag = 1) #define YY_MORE_ADJ yy_more_len #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "crlgen_lex_orig.l" #define INITIAL 0 #line 2 "crlgen_lex_orig.l" #include "crlgen.h" static SECStatus parserStatus = SECSuccess; static CRLGENGeneratorData *parserData; static PRFileDesc *src; #define YY_INPUT(buf, result, max_size) \ if (parserStatus != SECFailure) { \ if (((result = PR_Read(src, buf, max_size)) == 0) && \ ferror(yyin)) \ return SECFailure; \ } else { \ return SECFailure; \ } /* Macros after this point can all be overridden by user definitions in * section 1. */ #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus extern "C" int yywrap YY_PROTO((void)); #else extern int yywrap YY_PROTO((void)); #endif #endif #ifndef YY_NO_UNPUT static void yyunput YY_PROTO((int c, char *buf_ptr)); #endif #ifndef yytext_ptr static void yy_flex_strncpy YY_PROTO((char *, yyconst char *, int)); #endif #ifdef YY_NEED_STRLEN static int yy_flex_strlen YY_PROTO((yyconst char *)); #endif #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput YY_PROTO((void)); #else static int input YY_PROTO((void)); #endif #endif #if YY_STACK_USED static int yy_start_stack_ptr = 0; static int yy_start_stack_depth = 0; static int *yy_start_stack = 0; #ifndef YY_NO_PUSH_STATE static void yy_push_state YY_PROTO((int new_state)); #endif #ifndef YY_NO_POP_STATE static void yy_pop_state YY_PROTO((void)); #endif #ifndef YY_NO_TOP_STATE static int yy_top_state YY_PROTO((void)); #endif #else #define YY_NO_PUSH_STATE 1 #define YY_NO_POP_STATE 1 #define YY_NO_TOP_STATE 1 #endif #ifdef YY_MALLOC_DECL YY_MALLOC_DECL #else #if __STDC__ #ifndef __cplusplus #include #endif #else /* Just try to get by without declaring the routines. This will fail * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) * or sizeof(void*) != sizeof(int). */ #endif #endif /* Amount of stuff to slurp up with each read. */ #ifndef YY_READ_BUF_SIZE #define YY_READ_BUF_SIZE 8192 #endif /* Copy whatever the last rule matched to the standard output. */ #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ #define ECHO (void)fwrite(yytext, yyleng, 1, yyout) #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, * is returned in "result". */ #ifndef YY_INPUT #define YY_INPUT(buf, result, max_size) \ if (yy_current_buffer->yy_is_interactive) { \ int c = '*', n; \ for (n = 0; n < max_size && \ (c = getc(yyin)) != EOF && c != '\n'; \ ++n) \ buf[n] = (char)c; \ if (c == '\n') \ buf[n++] = (char)c; \ if (c == EOF && ferror(yyin)) \ YY_FATAL_ERROR("input in flex scanner failed"); \ result = n; \ } else if (((result = fread(buf, 1, max_size, yyin)) == 0) && \ ferror(yyin)) \ YY_FATAL_ERROR("input in flex scanner failed"); #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - * we don't want an extra ';' after the "return" because that will cause * some compilers to complain about unreachable statements. */ #ifndef yyterminate #define yyterminate() return YY_NULL #endif /* Number of entries by which start-condition stack grows. */ #ifndef YY_START_STACK_INCR #define YY_START_STACK_INCR 25 #endif /* Report a fatal error. */ #ifndef YY_FATAL_ERROR #define YY_FATAL_ERROR(msg) yy_fatal_error(msg) #endif /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL #define YY_DECL int yylex YY_PROTO((void)) #endif /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. */ #ifndef YY_USER_ACTION #define YY_USER_ACTION #endif /* Code executed at the end of each rule. */ #ifndef YY_BREAK #define YY_BREAK break; #endif #define YY_RULE_SETUP \ if (yyleng > 0) \ yy_current_buffer->yy_at_bol = \ (yytext[yyleng - 1] == '\n'); \ YY_USER_ACTION YY_DECL { register yy_state_type yy_current_state; register char *yy_cp = NULL, *yy_bp = NULL; register int yy_act; #line 28 "crlgen_lex_orig.l" if (yy_init) { yy_init = 0; #ifdef YY_USER_INIT YY_USER_INIT; #endif if (!yy_start) yy_start = 1; /* first start state */ if (!yyin) yyin = stdin; if (!yyout) yyout = stdout; if (!yy_current_buffer) yy_current_buffer = yy_create_buffer(yyin, YY_BUF_SIZE); yy_load_buffer_state(); } while (1) /* loops until end-of-file is reached */ { yy_more_len = 0; if (yy_more_flag) { yy_more_len = yy_c_buf_p - yytext_ptr; yy_more_flag = 0; } yy_cp = yy_c_buf_p; /* Support of yytext. */ *yy_cp = yy_hold_char; /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; yy_current_state = yy_start; yy_current_state += YY_AT_BOL(); yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if (yy_accept[yy_current_state]) { yy_last_accepting_state = yy_current_state; yy_last_accepting_cpos = yy_cp; } while (yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state) { yy_current_state = (int)yy_def[yy_current_state]; if (yy_current_state >= 67) yy_c = yy_meta[(unsigned int)yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int)yy_c]; ++yy_cp; } while (yy_base[yy_current_state] != 205); yy_find_action: yy_act = yy_accept[yy_current_state]; if (yy_act == 0) { /* have to back up */ yy_cp = yy_last_accepting_cpos; yy_current_state = yy_last_accepting_state; yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; do_action: /* This label is used only to access EOF actions. */ switch (yy_act) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ *yy_cp = yy_hold_char; yy_cp = yy_last_accepting_cpos; yy_current_state = yy_last_accepting_state; goto yy_find_action; case 1: YY_RULE_SETUP #line 30 "crlgen_lex_orig.l" { parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ZDATE); if (parserStatus != SECSuccess) return parserStatus; } YY_BREAK case 2: YY_RULE_SETUP #line 36 "crlgen_lex_orig.l" { parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT); if (parserStatus != SECSuccess) return parserStatus; } YY_BREAK case 3: YY_RULE_SETUP #line 42 "crlgen_lex_orig.l" { parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT_RANGE); if (parserStatus != SECSuccess) return parserStatus; } YY_BREAK case 4: YY_RULE_SETUP #line 48 "crlgen_lex_orig.l" { parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_OID); if (parserStatus != SECSuccess) return parserStatus; } YY_BREAK case 5: YY_RULE_SETUP #line 54 "crlgen_lex_orig.l" { parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_ISSUER_CONTEXT); if (parserStatus != SECSuccess) return parserStatus; } YY_BREAK case 6: YY_RULE_SETUP #line 60 "crlgen_lex_orig.l" { parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_UPDATE_CONTEXT); if (parserStatus != SECSuccess) return parserStatus; } YY_BREAK case 7: YY_RULE_SETUP #line 65 "crlgen_lex_orig.l" { parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_NEXT_UPDATE_CONTEXT); if (parserStatus != SECSuccess) return parserStatus; } YY_BREAK case 8: YY_RULE_SETUP #line 71 "crlgen_lex_orig.l" { parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_CHANGE_RANGE_CONTEXT); if (parserStatus != SECSuccess) return parserStatus; } YY_BREAK case 9: YY_RULE_SETUP #line 77 "crlgen_lex_orig.l" { if (strcmp(yytext, "addcert") == 0) { parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_ADD_CERT_CONTEXT); if (parserStatus != SECSuccess) return parserStatus; } else if (strcmp(yytext, "rmcert") == 0) { parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_RM_CERT_CONTEXT); if (parserStatus != SECSuccess) return parserStatus; } else if (strcmp(yytext, "addext") == 0) { parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_ADD_EXTENSION_CONTEXT); if (parserStatus != SECSuccess) return parserStatus; } else { parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ID); if (parserStatus != SECSuccess) return parserStatus; } } YY_BREAK case 10: YY_RULE_SETUP #line 100 "crlgen_lex_orig.l" YY_BREAK case 11: YY_RULE_SETUP #line 102 "crlgen_lex_orig.l" { if (yytext[yyleng - 1] == '\\') { yymore(); } else { register int c; c = input(); if (c != '\"') { printf("Error: Line ending \" is missing: %c\n", c); unput(c); } else { parserStatus = crlgen_setNextData(parserData, yytext + 1, CRLGEN_TYPE_STRING); if (parserStatus != SECSuccess) return parserStatus; } } } YY_BREAK case 12: YY_RULE_SETUP #line 120 "crlgen_lex_orig.l" { parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_STRING); if (parserStatus != SECSuccess) return parserStatus; } YY_BREAK case 13: YY_RULE_SETUP #line 128 "crlgen_lex_orig.l" /* eat up one-line comments */ {} YY_BREAK case 14: YY_RULE_SETUP #line 130 "crlgen_lex_orig.l" { } YY_BREAK case 15: YY_RULE_SETUP #line 132 "crlgen_lex_orig.l" { parserStatus = crlgen_updateCrl(parserData); if (parserStatus != SECSuccess) return parserStatus; } YY_BREAK case 16: YY_RULE_SETUP #line 138 "crlgen_lex_orig.l" { fprintf(stderr, "Syntax error at line %d: unknown token %s\n", parserData->parsedLineNum, yytext); return SECFailure; } YY_BREAK case 17: YY_RULE_SETUP #line 144 "crlgen_lex_orig.l" ECHO; YY_BREAK case YY_STATE_EOF(INITIAL): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ int yy_amount_of_matched_text = (int)(yy_cp - yytext_ptr) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ *yy_cp = yy_hold_char; YY_RESTORE_YY_MORE_OFFSET if (yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure * consistency between yy_current_buffer and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ yy_n_chars = yy_current_buffer->yy_n_chars; yy_current_buffer->yy_input_file = yyin; yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position * of the first EOB in the buffer, since yy_c_buf_p will * already have been incremented past the NUL character * (since all states make transitions on EOB to the * end-of-buffer state). Contrast this with the test * in input(). */ if (yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars]) { /* This was really a NUL. */ yy_state_type yy_next_state; yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state(); /* Okay, we're now positioned to make the NUL * transition. We couldn't have * yy_get_previous_state() go ahead and do it * for us because it doesn't know how to deal * with the possibility of jamming (and we don't * want to build jamming into it because then it * will run more slowly). */ yy_next_state = yy_try_NUL_trans(yy_current_state); yy_bp = yytext_ptr + YY_MORE_ADJ; if (yy_next_state) { /* Consume the NUL. */ yy_cp = ++yy_c_buf_p; yy_current_state = yy_next_state; goto yy_match; } else { yy_cp = yy_c_buf_p; goto yy_find_action; } } else switch (yy_get_next_buffer()) { case EOB_ACT_END_OF_FILE: { yy_did_buffer_switch_on_eof = 0; if (yywrap()) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up * yytext, we can now set up * yy_c_buf_p so that if some total * hoser (like flex itself) wants to * call the scanner after we return the * YY_NULL, it'll still work - another * YY_NULL will get returned. */ yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; } else { if (!yy_did_buffer_switch_on_eof) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state(); yy_cp = yy_c_buf_p; yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: yy_c_buf_p = &yy_current_buffer->yy_ch_buf[yy_n_chars]; yy_current_state = yy_get_previous_state(); yy_cp = yy_c_buf_p; yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_find_action; } break; } default: YY_FATAL_ERROR( "fatal flex scanner internal error--no action found"); } /* end of action switch */ } /* end of scanning one token */ } /* end of yylex */ /* yy_get_next_buffer - try to read in a new buffer * * Returns a code representing an action: * EOB_ACT_LAST_MATCH - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ static int yy_get_next_buffer() { register char *dest = yy_current_buffer->yy_ch_buf; register char *source = yytext_ptr; register int number_to_move, i; int ret_val; if (yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1]) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed"); if (yy_current_buffer->yy_fill_buffer == 0) { /* Don't try to fill the buffer, so this is an EOF. */ if (yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1) { /* We matched a single character, the EOB, so * treat this as a final EOF. */ return EOB_ACT_END_OF_FILE; } else { /* We matched some text prior to the EOB, first * process it. */ return EOB_ACT_LAST_MATCH; } } /* Try to read more data. */ /* First move last chars to start of buffer. */ number_to_move = (int)(yy_c_buf_p - yytext_ptr) - 1; for (i = 0; i < number_to_move; ++i) *(dest++) = *(source++); if (yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ yy_current_buffer->yy_n_chars = yy_n_chars = 0; else { int num_to_read = yy_current_buffer->yy_buf_size - number_to_move - 1; while (num_to_read <= 0) { /* Not enough room in the buffer - grow it. */ #ifdef YY_USES_REJECT YY_FATAL_ERROR( "input buffer overflow, can't enlarge buffer because scanner uses REJECT"); #else /* just a shorter name for the current buffer */ YY_BUFFER_STATE b = yy_current_buffer; int yy_c_buf_p_offset = (int)(yy_c_buf_p - b->yy_ch_buf); if (b->yy_is_our_buffer) { int new_size = b->yy_buf_size * 2; if (new_size <= 0) b->yy_buf_size += b->yy_buf_size / 8; else b->yy_buf_size *= 2; b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ yy_flex_realloc((void *)b->yy_ch_buf, b->yy_buf_size + 2); } else /* Can't grow it, we don't own it. */ b->yy_ch_buf = 0; if (!b->yy_ch_buf) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow"); yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; num_to_read = yy_current_buffer->yy_buf_size - number_to_move - 1; #endif } if (num_to_read > YY_READ_BUF_SIZE) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ YY_INPUT((&yy_current_buffer->yy_ch_buf[number_to_move]), yy_n_chars, num_to_read); yy_current_buffer->yy_n_chars = yy_n_chars; } if (yy_n_chars == 0) { if (number_to_move == YY_MORE_ADJ) { ret_val = EOB_ACT_END_OF_FILE; yyrestart(yyin); } else { ret_val = EOB_ACT_LAST_MATCH; yy_current_buffer->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } else ret_val = EOB_ACT_CONTINUE_SCAN; yy_n_chars += number_to_move; yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; return ret_val; } /* yy_get_previous_state - get the state just before the EOB char was reached */ static yy_state_type yy_get_previous_state() { register yy_state_type yy_current_state; register char *yy_cp; yy_current_state = yy_start; yy_current_state += YY_AT_BOL(); for (yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if (yy_accept[yy_current_state]) { yy_last_accepting_state = yy_current_state; yy_last_accepting_cpos = yy_cp; } while (yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state) { yy_current_state = (int)yy_def[yy_current_state]; if (yy_current_state >= 67) yy_c = yy_meta[(unsigned int)yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int)yy_c]; } return yy_current_state; } /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ #ifdef YY_USE_PROTOS static yy_state_type yy_try_NUL_trans(yy_state_type yy_current_state) #else static yy_state_type yy_try_NUL_trans(yy_current_state) yy_state_type yy_current_state; #endif { register int yy_is_jam; register char *yy_cp = yy_c_buf_p; register YY_CHAR yy_c = 1; if (yy_accept[yy_current_state]) { yy_last_accepting_state = yy_current_state; yy_last_accepting_cpos = yy_cp; } while (yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state) { yy_current_state = (int)yy_def[yy_current_state]; if (yy_current_state >= 67) yy_c = yy_meta[(unsigned int)yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int)yy_c]; yy_is_jam = (yy_current_state == 66); return yy_is_jam ? 