зеркало из https://github.com/mozilla/gecko-dev.git
Backed out changeset 3eb63c112f5a (Bug 1577822) for breaking WebAuthn mochitests UPGRADE_NSS_RELEASE
Differential Revision: https://phabricator.services.mozilla.com/D49374 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
e3328f020c
Коммит
962e9e53a9
|
@ -1 +1 @@
|
|||
NSS_3_47_BETA2
|
||||
NSS_3_47_BETA1
|
|
@ -2,32 +2,3 @@
|
|||
|
||||
'function CERTCertList* PK11_GetCertsMatchingPrivateKey(SECKEYPrivateKey*)' {PK11_GetCertsMatchingPrivateKey@@NSS_3.47}
|
||||
|
||||
3 functions with some indirect sub-type change:
|
||||
|
||||
[C]'function SECStatus CERT_AddCertToListHead(CERTCertList*, CERTCertificate*)' at certdb.c:2631:1 has some indirect sub-type changes:
|
||||
parameter 2 of type 'CERTCertificate*' has sub-type changes:
|
||||
in pointed to type 'typedef CERTCertificate' at certt.h:39:1:
|
||||
underlying type 'struct CERTCertificateStr' at certt.h:189:1 changed:
|
||||
type size changed from 6016 to 6080 (in bits)
|
||||
1 data member insertion:
|
||||
'CERTCertDistrust* CERTCertificateStr::distrust', at offset 6016 (in bits) at certt.h:296:1
|
||||
no data member changes (2 filtered);
|
||||
|
||||
[C]'function SECStatus CERT_CacheOCSPResponseFromSideChannel(CERTCertDBHandle*, CERTCertificate*, PRTime, const SECItem*, void*)' at ocsp.c:5102:1 has some indirect sub-type changes:
|
||||
parameter 2 of type 'CERTCertificate*' has sub-type changes:
|
||||
in pointed to type 'typedef CERTCertificate' at certt.h:39:1:
|
||||
underlying type 'struct CERTCertificateStr' at certt.h:189:1 changed:
|
||||
type size changed from 6016 to 6080 (in bits)
|
||||
1 data member insertion:
|
||||
'CERTCertDistrust* CERTCertificateStr::distrust', at offset 6016 (in bits) at certt.h:296:1
|
||||
no data member change (1 filtered);
|
||||
|
||||
[C]'function CERTCertificateList* CERT_CertChainFromCert(CERTCertificate*, SECCertUsage, PRBool)' at certhigh.c:1030:1 has some indirect sub-type changes:
|
||||
parameter 1 of type 'CERTCertificate*' has sub-type changes:
|
||||
in pointed to type 'typedef CERTCertificate' at certt.h:39:1:
|
||||
underlying type 'struct CERTCertificateStr' at certt.h:189:1 changed:
|
||||
type size changed from 6016 to 6080 (in bits)
|
||||
1 data member insertion:
|
||||
'CERTCertDistrust* CERTCertificateStr::distrust', at offset 6016 (in bits) at certt.h:296:1
|
||||
no data member changes (2 filtered);
|
||||
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
1 function with some indirect sub-type change:
|
||||
|
||||
[C]'function CERTCertificate* CERT_ConvertAndDecodeCertificate(char*)' at certread.c:219:1 has some indirect sub-type changes:
|
||||
return type changed:
|
||||
in pointed to type 'typedef CERTCertificate' at certt.h:39:1:
|
||||
underlying type 'struct CERTCertificateStr' at certt.h:189:1 changed:
|
||||
type size changed from 6016 to 6080 (in bits)
|
||||
1 data member insertion:
|
||||
'CERTCertDistrust* CERTCertificateStr::distrust', at offset 6016 (in bits) at certt.h:296:1
|
||||
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
1 function with some indirect sub-type change:
|
||||
|
||||
[C]'function SECStatus NSS_CmpCertChainWCANames(CERTCertificate*, CERTDistNames*)' at cmpcert.c:25:1 has some indirect sub-type changes:
|
||||
parameter 1 of type 'CERTCertificate*' has sub-type changes:
|
||||
in pointed to type 'typedef CERTCertificate' at certt.h:39:1:
|
||||
underlying type 'struct CERTCertificateStr' at certt.h:189:1 changed:
|
||||
type size changed from 6016 to 6080 (in bits)
|
||||
1 data member insertion:
|
||||
'CERTCertDistrust* CERTCertificateStr::distrust', at offset 6016 (in bits) at certt.h:296:1
|
||||
|
|
@ -230,8 +230,6 @@ ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust,
|
|||
hasPositiveTrust(trust->objectSigningFlags)) {
|
||||
printf("CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE\n");
|
||||
}
|
||||
printf("CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE\n");
|
||||
printf("CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE\n");
|
||||
}
|
||||
|
||||
if ((trust->sslFlags | trust->emailFlags | trust->objectSigningFlags) ==
|
||||
|
@ -308,21 +306,19 @@ printheader()
|
|||
"#\n"
|
||||
"# Certificates\n"
|
||||
"#\n"
|
||||
"# -- Attribute -- -- type -- -- value --\n"
|
||||
"# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n"
|
||||
"# CKA_TOKEN CK_BBOOL CK_TRUE\n"
|
||||
"# CKA_PRIVATE CK_BBOOL CK_FALSE\n"
|
||||
"# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
|
||||
"# CKA_LABEL UTF8 (varies)\n"
|
||||
"# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n"
|
||||
"# CKA_SUBJECT DER+base64 (varies)\n"
|
||||
"# CKA_ID byte array (varies)\n"
|
||||
"# CKA_ISSUER DER+base64 (varies)\n"
|
||||
"# CKA_SERIAL_NUMBER DER+base64 (varies)\n"
|
||||
"# CKA_VALUE DER+base64 (varies)\n"
|
||||
"# CKA_NSS_EMAIL ASCII7 (unused here)\n"
|
||||
"# CKA_NSS_SERVER_DISTRUST_AFTER DER+base64 (varies)\n"
|
||||
"# CKA_NSS_EMAIL_DISTRUST_AFTER DER+base64 (varies)\n"
|
||||
"# -- Attribute -- -- type -- -- value --\n"
|
||||
"# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n"
|
||||
"# CKA_TOKEN CK_BBOOL CK_TRUE\n"
|
||||
"# CKA_PRIVATE CK_BBOOL CK_FALSE\n"
|
||||
"# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
|
||||
"# CKA_LABEL UTF8 (varies)\n"
|
||||
"# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n"
|
||||
"# CKA_SUBJECT DER+base64 (varies)\n"
|
||||
"# CKA_ID byte array (varies)\n"
|
||||
"# CKA_ISSUER DER+base64 (varies)\n"
|
||||
"# CKA_SERIAL_NUMBER DER+base64 (varies)\n"
|
||||
"# CKA_VALUE DER+base64 (varies)\n"
|
||||
"# CKA_NSS_EMAIL ASCII7 (unused here)\n"
|
||||
"#\n"
|
||||
"# Trust\n"
|
||||
"#\n"
|
||||
|
@ -396,12 +392,6 @@ Usage(char *progName)
|
|||
fprintf(stderr, "%-15s a CRL entry number, as shown by \"crlutil -S\"\n", "-e");
|
||||
fprintf(stderr, "%-15s input file to read (default stdin)\n", "-i file");
|
||||
fprintf(stderr, "%-15s (pipe through atob if the cert is b64-encoded)\n", "");
|
||||
fprintf(stderr, "%-15s convert a timestamp to DER, and output.\n", "-d timestamp");
|
||||
fprintf(stderr, "%-15s useful to fill server and email distrust fields\n", "");
|
||||
fprintf(stderr, "%-15s Example: %s -d 1561939200\n", "", progName);
|
||||
fprintf(stderr, "%-15s NOTE: The informed timestamp are interpreted as seconds\n", "");
|
||||
fprintf(stderr, "%-15s since unix epoch.\n", "");
|
||||
fprintf(stderr, "%-15s TIP: date -d \"2019-07-01 00:00:00 UTC\" +%%s\n", "");
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
|
@ -413,21 +403,20 @@ enum {
|
|||
opt_ExcludeCert,
|
||||
opt_ExcludeHash,
|
||||
opt_DistrustCRL,
|
||||
opt_CRLEntry,
|
||||
opt_ConvertDate
|
||||
opt_CRLEnry
|
||||
};
|
||||
|
||||
static secuCommandFlag addbuiltin_options[] = {
|
||||
{ /* opt_Input */ 'i', PR_TRUE, 0, PR_FALSE },
|
||||
{ /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE },
|
||||
{ /* opt_Trust */ 't', PR_TRUE, 0, PR_FALSE },
|
||||
{ /* opt_Distrust */ 'D', PR_FALSE, 0, PR_FALSE },
|
||||
{ /* opt_ExcludeCert */ 'c', PR_FALSE, 0, PR_FALSE },
|
||||
{ /* opt_ExcludeHash */ 'h', PR_FALSE, 0, PR_FALSE },
|
||||
{ /* opt_DistrustCRL */ 'C', PR_FALSE, 0, PR_FALSE },
|
||||
{ /* opt_CRLEntry */ 'e', PR_TRUE, 0, PR_FALSE },
|
||||
{ /* opt_ConvertDate */ 'd', PR_TRUE, 0, PR_FALSE },
|
||||
};
|
||||
static secuCommandFlag addbuiltin_options[] =
|
||||
{
|
||||
{ /* opt_Input */ 'i', PR_TRUE, 0, PR_FALSE },
|
||||
{ /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE },
|
||||
{ /* opt_Trust */ 't', PR_TRUE, 0, PR_FALSE },
|
||||
{ /* opt_Distrust */ 'D', PR_FALSE, 0, PR_FALSE },
|
||||
{ /* opt_ExcludeCert */ 'c', PR_FALSE, 0, PR_FALSE },
|
||||
{ /* opt_ExcludeHash */ 'h', PR_FALSE, 0, PR_FALSE },
|
||||
{ /* opt_DistrustCRL */ 'C', PR_FALSE, 0, PR_FALSE },
|
||||
{ /* opt_CRLEnry */ 'e', PR_TRUE, 0, PR_FALSE },
|
||||
};
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
|
@ -455,30 +444,6 @@ main(int argc, char **argv)
|
|||
if (rv != SECSuccess)
|
||||
Usage(progName);
|
||||
|
||||
if (addbuiltin.options[opt_ConvertDate].activated) {
|
||||
char *endPtr;
|
||||
PRTime distrustTimestamp = strtol(addbuiltin.options[opt_ConvertDate].arg, &endPtr, 0) * PR_USEC_PER_SEC;
|
||||
if (*endPtr != '\0' && distrustTimestamp > 0) {
|
||||
Usage(progName);
|
||||
exit(1);
|
||||
}
|
||||
SECItem encTime;
|
||||
DER_EncodeTimeChoice(NULL, &encTime, distrustTimestamp);
|
||||
SECU_PrintTimeChoice(stdout, &encTime, "The timestamp represents this date", 0);
|
||||
printf("Locate the entry of the desired certificate in certdata.txt\n"
|
||||
"Erase the CKA_NSS_[SERVER|EMAIL]_DISTRUST_AFTER CK_BBOOL CK_FALSE\n"
|
||||
"And override with the following respective entry:\n\n");
|
||||
SECU_PrintTimeChoice(stdout, &encTime, "# For Server Distrust After", 0);
|
||||
printf("CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL\n");
|
||||
dumpbytes(encTime.data, encTime.len);
|
||||
printf("END\n");
|
||||
SECU_PrintTimeChoice(stdout, &encTime, "# For Email Distrust After", 0);
|
||||
printf("CKA_NSS_EMAIL_DISTRUST_AFTER MULTILINE_OCTAL\n");
|
||||
dumpbytes(encTime.data, encTime.len);
|
||||
printf("END\n");
|
||||
exit(0);
|
||||
}
|
||||
|
||||
if (addbuiltin.options[opt_Trust].activated)
|
||||
++mutuallyExclusiveOpts;
|
||||
if (addbuiltin.options[opt_Distrust].activated)
|
||||
|
@ -493,12 +458,12 @@ main(int argc, char **argv)
|
|||
}
|
||||
|
||||
if (addbuiltin.options[opt_DistrustCRL].activated) {
|
||||
if (!addbuiltin.options[opt_CRLEntry].activated) {
|
||||
if (!addbuiltin.options[opt_CRLEnry].activated) {
|
||||
fprintf(stderr, "%s: you must specify the CRL entry number.\n",
|
||||
progName);
|
||||
Usage(progName);
|
||||
} else {
|
||||
crlentry = atoi(addbuiltin.options[opt_CRLEntry].arg);
|
||||
crlentry = atoi(addbuiltin.options[opt_CRLEnry].arg);
|
||||
if (crlentry < 1) {
|
||||
fprintf(stderr, "%s: The CRL entry number must be > 0.\n",
|
||||
progName);
|
||||
|
|
|
@ -1108,33 +1108,36 @@ typedef struct secuPBEParamsStr {
|
|||
SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
|
||||
|
||||
/* SECOID_PKCS5_PBKDF2 */
|
||||
const SEC_ASN1Template secuKDF2Params[] = {
|
||||
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
|
||||
{ SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) },
|
||||
{ SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) },
|
||||
{ SEC_ASN1_INTEGER, offsetof(secuPBEParams, keyLength) },
|
||||
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg),
|
||||
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
|
||||
{ 0 }
|
||||
};
|
||||
const SEC_ASN1Template secuKDF2Params[] =
|
||||
{
|
||||
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
|
||||
{ SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) },
|
||||
{ SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) },
|
||||
{ SEC_ASN1_INTEGER, offsetof(secuPBEParams, keyLength) },
|
||||
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg),
|
||||
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
|
||||
{ 0 }
|
||||
};
|
||||
|
||||
/* PKCS5v1 & PKCS12 */
|
||||
const SEC_ASN1Template secuPBEParamsTemp[] = {
|
||||
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
|
||||
{ SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) },
|
||||
{ SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) },
|
||||
{ 0 }
|
||||
};
|
||||
const SEC_ASN1Template secuPBEParamsTemp[] =
|
||||
{
|
||||
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
|
||||
{ SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) },
|
||||
{ SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) },
|
||||
{ 0 }
|
||||
};
|
||||
|
||||
/* SEC_OID_PKCS5_PBES2, SEC_OID_PKCS5_PBMAC1 */
|
||||
const SEC_ASN1Template secuPBEV2Params[] = {
|
||||
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
|
||||
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg),
|
||||
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
|
||||
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, cipherAlg),
|
||||
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
|
||||
{ 0 }
|
||||
};
|
||||
const SEC_ASN1Template secuPBEV2Params[] =
|
||||
{
|
||||
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
|
||||
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg),
|
||||
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
|
||||
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, cipherAlg),
|
||||
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
|
||||
{ 0 }
|
||||
};
|
||||
|
||||
void
|
||||
secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level)
|
||||
|
@ -2297,9 +2300,8 @@ SECU_PrintCertAttributes(FILE *out, CERTAttribute **attrs, char *m, int level)
|
|||
return rv;
|
||||
}
|
||||
|
||||
/* sometimes a PRErrorCode, other times a SECStatus. Sigh. */
|
||||
int
|
||||
SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level)
|
||||
int /* sometimes a PRErrorCode, other times a SECStatus. Sigh. */
|
||||
SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level)
|
||||
{
|
||||
PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
||||
CERTCertificateRequest *cr;
|
||||
|
@ -3249,26 +3251,6 @@ SEC_PrintCertificateAndTrust(CERTCertificate *cert,
|
|||
"Certificate Trust Flags", 1);
|
||||
}
|
||||
|
||||
/* The distrust fields are hard-coded in nssckbi and read-only.