0 : yy_current_state; } #ifndef YY_NO_UNPUT #ifdef YY_USE_PROTOS static void yyunput(int c, register char *yy_bp) #else static void yyunput(c, yy_bp) int c; register char *yy_bp; #endif { register char *yy_cp = yy_c_buf_p; /* undo effects of setting up yytext */ *yy_cp = yy_hold_char; if (yy_cp < yy_current_buffer->yy_ch_buf + 2) { /* need to shift things up to make room */ /* +2 for EOB chars. */ register int number_to_move = yy_n_chars + 2; register char *dest = &yy_current_buffer->yy_ch_buf[yy_current_buffer->yy_buf_size + 2]; register char *source = &yy_current_buffer->yy_ch_buf[number_to_move]; while (source > yy_current_buffer->yy_ch_buf) *--dest = *--source; yy_cp += (int)(dest - source); yy_bp += (int)(dest - source); yy_current_buffer->yy_n_chars = yy_n_chars = yy_current_buffer->yy_buf_size; if (yy_cp < yy_current_buffer->yy_ch_buf + 2) YY_FATAL_ERROR("flex scanner push-back overflow"); } *--yy_cp = (char)c; yytext_ptr = yy_bp; yy_hold_char = *yy_cp; yy_c_buf_p = yy_cp; } #endif /* ifndef YY_NO_UNPUT */ #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput() #else static int input() #endif { int c; *yy_c_buf_p = yy_hold_char; if (*yy_c_buf_p == YY_END_OF_BUFFER_CHAR) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ if (yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars]) /* This was really a NUL. */ *yy_c_buf_p = '\0'; else { /* need more input */ int offset = yy_c_buf_p - yytext_ptr; ++yy_c_buf_p; switch (yy_get_next_buffer()) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() * sees that we've accumulated a * token and flags that we need to * try matching the token before * proceeding. But for input(), * there's no matching to consider. * So convert the EOB_ACT_LAST_MATCH * to EOB_ACT_END_OF_FILE. */ /* Reset buffer status. */ yyrestart(yyin); /* fall through */ case EOB_ACT_END_OF_FILE: { if (yywrap()) return EOF; if (!yy_did_buffer_switch_on_eof) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); #else return input(); #endif } case EOB_ACT_CONTINUE_SCAN: yy_c_buf_p = yytext_ptr + offset; break; } } } c = *(unsigned char *)yy_c_buf_p; /* cast for 8-bit char's */ *yy_c_buf_p = '\0'; /* preserve yytext */ yy_hold_char = *++yy_c_buf_p; yy_current_buffer->yy_at_bol = (c == '\n'); return c; } #endif /* YY_NO_INPUT */ #ifdef YY_USE_PROTOS void yyrestart(FILE *input_file) #else void yyrestart(input_file) FILE *input_file; #endif { if (!yy_current_buffer) yy_current_buffer = yy_create_buffer(yyin, YY_BUF_SIZE); yy_init_buffer(yy_current_buffer, input_file); yy_load_buffer_state(); } #ifdef YY_USE_PROTOS void yy_switch_to_buffer(YY_BUFFER_STATE new_buffer) #else void yy_switch_to_buffer(new_buffer) YY_BUFFER_STATE new_buffer; #endif { if (yy_current_buffer == new_buffer) return; if (yy_current_buffer) { /* Flush out information for old buffer. */ *yy_c_buf_p = yy_hold_char; yy_current_buffer->yy_buf_pos = yy_c_buf_p; yy_current_buffer->yy_n_chars = yy_n_chars; } yy_current_buffer = new_buffer; yy_load_buffer_state(); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ yy_did_buffer_switch_on_eof = 1; } #ifdef YY_USE_PROTOS void yy_load_buffer_state(void) #else void yy_load_buffer_state() #endif { yy_n_chars = yy_current_buffer->yy_n_chars; yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; yyin = yy_current_buffer->yy_input_file; yy_hold_char = *yy_c_buf_p; } #ifdef YY_USE_PROTOS YY_BUFFER_STATE yy_create_buffer(FILE *file, int size) #else YY_BUFFER_STATE yy_create_buffer(file, size) FILE *file; int size; #endif { YY_BUFFER_STATE b; b = (YY_BUFFER_STATE)yy_flex_alloc(sizeof(struct yy_buffer_state)); if (!b) YY_FATAL_ERROR("out of dynamic memory in yy_create_buffer()"); b->yy_buf_size = size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ b->yy_ch_buf = (char *)yy_flex_alloc(b->yy_buf_size + 2); if (!b->yy_ch_buf) YY_FATAL_ERROR("out of dynamic memory in yy_create_buffer()"); b->yy_is_our_buffer = 1; yy_init_buffer(b, file); return b; } #ifdef YY_USE_PROTOS void yy_delete_buffer(YY_BUFFER_STATE b) #else void yy_delete_buffer(b) YY_BUFFER_STATE b; #endif { if (!b) return; if (b == yy_current_buffer) yy_current_buffer = (YY_BUFFER_STATE)0; if (b->yy_is_our_buffer) yy_flex_free((void *)b->yy_ch_buf); yy_flex_free((void *)b); } #ifdef YY_USE_PROTOS void yy_init_buffer(YY_BUFFER_STATE b, FILE *file) #else void yy_init_buffer(b, file) YY_BUFFER_STATE b; FILE *file; #endif { yy_flush_buffer(b); b->yy_input_file = file; b->yy_fill_buffer = 1; #if YY_ALWAYS_INTERACTIVE b->yy_is_interactive = 1; #else #if YY_NEVER_INTERACTIVE b->yy_is_interactive = 0; #else b->yy_is_interactive = file ? (isatty(fileno(file)) > 0) : 0; #endif #endif } #ifdef YY_USE_PROTOS void yy_flush_buffer(YY_BUFFER_STATE b) #else void yy_flush_buffer(b) YY_BUFFER_STATE b; #endif { if (!b) return; b->yy_n_chars = 0; /* We always need two end-of-buffer characters. The first causes * a transition to the end-of-buffer state. The second causes * a jam in that state. */ b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; b->yy_buf_pos = &b->yy_ch_buf[0]; b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; if (b == yy_current_buffer) yy_load_buffer_state(); } #ifndef YY_NO_SCAN_BUFFER #ifdef YY_USE_PROTOS YY_BUFFER_STATE yy_scan_buffer(char *base, yy_size_t size) #else YY_BUFFER_STATE yy_scan_buffer(base, size) char *base; yy_size_t size; #endif { YY_BUFFER_STATE b; if (size < 2 || base[size - 2] != YY_END_OF_BUFFER_CHAR || base[size - 1] != YY_END_OF_BUFFER_CHAR) /* They forgot to leave room for the EOB's. */ return 0; b = (YY_BUFFER_STATE)yy_flex_alloc(sizeof(struct yy_buffer_state)); if (!b) YY_FATAL_ERROR("out of dynamic memory in yy_scan_buffer()"); b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ b->yy_buf_pos = b->yy_ch_buf = base; b->yy_is_our_buffer = 0; b->yy_input_file = 0; b->yy_n_chars = b->yy_buf_size; b->yy_is_interactive = 0; b->yy_at_bol = 1; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; yy_switch_to_buffer(b); return b; } #endif #ifndef YY_NO_SCAN_STRING #ifdef YY_USE_PROTOS YY_BUFFER_STATE yy_scan_string(yyconst char *yy_str) #else YY_BUFFER_STATE yy_scan_string(yy_str) yyconst char *yy_str; #endif { int len; for (len = 0; yy_str[len]; ++len) ; return yy_scan_bytes(yy_str, len); } #endif #ifndef YY_NO_SCAN_BYTES #ifdef YY_USE_PROTOS YY_BUFFER_STATE yy_scan_bytes(yyconst char *bytes, int len) #else YY_BUFFER_STATE yy_scan_bytes(bytes, len) yyconst char *bytes; int len; #endif { YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; /* Get memory for full buffer, including space for trailing EOB's. */ n = len + 2; buf = (char *)yy_flex_alloc(n); if (!buf) YY_FATAL_ERROR("out of dynamic memory in yy_scan_bytes()"); for (i = 0; i < len; ++i) buf[i] = bytes[i]; buf[len] = buf[len + 1] = YY_END_OF_BUFFER_CHAR; b = yy_scan_buffer(buf, n); if (!b) YY_FATAL_ERROR("bad buffer in yy_scan_bytes()"); /* It's okay to grow etc. this buffer, and we should throw it * away when we're done. */ b->yy_is_our_buffer = 1; return b; } #endif #ifndef YY_NO_PUSH_STATE #ifdef YY_USE_PROTOS static void yy_push_state(int new_state) #else static void yy_push_state(new_state) int new_state; #endif { if (yy_start_stack_ptr >= yy_start_stack_depth) { yy_size_t new_size; yy_start_stack_depth += YY_START_STACK_INCR; new_size = yy_start_stack_depth * sizeof(int); if (!yy_start_stack) yy_start_stack = (int *)yy_flex_alloc(new_size); else yy_start_stack = (int *)yy_flex_realloc( (void *)yy_start_stack, new_size); if (!yy_start_stack) YY_FATAL_ERROR( "out of memory expanding start-condition stack"); } yy_start_stack[yy_start_stack_ptr++] = YY_START; BEGIN(new_state); } #endif #ifndef YY_NO_POP_STATE static void yy_pop_state() { if (--yy_start_stack_ptr < 0) YY_FATAL_ERROR("start-condition stack underflow"); BEGIN(yy_start_stack[yy_start_stack_ptr]); } #endif #ifndef YY_NO_TOP_STATE static int yy_top_state() { return yy_start_stack[yy_start_stack_ptr - 1]; } #endif #ifndef YY_EXIT_FAILURE #define YY_EXIT_FAILURE 2 #endif #ifdef YY_USE_PROTOS static void yy_fatal_error(yyconst char msg[]) #else static void yy_fatal_error(msg) char msg[]; #endif { (void)fprintf(stderr, "%s\n", msg); exit(YY_EXIT_FAILURE); } /* Redefine yyless() so it works in section 3 code. */ #undef yyless #define yyless(n) \ do { \ /* Undo effects of setting up yytext. */ \ yytext[yyleng] = yy_hold_char; \ yy_c_buf_p = yytext + n; \ yy_hold_char = *yy_c_buf_p; \ *yy_c_buf_p = '\0'; \ yyleng = n; \ } while (0) /* Internal utility routines. */ #ifndef yytext_ptr #ifdef YY_USE_PROTOS static void yy_flex_strncpy(char *s1, yyconst char *s2, int n) #else static void yy_flex_strncpy(s1, s2, n) char *s1; yyconst char *s2; int n; #endif { register int i; for (i = 0; i < n; ++i) s1[i] = s2[i]; } #endif #ifdef YY_NEED_STRLEN #ifdef YY_USE_PROTOS static int yy_flex_strlen(yyconst char *s) #else static int yy_flex_strlen(s) yyconst char *s; #endif { register int n; for (n = 0; s[n]; ++n) ; return n; } #endif #ifdef YY_USE_PROTOS static void * yy_flex_alloc(yy_size_t size) #else static void *yy_flex_alloc(size) yy_size_t size; #endif { return (void *)malloc(size); } #ifdef YY_USE_PROTOS static void * yy_flex_realloc(void *ptr, yy_size_t size) #else static void *yy_flex_realloc(ptr, size) void *ptr; yy_size_t size; #endif { /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter * because both ANSI C and C++ allow castless assignment from * any pointer type to void*, and deal with argument conversions * as though doing an assignment. */ return (void *)realloc((char *)ptr, size); } #ifdef YY_USE_PROTOS static void yy_flex_free(void *ptr) #else static void yy_flex_free(ptr) void *ptr; #endif { free(ptr); } #if YY_MAIN int main() { yylex(); return 0; } #endif #line 144 "crlgen_lex_orig.l" #include "prlock.h" static PRLock *parserInvocationLock; void CRLGEN_InitCrlGenParserLock() { parserInvocationLock = PR_NewLock(); } void CRLGEN_DestroyCrlGenParserLock() { PR_DestroyLock(parserInvocationLock); } SECStatus CRLGEN_StartCrlGen(CRLGENGeneratorData *parserCtlData) { SECStatus rv; PR_Lock(parserInvocationLock); parserStatus = SECSuccess; parserData = parserCtlData; src = parserCtlData->src; rv = yylex(); PR_Unlock(parserInvocationLock); return rv; } int yywrap() { return 1; } nss-pem.git/nss/nss/cmd/crlutil/crlgen_lex_fix.sed0000664000000000000000000000012613252671167017437 0ustar // { i #ifdef _WIN32 i #include i #else a #endif } nss-pem.git/nss/nss/cmd/crlutil/crlgen_lex_orig.l0000664000000000000000000001051013252671167017267 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ %{ #include "crlgen.h" static SECStatus parserStatus = SECSuccess; static CRLGENGeneratorData *parserData; static PRFileDesc *src; #define YY_INPUT(buf,result,max_size) \ if ( parserStatus != SECFailure) { \ if (((result = PR_Read(src, buf, max_size)) == 0) && \ ferror( yyin )) \ return SECFailure; \ } else { return SECFailure; } %} %a 5000 DIGIT [0-9]+ DIGIT_RANGE [0-9]+-[0-9]+ ID [a-zA-Z][a-zA-Z0-9]* OID [0-9]+\.[\.0-9]+ DATE [0-9]{4}[01][0-9][0-3][0-9][0-2][0-9][0-6][0-9][0-6][0-9] ZDATE [0-9]{4}[01][0-9][0-3][0-9][0-2][0-9][0-6][0-9][0-6][0-9]Z N_SP_STRING [a-zA-Z0-9\:\|\.]+ %% {ZDATE} { parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ZDATE); if (parserStatus != SECSuccess) return parserStatus; } {DIGIT} { parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT); if (parserStatus != SECSuccess) return parserStatus; } {DIGIT_RANGE} { parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT_RANGE); if (parserStatus != SECSuccess) return parserStatus; } {OID} { parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_OID); if (parserStatus != SECSuccess) return parserStatus; } issuer { parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_ISSUER_CONTEXT); if (parserStatus != SECSuccess) return parserStatus; } update { parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_UPDATE_CONTEXT); if (parserStatus != SECSuccess) return parserStatus; } nextupdate { parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_NEXT_UPDATE_CONTEXT); if (parserStatus != SECSuccess) return parserStatus; } range { parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_CHANGE_RANGE_CONTEXT); if (parserStatus != SECSuccess) return parserStatus; } {ID} { if (strcmp(yytext, "addcert") == 0) { parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_ADD_CERT_CONTEXT); if (parserStatus != SECSuccess) return parserStatus; } else if (strcmp(yytext, "rmcert") == 0) { parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_RM_CERT_CONTEXT); if (parserStatus != SECSuccess) return parserStatus; } else if (strcmp(yytext, "addext") == 0) { parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_ADD_EXTENSION_CONTEXT); if (parserStatus != SECSuccess) return parserStatus; } else { parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ID); if (parserStatus != SECSuccess) return parserStatus; } } "=" \"[^\"]* { if (yytext[yyleng-1] == '\\') { yymore(); } else { register int c; c = input(); if (c != '\"') { printf( "Error: Line ending \" is missing: %c\n", c); unput(c); } else { parserStatus = crlgen_setNextData(parserData, yytext + 1, CRLGEN_TYPE_STRING); if (parserStatus != SECSuccess) return parserStatus; } } } {N_SP_STRING} { parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_STRING); if (parserStatus != SECSuccess) return parserStatus; } ^#[^\n]* /* eat up one-line comments */ {} [ \t]+ {} (\n|\r\n) { parserStatus = crlgen_updateCrl(parserData); if (parserStatus != SECSuccess) return parserStatus; } . { fprintf(stderr, "Syntax error at line %d: unknown token %s\n", parserData->parsedLineNum, yytext); return SECFailure; } %% #include "prlock.h" static PRLock *parserInvocationLock; void CRLGEN_InitCrlGenParserLock() { parserInvocationLock = PR_NewLock(); } void CRLGEN_DestroyCrlGenParserLock() { PR_DestroyLock(parserInvocationLock); } SECStatus CRLGEN_StartCrlGen(CRLGENGeneratorData *parserCtlData) { SECStatus rv; PR_Lock(parserInvocationLock); parserStatus = SECSuccess; parserData = parserCtlData; src = parserCtlData->src; rv = yylex(); PR_Unlock(parserInvocationLock); return rv; } int yywrap() {return 1;} nss-pem.git/nss/nss/cmd/crlutil/crlutil.c0000664000000000000000000010552413252671167015604 0ustar /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* ** certutil.c ** ** utility for managing certificates and the cert database ** */ /* test only */ #include "nspr.h" #include "plgetopt.h" #include "secutil.h" #include "cert.h" #include "certi.h" #include "certdb.h" #include "nss.h" #include "pk11func.h" #include "crlgen.h" #define SEC_CERT_DB_EXISTS 0 #define SEC_CREATE_CERT_DB 1 static char *progName; static CERTSignedCrl * FindCRL(CERTCertDBHandle *certHandle, char *name, int type) { CERTSignedCrl *crl = NULL; CERTCertificate *cert = NULL; SECItem derName; derName.data = NULL; derName.len = 0; cert = CERT_FindCertByNicknameOrEmailAddr(certHandle, name); if (!cert) { CERTName *certName = NULL; PLArenaPool *arena = NULL; SECStatus rv = SECSuccess; certName = CERT_AsciiToName(name); if (certName) { arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena) { SECItem *nameItem = SEC_ASN1EncodeItem(arena, NULL, (void *)certName, SEC_ASN1_GET(CERT_NameTemplate)); if (nameItem) { rv = SECITEM_CopyItem(NULL, &derName, nameItem); } PORT_FreeArena(arena, PR_FALSE); } CERT_DestroyName(certName); } if (rv != SECSuccess) { SECU_PrintError(progName, "SECITEM_CopyItem failed, out of memory"); return ((CERTSignedCrl *)NULL); } if (!derName.len || !derName.data) { SECU_PrintError(progName, "could not find certificate named '%s'", name); return ((CERTSignedCrl *)NULL); } } else { SECStatus rv = SECITEM_CopyItem(NULL, &derName, &cert->derSubject); CERT_DestroyCertificate(cert); if (rv != SECSuccess) { return ((CERTSignedCrl *)NULL); } } crl = SEC_FindCrlByName(certHandle, &derName, type); if (crl == NULL) SECU_PrintError(progName, "could not find %s's CRL", name); if (derName.data) { SECITEM_FreeItem(&derName, PR_FALSE); } return (crl); } static SECStatus DisplayCRL(CERTCertDBHandle *certHandle, char *nickName, int crlType) { CERTSignedCrl *crl = NULL; crl = FindCRL(certHandle, nickName, crlType); if (crl) { SECU_PrintCRLInfo(stdout, &crl->crl, "CRL Info:\n", 0); SEC_DestroyCrl(crl); return SECSuccess; } return SECFailure; } static void ListCRLNames(CERTCertDBHandle *certHandle, int crlType, PRBool deletecrls) { CERTCrlHeadNode *crlList = NULL; CERTCrlNode *crlNode = NULL; CERTName *name = NULL; PLArenaPool *arena = NULL; SECStatus rv; do { arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); if (arena == NULL) { fprintf(stderr, "%s: fail to allocate memory\n", progName); break; } name = PORT_ArenaZAlloc(arena, sizeof(*name)); if (name == NULL) { fprintf(stderr, "%s: fail to allocate memory\n", progName); break; } name->arena = arena; rv = SEC_LookupCrls(certHandle, &crlList, crlType); if (rv != SECSuccess) { fprintf(stderr, "%s: fail to look up CRLs (%s)\n", progName, SECU_Strerror(PORT_GetError())); break; } /* just in case */ if (!crlList) break; crlNode = crlList->first; fprintf(stdout, "\n"); fprintf(stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type"); while (crlNode) { char *asciiname = NULL; CERTCertificate *cert = NULL; if (crlNode->crl && crlNode->crl->crl.derName.data != NULL) { cert = CERT_FindCertByName(certHandle, &crlNode->crl->crl.derName); if (!cert) { SECU_PrintError(progName, "could not find signing " "certificate in database"); } } if (cert) { char *certName = NULL; if (cert->nickname && PORT_Strlen(cert->nickname) > 0) { certName = cert->nickname; } else if (cert->emailAddr && PORT_Strlen(cert->emailAddr) > 0) { certName = cert->emailAddr; } if (certName) { asciiname = PORT_Strdup(certName); } CERT_DestroyCertificate(cert); } if (!asciiname) { name = &crlNode->crl->crl.name; if (!name) { SECU_PrintError(progName, "fail to get the CRL " "issuer name"); continue; } asciiname = CERT_NameToAscii(name); } fprintf(stdout, "%-40s %-5s\n", asciiname, "CRL"); if (asciiname) { PORT_Free(asciiname); } if (PR_TRUE == deletecrls) { CERTSignedCrl *acrl = NULL; SECItem *issuer = &crlNode->crl->crl.derName; acrl = SEC_FindCrlByName(certHandle, issuer, crlType); if (acrl) { SEC_DeletePermCRL(acrl); SEC_DestroyCrl(acrl); } } crlNode = crlNode->next; } } while (0); if (crlList) PORT_FreeArena(crlList->arena, PR_FALSE); PORT_FreeArena(arena, PR_FALSE); } static SECStatus ListCRL(CERTCertDBHandle *certHandle, char *nickName, int crlType) { if (nickName == NULL) { ListCRLNames(certHandle, crlType, PR_FALSE); return SECSuccess; } return DisplayCRL(certHandle, nickName, crlType); } static SECStatus DeleteCRL(CERTCertDBHandle *certHandle, char *name, int type) { CERTSignedCrl *crl = NULL; SECStatus rv = SECFailure; crl = FindCRL(certHandle, name, type); if (!crl) { SECU_PrintError(progName, "could not find the issuer %s's CRL", name); return SECFailure; } rv = SEC_DeletePermCRL(crl); SEC_DestroyCrl(crl); if (rv != SECSuccess) { SECU_PrintError(progName, "fail to delete the issuer %s's CRL " "from the perm database (reason: %s)", name, SECU_Strerror(PORT_GetError())); return SECFailure; } return (rv); } SECStatus ImportCRL(CERTCertDBHandle *certHandle, char *url, int type, PRFileDesc *inFile, PRInt32 importOptions, PRInt32 decodeOptions, secuPWData *pwdata) { CERTSignedCrl *crl = NULL; SECItem crlDER; PK11SlotInfo *slot = NULL; int rv; #if defined(DEBUG_jp96085) PRIntervalTime starttime, endtime, elapsed; PRUint32 mins, secs, msecs; #endif crlDER.data = NULL; /* Read in the entire file specified with the -f argument */ rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE); if (rv != SECSuccess) { SECU_PrintError(progName, "unable to read input file"); return (SECFailure); } decodeOptions |= CRL_DECODE_DONT_COPY_DER; slot = PK11_GetInternalKeySlot(); if (PK11_NeedLogin(slot)) { rv = PK11_Authenticate(slot, PR_TRUE, pwdata); if (rv != SECSuccess) goto loser; } #if defined(DEBUG_jp96085) starttime = PR_IntervalNow(); #endif crl = PK11_ImportCRL(slot, &crlDER, url, type, NULL, importOptions, NULL, decodeOptions); #if defined(DEBUG_jp96085) endtime = PR_IntervalNow(); elapsed = endtime - starttime; mins = PR_IntervalToSeconds(elapsed) / 60; secs = PR_IntervalToSeconds(elapsed) % 60; msecs = PR_IntervalToMilliseconds(elapsed) % 1000; printf("Elapsed : %2d:%2d.