|
||||
* If verifying some cert, with vfychain, for instance, the certificate may
|
||||
* not have a defined slot if not imported. */
|
||||
if (cert->slot != NULL && cert->distrust != NULL) {
|
||||
const unsigned int kDistrustFieldSize = 13;
|
||||
fprintf(stdout, "\n");
|
||||
SECU_Indent(stdout, 1);
|
||||
fprintf(stdout, "%s:\n", "Certificate Distrust Dates");
|
||||
if (cert->distrust->serverDistrustAfter.len == kDistrustFieldSize) {
|
||||
SECU_PrintTimeChoice(stdout,
|
||||
&cert->distrust->serverDistrustAfter,
|
||||
"Server Distrust After", 2);
|
||||
}
|
||||
if (cert->distrust->emailDistrustAfter.len == kDistrustFieldSize) {
|
||||
SECU_PrintTimeChoice(stdout,
|
||||
&cert->distrust->emailDistrustAfter,
|
||||
"E-mail Distrust After", 2);
|
||||
}
|
||||
}
|
||||
|
||||
printf("\n");
|
||||
|
||||
return (SECSuccess);
|
||||
|
|
|
@ -10,4 +10,3 @@
|
|||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
|
|
@ -1224,53 +1224,3 @@ TEST_F(pkixder_universal_types_tests, OID)
|
|||
|
||||
ASSERT_EQ(Success, OID(reader, expectedOID));
|
||||
}
|
||||
|
||||
TEST_F(pkixder_universal_types_tests, SkipOptionalImplicitPrimitiveTag)
|
||||
{
|
||||
const uint8_t DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1[] = {
|
||||
0x81,
|
||||
0x04,
|
||||
0x00,
|
||||
0x0A,
|
||||
0x0B,
|
||||
0x0C,
|
||||
};
|
||||
Input input(DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1);
|
||||
Reader reader(input);
|
||||
|
||||
ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 1));
|
||||
ASSERT_TRUE(reader.AtEnd());
|
||||
}
|
||||
|
||||
TEST_F(pkixder_universal_types_tests, SkipOptionalImplicitPrimitiveTagMismatch)
|
||||
{
|
||||
const uint8_t DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1[] = {
|
||||
0x81,
|
||||
0x04,
|
||||
0x00,
|
||||
0x0A,
|
||||
0x0B,
|
||||
0x0C,
|
||||
};
|
||||
Input input(DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1);
|
||||
Reader reader(input);
|
||||
|
||||
ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 2));
|
||||
ASSERT_FALSE(reader.AtEnd());
|
||||
}
|
||||
|
||||
TEST_F(pkixder_universal_types_tests, NoSkipOptionalImplicitConstructedTag)
|
||||
{
|
||||
const uint8_t DER_IMPLICIT_SEQUENCE_WITH_CLASS_NUMBER_1[] = {
|
||||
0xA1,
|
||||
0x03,
|
||||
0x05,
|
||||
0x01,
|
||||
0x00,
|
||||
};
|
||||
Input input(DER_IMPLICIT_SEQUENCE_WITH_CLASS_NUMBER_1);
|
||||
Reader reader(input);
|
||||
|
||||
ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 1));
|
||||
ASSERT_FALSE(reader.AtEnd());
|
||||
}
|
||||
|
|
|
@ -6,22 +6,13 @@ CORE_DEPTH = ../..
|
|||
DEPTH = ../..
|
||||
MODULE = nss
|
||||
|
||||
DEFINES += -DDLL_SUFFIX=\"$(DLL_SUFFIX)\" -DDLL_PREFIX=\"$(DLL_PREFIX)\"
|
||||
|
||||
include $(CORE_DEPTH)/coreconf/arch.mk
|
||||
ifneq ($(OS_ARCH),WINNT)
|
||||
DB_TESTS = \
|
||||
softoken_nssckbi_testlib_gtest.cc
|
||||
endif
|
||||
|
||||
CPPSRCS = \
|
||||
softoken_gtest.cc \
|
||||
$(DB_TESTS) \
|
||||
$(NULL)
|
||||
|
||||
INCLUDES += \
|
||||
-I$(CORE_DEPTH)/gtests/google_test/gtest/include \
|
||||
-I$(CORE_DEPTH)/gtests/common \
|
||||
-I$(CORE_DEPTH)/gtests/common \
|
||||
-I$(CORE_DEPTH)/cpputil \
|
||||
$(NULL)
|
||||
|
||||
|
|
|
@ -12,7 +12,6 @@
|
|||
'type': 'executable',
|
||||
'sources': [
|
||||
'softoken_gtest.cc',
|
||||
'softoken_nssckbi_testlib_gtest.cc',
|
||||
],
|
||||
'dependencies': [
|
||||
'<(DEPTH)/exports.gyp:nss_exports',
|
||||
|
@ -45,10 +44,6 @@
|
|||
'target_defaults': {
|
||||
'include_dirs': [
|
||||
'../../lib/util'
|
||||
],
|
||||
'defines': [
|
||||
'DLL_PREFIX=\"<(dll_prefix)\"',
|
||||
'DLL_SUFFIX=\"<(dll_suffix)\"'
|
||||
]
|
||||
},
|
||||
'variables': {
|
||||
|
|
|
@ -1,124 +0,0 @@
|
|||
#include "cert.h"
|
||||
#include "certdb.h"
|
||||
#include "nspr.h"
|
||||
#include "nss.h"
|
||||
#include "pk11pub.h"
|
||||
#include "secerr.h"
|
||||
|
||||
#include "nss_scoped_ptrs.h"
|
||||
#include "util.h"
|
||||
|
||||
#define GTEST_HAS_RTTI 0
|
||||
#include "gtest/gtest.h"
|
||||
|
||||
namespace nss_test {
|
||||
|
||||
class SoftokenBuiltinsTest : public ::testing::Test {
|
||||
protected:
|
||||
SoftokenBuiltinsTest() : nss_db_dir_("SoftokenBuiltinsTest.d-") {}
|
||||
SoftokenBuiltinsTest(const std::string &prefix) : nss_db_dir_(prefix) {}
|
||||
|
||||
virtual void SetUp() {
|
||||
std::string nss_init_arg("sql:");
|
||||
nss_init_arg.append(nss_db_dir_.GetUTF8Path());
|
||||
ASSERT_EQ(SECSuccess, NSS_Initialize(nss_init_arg.c_str(), "", "",
|
||||
SECMOD_DB, NSS_INIT_NOROOTINIT));
|
||||
}
|
||||
|
||||
virtual void TearDown() {
|
||||
ASSERT_EQ(SECSuccess, NSS_Shutdown());
|
||||
const std::string &nss_db_dir_path = nss_db_dir_.GetPath();
|
||||
ASSERT_EQ(0, unlink((nss_db_dir_path + "/cert9.db").c_str()));
|
||||
ASSERT_EQ(0, unlink((nss_db_dir_path + "/key4.db").c_str()));
|
||||
ASSERT_EQ(0, unlink((nss_db_dir_path + "/pkcs11.txt").c_str()));
|
||||
}
|
||||
|
||||
virtual void LoadModule() {
|
||||
ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
|
||||
ASSERT_TRUE(slot);
|
||||
EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, nullptr));
|
||||
SECStatus result = SECMOD_AddNewModule(
|
||||
"Builtins-testlib", DLL_PREFIX "nssckbi-testlib." DLL_SUFFIX, 0, 0);
|
||||
ASSERT_EQ(result, SECSuccess);
|
||||
}
|
||||
|
||||
ScopedUniqueDirectory nss_db_dir_;
|
||||
};
|
||||
|
||||
// The next tests in this class are used to test the Distrust Fields.
|
||||
// More details about these fields in lib/ckfw/builtins/README.
|
||||
TEST_F(SoftokenBuiltinsTest, CheckNoDistrustFields) {
|
||||
const char *kCertNickname =
|
||||
"Builtin Object Token:Distrust Fields Test - no_distrust";
|
||||
LoadModule();
|
||||
|
||||
CERTCertDBHandle *cert_handle = CERT_GetDefaultCertDB();
|
||||
ASSERT_TRUE(cert_handle);
|
||||
ScopedCERTCertificate cert(
|
||||
CERT_FindCertByNickname(cert_handle, kCertNickname));
|
||||
ASSERT_TRUE(cert);
|
||||
|
||||
EXPECT_EQ(PR_FALSE,
|
||||
PK11_HasAttributeSet(cert->slot, cert->pkcs11ID,
|
||||
CKA_NSS_SERVER_DISTRUST_AFTER, PR_FALSE));
|
||||
EXPECT_EQ(PR_FALSE,
|
||||
PK11_HasAttributeSet(cert->slot, cert->pkcs11ID,
|
||||
CKA_NSS_EMAIL_DISTRUST_AFTER, PR_FALSE));
|
||||
ASSERT_FALSE(cert->distrust);
|
||||
}
|
||||
|
||||
TEST_F(SoftokenBuiltinsTest, CheckOkDistrustFields) {
|
||||
const char *kCertNickname =
|
||||
"Builtin Object Token:Distrust Fields Test - ok_distrust";
|
||||
LoadModule();
|
||||
|
||||
CERTCertDBHandle *cert_handle = CERT_GetDefaultCertDB();
|
||||
ASSERT_TRUE(cert_handle);
|
||||
ScopedCERTCertificate cert(
|
||||
CERT_FindCertByNickname(cert_handle, kCertNickname));
|
||||
ASSERT_TRUE(cert);
|
||||
|
||||
const char *kExpectedDERValueServer = "200617000000Z";
|
||||
const char *kExpectedDERValueEmail = "071014085320Z";
|
||||
// When a valid timestamp is encoded, the result length is exactly 13.
|
||||
const unsigned int kDistrustFieldSize = 13;
|
||||
|
||||
ASSERT_TRUE(cert->distrust);
|
||||
ASSERT_EQ(kDistrustFieldSize, cert->distrust->serverDistrustAfter.len);
|
||||
ASSERT_NE(nullptr, cert->distrust->serverDistrustAfter.data);
|
||||
EXPECT_TRUE(!memcmp(kExpectedDERValueServer,
|
||||
cert->distrust->serverDistrustAfter.data,
|
||||
kDistrustFieldSize));
|
||||
|
||||
ASSERT_EQ(kDistrustFieldSize, cert->distrust->emailDistrustAfter.len);
|
||||
ASSERT_NE(nullptr, cert->distrust->emailDistrustAfter.data);
|
||||
EXPECT_TRUE(!memcmp(kExpectedDERValueEmail,
|
||||
cert->distrust->emailDistrustAfter.data,
|
||||
kDistrustFieldSize));
|
||||
}
|
||||
|
||||
TEST_F(SoftokenBuiltinsTest, CheckInvalidDistrustFields) {
|
||||
const char *kCertNickname =
|
||||
"Builtin Object Token:Distrust Fields Test - err_distrust";
|
||||
LoadModule();
|
||||
|
||||
CERTCertDBHandle *cert_handle = CERT_GetDefaultCertDB();
|
||||
ASSERT_TRUE(cert_handle);
|
||||
ScopedCERTCertificate cert(
|
||||
CERT_FindCertByNickname(cert_handle, kCertNickname));
|
||||
ASSERT_TRUE(cert);
|
||||
|
||||
// The field should never be set to TRUE in production, we are just
|
||||
// testing if this field is readable, even if set to TRUE.
|
||||
EXPECT_EQ(PR_TRUE,
|
||||
PK11_HasAttributeSet(cert->slot, cert->pkcs11ID,
|
||||
CKA_NSS_SERVER_DISTRUST_AFTER, PR_FALSE));
|
||||
// If something other than CK_BBOOL CK_TRUE, it will be considered FALSE
|
||||
// Here, there is an OCTAL value, but with unexpected content (1 digit less).