%3d\n", mins, secs, msecs); #endif if (!crl) { const char *errString; rv = SECFailure; errString = SECU_Strerror(PORT_GetError()); if (errString && PORT_Strlen(errString) == 0) SECU_PrintError(progName, "CRL is not imported (error: input CRL is not up to date.)"); else SECU_PrintError(progName, "unable to import CRL"); } else { SEC_DestroyCrl(crl); } loser: if (slot) { PK11_FreeSlot(slot); } SECITEM_FreeItem(&crlDER, PR_FALSE); return (rv); } SECStatus DumpCRL(PRFileDesc *inFile) { int rv; PLArenaPool *arena = NULL; CERTSignedCrl *newCrl = NULL; SECItem crlDER; crlDER.data = NULL; /* Read in the entire file specified with the -f argument */ rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE); if (rv != SECSuccess) { SECU_PrintError(progName, "unable to read input file"); return (SECFailure); } rv = SEC_ERROR_NO_MEMORY; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) return rv; newCrl = CERT_DecodeDERCrlWithFlags(arena, &crlDER, SEC_CRL_TYPE, CRL_DECODE_DEFAULT_OPTIONS); if (!newCrl) return SECFailure; SECU_PrintCRLInfo(stdout, &newCrl->crl, "CRL file contents", 0); PORT_FreeArena(arena, PR_FALSE); return rv; } static CERTCertificate * FindSigningCert(CERTCertDBHandle *certHandle, CERTSignedCrl *signCrl, char *certNickName) { CERTCertificate *cert = NULL, *certTemp = NULL; SECStatus rv = SECFailure; CERTAuthKeyID *authorityKeyID = NULL; SECItem *subject = NULL; PORT_Assert(certHandle != NULL); if (!certHandle || (!signCrl && !certNickName)) { SECU_PrintError(progName, "invalid args for function " "FindSigningCert \n"); return NULL; } if (signCrl) { #if 0 authorityKeyID = SECU_FindCRLAuthKeyIDExten(tmpArena, scrl); #endif subject = &signCrl->crl.derName; } else { certTemp = CERT_FindCertByNickname(certHandle, certNickName); if (!certTemp) { SECU_PrintError(progName, "could not find certificate \"%s\" " "in database", certNickName); goto loser; } subject = &certTemp->derSubject; } cert = SECU_FindCrlIssuer(certHandle, subject, authorityKeyID, PR_Now()); if (!cert) { SECU_PrintError(progName, "could not find signing certificate " "in database"); goto loser; } else { rv = SECSuccess; } loser: if (certTemp) CERT_DestroyCertificate(certTemp); if (cert && rv != SECSuccess) CERT_DestroyCertificate(cert); return cert; } static CERTSignedCrl * CreateModifiedCRLCopy(PLArenaPool *arena, CERTCertDBHandle *certHandle, CERTCertificate **cert, char *certNickName, PRFileDesc *inFile, PRInt32 decodeOptions, PRInt32 importOptions, secuPWData *pwdata) { SECItem crlDER = { 0, NULL, 0 }; CERTSignedCrl *signCrl = NULL; CERTSignedCrl *modCrl = NULL; PLArenaPool *modArena = NULL; SECStatus rv = SECSuccess; if (!arena || !certHandle || !certNickName) { PORT_SetError(SEC_ERROR_INVALID_ARGS); SECU_PrintError(progName, "CreateModifiedCRLCopy: invalid args\n"); return NULL; } modArena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); if (!modArena) { SECU_PrintError(progName, "fail to allocate memory\n"); return NULL; } if (inFile != NULL) { rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE); if (rv != SECSuccess) { SECU_PrintError(progName, "unable to read input file"); PORT_FreeArena(modArena, PR_FALSE); goto loser; } decodeOptions |= CRL_DECODE_DONT_COPY_DER; modCrl = CERT_DecodeDERCrlWithFlags(modArena, &crlDER, SEC_CRL_TYPE, decodeOptions); if (!modCrl) { SECU_PrintError(progName, "fail to decode CRL"); goto loser; } if (0 == (importOptions & CRL_IMPORT_BYPASS_CHECKS)) { /* If caCert is a v2 certificate, make sure that it * can be used for crl signing purpose */ *cert = FindSigningCert(certHandle, modCrl, NULL); if (!*cert) { goto loser; } rv = CERT_VerifySignedData(&modCrl->signatureWrap, *cert, PR_Now(), pwdata); if (rv != SECSuccess) { SECU_PrintError(progName, "fail to verify signed data\n"); goto loser; } } } else { modCrl = FindCRL(certHandle, certNickName, SEC_CRL_TYPE); if (!modCrl) { SECU_PrintError(progName, "fail to find crl %s in database\n", certNickName); goto loser; } } signCrl = PORT_ArenaZNew(arena, CERTSignedCrl); if (signCrl == NULL) { SECU_PrintError(progName, "fail to allocate memory\n"); goto loser; } rv = SECU_CopyCRL(arena, &signCrl->crl, &modCrl->crl); if (rv != SECSuccess) { SECU_PrintError(progName, "unable to dublicate crl for " "modification."); goto loser; } /* Make sure the update time is current. It can be modified later * by "update