|
||||
EXPECT_EQ(PR_FALSE,
|
||||
PK11_HasAttributeSet(cert->slot, cert->pkcs11ID,
|
||||
CKA_NSS_EMAIL_DISTRUST_AFTER, PR_FALSE));
|
||||
ASSERT_FALSE(cert->distrust);
|
||||
}
|
||||
|
||||
} // namespace nss_test
|
|
@ -2889,10 +2889,15 @@ void
|
|||
CERT_UnlockCertRefCount(CERTCertificate *cert)
|
||||
{
|
||||
PORT_Assert(certRefCountLock != NULL);
|
||||
PRStatus prstat = PZ_Unlock(certRefCountLock);
|
||||
if (prstat != PR_SUCCESS) {
|
||||
|
||||
#ifdef DEBUG
|
||||
{
|
||||
PRStatus prstat = PZ_Unlock(certRefCountLock);
|
||||
PORT_Assert(prstat == PR_SUCCESS);
|
||||
}
|
||||
#else
|
||||
PZ_Unlock(certRefCountLock);
|
||||
#endif
|
||||
}
|
||||
|
||||
static PZLock *certTrustLock = NULL;
|
||||
|
@ -2996,10 +3001,15 @@ void
|
|||
CERT_UnlockCertTrust(const CERTCertificate *cert)
|
||||
{
|
||||
PORT_Assert(certTrustLock != NULL);
|
||||
PRStatus prstat = PZ_Unlock(certTrustLock);
|
||||
if (prstat != PR_SUCCESS) {
|
||||
|
||||
#ifdef DEBUG
|
||||
{
|
||||
PRStatus prstat = PZ_Unlock(certTrustLock);
|
||||
PORT_Assert(prstat == PR_SUCCESS);
|
||||
}
|
||||
#else
|
||||
PZ_Unlock(certTrustLock);
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -3009,10 +3019,14 @@ void
|
|||
CERT_UnlockCertTempPerm(const CERTCertificate *cert)
|
||||
{
|
||||
PORT_Assert(certTempPermLock != NULL);
|
||||
PRStatus prstat = PZ_Unlock(certTempPermLock);
|
||||
if (prstat != PR_SUCCESS) {
|
||||
#ifdef DEBUG
|
||||
{
|
||||
PRStatus prstat = PZ_Unlock(certTempPermLock);
|
||||
PORT_Assert(prstat == PR_SUCCESS);
|
||||
}
|
||||
#else
|
||||
(void)PZ_Unlock(certTempPermLock);
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -35,7 +35,6 @@ typedef struct CERTCertListStr CERTCertList;
|
|||
typedef struct CERTCertListNodeStr CERTCertListNode;
|
||||
typedef struct CERTCertNicknamesStr CERTCertNicknames;
|
||||
typedef struct CERTCertTrustStr CERTCertTrust;
|
||||
typedef struct CERTCertDistrustStr CERTCertDistrust;
|
||||
typedef struct CERTCertificateStr CERTCertificate;
|
||||
typedef struct CERTCertificateListStr CERTCertificateList;
|
||||
typedef struct CERTCertificateRequestStr CERTCertificateRequest;
|
||||
|
@ -141,18 +140,6 @@ struct CERTCertTrustStr {
|
|||
unsigned int objectSigningFlags;
|
||||
};
|
||||
|
||||
/*
|
||||
* Distrust dates for specific certificate usages.
|
||||
* These dates are hardcoded in nssckbi/builtins. They are DER encoded to be
|
||||
* compatible with the format of certdata.txt, other date fields in certs and
|
||||
* existing functions to read these dates. Clients should check the distrust
|
||||
* date in certificates to avoid trusting a CA for service they have ceased to
|
||||
* support */
|
||||
struct CERTCertDistrustStr {
|
||||
SECItem serverDistrustAfter;
|
||||
SECItem emailDistrustAfter;
|
||||
};
|
||||
|
||||
/*
|
||||
* defined the types of trust that exist
|
||||
*/
|
||||
|
@ -292,8 +279,6 @@ struct CERTCertificateStr {
|
|||
PK11SlotInfo *slot; /*if this cert came of a token, which is it*/
|
||||
CK_OBJECT_HANDLE pkcs11ID; /*and which object on that token is it */
|
||||
PRBool ownSlot; /*true if the cert owns the slot reference */
|
||||
/* These fields are used in nssckbi/builtins CAs. */
|
||||
CERTCertDistrust *distrust;
|
||||
};
|
||||
#define SEC_CERTIFICATE_VERSION_1 0 /* default created */
|
||||
#define SEC_CERTIFICATE_VERSION_2 1 /* v2 */
|
||||
|
|
|
@ -22,8 +22,7 @@ variants), SHLIB_PATH (32-bit HP-UX), LIBPATH (AIX), or PATH (Windows).
|
|||
argument to the -n option should be replaced by the nickname of the root
|
||||
certificate.
|
||||
|
||||
% addbuiltin -n "Nickname of the Root Certificate" -t C,C,C < newroot.der \
|
||||
>> certdata.txt
|
||||
% addbuiltin -n "Nickname of the Root Certificate" -t C,C,C < newroot.der >> certdata.txt
|
||||
|
||||
4. Edit nssckbi.h to bump the version of the module.
|
||||
|
||||
|
@ -44,63 +43,3 @@ II. Removing a Builtin Root CA Certificate
|
|||
|
||||
5. After you verify that the new nssckbi module is correct, check in
|
||||
certdata.txt and nssckbi.h.
|
||||
|
||||
III. Scheduling a Distrust date for Server/TLS or Email certificates issued
|
||||
by a CA
|
||||
|
||||
For each Builtin Root CA Certificate we have the Trust Bits to know what kind
|
||||
of certificates issued by this CA are trusted: Server/TLS, E-mail or S/MIME.
|
||||
Sometimes a CA discontinues support for a particular kind of certificate,
|
||||
but will still issue other kinds. For instance, they might cease support for
|
||||
email certificates but continue to provide server certificates. In this
|
||||
scenario, we have to disable the Trust Bit for this kind of certificate when
|
||||
the last issued certificate expires.
|
||||
Between the last expired certificate date and the change and propagation of
|
||||
this respective Trust Bit, could have a undesired gap.
|
||||
|
||||
So, in these situations we can set a Distrust Date for this Builtin Root CA
|
||||
Certificate. Clients should check the distrust date in certificates to avoid
|
||||
trusting a CA for service they have ceased to support.
|
||||
|
||||
A distrust date is a timestamp in unix epoch, encoded in DER format and saved
|
||||
in certdata.txt. These fields are defined at the "Certificate" entries of
|
||||
certdata.txt, in a MULTILINE_OCTAL format. By default, for readability purpose,
|
||||
these fields are set as a boolean CK_FALSE and will be ignored when read.
|
||||
|
||||
1. Create the timestamp for the desired distrust date. An easy and practical way
|
||||
to do this is using the date command.
|
||||
% date -d "2019-07-01 00:00:00 UTC" +%s
|
||||
The result should be something like: 1561939200
|
||||
|
||||
2. Then, run the addbuiltin -d to verify the timestamp and do the right
|
||||
conversions.
|
||||
The -d option takes the timestamp as an argument, which is interpreted as
|
||||
seconds since unix epoch. The addbuiltin command will show the result in the
|
||||
stdout, as it should be inserted in certdata.txt.
|
||||
% addbuiltin -d 1561939200
|
||||
The result should be something like this:
|
||||
|
||||
The timestamp represents this date: Mon Jul 01 00:00:00 2019
|
||||
Locate the entry of the desired certificate in certdata.txt
|
||||
Erase the CKA_NSS_[SERVER|EMAIL]_DISTRUST_AFTER CK_BBOOL CK_FALSE
|
||||
And override with the following respective entry:
|
||||
|
||||
# For Server Distrust After: Mon Jul 01 00:00:00 2019
|
||||
CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
|
||||
\061\071\060\067\060\061\060\060\060\060\060\060\132
|
||||
END
|
||||
# For Email Distrust After: Mon Jul 01 00:00:00 2019
|
||||
CKA_NSS_EMAIL_DISTRUST_AFTER MULTILINE_OCTAL
|
||||
\061\071\060\067\060\061\060\060\060\060\060\060\132
|
||||
END
|
||||
|
||||
3. Edit the certdata.txt, overriding the desired entry for the desired CA, as
|
||||
the instructions generated by the previous command.
|
||||
|
||||
4. If necessary, increment the version counter
|
||||
NSS_BUILTINS_LIBRARY_VERSION_MINOR in nssckbi.h.
|
||||
|
||||
5. Build the nssckbi module.
|
||||
|
||||
6. A good way to test is with certutil:
|
||||
% certutil -L -d $DBDIR -n "Builtin Object Token:<nickname>"
|
||||
|
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -5,8 +5,6 @@
|
|||
|
||||
CORE_DEPTH = ../../..
|
||||
|
||||
DIRS = testlib
|
||||
|
||||
MODULE = nss
|
||||
MAPFILE = $(OBJDIR)/nssckbi.def
|
||||
|
||||
|
|
|
@ -46,8 +46,8 @@
|
|||
* It's recommend to switch back to 0 after having reached version 98/99.
|
||||
*/
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 38
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION "2.38"
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 36
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION "2.36"
|
||||
|
||||
/* These version numbers detail the semantic changes to the ckfw engine. */
|
||||
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
|
||||
|
|
|
@ -1,52 +0,0 @@
|
|||
#
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
include manifest.mn
|
||||
include $(CORE_DEPTH)/coreconf/config.mk
|
||||
include config.mk
|
||||
|
||||
EXTRA_LIBS = \
|
||||
$(DIST)/lib/$(LIB_PREFIX)nssckfw.$(LIB_SUFFIX) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
|
||||
$(NULL)
|
||||
|
||||
# If the OS_TARGET is WIN%, the path of shared libs could be different.
|
||||
ifeq (,$(filter-out WIN%,$(OS_TARGET)))
|
||||
# If using GCC, just inform the name of the libs.
|
||||
ifdef NS_USE_GCC
|
||||
EXTRA_SHARED_LIBS += \
|
||||
-L$(NSPR_LIB_DIR) \
|
||||
-lplc4 \
|
||||
-lplds4 \
|
||||
-lnspr4 \
|
||||
$(NULL)
|
||||
else # NS_USE_GCC - If not using GCC, inform the absolute path.
|
||||
EXTRA_SHARED_LIBS += \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
|
||||
$(NULL)
|
||||
endif # NS_USE_GCC
|
||||
else # OS_TARGET != WIN
|
||||
EXTRA_SHARED_LIBS += \
|
||||
-L$(NSPR_LIB_DIR) \
|
||||
-lplc4 \
|
||||
-lplds4 \
|
||||
-lnspr4 \
|
||||
$(NULL)
|
||||
endif # OS_TARGET
|
||||
|
||||
include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
|
||||
CFLAGS += -I$(CORE_DEPTH)/lib/ckfw/builtins
|
||||
|
||||
# Generate certdata-testlib.c.
|
||||
ifndef NSS_CERTDATA-TESTLIB_TXT
|
||||
NSS_CERTDATA-TESTLIB_TXT = certdata-testlib.txt
|
||||
endif
|
||||
|
||||
$(OBJDIR)/certdata-testlib.c: $(NSS_CERTDATA-TESTLIB_TXT)
|
||||
@$(MAKE_OBJDIR)
|
||||
$(PERL) ../certdata.perl $(NSS_CERTDATA-TESTLIB_TXT) $@
|
|
@ -1,64 +0,0 @@
|
|||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
{
|
||||
'includes': [
|
||||
'../../../../coreconf/config.gypi'
|
||||
],
|
||||
'targets': [
|
||||
{
|
||||
'target_name': 'nssckbi-testlib',
|
||||
'type': 'shared_library',
|
||||
'sources': [
|
||||
'../anchor.c',
|
||||
'../bfind.c',
|
||||
'../binst.c',
|
||||
'../bobject.c',
|
||||
'../bsession.c',
|
||||
'../bslot.c',
|
||||
'../btoken.c',
|
||||
'../ckbiver.c',
|
||||
'../constants.c',
|
||||
'<(certdata-testlib_c)',
|
||||
],
|
||||
'dependencies': [
|
||||
'<(DEPTH)/exports.gyp:nss_exports',
|
||||
'<(DEPTH)/lib/ckfw/ckfw.gyp:nssckfw',
|
||||
'<(DEPTH)/lib/base/base.gyp:nssb'
|
||||
],
|
||||
'actions': [
|
||||
{
|
||||
'msvs_cygwin_shell': 0,
|
||||
'action': [
|
||||
'python',
|
||||
'../certdata.py',
|
||||
'certdata-testlib.txt',
|
||||
'<@(_outputs)',
|
||||
],
|
||||
'inputs': [
|
||||
'../certdata.py',
|
||||
'../certdata.perl',
|
||||
'certdata-testlib.txt'
|
||||
],
|
||||
'outputs': [
|
||||
'<(certdata-testlib_c)'
|
||||
],
|
||||
'action_name': 'generate_certdata-testlib_c'
|
||||
}
|
||||
],
|
||||
'variables': {
|
||||
'mapfile': '../nssckbi.def',
|
||||
'certdata-testlib_c': '<(INTERMEDIATE_DIR)/certdata-testlib.c',
|
||||
}
|
||||
}
|
||||
],
|
||||
'target_defaults': {
|
||||
'include_dirs': [
|
||||
'.',
|
||||
'..'
|
||||
]
|
||||
},
|
||||
'variables': {
|
||||
'module': 'nss',
|
||||
}
|
||||
}
|
|
@ -1,479 +0,0 @@
|
|||
#
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
#
|
||||
# certdata-testlib.txt
|
||||
#
|
||||
# To safely test the Distrust Fields it was generated a testlib called:
|
||||
# DLL_PREFIX+nssckbi-testlib+DLL_SUFFIX
|
||||
# Example: libnssckbi-testlib.so, for Linux.
|
||||
#
|
||||
# This testlib is populated with three expired and self-signed certificates, as
|
||||
# defined in this file. The only purpose of this testlib is to provide content
|
||||
# to gtests defined in softoken_nssckbi_testlib_gtest.cc.
|
||||
#
|
||||
# The certificate and private key used here are stored in this same folder,
|
||||
# in txt files named like: "testcert_<name>.txt".
|
||||
#
|
||||
# We have three certificates here:
|
||||
# 1 - no_distrust:
|
||||
# - Both distrust fields are set with CK_FALSE, the default.
|
||||
#
|
||||
# 2 - ok_distrust:
|
||||
# - Each distrust field is set with a different and valid date.
|
||||
#
|
||||
# 3 - err_distrust:
|
||||
# - The server/tls distrust field is set with CK_TRUE. These fields must be
|
||||
# CK_FALSE when no schedule is set. Otherwise, must hold a valid encoded
|
||||
timestamp.
|
||||
# - The email distrust field is set with an incomplete and invalid encoded
|
||||
# timestamp.
|
||||
#
|
||||
# These fields are filled when the cert is loaded and cannot be changed.
|
||||
#
|
||||
BEGINDATA
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_BUILTIN_ROOT_LIST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "Test with Invalid NSS Builtin Trusted Roots"
|
||||
|
||||
#
|
||||
# Certificate "Distrust Fields Test - no_distrust"
|
||||
#
|
||||
# Issuer: C=DE,ST=TEST,L=TEST,OU=Mozilla,OU=NSS,CN=TEST no_distrust
|
||||
# Serial Number:73:f8:bc:37:a3:4a:5f:26:13:64:dc:4e:c6:58:4e:94:2a:24:22:b1
|
||||
# Subject: C=DE,ST=TEST,L=TEST,OU=Mozilla,OU=NSS,CN=TEST no_distrust
|
||||
# Not Valid Before: Tue Jul 16 06:32:42 2019
|
||||
# Not Valid After : Fri Jul 26 06:32:42 2019
|
||||
# Fingerprint (SHA-256): 53:AD:AE:B1:D4:D8:B6:34:59:60:26:FA:0D:56:B0:98:0A:E0:8D:E3:90:E5:13:FA:E9:BE:EA:5D:D5:E6:79:02
|
||||
# Fingerprint (SHA1): 11:80:28:5A:A4:79:45:A2:AB:2F:A3:27:28:6A:CA:DB:0F:D7:30:FC
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "Distrust Fields Test - no_distrust"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\146\061\031\060\027\006\003\125\004\003\014\020\124\105\123
|
||||
\124\040\156\157\137\144\151\163\164\162\165\163\164\061\014\060
|
||||
\012\006\003\125\004\013\014\003\116\123\123\061\020\060\016\006
|
||||
\003\125\004\013\014\007\115\157\172\151\154\154\141\061\015\060
|
||||
\013\006\003\125\004\007\014\004\124\105\123\124\061\015\060\013
|
||||
\006\003\125\004\010\014\004\124\105\123\124\061\013\060\011\006
|
||||
\003\125\004\006\023\002\104\105
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\146\061\031\060\027\006\003\125\004\003\014\020\124\105\123
|
||||
\124\040\156\157\137\144\151\163\164\162\165\163\164\061\014\060
|
||||
\012\006\003\125\004\013\014\003\116\123\123\061\020\060\016\006
|
||||
\003\125\004\013\014\007\115\157\172\151\154\154\141\061\015\060
|
||||
\013\006\003\125\004\007\014\004\124\105\123\124\061\015\060\013
|
||||
\006\003\125\004\010\014\004\124\105\123\124\061\013\060\011\006
|
||||
\003\125\004\006\023\002\104\105
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\024\163\370\274\067\243\112\137\046\023\144\334\116\306\130
|
||||
\116\224\052\044\042\261
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\003\255\060\202\002\225\240\003\002\001\002\002\024\163
|
||||
\370\274\067\243\112\137\046\023\144\334\116\306\130\116\224\052
|
||||
\044\042\261\060\015\006\011\052\206\110\206\367\015\001\001\013
|
||||
\005\000\060\146\061\031\060\027\006\003\125\004\003\014\020\124
|
||||
\105\123\124\040\156\157\137\144\151\163\164\162\165\163\164\061
|
||||
\014\060\012\006\003\125\004\013\014\003\116\123\123\061\020\060
|
||||
\016\006\003\125\004\013\014\007\115\157\172\151\154\154\141\061
|
||||
\015\060\013\006\003\125\004\007\014\004\124\105\123\124\061\015
|
||||
\060\013\006\003\125\004\010\014\004\124\105\123\124\061\013\060
|
||||
\011\006\003\125\004\006\023\002\104\105\060\036\027\015\061\071
|
||||
\060\067\061\066\060\066\063\062\064\062\132\027\015\061\071\060
|
||||
\067\062\066\060\066\063\062\064\062\132\060\146\061\031\060\027
|
||||
\006\003\125\004\003\014\020\124\105\123\124\040\156\157\137\144
|
||||
\151\163\164\162\165\163\164\061\014\060\012\006\003\125\004\013
|
||||
\014\003\116\123\123\061\020\060\016\006\003\125\004\013\014\007
|
||||
\115\157\172\151\154\154\141\061\015\060\013\006\003\125\004\007
|
||||
\014\004\124\105\123\124\061\015\060\013\006\003\125\004\010\014
|
||||
\004\124\105\123\124\061\013\060\011\006\003\125\004\006\023\002
|
||||
\104\105\060\202\001\042\060\015\006\011\052\206\110\206\367\015
|
||||
\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
|
||||
\001\001\000\307\367\273\061\133\151\242\334\233\052\044\123\006
|
||||
\275\040\214\266\303\135\365\220\104\106\076\100\144\062\366\325
|
||||
\270\307\223\230\002\227\150\304\102\146\246\167\113\324\031\136
|
||||
\132\140\006\247\062\145\074\257\115\330\256\244\325\003\176\203
|
||||
\375\332\345\365\140\163\173\230\224\122\135\144\176\075\151\012
|
||||
\275\044\307\317\343\126\332\221\240\171\141\372\107\137\210\362
|
||||
\020\231\212\120\103\051\010\233\357\005\201\350\375\202\104\106
|
||||
\072\270\323\151\164\013\201\355\004\304\002\017\042\071\022\072
|
||||
\223\061\266\353\220\057\130\221\255\024\166\125\241\212\054\132
|
||||
\056\120\222\072\332\275\356\037\232\026\344\336\043\052\074\112
|
||||
\006\246\100\266\254\065\301\167\276\170\027\127\054\302\254\146
|
||||
\171\327\314\305\264\077\044\101\347\105\337\267\051\110\041\113
|
||||
\302\043\214\036\015\357\330\167\037\204\353\362\021\232\254\220
|
||||
\271\171\170\306\077\016\353\045\376\171\154\125\323\326\363\136
|
||||
\230\333\160\242\231\016\300\041\221\045\262\053\035\243\351\363
|
||||
\233\013\073\002\233\030\152\324\132\270\203\240\163\167\272\142
|
||||
\052\326\053\002\003\001\000\001\243\123\060\121\060\035\006\003
|
||||
\125\035\016\004\026\004\024\272\015\343\222\236\200\244\163\217
|
||||
\005\277\352\147\036\243\071\077\241\274\346\060\037\006\003\125
|
||||
\035\043\004\030\060\026\200\024\272\015\343\222\236\200\244\163
|
||||
\217\005\277\352\147\036\243\071\077\241\274\346\060\017\006\003
|
||||
\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006
|
||||
\011\052\206\110\206\367\015\001\001\013\005\000\003\202\001\001
|
||||
\000\251\350\344\354\346\066\155\375\144\242\257\175\265\332\166
|
||||
\233\334\141\326\230\160\122\303\221\002\257\313\252\330\003\330
|
||||
\012\133\050\343\171\110\243\115\314\026\275\006\005\200\222\147
|
||||
\166\250\275\323\024\367\317\255\034\264\240\003\114\023\044\171
|
||||
\126\011\012\104\256\306\327\034\376\136\323\056\035\222\041\031
|
||||
\350\372\052\242\025\362\236\176\232\002\300\010\013\127\256\314
|
||||
\315\042\132\030\333\064\245\203\174\212\065\250\364\025\070\167
|
||||
\177\312\033\301\377\273\046\215\340\007\204\260\210\056\275\351
|
||||
\353\127\053\050\165\322\146\223\064\324\233\152\112\152\000\314
|
||||
\360\205\057\172\037\061\066\104\312\324\362\156\265\114\130\241
|
||||
\262\333\056\212\044\264\023\314\144\062\172\151\167\007\273\104
|
||||
\253\173\054\025\073\174\027\167\176\362\037\232\067\073\220\257
|
||||
\257\001\013\125\156\350\234\207\261\370\301\143\106\131\062\146
|
||||
\041\227\107\340\262\042\034\030\043\336\257\115\027\250\024\171
|
||||
\121\210\336\232\174\052\134\002\100\014\225\336\224\017\177\015
|
||||
\354\253\245\347\057\340\214\070\003\375\266\023\017\001\373\236
|
||||
\030
|
||||
END
|
||||
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||
CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
|
||||
CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
|
||||
|
||||
# Trust for "Distrust Fields Test - no_distrust"
|
||||
# Issuer: C=DE,ST=TEST,L=TEST,OU=Mozilla,OU=NSS,CN=TEST no_distrust
|
||||
# Serial Number:73:f8:bc:37:a3:4a:5f:26:13:64:dc:4e:c6:58:4e:94:2a:24:22:b1
|
||||
# Subject: C=DE,ST=TEST,L=TEST,OU=Mozilla,OU=NSS,CN=TEST no_distrust
|
||||
# Not Valid Before: Tue Jul 16 06:32:42 2019
|
||||
# Not Valid After : Fri Jul 26 06:32:42 2019
|
||||
# Fingerprint (SHA-256): 53:AD:AE:B1:D4:D8:B6:34:59:60:26:FA:0D:56:B0:98:0A:E0:8D:E3:90:E5:13:FA:E9:BE:EA:5D:D5:E6:79:02
|
||||
# Fingerprint (SHA1): 11:80:28:5A:A4:79:45:A2:AB:2F:A3:27:28:6A:CA:DB:0F:D7:30:FC
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "Distrust Fields Test - no_distrust"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\021\200\050\132\244\171\105\242\253\057\243\047\050\152\312\333
|
||||
\017\327\060\374
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\130\367\262\151\111\255\236\234\203\221\335\036\366\326\325\026
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\146\061\031\060\027\006\003\125\004\003\014\020\124\105\123
|
||||
\124\040\156\157\137\144\151\163\164\162\165\163\164\061\014\060
|
||||
\012\006\003\125\004\013\014\003\116\123\123\061\020\060\016\006
|
||||
\003\125\004\013\014\007\115\157\172\151\154\154\141\061\015\060
|
||||
\013\006\003\125\004\007\014\004\124\105\123\124\061\015\060\013
|
||||
\006\003\125\004\010\014\004\124\105\123\124\061\013\060\011\006
|
||||
\003\125\004\006\023\002\104\105
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\024\163\370\274\067\243\112\137\046\023\144\334\116\306\130
|
||||
\116\224\052\044\042\261
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Distrust Fields Test - ok_distrust"
|
||||
#
|
||||
# Issuer: C=DE,ST=TEST,L=TEST,OU=Mozilla,OU=NSS,CN=TEST ok_distrust
|
||||
# Serial Number:3a:44:dc:9d:54:3f:5f:aa:b8:26:4f:1d:f8:5a:47:36:29:3a:1b:bc
|
||||
# Subject: C=DE,ST=TEST,L=TEST,OU=Mozilla,OU=NSS,CN=TEST ok_distrust
|
||||
# Not Valid Before: Tue Jul 16 06:32:42 2019
|
||||
# Not Valid After : Fri Jul 26 06:32:42 2019
|
||||
# Fingerprint (SHA-256): BA:43:4C:9D:21:8E:E7:15:8E:4D:11:7E:5B:4B:EF:57:D3:01:6C:D7:E5:6B:7B:6C:85:62:35:44:44:59:FE:5B
|
||||
# Fingerprint (SHA1): F6:4F:33:50:3D:DB:1C:3D:BE:BE:79:9F:D6:B6:21:3A:AA:D1:55:4F
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "Distrust Fields Test - ok_distrust"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\146\061\031\060\027\006\003\125\004\003\014\020\124\105\123
|
||||
\124\040\157\153\137\144\151\163\164\162\165\163\164\061\014\060
|
||||
\012\006\003\125\004\013\014\003\116\123\123\061\020\060\016\006
|
||||
\003\125\004\013\014\007\115\157\172\151\154\154\141\061\015\060
|
||||
\013\006\003\125\004\007\014\004\124\105\123\124\061\015\060\013
|
||||
\006\003\125\004\010\014\004\124\105\123\124\061\013\060\011\006
|
||||
\003\125\004\006\023\002\104\105
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\146\061\031\060\027\006\003\125\004\003\014\020\124\105\123
|
||||
\124\040\157\153\137\144\151\163\164\162\165\163\164\061\014\060
|
||||
\012\006\003\125\004\013\014\003\116\123\123\061\020\060\016\006
|
||||
\003\125\004\013\014\007\115\157\172\151\154\154\141\061\015\060
|
||||
\013\006\003\125\004\007\014\004\124\105\123\124\061\015\060\013
|
||||
\006\003\125\004\010\014\004\124\105\123\124\061\013\060\011\006
|
||||
\003\125\004\006\023\002\104\105
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\024\072\104\334\235\124\077\137\252\270\046\117\035\370\132
|
||||
\107\066\051\072\033\274
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\003\255\060\202\002\225\240\003\002\001\002\002\024\072
|
||||
\104\334\235\124\077\137\252\270\046\117\035\370\132\107\066\051
|
||||
\072\033\274\060\015\006\011\052\206\110\206\367\015\001\001\013
|
||||
\005\000\060\146\061\031\060\027\006\003\125\004\003\014\020\124
|
||||
\105\123\124\040\157\153\137\144\151\163\164\162\165\163\164\061
|
||||
\014\060\012\006\003\125\004\013\014\003\116\123\123\061\020\060
|
||||
\016\006\003\125\004\013\014\007\115\157\172\151\154\154\141\061
|
||||
\015\060\013\006\003\125\004\007\014\004\124\105\123\124\061\015
|
||||
\060\013\006\003\125\004\010\014\004\124\105\123\124\061\013\060
|
||||
\011\006\003\125\004\006\023\002\104\105\060\036\027\015\061\071
|
||||
\060\067\061\066\060\066\063\062\064\062\132\027\015\061\071\060
|
||||
\067\062\066\060\066\063\062\064\062\132\060\146\061\031\060\027
|
||||
\006\003\125\004\003\014\020\124\105\123\124\040\157\153\137\144
|
||||
\151\163\164\162\165\163\164\061\014\060\012\006\003\125\004\013
|
||||
\014\003\116\123\123\061\020\060\016\006\003\125\004\013\014\007
|
||||
\115\157\172\151\154\154\141\061\015\060\013\006\003\125\004\007
|
||||
\014\004\124\105\123\124\061\015\060\013\006\003\125\004\010\014
|
||||
\004\124\105\123\124\061\013\060\011\006\003\125\004\006\023\002
|
||||
\104\105\060\202\001\042\060\015\006\011\052\206\110\206\367\015
|
||||
\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
|
||||
\001\001\000\272\036\174\330\225\102\315\034\063\337\145\114\060
|
||||
\061\036\024\065\051\216\357\013\150\107\361\256\217\363\066\326
|
||||
\124\247\034\227\202\315\151\263\237\125\340\377\047\125\050\016
|
||||
\152\210\355\141\202\062\263\233\300\152\220\356\200\026\124\001
|
||||
\163\305\024\357\315\374\220\267\370\170\316\022\056\216\161\145
|
||||
\341\324\121\271\026\306\026\250\121\201\107\254\231\142\046\012
|
||||
\043\260\242\356\051\303\206\277\341\377\304\117\066\373\340\073
|
||||
\143\076\347\363\157\130\317\271\165\333\127\015\316\267\117\055
|
||||
\232\240\271\116\250\160\364\271\224\203\215\137\267\066\271\377
|
||||
\177\014\337\033\326\312\374\320\247\053\107\345\355\127\067\007
|
||||
\322\220\200\376\053\266\132\044\160\266\154\062\265\375\262\176
|
||||
\362\362\257\031\364\147\251\071\337\331\146\057\005\222\377\360
|
||||
\001\247\252\155\106\035\235\065\222\346\351\301\204\335\344\012
|
||||
\361\366\061\044\030\103\331\116\113\137\121\036\253\042\314\260
|
||||
\005\231\251\002\102\002\161\071\337\330\304\150\215\220\164\346
|
||||
\170\245\366\360\237\353\362\113\203\362\277\320\074\064\364\022
|
||||
\031\105\025\002\003\001\000\001\243\123\060\121\060\035\006\003
|
||||
\125\035\016\004\026\004\024\034\100\252\220\333\317\113\002\023
|
||||
\153\030\071\246\014\327\332\262\164\374\075\060\037\006\003\125
|
||||
\035\043\004\030\060\026\200\024\034\100\252\220\333\317\113\002
|
||||
\023\153\030\071\246\014\327\332\262\164\374\075\060\017\006\003
|
||||
\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006
|
||||
\011\052\206\110\206\367\015\001\001\013\005\000\003\202\001\001
|
||||
\000\042\041\036\227\272\132\106\356\112\272\302\204\014\360\134
|
||||
\331\034\364\137\063\334\045\076\321\034\117\361\311\254\177\017
|
||||
\236\076\121\327\155\046\347\241\205\367\254\061\211\276\011\117
|
||||
\057\364\175\370\016\226\062\004\211\153\047\356\343\064\350\250
|
||||
\231\007\041\164\014\374\216\235\206\203\156\310\013\360\342\237
|
||||
\103\025\274\237\325\106\321\163\123\036\363\051\136\074\205\102
|
||||
\270\127\146\303\060\022\057\104\073\102\030\325\123\376\037\106
|
||||
\143\113\011\164\167\374\075\327\362\002\265\127\234\367\302\114
|
||||
\371\374\251\106\221\343\004\047\227\125\316\024\046\366\370\207
|
||||
\077\025\236\122\116\020\241\072\211\140\100\043\010\105\105\351
|
||||
\304\130\373\313\345\272\232\334\230\011\013\335\261\230\202\353
|
||||
\155\003\353\233\152\241\212\064\246\152\300\246\356\357\106\071
|
||||
\347\211\144\275\212\014\035\247\112\221\131\070\230\122\367\317
|
||||
\134\060\254\155\061\234\364\077\161\256\236\175\077\242\240\353
|
||||
\161\360\355\362\337\215\172\055\123\332\352\264\026\124\012\363
|
||||
\040\124\052\027\300\076\174\012\272\370\377\264\170\150\343\226
|
||||
\105
|
||||
END
|
||||
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||
# For Server Distrust After: Wed Jun 17 00:00:00 2020
|
||||
CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
|
||||
\062\060\060\066\061\067\060\060\060\060\060\060\132
|
||||
END
|
||||
# For Email Distrust After: Sun Oct 14 08:53:20 2007
|
||||
CKA_NSS_EMAIL_DISTRUST_AFTER MULTILINE_OCTAL
|
||||
\060\067\061\060\061\064\060\070\065\063\062\060\132
|
||||
END
|
||||
|
||||
# Trust for "Distrust Fields Test - ok_distrust"
|
||||
# Issuer: C=DE,ST=TEST,L=TEST,OU=Mozilla,OU=NSS,CN=TEST ok_distrust
|
||||
# Serial Number:3a:44:dc:9d:54:3f:5f:aa:b8:26:4f:1d:f8:5a:47:36:29:3a:1b:bc
|
||||
# Subject: C=DE,ST=TEST,L=TEST,OU=Mozilla,OU=NSS,CN=TEST ok_distrust
|
||||
# Not Valid Before: Tue Jul 16 06:32:42 2019
|
||||
# Not Valid After : Fri Jul 26 06:32:42 2019
|
||||
# Fingerprint (SHA-256): BA:43:4C:9D:21:8E:E7:15:8E:4D:11:7E:5B:4B:EF:57:D3:01:6C:D7:E5:6B:7B:6C:85:62:35:44:44:59:FE:5B
|
||||
# Fingerprint (SHA1): F6:4F:33:50:3D:DB:1C:3D:BE:BE:79:9F:D6:B6:21:3A:AA:D1:55:4F
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "Distrust Fields Test - ok_distrust"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\366\117\063\120\075\333\034\075\276\276\171\237\326\266\041\072
|
||||
\252\321\125\117
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\045\304\210\204\375\245\150\220\305\310\325\205\077\365\302\146
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\146\061\031\060\027\006\003\125\004\003\014\020\124\105\123
|
||||
\124\040\157\153\137\144\151\163\164\162\165\163\164\061\014\060
|
||||
\012\006\003\125\004\013\014\003\116\123\123\061\020\060\016\006
|
||||
\003\125\004\013\014\007\115\157\172\151\154\154\141\061\015\060
|
||||
\013\006\003\125\004\007\014\004\124\105\123\124\061\015\060\013
|
||||
\006\003\125\004\010\014\004\124\105\123\124\061\013\060\011\006
|
||||
\003\125\004\006\023\002\104\105
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\024\072\104\334\235\124\077\137\252\270\046\117\035\370\132
|
||||
\107\066\051\072\033\274
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Distrust Fields Test - err_distrust"
|
||||
#
|
||||
# Issuer: C=DE,ST=TEST,L=TEST,OU=Mozilla,OU=NSS,CN=TEST err_distrust
|
||||
# Serial Number:60:fe:b3:a1:c8:c1:30:fc:02:f0:90:9b:6b:b7:08:5e:78:e5:fb:dc
|
||||
# Subject: C=DE,ST=TEST,L=TEST,OU=Mozilla,OU=NSS,CN=TEST err_distrust
|
||||
# Not Valid Before: Tue Jul 16 06:32:42 2019
|
||||
# Not Valid After : Fri Jul 26 06:32:42 2019
|
||||
# Fingerprint (SHA-256): E0:80:A0:7E:D7:53:52:FB:71:B5:05:03:80:C3:DB:92:C7:90:3D:26:3F:26:D5:BF:E5:87:FC:7C:46:EC:F6:35
|
||||
# Fingerprint (SHA1): D4:54:DB:63:51:FB:68:61:DA:CD:61:D9:1B:F8:51:EB:CE:34:41:3D
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "Distrust Fields Test - err_distrust"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\147\061\032\060\030\006\003\125\004\003\014\021\124\105\123
|
||||
\124\040\145\162\162\137\144\151\163\164\162\165\163\164\061\014
|
||||
\060\012\006\003\125\004\013\014\003\116\123\123\061\020\060\016
|
||||
\006\003\125\004\013\014\007\115\157\172\151\154\154\141\061\015
|
||||
\060\013\006\003\125\004\007\014\004\124\105\123\124\061\015\060
|
||||
\013\006\003\125\004\010\014\004\124\105\123\124\061\013\060\011
|
||||
\006\003\125\004\006\023\002\104\105
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\147\061\032\060\030\006\003\125\004\003\014\021\124\105\123
|
||||
\124\040\145\162\162\137\144\151\163\164\162\165\163\164\061\014
|
||||
\060\012\006\003\125\004\013\014\003\116\123\123\061\020\060\016
|
||||
\006\003\125\004\013\014\007\115\157\172\151\154\154\141\061\015
|
||||
\060\013\006\003\125\004\007\014\004\124\105\123\124\061\015\060
|
||||
\013\006\003\125\004\010\014\004\124\105\123\124\061\013\060\011
|
||||
\006\003\125\004\006\023\002\104\105
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\024\140\376\263\241\310\301\060\374\002\360\220\233\153\267
|
||||
\010\136\170\345\373\334
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\003\257\060\202\002\227\240\003\002\001\002\002\024\140
|
||||
\376\263\241\310\301\060\374\002\360\220\233\153\267\010\136\170
|
||||
\345\373\334\060\015\006\011\052\206\110\206\367\015\001\001\013
|
||||
\005\000\060\147\061\032\060\030\006\003\125\004\003\014\021\124
|
||||
\105\123\124\040\145\162\162\137\144\151\163\164\162\165\163\164
|
||||
\061\014\060\012\006\003\125\004\013\014\003\116\123\123\061\020
|
||||
\060\016\006\003\125\004\013\014\007\115\157\172\151\154\154\141
|
||||
\061\015\060\013\006\003\125\004\007\014\004\124\105\123\124\061
|
||||
\015\060\013\006\003\125\004\010\014\004\124\105\123\124\061\013
|
||||
\060\011\006\003\125\004\006\023\002\104\105\060\036\027\015\061
|
||||
\071\060\067\061\066\060\066\063\062\064\062\132\027\015\061\071
|
||||
\060\067\062\066\060\066\063\062\064\062\132\060\147\061\032\060
|
||||
\030\006\003\125\004\003\014\021\124\105\123\124\040\145\162\162
|
||||
\137\144\151\163\164\162\165\163\164\061\014\060\012\006\003\125
|
||||
\004\013\014\003\116\123\123\061\020\060\016\006\003\125\004\013
|
||||
\014\007\115\157\172\151\154\154\141\061\015\060\013\006\003\125
|
||||
\004\007\014\004\124\105\123\124\061\015\060\013\006\003\125\004
|
||||
\010\014\004\124\105\123\124\061\013\060\011\006\003\125\004\006
|
||||
\023\002\104\105\060\202\001\042\060\015\006\011\052\206\110\206
|
||||
\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
|
||||
\002\202\001\001\000\321\114\327\160\070\075\364\033\323\322\310
|
||||
\337\270\071\333\312\356\066\304\105\170\071\227\203\335\012\013
|
||||
\107\004\165\264\325\014\054\103\051\007\017\224\166\330\057\051
|
||||
\342\232\254\326\232\070\331\265\140\205\234\202\074\320\375\103
|
||||
\303\343\216\056\215\317\155\142\311\354\245\047\050\257\046\365
|
||||
\156\124\272\245\172\016\122\145\054\326\357\136\112\364\352\012
|
||||
\360\112\207\363\316\036\254\155\214\216\362\261\021\270\016\171
|
||||
\011\323\105\072\206\344\141\267\256\065\367\315\022\225\133\165
|
||||
\351\066\167\326\262\122\370\233\222\107\067\307\272\145\242\157
|
||||
\377\054\262\175\172\161\140\032\335\161\323\037\307\261\315\245
|
||||
\377\044\110\201\124\142\337\146\162\032\344\366\101\235\252\263
|
||||
\226\153\343\046\300\231\240\025\241\031\202\232\374\221\176\240
|
||||
\061\234\071\330\116\171\150\046\307\102\160\104\377\320\147\263
|
||||
\165\312\377\246\235\175\001\063\246\003\273\247\254\123\321\063
|
||||
\373\316\220\012\056\200\314\354\341\037\065\370\112\322\065\346
|
||||
\363\067\023\034\365\011\267\320\247\227\332\276\175\246\060\010
|
||||
\117\253\217\234\337\002\003\001\000\001\243\123\060\121\060\035
|
||||
\006\003\125\035\016\004\026\004\024\121\202\330\003\344\310\170
|
||||
\002\314\331\364\031\015\224\214\027\241\373\266\000\060\037\006
|
||||
\003\125\035\043\004\030\060\026\200\024\121\202\330\003\344\310
|
||||
\170\002\314\331\364\031\015\224\214\027\241\373\266\000\060\017
|
||||
\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
|
||||
\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202
|
||||
\001\001\000\162\225\235\140\215\374\232\051\167\366\325\002\006
|
||||
\370\057\245\115\123\201\060\371\363\301\340\132\123\100\026\372
|
||||
\012\277\245\017\030\047\005\244\057\243\057\374\331\317\063\177
|
||||
\117\204\065\314\313\046\140\345\151\256\107\160\253\027\022\137
|
||||
\271\022\310\365\273\273\171\346\123\224\215\004\035\032\365\243
|
||||
\047\030\246\342\022\121\155\315\117\320\244\313\240\061\136\030
|
||||
\310\005\112\006\244\176\042\054\235\221\145\123\156\276\001\163
|
||||
\043\233\071\147\143\031\377\035\031\223\224\176\025\065\225\052
|
||||
\015\357\036\360\306\152\056\171\341\071\151\330\064\110\100\172
|
||||
\126\160\243\166\277\133\102\210\341\032\203\002\003\042\073\252
|
||||
\116\376\043\112\377\337\231\301\314\227\016\111\106\131\260\045
|
||||
\315\266\000\015\337\301\213\276\141\250\344\261\152\024\350\361
|
||||
\246\301\242\066\335\330\263\373\230\211\320\047\235\266\254\347
|
||||
\371\101\126\046\111\001\250\373\233\031\371\304\374\167\271\144
|
||||
\025\277\276\355\216\067\024\012\121\231\256\205\335\264\207\047
|
||||
\231\317\306\103\273\262\234\240\153\152\063\071\151\254\113\314
|
||||
\336\067\230
|
||||
END
|
||||
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||
CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_TRUE
|
||||
# For Email Distrust After: Sun Oct 14 08:53:20 2007 # Missing \132 at end
|
||||
CKA_NSS_EMAIL_DISTRUST_AFTER MULTILINE_OCTAL
|
||||
\060\067\061\060\061\064\060\070\065\063\062\060
|
||||
END
|
||||
|
||||
# Trust for "Distrust Fields Test - err_distrust"
|
||||
# Issuer: C=DE,ST=TEST,L=TEST,OU=Mozilla,OU=NSS,CN=TEST err_distrust
|
||||
# Serial Number:60:fe:b3:a1:c8:c1:30:fc:02:f0:90:9b:6b:b7:08:5e:78:e5:fb:dc
|
||||
# Subject: C=DE,ST=TEST,L=TEST,OU=Mozilla,OU=NSS,CN=TEST err_distrust
|
||||
# Not Valid Before: Tue Jul 16 06:32:42 2019
|
||||
# Not Valid After : Fri Jul 26 06:32:42 2019
|
||||
# Fingerprint (SHA-256): E0:80:A0:7E:D7:53:52:FB:71:B5:05:03:80:C3:DB:92:C7:90:3D:26:3F:26:D5:BF:E5:87:FC:7C:46:EC:F6:35
|
||||
# Fingerprint (SHA1): D4:54:DB:63:51:FB:68:61:DA:CD:61:D9:1B:F8:51:EB:CE:34:41:3D
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "Distrust Fields Test - err_distrust"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\324\124\333\143\121\373\150\141\332\315\141\331\033\370\121\353
|
||||
\316\064\101\075
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\105\150\314\050\103\366\315\141\322\277\363\133\217\305\124\273
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\147\061\032\060\030\006\003\125\004\003\014\021\124\105\123
|
||||
\124\040\145\162\162\137\144\151\163\164\162\165\163\164\061\014
|
||||
\060\012\006\003\125\004\013\014\003\116\123\123\061\020\060\016
|
||||
\006\003\125\004\013\014\007\115\157\172\151\154\154\141\061\015
|
||||
\060\013\006\003\125\004\007\014\004\124\105\123\124\061\015\060
|
||||
\013\006\003\125\004\010\014\004\124\105\123\124\061\013\060\011
|
||||
\006\003\125\004\006\023\002\104\105
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\024\140\376\263\241\310\301\060\374\002\360\220\233\153\267
|
||||
\010\136\170\345\373\334
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
|
@ -1,38 +0,0 @@
|
|||
#
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
#
|
||||
# Override TARGETS variable so that only shared libraries
|
||||
# are specifed as dependencies within rules.mk.
|
||||
#
|
||||
|
||||
TARGETS = $(SHARED_LIBRARY)
|
||||
LIBRARY =
|
||||
IMPORT_LIBRARY =
|
||||
PROGRAM =
|
||||
|
||||
ifeq (,$(filter-out WIN%,$(OS_TARGET)))
|
||||
SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
|
||||
RES = $(OBJDIR)/$(LIBRARY_NAME).res
|
||||
RESNAME = $(LIBRARY_NAME).rc
|
||||
endif
|
||||
|
||||
ifdef BUILD_IDG
|
||||
DEFINES += -DNSSDEBUG
|
||||
endif
|
||||
|
||||
# Needed for compilation of $(OBJDIR)/certdata.c
|
||||
INCLUDES += -I.
|
||||
|
||||
#
|
||||
# To create a loadable module on Darwin, we must use -bundle.
|
||||
#
|
||||
ifeq ($(OS_TARGET),Darwin)
|
||||
DSO_LDOPTS = -bundle
|
||||
endif
|
||||
|
||||
ifdef USE_GCOV
|
||||
DSO_LDOPTS += --coverage
|
||||
endif
|
|
@ -1,25 +0,0 @@
|
|||
#
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
CORE_DEPTH = ../../../..
|
||||
|
||||
MODULE = nss
|
||||
|
||||
CSRCS = \
|
||||
../anchor.c \
|
||||
../bfind.c \
|
||||
../binst.c \
|
||||
../bobject.c \
|
||||
../bsession.c \
|
||||
../bslot.c \
|
||||
../btoken.c \
|
||||
../ckbiver.c \
|
||||
../constants.c \
|
||||
certdata-testlib.c \
|
||||
$(NULL)
|
||||
|
||||
REQUIRES = nspr
|
||||
|
||||
LIBRARY_NAME = nssckbi-testlib
|
|
@ -1,52 +0,0 @@
|
|||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#include "../nssckbi.h"
|
||||
#include <winver.h>
|
||||
|
||||
#define MY_LIBNAME "nssckbi-testlib"
|
||||
#define MY_FILEDESCRIPTION "A Test of NSS Builtin Trusted Roots (testlib)"
|
||||
#define MY_FILEFLAGS_1 0x0L
|
||||
|
||||
#ifdef WINNT
|
||||
#define MY_FILEOS VOS_NT_WINDOWS32
|
||||
#else
|
||||
#define MY_FILEOS VOS__WINDOWS32
|
||||
#endif
|
||||
|
||||
#define MY_INTERNAL_NAME MY_LIBNAME
|
||||
|
||||
/////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
// Version-information resource
|
||||
//
|
||||
|
||||
VS_VERSION_INFO VERSIONINFO
|
||||
FILEVERSION NSS_BUILTINS_LIBRARY_VERSION_MAJOR,NSS_BUILTINS_LIBRARY_VERSION_MINOR,0,0
|
||||
PRODUCTVERSION NSS_BUILTINS_LIBRARY_VERSION_MAJOR,NSS_BUILTINS_LIBRARY_VERSION_MINOR,0,0
|
||||
FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
|
||||
FILEFLAGS MY_FILEFLAGS_1
|
||||
FILEOS MY_FILEOS
|
||||
FILETYPE VFT_DLL
|
||||
FILESUBTYPE 0x0L // not used
|
||||
|
||||
BEGIN
|
||||
BLOCK "StringFileInfo"
|
||||
BEGIN
|
||||
BLOCK "040904B0" // Lang=US English, CharSet=Unicode
|
||||
BEGIN
|
||||
VALUE "CompanyName", "Mozilla Foundation\0"
|
||||
VALUE "FileDescription", MY_FILEDESCRIPTION "\0"
|
||||
VALUE "FileVersion", NSS_BUILTINS_LIBRARY_VERSION "\0"
|
||||
VALUE "InternalName", MY_INTERNAL_NAME "\0"
|
||||
VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
|
||||
VALUE "ProductName", "Network Security Services\0"
|
||||
VALUE "ProductVersion", NSS_BUILTINS_LIBRARY_VERSION "\0"
|
||||
END
|
||||
END
|
||||
BLOCK "VarFileInfo"
|
||||
BEGIN
|
||||
VALUE "Translation", 0x409, 1200
|
||||
END
|
||||
END
|
|
@ -1,50 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDrzCCApegAwIBAgIUYP6zocjBMPwC8JCba7cIXnjl+9wwDQYJKoZIhvcNAQEL
|
||||
BQAwZzEaMBgGA1UEAwwRVEVTVCBlcnJfZGlzdHJ1c3QxDDAKBgNVBAsMA05TUzEQ
|
||||
MA4GA1UECwwHTW96aWxsYTENMAsGA1UEBwwEVEVTVDENMAsGA1UECAwEVEVTVDEL
|
||||
MAkGA1UEBhMCREUwHhcNMTkwNzE2MDYzMjQyWhcNMTkwNzI2MDYzMjQyWjBnMRow
|
||||
GAYDVQQDDBFURVNUIGVycl9kaXN0cnVzdDEMMAoGA1UECwwDTlNTMRAwDgYDVQQL
|
||||
DAdNb3ppbGxhMQ0wCwYDVQQHDARURVNUMQ0wCwYDVQQIDARURVNUMQswCQYDVQQG
|
||||
EwJERTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANFM13A4PfQb09LI
|
||||
37g528ruNsRFeDmXg90KC0cEdbTVDCxDKQcPlHbYLynimqzWmjjZtWCFnII80P1D
|
||||
w+OOLo3PbWLJ7KUnKK8m9W5UuqV6DlJlLNbvXkr06grwSofzzh6sbYyO8rERuA55
|
||||
CdNFOobkYbeuNffNEpVbdek2d9ayUvibkkc3x7plom//LLJ9enFgGt1x0x/Hsc2l
|
||||
/yRIgVRi32ZyGuT2QZ2qs5Zr4ybAmaAVoRmCmvyRfqAxnDnYTnloJsdCcET/0Gez
|
||||
dcr/pp19ATOmA7unrFPRM/vOkAougMzs4R81+ErSNebzNxMc9Qm30KeX2r59pjAI
|
||||
T6uPnN8CAwEAAaNTMFEwHQYDVR0OBBYEFFGC2APkyHgCzNn0GQ2UjBeh+7YAMB8G
|
||||
A1UdIwQYMBaAFFGC2APkyHgCzNn0GQ2UjBeh+7YAMA8GA1UdEwEB/wQFMAMBAf8w
|
||||
DQYJKoZIhvcNAQELBQADggEBAHKVnWCN/Jopd/bVAgb4L6VNU4Ew+fPB4FpTQBb6
|
||||
Cr+lDxgnBaQvoy/82c8zf0+ENczLJmDlaa5HcKsXEl+5Esj1u7t55lOUjQQdGvWj
|
||||
Jxim4hJRbc1P0KTLoDFeGMgFSgakfiIsnZFlU26+AXMjmzlnYxn/HRmTlH4VNZUq
|
||||
De8e8MZqLnnhOWnYNEhAelZwo3a/W0KI4RqDAgMiO6pO/iNK/9+ZwcyXDklGWbAl
|
||||
zbYADd/Bi75hqOSxahTo8abBojbd2LP7mInQJ522rOf5QVYmSQGo+5sZ+cT8d7lk
|
||||
Fb++7Y43FApRma6F3bSHJ5nPxkO7spyga2ozOWmsS8zeN5g=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRTNdwOD30G9PS
|
||||
yN+4OdvK7jbERXg5l4PdCgtHBHW01QwsQykHD5R22C8p4pqs1po42bVghZyCPND9
|
||||
Q8Pjji6Nz21iyeylJyivJvVuVLqleg5SZSzW715K9OoK8EqH884erG2MjvKxEbgO
|
||||
eQnTRTqG5GG3rjX3zRKVW3XpNnfWslL4m5JHN8e6ZaJv/yyyfXpxYBrdcdMfx7HN
|
||||
pf8kSIFUYt9mchrk9kGdqrOWa+MmwJmgFaEZgpr8kX6gMZw52E55aCbHQnBE/9Bn
|
||||
s3XK/6adfQEzpgO7p6xT0TP7zpAKLoDM7OEfNfhK0jXm8zcTHPUJt9Cnl9q+faYw
|
||||
CE+rj5zfAgMBAAECggEAfgyGDtqATTxZFK/PNFb8DLnsF8YywpSCYKOE6S9BaDeK
|
||||
jjmgQtVaNzy5IsOLHZ5c4PIUbt3oxPK1dmHSXoApf1Q173HmaAwuT1XqJ5k1kyTv
|
||||
7SVrnMIqCoB3V0Eh0cC+GPEFRMpuVL90FptElI0z0ztFsmZjsCo8D+E2IM6h25UQ
|
||||
MiZmJNb2qk+64Ef9yiKyUBA15y7zBUOIsRMDQlREpHA0T6N2YC1b98r73RHYHc8O
|
||||
+rQixX4ZtB0gl97nKdOjEX9ECfwd5nUXVUFNMthozYMy2VmpU9eH3zP33vcZNvaD
|
||||
5GX2lvSkWLXEb6Zc/yWdBPrijSVeD+qwZ6tDBPgskQKBgQD4EbzuiFLEoFE/IdCD
|
||||
zP1cj28kmUU6oQJDk2TNlsQ3q6jbSoMCXqEfVF9RFcTkvCnV1GkrwjoM8vhYaL+x
|
||||
OCGRIvOqzsDwvyd3lbsDM3pVw6j64zRjR1JkdOK23sCj10cVEYYqDozVHILPYmEL
|
||||
hEEYk7FqfPY1uqKL6zGnWhX81wKBgQDX/c6i8kOJjO7YWoG4Z2hPUJJCM/q3Ws1b
|
||||
XK2m6qddYPV5zOv2geknAC71WqOgVnLM/pNrPpd2p1kMjRPqKKUL0z7XONp8+6ii
|
||||
9EB+CEwUB/1kA/GFl5sAcOv9uGqMrXeWoAzeoyeBE/MscfANY0tROfvXvpYhYl3S
|
||||
SlCfy0UXOQKBgFfKJzufQPNW7QnTlLBgJjXQiPvBxi82dc+mZOEg/vXYqRxaJTz8
|
||||
cjbdLBJNCu4L7R5AWqviw5p7jgnzoAs+mxp67RLAsqVAcN4wPgum9x9M7AtFxu9v
|
||||
eSgV+XnQIQqakAxTtFBD7/Enct+jqEZkGolxEzNlX9ip4QZ1SJA6IFfnAoGBAJLN
|
||||
F6faXxrbJe74vNgXuGbIDVBfwdTjK1YgTIp5TF2EK/On2uzFaTEvx7rM6w9sEkTP
|
||||
9mRau1lS7oxASrvI+jxqTHi9VIrEBN8UgcznWMX4lDlpELvKyffnyA2/TPPmZrSC
|
||||
fZzIaW4qoAmiOxTuWt+POGNvTtzL3ZazGc8xufjJAoGAbDCQGFIEo4DVOVEgI1sM
|
||||
rmK9sOBjHO1306HL/gKqJo/CVSwLpwjErCLr1w0LUGG8SRup3VyZSTJTh15F3Pfk
|
||||
+N6nVrhCTag6vF/E3/VTZ3BwgvOLT3XqUTprntQUPXA+Dk+Fdem4dgHvknRDwz99
|
||||
APZYdtb09hSETdUJmgd376g=
|
||||
-----END PRIVATE KEY-----
|
|
@ -1,50 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDrTCCApWgAwIBAgIUc/i8N6NKXyYTZNxOxlhOlCokIrEwDQYJKoZIhvcNAQEL
|
||||
BQAwZjEZMBcGA1UEAwwQVEVTVCBub19kaXN0cnVzdDEMMAoGA1UECwwDTlNTMRAw
|
||||
DgYDVQQLDAdNb3ppbGxhMQ0wCwYDVQQHDARURVNUMQ0wCwYDVQQIDARURVNUMQsw
|
||||
CQYDVQQGEwJERTAeFw0xOTA3MTYwNjMyNDJaFw0xOTA3MjYwNjMyNDJaMGYxGTAX
|
||||
BgNVBAMMEFRFU1Qgbm9fZGlzdHJ1c3QxDDAKBgNVBAsMA05TUzEQMA4GA1UECwwH
|
||||
TW96aWxsYTENMAsGA1UEBwwEVEVTVDENMAsGA1UECAwEVEVTVDELMAkGA1UEBhMC
|
||||
REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH97sxW2mi3JsqJFMG
|
||||
vSCMtsNd9ZBERj5AZDL21bjHk5gCl2jEQmamd0vUGV5aYAanMmU8r03YrqTVA36D
|
||||
/drl9WBze5iUUl1kfj1pCr0kx8/jVtqRoHlh+kdfiPIQmYpQQykIm+8Fgej9gkRG
|
||||
OrjTaXQLge0ExAIPIjkSOpMxtuuQL1iRrRR2VaGKLFouUJI62r3uH5oW5N4jKjxK
|
||||
BqZAtqw1wXe+eBdXLMKsZnnXzMW0PyRB50XftylIIUvCI4weDe/Ydx+E6/IRmqyQ
|
||||
uXl4xj8O6yX+eWxV09bzXpjbcKKZDsAhkSWyKx2j6fObCzsCmxhq1Fq4g6Bzd7pi
|
||||
KtYrAgMBAAGjUzBRMB0GA1UdDgQWBBS6DeOSnoCkc48Fv+pnHqM5P6G85jAfBgNV
|
||||
HSMEGDAWgBS6DeOSnoCkc48Fv+pnHqM5P6G85jAPBgNVHRMBAf8EBTADAQH/MA0G
|
||||
CSqGSIb3DQEBCwUAA4IBAQCp6OTs5jZt/WSir3212nab3GHWmHBSw5ECr8uq2APY
|
||||
Clso43lIo03MFr0GBYCSZ3aovdMU98+tHLSgA0wTJHlWCQpErsbXHP5e0y4dkiEZ
|
||||
6PoqohXynn6aAsAIC1euzM0iWhjbNKWDfIo1qPQVOHd/yhvB/7smjeAHhLCILr3p
|
||||
61crKHXSZpM01JtqSmoAzPCFL3ofMTZEytTybrVMWKGy2y6KJLQTzGQyeml3B7tE
|
||||
q3ssFTt8F3d+8h+aNzuQr68BC1Vu6JyHsfjBY0ZZMmYhl0fgsiIcGCPer00XqBR5
|
||||
UYjemnwqXAJADJXelA9/Deyrpecv4Iw4A/22Ew8B+54Y
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDH97sxW2mi3Jsq
|
||||
JFMGvSCMtsNd9ZBERj5AZDL21bjHk5gCl2jEQmamd0vUGV5aYAanMmU8r03YrqTV
|
||||
A36D/drl9WBze5iUUl1kfj1pCr0kx8/jVtqRoHlh+kdfiPIQmYpQQykIm+8Fgej9
|
||||
gkRGOrjTaXQLge0ExAIPIjkSOpMxtuuQL1iRrRR2VaGKLFouUJI62r3uH5oW5N4j
|
||||
KjxKBqZAtqw1wXe+eBdXLMKsZnnXzMW0PyRB50XftylIIUvCI4weDe/Ydx+E6/IR
|
||||
mqyQuXl4xj8O6yX+eWxV09bzXpjbcKKZDsAhkSWyKx2j6fObCzsCmxhq1Fq4g6Bz
|
||||
d7piKtYrAgMBAAECggEALCE4t3DEBEQJHii8Be2xBDzFKrQprVePH2i9conB6JFi
|
||||
55eAcGdy/eOv4VPj5a/xZ+6QNu89D8ei6ruFrR1VtJANRA8PohP3NllBti+/hCFw
|
||||
eGxPefnfL8cq/yNawF0SEBpyMMsw2ZdM0r1v0cvdxBIuoOeAZh/XkH1t+N7iYwLm
|
||||
Kbkfzp7qVPDxghavODEX2GnWptNONomglHj/DcQtpCJfff9SgqtG8j9M+YX2mzfb
|
||||
yoPy3scOvknfGqMlCtz5ilGHMXACq1JqzPfAz2FPVSB5ROHLQyt8PQQVfp8QSrkk
|
||||
4LTqR7Z0H5NRxj35sfJn1C1J/wFw3bkmy5CxgyCtwQKBgQDyYl3yIlm6U9i4c7b8
|
||||
3aNzsdDcbRYi+Dvvi59QVNqf03Fct+PP2ThBTbpw0TTsWh947PJli1JUnLamGpeO
|
||||
3ZUnpEFctXFWInX0ghsATc0zdxjWeX6VoIf+9tSqO5yCmqtZxslZUXTcvDi1XAK7
|
||||
1FPsrHvsiFzD2b3b930MpT7qoQKBgQDTM2N0NdJ1hQneOBp3wvrAlzRXxBYsaM83
|
||||
O32ek3ZFVAwpqNPt6w8PjcCRq0ej8w6v4EeR1Hqc4Mol0TnzTbIoYMB+eyqsGjTi
|
||||
7rL0Z9f+dDzGNlGssCplu72oHLF8TJq9aoh36wUMH8hc473M2ZCrjcUAudrWYEkc
|
||||
0GIr0hZ5SwKBgHi6XDbVu0Ger8y3/kYXE2n2AKU6RJNod1oKfnDhwv9mrwlSossN
|
||||
VALa92loGuc6wIBX7Sh866YvZJ55klHbtoZHPzMxQOF5Sq1d/Jr7JaFjyeBSJaXb
|
||||
jsGFKkocZQl8hqqx4+p0MzQbIFfdG5N439B73UHkbegzVWjx7bxVtm/hAoGBAMl5
|
||||
kVuP6JhRdKt3i9BJwZmt5LIBDkIJLfv7lYeMFtxmJEAtnRavESv+RwDviyUcvhsL
|
||||
clrsfpdfXZgb8xNmQBmCyr8d0gRh76e4nCDJW2STEFLqCJobaCaqpW9VB/+SuF8P
|
||||
3OXA3ozFWQc7/pkHx5nQYWmi4t909Oo25B/3h5bnAoGBAIzm30BPZpMLyGvPCFIJ
|
||||
O2Rycvb4bDUU0J8cAVnvsAP6POWBYD0H6rHioZnRz6V3ZBibg+jvzXBiRAqm4n2e
|
||||
yRduP/3m6a3BKhYyplZEV1cUCnnUvQtusWiv61E/mDnPGco3sljUfCbvo1h1Juuq
|
||||
io2guvIg0tE5WSQr9spqy+o8
|
||||
-----END PRIVATE KEY-----
|
|
@ -1,50 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDrTCCApWgAwIBAgIUOkTcnVQ/X6q4Jk8d+FpHNik6G7wwDQYJKoZIhvcNAQEL
|
||||
BQAwZjEZMBcGA1UEAwwQVEVTVCBva19kaXN0cnVzdDEMMAoGA1UECwwDTlNTMRAw
|
||||
DgYDVQQLDAdNb3ppbGxhMQ0wCwYDVQQHDARURVNUMQ0wCwYDVQQIDARURVNUMQsw
|
||||
CQYDVQQGEwJERTAeFw0xOTA3MTYwNjMyNDJaFw0xOTA3MjYwNjMyNDJaMGYxGTAX
|
||||
BgNVBAMMEFRFU1Qgb2tfZGlzdHJ1c3QxDDAKBgNVBAsMA05TUzEQMA4GA1UECwwH
|
||||
TW96aWxsYTENMAsGA1UEBwwEVEVTVDENMAsGA1UECAwEVEVTVDELMAkGA1UEBhMC
|
||||
REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6HnzYlULNHDPfZUww
|
||||
MR4UNSmO7wtoR/Guj/M21lSnHJeCzWmzn1Xg/ydVKA5qiO1hgjKzm8BqkO6AFlQB
|
||||
c8UU7838kLf4eM4SLo5xZeHUUbkWxhaoUYFHrJliJgojsKLuKcOGv+H/xE82++A7
|
||||
Yz7n829Yz7l121cNzrdPLZqguU6ocPS5lIONX7c2uf9/DN8b1sr80KcrR+XtVzcH
|
||||
0pCA/iu2WiRwtmwytf2yfvLyrxn0Z6k539lmLwWS//ABp6ptRh2dNZLm6cGE3eQK
|
||||
8fYxJBhD2U5LX1EeqyLMsAWZqQJCAnE539jEaI2QdOZ4pfbwn+vyS4Pyv9A8NPQS
|
||||
GUUVAgMBAAGjUzBRMB0GA1UdDgQWBBQcQKqQ289LAhNrGDmmDNfasnT8PTAfBgNV
|
||||
HSMEGDAWgBQcQKqQ289LAhNrGDmmDNfasnT8PTAPBgNVHRMBAf8EBTADAQH/MA0G
|
||||
CSqGSIb3DQEBCwUAA4IBAQAiIR6XulpG7kq6woQM8FzZHPRfM9wlPtEcT/HJrH8P
|
||||
nj5R120m56GF96wxib4JTy/0ffgOljIEiWsn7uM06KiZByF0DPyOnYaDbsgL8OKf
|
||||
QxW8n9VG0XNTHvMpXjyFQrhXZsMwEi9EO0IY1VP+H0ZjSwl0d/w91/ICtVec98JM
|
||||
+fypRpHjBCeXVc4UJvb4hz8VnlJOEKE6iWBAIwhFRenEWPvL5bqa3JgJC92xmILr
|
||||
bQPrm2qhijSmasCm7u9GOeeJZL2KDB2nSpFZOJhS989cMKxtMZz0P3Gunn0/oqDr
|
||||
cfDt8t+Nei1T2uq0FlQK8yBUKhfAPnwKuvj/tHho45ZF
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6HnzYlULNHDPf
|
||||
ZUwwMR4UNSmO7wtoR/Guj/M21lSnHJeCzWmzn1Xg/ydVKA5qiO1hgjKzm8BqkO6A
|
||||
FlQBc8UU7838kLf4eM4SLo5xZeHUUbkWxhaoUYFHrJliJgojsKLuKcOGv+H/xE82
|
||||
++A7Yz7n829Yz7l121cNzrdPLZqguU6ocPS5lIONX7c2uf9/DN8b1sr80KcrR+Xt
|
||||
VzcH0pCA/iu2WiRwtmwytf2yfvLyrxn0Z6k539lmLwWS//ABp6ptRh2dNZLm6cGE
|
||||
3eQK8fYxJBhD2U5LX1EeqyLMsAWZqQJCAnE539jEaI2QdOZ4pfbwn+vyS4Pyv9A8
|
||||
NPQSGUUVAgMBAAECggEATZbSIxQucgV01oeLOHfxeykidxTOY53CcixOjyjQx43S
|
||||
19O8YgZlrdOQ2R5GzEDi/QhjDJ88mvBqjPlB8g0KNw01iTnnh+0Ms2W3Oizn9TRQ
|
||||
fd78qRS5WWDp3JHRHknP0ouUmIM7uv1irKBaPUfFfLruS07lmO1koDvyDU8MrD1+
|
||||
Lr9i/7DOxpMFRTP4OBs4J22M1jdaVV7RM5/ZxHezSEJx8lpYvsBSHYYrViWx+TvL
|
||||
BQabnfntg4YbVoB+5f7kOA0f0a/WdF1q4yursLvPFb3F+w271s11PYnXp8G7Axe7
|
||||
ylcojRhvb1bque2WP7Wz3L0kCosxPkaH7W2RfHZX7QKBgQDgI7Xuo+2hnOkPZxNd
|
||||
EuA2+1gKmRnd9Gx+gBvSOxgy+bIirddWpUoSQE1cZiJu0ylERVBMXJzMi5uT1/nR
|
||||
OP9HVUY/pYDEtuHRHyF60sp8+qTiV0PxACuaYGmUSO22+p9yp0mfVNl+AkQlLbam
|
||||
pmQG3OWb7Zqpef7+v7fnccPwFwKBgQDUkz1OyUwB1Nx0GtzAiYuoVh0Oe2GM8tHI
|
||||
8kSXbFyXh5ly75Cm5gPR6dxLsLSOZxzGZMfXm13MFWVARQJgudFJFTtqRufJZcnS
|
||||
ie/OpY35eYqKqzYIwt+4U6biCLK3q77dH1Psgz0ghoH6DfDkl2eQDF9LLUxvrS5Q
|
||||
r36bBezjswKBgEAMFEWv1Ax1UOeU1aSn6yfq5HqKyyhwWrw/ETQerMiML0nXkQvy
|
||||
SVszwqdfjAFNF6Kph8t6P1f3oKo7cehGODQC+wLe4Q/VDmv6UE/Pggr6eDkxJHnu
|
||||
SYdge2ri+AJsVTmm8dO0pD1smlphWKsAKt8HKhlHaQV6ldHnqL5a9NlbAoGAK6zI
|
||||
xtwy4plyZeRzAJgB+qcetzAAXe4xzgCAuT/JUlTI4UV5SeEuXb2XxnFa13s1/UkN
|
||||
ii3guqKWt/q1v1vONR7Io1BIJSflrH0sqR94qQ4gudbtdiVbw8pkGkLBPV1rDJF4
|
||||
M7rPH1SjddXRbZXx8DWqio6XCsbhIjC8aWtxPWMCgYAClC2GhicT+Jiv5Y8gT/hc
|
||||
/DJjhQTtV1mMqek69XJ6Xsc6wEkFSXpUr8/3XoP8Sj/xrEluTJYgt/DTVbXAvLcv
|
||||
XCaERRdrpBHspFrD9lcOZRjS17QTVAzH8bt3+YidqvDnn/2Xch49hcUJTFEx7Km+
|
||||
r4Tw2QmALNeNDgRlkMJYCQ==
|
||||
-----END PRIVATE KEY-----
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
CORE_DEPTH = ../..
|
||||
|
||||
DIRS = builtins
|
||||
DIRS = builtins
|
||||
|
||||
PRIVATE_EXPORTS = \
|
||||
ck.h \
|
||||
|
|
|
@ -114,17 +114,6 @@ inline Result ExpectTagAndSkipValue(Reader& input, uint8_t tag) {
|
|||
return ExpectTagAndGetValue(input, tag, ignoredValue);
|
||||
}
|
||||
|
||||
// This skips IMPLICIT OPTIONAL tags that are "primitive" (not constructed),
|
||||
// given the number in the class of the tag (i.e. the number in the brackets in
|
||||
// `issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL`).
|
||||
inline Result SkipOptionalImplicitPrimitiveTag(Reader& input,
|
||||
uint8_t numberInClass) {
|
||||
if (input.Peek(CONTEXT_SPECIFIC | numberInClass)) {
|
||||
return ExpectTagAndSkipValue(input, CONTEXT_SPECIFIC | numberInClass);
|
||||
}
|
||||
return Success;
|
||||
}
|
||||
|
||||
// Like ExpectTagAndGetValue, except the output Input will contain the
|
||||
// encoded tag and length along with the value.
|
||||
inline Result ExpectTagAndGetTLV(Reader& input, uint8_t tag,
|
||||
|
|
|
@ -105,24 +105,29 @@ BackCert::Init()
|
|||
return rv;
|
||||
}
|
||||
|
||||
static const uint8_t CSC = der::CONTEXT_SPECIFIC | der::CONSTRUCTED;
|
||||
|
||||
// According to RFC 5280, all fields below this line are forbidden for
|
||||
// certificate versions less than v3. However, for compatibility reasons,
|
||||
// we parse v1/v2 certificates in the same way as v3 certificates. So if
|
||||
// these fields appear in a v1 certificate, they will be used.
|
||||
|
||||
// Ignore issuerUniqueID if present.
|
||||
rv = der::SkipOptionalImplicitPrimitiveTag(tbsCertificate, 1);
|
||||
if (rv != Success) {
|
||||
return rv;
|
||||
if (tbsCertificate.Peek(CSC | 1)) {
|
||||
rv = der::ExpectTagAndSkipValue(tbsCertificate, CSC | 1);
|
||||
if (rv != Success) {
|
||||
return rv;
|
||||
}
|
||||
}
|
||||
|
||||
// Ignore subjectUniqueID if present.
|
||||
rv = der::SkipOptionalImplicitPrimitiveTag(tbsCertificate, 2);
|
||||
if (rv != Success) {
|
||||
return rv;
|
||||
if (tbsCertificate.Peek(CSC | 2)) {
|
||||
rv = der::ExpectTagAndSkipValue(tbsCertificate, CSC | 2);
|
||||
if (rv != Success) {
|
||||
return rv;
|
||||
}
|
||||
}
|
||||
|
||||
static const uint8_t CSC = der::CONTEXT_SPECIFIC | der::CONSTRUCTED;
|
||||
rv = der::OptionalExtensions(
|
||||
tbsCertificate, CSC | 3,
|
||||
[this](Reader& extnID, const Input& extnValue, bool critical,
|
||||
|
|
|
@ -39,8 +39,8 @@ CERT_FreeDistNames;
|
|||
CERT_FreeNicknames;
|
||||
CERT_GetAVATag;
|
||||
CERT_GetCertEmailAddress;
|
||||
CERT_GetCertIssuerAndSN;
|
||||
CERT_GetCertNicknames;
|
||||
CERT_GetCertIssuerAndSN;
|
||||
CERT_GetCertTrust;
|
||||
CERT_GetCertUid;
|
||||
CERT_GetCommonName;
|
||||
|
|
|
@ -825,36 +825,6 @@ fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced
|
|||
cc->trust = trust;
|
||||
CERT_UnlockCertTrust(cc);
|
||||
}
|
||||
/* Read the distrust fields from a nssckbi/builtins certificate and
|
||||
* fill the fields in CERTCertificate structure when any valid date
|
||||
* is found. */
|
||||
if (PK11_IsReadOnly(cc->slot) && PK11_HasRootCerts(cc->slot)) {
|
||||
/* The values are hard-coded and readonly. Read just once. */
|
||||
if (cc->distrust == NULL) {
|
||||
CERTCertDistrust distrustModel;
|
||||
SECItem model = { siUTCTime, NULL, 0 };
|
||||
distrustModel.serverDistrustAfter = model;
|
||||
distrustModel.emailDistrustAfter = model;
|
||||
SECStatus rServer = PK11_ReadAttribute(
|
||||
cc->slot, cc->pkcs11ID, CKA_NSS_SERVER_DISTRUST_AFTER,
|
||||
cc->arena, &distrustModel.serverDistrustAfter);
|
||||
SECStatus rEmail = PK11_ReadAttribute(
|
||||
cc->slot, cc->pkcs11ID, CKA_NSS_EMAIL_DISTRUST_AFTER,
|
||||
cc->arena, &distrustModel.emailDistrustAfter);
|
||||
/* Only allocate the Distrust structure if a valid date is found.
|
||||
* The result length of a encoded valid timestamp is exactly 13 */
|
||||
const unsigned int kDistrustFieldSize = 13;
|
||||
if ((rServer == SECSuccess && rEmail == SECSuccess) &&
|
||||
(distrustModel.serverDistrustAfter.len == kDistrustFieldSize ||
|
||||
distrustModel.emailDistrustAfter.len == kDistrustFieldSize)) {
|
||||
CERTCertDistrust *tmpPtr = PORT_ArenaAlloc(
|
||||
cc->arena, sizeof(CERTCertDistrust));
|
||||
PORT_Memcpy(tmpPtr, &distrustModel,
|
||||
sizeof(CERTCertDistrust));
|
||||
cc->distrust = tmpPtr;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (instance) {
|
||||
nssCryptokiObject_Destroy(instance);
|
||||
|
|
|
@ -1605,67 +1605,6 @@ NSC_DecryptUpdate(CK_SESSION_HANDLE hSession,
|
|||
return CKR_OK;
|
||||
}
|
||||
|
||||
/* Fromssl3con.c: Constant-time helper macro that copies the MSB of x to all
|
||||
* other bits. */
|
||||
#define DUPLICATE_MSB_TO_ALL(x) ((unsigned int)((int)(x) >> (sizeof(int) * 8 - 1)))
|
||||
/* From ssl3con.c: SECStatusToMask returns, in constant time, a mask value of
|
||||
* all ones if rv == SECSuccess. Otherwise it returns zero. */
|
||||
static unsigned int
|
||||
SECStatusToMask(SECStatus rv)
|
||||
{
|
||||
unsigned int good;
|
||||
/* rv ^ SECSuccess is zero iff rv == SECSuccess. Subtracting one results
|
||||
* in the MSB being set to one iff it was zero before. */
|
||||
good = rv ^ SECSuccess;
|
||||
good--;
|
||||
return DUPLICATE_MSB_TO_ALL(good);
|
||||
}
|
||||
/* Constant-time helper macro that selects l or r depending on all-1 or all-0
|
||||
* mask m */
|
||||
#define CT_SEL(m, l, r) (((m) & (l)) | (~(m) & (r)))
|
||||
/* Constant-time helper macro that returns all-1s if x is not 0; and all-0s
|
||||
* otherwise. */
|
||||
#define CT_NOT_ZERO(x) (DUPLICATE_MSB_TO_ALL(((x) | (0 - x))))
|
||||
|
||||
/* sftk_CheckCBCPadding checks that the padding validity and return the pad length. */
|
||||
static CK_RV
|
||||
sftk_CheckCBCPadding(CK_BYTE_PTR pLastPart,
|
||||
unsigned int blockSize, unsigned int *outPadSize)
|
||||
{
|
||||
PORT_Assert(outPadSize);
|
||||
|
||||
unsigned int padSize = (unsigned int)pLastPart[blockSize - 1];
|
||||
|
||||
/* If padSize <= blockSize, set goodPad to all-1s and all-0s otherwise.*/
|
||||
unsigned int goodPad = DUPLICATE_MSB_TO_ALL(~(blockSize - padSize));
|
||||
/* padSize should not be 0 */
|
||||
goodPad &= CT_NOT_ZERO(padSize);
|
||||
|
||||
unsigned int i;
|
||||
for (i = 0; i < blockSize; i++) {
|
||||
/* If i < padSize, set loopMask to all-1s and all-0s otherwise.*/
|
||||
unsigned int loopMask = DUPLICATE_MSB_TO_ALL(~(padSize - 1 - i));
|
||||
/* Get the padding value (should be padSize) from buffer */
|
||||
unsigned int padVal = pLastPart[blockSize - 1 - i];
|
||||
/* Update goodPad only if i < padSize */
|
||||
goodPad &= CT_SEL(loopMask, ~(padVal ^ padSize), goodPad);
|
||||
}
|
||||
|
||||
/* If any of the final padding bytes had the wrong value, one or more
|
||||
* of the lower eight bits of |goodPad| will be cleared. We AND the
|
||||
* bottom 8 bits together and duplicate the result to all the bits. */
|
||||
goodPad &= goodPad >> 4;
|
||||
goodPad &= goodPad >> 2;
|
||||
goodPad &= goodPad >> 1;
|
||||
goodPad <<= sizeof(goodPad) * 8 - 1;
|
||||
goodPad = DUPLICATE_MSB_TO_ALL(goodPad);
|
||||
|
||||
/* Set outPadSize to padSize or 0 */
|
||||
*outPadSize = CT_SEL(goodPad, padSize, 0);
|
||||
/* Return OK if the pad is valid */
|
||||
return CT_SEL(goodPad, CKR_OK, CKR_ENCRYPTED_DATA_INVALID);
|
||||
}
|
||||
|
||||
/* NSC_DecryptFinal finishes a multiple-part decryption operation. */
|
||||
CK_RV
|
||||
NSC_DecryptFinal(CK_SESSION_HANDLE hSession,
|
||||
|
@ -1704,10 +1643,24 @@ NSC_DecryptFinal(CK_SESSION_HANDLE hSession,
|
|||
if (rv != SECSuccess) {
|
||||
crv = sftk_MapDecryptError(PORT_GetError());
|
||||
} else {
|
||||
unsigned int padSize = 0;
|
||||
crv = sftk_CheckCBCPadding(pLastPart, context->blockSize, &padSize);
|
||||
/* Update pulLastPartLen, in constant time, if crv is success */
|
||||
*pulLastPartLen = CT_SEL(SECStatusToMask(crv), outlen - padSize, *pulLastPartLen);
|
||||
unsigned int padSize =
|
||||
(unsigned int)pLastPart[context->blockSize - 1];
|
||||
if ((padSize > context->blockSize) || (padSize == 0)) {
|
||||
crv = CKR_ENCRYPTED_DATA_INVALID;
|
||||
} else {
|
||||
unsigned int i;
|
||||
unsigned int badPadding = 0; /* used as a boolean */
|
||||
for (i = 0; i < padSize; i++) {
|
||||
badPadding |=
|
||||
(unsigned int)pLastPart[context->blockSize - 1 - i] ^
|
||||
padSize;
|
||||
}
|
||||
if (badPadding) {
|
||||
crv = CKR_ENCRYPTED_DATA_INVALID;
|
||||
} else {
|
||||
*pulLastPartLen = outlen - padSize;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1769,9 +1722,21 @@ NSC_Decrypt(CK_SESSION_HANDLE hSession,
|
|||
/* XXX need to do MUCH better error mapping than this. */
|
||||
crv = (rv == SECSuccess) ? CKR_OK : sftk_MapDecryptError(PORT_GetError());
|
||||
if (rv == SECSuccess && context->doPad) {
|
||||
unsigned int padSize = 0;
|
||||
crv = sftk_CheckCBCPadding(pData, context->blockSize, &padSize);
|
||||
outlen -= padSize;
|
||||
unsigned int padding = pData[outlen - 1];
|
||||
if (padding > context->blockSize || !padding) {
|
||||
crv = CKR_ENCRYPTED_DATA_INVALID;
|
||||
} else {
|
||||
unsigned int i;
|
||||
unsigned int badPadding = 0; /* used as a boolean */
|
||||
for (i = 0; i < padding; i++) {
|
||||
badPadding |= (unsigned int)pData[outlen - 1 - i] ^ padding;
|
||||
}
|
||||
if (badPadding) {
|
||||
crv = CKR_ENCRYPTED_DATA_INVALID;
|
||||
} else {
|
||||
outlen -= padding;
|
||||
}
|
||||
}
|
||||
}
|
||||
sftk_TerminateOp(session, SFTK_DECRYPT, context);
|
||||
done:
|
||||
|
|
|
@ -159,7 +159,7 @@ static const CK_ATTRIBUTE_TYPE known_attributes[] = {
|
|||
CKA_TRUST_IPSEC_TUNNEL, CKA_TRUST_IPSEC_USER, CKA_TRUST_TIME_STAMPING,
|
||||
CKA_TRUST_STEP_UP_APPROVED, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH,
|
||||
CKA_NETSCAPE_DB, CKA_NETSCAPE_TRUST, CKA_NSS_OVERRIDE_EXTENSIONS,
|
||||
CKA_PUBLIC_KEY_INFO, CKA_NSS_SERVER_DISTRUST_AFTER, CKA_NSS_EMAIL_DISTRUST_AFTER
|
||||
CKA_PUBLIC_KEY_INFO
|
||||
};
|
||||
|
||||
static int known_attributes_size = sizeof(known_attributes) /
|
||||
|
|
|
@ -914,7 +914,7 @@ SECStatus
|
|||
tls13_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b, PRUint32 length)
|
||||
{
|
||||
if (ss->sec.isServer && ss->ssl3.hs.zeroRttIgnore != ssl_0rtt_ignore_none) {
|
||||
SSL_TRC(3, ("%d: TLS13[%d]: successfully decrypted handshake after "
|
||||
SSL_TRC(3, ("%d: TLS13[%d]: %s successfully decrypted handshake after"
|
||||
"failed 0-RTT",
|
||||
SSL_GETPID(), ss->fd));
|
||||
ss->ssl3.hs.zeroRttIgnore = ssl_0rtt_ignore_none;
|
||||
|
|
|
@ -94,8 +94,6 @@
|
|||
#define CKA_NSS_JPAKE_X2S (CKA_NSS + 33)
|
||||
|
||||
#define CKA_NSS_MOZILLA_CA_POLICY (CKA_NSS + 34)
|
||||
#define CKA_NSS_SERVER_DISTRUST_AFTER (CKA_NSS + 35)
|
||||
#define CKA_NSS_EMAIL_DISTRUST_AFTER (CKA_NSS + 36)
|
||||
|
||||
/*
|
||||
* Trust attributes:
|
||||
|
|
|
@ -218,7 +218,6 @@
|
|||
'gtests/softoken_gtest/softoken_gtest.gyp:softoken_gtest',
|
||||
'gtests/ssl_gtest/ssl_gtest.gyp:ssl_gtest',
|
||||
'gtests/util_gtest/util_gtest.gyp:util_gtest',
|
||||
'lib/ckfw/builtins/testlib/builtins-testlib.gyp:nssckbi-testlib',
|
||||
],
|
||||
'conditions': [
|
||||
[ 'OS=="linux"', {
|
||||
|
|
|
@ -50,7 +50,7 @@ cert_init()
|
|||
|
||||
LIBDIR="${DIST}/${OBJDIR}/lib"
|
||||
|
||||
ROOTCERTSFILE=`ls -1 ${LIBDIR}/*nssckbi.* | head -1`
|
||||
ROOTCERTSFILE=`ls -1 ${LIBDIR}/*nssckbi* | head -1`
|
||||
if [ ! "${ROOTCERTSFILE}" ] ; then
|
||||
html_failed "Looking for root certs module."
|
||||
cert_log "ERROR: Root certs module not found."
|
||||
|
|
Загрузка…
Ссылка в новой задаче